apparmor: extend permissions to support a label and tag string

#include "include/policy.h"

#include "include/policy_ns.h"

/**

 * aa_free_domain_entries - free entries in a domain table

 * @domain: the domain table to free  (MAYBE NULL)

 */

void aa_free_domain_entries(struct aa_domain *domain)

{

	int i;

	if (domain) {

		if (!domain->table)

			return;

		for (i = 0; i < domain->size; i++)

			kfree_sensitive(domain->table[i]);

		kfree_sensitive(domain->table);

		domain->table = NULL;

	}

}

/**

 * may_change_ptraced_domain - check if can change profile on ptraced task

 * @to_label: profile to change to  (NOT NULL)

#ifndef __AA_DOMAIN_H

#define __AA_DOMAIN_H

struct aa_domain {

	int size;

	char **table;

};

#define AA_CHANGE_NOFLAGS 0

#define AA_CHANGE_TEST 1

#define AA_CHANGE_CHILD 2

int apparmor_bprm_creds_for_exec(struct linux_binprm *bprm);

void aa_free_domain_entries(struct aa_domain *domain);

int aa_change_hat(const char *hats[], int count, u64 token, int flags);

int aa_change_profile(const char *fqname, int flags);

	return !(dentry->d_sb->s_flags & SB_NOUSER);

}

struct aa_str_table {

	int size;

	char **table;

};

void aa_free_str_table(struct aa_str_table *table);

struct counted_str {

	struct kref count;

	u32 hide;	/* set only when  ~allow | deny */

	u32 xindex;

	u32 tag;	/* tag string index, if present */

	u32 label;	/* label string index, if present */

};

#define ALL_PERMS_MASK 0xffffffff

/* struct aa_policydb - match engine for a policy

 * dfa: dfa pattern match

 * perms: table of permissions

 * strs: table of strings, index by x

 * start: set of start states for the different classes of data

 */

struct aa_policydb {

	struct aa_dfa *dfa;

	struct aa_perms *perms;

	struct aa_domain trans;

	struct aa_str_table trans;

	aa_state_t start[AA_CLASS_LAST + 1];

};

	aa_put_dfa(policy->dfa);

	if (policy->perms)

		kvfree(policy->perms);

	aa_free_domain_entries(&policy->trans);

	aa_free_str_table(&policy->trans);

}