apparmor: move dfa perm macros into policy_unpack

#define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill)

/* FIXME: split perms from dfa and match this to description

 *        also add delegation info.

 */

static inline u16 dfa_map_xindex(u16 mask)

{

	u16 old_index = (mask >> 10) & 0xf;

	u16 index = 0;

	if (mask & 0x100)

		index |= AA_X_UNSAFE;

	if (mask & 0x200)

		index |= AA_X_INHERIT;

	if (mask & 0x80)

		index |= AA_X_UNCONFINED;

	if (old_index == 1) {

		index |= AA_X_UNCONFINED;

	} else if (old_index == 2) {

		index |= AA_X_NAME;

	} else if (old_index == 3) {

		index |= AA_X_NAME | AA_X_CHILD;

	} else if (old_index) {

		index |= AA_X_TABLE;

		index |= old_index - 4;

	}

	return index;

}

/*

 * map old dfa inline permissions to new format

 */

#define dfa_user_allow(dfa, state) (((ACCEPT_TABLE(dfa)[state]) & 0x7f) | \

				    ((ACCEPT_TABLE(dfa)[state]) & 0x80000000))

#define dfa_user_xbits(dfa, state) (((ACCEPT_TABLE(dfa)[state]) >> 7) & 0x7f)

#define dfa_user_audit(dfa, state) ((ACCEPT_TABLE2(dfa)[state]) & 0x7f)

#define dfa_user_quiet(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 7) & 0x7f)

#define dfa_user_xindex(dfa, state) \

	(dfa_map_xindex(ACCEPT_TABLE(dfa)[state] & 0x3fff))

#define dfa_other_allow(dfa, state) ((((ACCEPT_TABLE(dfa)[state]) >> 14) & \

				      0x7f) |				\

				     ((ACCEPT_TABLE(dfa)[state]) & 0x80000000))

#define dfa_other_xbits(dfa, state) \

	((((ACCEPT_TABLE(dfa)[state]) >> 7) >> 14) & 0x7f)

#define dfa_other_audit(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 14) & 0x7f)

#define dfa_other_quiet(dfa, state) \

	((((ACCEPT_TABLE2(dfa)[state]) >> 7) >> 14) & 0x7f)

#define dfa_other_xindex(dfa, state) \

	dfa_map_xindex((ACCEPT_TABLE(dfa)[state] >> 14) & 0x3fff)

int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms,

		  const char *op, u32 request, const char *name,

		  const char *target, struct aa_label *tlabel, kuid_t ouid,

	return strcmp(data->key, *key);

}

/* remap old accept table embedded permissions to separate permission table */

static u16 dfa_map_xindex(u16 mask)

{

	u16 old_index = (mask >> 10) & 0xf;

	u16 index = 0;

	if (mask & 0x100)

		index |= AA_X_UNSAFE;

	if (mask & 0x200)

		index |= AA_X_INHERIT;

	if (mask & 0x80)

		index |= AA_X_UNCONFINED;

	if (old_index == 1) {

		index |= AA_X_UNCONFINED;

	} else if (old_index == 2) {

		index |= AA_X_NAME;

	} else if (old_index == 3) {

		index |= AA_X_NAME | AA_X_CHILD;

	} else if (old_index) {

		index |= AA_X_TABLE;

		index |= old_index - 4;

	}

	return index;

}

/*

 * map old dfa inline permissions to new format

 */

#define dfa_user_allow(dfa, state) (((ACCEPT_TABLE(dfa)[state]) & 0x7f) | \

				    ((ACCEPT_TABLE(dfa)[state]) & 0x80000000))

#define dfa_user_xbits(dfa, state) (((ACCEPT_TABLE(dfa)[state]) >> 7) & 0x7f)

#define dfa_user_audit(dfa, state) ((ACCEPT_TABLE2(dfa)[state]) & 0x7f)

#define dfa_user_quiet(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 7) & 0x7f)

#define dfa_user_xindex(dfa, state) \

	(dfa_map_xindex(ACCEPT_TABLE(dfa)[state] & 0x3fff))

#define dfa_other_allow(dfa, state) ((((ACCEPT_TABLE(dfa)[state]) >> 14) & \

				      0x7f) |				\

				     ((ACCEPT_TABLE(dfa)[state]) & 0x80000000))

#define dfa_other_xbits(dfa, state) \

	((((ACCEPT_TABLE(dfa)[state]) >> 7) >> 14) & 0x7f)

#define dfa_other_audit(dfa, state) (((ACCEPT_TABLE2(dfa)[state]) >> 14) & 0x7f)

#define dfa_other_quiet(dfa, state) \

	((((ACCEPT_TABLE2(dfa)[state]) >> 7) >> 14) & 0x7f)

#define dfa_other_xindex(dfa, state) \

	dfa_map_xindex((ACCEPT_TABLE(dfa)[state] >> 14) & 0x3fff)

/**

 * map_old_perms - map old file perms layout to the new layout

 * @old: permission set in old mapping