From 38f2676cda498dc477a558ff0163b90b0bb7a9fe Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Mon, 29 May 2017 11:45:29 -0700
Subject: [PATCH 25/65] apparmor: add fn to test if profile supports a given
 mediation class
Git-commit: b5b2557c0aeca35b34c558fd09ad6da67b9f3557
Patch-mainline: v4.13-rc1
References: FATE#323500

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
---
 security/apparmor/include/policy.h | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index 97bfbddef7b2..d93f475bfd8b 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -222,6 +222,16 @@ void __aa_profile_list_release(struct list_head *head);
 
 #define unconfined(X) ((X)->mode == APPARMOR_UNCONFINED)
 
+#define PROFILE_MEDIATES(P, T)  ((P)->policy.start[(T)])
+/* safe version of POLICY_MEDIATES for full range input */
+static inline unsigned int PROFILE_MEDIATES_SAFE(struct aa_profile *profile,
+						 unsigned char class)
+{
+	if (profile->policy.dfa)
+		return aa_dfa_match_len(profile->policy.dfa,
+					profile->policy.start[0], &class, 1);
+	return 0;
+}
 
 /**
  * aa_get_profile - increment refcount on profile @p
-- 
2.12.3