diff options
author | John Johansen <john.johansen@canonical.com> | 2023-04-28 15:32:52 +0300 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2023-10-19 01:30:47 +0300 |
commit | 98b824ff8984fd523fc264fbb13208098ab09da3 (patch) | |
tree | 35f60b9788d10a556442d1ad5c5bfe4c4a26252d /security/apparmor/net.c | |
parent | 75c77e9e0713fddbe99a21a036aa6482402f9e34 (diff) | |
download | linux-98b824ff8984fd523fc264fbb13208098ab09da3.tar.xz |
apparmor: refcount the pdb
With the move to permission tables the dfa is no longer a stand
alone entity when used, needing a minimum of a permission table.
However it still could be shared among different pdbs each using
a different permission table.
Instead of duping the permission table when sharing a pdb, add a
refcount to the pdb so it can be easily shared.
Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/net.c')
-rw-r--r-- | security/apparmor/net.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/security/apparmor/net.c b/security/apparmor/net.c index 704c171232ab..87e934b2b548 100644 --- a/security/apparmor/net.c +++ b/security/apparmor/net.c @@ -127,9 +127,9 @@ int aa_profile_af_perm(struct aa_profile *profile, buffer[0] = cpu_to_be16(family); buffer[1] = cpu_to_be16((u16) type); - state = aa_dfa_match_len(rules->policy.dfa, state, (char *) &buffer, + state = aa_dfa_match_len(rules->policy->dfa, state, (char *) &buffer, 4); - perms = *aa_lookup_perms(&rules->policy, state); + perms = *aa_lookup_perms(rules->policy, state); aa_apply_modes_to_perms(profile, &perms); return aa_check_perms(profile, &perms, request, ad, audit_net_cb); |