diff options
author | William Hua <william.hua@canonical.com> | 2017-01-16 03:49:28 +0300 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2017-01-16 12:18:51 +0300 |
commit | e025be0f26d5597b0a2bdfa65145a0171e77b614 (patch) | |
tree | 0f9300ae3893d6af776466d12fe22a739d01d75d /security/apparmor/policy.c | |
parent | 12eb87d50bfe234c3f964e9fb47bbd0135010c13 (diff) | |
download | linux-e025be0f26d5597b0a2bdfa65145a0171e77b614.tar.xz |
apparmor: support querying extended trusted helper extra data
Allow a profile to carry extra data that can be queried via userspace.
This provides a means to store extra data in a profile that a trusted
helper can extract and use from live policy.
Signed-off-by: William Hua <william.hua@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/policy.c')
-rw-r--r-- | security/apparmor/policy.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index bc63cf7b606a..f2c4bb26b060 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -195,6 +195,20 @@ void aa_free_proxy_kref(struct kref *kref) } /** + * aa_free_data - free a data blob + * @ptr: data to free + * @arg: unused + */ +static void aa_free_data(void *ptr, void *arg) +{ + struct aa_data *data = ptr; + + kzfree(data->data); + kzfree(data->key); + kzfree(data); +} + +/** * aa_free_profile - free a profile * @profile: the profile to free (MAYBE NULL) * @@ -206,6 +220,8 @@ void aa_free_proxy_kref(struct kref *kref) */ void aa_free_profile(struct aa_profile *profile) { + struct rhashtable *rht; + AA_DEBUG("%s(%p)\n", __func__, profile); if (!profile) @@ -227,6 +243,13 @@ void aa_free_profile(struct aa_profile *profile) aa_put_dfa(profile->policy.dfa); aa_put_proxy(profile->proxy); + if (profile->data) { + rht = profile->data; + profile->data = NULL; + rhashtable_free_and_destroy(rht, aa_free_data, NULL); + kzfree(rht); + } + kzfree(profile->hash); aa_put_loaddata(profile->rawdata); kzfree(profile); |