[apparmor] [PATCH 28/36] apparmor: remove FLAG_MEDIATE_DELETED

Wed, 01 May 2013 14:33:06 -0700 

The label FLAG_MEDIATE_DELETED will never be set as it is not part of
the policy stream (PATH_MEDIATED_DELETED is used), and it is never
used outside of policy load (where it has no affect).

Signed-off-by: John Johansen <john.johan...@canonical.com>
---
 security/apparmor/include/label.h | 2 +-
 security/apparmor/include/path.h  | 2 +-
 security/apparmor/policy_unpack.c | 8 +++-----
 3 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/security/apparmor/include/label.h 
b/security/apparmor/include/label.h
index f21dd40..eb70520 100644
--- a/security/apparmor/include/label.h
+++ b/security/apparmor/include/label.h
@@ -117,7 +117,7 @@ enum label_flags {
        FLAG_REVOKED = 0x2000,          /* label has revocation in it */
 
        /* These flags must correspond with PATH_flags */
-       FLAG_MEDIATE_DELETED = 0x10000, /* mediate instead delegate deleted */
+       /* TODO: add new path flags */
 };
 
 struct aa_label;
diff --git a/security/apparmor/include/path.h b/security/apparmor/include/path.h
index 286ac75..04727e5 100644
--- a/security/apparmor/include/path.h
+++ b/security/apparmor/include/path.h
@@ -23,7 +23,7 @@ enum path_flags {
        PATH_CHROOT_NSCONNECT = 0x10,   /* connect paths that are at ns root */
 
        PATH_DELEGATE_DELETED = 0x08000, /* delegate deleted files */
-       PATH_MEDIATE_DELETED = 0x10000, /* mediate deleted paths */
+       PATH_MEDIATE_DELETED = 0x10000,  /* mediate deleted paths */
 };
 
 int aa_path_name(struct path *path, int flags, char **buffer,
diff --git a/security/apparmor/policy_unpack.c 
b/security/apparmor/policy_unpack.c
index c48eff2..13a14bc 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -25,6 +25,7 @@
 #include "include/audit.h"
 #include "include/context.h"
 #include "include/match.h"
+#include "include/path.h"
 #include "include/policy.h"
 #include "include/policy_unpack.h"
 
@@ -532,12 +533,9 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
                goto fail;
 
        /* path_flags is optional */
-       if (unpack_u32(e, &profile->path_flags, "path_flags"))
-               profile->path_flags |= profile->label.flags &
-                       FLAG_MEDIATE_DELETED;
-       else
+       if (!unpack_u32(e, &profile->path_flags, "path_flags"))
                /* set a default value if path_flags field is not present */
-               profile->path_flags = FLAG_MEDIATE_DELETED;
+               profile->path_flags = PATH_MEDIATE_DELETED;
 
        if (!unpack_u32(e, &(profile->caps.allow.cap[0]), NULL))
                goto fail;
-- 
1.8.1.2


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to