summaryrefslogtreecommitdiff
path: root/security/apparmor/policy.c
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-12-13 02:28:05 +0300
committerJohn Johansen <john.johansen@canonical.com>2018-02-09 22:30:02 +0300
commit73f488cd903938e78979d50e081a0314ad142351 (patch)
treee50e4e5198006f8c6d43a369a45f08dfd3b7a4ba /security/apparmor/policy.c
parent8e51f9087f4024d20f70f4d9831e1f45d8088331 (diff)
downloadlinux-73f488cd903938e78979d50e081a0314ad142351.tar.xz
apparmor: convert attaching profiles via xattrs to use dfa matching
This converts profile attachment based on xattrs to a fixed extended conditional using dfa matching. This has a couple of advantages - pattern matching can be used for the xattr match - xattrs can be optional for an attachment or marked as required - the xattr attachment conditional will be able to be combined with other extended conditionals when the flexible extended conditional work lands. The xattr fixed extended conditional is appended to the xmatch conditional. If an xattr attachment is specified the profile xmatch will be generated regardless of whether there is a pattern match on the executable name. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
Diffstat (limited to 'security/apparmor/policy.c')
-rw-r--r--security/apparmor/policy.c6
1 files changed, 1 insertions, 5 deletions
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 7fee546ba10d..c07493ce2376 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -228,13 +228,9 @@ void aa_free_profile(struct aa_profile *profile)
aa_free_cap_rules(&profile->caps);
aa_free_rlimit_rules(&profile->rlimits);
- for (i = 0; i < profile->xattr_count; i++) {
+ for (i = 0; i < profile->xattr_count; i++)
kzfree(profile->xattrs[i]);
- kzfree(profile->xattr_values[i]);
- }
kzfree(profile->xattrs);
- kzfree(profile->xattr_lens);
- kzfree(profile->xattr_values);
kzfree(profile->dirname);
aa_put_dfa(profile->xmatch);
aa_put_dfa(profile->policy.dfa);