UBUNTU: SAUCE: AppArmor: Allow dfa backward compatibility with broken userspace

UBUNTU: SAUCE: AppArmor: Allow dfa backward compatibility with broken userspace

Allow broken Lucid userspace tools to load policy, on Maverick kernel.
The fix for http://launchpad.net/bugs/581525 blocks Lucid tools from
loading policy, this provides compatibility with Lucid tools without
reintroducing the bug.

The apparmor_parser when compiling policy could generate invalid dfas
that did not have sufficient padding to avoid invalid references, when
used by the kernel.  The kernels check to verify the next/check table
size was broken meaning invalid dfas were being created by userspace
and not caught.

To remain compatible with old tools that are not fixed, pad the loaded
dfas next/check table.  The dfa's themselves are valid except for the
high padding for potentially invalid transitions (high bounds error),
which have a maximimum is 256 entries.  So just allocate an extra null filled
256 entries for the next/check tables.  This will guarentee all bounds
are good and invalid transitions go to the null (0) state.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>