iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

apparmor: convert policy lookup to use accept as an index

Browse Source 
Remap polidydb dfa accept table from embedded perms to an index, and
then move the perm lookup to use the accept entry as an index into the
perm table. This is done so that the perm table can be separated from
the dfa, allowing dfa accept to index to share expanded permission
sets.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2022-07-16 01:53:46 -07:00
parent bf690f59d0
commit e844fe9b51
7 changed files with 33 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
security/apparmor/apparmorfs.c
View File

@ -634,7 +634,7 @@ static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms,
state = aa_dfa_match_len(dfa, profile->policy.start[0],
match_str, match_len);
if (state)
tmp = *aa_lookup_perms(profile->policy.perms, state);
tmp = *aa_lookup_perms(&profile->policy, state);
}
aa_apply_modes_to_perms(profile, &tmp);
aa_perms_accum_raw(perms, &tmp);