Commit | Line | Data |
---|---|---|
6380bd8d JJ |
1 | /* |
2 | * AppArmor security module | |
3 | * | |
4 | * This file contains AppArmor mediation of files | |
5 | * | |
6 | * Copyright (C) 1998-2008 Novell/SUSE | |
7 | * Copyright 2009-2010 Canonical Ltd. | |
8 | * | |
9 | * This program is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU General Public License as | |
11 | * published by the Free Software Foundation, version 2 of the | |
12 | * License. | |
13 | */ | |
14 | ||
192ca6b5 JJ |
15 | #include <linux/tty.h> |
16 | #include <linux/fdtable.h> | |
17 | #include <linux/file.h> | |
18 | ||
6380bd8d JJ |
19 | #include "include/apparmor.h" |
20 | #include "include/audit.h" | |
192ca6b5 | 21 | #include "include/context.h" |
6380bd8d JJ |
22 | #include "include/file.h" |
23 | #include "include/match.h" | |
24 | #include "include/path.h" | |
25 | #include "include/policy.h" | |
26 | ||
e53cfe6c JJ |
27 | static u32 map_mask_to_chr_mask(u32 mask) |
28 | { | |
29 | u32 m = mask & PERMS_CHRS_MASK; | |
30 | ||
31 | if (mask & AA_MAY_GETATTR) | |
32 | m |= MAY_READ; | |
33 | if (mask & (AA_MAY_SETATTR | AA_MAY_CHMOD | AA_MAY_CHOWN)) | |
34 | m |= MAY_WRITE; | |
35 | ||
36 | return m; | |
37 | } | |
6380bd8d JJ |
38 | |
39 | /** | |
40 | * audit_file_mask - convert mask to permission string | |
41 | * @buffer: buffer to write string to (NOT NULL) | |
42 | * @mask: permission mask to convert | |
43 | */ | |
44 | static void audit_file_mask(struct audit_buffer *ab, u32 mask) | |
45 | { | |
46 | char str[10]; | |
47 | ||
e53cfe6c | 48 | aa_perm_mask_to_str(str, aa_file_perm_chrs, map_mask_to_chr_mask(mask)); |
6380bd8d JJ |
49 | audit_log_string(ab, str); |
50 | } | |
51 | ||
52 | /** | |
53 | * file_audit_cb - call back for file specific audit fields | |
54 | * @ab: audit_buffer (NOT NULL) | |
55 | * @va: audit struct to audit values of (NOT NULL) | |
56 | */ | |
57 | static void file_audit_cb(struct audit_buffer *ab, void *va) | |
58 | { | |
59 | struct common_audit_data *sa = va; | |
2db81452 | 60 | kuid_t fsuid = current_fsuid(); |
6380bd8d | 61 | |
aa9aeea8 | 62 | if (aad(sa)->request & AA_AUDIT_FILE_MASK) { |
6380bd8d | 63 | audit_log_format(ab, " requested_mask="); |
aa9aeea8 | 64 | audit_file_mask(ab, aad(sa)->request); |
6380bd8d | 65 | } |
aa9aeea8 | 66 | if (aad(sa)->denied & AA_AUDIT_FILE_MASK) { |
6380bd8d | 67 | audit_log_format(ab, " denied_mask="); |
aa9aeea8 | 68 | audit_file_mask(ab, aad(sa)->denied); |
6380bd8d | 69 | } |
aa9aeea8 | 70 | if (aad(sa)->request & AA_AUDIT_FILE_MASK) { |
2db81452 EB |
71 | audit_log_format(ab, " fsuid=%d", |
72 | from_kuid(&init_user_ns, fsuid)); | |
73 | audit_log_format(ab, " ouid=%d", | |
ef88a7ac | 74 | from_kuid(&init_user_ns, aad(sa)->fs.ouid)); |
6380bd8d JJ |
75 | } |
76 | ||
ef88a7ac | 77 | if (aad(sa)->fs.target) { |
6380bd8d | 78 | audit_log_format(ab, " target="); |
ef88a7ac | 79 | audit_log_untrustedstring(ab, aad(sa)->fs.target); |
6380bd8d JJ |
80 | } |
81 | } | |
82 | ||
83 | /** | |
84 | * aa_audit_file - handle the auditing of file operations | |
85 | * @profile: the profile being enforced (NOT NULL) | |
86 | * @perms: the permissions computed for the request (NOT NULL) | |
87 | * @gfp: allocation flags | |
88 | * @op: operation being mediated | |
89 | * @request: permissions requested | |
90 | * @name: name of object being mediated (MAYBE NULL) | |
91 | * @target: name of target (MAYBE NULL) | |
