apparmor: document first entry is in packed perms struct is reserved

Add a comment to unpack_perm to document the first entry in the packed
perms struct is reserved, and make a non-functional change of unpacking
to a temporary stack variable named "reserved" to help suppor the
documentation of which value is reserved.

Suggested-by: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 3483c595f999fc55f71b6b179044f809f12a6c45..992b74c50d641e697138a640bb19b14620d51c2b 100644 (file)
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -645,10 +645,13 @@ fail:
 
 static bool unpack_perm(struct aa_ext *e, u32 version, struct aa_perms *perm)
 {
+       u32 reserved;
+
        if (version != 1)
                return false;
 
-       return  aa_unpack_u32(e, &perm->allow, NULL) &&
+       /* reserved entry is for later expansion, discard for now */
+       return  aa_unpack_u32(e, &reserved, NULL) &&
                aa_unpack_u32(e, &perm->allow, NULL) &&
                aa_unpack_u32(e, &perm->deny, NULL) &&
                aa_unpack_u32(e, &perm->subtree, NULL) &&