apparmor: document first entry is in packed perms struct is reserved

Add a comment to unpack_perm to document the first entry in the packed perms struct is reserved, and make a non-functional change of unpacking to a temporary stack variable named "reserved" to help suppor the documentation of which value is reserved. Suggested-by: Serge E. Hallyn <serge@hallyn.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2024-11-09 11:45:58 -0800
committer: John Johansen <john.johansen@canonical.com> 2024-11-26 19:21:05 -0800
commit: a2081b78e212a4cc0e8cfb64ed26cb494d8af574 (patch)
tree: 961c965bff81011c573c0b17105cc973f58366b6 /security
parent: 7290f59231910ccba427d441a6e8b8c6f6112448 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 3483c595f999..992b74c50d64 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -645,10 +645,13 @@ fail:
 
 static bool unpack_perm(struct aa_ext *e, u32 version, struct aa_perms *perm)
 {
+	u32 reserved;
+
 	if (version != 1)
 		return false;
 
-	return	aa_unpack_u32(e, &perm->allow, NULL) &&
+	/* reserved entry is for later expansion, discard for now */
+	return	aa_unpack_u32(e, &reserved, NULL) &&
 		aa_unpack_u32(e, &perm->allow, NULL) &&
 		aa_unpack_u32(e, &perm->deny, NULL) &&
 		aa_unpack_u32(e, &perm->subtree, NULL) &&
author	John Johansen <john.johansen@canonical.com>	2024-11-09 11:45:58 -0800
committer	John Johansen <john.johansen@canonical.com>	2024-11-26 19:21:05 -0800
commit	a2081b78e212a4cc0e8cfb64ed26cb494d8af574 (patch)
tree	961c965bff81011c573c0b17105cc973f58366b6 /security
parent	7290f59231910ccba427d441a6e8b8c6f6112448 (diff)