On Fri, Aug 29, 2014 at 01:23:42PM -0700, John Johansen wrote:
> >> +static uint32_t map_perms(uint32_t mask)
> >> +{
> >> + return (mask & 0x7f) |
> >> + ((mask & (AA_NET_GETATTR | AA_NET_SETATTR)) << (AA_OTHER_SHIFT
> >> - 8)) |
> >> + ((mask & (AA_NET_ACCEPT | AA_NET_BIND | AA_NET_LISTEN)) >> 4) |
> >> /* 2 + (AA_OTHER_SHIFT - 20) */
> >> + ((mask & (AA_NET_SETOPT | AA_NET_GETOPT)) >> 5); /* 5 +
> >> (AA_OTHER_SHIFT - 24) */
> >> +}
> >> +
> >
> > Bits 0-7 inclusive stay put
> > Bits 8-9 inclusive move (14 - 8) = 6 to 14-15 GETATTR | SETATTR
> > Bits 20-23 inclusive move -4 to 16-19 ACCEPT | BIND | LISTEN
> > Bits 24-25 inclusive move -5 to 19-20 SETOPT | GETOPT
> >
> > Is this correct? It looks like AA_NET_LISTEN overlaps with AA_NET_GETOPT.
> >
> No your counting is off
> 20-22 inclusive move -4 to 16-18 ACCEPT | BIND | LISTEN (notice 22 not 23)
>
> 23 is skipped, hence the need to shift 5 for 24-25 instead of 4
>
> 24-25 inclusive move -5 to 19-20
>
> obviously the comments could be fixed to list the bit positions as aboveOh! This is fantastic. Thanks. Happy to find out it was a mistake on my end. (Even if there had been a nice comment here I would have wanted to duplicate the math to ensure it was right. Hopefully future readers will share the same skepticism..) Thanks
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
