summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--security/apparmor/policy.c13
-rw-r--r--security/apparmor/policy_unpack.c26
2 files changed, 35 insertions, 4 deletions
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index a8fcc7291a75..b38f7b2a5e1d 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -589,7 +589,15 @@ struct aa_profile *aa_alloc_null(struct aa_profile *parent, const char *name,
profile->label.flags |= FLAG_NULL;
rules = list_first_entry(&profile->rules, typeof(*rules), list);
rules->file.dfa = aa_get_dfa(nulldfa);
+ rules->file.perms = kcalloc(2, sizeof(struct aa_perms), GFP_KERNEL);
+ if (!rules->file.perms)
+ goto fail;
+ rules->file.size = 2;
rules->policy.dfa = aa_get_dfa(nulldfa);
+ rules->policy.perms = kcalloc(2, sizeof(struct aa_perms), GFP_KERNEL);
+ if (!rules->policy.perms)
+ goto fail;
+ rules->policy.size = 2;
if (parent) {
profile->path_flags = parent->path_flags;
@@ -600,6 +608,11 @@ struct aa_profile *aa_alloc_null(struct aa_profile *parent, const char *name,
}
return profile;
+
+fail:
+ aa_free_profile(profile);
+
+ return NULL;
}
/**
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 2a50d3237ee6..f171f8a8ebd5 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -982,9 +982,14 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
goto fail;
}
}
- } else
+ } else {
rules->policy.dfa = aa_get_dfa(nulldfa);
-
+ rules->policy.perms = kcalloc(2, sizeof(struct aa_perms),
+ GFP_KERNEL);
+ if (!rules->policy.perms)
+ goto fail;
+ rules->policy.size = 2;
+ }
/* get file rules */
error = unpack_pdb(e, &rules->file, false, true, &info);
if (error) {
@@ -1001,9 +1006,22 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
rules->policy.start[AA_CLASS_FILE]) {
rules->file.dfa = aa_get_dfa(rules->policy.dfa);
rules->file.start[AA_CLASS_FILE] = rules->policy.start[AA_CLASS_FILE];
- } else
+ rules->file.perms = kcalloc(rules->policy.size,
+ sizeof(struct aa_perms),
+ GFP_KERNEL);
+ if (!rules->file.perms)
+ goto fail;
+ memcpy(rules->file.perms, rules->policy.perms,
+ rules->policy.size * sizeof(struct aa_perms));
+ rules->file.size = rules->policy.size;
+ } else {
rules->file.dfa = aa_get_dfa(nulldfa);
-
+ rules->file.perms = kcalloc(2, sizeof(struct aa_perms),
+ GFP_KERNEL);
+ if (!rules->file.perms)
+ goto fail;
+ rules->file.size = 2;
+ }
error = -EPROTO;
if (aa_unpack_nameX(e, AA_STRUCT, "data")) {
info = "out of memory";