apparmor: add the ability for policy to specify a permission table

Currently permissions are encoded in the dfa accept entries that are
then mapped to an internal permission structure. This limits the
permissions that userspace can specify, so allow userspace to directly
specify the permission table.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2022-08-26 08:53:42 -07:00
parent 371e50a0b1
commit fd1b2b95a2
2 changed files with 98 additions and 11 deletions
+4 -1
View File
@@ -81,7 +81,10 @@ enum profile_mode {
*/
struct aa_policydb {
struct aa_dfa *dfa;
struct aa_perms *perms;
struct {
struct aa_perms *perms;
u32 size;
};
struct aa_str_table trans;
aa_state_t start[AA_CLASS_LAST + 1];
};