mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

parser: fix protocol error on older kernels caused by additional xtable

Browse Source 
Older kernels do not support an xtable grouped with the policy dfa.
The presence of a policy.dfa does not indicate whether we should create
an xtable with the policy dfa.

Instead the check should be if the kernel supports the extended
permstable32 format.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2024-08-08 01:44:05 -07:00
parent b72cae79cb
commit d0062b6d4a
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
parser/parser_interface.c
View File

@ -545,13 +545,13 @@ void sd_serialize_profile(std::ostringstream &buf, Profile *profile,
sd_write_struct(buf, "policydb"); sd_write_struct(buf, "policydb");
sd_serialize_dfa(buf, profile->policy.dfa, profile->policy.size, sd_serialize_dfa(buf, profile->policy.dfa, profile->policy.size,
profile->policy.perms_table); profile->policy.perms_table);
if (profile->policy.dfa) { if (kernel_supports_permstable32) {
// fprintf(stderr, "profile %s: policy xtable\n", profile->name); sd_serialize_xtable(buf, profile->exec_table,
// TODO: this is dummy exec make dependent on V1 profile->uses_prompt_rules &&
sd_serialize_xtable(buf, profile->exec_table, prompt_compat_mode == PROMPT_COMPAT_PERMSV1 ?
profile->uses_prompt_rules && prompt_compat_mode == PROMPT_COMPAT_PERMSV1 ? profile->policy.perms_table.size() : 0);
profile->policy.perms_table.size() : 0);
} }
sd_write_structend(buf); sd_write_structend(buf);
} }