leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

apparmor: make computing policy hashes conditional on kernel parameter

Browse Source 
Allow turning off the computation of the policy hashes via the
apparmor.hash_policy kernel parameter.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2017-01-16 00:43:07 -08:00
parent aa9a39ad8f
commit 31f75bfecd
2 changed files with 33 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
security/apparmor/policy_unpack.c
View File

@@ -825,7 +825,8 @@ int aa_unpack(struct aa_loaddata *udata, struct list_head *lh,
if (error)
goto fail_profile;
error = aa_calc_profile_hash(profile, e.version, start,
if (aa_g_hash_policy)
error = aa_calc_profile_hash(profile, e.version, start,
e.pos - start);
if (error)
goto fail_profile;
@@ -841,11 +842,13 @@ int aa_unpack(struct aa_loaddata *udata, struct list_head *lh,
list_add_tail(&ent->list, lh);
}
udata->abi = e.version & K_ABI_MASK;
udata->hash = aa_calc_hash(udata->data, udata->size);
if (IS_ERR(udata->hash)) {
error = PTR_ERR(udata->hash);
udata->hash = NULL;
goto fail;
if (aa_g_hash_policy) {
udata->hash = aa_calc_hash(udata->data, udata->size);
if (IS_ERR(udata->hash)) {
error = PTR_ERR(udata->hash);
udata->hash = NULL;
goto fail;
}
}
return 0;