2006-04-11 21:52:54 +00:00
|
|
|
/*
|
2007-04-11 08:12:51 +00:00
|
|
|
* Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
|
|
|
|
|
* NOVELL (All rights reserved)
|
2006-04-11 21:52:54 +00:00
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of version 2 of the GNU General Public
|
|
|
|
|
* License published by the Free Software Foundation.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, contact Novell, Inc.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <stdio.h>
|
2011-05-02 13:34:58 -07:00
|
|
|
#include <stdlib.h>
|
2006-04-11 21:52:54 +00:00
|
|
|
#include <stdarg.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <libintl.h>
|
2010-07-31 16:00:52 -07:00
|
|
|
#include <linux/limits.h>
|
Move public mediation class types and perms to apparmor.h
Now that the parser links against libapparmor, it makes sense to move
all public permission types and flags to libapparmor's apparmor.h. This
prevents duplication across header files for the parser and libapparmor.
Additionally, this patch breaks the connection between
AA_DBUS_{SEND,RECEIVE,BIND} and AA_MAY_{WRITE,READ,BIND} by using raw
values when defining the AA_DBUS_{SEND,RECEIVE,BIND} macros. This makes
sense because the two sets of permission flags are from two distinctly
different mediation types (AA_CLASS_DBUS and AA_CLASS_FILE). While it is
nice that they share some of the same values, the macros don't need to
be linked together. In other words, when you're creating a D-Bus rule,
it would be incorrect to use permission flags from the AA_CLASS_FILE
type.
The change mentioned above allows the AA_MAY_{WRITE,READ,BIND} macros
to be removed from public-facing apparmor.h header.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-12-06 11:20:06 -08:00
|
|
|
#include <apparmor.h>
|
2006-04-11 21:52:54 +00:00
|
|
|
#define _(s) gettext(s)
|
|
|
|
|
|
|
|
|
|
/* #define DEBUG */
|
|
|
|
|
|
|
|
|
|
#include "parser.h"
|
2013-09-27 16:16:37 -07:00
|
|
|
#include "profile.h"
|
2007-02-27 02:29:16 +00:00
|
|
|
#include "libapparmor_re/apparmor_re.h"
|
2011-03-13 05:49:15 -07:00
|
|
|
#include "libapparmor_re/aare_rules.h"
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
#include "mount.h"
|
2013-07-31 09:05:51 -07:00
|
|
|
#include "dbus.h"
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
#include "policydb.h"
|
2006-04-11 21:52:54 +00:00
|
|
|
|
|
|
|
|
enum error_type {
|
|
|
|
|
e_no_error,
|
|
|
|
|
e_parse_error,
|
|
|
|
|
e_buffer_overflow
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* Filters out multiple slashes (except if the first two are slashes,
|
|
|
|
|
* that's a distinct namespace in linux) and trailing slashes.
|
|
|
|
|
* NOTE: modifies in place the contents of the path argument */
|
|
|
|
|
|
|
|
|
|
static void filter_slashes(char *path)
|
|
|
|
|
{
|
|
|
|
|
char *sptr, *dptr;
|
|
|
|
|
BOOL seen_slash = 0;
|
|
|
|
|
|
|
|
|
|
if (!path || (strlen(path) < 2))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
sptr = dptr = path;
|
|
|
|
|
|
|
|
|
|
/* special case for linux // namespace */
|
|
|
|
|
if (sptr[0] == '/' && sptr[1] == '/' && sptr[2] != '/') {
|
|
|
|
|
sptr += 2;
|
|
|
|
|
dptr += 2;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
while (*sptr) {
|
|
|
|
|
if (*sptr == '/') {
|
|
|
|
|
if (seen_slash) {
|
|
|
|
|
++sptr;
|
|
|
|
|
} else {
|
|
|
|
|
*dptr++ = *sptr++;
|
|
|
|
|
seen_slash = TRUE;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
