apparmor: refcount the pdb

With the move to permission tables the dfa is no longer a stand alone entity when used, needing a minimum of a permission table. However it still could be shared among different pdbs each using a different permission table. Instead of duping the permission table when sharing a pdb, add a refcount to the pdb so it can be easily shared. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2023-04-28 05:32:52 -0700
committer: John Johansen <john.johansen@canonical.com> 2023-10-18 15:30:47 -0700
commit: 98b824ff8984fd523fc264fbb13208098ab09da3 (patch)
tree: 35f60b9788d10a556442d1ad5c5bfe4c4a26252d /security/apparmor/ipc.c
parent: 75c77e9e0713fddbe99a21a036aa6482402f9e34 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/security/apparmor/ipc.c b/security/apparmor/ipc.c
index c0d0dbd7b4c4..0cdf4340b02d 100644
--- a/security/apparmor/ipc.c
+++ b/security/apparmor/ipc.c
@@ -92,8 +92,8 @@ static int profile_signal_perm(const struct cred *cred,
 	ad->subj_cred = cred;
 	ad->peer = peer;
 	/* TODO: secondary cache check <profile, profile, perm> */
-	state = aa_dfa_next(rules->policy.dfa,
-			    rules->policy.start[AA_CLASS_SIGNAL],
+	state = aa_dfa_next(rules->policy->dfa,
+			    rules->policy->start[AA_CLASS_SIGNAL],
 			    ad->signal);
 	aa_label_match(profile, rules, peer, state, false, request, &perms);
 	aa_apply_modes_to_perms(profile, &perms);
author	John Johansen <john.johansen@canonical.com>	2023-04-28 05:32:52 -0700
committer	John Johansen <john.johansen@canonical.com>	2023-10-18 15:30:47 -0700
commit	98b824ff8984fd523fc264fbb13208098ab09da3 (patch)
tree	35f60b9788d10a556442d1ad5c5bfe4c4a26252d /security/apparmor/ipc.c
parent	75c77e9e0713fddbe99a21a036aa6482402f9e34 (diff)