projects / packages / kernel.git / blame
| Commit | Line | Data |
|---|---|---|
| daaa955e AM |
1 | From ba3f778a2ef31454032c2ca9c99d9212feb4dcf1 Mon Sep 17 00:00:00 2001 |
| 2 | From: John Johansen <john.johansen@canonical.com> | |
| 3 | Date: Tue, 18 Jul 2017 23:41:13 -0700 | |
| 4 | Subject: [PATCH 11/17] apparmor: add more debug asserts to apparmorfs | |
| 5 | ||
| 6 | Signed-off-by: John Johansen <john.johansen@canonical.com> | |
| 7 | Acked-by: Seth Arnold <seth.arnold@canonical.com> | |
| 8 | (cherry picked from commit 52c9542126fb04df1f12c605b6c22719c9096794) | |
| 9 | --- | |
| 10 | security/apparmor/apparmorfs.c | 17 +++++++++++++++++ | |
| 11 | 1 file changed, 17 insertions(+) | |
| 12 | ||
| 13 | diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c | |
| 14 | index 8fa6c898c44b..7acea14c850b 100644 | |
| 15 | --- a/security/apparmor/apparmorfs.c | |
| 16 | +++ b/security/apparmor/apparmorfs.c | |
| 17 | @@ -1446,6 +1446,10 @@ void __aafs_profile_migrate_dents(struct aa_profile *old, | |
| 18 | { | |
| 19 | int i; | |
| 20 | ||
| 21 | + AA_BUG(!old); | |
| 22 | + AA_BUG(!new); | |
| 23 | + AA_BUG(!mutex_is_locked(&profiles_ns(old)->lock)); | |
| 24 | + | |
| 25 | for (i = 0; i < AAFS_PROF_SIZEOF; i++) { | |
| 26 | new->dents[i] = old->dents[i]; | |
| 27 | if (new->dents[i]) | |
| 28 | @@ -1509,6 +1513,9 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) | |
| 29 | struct dentry *dent = NULL, *dir; | |
| 30 | int error; | |
| 31 | ||
| 32 | + AA_BUG(!profile); | |
| 33 | + AA_BUG(!mutex_is_locked(&profiles_ns(profile)->lock)); | |
| 34 | + | |
| 35 | if (!parent) { | |
| 36 | struct aa_profile *p; | |
| 37 | p = aa_deref_parent(profile); | |
| 38 | @@ -1734,6 +1741,7 @@ void __aafs_ns_rmdir(struct aa_ns *ns) | |
| 39 | ||
| 40 | if (!ns) | |
| 41 | return; | |
| 42 | + AA_BUG(!mutex_is_locked(&ns->lock)); | |
| 43 | ||
| 44 | list_for_each_entry(child, &ns->base.profiles, base.list) | |
| 45 | __aafs_profile_rmdir(child); | |
| 46 | @@ -1906,6 +1914,10 @@ static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns) | |
| 47 | { | |
| 48 | struct aa_ns *parent, *next; | |
| 49 | ||
| 50 | + AA_BUG(!root); | |
| 51 | + AA_BUG(!ns); | |
| 52 | + AA_BUG(ns != root && !mutex_is_locked(&ns->parent->lock)); | |
| 53 | + | |
| 54 | /* is next namespace a child */ | |
| 55 | if (!list_empty(&ns->sub_ns)) { | |
| 56 | next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list); | |
| 57 | @@ -1940,6 +1952,9 @@ static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns) | |
| 58 | static struct aa_profile *__first_profile(struct aa_ns *root, | |
| 59 | struct aa_ns *ns) | |
| 60 | { | |
| 61 | + AA_BUG(!root); | |
| 62 | + AA_BUG(ns && !mutex_is_locked(&ns->lock)); | |
| 63 | + | |
| 64 | for (; ns; ns = __next_ns(root, ns)) { | |
| 65 | if (!list_empty(&ns->base.profiles)) | |
| 66 | return list_first_entry(&ns->base.profiles, | |
| 67 | @@ -1962,6 +1977,8 @@ static struct aa_profile *__next_profile(struct aa_profile *p) | |
| 68 | struct aa_profile *parent; | |
| 69 | struct aa_ns *ns = p->ns; | |
| 70 | ||
| 71 | + AA_BUG(!mutex_is_locked(&profiles_ns(p)->lock)); | |
| 72 | + | |
| 73 | /* is next profile a child */ | |
| 74 | if (!list_empty(&p->base.profiles)) | |
| 75 | return list_first_entry(&p->base.profiles, typeof(*p), | |
| 76 | -- | |
| 77 | 2.11.0 | |
| 78 |