* @request: permissions to request
* @perms: perms struct to set
*
- * Returns: 0 on success else ERROR
+ * Returns: state match stopped at or DFA_NOMATCH if aborted early
*
* For the label A//&B//&C this does the perm match for A//&B//&C
* @perms should be preinitialized with allperms OR a previous permission
/* no component visible */
*perms = allperms;
- return 0;
+ return state;
next:
label_for_each_cont(i, label, tp) {
goto fail;
}
*perms = *aa_lookup_perms(rules->policy, state);
- if ((perms->allow & request) != request)
- return -EACCES;
-
- return 0;
+ return state;
fail:
*perms = nullperms;
- return state;
+ return DFA_NOMATCH;
}
/**
struct aa_label *label, aa_state_t state, bool subns,
u32 request, struct aa_perms *perms)
{
- int error = label_compound_match(profile, rules, label, state, subns,
- request, perms);
- if (!error)
- return error;
+ aa_state_t tmp = label_compound_match(profile, rules, label, state, subns,
+ request, perms);
+ if ((perms->allow & request) == request)
+ return 0;
+ /* failed compound_match try component matches */
*perms = allperms;
return label_components_match(profile, rules, label, state, subns,
request, perms);