apparmor: make sure perm indexes are accumulated

 * - exec type - which determines how the executable name and index are used

 * - flags - which modify how the destination name is applied

 */

#define AA_X_INDEX_MASK		0x00ffffff

#define AA_X_INDEX_MASK		AA_INDEX_MASK

#define AA_X_TYPE_MASK		0x0c000000

#define AA_X_NONE		0x00000000

#define AA_X_NONE		AA_INDEX_NONE

#define AA_X_NAME		0x04000000 /* use executable name px */

#define AA_X_TABLE		0x08000000 /* use a specified name ->n# */

	u32 quiet;	/* set only when ~allow | deny */

	u32 hide;	/* set only when  ~allow | deny */

	u32 xindex;

	u32 tag;	/* tag string index, if present */

	u32 label;	/* label string index, if present */

};

/*

 * Indexes are broken into a 24 bit index and 8 bit flag.

 * For the index to be valid there must be a value in the flag

 */

#define AA_INDEX_MASK			0x00ffffff

#define AA_INDEX_FLAG_MASK		0xff000000

#define AA_INDEX_NONE			0

#define ALL_PERMS_MASK 0xffffffff

extern struct aa_perms nullperms;

extern struct aa_perms allperms;

	accum->hide &= addend->hide & ~addend->allow;

	accum->prompt |= addend->prompt & ~addend->allow & ~addend->deny;

	accum->subtree |= addend->subtree & ~addend->deny;

	if (!accum->xindex)

		accum->xindex = addend->xindex;

	if (!accum->tag)

		accum->tag = addend->tag;

	if (!accum->label)

		accum->label = addend->label;

}

/**

	accum->hide &= addend->hide & ~accum->allow;

	accum->prompt |= addend->prompt & ~accum->allow & ~accum->deny;

	accum->subtree &= addend->subtree & ~accum->deny;

	if (!accum->xindex)

		accum->xindex = addend->xindex;

	if (!accum->tag)

		accum->tag = addend->tag;

	if (!accum->label)

		accum->label = addend->label;

}

void aa_profile_match_label(struct aa_profile *profile, struct aa_label *label,