92 | * @ouid: object uid | |
93 | * @info: extra information message (MAYBE NULL) | |
94 | * @error: 0 if operation allowed else failure error code | |
95 | * | |
96 | * Returns: %0 or error on failure | |
97 | */ | |
2d679f3c | 98 | int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms, |
ef88a7ac | 99 | const char *op, u32 request, const char *name, |
2db81452 | 100 | const char *target, kuid_t ouid, const char *info, int error) |
6380bd8d JJ |
101 | { |
102 | int type = AUDIT_APPARMOR_AUTO; | |
ef88a7ac JJ |
103 | DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_TASK, op); |
104 | ||
105 | sa.u.tsk = NULL; | |
aa9aeea8 | 106 | aad(&sa)->request = request; |
ef88a7ac JJ |
107 | aad(&sa)->name = name; |
108 | aad(&sa)->fs.target = target; | |
109 | aad(&sa)->fs.ouid = ouid; | |
110 | aad(&sa)->info = info; | |
111 | aad(&sa)->error = error; | |
b6b1b81b | 112 | sa.u.tsk = NULL; |
ef88a7ac JJ |
113 | |
114 | if (likely(!aad(&sa)->error)) { | |
6380bd8d JJ |
115 | u32 mask = perms->audit; |
116 | ||
117 | if (unlikely(AUDIT_MODE(profile) == AUDIT_ALL)) | |
118 | mask = 0xffff; | |
119 | ||
120 | /* mask off perms that are not being force audited */ | |
aa9aeea8 | 121 | aad(&sa)->request &= mask; |
6380bd8d | 122 | |
aa9aeea8 | 123 | if (likely(!aad(&sa)->request)) |
6380bd8d JJ |
124 | return 0; |
125 | type = AUDIT_APPARMOR_AUDIT; | |
126 | } else { | |
127 | /* only report permissions that were denied */ | |
aa9aeea8 JJ |
128 | aad(&sa)->request = aad(&sa)->request & ~perms->allow; |
129 | AA_BUG(!aad(&sa)->request); | |
6380bd8d | 130 | |
aa9aeea8 | 131 | if (aad(&sa)->request & perms->kill) |
6380bd8d JJ |
132 | type = AUDIT_APPARMOR_KILL; |
133 | ||
134 | /* quiet known rejects, assumes quiet and kill do not overlap */ | |
aa9aeea8 | 135 | if ((aad(&sa)->request & perms->quiet) && |
6380bd8d JJ |
136 | AUDIT_MODE(profile) != AUDIT_NOQUIET && |
137 | AUDIT_MODE(profile) != AUDIT_ALL) | |
aa9aeea8 | 138 | aad(&sa)->request &= ~perms->quiet; |
6380bd8d | 139 | |
aa9aeea8 | 140 | if (!aad(&sa)->request) |
ef88a7ac | 141 | return COMPLAIN_MODE(profile) ? 0 : aad(&sa)->error; |
6380bd8d JJ |
142 | } |
143 | ||
aa9aeea8 | 144 | aad(&sa)->denied = aad(&sa)->request & ~perms->allow; |
ef88a7ac | 145 | return aa_audit(type, profile, &sa, file_audit_cb); |
6380bd8d JJ |
146 | } |
147 | ||
148 | /** | |
149 | * map_old_perms - map old file perms layout to the new layout | |
150 | * @old: permission set in old mapping | |
151 | * | |
152 | * Returns: new permission mapping | |
153 | */ | |
154 | static u32 map_old_perms(u32 old) | |
155 | { | |
156 | u32 new = old & 0xf; | |
157 | if (old & MAY_READ) | |
e53cfe6c | 158 | new |= AA_MAY_GETATTR | AA_MAY_OPEN; |
6380bd8d | 159 | if (old & MAY_WRITE) |
e53cfe6c JJ |
160 | new |= AA_MAY_SETATTR | AA_MAY_CREATE | AA_MAY_DELETE | |
161 | AA_MAY_CHMOD | AA_MAY_CHOWN | AA_MAY_OPEN; | |
6380bd8d JJ |
162 | if (old & 0x10) |
163 | new |= AA_MAY_LINK; | |
164 | /* the old mapping lock and link_subset flags where overlaid | |
165 | * and use was determined by part of a pair that they were in | |
166 | */ | |
167 | if (old & 0x20) | |
168 | new |= AA_MAY_LOCK | AA_LINK_SUBSET; | |
169 | if (old & 0x40) /* AA_EXEC_MMAP */ | |
170 | new |= AA_EXEC_MMAP; | |
171 | ||
6380bd8d JJ |
172 | return new; |
173 | } | |
174 | ||
175 | /** | |
2d679f3c | 176 | * aa_compute_fperms - convert dfa compressed perms to internal perms |