seen_slash = 0;
|
|
|
|
|
if (dptr < sptr) {
|
|
|
|
|
*dptr++ = *sptr++;
|
|
|
|
|
} else {
|
|
|
|
|
dptr++;
|
|
|
|
|
sptr++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
*dptr = 0;
|
|
|
|
|
}
|
|
|
|
|
|
2007-02-27 02:29:16 +00:00
|
|
|
static pattern_t convert_aaregex_to_pcre(const char *aare, int anchor,
|
2009-07-30 06:09:19 +00:00
|
|
|
char *pcre, size_t pcre_size,
|
|
|
|
|
int *first_re_pos)
|
2006-04-11 21:52:54 +00:00
|
|
|
{
|
|
|
|
|
#define STORE(_src, _dest, _len) \
|
2007-02-27 02:29:16 +00:00
|
|
|
if ((const char*)_dest + _len > (pcre + pcre_size)){ \
|
2006-04-11 21:52:54 +00:00
|
|
|
error = e_buffer_overflow; \
|
|
|
|
|
} else { \
|
|
|
|
|
memcpy(_dest, _src, _len); \
|
|
|
|
|
_dest += _len; \
|
|
|
|
|
}
|
2009-07-30 06:09:19 +00:00
|
|
|
#define update_re_pos(X) if (!(*first_re_pos)) { *first_re_pos = (X); }
|
2013-11-05 14:33:51 -08:00
|
|
|
#define MAX_ALT_DEPTH 50
|
2009-07-30 06:09:19 +00:00
|
|
|
*first_re_pos = 0;
|
2006-04-11 21:52:54 +00:00
|
|
|
|
|
|
|
|
int ret = TRUE;
|
|
|
|
|
/* flag to indicate input error */
|
|
|
|
|
enum error_type error;
|
|
|
|
|
|
|
|
|
|
const char *sptr;
|
|
|
|
|
char *dptr;
|
|
|
|
|
pattern_t ptype;
|
|
|
|
|
|
|
|
|
|
BOOL bEscape = 0; /* flag to indicate escape */
|
|
|
|
|
int ingrouping = 0; /* flag to indicate {} context */
|
|
|
|
|
int incharclass = 0; /* flag to indicate [ ] context */
|
2013-11-05 14:33:51 -08:00
|
|
|
int grouping_count[MAX_ALT_DEPTH];
|
2006-04-11 21:52:54 +00:00
|
|
|
|
|
|
|
|
error = e_no_error;
|
|
|
|
|
ptype = ePatternBasic; /* assume no regex */
|
|
|
|
|
|
2007-02-27 02:29:16 +00:00
|
|
|
sptr = aare;
|
|
|
|
|
dptr = pcre;
|
2006-04-11 21:52:54 +00:00
|
|
|
|
2010-07-23 13:29:35 +02:00
|
|
|
if (dfaflags & DFA_DUMP_RULE_EXPR)
|
|
|
|
|
fprintf(stderr, "aare: %s -> ", aare);
|
|
|
|
|
|
2007-02-27 02:29:16 +00:00
|
|
|
if (anchor)
|
|
|
|
|
/* anchor beginning of regular expression */
|
|
|
|
|
*dptr++ = '^';
|
2006-04-11 21:52:54 +00:00
|
|
|
|
|
|
|
|
while (error == e_no_error && *sptr) {
|
|
|
|
|
switch (*sptr) {
|
|
|
|
|
|
|
|
|
|
case '\\':
|
|
|
|
|
/* concurrent escapes are allowed now and
|
|
|
|
|
* output as two consecutive escapes so that
|
|
|
|
|
* pcre won't interpret them
|
|
|
|
|
* \\\{...\\\} will be emitted as \\\{...\\\}
|
|
|
|
|
* for pcre matching. For string matching
|
|
|
|
|
* and globbing only one escape is output
|
|
|
|
|
* this is done by stripping later
|
|
|
|
|
*/
|
|
|
|
|
if (bEscape) {
|
|
|
|
|
STORE("\\\\", dptr, 2);
|
|
|
|
|
} else {
|
|
|
|
|
bEscape = TRUE;
|
|
|
|
|
++sptr;
|
|
|
|
|
continue; /*skip turning bEscape off */
|
|
|
|
|
} /* bEscape */
|
2007-02-01 20:18:50 +00:00
|
|
|
break;
|
2006-04-11 21:52:54 +00:00
|
|
|
case '*':
|
|
|
|
|
if (bEscape) {
|
|
|
|
|
/* '*' is a PCRE special character */
|
|
|
|
|
/* We store an escaped *, in case we
|
|
|
|
|
* end up using this regex buffer (i.e another
|
|
|
|
|
* non-escaped regex follows)
|
|
|
|
|
*/
|
|
|
|
|
STORE("\\*", dptr, 2);
|
|
|
|
|
} else {
|
2007-03-14 22:00:39 +00:00
|
|
|
if ((dptr > pcre) && *(dptr - 1) == '/') {
|
|
|
|
|
#if 0
|
2009-07-24 07:34:30 +00:00
|
|
|
// handle comment containing use
|
|
|
|
|
// of C comment characters
|
|
|
|
|
// /* /*/ and /** to describe paths
|
|
|
|
|
//
|
|
|
|
|
// modify what is emitted for * and **
|
|
|
|
|
// when used as the only path
|
|
|
|
|
// component
|
|
|
|
|
// ex.
