Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6604d4c1 authored by John Johansen's avatar John Johansen
Browse files

apparmor: allow policydb to be used as the file dfa 



Newer policy will combine the file and policydb dfas, allowing for
better optimizations. However to support older policy we need to
keep the ability to address the "file" dfa separately. So dup
the policydb as if it is the file dfa and set the appropriate start
state.

Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
parent 293a4886

security/apparmor/policy_unpack.c

+8 −4
Original line number Original line Diff line number Diff line
@@ -611,11 +611,15 @@ static struct aa_profile *unpack_profile(struct aa_ext *e) 
		error = PTR_ERR(profile->file.dfa);

		error = PTR_ERR(profile->file.dfa);

		profile->file.dfa = NULL;

		profile->file.dfa = NULL;

		goto fail;

		goto fail;

	}

	} else if (profile->file.dfa) {



		if (!unpack_u32(e, &profile->file.start, "dfa_start"))

		if (!unpack_u32(e, &profile->file.start, "dfa_start"))

			/* default start state */

			/* default start state */

			profile->file.start = DFA_START;

			profile->file.start = DFA_START;

	} else if (profile->policy.dfa &&

		   profile->policy.start[AA_CLASS_FILE]) {

		profile->file.dfa = aa_get_dfa(profile->policy.dfa);

		profile->file.start = profile->policy.start[AA_CLASS_FILE];

	}





	if (!unpack_trans_table(e, profile))

	if (!unpack_trans_table(e, profile))

		goto fail;

		goto fail;