6380bd8d JJ |
177 | * @dfa: dfa to compute perms for (NOT NULL) |
178 | * @state: state in dfa | |
179 | * @cond: conditions to consider (NOT NULL) | |
180 | * | |
181 | * TODO: convert from dfa + state to permission entry, do computation conversion | |
182 | * at load time. | |
183 | * | |
184 | * Returns: computed permission set | |
185 | */ | |
2d679f3c JJ |
186 | struct aa_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state, |
187 | struct path_cond *cond) | |
6380bd8d | 188 | { |
2d679f3c | 189 | struct aa_perms perms; |
6380bd8d JJ |
190 | |
191 | /* FIXME: change over to new dfa format | |
192 | * currently file perms are encoded in the dfa, new format | |
193 | * splits the permissions from the dfa. This mapping can be | |
194 | * done at profile load | |
195 | */ | |
2d679f3c JJ |
196 | perms.deny = 0; |
197 | perms.kill = perms.stop = 0; | |
198 | perms.complain = perms.cond = 0; | |
199 | perms.hide = 0; | |
200 | perms.prompt = 0; | |
6380bd8d | 201 | |
2db81452 | 202 | if (uid_eq(current_fsuid(), cond->uid)) { |
6380bd8d JJ |
203 | perms.allow = map_old_perms(dfa_user_allow(dfa, state)); |
204 | perms.audit = map_old_perms(dfa_user_audit(dfa, state)); | |
205 | perms.quiet = map_old_perms(dfa_user_quiet(dfa, state)); | |
206 | perms.xindex = dfa_user_xindex(dfa, state); | |
207 | } else { | |
208 | perms.allow = map_old_perms(dfa_other_allow(dfa, state)); | |
209 | perms.audit = map_old_perms(dfa_other_audit(dfa, state)); | |
210 | perms.quiet = map_old_perms(dfa_other_quiet(dfa, state)); | |
211 | perms.xindex = dfa_other_xindex(dfa, state); | |
212 | } | |
e53cfe6c | 213 | perms.allow |= AA_MAY_GETATTR; |
6380bd8d JJ |
214 | |
215 | /* change_profile wasn't determined by ownership in old mapping */ | |
216 | if (ACCEPT_TABLE(dfa)[state] & 0x80000000) | |
217 | perms.allow |= AA_MAY_CHANGE_PROFILE; | |
0421ea91 JJ |
218 | if (ACCEPT_TABLE(dfa)[state] & 0x40000000) |
219 | perms.allow |= AA_MAY_ONEXEC; | |
6380bd8d JJ |
220 | |
221 | return perms; | |
222 | } | |
223 | ||
224 | /** | |
225 | * aa_str_perms - find permission that match @name | |
226 | * @dfa: to match against (MAYBE NULL) | |
227 | * @state: state to start matching in | |
228 | * @name: string to match against dfa (NOT NULL) | |
229 | * @cond: conditions to consider for permission set computation (NOT NULL) | |
230 | * @perms: Returns - the permissions found when matching @name | |
231 | * | |
232 | * Returns: the final state in @dfa when beginning @start and walking @name | |
233 | */ | |
234 | unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start, | |
235 | const char *name, struct path_cond *cond, | |
2d679f3c | 236 | struct aa_perms *perms) |
6380bd8d JJ |
237 | { |
238 | unsigned int state; | |
6380bd8d | 239 | state = aa_dfa_match(dfa, start, name); |
2d679f3c | 240 | *perms = aa_compute_fperms(dfa, state, cond); |
6380bd8d JJ |
241 | |
242 | return state; | |
243 | } | |
244 | ||
245 | /** | |
246 | * is_deleted - test if a file has been completely unlinked | |
247 | * @dentry: dentry of file to test for deletion (NOT NULL) | |
248 | * | |
249 | * Returns: %1 if deleted else %0 | |
250 | */ | |
251 | static inline bool is_deleted(struct dentry *dentry) | |
252 | { | |
c6f493d6 | 253 | if (d_unlinked(dentry) && d_backing_inode(dentry)->i_nlink == 0) |
6380bd8d JJ |
254 | return 1; |
255 | return 0; | |
256 | } | |
257 | ||
