mirror of
https://github.com/torvalds/linux
synced 2024-07-21 02:23:16 +00:00
apparmor: provide separate audit messages for file and policy checks
Improve policy load failure messages by identifying which dfa the verification check failed in. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
parent
90c436a64a
commit
75c77e9e07
|
@ -1240,12 +1240,18 @@ static int verify_profile(struct aa_profile *profile)
|
|||
if (!rules)
|
||||
return 0;
|
||||
|
||||
if ((rules->file.dfa && !verify_dfa_accept_index(rules->file.dfa,
|
||||
rules->file.size)) ||
|
||||
(rules->policy.dfa &&
|
||||
!verify_dfa_accept_index(rules->policy.dfa, rules->policy.size))) {
|
||||
if (rules->file.dfa && !verify_dfa_accept_index(rules->file.dfa,
|
||||
rules->file.size)) {
|
||||
audit_iface(profile, NULL, NULL,
|
||||
"Unpack: Invalid named transition", NULL, -EPROTO);
|
||||
"Unpack: file Invalid named transition", NULL,
|
||||
-EPROTO);
|
||||
return -EPROTO;
|
||||
}
|
||||
if (rules->policy.dfa &&
|
||||
!verify_dfa_accept_index(rules->policy.dfa, rules->policy.size)) {
|
||||
audit_iface(profile, NULL, NULL,
|
||||
"Unpack: policy Invalid named transition", NULL,
|
||||
-EPROTO);
|
||||
return -EPROTO;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue