From 2a9e9a8a2570697df0b41e367804daa6aa47970c Mon Sep 17 00:00:00 2001 From: John Johansen Date: Wed, 12 Oct 2022 04:29:03 -0700 Subject: [PATCH] UBUNTU: SAUCE: apparmor: Fix getattr mediation causing snap failures The first state entry (0 index) in the computed permission table needs permission mapping applied to it. Otherwise it will not match the perm mapping and result in GETATTR being denied if the 0 index permission is referenced by a state. BugLink: http://bugs.launchpad.net/bugs/1991691 Fixes: 7c811ce68b1e ("UBUNTU: SAUCE: apparmor-next 6.1: apparmor: compute file permissions on profile load") Signed-off-by: John Johansen --- security/apparmor/policy_compat.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/security/apparmor/policy_compat.c b/security/apparmor/policy_compat.c index 9e52e218bf30..cc89d1e88fb7 100644 --- a/security/apparmor/policy_compat.c +++ b/security/apparmor/policy_compat.c @@ -160,8 +160,7 @@ static struct aa_perms *compute_fperms(struct aa_dfa *dfa) if (!table) return NULL; - /* zero init so skip the trap state (state == 0) */ - for (state = 1; state < state_count; state++) { + for (state = 0; state < state_count; state++) { table[state * 2] = compute_fperms_user(dfa, state); table[state * 2 + 1] = compute_fperms_other(dfa, state); } -- 2.34.1