redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/security/apparmor
History
John Johansen c037bd6158 apparmor: remove no-op permission check in policy_unpack 
The patch 736ec752d95e: "AppArmor: policy routines for loading and
unpacking policy" from Jul 29, 2010, leads to the following static
checker warning:

    security/apparmor/policy_unpack.c:410 verify_accept()
    warn: bitwise AND condition is false here

    security/apparmor/policy_unpack.c:413 verify_accept()
    warn: bitwise AND condition is false here

security/apparmor/policy_unpack.c
   392  #define DFA_VALID_PERM_MASK             0xffffffff
   393  #define DFA_VALID_PERM2_MASK            0xffffffff
   394
   395  /**
   396   * verify_accept - verify the accept tables of a dfa
   397   * @dfa: dfa to verify accept tables of (NOT NULL)
   398   * @flags: flags governing dfa
   399   *
   400   * Returns: 1 if valid accept tables else 0 if error
   401   */
   402  static bool verify_accept(struct aa_dfa *dfa, int flags)
   403  {
   404          int i;
   405
   406          /* verify accept permissions */
   407          for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) {
   408                  int mode = ACCEPT_TABLE(dfa)[i];
   409
   410                  if (mode & ~DFA_VALID_PERM_MASK)
   411                          return 0;
   412
   413                  if (ACCEPT_TABLE2(dfa)[i] & ~DFA_VALID_PERM2_MASK)
   414                          return 0;

fixes: 736ec752d9 ("AppArmor: policy routines for loading and unpacking policy")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
 		2018-08-22 18:44:42 -07:00
..
include apparmor: Check buffer bounds when mapping permissions mask 2018-07-19 16:24:43 -07:00
.gitignore apparmor: add base infastructure for socket mediation 2018-03-13 17:25:48 -07:00
Kconfig apparmor: add debug assert AA_BUG and Kconfig to control debug info 2017-01-16 01:18:24 -08:00
Makefile apparmor: add base infastructure for socket mediation 2018-03-13 17:25:48 -07:00
apparmorfs.c apparmor: Fully initialize aa_perms struct when answering userspace query 2018-07-19 16:29:13 -07:00
audit.c apparmor: Fix memory leak of rule on error exit path 2018-06-07 01:50:48 -07:00
capability.c apparmor: move context.h to cred.h 2018-02-09 11:30:01 -08:00
crypto.c apparmor: use SHASH_DESC_ON_STACK 2017-04-07 08:58:35 +10:00
domain.c apparmor: Fix failure to audit context info in build_change_hat 2018-07-20 03:25:25 -07:00
file.c apparmor: Check buffer bounds when mapping permissions mask 2018-07-19 16:24:43 -07:00
ipc.c apparmor: move context.h to cred.h 2018-02-09 11:30:01 -08:00
label.c apparmor: fixup secid map conversion to using IDR 2018-06-07 01:50:49 -07:00
lib.c apparmor: Check buffer bounds when mapping permissions mask 2018-07-19 16:24:43 -07:00
lsm.c apparmor: fix ptrace read check 2018-06-07 01:51:02 -07:00
match.c apparmor: fix typo "traverse" 2018-05-03 00:50:12 -07:00
mount.c apparmor: fix typo "independent" 2018-05-03 00:50:30 -07:00
net.c apparmor: add base infastructure for socket mediation 2018-03-13 17:25:48 -07:00
nulldfa.in apparmor: cleanup add proper line wrapping to nulldfa.in 2018-02-09 11:30:01 -08:00
path.c apparmor: Move path lookup to using preallocated buffers 2017-06-08 11:29:34 -07:00
policy.c apparmor: fix memory leak when deduping profile load 2018-06-07 01:51:01 -07:00
policy_ns.c apparmor: fix an error code in __aa_create_ns() 2018-08-21 16:24:56 -07:00
policy_unpack.c apparmor: remove no-op permission check in policy_unpack 2018-08-22 18:44:42 -07:00
procattr.c apparmor: move context.h to cred.h 2018-02-09 11:30:01 -08:00
resource.c apparmor: fix mediation of prlimit 2018-06-07 01:51:01 -07:00
secid.c apparmor: fixup secid map conversion to using IDR 2018-06-07 01:50:49 -07:00
stacksplitdfa.in apparmor: use the dfa to do label parse string splitting 2018-02-09 11:30:01 -08:00
task.c apparmor: update domain transitions that are subsets of confinement at nnp 2018-02-09 11:30:01 -08:00