summaryrefslogtreecommitdiffstats
path: root/security/apparmor/lib.c
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2022-09-06 05:47:36 +0200
committerJohn Johansen <john.johansen@canonical.com>2022-10-03 23:49:04 +0200
commit1ad22fcc4d0d2fb2e0f35aed555a86d016d5e590 (patch)
tree5cf7b9f785d46441d3c184a3097659eb7c2574ac /security/apparmor/lib.c
parentapparmor: refactor profile rules and attachments (diff)
downloadlinux-1ad22fcc4d0d2fb2e0f35aed555a86d016d5e590.tar.xz
linux-1ad22fcc4d0d2fb2e0f35aed555a86d016d5e590.zip
apparmor: rework profile->rules to be a list
Convert profile->rules to a list as the next step towards supporting multiple rulesets in a profile. For this step only support a single list entry item. The logic for iterating the list will come as a separate step. Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/lib.c')
-rw-r--r--security/apparmor/lib.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index ec73e51ca7e3..a630c951bb3b 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -351,14 +351,16 @@ int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
u32 request, int type, u32 *deny,
struct common_audit_data *sa)
{
+ struct aa_ruleset *rules = list_first_entry(&profile->rules,
+ typeof(*rules), list);
struct aa_perms perms;
aad(sa)->label = &profile->label;
aad(sa)->peer = &target->label;
aad(sa)->request = request;
- aa_profile_match_label(profile, &profile->rules, &target->label, type,
- request, &perms);
+ aa_profile_match_label(profile, rules, &target->label, type, request,
+ &perms);
aa_apply_modes_to_perms(profile, &perms);
*deny |= request & perms.deny;
return aa_check_perms(profile, &perms, request, sa, aa_audit_perms_cb);