diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2024-01-19 10:53:55 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2024-01-19 10:53:55 -0800 |
| commit | 237c31cb5d83b3f77715f6d6a185f46a5ee4ec88 (patch) | |
| tree | 3f804594af7a2f6b9f4eb2f0096381416eb24f1a /security/apparmor/apparmorfs.c | |
| parent | 556e2d17cae620d549c5474b1ece053430cd50bc (diff) | |
| parent | 8ead196be219adade3bd0d4115cc9b8506643121 (diff) | |
Merge tag 'apparmor-pr-2024-01-18' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
Pull AppArmor updates from John Johansen:
"This adds a single feature, switch the hash used to check policy from
sha1 to sha256
There are fixes for two memory leaks, and refcount bug and a potential
crash when a profile name is empty. Along with a couple minor code
cleanups.
Summary:
Features
- switch policy hash from sha1 to sha256
Bug Fixes
- Fix refcount leak in task_kill
- Fix leak of pdb objects and trans_table
- avoid crash when parse profie name is empty
Cleanups
- add static to stack_msg and nulldfa
- more kernel-doc cleanups"
* tag 'apparmor-pr-2024-01-18' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
apparmor: Fix memory leak in unpack_profile()
apparmor: avoid crash when parsed profile name is empty
apparmor: fix possible memory leak in unpack_trans_table
apparmor: free the allocated pdb objects
apparmor: Fix ref count leak in task_kill
apparmor: cleanup network hook comments
apparmor: add missing params to aa_may_ptrace kernel-doc comments
apparmor: declare nulldfa as static
apparmor: declare stack_msg as static
apparmor: switch SECURITY_APPARMOR_HASH from sha1 to sha256
Diffstat (limited to 'security/apparmor/apparmorfs.c')
| -rw-r--r-- | security/apparmor/apparmorfs.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index f3c77825aa75..bcfea073e3f2 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -1474,7 +1474,7 @@ int __aa_fs_create_rawdata(struct aa_ns *ns, struct aa_loaddata *rawdata) rawdata->dents[AAFS_LOADDATA_REVISION] = dent; if (aa_g_hash_policy) { - dent = aafs_create_file("sha1", S_IFREG | 0444, dir, + dent = aafs_create_file("sha256", S_IFREG | 0444, dir, rawdata, &seq_rawdata_hash_fops); if (IS_ERR(dent)) goto fail; @@ -1643,11 +1643,11 @@ static const char *rawdata_get_link_base(struct dentry *dentry, return target; } -static const char *rawdata_get_link_sha1(struct dentry *dentry, +static const char *rawdata_get_link_sha256(struct dentry *dentry, struct inode *inode, struct delayed_call *done) { - return rawdata_get_link_base(dentry, inode, done, "sha1"); + return rawdata_get_link_base(dentry, inode, done, "sha256"); } static const char *rawdata_get_link_abi(struct dentry *dentry, @@ -1664,8 +1664,8 @@ static const char *rawdata_get_link_data(struct dentry *dentry, return rawdata_get_link_base(dentry, inode, done, "raw_data"); } -static const struct inode_operations rawdata_link_sha1_iops = { - .get_link = rawdata_get_link_sha1, +static const struct inode_operations rawdata_link_sha256_iops = { + .get_link = rawdata_get_link_sha256, }; static const struct inode_operations rawdata_link_abi_iops = { @@ -1738,7 +1738,7 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) profile->dents[AAFS_PROF_ATTACH] = dent; if (profile->hash) { - dent = create_profile_file(dir, "sha1", profile, + dent = create_profile_file(dir, "sha256", profile, &seq_profile_hash_fops); if (IS_ERR(dent)) goto fail; @@ -1748,9 +1748,9 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY if (profile->rawdata) { if (aa_g_hash_policy) { - dent = aafs_create("raw_sha1", S_IFLNK | 0444, dir, + dent = aafs_create("raw_sha256", S_IFLNK | 0444, dir, profile->label.proxy, NULL, NULL, - &rawdata_link_sha1_iops); + &rawdata_link_sha256_iops); if (IS_ERR(dent)) goto fail; aa_get_proxy(profile->label.proxy); |