mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 22:05:27 +00:00
Code Issues Releases Wiki Activity

parser: if extended perms are supported by the kernel build a permstable

Browse Source 
If extended permissions are supported use them. We need to build a
permission table and set the accept state of the chfa up as an index
into the table.

For now map the front end permission layout into the old format and
then convert that to the perms table just as the kernel does.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2020-06-18 05:49:20 -07:00
parent c86f8f06dd
commit e29f5ce5f3
16 changed files with 530 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
parser/parser_main.c
View File

@@ -1544,6 +1544,10 @@ static bool get_kernel_features(struct aa_features **features)
else if (aa_features_supports(*features, "policy/versions/v6"))
kernel_abi_version = 6;
kernel_supports_permstable32 = aa_features_supports(*features, "policy/permstable32");
if (kernel_supports_permstable32) {
//fprintf(stderr, "kernel supports prompt\n");
}
if (!kernel_supports_diff_encode)
/* clear diff_encode because it is not supported */
parseopts.control &= ~CONTROL_DFA_DIFF_ENCODE;