apparmor: convert policy lookup to use accept as an index

Remap polidydb dfa accept table from embedded perms to an index, and then move the perm lookup to use the accept entry as an index into the perm table. This is done so that the perm table can be separated from the dfa, allowing dfa accept to index to share expanded permission sets. Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2022-07-16 11:53:46 +0300
committer: John Johansen <john.johansen@canonical.com> 2022-10-04 00:49:03 +0300
commit: e844fe9b51c984472ea98be3b2d1201ba9ee3213 (patch)
tree: 167bf6c3beeec74821dd3f2d54b77b3c37b3a361 /security/apparmor/include/policy.h
parent: bf690f59d0429c62de4db1234f16557eedcb39bf (diff)
download: linux-e844fe9b51c984472ea98be3b2d1201ba9ee3213.tar.xz
1 files changed, 12 insertions, 0 deletions
diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index 44d8cbb1c368..31c0af876250 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -90,6 +90,18 @@ static inline void aa_destroy_policydb(struct aa_policydb *policy)
 
 }
 
+static inline struct aa_perms *aa_lookup_perms(struct aa_policydb *policy,
+					       unsigned int state)
+{
+	unsigned int index = ACCEPT_TABLE(policy->dfa)[state];
+
+	if (!(policy->perms))
+		return &default_perms;
+
+	return &(policy->perms[index]);
+}
+
+
 /* struct aa_data - generic data structure
  * key: name for retrieving this data
  * size: size of data in bytes
author	John Johansen <john.johansen@canonical.com>	2022-07-16 11:53:46 +0300
committer	John Johansen <john.johansen@canonical.com>	2022-10-04 00:49:03 +0300
commit	e844fe9b51c984472ea98be3b2d1201ba9ee3213 (patch)
tree	167bf6c3beeec74821dd3f2d54b77b3c37b3a361 /security/apparmor/include/policy.h
parent	bf690f59d0429c62de4db1234f16557eedcb39bf (diff)
download	linux-e844fe9b51c984472ea98be3b2d1201ba9ee3213.tar.xz