Commit 482e8050 authored by John Johansen's avatar John Johansen
Browse files

apparmor: don't create raw_sha1 symlink if sha1 hashing is disabled 



Currently if sha1 hashing of policy is disabled a sha1 hash symlink
to the non-existent file is created. There is now reason to create
the symlink in this case so don't do it.

Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
parent 5bfcbd22

security/apparmor/apparmorfs.c

+9 −8
Original line number Diff line number Diff line
@@ -1736,6 +1736,7 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) 


#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY

	if (profile->rawdata) {

		if (aa_g_hash_policy) {

			dent = aafs_create("raw_sha1", S_IFLNK | 0444, dir,

					   profile->label.proxy, NULL, NULL,

					   &rawdata_link_sha1_iops);
@@ -1743,7 +1744,7 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent) 
				goto fail;

			aa_get_proxy(profile->label.proxy);

			profile->dents[AAFS_PROF_RAW_HASH] = dent;



		}

		dent = aafs_create("raw_abi", S_IFLNK | 0444, dir,

				   profile->label.proxy, NULL, NULL,

				   &rawdata_link_abi_iops);