summaryrefslogtreecommitdiff
path: root/security/apparmor/net.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/apparmor/net.c')
-rw-r--r--security/apparmor/net.c28
1 files changed, 16 insertions, 12 deletions
diff --git a/security/apparmor/net.c b/security/apparmor/net.c
index 7efe4d17273d..788be1609a86 100644
--- a/security/apparmor/net.c
+++ b/security/apparmor/net.c
@@ -108,8 +108,10 @@ void audit_net_cb(struct audit_buffer *ab, void *va)
int aa_profile_af_perm(struct aa_profile *profile, struct common_audit_data *sa,
u32 request, u16 family, int type)
{
+ struct aa_ruleset *rules = list_first_entry(&profile->rules,
+ typeof(*rules), list);
struct aa_perms perms = { };
- unsigned int state;
+ aa_state_t state;
__be16 buffer[2];
AA_BUG(family >= AF_MAX);
@@ -117,15 +119,15 @@ int aa_profile_af_perm(struct aa_profile *profile, struct common_audit_data *sa,
if (profile_unconfined(profile))
return 0;
- state = PROFILE_MEDIATES(profile, AA_CLASS_NET);
+ state = RULE_MEDIATES(rules, AA_CLASS_NET);
if (!state)
return 0;
buffer[0] = cpu_to_be16(family);
buffer[1] = cpu_to_be16((u16) type);
- state = aa_dfa_match_len(profile->policy.dfa, state, (char *) &buffer,
+ state = aa_dfa_match_len(rules->policy.dfa, state, (char *) &buffer,
4);
- aa_compute_perms(profile->policy.dfa, state, &perms);
+ perms = *aa_lookup_perms(&rules->policy, state);
aa_apply_modes_to_perms(profile, &perms);
return aa_check_perms(profile, &perms, request, sa, audit_net_cb);
@@ -216,25 +218,27 @@ static int aa_secmark_perm(struct aa_profile *profile, u32 request, u32 secid,
{
int i, ret;
struct aa_perms perms = { };
+ struct aa_ruleset *rules = list_first_entry(&profile->rules,
+ typeof(*rules), list);
- if (profile->secmark_count == 0)
+ if (rules->secmark_count == 0)
return 0;
- for (i = 0; i < profile->secmark_count; i++) {
- if (!profile->secmark[i].secid) {
- ret = apparmor_secmark_init(&profile->secmark[i]);
+ for (i = 0; i < rules->secmark_count; i++) {
+ if (!rules->secmark[i].secid) {
+ ret = apparmor_secmark_init(&rules->secmark[i]);
if (ret)
return ret;
}
- if (profile->secmark[i].secid == secid ||
- profile->secmark[i].secid == AA_SECID_WILDCARD) {
- if (profile->secmark[i].deny)
+ if (rules->secmark[i].secid == secid ||
+ rules->secmark[i].secid == AA_SECID_WILDCARD) {
+ if (rules->secmark[i].deny)
perms.deny = ALL_PERMS_MASK;
else
perms.allow = ALL_PERMS_MASK;
- if (profile->secmark[i].audit)
+ if (rules->secmark[i].audit)
perms.audit = ALL_PERMS_MASK;
}
}