diff options
author | John Johansen <john.johansen@canonical.com> | 2017-06-09 02:28:19 -0700 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2017-06-10 17:11:33 -0700 |
commit | 5262ef60b1bcc40e17476fda53284621af9b0bab (patch) | |
tree | b734286630e135265a4ab3dd1fa47278d7344c0b /security | |
parent | 60285eb3e7c8827e00e2f2b54561a8cca07d802f (diff) |
apparmor: fix apparmor_query data
The data being queried isn't always the current profile and a lookup
relative to the current profile should be done.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/apparmorfs.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 4f4cd98d2b3b..818b70130bae 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -650,7 +650,7 @@ static ssize_t query_data(char *buf, size_t buf_len, { char *out; const char *key; - struct aa_profile *profile; + struct aa_profile *profile, *curr; struct aa_data *data; u32 bytes, blocks; __le32 outle32; @@ -667,7 +667,10 @@ static ssize_t query_data(char *buf, size_t buf_len, if (buf_len < sizeof(bytes) + sizeof(blocks)) return -EINVAL; /* not enough space */ - profile = aa_current_profile(); + curr = aa_current_profile(); + profile = aa_fqlookupn_profile(curr, query, strnlen(query, query_len)); + if (!profile) + return -ENOENT; /* We are going to leave space for two numbers. The first is the total * number of bytes we are writing after the first number. This is so @@ -696,6 +699,7 @@ static ssize_t query_data(char *buf, size_t buf_len, blocks++; } } + aa_put_profile(profile); outle32 = __cpu_to_le32(out - buf - sizeof(bytes)); memcpy(buf, &outle32, sizeof(outle32)); |