Commit 9b829c0a authored by Ryan Lee's avatar Ryan Lee Committed by John Johansen
Browse files

apparmor: account for in_atomic removal in common_file_perm 



If we are not in an atomic context in common_file_perm, then we don't have
to use the atomic versions, resulting in improved performance outside of
atomic contexts.

Signed-off-by: default avatarRyan Lee <ryan.lee@canonical.com>
Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
parent c3f27ccd

security/apparmor/lsm.c

+2 −3
Original line number Diff line number Diff line
@@ -524,15 +524,14 @@ static int common_file_perm(const char *op, struct file *file, u32 mask) 
{

	struct aa_label *label;

	int error = 0;

	bool needput;



	/* don't reaudit files closed during inheritance */

	if (unlikely(file->f_path.dentry == aa_null.dentry))

		return -EACCES;



	label = __begin_current_label_crit_section(&needput);

	label = begin_current_label_crit_section();

	error = aa_file_perm(op, current_cred(), label, file, mask, false);

	__end_current_label_crit_section(label, needput);

	end_current_label_crit_section(label);



	return error;

}