| domain.c (f175221af35bedf99b201d861a0fe54e19ef36c2) | domain.c (de62de59c27881c59c7df2e535cb9e1275cd52cc) |
|---|---|
| 1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor policy attachment and domain transitions 5 * 6 * Copyright (C) 2002-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * --- 780 unchanged lines hidden (view full) --- 789 struct path_cond cond = { 790 file_inode(bprm->file)->i_uid, 791 file_inode(bprm->file)->i_mode 792 }; 793 794 if (bprm->called_set_creds) 795 return 0; 796 | 1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor policy attachment and domain transitions 5 * 6 * Copyright (C) 2002-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * --- 780 unchanged lines hidden (view full) --- 789 struct path_cond cond = { 790 file_inode(bprm->file)->i_uid, 791 file_inode(bprm->file)->i_mode 792 }; 793 794 if (bprm->called_set_creds) 795 return 0; 796 |
| 797 ctx = current_task_ctx(); | 797 ctx = task_ctx(current); |
| 798 AA_BUG(!cred_label(bprm->cred)); 799 AA_BUG(!ctx); 800 801 label = aa_get_newest_label(cred_label(bprm->cred)); 802 803 /* buffer freed below, name is pointer into buffer */ 804 get_buffers(buffer); 805 /* Test for onexec first as onexec override other x transitions. */ --- 256 unchanged lines hidden (view full) --- 1062 if (task_no_new_privs(current)) { 1063 /* not an apparmor denial per se, so don't log it */ 1064 AA_DEBUG("no_new_privs - change_hat denied"); 1065 return -EPERM; 1066 } 1067 1068 /* released below */ 1069 cred = get_current_cred(); | 798 AA_BUG(!cred_label(bprm->cred)); 799 AA_BUG(!ctx); 800 801 label = aa_get_newest_label(cred_label(bprm->cred)); 802 803 /* buffer freed below, name is pointer into buffer */ 804 get_buffers(buffer); 805 /* Test for onexec first as onexec override other x transitions. */ --- 256 unchanged lines hidden (view full) --- 1062 if (task_no_new_privs(current)) { 1063 /* not an apparmor denial per se, so don't log it */ 1064 AA_DEBUG("no_new_privs - change_hat denied"); 1065 return -EPERM; 1066 } 1067 1068 /* released below */ 1069 cred = get_current_cred(); |
| 1070 ctx = current_task_ctx(); | 1070 ctx = task_ctx(current); |
| 1071 label = aa_get_newest_cred_label(cred); 1072 previous = aa_get_newest_label(ctx->previous); 1073 1074 if (unconfined(label)) { 1075 info = "unconfined can not change_hat"; 1076 error = -EPERM; 1077 goto fail; 1078 } --- 238 unchanged lines hidden --- | 1071 label = aa_get_newest_cred_label(cred); 1072 previous = aa_get_newest_label(ctx->previous); 1073 1074 if (unconfined(label)) { 1075 info = "unconfined can not change_hat"; 1076 error = -EPERM; 1077 goto fail; 1078 } --- 238 unchanged lines hidden --- |