apparmor: root view labels should not be under user control

The root view of the label parse should not be exposed to user
control.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>

diff --git a/security/apparmor/label.c b/security/apparmor/label.c
index 4721338ad551210f35eb70cc915e85fb1dbe12fe..69c7451beceff634ce8d8f6c40aba62e1f530c9f 100644 (file)
--- a/security/apparmor/label.c
+++ b/security/apparmor/label.c
@@ -1871,8 +1871,9 @@ struct aa_label *aa_label_strn_parse(struct aa_label *base, const char *str,
        AA_BUG(!str);
 
        str = skipn_spaces(str, n);
-       if (str == NULL)
+       if (str == NULL || (*str == '=' && base != &root_ns->unconfined->label))
                return ERR_PTR(-EINVAL);
+
        len = label_count_strn_entries(str, end - str);
        if (*str == '&' || force_stack) {
                /* stack on top of base */
@@ -1881,8 +1882,6 @@ struct aa_label *aa_label_strn_parse(struct aa_label *base, const char *str,
                if (*str == '&')
                        str++;
        }
-       if (*str == '=')
-               base = &root_ns->unconfined->label;
 
        error = vec_setup(profile, vec, len, gfp);
        if (error)