tmakin/tegra-linux-noble
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

UBUNTU: SAUCE: apparmor4.0.0 [76/90]: apparmor: switch signal mediation to using RULE_MEDIATES

Browse Source 
BugLink: http://bugs.launchpad.net/bugs/2028253

Currently signal mediation is using a hard coded form of the
RULE_MEDIATES check. This means it won't atomatically pickup any
changes or improvements in the check. Switch to using RULE_MEDIATES.

Signed-off-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit dfef56d8135636988a8a3bfc98d3887446993993
https://git.launchpad.net/~apparmor-dev/ubuntu-kernel-next)
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
This commit is contained in:
John Johansen
2023-01-29 02:13:56 -08:00
committed by Paolo Pisati
parent f71ac63249
commit f601221913
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
security/apparmor/ipc.c
+5 -5
View File
@@ -88,16 +88,16 @@ static int profile_signal_perm(const struct cred *cred,
struct aa_perms perms;
aa_state_t state;
if (profile_unconfined(profile) ||
!ANY_RULE_MEDIATES(&profile->rules, AA_CLASS_SIGNAL))
if (profile_unconfined(profile))
return 0;
ad->subj_cred = cred;
ad->peer = peer;
/* TODO: secondary cache check <profile, profile, perm> */
state = aa_dfa_next(rules->policy->dfa,
rules->policy->start[AA_CLASS_SIGNAL],
ad->signal);
state = RULE_MEDIATES(rules, AA_CLASS_SIGNAL);
if (!state)
return 0;
state = aa_dfa_next(rules->policy->dfa, state, ad->signal);
aa_label_match(profile, rules, peer, state, false, request, &perms);
aa_apply_modes_to_perms(profile, &perms);
return aa_check_perms(profile, &perms, request, ad, audit_signal_cb);