]>
Commit | Line | Data |
---|---|---|
daaa955e AM |
1 | From ba3f778a2ef31454032c2ca9c99d9212feb4dcf1 Mon Sep 17 00:00:00 2001 |
2 | From: John Johansen <john.johansen@canonical.com> | |
3 | Date: Tue, 18 Jul 2017 23:41:13 -0700 | |
4 | Subject: [PATCH 11/17] apparmor: add more debug asserts to apparmorfs | |
5 | ||
6 | Signed-off-by: John Johansen <john.johansen@canonical.com> | |
7 | Acked-by: Seth Arnold <seth.arnold@canonical.com> | |
8 | (cherry picked from commit 52c9542126fb04df1f12c605b6c22719c9096794) | |
9 | --- | |
10 | security/apparmor/apparmorfs.c | 17 +++++++++++++++++ | |
11 | 1 file changed, 17 insertions(+) | |
12 | ||
13 | diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c | |
14 | index 8fa6c898c44b..7acea14c850b 100644 | |
15 | --- a/security/apparmor/apparmorfs.c | |
16 | +++ b/security/apparmor/apparmorfs.c | |
17 | @@ -1446,6 +1446,10 @@ void __aafs_profile_migrate_dents(struct aa_profile *old, | |
18 | { | |
19 | int i; | |
20 | ||
21 | + AA_BUG(!old); | |
22 | + AA_BUG(!new); | |
23 | + AA_BUG(!mutex_is_locked(&profiles_ns(old)->lock)); | |
24 | + | |
25 | for (i = 0; i < AAFS_PROF_SIZEOF; i++) { | |
26 | new->dents[i] = old->dents[i]; | |
27 | if (new->dents[i]) | |
28 | @@ -1509,6 +1513,9 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) | |
29 | struct dentry *dent = NULL, *dir; | |
30 | int error; | |
31 | ||
32 | + AA_BUG(!profile); | |
33 | + AA_BUG(!mutex_is_locked(&profiles_ns(profile)->lock)); | |
34 | + | |
35 | if (!parent) { | |
36 | struct aa_profile *p; | |
37 | p = aa_deref_parent(profile); | |
38 | @@ -1734,6 +1741,7 @@ void __aafs_ns_rmdir(struct aa_ns *ns) | |
39 | ||
40 | if (!ns) | |
41 | return; | |
42 | + AA_BUG(!mutex_is_locked(&ns->lock)); | |
43 | ||
44 | list_for_each_entry(child, &ns->base.profiles, base.list) | |
45 | __aafs_profile_rmdir(child); | |
46 | @@ -1906,6 +1914,10 @@ static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns) | |
47 | { | |
48 | struct aa_ns *parent, *next; | |
49 | ||
50 | + AA_BUG(!root); | |
51 | + AA_BUG(!ns); | |
52 | + AA_BUG(ns != root && !mutex_is_locked(&ns->parent->lock)); | |
53 | + | |
54 | /* is next namespace a child */ | |
55 | if (!list_empty(&ns->sub_ns)) { | |
56 | next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list); | |
57 | @@ -1940,6 +1952,9 @@ static struct aa_ns *__next_ns(struct aa_ns *root, struct aa_ns *ns) | |
58 | static struct aa_profile *__first_profile(struct aa_ns *root, | |
59 | struct aa_ns *ns) | |
60 | { | |
61 | + AA_BUG(!root); | |
62 | + AA_BUG(ns && !mutex_is_locked(&ns->lock)); | |
63 | + | |
64 | for (; ns; ns = __next_ns(root, ns)) { | |
65 | if (!list_empty(&ns->base.profiles)) | |
66 | return list_first_entry(&ns->base.profiles, | |
67 | @@ -1962,6 +1977,8 @@ static struct aa_profile *__next_profile(struct aa_profile *p) | |
68 | struct aa_profile *parent; | |
69 | struct aa_ns *ns = p->ns; | |
70 | ||
71 | + AA_BUG(!mutex_is_locked(&profiles_ns(p)->lock)); | |
72 | + | |
73 | /* is next profile a child */ | |
74 | if (!list_empty(&p->base.profiles)) | |
75 | return list_first_entry(&p->base.profiles, typeof(*p), | |
76 | -- | |
77 | 2.11.0 | |
78 |