summaryrefslogtreecommitdiff
path: root/security/apparmor
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-05-29 11:45:29 -0700
committerJohn Johansen <john.johansen@canonical.com>2017-06-10 17:11:29 -0700
commitb5b2557c0aeca35b34c558fd09ad6da67b9f3557 (patch)
treee5b542bbc637558ffaade9c8cd9f537c7311653d /security/apparmor
parent1dea3b41e84c5923173fe654dcb758a5cb4a46e5 (diff)
apparmor: add fn to test if profile supports a given mediation class
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor')
-rw-r--r--security/apparmor/include/policy.h10
1 files changed, 10 insertions, 0 deletions
diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index 97bfbddef7b2..d93f475bfd8b 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -222,6 +222,16 @@ void __aa_profile_list_release(struct list_head *head);
#define unconfined(X) ((X)->mode == APPARMOR_UNCONFINED)
+#define PROFILE_MEDIATES(P, T) ((P)->policy.start[(T)])
+/* safe version of POLICY_MEDIATES for full range input */
+static inline unsigned int PROFILE_MEDIATES_SAFE(struct aa_profile *profile,
+ unsigned char class)
+{
+ if (profile->policy.dfa)
+ return aa_dfa_match_len(profile->policy.dfa,
+ profile->policy.start[0], &class, 1);
+ return 0;
+}
/**
* aa_get_profile - increment refcount on profile @p