diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index 052e26fda2e6cba92d394fd1834f05e1f1a0207b..074e4589909d17afc96e4b5f09d866ab53e55e61 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -68,7 +68,16 @@ extern int restrict_link_by_key_or_keyring_chain(struct key *trust_keyring, extern int verify_signature(const struct key *key, const struct public_key_signature *sig); +#if IS_REACHABLE(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) int public_key_verify_signature(const struct public_key *pkey, const struct public_key_signature *sig); +#else +static inline +int public_key_verify_signature(const struct public_key *pkey, + const struct public_key_signature *sig) +{ + return -EINVAL; +} +#endif #endif /* _LINUX_PUBLIC_KEY_H */ diff --git a/kernel/audit.h b/kernel/audit.h index 99badd7ba56f188146030c27527dab72286151cb..400e2a0896e324ffaff09841a041bbaaab8e3cdd 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -338,7 +338,7 @@ extern void audit_filter_inodes(struct task_struct *tsk, struct audit_context *c extern struct list_head *audit_killed_trees(void); #else #define audit_signal_info(s,t) AUDIT_DISABLED -#define audit_filter_inodes(t,c) AUDIT_DISABLED +#define audit_filter_inodes(t, c) do { } while (0) #endif extern void audit_ctl_lock(void); diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 3a4293c46ad5355324488ab33bf752d7e133ca9d..bc377284945ca7be051a7317c360d66ec51989a8 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -224,6 +224,7 @@ void aa_free_profile(struct aa_profile *profile) aa_put_ns(profile->ns); kzfree(profile->rename); + kzfree(profile->disconnected); aa_free_file_rules(&profile->file); aa_free_cap_rules(&profile->caps); aa_free_rlimit_rules(&profile->rlimits); diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 36bf9534acf07d1696c654c0a3d43a3300a936c2..6013972f9fa4ecaea1a22e5171fcf75525d8ef77 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -617,7 +617,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name) const char *info = "failed to unpack profile"; size_t ns_len; struct rhashtable_params params = { 0 }; - char *key = NULL; + char *key = NULL, *disconnected = NULL; struct aa_data *data; int i, error = -EPROTO; kernel_cap_t tmpcap; @@ -675,7 +675,8 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name) } /* disconnected attachment string is optional */ - (void) unpack_str(e, &profile->disconnected, "disconnected"); + (void) unpack_strdup(e, &disconnected, "disconnected"); + profile->disconnected = disconnected; /* per profile debug flags (complain, audit) */ if (!unpack_nameX(e, AA_STRUCT, "flags")) {