[apparmor] [PATCH 17/36] apparmor: reuse name string from previous profile

John Johansen john.johansen at canonical.com
Thu May 16 05:30:52 UTC 2013 

On 05/14/2013 07:05 PM, Seth Arnold wrote:
> On Wed, May 01, 2013 at 02:31:02PM -0700, John Johansen wrote:
>> For profiles that have been replaced reuse the name string so the
>> old and new version of the profile share the same string.  This will
>> make some checks/comparisons in labeling quicker.
> 
>> +static void share_name(struct aa_profile *old, struct aa_profile *new)
>> +{
>> +	aa_put_str(new->base.hname);
>> +	aa_get_str(old->base.hname);
>> +	new->base.hname = old->base.hname;
>> +	new->base.name = old->base.name;
>> +}
>> +
>>  /**
>>   * aa_replace_profiles - replace profile(s) on the profile list
>>   * @udata: serialized data stream  (NOT NULL)
>> @@ -1197,6 +1211,7 @@ ssize_t aa_replace_profiles(void *udata, size_t size, bool noreplace)
>>  		audit_policy(op, GFP_ATOMIC, ent->new->base.name, NULL, error);
>>  
>>  		if (ent->old) {
>> +			share_name(ent->old, ent->new);
>>  			__replace_profile(ent->old, ent->new, 1);
>>  			if (ent->rename) {
>>  			/* aafs interface uses replacedby */
> 
> Is this the proper location for share_name()? In the ent->rename case,
> wouldn't you want the new name and hname to survive, rather than be
> replaced by the old name and hname?
> 
in this case there is an old profile of the same name and a rename profile

Basically,
We have the profiles O and R in the profile list

we load a new profile named O that indicates it is renaming R

what happens is both R and O will be replaced by the new O, resulting in
a merging of the two profiles

the sharing of the name is happening between the old profile and the new
profile with the same name. The original profile being renamed retains
its name and its replacedby struct

in ascii art it looks like

    +---+                +---+
    |old|---->+----+<----|new|
    | O |     |name|     | O |
    |   |     +----+     |   |
    |rby|---->+----+<----|rby|
    |   |     |repl|---->|   |
    +---+     +----+     +---+
                           ^
                           |
    +---+                  |
    |old|                  |
    | R |                  |
    |   |                  |
    |rby|---->+----+       |
    |   |     |repl|-------+
    +---+     +----+

More information about the AppArmor mailing list