archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 01:24:47 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

apparmor: remove apply_modes_to_perms from label_match

Browse source 
The modes shouldn't be applied at the point of label match, it just
results in them being applied multiple times. Instead they should be
applied after which is already being done by all callers so it can
just be dropped from label_match.

Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2025-11-14 00:14:36 -08:00
parent 9f79b1cee9
commit b2e27be294
1 changed files with 0 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
security/apparmor/label.c
View file

@ -1317,7 +1317,6 @@ next:
goto fail;
}
*perms = *aa_lookup_perms(rules->policy, state);
aa_apply_modes_to_perms(profile, perms);
if ((perms->allow & request) != request)
return -EACCES;
@ -1370,7 +1369,6 @@ static int label_components_match(struct aa_profile *profile,
next:
tmp = *aa_lookup_perms(rules->policy, state);
aa_apply_modes_to_perms(profile, &tmp);
aa_perms_accum(perms, &tmp);
label_for_each_cont(i, label, tp) {
if (!aa_ns_visible(profile->ns, tp->ns, subns))
@ -1379,7 +1377,6 @@ next:
if (!state)
goto fail;
tmp = *aa_lookup_perms(rules->policy, state);
aa_apply_modes_to_perms(profile, &tmp);
aa_perms_accum(perms, &tmp);
}