apparmor: add the ability for policy to specify a permission table
Currently permissions are encoded in the dfa accept entries that are then mapped to an internal permission structure. This limits the permissions that userspace can specify, so allow userspace to directly specify the permission table. Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
@@ -81,7 +81,10 @@ enum profile_mode {
|
||||
*/
|
||||
struct aa_policydb {
|
||||
struct aa_dfa *dfa;
|
||||
struct aa_perms *perms;
|
||||
struct {
|
||||
struct aa_perms *perms;
|
||||
u32 size;
|
||||
};
|
||||
struct aa_str_table trans;
|
||||
aa_state_t start[AA_CLASS_LAST + 1];
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user