apparmor/parser/parser_merge.c

/* $Id$ */

/*
 *   Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
 *   NOVELL (All rights reserved)
 *
 *   This program is free software; you can redistribute it and/or
 *   modify it under the terms of version 2 of the GNU General Public
 *   License published by the Free Software Foundation.
 *
 *   This program is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with this program; if not, contact Novell, Inc.
 */

#include <linux/unistd.h>

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <errno.h>
#include <libintl.h>
#define _(s) gettext(s)

#include "parser.h"


static inline int count_net_entries(struct codomain *cod)
{
	struct cod_net_entry *list;
	int count = 0;
	for (list = cod->net_entries; list; list = list->next)
		count++;
	return count;
}

static int file_comp(const void *c1, const void *c2)
{
	struct cod_entry **e1, **e2;
	e1 = (struct cod_entry **)c1;
	e2 = (struct cod_entry **)c2;
	//PERROR("strcmp %s %s\n", (*e1)->name, (*e2)->name);
	return strcmp((*e1)->name, (*e2)->name);
}

static int process_file_entries(struct codomain *cod)
{
	int n, count;
	struct cod_entry *flist, *cur, *next;
	struct cod_entry **table;

	for (flist = cod->entries, n = 0; flist; flist = flist->next)
		n++;

	count = n;
	if (count < 2)
		return 1;

	table = malloc(sizeof(struct cod_entry *) * (count + 1));
	if (!table) {
		PERROR(_("Couldn't merge entries. Out of Memory\n"));
		return 0;
	}

	n = 0;
	for (flist = cod->entries; flist; flist = flist->next) {
		table[n] = flist;
		n++;
	}

	qsort(table, count, sizeof(struct cod_entry *), file_comp);
	table[count] = NULL;

#define CHECK_CONFLICT_UNSAFE(a, b) \
	((HAS_EXEC_UNSAFE(a) ^ HAS_EXEC_UNSAFE(b)) && \
	 ((HAS_EXEC_PROFILE(a) && HAS_EXEC_PROFILE(b)) || \
	  (HAS_EXEC_UNCONFINED(a) && HAS_EXEC_UNCONFINED(b))))

	/* walk the sorted table merging similar entries */
	for (cur = table[0], next = table[1], n = 1; next != NULL; n++, next = table[n]) {
		if (file_comp(&cur, &next) == 0) {
			int conflict = CHECK_CONFLICT_UNSAFE(cur->mode, next->mode);

			cur->mode |= next->mode;
			/* check for merged x consistency */
			if (HAS_MAY_EXEC(cur->mode) &&
			    (!AA_EXEC_SINGLE_MODIFIER_SET(cur->mode) ||
			     conflict)) {
				PERROR(_("profile %s: has merged rule %s with multiple x modifiers\n"),
				       cod->name, cur->name);
				return 0;
			}
			free(next->name);
			free(next);
			table[n] = NULL;
		} else {
			cur = next;
		}
	}

	/* rebuild the file_entry chain */
	cur = table[0];
	for (n = 1; n < count; n++) {
		if (table[n] != NULL) {
			cur->next = table[n];
			cur = table[n];
		}
	}
	cur->next = NULL;
	cod->entries = table[0];

	free(table);

	return 1;
}

static int process_net_entries(struct codomain __unused *cod)
{
	return 1;
}

int codomain_merge_rules(struct codomain *cod)
{
	if (!process_file_entries(cod))
		goto fail;
	if (!process_net_entries(cod))
		goto fail;

	/* XXX  return error from this */
	merge_hat_rules(cod);

	return 1;
fail:
	return 0;
}
Update keywords attribute, svn:ignore attribute, update Makefile to point to the new location of the common/ dir. 2006-04-12 03:09:10 +00:00			`/* $Id$ */`
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381. 2006-04-11 21:52:54 +00:00
			`/*`
update copyright dates 2007-04-11 08:12:51 +00:00			`* Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007`
			`* NOVELL (All rights reserved)`
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381. 2006-04-11 21:52:54 +00:00			`*`
			`* This program is free software; you can redistribute it and/or`
			`* modify it under the terms of version 2 of the GNU General Public`
			`* License published by the Free Software Foundation.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with this program; if not, contact Novell, Inc.`
			`*/`

			`#include <linux/unistd.h>`

			`#include <stdio.h>`
			`#include <string.h>`
			`#include <stdlib.h>`
			`#include <errno.h>`
			`#include <libintl.h>`
			`#define _(s) gettext(s)`

