From fd1b2b95a21177eaa9e26989637e477be4d93b2f Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Fri, 26 Aug 2022 08:53:42 -0700
Subject: apparmor: add the ability for policy to specify a permission table

Currently permissions are encoded in the dfa accept entries that are
then mapped to an internal permission structure. This limits the
permissions that userspace can specify, so allow userspace to directly
specify the permission table.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/include/policy.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'security/apparmor/include')

diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index 9fc5d7fa36e8..2c39bd389f87 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -81,7 +81,10 @@ enum profile_mode {
  */
 struct aa_policydb {
 	struct aa_dfa *dfa;
-	struct aa_perms *perms;
+	struct {
+		struct aa_perms *perms;
+		u32 size;
+	};
 	struct aa_str_table trans;
 	aa_state_t start[AA_CLASS_LAST + 1];
 };
-- 
cgit v1.2.3