TononixOS/ubports_kernel_google_msm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

UBUNTU: SAUCE: (no-up) apparmor: fix refcount bug in apparmor pivotroot

Browse Source 
This is a fix to code that is not upstream.

When the pivotroot check was refactored into the callback fn, putting
of the target fn was not pushed down because target was referenced in
by audit_log in the error path. However target will never be set in
the cases when audit_log is called from the error path.

So instead of passing target the target value back out of profile_pivotroot
push putting the target reference down as it is not needed in aa_pivotroot.

BugLink: http://bugs.launchpad.net/bugs/1308765

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
This commit is contained in:
John Johansen
2014-05-15 07:34:23 -07:00
committed by Tim Gardner
parent d66987475b
commit 1b8dd160bb
1 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
security/apparmor/mount.c
View File

@@ -610,8 +610,9 @@ out:
} }
static int profile_pivotroot(struct aa_profile *profile, const char *new_name, static int profile_pivotroot(struct aa_profile *profile, const char *new_name,
const char *old_name, struct aa_profile *target) const char *old_name)
{ {
struct aa_profile *target = NULL;
struct file_perms perms = { }; struct file_perms perms = { };
const char *info = NULL; const char *info = NULL;
int error = -EACCES; int error = -EACCES;
@@ -634,23 +635,25 @@ static int profile_pivotroot(struct aa_profile *profile, const char *new_name,
if (!target) if (!target)
error = -ENOENT; error = -ENOENT;
else else
error = aa_replace_current_label(&target->label); error = aa_replace_current_label(&target->label);
} else } else
error = 0; error = 0;
} }
} }
return audit_mount(profile, OP_PIVOTROOT, new_name, old_name, error = audit_mount(profile, OP_PIVOTROOT, new_name, old_name,
NULL, target ? target->base.name : NULL, NULL, target ? target->base.name : NULL,
0, NULL, AA_MAY_PIVOTROOT, &perms, info, 0, NULL, AA_MAY_PIVOTROOT, &perms, info,
error); error);
aa_put_profile(target);
return error;
} }
int aa_pivotroot(struct aa_label *label, struct path *old_path, int aa_pivotroot(struct aa_label *label, struct path *old_path,
struct path *new_path) struct path *new_path)
{ {
struct aa_profile *profile; struct aa_profile *profile;
struct aa_profile *target = NULL;
char *old_buffer = NULL, *new_buffer = NULL; char *old_buffer = NULL, *new_buffer = NULL;
const char *old_name, *new_name = NULL, *info = NULL; const char *old_name, *new_name = NULL, *info = NULL;
int error; int error;
@@ -669,9 +672,8 @@ int aa_pivotroot(struct aa_label *label, struct path *old_path,
goto error; goto error;
error = fn_for_each(label, profile, error = fn_for_each(label, profile,
profile_pivotroot(profile, new_name, old_name, target)); profile_pivotroot(profile, new_name, old_name));
out: out:
aa_put_profile(target);
put_buffers(old_buffer, new_buffer); put_buffers(old_buffer, new_buffer);
return error; return error;
@@ -679,7 +681,7 @@ out:
error: error:
error = fn_for_each(label, profile, error = fn_for_each(label, profile,
audit_mount(profile, OP_PIVOTROOT, new_name, old_name, audit_mount(profile, OP_PIVOTROOT, new_name, old_name,
NULL, target ? target->base.name : NULL, NULL, NULL,
0, NULL, AA_MAY_PIVOTROOT, &nullperms, info, 0, NULL, AA_MAY_PIVOTROOT, &nullperms, info,
error)); error));
goto out; goto out;