admin/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2025-12-07 20:06:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

apparmor: add a default null dfa

Browse Source 
Instead of testing whether a given dfa exists in every code path, have
a default null dfa that is used when loaded policy doesn't provide a
dfa.

This will let us get rid of special casing and avoid dereference bugs
when special casing is missed.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2017-01-16 00:42:42 -08:00
parent 6604d4c1c1
commit 11c236b89d
6 changed files with 46 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
security/apparmor/lsm.c
View File

@@ -878,6 +878,12 @@ static int __init apparmor_init(void)
return 0;
}
error = aa_setup_dfa_engine();
if (error) {
AA_ERROR("Unable to setup dfa engine\n");
goto alloc_out;
}
error = aa_alloc_root_ns();
if (error) {
AA_ERROR("Unable to allocate default profile namespace\n");
@@ -905,6 +911,7 @@ static int __init apparmor_init(void)
alloc_out:
aa_destroy_aafs();
aa_teardown_dfa_engine();
apparmor_enabled = 0;
return error;