diff options
| author | Mike Salvatore <mike.salvatore@canonical.com> | 2020-05-31 16:52:06 +0200 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2022-10-03 23:49:02 +0200 |
| commit | b5b57993504f91785fa70e002e5e494fb549726e (patch) | |
| tree | 3d3a6cc40d0949486554351e6889ed5fc594fb98 /security/apparmor/domain.c | |
| parent | apparmor: compute file permissions on profile load (diff) | |
| download | linux-b5b57993504f91785fa70e002e5e494fb549726e.tar.xz linux-b5b57993504f91785fa70e002e5e494fb549726e.zip | |
apparmor: compute xmatch permissions on profile load
Rather than computing xmatch permissions each time access is requested,
these permissions can be computed once on profile load and stored for
lookup.
Signed-off-by: Mike Salvatore <mike.salvatore@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/domain.c')
| -rw-r--r-- | security/apparmor/domain.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 2c99edd8953a..22351b6d71e6 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -339,7 +339,7 @@ static int aa_xattrs_match(const struct linux_binprm *bprm, /* Check xattr value */ state = aa_dfa_match_len(profile->xmatch, state, value, size); - perm = dfa_user_allow(profile->xmatch, state); + perm = profile->xmatch_perms[state]; if (!(perm & MAY_EXEC)) { ret = -EINVAL; goto out; @@ -419,7 +419,7 @@ restart: state = aa_dfa_leftmatch(profile->xmatch, DFA_START, name, &count); - perm = dfa_user_allow(profile->xmatch, state); + perm = profile->xmatch_perms[state]; /* any accepting state means a valid match. */ if (perm & MAY_EXEC) { int ret = 0; |