|
|
|
|
|
// /* /*/ /**/ /**
|
|
|
|
|
// this prevents these expressions
|
|
|
|
|
// from matching directories or
|
|
|
|
|
// invalid paths
|
|
|
|
|
// in these case * and ** must
|
|
|
|
|
// match at least 1 character to
|
|
|
|
|
// get a valid path element.
|
|
|
|
|
// ex.
|
|
|
|
|
// /foo/* -> should not match /foo/
|
|
|
|
|
// /foo/*bar -> should match /foo/bar
|
|
|
|
|
// /*/foo -> should not match //foo
|
2007-03-14 22:00:39 +00:00
|
|
|
#endif
|
2007-03-14 22:35:55 +00:00
|
|
|
const char *s = sptr;
|
2007-03-14 22:00:39 +00:00
|
|
|
while (*s == '*')
|
|
|
|
|
s++;
|
2007-03-14 22:35:55 +00:00
|
|
|
if (*s == '/' || !*s) {
|
2008-12-04 10:44:02 +00:00
|
|
|
STORE("[^/\\x00]", dptr, 8);
|
2007-03-14 22:35:55 +00:00
|
|
|
}
|
2007-03-14 22:00:39 +00:00
|
|
|
}
|
2006-04-11 21:52:54 +00:00
|
|
|
if (*(sptr + 1) == '*') {
|
|
|
|
|
/* is this the first regex form we
|
|
|
|
|
* have seen and also the end of
|
|
|
|
|
* pattern? If so, we can use
|
|
|
|
|
* optimised tail globbing rather
|
|
|
|
|
* than full regex.
|
|
|
|
|
*/
|
2009-07-30 06:09:19 +00:00
|
|
|
update_re_pos(sptr - aare);
|
2006-04-11 21:52:54 +00:00
|
|
|
if (*(sptr + 2) == '\0' &&
|
|
|
|
|
ptype == ePatternBasic) {
|
|
|
|
|
ptype = ePatternTailGlob;
|
|
|
|
|
} else {
|
|
|
|
|
ptype = ePatternRegex;
|
|
|
|
|
}
|
|
|
|
|
|
2008-12-04 10:44:02 +00:00
|
|
|
STORE("[^\\x00]*", dptr, 8);
|
2006-04-11 21:52:54 +00:00
|
|
|
sptr++;
|
|
|
|
|
} else {
|
2009-07-30 06:09:19 +00:00
|
|
|
update_re_pos(sptr - aare);
|
2006-04-11 21:52:54 +00:00
|
|
|
ptype = ePatternRegex;
|
2008-12-04 10:44:02 +00:00
|
|
|
STORE("[^/\\x00]*", dptr, 9);
|
2006-04-11 21:52:54 +00:00
|
|
|
} /* *(sptr+1) == '*' */
|
|
|
|
|
} /* bEscape */
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case '?':
|
|
|
|
|
if (bEscape) {
|
|
|
|
|
/* ? is not a PCRE regex character
|
|
|
|
|
* so no need to escape, just skip
|
|
|
|
|
* transform
|
|
|
|
|
*/
|
|
|
|
|
STORE(sptr, dptr, 1);
|
|
|
|
|
} else {
|
2009-07-30 06:09:19 +00:00
|
|
|
update_re_pos(sptr - aare);
|
2006-04-11 21:52:54 +00:00
|
|
|
ptype = ePatternRegex;
|
2008-12-04 10:44:02 +00:00
|
|
|
STORE("[^/\\x00]", dptr, 8);
|
2006-04-11 21:52:54 +00:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case '[':
|
|
|
|
|
if (bEscape) {
|
|
|
|
|
/* [ is a PCRE special character */
|
|
|
|
|
STORE("\\[", dptr, 2);
|
|
|
|
|
} else {
|
2009-07-30 06:09:19 +00:00
|
|
|
update_re_pos(sptr - aare);
|
2006-04-11 21:52:54 +00:00
|
|
|
incharclass = 1;
|
|
|
|
|
ptype = ePatternRegex;
|
|
|
|
|
STORE(sptr, dptr, 1);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case ']':
|
|
|
|
|
if (bEscape) {
|
|
|
|
|
/* ] is a PCRE special character */
|
|
|
|
|
STORE("\\]", dptr, 2);
|
|
|
|
|
} else {
|
2013-11-05 14:37:53 -08:00
|
|
|
if (incharclass == 0) {
|
|
|
|
|
error = e_parse_error;
|
|
|
|
|
