Commit b9590ad4 authored by John Johansen's avatar John Johansen

apparmor: remove POLICY_MEDIATES_SAFE

The unpack code now makes sure every profile has a dfa so the safe
version of POLICY_MEDIATES is no longer needed.
Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
parent 56974a6f
...@@ -619,7 +619,7 @@ static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms, ...@@ -619,7 +619,7 @@ static void profile_query_cb(struct aa_profile *profile, struct aa_perms *perms,
tmp = aa_compute_fperms(dfa, state, &cond); tmp = aa_compute_fperms(dfa, state, &cond);
} }
} else if (profile->policy.dfa) { } else if (profile->policy.dfa) {
if (!PROFILE_MEDIATES_SAFE(profile, *match_str)) if (!PROFILE_MEDIATES(profile, *match_str))
return; /* no change to current perms */ return; /* no change to current perms */
dfa = profile->policy.dfa; dfa = profile->policy.dfa;
state = aa_dfa_match_len(dfa, profile->policy.start[0], state = aa_dfa_match_len(dfa, profile->policy.start[0],
......
...@@ -214,17 +214,7 @@ static inline struct aa_profile *aa_get_newest_profile(struct aa_profile *p) ...@@ -214,17 +214,7 @@ static inline struct aa_profile *aa_get_newest_profile(struct aa_profile *p)
return labels_profile(aa_get_newest_label(&p->label)); return labels_profile(aa_get_newest_label(&p->label));
} }
#define PROFILE_MEDIATES(P, T) ((P)->policy.start[(T)]) #define PROFILE_MEDIATES(P, T) ((P)->policy.start[(unsigned char) (T)])
/* safe version of POLICY_MEDIATES for full range input */
static inline unsigned int PROFILE_MEDIATES_SAFE(struct aa_profile *profile,
unsigned char class)
{
if (profile->policy.dfa)
return aa_dfa_match_len(profile->policy.dfa,
profile->policy.start[0], &class, 1);
return 0;
}
static inline unsigned int PROFILE_MEDIATES_AF(struct aa_profile *profile, static inline unsigned int PROFILE_MEDIATES_AF(struct aa_profile *profile,
u16 AF) { u16 AF) {
unsigned int state = PROFILE_MEDIATES(profile, AA_CLASS_NET); unsigned int state = PROFILE_MEDIATES(profile, AA_CLASS_NET);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment