Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

apparmor: switch signal mediation to use RULE_MEDIATES 

Currently signal mediation is using a hard coded form of the
RULE_MEDIATES check. This hides the intended semantics, and means this
specific check won't pickup any changes or improvements made in the
RULE_MEDIATES check. Switch to using RULE_MEDIATES().

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2023-01-29 02:13:56 -08:00
parent 46b9b994dd
commit 0bc8c6862f
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
security/apparmor/ipc.c
View File

@ -85,16 +85,16 @@ static int profile_signal_perm(const struct cred *cred,
struct aa_perms perms;
aa_state_t state;
if (profile_unconfined(profile) ||
!ANY_RULE_MEDIATES(&profile->rules, AA_CLASS_SIGNAL))
if (profile_unconfined(profile))
return 0;
ad->subj_cred = cred;
ad->peer = peer;
/* TODO: secondary cache check <profile, profile, perm> */
state = aa_dfa_next(rules->policy->dfa,
rules->policy->start[AA_CLASS_SIGNAL],
ad->signal);
state = RULE_MEDIATES(rules, AA_CLASS_SIGNAL);
if (!state)
return 0;
state = aa_dfa_next(rules->policy->dfa, state, ad->signal);
aa_label_match(profile, rules, peer, state, false, request, &perms);
aa_apply_modes_to_perms(profile, &perms);
return aa_check_perms(profile, &perms, request, ad, audit_signal_cb);