apparmor: refcount the pdb

With the move to permission tables the dfa is no longer a stand alone entity when used, needing a minimum of a permission table. However it still could be shared among different pdbs each using a different permission table. Instead of duping the permission table when sharing a pdb, add a refcount to the pdb so it can be easily shared. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2023-04-28 05:32:52 -0700
committer: John Johansen <john.johansen@canonical.com> 2023-10-18 15:30:47 -0700
commit: 98b824ff8984fd523fc264fbb13208098ab09da3 (patch)
tree: 35f60b9788d10a556442d1ad5c5bfe4c4a26252d /security/apparmor/lib.c
parent: 75c77e9e0713fddbe99a21a036aa6482402f9e34 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index c87bccafff44..4c198d273f09 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -341,8 +341,8 @@ void aa_profile_match_label(struct aa_profile *profile,
 	/* TODO: doesn't yet handle extended types */
 	aa_state_t state;
 
-	state = aa_dfa_next(rules->policy.dfa,
-			    rules->policy.start[AA_CLASS_LABEL],
+	state = aa_dfa_next(rules->policy->dfa,
+			    rules->policy->start[AA_CLASS_LABEL],
 			    type);
 	aa_label_match(profile, rules, label, state, false, request, perms);
 }
author	John Johansen <john.johansen@canonical.com>	2023-04-28 05:32:52 -0700
committer	John Johansen <john.johansen@canonical.com>	2023-10-18 15:30:47 -0700
commit	98b824ff8984fd523fc264fbb13208098ab09da3 (patch)
tree	35f60b9788d10a556442d1ad5c5bfe4c4a26252d /security/apparmor/lib.c
parent	75c77e9e0713fddbe99a21a036aa6482402f9e34 (diff)