258 | /** | |
259 | * aa_path_perm - do permissions check & audit for @path | |
260 | * @op: operation being checked | |
261 | * @profile: profile being enforced (NOT NULL) | |
262 | * @path: path to check permissions of (NOT NULL) | |
263 | * @flags: any additional path flags beyond what the profile specifies | |
264 | * @request: requested permissions | |
265 | * @cond: conditional info for this request (NOT NULL) | |
266 | * | |
267 | * Returns: %0 else error if access denied or other error | |
268 | */ | |
47f6e5cc JJ |
269 | int aa_path_perm(const char *op, struct aa_profile *profile, |
270 | const struct path *path, int flags, u32 request, | |
271 | struct path_cond *cond) | |
6380bd8d JJ |
272 | { |
273 | char *buffer = NULL; | |
2d679f3c | 274 | struct aa_perms perms = {}; |
6380bd8d JJ |
275 | const char *name, *info = NULL; |
276 | int error; | |
277 | ||
278 | flags |= profile->path_flags | (S_ISDIR(cond->mode) ? PATH_IS_DIR : 0); | |
4227c333 JJ |
279 | get_buffers(buffer); |
280 | error = aa_path_name(path, flags, buffer, &name, &info, | |
72c8a768 | 281 | profile->disconnected); |
6380bd8d JJ |
282 | if (error) { |
283 | if (error == -ENOENT && is_deleted(path->dentry)) { | |
284 | /* Access to open files that are deleted are | |
285 | * give a pass (implicit delegation) | |
286 | */ | |
287 | error = 0; | |
57fa1e18 | 288 | info = NULL; |
6380bd8d | 289 | perms.allow = request; |
57fa1e18 | 290 | } |
6380bd8d JJ |
291 | } else { |
292 | aa_str_perms(profile->file.dfa, profile->file.start, name, cond, | |
293 | &perms); | |
294 | if (request & ~perms.allow) | |
295 | error = -EACCES; | |
296 | } | |
ef88a7ac JJ |
297 | error = aa_audit_file(profile, &perms, op, request, name, NULL, |
298 | cond->uid, info, error); | |
4227c333 | 299 | put_buffers(buffer); |
6380bd8d JJ |
300 | |
301 | return error; | |
302 | } | |
303 | ||
304 | /** | |
305 | * xindex_is_subset - helper for aa_path_link | |
306 | * @link: link permission set | |
307 | * @target: target permission set | |
308 | * | |
309 | * test target x permissions are equal OR a subset of link x permissions | |
310 | * this is done as part of the subset test, where a hardlink must have | |
311 | * a subset of permissions that the target has. | |
312 | * | |
313 | * Returns: %1 if subset else %0 | |
314 | */ | |
315 | static inline bool xindex_is_subset(u32 link, u32 target) | |
316 | { | |
317 | if (((link & ~AA_X_UNSAFE) != (target & ~AA_X_UNSAFE)) || | |
318 | ((link & AA_X_UNSAFE) && !(target & AA_X_UNSAFE))) | |
319 | return 0; | |
320 | ||
321 | return 1; | |
322 | } | |
323 | ||
324 | /** | |
325 | * aa_path_link - Handle hard link permission check | |
326 | * @profile: the profile being enforced (NOT NULL) | |
327 | * @old_dentry: the target dentry (NOT NULL) | |
328 | * @new_dir: directory the new link will be created in (NOT NULL) | |
329 | * @new_dentry: the link being created (NOT NULL) | |
330 | * | |
331 | * Handle the permission test for a link & target pair. Permission | |
332 | * is encoded as a pair where the link permission is determined | |
333 | * first, and if allowed, the target is tested. The target test | |
334 | * is done from the point of the link match (not start of DFA) | |
335 | * making the target permission dependent on the link permission match. | |
336 | * | |
337 | * The subset test if required forces that permissions granted | |
