/* Check xattr value */
state = aa_dfa_match_len(profile->xmatch, state, value,
size);
- perm = profile->xmatch_perms[state];
+ perm = profile->xmatch_perms[state].allow;
if (!(perm & MAY_EXEC)) {
ret = -EINVAL;
goto out;
state = aa_dfa_leftmatch(profile->xmatch, DFA_START,
name, &count);
- perm = profile->xmatch_perms[state];
+ perm = profile->xmatch_perms[state].allow;
/* any accepting state means a valid match. */
if (perm & MAY_EXEC) {
int ret = 0;
return table;
}
-static u32 *compute_xmatch_perms(struct aa_dfa *xmatch)
+static struct aa_perms *compute_xmatch_perms(struct aa_dfa *xmatch)
{
- u32 *perms_table;
+ struct aa_perms *perms_table;
int state;
int state_count;
state_count = xmatch->tables[YYTD_ID_BASE]->td_lolen;
/* DFAs are restricted from having a state_count of less than 2 */
- perms_table = kvcalloc(state_count, sizeof(u32), GFP_KERNEL);
+ perms_table = kvcalloc(state_count, sizeof(struct aa_perms),
+ GFP_KERNEL);
/* zero init so skip the trap state (state == 0) */
for (state = 1; state < state_count; state++)
- perms_table[state] = dfa_user_allow(xmatch, state);
+ perms_table[state].allow = dfa_user_allow(xmatch, state);
return perms_table;
}
profile->xmatch_len = tmp;
profile->xmatch_perms = compute_xmatch_perms(profile->xmatch);
+ if (!profile->xmatch_perms) {
+ info = "failed to convert xmatch permission table";
+ goto fail;
+ }
}
/* disconnected attachment string is optional */