			`#include "parser.h"`

[https://bugzilla.novell.com/show_bug.cgi?id=172061] This (updated) patch to trunk adds support for Px and Ux (toggle bprm_secure on exec) in the parser, As requested, lowercase p and u corresponds to an unfiltered environmnet on exec, uppercase will filter the environment. It applies after the 'm' patch. As a side effect, I tried to reduce the use of hardcoded characters in the debugging statements -- there are still a few warnings that have hard coded letters in them; not sure I can fix them all. This version issues a warning for every unsafe ux and issues a single warning for the first 'R', 'W', 'X', 'L', and 'I' it encounters, except when the "-q" or "--quiet" flag , "--remove" profile flag, or "-N" report names flags are passed. Unfortunately, it made the logic somewhat more convoluted. Wordsmithing improvements welcome. 2006-08-04 17:14:49 +00:00
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381. 2006-04-11 21:52:54 +00:00			`static inline int count_net_entries(struct codomain *cod)`
			`{`
			`struct cod_net_entry *list;`
			`int count = 0;`
			`for (list = cod->net_entries; list; list = list->next)`
			`count++;`
			`return count;`
			`}`

			`static int file_comp(const void c1, const void c2)`
			`{`
			`struct cod_entry e1, e2;`
			`e1 = (struct cod_entry **)c1;`
			`e2 = (struct cod_entry **)c2;`
			`//PERROR("strcmp %s %s\n", (e1)->name, (e2)->name);`
			`return strcmp((e1)->name, (e2)->name);`
			`}`

			`static int process_file_entries(struct codomain *cod)`
			`{`
			`int n, count;`
			`struct cod_entry flist, cur, *next;`
			`struct cod_entry **table;`

			`for (flist = cod->entries, n = 0; flist; flist = flist->next)`
			`n++;`

			`count = n;`
			`if (count < 2)`
			`return 1;`

			`table = malloc(sizeof(struct cod_entry ) (count + 1));`
			`if (!table) {`
			`PERROR(_("Couldn't merge entries. Out of Memory\n"));`
			`return 0;`
			`}`

			`n = 0;`
			`for (flist = cod->entries; flist; flist = flist->next) {`
			`table[n] = flist;`
			`n++;`
			`}`

			`qsort(table, count, sizeof(struct cod_entry *), file_comp);`
			`table[count] = NULL;`