PERROR(_("%s: Regex grouping error: Invalid close ], no matching open [ detected\n"), progname);
|
|
|
|
|
}
|
2006-04-11 21:52:54 +00:00
|
|
|
incharclass = 0;
|
|
|
|
|
STORE(sptr, dptr, 1);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case '{':
|
|
|
|
|
if (bEscape) {
|
|
|
|
|
/* { is a PCRE special character */
|
|
|
|
|
STORE("\\{", dptr, 2);
|
|
|
|
|
} else {
|
2013-12-10 12:22:32 -08:00
|
|
|
if (incharclass) {
|
|
|
|
|
/* don't expand inside [] */
|
|
|
|
|
STORE("{", dptr, 1);
|
2008-11-07 01:31:19 +00:00
|
|
|
} else {
|
2013-12-10 12:22:32 -08:00
|
|
|
update_re_pos(sptr - aare);
|
|
|
|
|
ingrouping++;
|
|
|
|
|
if (ingrouping >= MAX_ALT_DEPTH) {
|
|
|
|
|
error = e_parse_error;
|
|
|
|
|
PERROR(_("%s: Regex grouping error: Exceeded maximum nesting of {}\n"), progname);
|
|
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
grouping_count[ingrouping] = 0;
|
|
|
|
|
ptype = ePatternRegex;
|
|
|
|
|
STORE("(", dptr, 1);
|
|
|
|
|
}
|
|
|
|
|
} /* incharclass */
|
2006-04-11 21:52:54 +00:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case '}':
|
|
|
|
|
if (bEscape) {
|
|
|
|
|
/* { is a PCRE special character */
|
|
|
|
|
STORE("\\}", dptr, 2);
|
|
|
|
|
} else {
|
2013-12-10 12:22:32 -08:00
|
|
|
if (incharclass) {
|
|
|
|
|
/* don't expand inside [] */
|
|
|
|
|
STORE("}", dptr, 1);
|
|
|
|
|
} else {
|
|
|
|
|
if (grouping_count[ingrouping] == 0) {
|
|
|
|
|
error = e_parse_error;
|
|
|
|
|
PERROR(_("%s: Regex grouping error: Invalid number of items between {}\n"), progname);
|
2006-04-11 21:52:54 +00:00
|
|
|
|
2013-12-10 12:22:32 -08:00
|
|
|
}
|
|
|
|
|
ingrouping--;
|
|
|
|
|
if (ingrouping < 0) {
|
|
|
|
|
error = e_parse_error;
|
|
|
|
|
PERROR(_("%s: Regex grouping error: Invalid close }, no matching open { detected\n"), progname);
|
|
|
|
|
ingrouping = 0;
|
|
|
|
|
}
|
|
|
|
|
STORE(")", dptr, 1);
|
|
|
|
|
} /* incharclass */
|
2006-04-11 21:52:54 +00:00
|
|
|
} /* bEscape */
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case ',':
|
|
|
|
|
if (bEscape) {
|
2013-12-10 12:22:32 -08:00
|
|
|
if (incharclass) {
|
|
|
|
|
/* escape inside char class is a
|
|
|
|
|
* valid matching char for '\'
|
|
|
|
|
*/
|
|
|
|
|
STORE("\\,", dptr, 2);
|
|
|
|
|
} else {
|
|
|
|
|
/* ',' is not a PCRE regex character
|
|
|
|
|
* so no need to escape, just skip
|
|
|
|
|
* transform
|
|
|
|
|
*/
|
|
|
|
|
STORE(sptr, dptr, 1);
|
|
|
|
|
}
|
2006-04-11 21:52:54 +00:00
|
|
|
} else {
|
2013-12-10 12:22:32 -08:00
|
|
|
if (ingrouping && !incharclass) {
|
2013-11-05 14:33:51 -08:00
|
|
|
grouping_count[ingrouping]++;
|
2006-04-11 21:52:54 +00:00
|
|
|
STORE("|", dptr, 1);
|
|
|
|
|
} else {
|
|
|
|
|
STORE(sptr, dptr, 1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
/* these are special outside of character
|
|
|
|
|
* classes but not in them */
|
|
|
|
|
case '^':
|
|
|
|
|
case '$':
