diff options
| author | James Morris <james.l.morris@oracle.com> | 2013-05-12 15:28:38 +0400 |
|---|---|---|
| committer | James Morris <james.l.morris@oracle.com> | 2013-05-12 15:28:38 +0400 |
| commit | bd71164abc141ea696014e3e23c561b0d7f1b434 (patch) | |
| tree | 3b9c64698800566197bf4ecec604ba8bb1228bd3 /security/apparmor/include/match.h | |
| parent | f722406faae2d073cc1d01063d1123c35425939e (diff) | |
| parent | 2654bfbc2bd0e1e64f0b257c21da23f6cec32c6c (diff) | |
| download | linux-bd71164abc141ea696014e3e23c561b0d7f1b434.tar.xz | |
Merge tag 'aa-3.10' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor into ra-next
Diffstat (limited to 'security/apparmor/include/match.h')
| -rw-r--r-- | security/apparmor/include/match.h | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/security/apparmor/include/match.h b/security/apparmor/include/match.h index 775843e7f984..001c43aa0406 100644 --- a/security/apparmor/include/match.h +++ b/security/apparmor/include/match.h @@ -4,7 +4,7 @@ * This file contains AppArmor policy dfa matching engine definitions. * * Copyright (C) 1998-2008 Novell/SUSE - * Copyright 2009-2010 Canonical Ltd. + * Copyright 2009-2012 Canonical Ltd. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as @@ -16,25 +16,30 @@ #define __AA_MATCH_H #include <linux/kref.h> -#include <linux/workqueue.h> #define DFA_NOMATCH 0 #define DFA_START 1 -#define DFA_VALID_PERM_MASK 0xffffffff -#define DFA_VALID_PERM2_MASK 0xffffffff /** * The format used for transition tables is based on the GNU flex table * file format (--tables-file option; see Table File Format in the flex * info pages and the flex sources for documentation). The magic number * used in the header is 0x1B5E783D instead of 0xF13C57B1 though, because - * the YY_ID_CHK (check) and YY_ID_DEF (default) tables are used - * slightly differently (see the apparmor-parser package). + * new tables have been defined and others YY_ID_CHK (check) and YY_ID_DEF + * (default) tables are used slightly differently (see the apparmor-parser + * package). + * + * + * The data in the packed dfa is stored in network byte order, and the tables + * are arranged for flexibility. We convert the table data to host native + * byte order. + * + * The dfa begins with a table set header, and is followed by the actual + * tables. */ #define YYTH_MAGIC 0x1B5E783D -#define YYTH_DEF_RECURSE 0x1 /* DEF Table is recursive */ struct table_set_header { u32 th_magic; /* YYTH_MAGIC */ @@ -63,7 +68,7 @@ struct table_set_header { #define YYTD_DATA32 4 #define YYTD_DATA64 8 -/* Each ACCEPT2 table gets 6 dedicated flags, YYTD_DATAX define the +/* ACCEPT & ACCEPT2 tables gets 6 dedicated flags, YYTD_DATAX define the * first flags */ #define ACCEPT1_FLAGS(X) ((X) & 0x3f) |