[apparmor] [PATCH 17/36] apparmor: reuse name string from previous profile
Seth Arnold
seth.arnold at canonical.com
Wed May 15 02:05:36 UTC 2013
On Wed, May 01, 2013 at 02:31:02PM -0700, John Johansen wrote:
> For profiles that have been replaced reuse the name string so the
> old and new version of the profile share the same string. This will
> make some checks/comparisons in labeling quicker.
> +static void share_name(struct aa_profile *old, struct aa_profile *new)
> +{
> + aa_put_str(new->base.hname);
> + aa_get_str(old->base.hname);
> + new->base.hname = old->base.hname;
> + new->base.name = old->base.name;
> +}
> +
> /**
> * aa_replace_profiles - replace profile(s) on the profile list
> * @udata: serialized data stream (NOT NULL)
> @@ -1197,6 +1211,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
> audit_policy(op, GFP_ATOMIC, ent->new->base.name, NULL, error);
>
> if (ent->old) {
> + share_name(ent->old, ent->new);
> __replace_profile(ent->old, ent->new, 1);
> if (ent->rename) {
> /* aafs interface uses replacedby */
Is this the proper location for share_name()? In the ent->rename case,
wouldn't you want the new name and hname to survive, rather than be
replaced by the old name and hname?
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130514/ef143838/attachment.pgp>
More information about the AppArmor
mailing list