|
|
|
|
|
if (incharclass) {
|
|
|
|
|
STORE(sptr, dptr, 1);
|
|
|
|
|
} else {
|
|
|
|
|
STORE("\\", dptr, 1);
|
|
|
|
|
STORE(sptr, dptr, 1);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Not a subdomain regex, but needs to be
|
|
|
|
|
* escaped as it is a pcre metacharacter which
|
|
|
|
|
* we don't want to support. We always escape
|
|
|
|
|
* these, so no need to check bEscape
|
|
|
|
|
*/
|
|
|
|
|
case '.':
|
|
|
|
|
case '+':
|
|
|
|
|
case '|':
|
|
|
|
|
case '(':
|
|
|
|
|
case ')':
|
|
|
|
|
STORE("\\", dptr, 1);
|
|
|
|
|
// fall through to default
|
|
|
|
|
|
|
|
|
|
default:
|
2013-12-06 06:01:12 -08:00
|
|
|
if (bEscape) {
|
|
|
|
|
/* quoting mark used for something that
|
|
|
|
|
* does not need to be quoted; give a warning */
|
|
|
|
|
pwarn("Character %c was quoted unnecessarily, "
|
|
|
|
|
"dropped preceding quote ('\\') character\n", *sptr);
|
|
|
|
|
}
|
2006-04-11 21:52:54 +00:00
|
|
|
STORE(sptr, dptr, 1);
|
|
|
|
|
break;
|
|
|
|
|
} /* switch (*sptr) */
|
|
|
|
|
|
|
|
|
|
bEscape = FALSE;
|
|
|
|
|
++sptr;
|
|
|
|
|
} /* while error == e_no_error && *sptr) */
|
|
|
|
|
|
|
|
|
|
if (ingrouping > 0 || incharclass) {
|
|
|
|
|
error = e_parse_error;
|
|
|
|
|
|
|
|
|
|
PERROR(_("%s: Regex grouping error: Unclosed grouping or character class, expecting close }\n"),
|
|
|
|
|
progname);
|
|
|
|
|
}
|
|
|
|
|
|
2013-12-06 06:01:12 -08:00
|
|
|
if ((error == e_no_error) && bEscape) {
|
|
|
|
|
/* trailing backslash quote */
|
|
|
|
|
error = e_parse_error;
|
|
|
|
|
PERROR(_("%s: Regex error: trailing '\\' escape character\n"),
|
|
|
|
|
progname);
|
|
|
|
|
}
|
2006-04-11 21:52:54 +00:00
|
|
|
/* anchor end and terminate pattern string */
|
2007-02-27 02:29:16 +00:00
|
|
|
if ((error == e_no_error) && anchor) {
|
|
|
|
|
STORE("$" , dptr, 1);
|
|
|
|
|
}
|
2006-04-11 21:52:54 +00:00
|
|
|
if (error == e_no_error) {
|
2007-02-27 02:29:16 +00:00
|
|
|
STORE("", dptr, 1);
|
2006-04-11 21:52:54 +00:00
|
|
|
}
|
|
|
|
|
/* check error again, as above STORE may have set it */
|
|
|
|
|
if (error != e_no_error) {
|
|
|
|
|
if (error == e_buffer_overflow) {
|
|
|
|
|
PERROR(_("%s: Internal buffer overflow detected, %d characters exceeded\n"),
|
|
|
|
|
progname, PATH_MAX);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
PERROR(_("%s: Unable to parse input line '%s'\n"),
|
2007-02-27 02:29:16 +00:00
|
|
|
progname, aare);
|
2006-04-11 21:52:54 +00:00
|
|
|
|
|
|
|
|
ret = FALSE;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
2007-02-27 02:29:16 +00:00
|
|
|
out:
|
|
|
|
|
if (ret == FALSE)
|
|
|
|
|
ptype = ePatternInvalid;
|
2010-07-23 13:29:35 +02:00
|
|
|
|
|
|
|
|
if (dfaflags & DFA_DUMP_RULE_EXPR)
|
|
|
|
|
fprintf(stderr, "%s\n", pcre);
|
|
|
|
|
|
2007-02-27 02:29:16 +00:00
|
|
|
return ptype;
|
|
|
|
|
}
|
|
|
|
|
|
2009-07-30 06:09:19 +00:00
|
|
|
