From 475bdda1f00074783e18403f3f38a36dd3488430 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Fri, 8 Sep 2017 01:13:41 -0700
Subject: apparmor: root view labels should not be under user control

The root view of the label parse should not be exposed to user
control.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
---
 security/apparmor/label.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'security/apparmor/label.c')

diff --git a/security/apparmor/label.c b/security/apparmor/label.c
index 4721338ad551..69c7451becef 100644
--- a/security/apparmor/label.c
+++ b/security/apparmor/label.c
@@ -1871,8 +1871,9 @@ struct aa_label *aa_label_strn_parse(struct aa_label *base, const char *str,
 	AA_BUG(!str);
 
 	str = skipn_spaces(str, n);
-	if (str == NULL)
+	if (str == NULL || (*str == '=' && base != &root_ns->unconfined->label))
 		return ERR_PTR(-EINVAL);
+
 	len = label_count_strn_entries(str, end - str);
 	if (*str == '&' || force_stack) {
 		/* stack on top of base */
@@ -1881,8 +1882,6 @@ struct aa_label *aa_label_strn_parse(struct aa_label *base, const char *str,
 		if (*str == '&')
 			str++;
 	}
-	if (*str == '=')
-		base = &root_ns->unconfined->label;
 
 	error = vec_setup(profile, vec, len, gfp);
 	if (error)
-- 
cgit v1.2.3