338 | * on link are a subset of the permission granted to target. | |
339 | * | |
340 | * Returns: %0 if allowed else error | |
341 | */ | |
342 | int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, | |
3539aaf6 | 343 | const struct path *new_dir, struct dentry *new_dentry) |
6380bd8d | 344 | { |
8486adf0 KC |
345 | struct path link = { .mnt = new_dir->mnt, .dentry = new_dentry }; |
346 | struct path target = { .mnt = new_dir->mnt, .dentry = old_dentry }; | |
6380bd8d | 347 | struct path_cond cond = { |
c6f493d6 DH |
348 | d_backing_inode(old_dentry)->i_uid, |
349 | d_backing_inode(old_dentry)->i_mode | |
6380bd8d JJ |
350 | }; |
351 | char *buffer = NULL, *buffer2 = NULL; | |
352 | const char *lname, *tname = NULL, *info = NULL; | |
2d679f3c | 353 | struct aa_perms lperms, perms; |
6380bd8d JJ |
354 | u32 request = AA_MAY_LINK; |
355 | unsigned int state; | |
356 | int error; | |
357 | ||
4227c333 | 358 | get_buffers(buffer, buffer2); |
6380bd8d JJ |
359 | lperms = nullperms; |
360 | ||
361 | /* buffer freed below, lname is pointer in buffer */ | |
4227c333 | 362 | error = aa_path_name(&link, profile->path_flags, buffer, &lname, |
72c8a768 | 363 | &info, profile->disconnected); |
6380bd8d JJ |
364 | if (error) |
365 | goto audit; | |
366 | ||
367 | /* buffer2 freed below, tname is pointer in buffer2 */ | |
4227c333 | 368 | error = aa_path_name(&target, profile->path_flags, buffer2, &tname, |
72c8a768 | 369 | &info, profile->disconnected); |
6380bd8d JJ |
370 | if (error) |
371 | goto audit; | |
372 | ||
373 | error = -EACCES; | |
374 | /* aa_str_perms - handles the case of the dfa being NULL */ | |
375 | state = aa_str_perms(profile->file.dfa, profile->file.start, lname, | |
376 | &cond, &lperms); | |
377 | ||
378 | if (!(lperms.allow & AA_MAY_LINK)) | |
379 | goto audit; | |
380 | ||
381 | /* test to see if target can be paired with link */ | |
382 | state = aa_dfa_null_transition(profile->file.dfa, state); | |
383 | aa_str_perms(profile->file.dfa, state, tname, &cond, &perms); | |
384 | ||
385 | /* force audit/quiet masks for link are stored in the second entry | |
386 | * in the link pair. | |
387 | */ | |
388 | lperms.audit = perms.audit; | |
389 | lperms.quiet = perms.quiet; | |
390 | lperms.kill = perms.kill; | |
391 | ||
392 | if (!(perms.allow & AA_MAY_LINK)) { | |
393 | info = "target restricted"; | |
394 | goto audit; | |
395 | } | |
396 | ||
397 | /* done if link subset test is not required */ | |
398 | if (!(perms.allow & AA_LINK_SUBSET)) | |
399 | goto done_tests; | |
400 | ||
401 | /* Do link perm subset test requiring allowed permission on link are a | |
402 | * subset of the allowed permissions on target. | |
403 | */ | |
404 | aa_str_perms(profile->file.dfa, profile->file.start, tname, &cond, | |
405 | &perms); | |
406 | ||
407 | /* AA_MAY_LINK is not considered in the subset test */ | |
408 | request = lperms.allow & ~AA_MAY_LINK; | |
409 | lperms.allow &= perms.allow | AA_MAY_LINK; | |
410 | ||
411 | request |= AA_AUDIT_FILE_MASK & (lperms.allow & ~perms.allow); | |
412 | if (request & ~lperms.allow) { | |
413 | goto audit; | |
414 | } else if ((lperms.allow & MAY_EXEC) && | |
415 | !xindex_is_subset(lperms.xindex, perms.xindex)) { | |
416 | lperms.allow &= ~MAY_EXEC; | |
417 | request |= MAY_EXEC; | |
418 | info = "link not subset of target"; | |
419 | goto audit; | |
420 | } | |
421 | ||
422 | done_tests: | |
423 | error = 0; | |
424 | ||