static const char *local_name(const char *name)
|
|
|
|
|
{
|
|
|
|
|
const char *t;
|
|
|
|
|
|
|
|
|
|
for (t = strstr(name, "//") ; t ; t = strstr(name, "//"))
|
|
|
|
|
name = t + 2;
|
|
|
|
|
|
|
|
|
|
return name;
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-27 16:16:37 -07:00
|
|
|
static int process_profile_name_xmatch(Profile *prof)
|
2009-07-30 06:09:19 +00:00
|
|
|
{
|
|
|
|
|
char tbuf[PATH_MAX + 3]; /* +3 for ^, $ and \0 */
|
|
|
|
|
pattern_t ptype;
|
|
|
|
|
const char *name;
|
|
|
|
|
|
|
|
|
|
/* don't filter_slashes for profile names */
|
2013-09-27 16:16:37 -07:00
|
|
|
if (prof->attachment)
|
|
|
|
|
name = prof->attachment;
|
2010-12-20 11:49:42 -08:00
|
|
|
else
|
2013-09-27 16:16:37 -07:00
|
|
|
name = local_name(prof->name);
|
2009-07-30 06:09:19 +00:00
|
|
|
ptype = convert_aaregex_to_pcre(name, 0, tbuf, PATH_MAX + 3,
|
2013-09-27 16:16:37 -07:00
|
|
|
&prof->xmatch_len);
|
2011-03-08 10:12:09 -08:00
|
|
|
if (ptype == ePatternBasic)
|
2013-09-27 16:16:37 -07:00
|
|
|
prof->xmatch_len = strlen(name);
|
2009-07-30 06:09:19 +00:00
|
|
|
|
|
|
|
|
if (ptype == ePatternInvalid) {
|
|
|
|
|
PERROR(_("%s: Invalid profile name '%s' - bad regular expression\n"), progname, name);
|
|
|
|
|
return FALSE;
|
2013-09-27 16:16:37 -07:00
|
|
|
} else if (ptype == ePatternBasic && !(prof->altnames || prof->attachment)) {
|
2009-07-30 06:09:19 +00:00
|
|
|
/* no regex so do not set xmatch */
|
2013-09-27 16:16:37 -07:00
|
|
|
prof->xmatch = NULL;
|
|
|
|
|
prof->xmatch_len = 0;
|
|
|
|
|
prof->xmatch_size = 0;
|
2009-07-30 06:09:19 +00:00
|
|
|
} else {
|
|
|
|
|
/* build a dfa */
|
|
|
|
|
aare_ruleset_t *rule = aare_new_ruleset(0);
|
|
|
|
|
if (!rule)
|
|
|
|
|
return FALSE;
|
2010-07-23 13:29:35 +02:00
|
|
|
if (!aare_add_rule(rule, tbuf, 0, AA_MAY_EXEC, 0, dfaflags)) {
|
2009-07-30 06:09:19 +00:00
|
|
|
aare_delete_ruleset(rule);
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
2013-09-27 16:16:37 -07:00
|
|
|
if (prof->altnames) {
|
2010-02-12 13:49:58 -08:00
|
|
|
struct alt_name *alt;
|
2013-09-27 16:16:37 -07:00
|
|
|
list_for_each(prof->altnames, alt) {
|
2010-02-12 13:49:58 -08:00
|
|
|
int len;
|
2011-03-08 10:12:09 -08:00
|
|
|
ptype = convert_aaregex_to_pcre(alt->name, 0,
|
|
|
|
|
tbuf,
|
|
|
|
|
PATH_MAX + 3,
|
|
|
|
|
&len);
|
|
|
|
|
if (ptype == ePatternBasic)
|
|
|
|
|
len = strlen(alt->name);
|
2013-09-27 16:16:37 -07:00
|
|
|
if (len < prof->xmatch_len)
|
|
|
|
|
prof->xmatch_len = len;
|
2010-07-23 13:29:35 +02:00
|
|
|
if (!aare_add_rule(rule, tbuf, 0, AA_MAY_EXEC, 0, dfaflags)) {
|
2010-02-12 13:49:58 -08:00
|
|
|
aare_delete_ruleset(rule);
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-09-27 16:16:37 -07:00
|
|
|
prof->xmatch = aare_create_dfa(rule, &prof->xmatch_size,
|
2010-01-07 16:21:02 -08:00
|
|
|
dfaflags);
|
2009-07-30 06:09:19 +00:00
|
|
|
aare_delete_ruleset(rule);
