diff options
| author | David S. Miller <davem@davemloft.net> | 2017-10-30 14:10:01 +0900 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-10-30 21:09:24 +0900 |
| commit | e1ea2f9856b765a2eaabb403a6751f70efc9ba4c (patch) | |
| tree | 771f0f96fdab1b27757730e96d911c73f5499ee4 /security/apparmor/file.c | |
| parent | aad93c70b9a3b80dbc383a31e77a119f69bdd856 (diff) | |
| parent | 0b07194bb55ed836c2cc7c22e866b87a14681984 (diff) | |
| download | linux-e1ea2f9856b765a2eaabb403a6751f70efc9ba4c.tar.gz linux-e1ea2f9856b765a2eaabb403a6751f70efc9ba4c.tar.bz2 linux-e1ea2f9856b765a2eaabb403a6751f70efc9ba4c.zip | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Several conflicts here.
NFP driver bug fix adding nfp_netdev_is_nfp_repr() check to
nfp_fl_output() needed some adjustments because the code block is in
an else block now.
Parallel additions to net/pkt_cls.h and net/sch_generic.h
A bug fix in __tcp_retransmit_skb() conflicted with some of
the rbtree changes in net-next.
The tc action RCU callback fixes in 'net' had some overlap with some
of the recent tcf_block reworking.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/apparmor/file.c')
| -rw-r--r-- | security/apparmor/file.c | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/security/apparmor/file.c b/security/apparmor/file.c index db80221891c6..3382518b87fa 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -21,7 +21,6 @@ #include "include/context.h" #include "include/file.h" #include "include/match.h" -#include "include/net.h" #include "include/path.h" #include "include/policy.h" #include "include/label.h" @@ -567,32 +566,6 @@ static int __file_path_perm(const char *op, struct aa_label *label, return error; } -static int __file_sock_perm(const char *op, struct aa_label *label, - struct aa_label *flabel, struct file *file, - u32 request, u32 denied) -{ - struct socket *sock = (struct socket *) file->private_data; - int error; - - AA_BUG(!sock); - - /* revalidation due to label out of date. No revocation at this time */ - if (!denied && aa_label_is_subset(flabel, label)) - return 0; - - /* TODO: improve to skip profiles cached in flabel */ - error = aa_sock_file_perm(label, op, request, sock); - if (denied) { - /* TODO: improve to skip profiles checked above */ - /* check every profile in file label to is cached */ - last_error(error, aa_sock_file_perm(flabel, op, request, sock)); - } - if (!error) - update_file_ctx(file_ctx(file), label, request); - - return error; -} - /** * aa_file_perm - do permission revalidation check & audit for @file * @op: operation being checked @@ -637,9 +610,6 @@ int aa_file_perm(const char *op, struct aa_label *label, struct file *file, error = __file_path_perm(op, label, flabel, file, request, denied); - else if (S_ISSOCK(file_inode(file)->i_mode)) - error = __file_sock_perm(op, label, flabel, file, request, - denied); done: rcu_read_unlock(); |