* - exec type - which determines how the executable name and index are used
* - flags - which modify how the destination name is applied
*/
-#define AA_X_INDEX_MASK 0x03ff
-
-#define AA_X_TYPE_MASK 0x0c00
-#define AA_X_TYPE_SHIFT 10
-#define AA_X_NONE 0x0000
-#define AA_X_NAME 0x0400 /* use executable name px */
-#define AA_X_TABLE 0x0800 /* use a specified name ->n# */
-
-#define AA_X_UNSAFE 0x1000
-#define AA_X_CHILD 0x2000 /* make >AA_X_NONE apply to children */
-#define AA_X_INHERIT 0x4000
-#define AA_X_UNCONFINED 0x8000
+#define AA_X_INDEX_MASK 0x00ffffff
+
+#define AA_X_TYPE_MASK 0x0c000000
+#define AA_X_NONE 0x00000000
+#define AA_X_NAME 0x04000000 /* use executable name px */
+#define AA_X_TABLE 0x08000000 /* use a specified name ->n# */
+
+#define AA_X_UNSAFE 0x10000000
+#define AA_X_CHILD 0x20000000
+#define AA_X_INHERIT 0x40000000
+#define AA_X_UNCONFINED 0x80000000
/* need to make conditional which ones are being set */
struct path_cond {
int i, size;
size = unpack_array(e, NULL);
- /* currently 4 exec bits and entries 0-3 are reserved iupcx */
- if (size > 16 - 4)
+ /* currently 2^24 bits entries 0-3 */
+ if (size > (1 << 24))
goto fail;
profile->file.trans.table = kcalloc(size, sizeof(char *),
GFP_KERNEL);
}
/* remap old accept table embedded permissions to separate permission table */
-static u16 dfa_map_xindex(u16 mask)
+static u32 dfa_map_xindex(u16 mask)
{
u16 old_index = (mask >> 10) & 0xf;
- u16 index = 0;
+ u32 index = 0;
if (mask & 0x100)
index |= AA_X_UNSAFE;