|
2013-09-27 16:16:37 -07:00
|
|
|
if (!prof->xmatch)
|
2009-07-30 06:09:19 +00:00
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
2007-02-27 02:29:16 +00:00
|
|
|
static int process_dfa_entry(aare_ruleset_t *dfarules, struct cod_entry *entry)
|
|
|
|
|
{
|
|
|
|
|
char tbuf[PATH_MAX + 3]; /* +3 for ^, $ and \0 */
|
|
|
|
|
pattern_t ptype;
|
2009-07-30 06:09:19 +00:00
|
|
|
int pos;
|
2007-02-27 02:29:16 +00:00
|
|
|
|
|
|
|
|
if (!entry) /* shouldn't happen */
|
|
|
|
|
return TRUE;
|
|
|
|
|
|
2009-07-23 21:18:37 +00:00
|
|
|
|
2009-07-30 06:09:19 +00:00
|
|
|
if (entry->mode & ~AA_CHANGE_PROFILE)
|
|
|
|
|
filter_slashes(entry->name);
|
|
|
|
|
ptype = convert_aaregex_to_pcre(entry->name, 0, tbuf, PATH_MAX+3, &pos);
|
2007-02-27 02:29:16 +00:00
|
|
|
if (ptype == ePatternInvalid)
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
|
|
entry->pattern_type = ptype;
|
|
|
|
|
|
|
|
|
|
/* ix implies m but the apparmor module does not add m bit to
|
|
|
|
|
* dfa states like it does for pcre
|
|
|
|
|
*/
|
2008-04-16 04:44:21 +00:00
|
|
|
if ((entry->mode >> AA_OTHER_SHIFT) & AA_EXEC_INHERIT)
|
2007-11-16 09:35:57 +00:00
|
|
|
entry->mode |= AA_EXEC_MMAP << AA_OTHER_SHIFT;
|
2008-04-16 04:44:21 +00:00
|
|
|
if ((entry->mode >> AA_USER_SHIFT) & AA_EXEC_INHERIT)
|
2007-11-16 09:35:57 +00:00
|
|
|
entry->mode |= AA_EXEC_MMAP << AA_USER_SHIFT;
|
|
|
|
|
|
2008-04-09 23:56:31 +00:00
|
|
|
/* relying on ptrace and change_profile not getting merged earlier */
|
|
|
|
|
|
Add Audit control to AppArmor through, the use of audit and deny
key words. Deny is also used to subtract permissions from the
profiles permission set.
the audit key word can be prepended to any file, network, or capability
rule, to force a selective audit when that rule is matched. Audit
permissions accumulate just like standard permissions.
eg.
audit /bin/foo rw,
will force an audit message when the file /bin/foo is opened for
read or write.
audit /etc/shadow w,
/etc/shadow r,
will force an audit message when /etc/shadow is opened for writing.
The audit message is per permission bit so only opening the file
for read access will not, force an audit message.
audit can also be used in block form instead of prepending audit
to every rule.
audit {
/bin/foo rw,
/etc/shadow w,
}
/etc/shadow r, # don't audit r access to /etc/shadow
the deny key word can be prepended to file, network and capability
rules, to result in a denial of permissions when matching that rule.
The deny rule specifically does 3 things
- it gives AppArmor the ability to remember what has been denied
so that the tools don't prompt for what has been denied in
previous profiling sessions.
- it subtracts globally from the allowed permissions. Deny permissions
accumulate in the the deny set just as allow permissions accumulate
then, the deny set is subtracted from the allow set.
