apparmor: add a default null dfa Instead of testing whether a given dfa exists in every code path, have a default null dfa that is used when loaded policy doesn't provide a dfa. This will let us get rid of special casing and avoid dereference bugs when special casing is missed. Signed-off-by: John Johansen <john.johansen@canonical.com>

commit: 11c236b89d7c26d58c55d5613a858600a4d2ab3a [log] [tgz]
author: John Johansen <john.johansen@canonical.com> Mon Jan 16 00:42:42 2017 -0800
committer: John Johansen <john.johansen@canonical.com> Mon Jan 16 01:18:34 2017 -0800
tree: 591f879c7a4491b17a03391343fc3c0a98bb7165
parent: 6604d4c1c1a65d3d1a6a56291d96516d1e9b7041 [diff] [blame]
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index e40eecb..f852cd6 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c

@@ -878,6 +878,12 @@ static int __init apparmor_init(void)
 		return 0;
 	}
 
+	error = aa_setup_dfa_engine();
+	if (error) {
+		AA_ERROR("Unable to setup dfa engine\n");
+		goto alloc_out;
+	}
+
 	error = aa_alloc_root_ns();
 	if (error) {
 		AA_ERROR("Unable to allocate default profile namespace\n");
@@ -905,6 +911,7 @@ static int __init apparmor_init(void)
 
 alloc_out:
 	aa_destroy_aafs();
+	aa_teardown_dfa_engine();
 
 	apparmor_enabled = 0;
 	return error;
commit	11c236b89d7c26d58c55d5613a858600a4d2ab3a	[log] [tgz]
author	John Johansen <john.johansen@canonical.com>	Mon Jan 16 00:42:42 2017 -0800
committer	John Johansen <john.johansen@canonical.com>	Mon Jan 16 01:18:34 2017 -0800
tree	591f879c7a4491b17a03391343fc3c0a98bb7165
parent	6604d4c1c1a65d3d1a6a56291d96516d1e9b7041 [diff] [blame]