apparmor: add the ability for policy to specify a permission table

Currently permissions are encoded in the dfa accept entries that are then mapped to an internal permission structure. This limits the permissions that userspace can specify, so allow userspace to directly specify the permission table. Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2022-08-26 08:53:42 -0700
committer: John Johansen <john.johansen@canonical.com> 2022-10-03 14:49:03 -0700
commit: fd1b2b95a21177eaa9e26989637e477be4d93b2f (patch)
tree: 99fb028cb7d245e96c8664ad420e937ef86719e0 /security/apparmor/include/policy.h
parent: 371e50a0b19f9765bfb9e4f172e72f4e9a4625bc (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index 9fc5d7fa36e8..2c39bd389f87 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -81,7 +81,10 @@ enum profile_mode {
  */
 struct aa_policydb {
 	struct aa_dfa *dfa;
-	struct aa_perms *perms;
+	struct {
+		struct aa_perms *perms;
+		u32 size;
+	};
 	struct aa_str_table trans;
 	aa_state_t start[AA_CLASS_LAST + 1];
 };
author	John Johansen <john.johansen@canonical.com>	2022-08-26 08:53:42 -0700
committer	John Johansen <john.johansen@canonical.com>	2022-10-03 14:49:03 -0700
commit	fd1b2b95a21177eaa9e26989637e477be4d93b2f (patch)
tree	99fb028cb7d245e96c8664ad420e937ef86719e0 /security/apparmor/include/policy.h
parent	371e50a0b19f9765bfb9e4f172e72f4e9a4625bc (diff)