apparmor: convert xmatch lookup to use accept as an index

Remap xmatch dfa accept table from embedded perms to an index and then move xmatch lookup to use accept entry to index into the xmatch table. This is step towards unifying permission lookup and reducing the size of permissions tables. Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2020-11-14 10:36:09 +0300
committer: John Johansen <john.johansen@canonical.com> 2022-10-04 00:49:03 +0300
commit: 2d63dd43ae334ec6f5374d37bb06c4cc57621b3c (patch)
tree: bf5ae11e7fe1defc13ee08b121b80e2bba377bce /security/apparmor/policy_unpack.c
parent: 7572fea31e3e5c4c19154ccc064eb1f83dfe1333 (diff)
download: linux-2d63dd43ae334ec6f5374d37bb06c4cc57621b3c.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 4cf62c1be388..4cdc96988783 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -930,6 +930,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
 			info = "failed to convert xmatch permission table";
 			goto fail;
 		}
+		remap_dfa_accept(profile->xmatch.dfa, 1);
 	}
 
 	/* disconnected attachment string is optional */
author	John Johansen <john.johansen@canonical.com>	2020-11-14 10:36:09 +0300
committer	John Johansen <john.johansen@canonical.com>	2022-10-04 00:49:03 +0300
commit	2d63dd43ae334ec6f5374d37bb06c4cc57621b3c (patch)
tree	bf5ae11e7fe1defc13ee08b121b80e2bba377bce /security/apparmor/policy_unpack.c
parent	7572fea31e3e5c4c19154ccc064eb1f83dfe1333 (diff)
download	linux-2d63dd43ae334ec6f5374d37bb06c4cc57621b3c.tar.xz