From 11c236b89d7c26d58c55d5613a858600a4d2ab3a Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Mon, 16 Jan 2017 00:42:42 -0800
Subject: apparmor: add a default null dfa

Instead of testing whether a given dfa exists in every code path, have
a default null dfa that is used when loaded policy doesn't provide a
dfa.

This will let us get rid of special casing and avoid dereference bugs
when special casing is missed.

Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 security/apparmor/policy.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'security/apparmor/policy.c')

diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index dd63ac92d28f..046edecc4c8a 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -348,6 +348,8 @@ name:
 	/* released on free_profile */
 	rcu_assign_pointer(profile->parent, aa_get_profile(parent));
 	profile->ns = aa_get_ns(parent->ns);
+	profile->file.dfa = aa_get_dfa(nulldfa);
+	profile->policy.dfa = aa_get_dfa(nulldfa);
 
 	mutex_lock(&profile->ns->lock);
 	__list_add_profile(&parent->base.profiles, profile);
-- 
cgit v1.2.3