https://github.com/torvalds/linux
Revision cbb13e12a5d3ecef400716ea7d12a9268b0f37ca authored by John Johansen on 15 February 2023, 04:21:17 UTC, committed by John Johansen on 15 February 2023, 19:24:38 UTC
This fixes a regression in mediation of getattr when old policy built
under an older ABI is loaded and mapped to internal permissions.
The regression does not occur for all getattr permission requests,
only appearing if state zero is the final state in the permission
lookup. This is because despite the first state (index 0) being
guaranteed to not have permissions in both newer and older permission
formats, it may have to carry permissions that were not mediated as
part of an older policy. These backward compat permissions are
mapped here to avoid special casing the mediation code paths.
Since the mapping code already takes into account backwards compat
permission from older formats it can be applied to state 0 to fix
the regression.
Fixes: 408d53e923bd ("apparmor: compute file permissions on profile load")
Reported-by: Philip Meulengracht <the_meulengracht@hotmail.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
1 parent e1c0451
Tip revision: cbb13e12a5d3ecef400716ea7d12a9268b0f37ca authored by John Johansen on 15 February 2023, 04:21:17 UTC
apparmor: Fix regression in compat permissions for getattr
apparmor: Fix regression in compat permissions for getattr
Tip revision: cbb13e1
| File | Mode | Size |
|---|---|---|
| Documentation | ||
| LICENSES | ||
| arch | ||
| block | ||
| certs | ||
| crypto | ||
| drivers | ||
| fs | ||
| include | ||
| init | ||
| io_uring | ||
| ipc | ||
| kernel | ||
| lib | ||
| mm | ||
| net | ||
| rust | ||
| samples | ||
| scripts | ||
| security | ||
| sound | ||
| tools | ||
| usr | ||
| virt | ||
| .clang-format | -rw-r--r-- | 20.0 KB |
| .cocciconfig | -rw-r--r-- | 59 bytes |
| .get_maintainer.ignore | -rw-r--r-- | 151 bytes |
| .gitattributes | -rw-r--r-- | 62 bytes |
| .gitignore | -rw-r--r-- | 2.0 KB |
| .mailmap | -rw-r--r-- | 25.1 KB |
| .rustfmt.toml | -rw-r--r-- | 369 bytes |
| COPYING | -rw-r--r-- | 496 bytes |
| CREDITS | -rw-r--r-- | 99.7 KB |
| Kbuild | -rw-r--r-- | 2.5 KB |
| Kconfig | -rw-r--r-- | 555 bytes |
| MAINTAINERS | -rw-r--r-- | 682.1 KB |
| Makefile | -rw-r--r-- | 70.2 KB |
| README | -rw-r--r-- | 727 bytes |
Computing file changes ...
