[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <30faaa83-bdb3-69b8-1fa9-7c1f4f011045@canonical.com>
Date: Wed, 5 Jul 2023 11:02:26 -0700
From: John Johansen <john.johansen@...onical.com>
To: Minjie Du <duminjie@...o.com>, Paul Moore <paul@...l-moore.com>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Nick Terrell <terrelln@...com>,
"moderated list:APPARMOR SECURITY MODULE" <apparmor@...ts.ubuntu.com>,
"open list:SECURITY SUBSYSTEM"
<linux-security-module@...r.kernel.org>,
open list <linux-kernel@...r.kernel.org>
Cc: opensource.kernel@...o.com
Subject: Re: [PATCH v1] security: remove duplicate logical judgments in return
On 7/4/23 01:56, Minjie Du wrote:
> Fix: delate duplicate logical judgments:
> aa_unpack_u32(e, &perm->allow, NULL);
> Please check this. Thank you!
>
> Signed-off-by: Minjie Du <duminjie@...o.com>
NAK, it is a bug but not in a way that we can do this, which will break the unpack. The first entry is reserved, and for the moment should be skipped. Double loading to
&perm->allow, effectively does that but was not what was intended either. There is a patch coming that loads the first entry to a tmp variable and does a check that it is 0.
> ---
> security/apparmor/policy_unpack.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
> index 694fb7a09..2069adf0a 100644
> --- a/security/apparmor/policy_unpack.c
> +++ b/security/apparmor/policy_unpack.c
> @@ -646,7 +646,6 @@ static bool unpack_perm(struct aa_ext *e, u32 version, struct aa_perms *perm)
> return false;
>
> return aa_unpack_u32(e, &perm->allow, NULL) &&
> - aa_unpack_u32(e, &perm->allow, NULL) &&
> aa_unpack_u32(e, &perm->deny, NULL) &&
> aa_unpack_u32(e, &perm->subtree, NULL) &&
> aa_unpack_u32(e, &perm->cond, NULL) &&
Powered by blists - more mailing lists