On 7/4/23 01:56, Minjie Du wrote:
Fix: delate duplicate logical judgments:
aa_unpack_u32(e, &perm->allow, NULL);
Please check this. Thank you!
Signed-off-by: Minjie Du <[email protected]>
NAK, it is a bug but not in a way that we can do this, which will break the
unpack. The first entry is reserved, and for the moment should be skipped.
Double loading to
&perm->allow, effectively does that but was not what was intended either. There
is a patch coming that loads the first entry to a tmp variable and does a check that
it is 0.
---
security/apparmor/policy_unpack.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/security/apparmor/policy_unpack.c
b/security/apparmor/policy_unpack.c
index 694fb7a09..2069adf0a 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -646,7 +646,6 @@ static bool unpack_perm(struct aa_ext *e, u32 version,
struct aa_perms *perm)
return false;
return aa_unpack_u32(e, &perm->allow, NULL) &&
- aa_unpack_u32(e, &perm->allow, NULL) &&
aa_unpack_u32(e, &perm->deny, NULL) &&
aa_unpack_u32(e, &perm->subtree, NULL) &&
aa_unpack_u32(e, &perm->cond, NULL) &&
