[apparmor] [PATCH] apparmor: call aa_map_file_to_perms just once for apparmor_file_open mqueue
Ryan Lee
ryan.lee at canonical.com
Tue Mar 11 01:12:50 UTC 2025
aa_map_file_to_perms does not change the file, so the info extracted into
the allow variable can be used for the call to aa_mqueue_perm instead of
being computed again.
Signed-off-by: Ryan Lee <ryan.lee at canonical.com>
---
security/apparmor/lsm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index d0facedb1cfd..11ace667cbbf 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -671,10 +671,10 @@ static int apparmor_file_open(struct file *file)
cond.uid = vfsuid_into_kuid(vfsuid);
if (is_mqueue_inode(file_inode(file))){
+ allow = aa_map_file_to_perms(file);
error = aa_mqueue_perm(OP_OPEN, file->f_cred,
label, &file->f_path,
- aa_map_file_to_perms(file));
- allow = aa_map_file_to_perms(file);
+ allow);
} else {
/* will be intersected and reduced with each profile */
allow = ALL_PERMS_MASK;
base-kernel: Ubuntu-hwe-6.11-6.11.0-19.19~24.04.1
--
2.43.0
More information about the AppArmor
mailing list