1
Index: linux-2.6/security/apparmor/apparmor.h
2
===================================================================
3
--- linux-2.6.orig/security/apparmor/apparmor.h
4
+++ linux-2.6/security/apparmor/apparmor.h
5
@@ -141,7 +141,7 @@ extern rwlock_t profile_list_lock;
7
struct aa_task_context {
8
struct aa_profile *profile; /* The current profile */
9
- u32 hat_magic; /* used with change_hat */
10
+ u64 hat_magic; /* used with change_hat */
11
struct list_head list;
12
struct task_struct *task;
13
kernel_cap_t caps_logged;
14
@@ -235,7 +235,7 @@ extern int aa_link(struct aa_profile *pr
15
extern int aa_clone(struct task_struct *task);
16
extern int aa_register(struct linux_binprm *bprm);
17
extern void aa_release(struct task_struct *task);
18
-extern int aa_change_hat(const char *id, u32 hat_magic);
19
+extern int aa_change_hat(const char *id, u64 hat_magic);
20
extern struct aa_profile *__aa_find_profile(const char *name,
21
struct list_head *list);
22
extern struct aa_profile *aa_replace_profile(struct task_struct *task,
23
Index: linux-2.6/security/apparmor/inline.h
24
===================================================================
25
--- linux-2.6.orig/security/apparmor/inline.h
26
+++ linux-2.6/security/apparmor/inline.h
27
@@ -69,7 +69,7 @@ static inline struct aa_profile *aa_find
29
static inline void aa_change_profile(struct aa_task_context *cxt,
30
struct aa_profile *profile,
34
struct aa_profile *old_profile = cxt->profile;
36
Index: linux-2.6/security/apparmor/main.c
37
===================================================================
38
--- linux-2.6.orig/security/apparmor/main.c
39
+++ linux-2.6/security/apparmor/main.c
40
@@ -1035,7 +1035,7 @@ repeat:
42
static inline int do_change_hat(const char *hat_name,
43
struct aa_task_context *cxt,
47
struct aa_profile *sub;
49
@@ -1110,7 +1110,7 @@ static inline int do_change_hat(const ch
50
* return to original top level profile. Returns %0 on success, error
53
-int aa_change_hat(const char *hat_name, u32 hat_magic)
54
+int aa_change_hat(const char *hat_name, u64 hat_magic)
56
struct aa_task_context *cxt;
57
struct aa_profile *profile;
58
@@ -1118,7 +1118,7 @@ int aa_change_hat(const char *hat_name,
60
/* Dump out above debugging in WARN mode if we are in AUDIT mode */
61
if (APPARMOR_AUDIT(aa_task_context(current))) {
62
- AA_WARN("%s: %s, 0x%x (pid %d)\n",
63
+ AA_WARN("%s: %s, 0x%llx (pid %d)\n",
64
__FUNCTION__, hat_name ? hat_name : "NULL",
65
hat_magic, current->pid);
67
@@ -1148,7 +1148,7 @@ repeat:
68
if (profile == profile->parent) {
69
/* We are in the parent profile. */
71
- AA_DEBUG("%s: switching to %s, 0x%x\n",
72
+ AA_DEBUG("%s: switching to %s, 0x%llx\n",
76
@@ -1188,7 +1188,7 @@ repeat:
78
} else if (cxt->hat_magic) {
79
AA_ERROR("KILLING process %s(%d) "
80
- "Invalid change_hat() magic# 0x%x "
81
+ "Invalid change_hat() magic# 0x%llx "
82
"(hatname %s profile %s active %s)\n",
83
current->comm, current->pid,
85
Index: linux-2.6/security/apparmor/procattr.c
86
===================================================================
87
--- linux-2.6.orig/security/apparmor/procattr.c
88
+++ linux-2.6/security/apparmor/procattr.c
89
@@ -79,9 +79,8 @@ size_t aa_getprocattr(struct aa_profile
90
int aa_setprocattr_changehat(char *hatinfo, size_t infosize)
93
- char *token = NULL, *hat, *smagic, *tmp;
95
- int rc, len, consumed;
96
+ char *token = NULL, *hat;
99
AA_DEBUG("%s: %p %zd\n", __FUNCTION__, hatinfo, infosize);
101
@@ -92,7 +91,7 @@ int aa_setprocattr_changehat(char *hatin
109
* Copy string to a new buffer so we can play with it
110
@@ -100,50 +99,19 @@ int aa_setprocattr_changehat(char *hatin
113
token = kmalloc(infosize + 1, GFP_KERNEL);
122
memcpy(token, hatinfo, infosize);
125
- /* error is INVAL until we have at least parsed something */
129
- while (*tmp && *tmp != '^') {
133
- if (!*tmp || tmp == token) {
134
+ magic = simple_strtoull(token, &hat, 16);
135
+ if (hat == token || *hat != '^') {
136
AA_WARN("%s: Invalid input '%s'\n", __FUNCTION__, token);
140
- /* split magic and hat into two strings */
145
- * Initially set consumed=strlen(magic), as if sscanf
146
- * consumes all input via the %x it will not process the %n
147
- * directive. Otherwise, if sscanf does not consume all the
148
- * input it will process the %n and update consumed.
150
- consumed = len = strlen(smagic);
152
- rc = sscanf(smagic, "%x%n", &magic, &consumed);
154
- if (rc != 1 || consumed != len) {
155
- AA_WARN("%s: Invalid hex magic %s\n",
167
@@ -154,8 +122,8 @@ int aa_setprocattr_changehat(char *hatin
171
- AA_DEBUG("%s: Magic 0x%x Hat '%s'\n",
172
- __FUNCTION__, magic, hat ? hat : NULL);
173
+ AA_DEBUG("%s: Magic 0x%llx Hat '%s'\n",
174
+ __FUNCTION__, magic, hat ? hat : NULL);
176
error = aa_change_hat(hat, magic);