apparmor: make sure perm indexes are accumulated

accumulate permission indexes on a first encountered basis. This favors original rulesets so that new ones can not override without profile replacement. Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2022-09-06 08:53:29 +0200
committer: John Johansen <john.johansen@canonical.com> 2022-10-03 23:49:04 +0200
commit: 0bece4fa97a2bd397da66d4fced78f76eb214a3e (patch)
tree: 7a5e0d42965a373f3e7e5e058e94d99d079e00f0 /security/apparmor/include/file.h
parent: apparmor: verify permission table indexes (diff)
download: linux-0bece4fa97a2bd397da66d4fced78f76eb214a3e.tar.xz
linux-0bece4fa97a2bd397da66d4fced78f76eb214a3e.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h
index 521c8568f6d4..1a1c0f0c5071 100644
--- a/security/apparmor/include/file.h
+++ b/security/apparmor/include/file.h
@@ -88,10 +88,10 @@ static inline struct aa_label *aa_get_file_label(struct aa_file_ctx *ctx)
  * - exec type - which determines how the executable name and index are used
  * - flags - which modify how the destination name is applied
  */
-#define AA_X_INDEX_MASK		0x00ffffff
+#define AA_X_INDEX_MASK		AA_INDEX_MASK
 
 #define AA_X_TYPE_MASK		0x0c000000
-#define AA_X_NONE		0x00000000
+#define AA_X_NONE		AA_INDEX_NONE
 #define AA_X_NAME		0x04000000 /* use executable name px */
 #define AA_X_TABLE		0x08000000 /* use a specified name ->n# */
author	John Johansen <john.johansen@canonical.com>	2022-09-06 08:53:29 +0200
committer	John Johansen <john.johansen@canonical.com>	2022-10-03 23:49:04 +0200
commit	0bece4fa97a2bd397da66d4fced78f76eb214a3e (patch)
tree	7a5e0d42965a373f3e7e5e058e94d99d079e00f0 /security/apparmor/include/file.h
parent	apparmor: verify permission table indexes (diff)
download	linux-0bece4fa97a2bd397da66d4fced78f76eb214a3e.tar.xz linux-0bece4fa97a2bd397da66d4fced78f76eb214a3e.zip