From patchwork Tue Aug 23 09:05:49 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: John Johansen <john.johansen@canonical.com>
X-Patchwork-Id: 661788
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	by ozlabs.org (Postfix) with ESMTP id 3sJPhX4VtSz9sBc;
	Tue, 23 Aug 2016 19:07:08 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.76)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1bc7fl-0006kh-BO; Tue, 23 Aug 2016 09:07:05 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtp (Exim 4.76)
	(envelope-from <john.johansen@canonical.com>) id 1bc7fF-0006Nr-DM
	for kernel-team@lists.ubuntu.com; Tue, 23 Aug 2016 09:06:33 +0000
Received: from static-50-53-49-26.bvtn.or.frontiernet.net ([50.53.49.26]
	helo=canonical.com) by youngberry.canonical.com with esmtpsa
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <john.johansen@canonical.com>)
	id 1bc7fE-0006Vd-P2
	for kernel-team@lists.ubuntu.com; Tue, 23 Aug 2016 09:06:33 +0000
From: John Johansen <john.johansen@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 09/14] UBUNTU: SAUCE: apparmor: reduction of vec to single
	entry is just that entry
Date: Tue, 23 Aug 2016 02:05:49 -0700
Message-Id: <1471943154-14507-10-git-send-email-john.johansen@canonical.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1471943154-14507-1-git-send-email-john.johansen@canonical.com>
References: <1471943154-14507-1-git-send-email-john.johansen@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: kernel-team-bounces@lists.ubuntu.com

If the result of a merge/update/parse is a vec with a single entry
we should not be returning a reference label, but just the label
it self.

BugLink: http://bugs.launchpad.net/bugs/1615889

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/label.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/security/apparmor/label.c b/security/apparmor/label.c
index 0a1dabd..144d759 100644
--- a/security/apparmor/label.c
+++ b/security/apparmor/label.c
@@ -1077,6 +1077,12 @@ static struct aa_label *label_merge_insert(struct aa_label *new,
 	if (invcount) {
 		new->size -= aa_vec_unique(&new->vec[0], new->size,
 					   VEC_FLAG_TERMINATE);
+		/* TODO: deal with reference labels */
+		if (new->size == 1) {
+			label = aa_get_label(&new->vec[0]->label);
+			aa_put_label(new);
+			return label;
+		}
 	} else if (!stale) {
 		/* merge could be same as a || b, note: it is not possible
 		 * for new->size == a->size == b->size unless a == b */
@@ -1876,6 +1882,11 @@ struct aa_label *aa_label_parse(struct aa_label *base, const char *str,
 		return &vec[0]->label;
 
 	len -= aa_vec_unique(vec, len, VEC_FLAG_TERMINATE);
+	/* TODO: deal with reference labels */
+	if (len == 1) {
+		label = aa_get_label(&vec[0]->label);
+		goto out;
+	}
 
 	if (create)
 		label = aa_vec_find_or_create_label(vec, len, gfp);
@@ -2001,6 +2012,12 @@ static struct aa_label *__label_update(struct aa_label *label)
 	if (invcount) {
 		new->size -= aa_vec_unique(&new->vec[0], new->size,
 					   VEC_FLAG_TERMINATE);
+		/* TODO: deal with reference labels */
+		if (new->size == 1) {
+			tmp = aa_get_label(&new->vec[0]->label);
+			AA_BUG(tmp == label);
+			goto remove;
+		}
 		if (labels_set(label) != labels_set(new)) {
 			write_unlock_irqrestore(&ls->lock, flags);
 			tmp = aa_label_insert(labels_set(new), new);