Doug / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 999b4f0aa2314b76857775334cb94bafa053db64

Authored by John Johansen
Committed by James Morris
1 parent 04ccd53f09
Exists in master and in 7 other branches imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-l5.0.0_1.0.0-ga

AppArmor: Fix locking from removal of profile namespace 

The locking for profile namespace removal is wrong, when removing a
profile namespace, it needs to be removed from its parent's list.
Lock the parent of namespace list instead of the namespace being removed.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>

Showing 1 changed file with 4 additions and 2 deletions Side-by-side Diff

security/apparmor/policy.c
Diff comments   View file @ 999b4f0
... ... @@ -1151,12 +1151,14 @@
1151 1151 /* released below */
1152 1152 ns = aa_get_namespace(root);
1153 1153  
1154   - write_lock(&ns->lock);
1155 1154 if (!name) {
1156 1155 /* remove namespace - can only happen if fqname[0] == ':' */
  1156 + write_lock(&ns->parent->lock);
1157 1157 __remove_namespace(ns);
  1158 + write_unlock(&ns->parent->lock);
1158 1159 } else {
1159 1160 /* remove profile */
  1161 + write_lock(&ns->lock);
1160 1162 profile = aa_get_profile(__lookup_profile(&ns->base, name));
1161 1163 if (!profile) {
1162 1164 error = -ENOENT;
1163 1165  
... ... @@ -1165,8 +1167,8 @@
1165 1167 }
1166 1168 name = profile->base.hname;
1167 1169 __remove_profile(profile);
  1170 + write_unlock(&ns->lock);
1168 1171 }
1169   - write_unlock(&ns->lock);
1170 1172  
1171 1173 /* don't fail removal if audit fails */
1172 1174 (void) audit_policy(OP_PROF_RM, GFP_KERNEL, name, info, error);