diff options
| author |   John Johansen <john.johansen@canonical.com> | 2017-01-16 00:42:42 -0800 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2017-01-16 01:18:34 -0800 |
| commit | 11c236b89d7c26d58c55d5613a858600a4d2ab3a (patch) | |
| tree | 591f879c7a4491b17a03391343fc3c0a98bb7165 /security/apparmor/include/match.h | |
| parent | apparmor: allow policydb to be used as the file dfa (diff) | |
| download | linux-dev-11c236b89d7c26d58c55d5613a858600a4d2ab3a.tar.xz linux-dev-11c236b89d7c26d58c55d5613a858600a4d2ab3a.zip | |
apparmor: add a default null dfa
Instead of testing whether a given dfa exists in every code path, have
a default null dfa that is used when loaded policy doesn't provide a
dfa.
This will let us get rid of special casing and avoid dereference bugs
when special casing is missed.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/include/match.h')
| -rw-r--r-- | security/apparmor/include/match.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/security/apparmor/include/match.h b/security/apparmor/include/match.h index d751c8bf72cd..a85bb3b1836c 100644 --- a/security/apparmor/include/match.h +++ b/security/apparmor/include/match.h @@ -100,6 +100,8 @@ struct aa_dfa { struct table_header *tables[YYTD_ID_TSIZE]; }; +extern struct aa_dfa *nulldfa; + #define byte_to_byte(X) (X) #define UNPACK_ARRAY(TABLE, BLOB, LEN, TYPE, NTOHX) \ @@ -117,6 +119,9 @@ static inline size_t table_size(size_t len, size_t el_size) return ALIGN(sizeof(struct table_header) + len * el_size, 8); } +int aa_setup_dfa_engine(void); +void aa_teardown_dfa_engine(void); + struct aa_dfa *aa_dfa_unpack(void *blob, size_t size, int flags); unsigned int aa_dfa_match_len(struct aa_dfa *dfa, unsigned int start, const char *str, int len); |