diff options
Diffstat (limited to 'security/apparmor/policy_unpack.c')
-rw-r--r-- | security/apparmor/policy_unpack.c | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 8f8e9c1d933..deab7c7e8dc 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -193,19 +193,6 @@ fail: return 0; } -static bool unpack_u16(struct aa_ext *e, u16 *data, const char *name) -{ - if (unpack_nameX(e, AA_U16, name)) { - if (!inbounds(e, sizeof(u16))) - return 0; - if (data) - *data = le16_to_cpu(get_unaligned((u16 *) e->pos)); - e->pos += sizeof(u16); - return 1; - } - return 0; -} - static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name) { if (unpack_nameX(e, AA_U32, name)) { @@ -484,7 +471,6 @@ static struct aa_profile *unpack_profile(struct aa_ext *e) { struct aa_profile *profile = NULL; const char *name = NULL; - size_t size = 0; int i, error = -EPROTO; kernel_cap_t tmpcap; u32 tmp; @@ -578,38 +564,6 @@ static struct aa_profile *unpack_profile(struct aa_ext *e) if (!unpack_rlimits(e, profile)) goto fail; - size = unpack_array(e, "net_allowed_af"); - if (size) { - - for (i = 0; i < size; i++) { - /* discard extraneous rules that this kernel will - * never request - */ - if (i >= AF_MAX) { - u16 tmp; - if (!unpack_u16(e, &tmp, NULL) || - !unpack_u16(e, &tmp, NULL) || - !unpack_u16(e, &tmp, NULL)) - goto fail; - continue; - } - if (!unpack_u16(e, &profile->net.allow[i], NULL)) - goto fail; - if (!unpack_u16(e, &profile->net.audit[i], NULL)) - goto fail; - if (!unpack_u16(e, &profile->net.quiet[i], NULL)) - goto fail; - } - if (!unpack_nameX(e, AA_ARRAYEND, NULL)) - goto fail; - } - /* - * allow unix domain and netlink sockets they are handled - * by IPC - */ - profile->net.allow[AF_UNIX] = 0xffff; - profile->net.allow[AF_NETLINK] = 0xffff; - if (unpack_nameX(e, AA_STRUCT, "policydb")) { /* generic policy dfa - optional and may be NULL */ profile->policy.dfa = unpack_dfa(e); |