apparmor: add a default null dfa

Instead of testing whether a given dfa exists in every code path, have a default null dfa that is used when loaded policy doesn't provide a dfa. This will let us get rid of special casing and avoid dereference bugs when special casing is missed. Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2017-01-16 00:42:42 -0800
committer: John Johansen <john.johansen@canonical.com> 2017-01-16 01:18:34 -0800
commit: 11c236b89d7c26d58c55d5613a858600a4d2ab3a (patch)
tree: 591f879c7a4491b17a03391343fc3c0a98bb7165 /security/apparmor/lsm.c
parent: 6604d4c1c1a65d3d1a6a56291d96516d1e9b7041 (diff)
download: linux-next-11c236b89d7c26d58c55d5613a858600a4d2ab3a.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index e40eecbbaefa..f852cd626f2e 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -878,6 +878,12 @@ static int __init apparmor_init(void)
 		return 0;
 	}
 
+	error = aa_setup_dfa_engine();
+	if (error) {
+		AA_ERROR("Unable to setup dfa engine\n");
+		goto alloc_out;
+	}
+
 	error = aa_alloc_root_ns();
 	if (error) {
 		AA_ERROR("Unable to allocate default profile namespace\n");
@@ -905,6 +911,7 @@ static int __init apparmor_init(void)
 
 alloc_out:
 	aa_destroy_aafs();
+	aa_teardown_dfa_engine();
 
 	apparmor_enabled = 0;
 	return error;
author	John Johansen <john.johansen@canonical.com>	2017-01-16 00:42:42 -0800
committer	John Johansen <john.johansen@canonical.com>	2017-01-16 01:18:34 -0800
commit	11c236b89d7c26d58c55d5613a858600a4d2ab3a (patch)
tree	591f879c7a4491b17a03391343fc3c0a98bb7165 /security/apparmor/lsm.c
parent	6604d4c1c1a65d3d1a6a56291d96516d1e9b7041 (diff)
download	linux-next-11c236b89d7c26d58c55d5613a858600a4d2ab3a.tar.gz