apparmor: extend xindex size

 * - exec type - which determines how the executable name and index are used

 * - flags - which modify how the destination name is applied

 */

#define AA_X_INDEX_MASK		0x03ff

#define AA_X_TYPE_MASK		0x0c00

#define AA_X_TYPE_SHIFT		10

#define AA_X_NONE		0x0000

#define AA_X_NAME		0x0400	/* use executable name px */

#define AA_X_TABLE		0x0800	/* use a specified name ->n# */

#define AA_X_UNSAFE		0x1000

#define AA_X_CHILD		0x2000	/* make >AA_X_NONE apply to children */

#define AA_X_INHERIT		0x4000

#define AA_X_UNCONFINED		0x8000

#define AA_X_INDEX_MASK		0x00ffffff

#define AA_X_TYPE_MASK		0x0c000000

#define AA_X_NONE		0x00000000

#define AA_X_NAME		0x04000000 /* use executable name px */

#define AA_X_TABLE		0x08000000 /* use a specified name ->n# */

#define AA_X_UNSAFE		0x10000000

#define AA_X_CHILD		0x20000000

#define AA_X_INHERIT		0x40000000

#define AA_X_UNCONFINED		0x80000000

/* need to make conditional which ones are being set */

struct path_cond {

	u32 quiet;	/* set only when ~allow | deny */

	u32 hide;	/* set only when  ~allow | deny */

	u16 xindex;

	u32 xindex;

};

#define ALL_PERMS_MASK 0xffffffff

		int i, size;

		size = unpack_array(e, NULL);

		/* currently 4 exec bits and entries 0-3 are reserved iupcx */

		if (size > 16 - 4)

		/* currently 2^24 bits entries 0-3 */

		if (size > (1 << 24))

			goto fail;

		profile->file.trans.table = kcalloc(size, sizeof(char *),

						    GFP_KERNEL);

}

/* remap old accept table embedded permissions to separate permission table */

static u16 dfa_map_xindex(u16 mask)

static u32 dfa_map_xindex(u16 mask)

{

	u16 old_index = (mask >> 10) & 0xf;

	u16 index = 0;

	u32 index = 0;

	if (mask & 0x100)

		index |= AA_X_UNSAFE;