apparmor: cleanup: attachment perm lookup to use lookup_perms()

Remove another case of code duplications. Switch to using the generic
routine instead of the current custom checks.

Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
index c906ab98f53afab5e6cf82bfc71ae2c356ced2d1..b1bf1a0b29bb8a010b7e2324b9bf8965d142f60c 100644 (file)
--- a/security/apparmor/domain.c
+++ b/security/apparmor/domain.c
@@ -323,7 +323,7 @@ static int aa_xattrs_match(const struct linux_binprm *bprm,
                size = vfs_getxattr_alloc(&nop_mnt_idmap, d, attach->xattrs[i],
                                          &value, value_size, GFP_KERNEL);
                if (size >= 0) {
-                       u32 index, perm;
+                       struct aa_perms *perms;
 
                        /*
                         * Check the xattr presence before value. This ensure
@@ -335,9 +335,8 @@ static int aa_xattrs_match(const struct linux_binprm *bprm,
                        /* Check xattr value */
                        state = aa_dfa_match_len(attach->xmatch->dfa, state,
                                                 value, size);
-                       index = ACCEPT_TABLE(attach->xmatch->dfa)[state];
-                       perm = attach->xmatch->perms[index].allow;
-                       if (!(perm & MAY_EXEC)) {
+                       perms = aa_lookup_perms(attach->xmatch, state);
+                       if (!(perms->allow & MAY_EXEC)) {
                                ret = -EINVAL;
                                goto out;
                        }
@@ -415,15 +414,14 @@ restart:
                if (attach->xmatch->dfa) {
                        unsigned int count;
                        aa_state_t state;
-                       u32 index, perm;
+                       struct aa_perms *perms;
 
                        state = aa_dfa_leftmatch(attach->xmatch->dfa,
                                        attach->xmatch->start[AA_CLASS_XMATCH],
                                        name, &count);
-                       index = ACCEPT_TABLE(attach->xmatch->dfa)[state];
-                       perm = attach->xmatch->perms[index].allow;
+                       perms = aa_lookup_perms(attach->xmatch, state);
                        /* any accepting state means a valid match. */
-                       if (perm & MAY_EXEC) {
+                       if (perms->allow & MAY_EXEC) {
                                int ret = 0;
 
                                if (count < candidate_len)