diff options
author | John Johansen <john.johansen@canonical.com> | 2012-02-16 06:20:33 -0800 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2012-03-14 06:15:25 -0700 |
commit | 57fa1e18091e66b7e1002816523cb218196a882e (patch) | |
tree | 29b4b3484fb17d60d7c6e24d107a74180ec815be /security/apparmor/file.c | |
parent | 0fe1212d0539eb6c1e27d388711172d786e299cc (diff) | |
download | op-kernel-dev-57fa1e18091e66b7e1002816523cb218196a882e.zip op-kernel-dev-57fa1e18091e66b7e1002816523cb218196a882e.tar.gz |
AppArmor: Move path failure information into aa_get_name and rename
Move the path name lookup failure messages into the main path name lookup
routine, as the information is useful in more than just aa_path_perm.
Also rename aa_get_name to aa_path_name as it is not getting a reference
counted object with a corresponding put fn.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>
Diffstat (limited to 'security/apparmor/file.c')
-rw-r--r-- | security/apparmor/file.c | 18 |
1 files changed, 7 insertions, 11 deletions
diff --git a/security/apparmor/file.c b/security/apparmor/file.c index bba875c..3022c0f 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -278,22 +278,16 @@ int aa_path_perm(int op, struct aa_profile *profile, struct path *path, int error; flags |= profile->path_flags | (S_ISDIR(cond->mode) ? PATH_IS_DIR : 0); - error = aa_get_name(path, flags, &buffer, &name); + error = aa_path_name(path, flags, &buffer, &name, &info); if (error) { if (error == -ENOENT && is_deleted(path->dentry)) { /* Access to open files that are deleted are * give a pass (implicit delegation) */ error = 0; + info = NULL; perms.allow = request; - } else if (error == -ENOENT) - info = "Failed name lookup - deleted entry"; - else if (error == -ESTALE) - info = "Failed name lookup - disconnected path"; - else if (error == -ENAMETOOLONG) - info = "Failed name lookup - name too long"; - else - info = "Failed name lookup"; + } } else { aa_str_perms(profile->file.dfa, profile->file.start, name, cond, &perms); @@ -364,12 +358,14 @@ int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, lperms = nullperms; /* buffer freed below, lname is pointer in buffer */ - error = aa_get_name(&link, profile->path_flags, &buffer, &lname); + error = aa_path_name(&link, profile->path_flags, &buffer, &lname, + &info); if (error) goto audit; /* buffer2 freed below, tname is pointer in buffer2 */ - error = aa_get_name(&target, profile->path_flags, &buffer2, &tname); + error = aa_path_name(&target, profile->path_flags, &buffer2, &tname, + &info); if (error) goto audit; |