mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-04 04:06:26 +00:00
apparmor: domain: clean up duplicated parts of handle_onexec()
Regression test of AppArmor finished without any failures. PASSED: aa_exec access attach_disconnected at_secure introspect capabilities changeprofile onexec changehat changehat_fork changehat_misc chdir clone coredump deleted e2e environ exec exec_qual fchdir fd_inheritance fork i18n link link_subset mkdir mmap mount mult_mount named_pipe namespaces net_raw open openat pipe pivot_root posix_ipc ptrace pwrite query_label regex rename readdir rw socketpair swap sd_flags setattr symlink syscall sysv_ipc tcp unix_fd_server unix_socket_pathname unix_socket_abstract unix_socket_unnamed unix_socket_autobind unlink userns xattrs xattrs_profile longpath nfs exec_stack aa_policy_cache nnp stackonexec stackprofile FAILED: make: Leaving directory '/apparmor/tests/regression/apparmor' Signed-off-by: Leesoo Ahn <lsahn@ooseel.net> Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
parent
c030937306
commit
ab6875fbb9
@ -826,33 +826,19 @@ static struct aa_label *handle_onexec(const struct cred *subj_cred,
|
||||
AA_BUG(!bprm);
|
||||
AA_BUG(!buffer);
|
||||
|
||||
if (!stack) {
|
||||
error = fn_for_each_in_ns(label, profile,
|
||||
profile_onexec(subj_cred, profile, onexec, stack,
|
||||
bprm, buffer, cond, unsafe));
|
||||
if (error)
|
||||
return ERR_PTR(error);
|
||||
new = fn_label_build_in_ns(label, profile, GFP_KERNEL,
|
||||
aa_get_newest_label(onexec),
|
||||
profile_transition(subj_cred, profile, bprm,
|
||||
buffer,
|
||||
cond, unsafe));
|
||||
|
||||
} else {
|
||||
/* TODO: determine how much we want to loosen this */
|
||||
error = fn_for_each_in_ns(label, profile,
|
||||
profile_onexec(subj_cred, profile, onexec, stack, bprm,
|
||||
buffer, cond, unsafe));
|
||||
if (error)
|
||||
return ERR_PTR(error);
|
||||
new = fn_label_build_in_ns(label, profile, GFP_KERNEL,
|
||||
aa_label_merge(&profile->label, onexec,
|
||||
GFP_KERNEL),
|
||||
profile_transition(subj_cred, profile, bprm,
|
||||
buffer,
|
||||
cond, unsafe));
|
||||
}
|
||||
/* TODO: determine how much we want to loosen this */
|
||||
error = fn_for_each_in_ns(label, profile,
|
||||
profile_onexec(subj_cred, profile, onexec, stack,
|
||||
bprm, buffer, cond, unsafe));
|
||||
if (error)
|
||||
return ERR_PTR(error);
|
||||
|
||||
new = fn_label_build_in_ns(label, profile, GFP_KERNEL,
|
||||
stack ? aa_label_merge(&profile->label, onexec,
|
||||
GFP_KERNEL)
|
||||
: aa_get_newest_label(onexec),
|
||||
profile_transition(subj_cred, profile, bprm,
|
||||
buffer, cond, unsafe));
|
||||
if (new)
|
||||
return new;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user