apparmor: refcount the pdb

With the move to permission tables the dfa is no longer a stand alone entity when used, needing a minimum of a permission table. However it still could be shared among different pdbs each using a different permission table. Instead of duping the permission table when sharing a pdb, add a refcount to the pdb so it can be easily shared. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2023-04-28 15:32:52 +0300
committer: John Johansen <john.johansen@canonical.com> 2023-10-19 01:30:47 +0300
commit: 98b824ff8984fd523fc264fbb13208098ab09da3 (patch)
tree: 35f60b9788d10a556442d1ad5c5bfe4c4a26252d /security/apparmor/net.c
parent: 75c77e9e0713fddbe99a21a036aa6482402f9e34 (diff)
download: linux-98b824ff8984fd523fc264fbb13208098ab09da3.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/security/apparmor/net.c b/security/apparmor/net.c
index 704c171232ab..87e934b2b548 100644
--- a/security/apparmor/net.c
+++ b/security/apparmor/net.c
@@ -127,9 +127,9 @@ int aa_profile_af_perm(struct aa_profile *profile,
 
 	buffer[0] = cpu_to_be16(family);
 	buffer[1] = cpu_to_be16((u16) type);
-	state = aa_dfa_match_len(rules->policy.dfa, state, (char *) &buffer,
+	state = aa_dfa_match_len(rules->policy->dfa, state, (char *) &buffer,
 				 4);
-	perms = *aa_lookup_perms(&rules->policy, state);
+	perms = *aa_lookup_perms(rules->policy, state);
 	aa_apply_modes_to_perms(profile, &perms);
 
 	return aa_check_perms(profile, &perms, request, ad, audit_net_cb);
author	John Johansen <john.johansen@canonical.com>	2023-04-28 15:32:52 +0300
committer	John Johansen <john.johansen@canonical.com>	2023-10-19 01:30:47 +0300
commit	98b824ff8984fd523fc264fbb13208098ab09da3 (patch)
tree	35f60b9788d10a556442d1ad5c5bfe4c4a26252d /security/apparmor/net.c
parent	75c77e9e0713fddbe99a21a036aa6482402f9e34 (diff)
download	linux-98b824ff8984fd523fc264fbb13208098ab09da3.tar.xz