425 | audit: | |
ef88a7ac | 426 | error = aa_audit_file(profile, &lperms, OP_LINK, request, |
6380bd8d | 427 | lname, tname, cond.uid, info, error); |
4227c333 | 428 | put_buffers(buffer, buffer2); |
6380bd8d JJ |
429 | |
430 | return error; | |
431 | } | |
432 | ||
433 | /** | |
434 | * aa_file_perm - do permission revalidation check & audit for @file | |
435 | * @op: operation being checked | |
436 | * @profile: profile being enforced (NOT NULL) | |
437 | * @file: file to revalidate access permissions on (NOT NULL) | |
438 | * @request: requested permissions | |
439 | * | |
440 | * Returns: %0 if access allowed else error | |
441 | */ | |
47f6e5cc | 442 | int aa_file_perm(const char *op, struct aa_profile *profile, struct file *file, |
6380bd8d JJ |
443 | u32 request) |
444 | { | |
445 | struct path_cond cond = { | |
496ad9aa AV |
446 | .uid = file_inode(file)->i_uid, |
447 | .mode = file_inode(file)->i_mode | |
6380bd8d JJ |
448 | }; |
449 | ||
450 | return aa_path_perm(op, profile, &file->f_path, PATH_DELEGATE_DELETED, | |
451 | request, &cond); | |
452 | } | |
192ca6b5 | 453 | |
637f688d | 454 | static void revalidate_tty(struct aa_label *label) |
192ca6b5 JJ |
455 | { |
456 | struct tty_struct *tty; | |
457 | int drop_tty = 0; | |
458 | ||
459 | tty = get_current_tty(); | |
460 | if (!tty) | |
461 | return; | |
462 | ||
463 | spin_lock(&tty->files_lock); | |
464 | if (!list_empty(&tty->tty_files)) { | |
465 | struct tty_file_private *file_priv; | |
466 | struct file *file; | |
467 | /* TODO: Revalidate access to controlling tty. */ | |
468 | file_priv = list_first_entry(&tty->tty_files, | |
469 | struct tty_file_private, list); | |
470 | file = file_priv->file; | |
471 | ||
637f688d | 472 | if (aa_file_perm(OP_INHERIT, labels_profile(label), file, |
192ca6b5 JJ |
473 | MAY_READ | MAY_WRITE)) |
474 | drop_tty = 1; | |
475 | } | |
476 | spin_unlock(&tty->files_lock); | |
477 | tty_kref_put(tty); | |
478 | ||
479 | if (drop_tty) | |
480 | no_tty(); | |
481 | } | |
482 | ||
483 | static int match_file(const void *p, struct file *file, unsigned int fd) | |
484 | { | |
637f688d | 485 | struct aa_label *label = (struct aa_label *)p; |
192ca6b5 | 486 | |
637f688d | 487 | if (aa_file_perm(OP_INHERIT, labels_profile(label), file, |
192ca6b5 JJ |
488 | aa_map_file_to_perms(file))) |
489 | return fd + 1; | |
490 | return 0; | |
491 | } | |
492 | ||
493 | ||
494 | /* based on selinux's flush_unauthorized_files */ | |
495 | void aa_inherit_files(const struct cred *cred, struct files_struct *files) | |
496 | { | |
637f688d | 497 | struct aa_label *label = aa_get_newest_cred_label(cred); |
192ca6b5 JJ |
498 | struct file *devnull = NULL; |
499 | unsigned int n; | |
500 | ||
637f688d | 501 | revalidate_tty(label); |
192ca6b5 JJ |
502 | |
503 | /* Revalidate access to inherited open files. */ | |
637f688d | 504 | n = iterate_fd(files, 0, match_file, label); |
192ca6b5 JJ |
505 | if (!n) /* none found? */ |
506 | goto out; | |
507 | ||
508 | devnull = dentry_open(&aa_null, O_RDWR, cred); | |
509 | if (IS_ERR(devnull)) | |
510 | devnull = NULL; | |
511 | /* replace all the matching ones with this */ | |
512 | do { | |
513 | replace_fd(n - 1, devnull, 0); | |
637f688d | 514 | } while ((n = iterate_fd(files, n, match_file, label)) != 0); |
192ca6b5 JJ |
515 | if (devnull) |
516 | fput(devnull); | |
517 | out: | |
637f688d | 518 | aa_put_label(label); |
192ca6b5 | 519 | } |