* - exec type - which determines how the executable name and index are used
* - flags - which modify how the destination name is applied
*/
-#define AA_X_INDEX_MASK 0x00ffffff
+#define AA_X_INDEX_MASK AA_INDEX_MASK
#define AA_X_TYPE_MASK 0x0c000000
-#define AA_X_NONE 0x00000000
+#define AA_X_NONE AA_INDEX_NONE
#define AA_X_NAME 0x04000000 /* use executable name px */
#define AA_X_TABLE 0x08000000 /* use a specified name ->n# */
u32 quiet; /* set only when ~allow | deny */
u32 hide; /* set only when ~allow | deny */
+
u32 xindex;
u32 tag; /* tag string index, if present */
u32 label; /* label string index, if present */
};
+/*
+ * Indexes are broken into a 24 bit index and 8 bit flag.
+ * For the index to be valid there must be a value in the flag
+ */
+#define AA_INDEX_MASK 0x00ffffff
+#define AA_INDEX_FLAG_MASK 0xff000000
+#define AA_INDEX_NONE 0
+
#define ALL_PERMS_MASK 0xffffffff
extern struct aa_perms nullperms;
extern struct aa_perms allperms;
accum->hide &= addend->hide & ~addend->allow;
accum->prompt |= addend->prompt & ~addend->allow & ~addend->deny;
accum->subtree |= addend->subtree & ~addend->deny;
+
+ if (!accum->xindex)
+ accum->xindex = addend->xindex;
+ if (!accum->tag)
+ accum->tag = addend->tag;
+ if (!accum->label)
+ accum->label = addend->label;
}
/**
accum->hide &= addend->hide & ~accum->allow;
accum->prompt |= addend->prompt & ~accum->allow & ~accum->deny;
accum->subtree &= addend->subtree & ~accum->deny;
+
+ if (!accum->xindex)
+ accum->xindex = addend->xindex;
+ if (!accum->tag)
+ accum->tag = addend->tag;
+ if (!accum->label)
+ accum->label = addend->label;
}
void aa_profile_match_label(struct aa_profile *profile, struct aa_label *label,