apparmor: use the dfa to do label parse string splitting

The current split scheme is actually wrong in that it splits ///& where that is invalid and should fail. Use the dfa to do a proper bounded split without having to worry about getting the string processing right in code. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-09-06 14:57:59 -07:00
parent cf65fabc2a
commit 6e0654d20e
5 changed files with 170 additions and 11 deletions
--- a/security/apparmor/include/match.h
+++ b/security/apparmor/include/match.h
@@ -101,6 +101,7 @@ struct aa_dfa {
 };

 extern struct aa_dfa *nulldfa;
+extern struct aa_dfa *stacksplitdfa;

 #define byte_to_byte(X) (X)