1 files changed, 23 insertions, 1 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index c50634b724b5..25fd51edc8da 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -469,7 +469,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
 {
        struct aa_profile *profile = NULL;
        const char *name = NULL;
-        int error = -EPROTO;
+        int i, error = -EPROTO;
        kernel_cap_t tmpcap;
        u32 tmp;
@@ -562,6 +562,28 @@ static struct aa_profile *unpack_profile(struct aa_ext *e)
        if (!unpack_rlimits(e, profile))
                goto fail;
+        if (unpack_nameX(e, AA_STRUCT, "policydb")) {
+                /* generic policy dfa - optional and may be NULL */
+                profile->policy.dfa = unpack_dfa(e);
+                if (IS_ERR(profile->policy.dfa)) {
+                        error = PTR_ERR(profile->policy.dfa);
+                        profile->policy.dfa = NULL;
+                        goto fail;
+                }
+                if (!unpack_u32(e, &profile->policy.start[0], "start"))
+                        /* default start state */
+                        profile->policy.start[0] = DFA_START;
+                /* setup class index */
+                for (i = AA_CLASS_FILE; i <= AA_CLASS_LAST; i++) {
+                        profile->policy.start[i] =
+                                aa_dfa_next(profile->policy.dfa,
+                                            profile->policy.start[0],
+                                            i);
+                }
+                if (!unpack_nameX(e, AA_STRUCTEND, NULL))
+                        goto fail;
+        }
        /* get file rules */
        profile->file.dfa = unpack_dfa(e);
        if (IS_ERR(profile->file.dfa)) {

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index c50634b724b5..25fd51edc8da 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c
@@ -469,7 +469,7 @@ static struct aa_profile unpack_profile(struct aa_ext e)
469	{	469	{
470	struct aa_profile *profile = NULL;	470	struct aa_profile *profile = NULL;
471	const char *name = NULL;	471	const char *name = NULL;
472	int error = -EPROTO;	472	int i, error = -EPROTO;
473	kernel_cap_t tmpcap;	473	kernel_cap_t tmpcap;
474	u32 tmp;	474	u32 tmp;
475		475
@@ -562,6 +562,28 @@ static struct aa_profile unpack_profile(struct aa_ext e)
562	if (!unpack_rlimits(e, profile))	562	if (!unpack_rlimits(e, profile))
563	goto fail;	563	goto fail;
564		564
		565	if (unpack_nameX(e, AA_STRUCT, "policydb")) {
		566	/* generic policy dfa - optional and may be NULL */
		567	profile->policy.dfa = unpack_dfa(e);
		568	if (IS_ERR(profile->policy.dfa)) {
		569	error = PTR_ERR(profile->policy.dfa);
		570	profile->policy.dfa = NULL;
		571	goto fail;
		572	}
		573	if (!unpack_u32(e, &profile->policy.start[0], "start"))
		574	/* default start state */
		575	profile->policy.start[0] = DFA_START;
		576	/* setup class index */
		577	for (i = AA_CLASS_FILE; i <= AA_CLASS_LAST; i++) {
		578	profile->policy.start[i] =
		579	aa_dfa_next(profile->policy.dfa,
		580	profile->policy.start[0],
		581	i);
		582	}
		583	if (!unpack_nameX(e, AA_STRUCTEND, NULL))
		584	goto fail;
		585	}
		586
565	/* get file rules */	587	/* get file rules */
566	profile->file.dfa = unpack_dfa(e);	588	profile->file.dfa = unpack_dfa(e);
567	if (IS_ERR(profile->file.dfa)) {	589	if (IS_ERR(profile->file.dfa)) {