[https://bugzilla.novell.com/show_bug.cgi?id=172061] This (updated) patch to trunk adds support for Px and Ux (toggle bprm_secure on exec) in the parser, As requested, lowercase p and u corresponds to an unfiltered environmnet on exec, uppercase will filter the environment. It applies after the 'm' patch. As a side effect, I tried to reduce the use of hardcoded characters in the debugging statements -- there are still a few warnings that have hard coded letters in them; not sure I can fix them all. This version issues a warning for every unsafe ux and issues a single warning for the first 'R', 'W', 'X', 'L', and 'I' it encounters, except when the "-q" or "--quiet" flag , "--remove" profile flag, or "-N" report names flags are passed. Unfortunately, it made the logic somewhat more convoluted. Wordsmithing improvements welcome. 2006-08-04 17:14:49 +00:00			`#define CHECK_CONFLICT_UNSAFE(a, b) \`
update parser to use HAS_X macros 2006-08-04 17:20:16 +00:00			`((HAS_EXEC_UNSAFE(a) ^ HAS_EXEC_UNSAFE(b)) && \`
			`((HAS_EXEC_PROFILE(a) && HAS_EXEC_PROFILE(b)) \|\| \`
Patch by jjohansen@suse.de Acked-By: Steve Beattie <sbeattie@suse.de> Use correct terminology; convert unconstrained to unconfined. 2007-07-27 20:45:45 +00:00			`(HAS_EXEC_UNCONFINED(a) && HAS_EXEC_UNCONFINED(b))))`
[https://bugzilla.novell.com/show_bug.cgi?id=172061] This (updated) patch to trunk adds support for Px and Ux (toggle bprm_secure on exec) in the parser, As requested, lowercase p and u corresponds to an unfiltered environmnet on exec, uppercase will filter the environment. It applies after the 'm' patch. As a side effect, I tried to reduce the use of hardcoded characters in the debugging statements -- there are still a few warnings that have hard coded letters in them; not sure I can fix them all. This version issues a warning for every unsafe ux and issues a single warning for the first 'R', 'W', 'X', 'L', and 'I' it encounters, except when the "-q" or "--quiet" flag , "--remove" profile flag, or "-N" report names flags are passed. Unfortunately, it made the logic somewhat more convoluted. Wordsmithing improvements welcome. 2006-08-04 17:14:49 +00:00
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381. 2006-04-11 21:52:54 +00:00			`/* walk the sorted table merging similar entries */`
			`for (cur = table[0], next = table[1], n = 1; next != NULL; n++, next = table[n]) {`
			`if (file_comp(&cur, &next) == 0) {`
[https://bugzilla.novell.com/show_bug.cgi?id=172061] This (updated) patch to trunk adds support for Px and Ux (toggle bprm_secure on exec) in the parser, As requested, lowercase p and u corresponds to an unfiltered environmnet on exec, uppercase will filter the environment. It applies after the 'm' patch. As a side effect, I tried to reduce the use of hardcoded characters in the debugging statements -- there are still a few warnings that have hard coded letters in them; not sure I can fix them all. This version issues a warning for every unsafe ux and issues a single warning for the first 'R', 'W', 'X', 'L', and 'I' it encounters, except when the "-q" or "--quiet" flag , "--remove" profile flag, or "-N" report names flags are passed. Unfortunately, it made the logic somewhat more convoluted. Wordsmithing improvements welcome. 2006-08-04 17:14:49 +00:00			`int conflict = CHECK_CONFLICT_UNSAFE(cur->mode, next->mode);`
Get rid of all the POS_ and some other unused definitions 2007-03-30 14:59:13 +00:00
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381. 2006-04-11 21:52:54 +00:00			`cur->mode \|= next->mode;`
			`/* check for merged x consistency */`
update parser to use HAS_X macros 2006-08-04 17:20:16 +00:00			`if (HAS_MAY_EXEC(cur->mode) &&`
Get rid of all the POS_ and some other unused definitions 2007-03-30 14:59:13 +00:00			`(!AA_EXEC_SINGLE_MODIFIER_SET(cur->mode) \|\|`
[https://bugzilla.novell.com/show_bug.cgi?id=172061] This (updated) patch to trunk adds support for Px and Ux (toggle bprm_secure on exec) in the parser, As requested, lowercase p and u corresponds to an unfiltered environmnet on exec, uppercase will filter the environment. It applies after the 'm' patch. As a side effect, I tried to reduce the use of hardcoded characters in the debugging statements -- there are still a few warnings that have hard coded letters in them; not sure I can fix them all. This version issues a warning for every unsafe ux and issues a single warning for the first 'R', 'W', 'X', 'L', and 'I' it encounters, except when the "-q" or "--quiet" flag , "--remove" profile flag, or "-N" report names flags are passed. Unfortunately, it made the logic somewhat more convoluted. Wordsmithing improvements welcome. 2006-08-04 17:14:49 +00:00			`conflict)) {`
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381. 2006-04-11 21:52:54 +00:00			`PERROR(_("profile %s: has merged rule %s with multiple x modifiers\n"),`
			`cod->name, cur->name);`
			`return 0;`
			`}`
			`free(next->name);`
			`free(next);`
			`table[n] = NULL;`
			`} else {`
			`cur = next;`
			`}`
			`}`

			`/* rebuild the file_entry chain */`
			`cur = table[0];`
			`for (n = 1; n < count; n++) {`
			`if (table[n] != NULL) {`
			`cur->next = table[n];`
			`cur = table[n];`
			`}`
			`}`
			`cur->next = NULL;`
			`cod->entries = table[0];`

			`free(table);`

			`return 1;`
			`}`

Fix build warning due to netdomain rules being completely ignored. 2006-06-01 16:40:34 +00:00			`static int process_net_entries(struct codomain __unused *cod)`
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381. 2006-04-11 21:52:54 +00:00			`{`
			`return 1;`
			`}`

			`int codomain_merge_rules(struct codomain *cod)`
			`{`
			`if (!process_file_entries(cod))`
			`goto fail;`
			`if (!process_net_entries(cod))`
			`goto fail;`

			`/* XXX return error from this */`
			`merge_hat_rules(cod);`

			`return 1;`
			`fail:`
			`return 0;`
			`}`