dfa = profile->file.dfa;
state = aa_dfa_match_len(dfa, profile->file.start,
match_str + 1, match_len - 1);
- aa_perms_clear(&tmp);
- if (state) {
- struct file_perms fperms = { };
- struct path_cond cond = { };
- fperms = aa_compute_fperms(dfa, state, &cond);
- tmp.allow = fperms.allow;
- tmp.audit = fperms.audit;
- tmp.quiet = fperms.quiet;
- tmp.kill = fperms.kill;
- }
} else if (profile->policy.dfa) {
if (!PROFILE_MEDIATES_SAFE(profile, *match_str))
continue; /* no change to current perms */
dfa = profile->policy.dfa;
state = aa_dfa_match_len(dfa, profile->policy.start[0],
match_str, match_len);
- if (state)
- aa_compute_perms(dfa, state, &tmp);
- else
- aa_perms_clear(&tmp);
}
+ if (state)
+ aa_compute_perms(dfa, state, &tmp);
+ else
+ aa_perms_clear(&tmp);
aa_apply_modes_to_perms(profile, &tmp);
aa_perms_accum_raw(&perms, &tmp);
}
}
/**
- * aa_compute_fperms - convert dfa compressed perms to internal perms
+ * compute_perms - convert dfa compressed perms to internal perms
* @dfa: dfa to compute perms for (NOT NULL)
* @state: state in dfa
* @cond: conditions to consider (NOT NULL)
*
* Returns: computed permission set
*/
-struct file_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state,
- struct path_cond *cond)
+static struct file_perms compute_perms(struct aa_dfa *dfa, unsigned int state,
+ struct path_cond *cond)
{
struct file_perms perms;
}
state = aa_dfa_match(dfa, start, name);
- *perms = aa_compute_fperms(dfa, state, cond);
+ *perms = compute_perms(dfa, state, cond);
return state;
}
/* TODO: add delegate table */
};
-struct file_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state,
- struct path_cond *cond);
unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start,
const char *name, struct path_cond *cond,
struct file_perms *perms);