summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-06-09 02:28:19 -0700
committerJohn Johansen <john.johansen@canonical.com>2017-06-10 17:11:33 -0700
commit5262ef60b1bcc40e17476fda53284621af9b0bab (patch)
treeb734286630e135265a4ab3dd1fa47278d7344c0b /security
parent60285eb3e7c8827e00e2f2b54561a8cca07d802f (diff)
apparmor: fix apparmor_query data
The data being queried isn't always the current profile and a lookup relative to the current profile should be done. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/apparmorfs.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 4f4cd98d2b3b..818b70130bae 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -650,7 +650,7 @@ static ssize_t query_data(char *buf, size_t buf_len,
{
char *out;
const char *key;
- struct aa_profile *profile;
+ struct aa_profile *profile, *curr;
struct aa_data *data;
u32 bytes, blocks;
__le32 outle32;
@@ -667,7 +667,10 @@ static ssize_t query_data(char *buf, size_t buf_len,
if (buf_len < sizeof(bytes) + sizeof(blocks))
return -EINVAL; /* not enough space */
- profile = aa_current_profile();
+ curr = aa_current_profile();
+ profile = aa_fqlookupn_profile(curr, query, strnlen(query, query_len));
+ if (!profile)
+ return -ENOENT;
/* We are going to leave space for two numbers. The first is the total
* number of bytes we are writing after the first number. This is so
@@ -696,6 +699,7 @@ static ssize_t query_data(char *buf, size_t buf_len,
blocks++;
}
}
+ aa_put_profile(profile);
outle32 = __cpu_to_le32(out - buf - sizeof(bytes));
memcpy(buf, &outle32, sizeof(outle32));