mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 22:35:35 +00:00
Code Issues Releases Wiki Activity

parser: enable extended perms if supported by the kernel

Browse Source 
Currently use of extended perms are dependent on prompt rules being present
in policy. Switch to using extended perms if they are supported.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2024-05-14 05:02:19 -07:00
parent 2737cb2c2b
commit ee1a5e6e18
3 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
parser/parser_regex.c
View File

@@ -791,7 +791,7 @@ int process_profile_regex(Profile *prof)
prof->dfa.dfa = prof->dfa.rules->create_dfablob(&prof->dfa.size,
&xmatch_len, prof->dfa.perms_table,
parseopts, true,
prof->uses_prompt_rules && (prompt_compat_mode == PROMPT_COMPAT_PERMSV2),
kernel_supports_permstable32,
prof->uses_prompt_rules);
delete prof->dfa.rules;
prof->dfa.rules = NULL;
@@ -1174,7 +1174,7 @@ int process_profile_policydb(Profile *prof)
&xmatch_len,
prof->policy.perms_table,
parseopts, false,
prof->uses_prompt_rules && (prompt_compat_mode == PROMPT_COMPAT_PERMSV2),
kernel_supports_permstable32,
prof->uses_prompt_rules);
delete prof->policy.rules;