apparmor: reserve and mask off the top 8 bits of the base field
The top 8 bits of the base field have never been used, in fact can't be used, by the current 'dfa16' format. However they will be used in the future as flags, so mask them off when using base as an index value. Note: the use of the top 8 bits, without masking is trapped by the verify checks that base entries are within the size bounds. Signed-off-by: NJohn Johansen <john.johansen@canonical.com> Acked-by: NKees Cook <kees@ubuntu.com>
Showing
想要评论请 注册 或 登录