apparmor: add a default null dfa

Instead of testing whether a given dfa exists in every code path, have a default null dfa that is used when loaded policy doesn't provide a dfa. This will let us get rid of special casing and avoid dereference bugs when special casing is missed. Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2017-01-16 11:42:42 +0300
committer: John Johansen <john.johansen@canonical.com> 2017-01-16 12:18:34 +0300
commit: 11c236b89d7c26d58c55d5613a858600a4d2ab3a (patch)
tree: 591f879c7a4491b17a03391343fc3c0a98bb7165 /security/apparmor/include/match.h
parent: 6604d4c1c1a65d3d1a6a56291d96516d1e9b7041 (diff)
download: linux-11c236b89d7c26d58c55d5613a858600a4d2ab3a.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/security/apparmor/include/match.h b/security/apparmor/include/match.h
index d751c8bf72cd..a85bb3b1836c 100644
--- a/security/apparmor/include/match.h
+++ b/security/apparmor/include/match.h
@@ -100,6 +100,8 @@ struct aa_dfa {
 	struct table_header *tables[YYTD_ID_TSIZE];
 };
 
+extern struct aa_dfa *nulldfa;
+
 #define byte_to_byte(X) (X)
 
 #define UNPACK_ARRAY(TABLE, BLOB, LEN, TYPE, NTOHX) \
@@ -117,6 +119,9 @@ static inline size_t table_size(size_t len, size_t el_size)
 	return ALIGN(sizeof(struct table_header) + len * el_size, 8);
 }
 
+int aa_setup_dfa_engine(void);
+void aa_teardown_dfa_engine(void);
+
 struct aa_dfa *aa_dfa_unpack(void *blob, size_t size, int flags);
 unsigned int aa_dfa_match_len(struct aa_dfa *dfa, unsigned int start,
 			      const char *str, int len);
author	John Johansen <john.johansen@canonical.com>	2017-01-16 11:42:42 +0300
committer	John Johansen <john.johansen@canonical.com>	2017-01-16 12:18:34 +0300
commit	11c236b89d7c26d58c55d5613a858600a4d2ab3a (patch)
tree	591f879c7a4491b17a03391343fc3c0a98bb7165 /security/apparmor/include/match.h
parent	6604d4c1c1a65d3d1a6a56291d96516d1e9b7041 (diff)
download	linux-11c236b89d7c26d58c55d5613a858600a4d2ab3a.tar.xz