diff options
| author | John Johansen <john.johansen@canonical.com> | 2022-01-17 13:43:49 -0800 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2022-10-03 14:49:03 -0700 |
| commit | 33fc95d8293cfca352ac875668857293e22d7d51 (patch) | |
| tree | 045b3ba1a1fb5d6e08845d650b19806c6f44f4d4 /security/apparmor/label.c | |
| parent | e844fe9b51c984472ea98be3b2d1201ba9ee3213 (diff) | |
apparmor: preparse for state being more than just an integer
Convert from an unsigned int to a state_t for state position. This is
a step in prepping for the state position carrying some additional
flags, and a limited form of backtracking to support variables.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/label.c')
| -rw-r--r-- | security/apparmor/label.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/security/apparmor/label.c b/security/apparmor/label.c index 30cb68641c0f..3a967003fa7c 100644 --- a/security/apparmor/label.c +++ b/security/apparmor/label.c @@ -1265,9 +1265,9 @@ static inline bool label_is_visible(struct aa_profile *profile, * If a subns profile is not to be matched should be prescreened with * visibility test. */ -static inline unsigned int match_component(struct aa_profile *profile, - struct aa_profile *tp, - unsigned int state) +static inline aa_state_t match_component(struct aa_profile *profile, + struct aa_profile *tp, + aa_state_t state) { const char *ns_name; @@ -1299,7 +1299,7 @@ static inline unsigned int match_component(struct aa_profile *profile, */ static int label_compound_match(struct aa_profile *profile, struct aa_label *label, - unsigned int state, bool subns, u32 request, + aa_state_t state, bool subns, u32 request, struct aa_perms *perms) { struct aa_profile *tp; @@ -1356,14 +1356,14 @@ fail: * check to be stacked. */ static int label_components_match(struct aa_profile *profile, - struct aa_label *label, unsigned int start, + struct aa_label *label, aa_state_t start, bool subns, u32 request, struct aa_perms *perms) { struct aa_profile *tp; struct label_it i; struct aa_perms tmp; - unsigned int state = 0; + aa_state_t state = 0; /* find first subcomponent to test */ label_for_each(i, label, tp) { @@ -1415,7 +1415,7 @@ fail: * Returns: the state the match finished in, may be the none matching state */ int aa_label_match(struct aa_profile *profile, struct aa_label *label, - unsigned int state, bool subns, u32 request, + aa_state_t state, bool subns, u32 request, struct aa_perms *perms) { int error = label_compound_match(profile, label, state, subns, request, |