From e844fe9b51c984472ea98be3b2d1201ba9ee3213 Mon Sep 17 00:00:00 2001 From: John Johansen Date: Sat, 16 Jul 2022 01:53:46 -0700 Subject: apparmor: convert policy lookup to use accept as an index Remap polidydb dfa accept table from embedded perms to an index, and then move the perm lookup to use the accept entry as an index into the perm table. This is done so that the perm table can be separated from the dfa, allowing dfa accept to index to share expanded permission sets. Signed-off-by: John Johansen --- security/apparmor/label.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'security/apparmor/label.c') diff --git a/security/apparmor/label.c b/security/apparmor/label.c index ddb04417bdab..30cb68641c0f 100644 --- a/security/apparmor/label.c +++ b/security/apparmor/label.c @@ -1328,7 +1328,7 @@ next: if (!state) goto fail; } - *perms = *aa_lookup_perms(profile->policy.perms, state); + *perms = *aa_lookup_perms(&profile->policy, state); aa_apply_modes_to_perms(profile, perms); if ((perms->allow & request) != request) return -EACCES; @@ -1379,7 +1379,7 @@ static int label_components_match(struct aa_profile *profile, return 0; next: - tmp = *aa_lookup_perms(profile->policy.perms, state); + tmp = *aa_lookup_perms(&profile->policy, state); aa_apply_modes_to_perms(profile, &tmp); aa_perms_accum(perms, &tmp); label_for_each_cont(i, label, tp) { @@ -1388,7 +1388,7 @@ next: state = match_component(profile, tp, start); if (!state) goto fail; - tmp = *aa_lookup_perms(profile->policy.perms, state); + tmp = *aa_lookup_perms(&profile->policy, state); aa_apply_modes_to_perms(profile, &tmp); aa_perms_accum(perms, &tmp); } -- cgit v1.2.3