diff options
Diffstat (limited to 'security/apparmor/match.c')
-rw-r--r-- | security/apparmor/match.c | 47 |
1 files changed, 37 insertions, 10 deletions
diff --git a/security/apparmor/match.c b/security/apparmor/match.c index 3f900fcca8fb..eb0efef746f5 100644 --- a/security/apparmor/match.c +++ b/security/apparmor/match.c @@ -20,11 +20,38 @@ #include <linux/err.h> #include <linux/kref.h> -#include "include/apparmor.h" +#include "include/lib.h" #include "include/match.h" #define base_idx(X) ((X) & 0xffffff) +static char nulldfa_src[] = { + #include "nulldfa.in" +}; +struct aa_dfa *nulldfa; + +int aa_setup_dfa_engine(void) +{ + int error; + + nulldfa = aa_dfa_unpack(nulldfa_src, sizeof(nulldfa_src), + TO_ACCEPT1_FLAG(YYTD_DATA32) | + TO_ACCEPT2_FLAG(YYTD_DATA32)); + if (!IS_ERR(nulldfa)) + return 0; + + error = PTR_ERR(nulldfa); + nulldfa = NULL; + + return error; +} + +void aa_teardown_dfa_engine(void) +{ + aa_put_dfa(nulldfa); + nulldfa = NULL; +} + /** * unpack_table - unpack a dfa table (one of accept, default, base, next check) * @blob: data to unpack (NOT NULL) @@ -46,11 +73,11 @@ static struct table_header *unpack_table(char *blob, size_t bsize) /* loaded td_id's start at 1, subtract 1 now to avoid doing * it every time we use td_id as an index */ - th.td_id = be16_to_cpu(*(u16 *) (blob)) - 1; + th.td_id = be16_to_cpu(*(__be16 *) (blob)) - 1; if (th.td_id > YYTD_ID_MAX) goto out; - th.td_flags = be16_to_cpu(*(u16 *) (blob + 2)); - th.td_lolen = be32_to_cpu(*(u32 *) (blob + 8)); + th.td_flags = be16_to_cpu(*(__be16 *) (blob + 2)); + th.td_lolen = be32_to_cpu(*(__be32 *) (blob + 8)); blob += sizeof(struct table_header); if (!(th.td_flags == YYTD_DATA16 || th.td_flags == YYTD_DATA32 || @@ -68,13 +95,13 @@ static struct table_header *unpack_table(char *blob, size_t bsize) table->td_lolen = th.td_lolen; if (th.td_flags == YYTD_DATA8) UNPACK_ARRAY(table->td_data, blob, th.td_lolen, - u8, byte_to_byte); + u8, u8, byte_to_byte); else if (th.td_flags == YYTD_DATA16) UNPACK_ARRAY(table->td_data, blob, th.td_lolen, - u16, be16_to_cpu); + u16, __be16, be16_to_cpu); else if (th.td_flags == YYTD_DATA32) UNPACK_ARRAY(table->td_data, blob, th.td_lolen, - u32, be32_to_cpu); + u32, __be32, be32_to_cpu); else goto fail; /* if table was vmalloced make sure the page tables are synced @@ -222,14 +249,14 @@ struct aa_dfa *aa_dfa_unpack(void *blob, size_t size, int flags) if (size < sizeof(struct table_set_header)) goto fail; - if (ntohl(*(u32 *) data) != YYTH_MAGIC) + if (ntohl(*(__be32 *) data) != YYTH_MAGIC) goto fail; - hsize = ntohl(*(u32 *) (data + 4)); + hsize = ntohl(*(__be32 *) (data + 4)); if (size < hsize) goto fail; - dfa->flags = ntohs(*(u16 *) (data + 12)); + dfa->flags = ntohs(*(__be16 *) (data + 12)); data += hsize; size -= hsize; |