apparmor: make sure perm indexes are accumulated

accumulate permission indexes on a first encountered basis. This favors original rulesets so that new ones can not override without profile replacement. Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2022-09-05 23:53:29 -0700
committer: John Johansen <john.johansen@canonical.com> 2022-10-03 14:49:04 -0700
commit: 0bece4fa97a2bd397da66d4fced78f76eb214a3e (patch)
tree: 7a5e0d42965a373f3e7e5e058e94d99d079e00f0 /security/apparmor/include/perms.h
parent: 670f31774ab6bf8e2d756f27444b035b9be8a0c9 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/security/apparmor/include/perms.h b/security/apparmor/include/perms.h
index d66059fcebb4..0de8c3fb090d 100644
--- a/security/apparmor/include/perms.h
+++ b/security/apparmor/include/perms.h
@@ -78,11 +78,20 @@ struct aa_perms {
 	u32 quiet;	/* set only when ~allow | deny */
 	u32 hide;	/* set only when  ~allow | deny */
 
+
 	u32 xindex;
 	u32 tag;	/* tag string index, if present */
 	u32 label;	/* label string index, if present */
 };
 
+/*
+ * Indexes are broken into a 24 bit index and 8 bit flag.
+ * For the index to be valid there must be a value in the flag
+ */
+#define AA_INDEX_MASK			0x00ffffff
+#define AA_INDEX_FLAG_MASK		0xff000000
+#define AA_INDEX_NONE			0
+
 #define ALL_PERMS_MASK 0xffffffff
 extern struct aa_perms nullperms;
 extern struct aa_perms allperms;
author	John Johansen <john.johansen@canonical.com>	2022-09-05 23:53:29 -0700
committer	John Johansen <john.johansen@canonical.com>	2022-10-03 14:49:04 -0700
commit	0bece4fa97a2bd397da66d4fced78f76eb214a3e (patch)
tree	7a5e0d42965a373f3e7e5e058e94d99d079e00f0 /security/apparmor/include/perms.h
parent	670f31774ab6bf8e2d756f27444b035b9be8a0c9 (diff)