apparmor: rework profile->rules to be a list

Convert profile->rules to a list as the next step towards supporting multiple rulesets in a profile. For this step only support a single list entry item. The logic for iterating the list will come as a separate step. Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2022-09-05 20:47:36 -0700
committer: John Johansen <john.johansen@canonical.com> 2022-10-03 14:49:04 -0700
commit: 1ad22fcc4d0d2fb2e0f35aed555a86d016d5e590 (patch)
tree: 5cf7b9f785d46441d3c184a3097659eb7c2574ac /security/apparmor/lib.c
parent: 217af7e2f4deb629aaa49622685ccfee923898ca (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index ec73e51ca7e3..a630c951bb3b 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -351,14 +351,16 @@ int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
 			  u32 request, int type, u32 *deny,
 			  struct common_audit_data *sa)
 {
+	struct aa_ruleset *rules = list_first_entry(&profile->rules,
+						    typeof(*rules), list);
 	struct aa_perms perms;
 
 	aad(sa)->label = &profile->label;
 	aad(sa)->peer = &target->label;
 	aad(sa)->request = request;
 
-	aa_profile_match_label(profile, &profile->rules, &target->label, type,
-			       request, &perms);
+	aa_profile_match_label(profile, rules, &target->label, type, request,
+			       &perms);
 	aa_apply_modes_to_perms(profile, &perms);
 	*deny |= request & perms.deny;
 	return aa_check_perms(profile, &perms, request, sa, aa_audit_perms_cb);
author	John Johansen <john.johansen@canonical.com>	2022-09-05 20:47:36 -0700
committer	John Johansen <john.johansen@canonical.com>	2022-10-03 14:49:04 -0700
commit	1ad22fcc4d0d2fb2e0f35aed555a86d016d5e590 (patch)
tree	5cf7b9f785d46441d3c184a3097659eb7c2574ac /security/apparmor/lib.c
parent	217af7e2f4deb629aaa49622685ccfee923898ca (diff)