apparmor: allow ns visibility question to consider subnses
Signed-off-by: John Johansen <john.johansen@canonical.com>zero-colors
John Johansen
parent
31617ddfdd
commit
92b6d8eff5
|
|
@ -750,7 +750,7 @@ static int seq_show_profile(struct seq_file *f, void *p)
|
|||
struct aa_ns *root = f->private;
|
||||
|
||||
if (profile->ns != root)
|
||||
seq_printf(f, ":%s://", aa_ns_name(root, profile->ns));
|
||||
seq_printf(f, ":%s://", aa_ns_name(root, profile->ns, true));
|
||||
seq_printf(f, "%s (%s)\n", profile->base.hname,
|
||||
aa_profile_mode_names[profile->mode]);
|
||||
|
||||
|
|
|
|||
|
|
@ -74,8 +74,8 @@ extern struct aa_ns *root_ns;
|
|||
|
||||
extern const char *aa_hidden_ns_name;
|
||||
|
||||
bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view);
|
||||
const char *aa_ns_name(struct aa_ns *parent, struct aa_ns *child);
|
||||
bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view, bool subns);
|
||||
const char *aa_ns_name(struct aa_ns *parent, struct aa_ns *child, bool subns);
|
||||
void aa_free_ns(struct aa_ns *ns);
|
||||
int aa_alloc_root_ns(void);
|
||||
void aa_free_root_ns(void);
|
||||
|
|
|
|||
|
|
@ -33,18 +33,23 @@ const char *aa_hidden_ns_name = "---";
|
|||
* aa_ns_visible - test if @view is visible from @curr
|
||||
* @curr: namespace to treat as the parent (NOT NULL)
|
||||
* @view: namespace to test if visible from @curr (NOT NULL)
|
||||
* @subns: whether view of a subns is allowed
|
||||
*
|
||||
* Returns: true if @view is visible from @curr else false
|
||||
*/
|
||||
bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view)
|
||||
bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view, bool subns)
|
||||
{
|
||||
if (curr == view)
|
||||
return true;
|
||||
|
||||
if (!subns)
|
||||
return false;
|
||||
|
||||
for ( ; view; view = view->parent) {
|
||||
if (view->parent == curr)
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -52,16 +57,17 @@ bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view)
|
|||
* aa_na_name - Find the ns name to display for @view from @curr
|
||||
* @curr - current namespace (NOT NULL)
|
||||
* @view - namespace attempting to view (NOT NULL)
|
||||
* @subns - are subns visible
|
||||
*
|
||||
* Returns: name of @view visible from @curr
|
||||
*/
|
||||
const char *aa_ns_name(struct aa_ns *curr, struct aa_ns *view)
|
||||
const char *aa_ns_name(struct aa_ns *curr, struct aa_ns *view, bool subns)
|
||||
{
|
||||
/* if view == curr then the namespace name isn't displayed */
|
||||
if (curr == view)
|
||||
return "";
|
||||
|
||||
if (aa_ns_visible(curr, view)) {
|
||||
if (aa_ns_visible(curr, view, subns)) {
|
||||
/* at this point if a ns is visible it is in a view ns
|
||||
* thus the curr ns.hname is a prefix of its name.
|
||||
* Only output the virtualized portion of the name
|
||||
|
|
|
|||
|
|
@ -44,10 +44,10 @@ int aa_getprocattr(struct aa_profile *profile, char **string)
|
|||
struct aa_ns *current_ns = __aa_current_profile()->ns;
|
||||
char *s;
|
||||
|
||||
if (!aa_ns_visible(current_ns, ns))
|
||||
if (!aa_ns_visible(current_ns, ns, true))
|
||||
return -EACCES;
|
||||
|
||||
ns_name = aa_ns_name(current_ns, ns);
|
||||
ns_name = aa_ns_name(current_ns, ns, true);
|
||||
ns_len = strlen(ns_name);
|
||||
|
||||
/* if the visible ns_name is > 0 increase size for : :// seperator */
|
||||
|
|
|
|||
Loading…
Reference in New Issue