- it quiets known rejects. The default audit behavior of deny rules
is to quiet known rejects so that audit logs are not flooded
with already known rejects. To have known rejects logged prepend
the audit keyword to the deny rule. Deny rules do not have a
block form.
eg.
deny /foo/bar rw,
audit deny /etc/shadow w,
audit {
deny owner /blah w,
deny other /foo w,
deny /etc/shadow w,
}
2008-03-13 17:39:03 +00:00
|
|
|
/* the link bit on the first pair entry should not get masked
|
|
|
|
|
* out by a deny rule, as both pieces of the link pair must
|
|
|
|
|
* match. audit info for the link is carried on the second
|
|
|
|
|
* entry of the pair
|
|
|
|
|
*/
|
|
|
|
|
if (entry->deny && (entry->mode & AA_LINK_BITS)) {
|
|
|
|
|
if (!aare_add_rule(dfarules, tbuf, entry->deny,
|
|
|
|
|
entry->mode & ~AA_LINK_BITS,
|
2010-07-23 13:29:35 +02:00
|
|
|
entry->audit & ~AA_LINK_BITS, dfaflags))
|
Add Audit control to AppArmor through, the use of audit and deny
key words. Deny is also used to subtract permissions from the
profiles permission set.
the audit key word can be prepended to any file, network, or capability
rule, to force a selective audit when that rule is matched. Audit
permissions accumulate just like standard permissions.
eg.
audit /bin/foo rw,
will force an audit message when the file /bin/foo is opened for
read or write.
audit /etc/shadow w,
/etc/shadow r,
will force an audit message when /etc/shadow is opened for writing.
The audit message is per permission bit so only opening the file
for read access will not, force an audit message.
audit can also be used in block form instead of prepending audit
to every rule.
audit {
/bin/foo rw,
/etc/shadow w,
}
/etc/shadow r, # don't audit r access to /etc/shadow
the deny key word can be prepended to file, network and capability
rules, to result in a denial of permissions when matching that rule.
The deny rule specifically does 3 things
- it gives AppArmor the ability to remember what has been denied
so that the tools don't prompt for what has been denied in
previous profiling sessions.
- it subtracts globally from the allowed permissions. Deny permissions
accumulate in the the deny set just as allow permissions accumulate
then, the deny set is subtracted from the allow set.
- it quiets known rejects. The default audit behavior of deny rules
is to quiet known rejects so that audit logs are not flooded
with already known rejects. To have known rejects logged prepend
the audit keyword to the deny rule. Deny rules do not have a
block form.
eg.
deny /foo/bar rw,
audit deny /etc/shadow w,
audit {
deny owner /blah w,
deny other /foo w,
deny /etc/shadow w,
}
2008-03-13 17:39:03 +00:00
|
|
|
return FALSE;
|
2009-07-23 21:18:37 +00:00
|
|
|
} else if (entry->mode & ~AA_CHANGE_PROFILE) {
|
Add Audit control to AppArmor through, the use of audit and deny
key words. Deny is also used to subtract permissions from the
profiles permission set.
the audit key word can be prepended to any file, network, or capability
rule, to force a selective audit when that rule is matched. Audit
permissions accumulate just like standard permissions.
eg.
audit /bin/foo rw,
will force an audit message when the file /bin/foo is opened for
read or write.
audit /etc/shadow w,
/etc/shadow r,
will force an audit message when /etc/shadow is opened for writing.
The audit message is per permission bit so only opening the file
for read access will not, force an audit message.
audit can also be used in block form instead of prepending audit
to every rule.
audit {
/bin/foo rw,
/etc/shadow w,
}
/etc/shadow r, # don't audit r access to /etc/shadow
the deny key word can be prepended to file, network and capability
rules, to result in a denial of permissions when matching that rule.
The deny rule specifically does 3 things
- it gives AppArmor the ability to remember what has been denied
so that the tools don't prompt for what has been denied in
previous profiling sessions.
- it subtracts globally from the allowed permissions. Deny permissions
accumulate in the the deny set just as allow permissions accumulate
then, the deny set is subtracted from the allow set.
- it quiets known rejects. The default audit behavior of deny rules
is to quiet known rejects so that audit logs are not flooded
with already known rejects. To have known rejects logged prepend
the audit keyword to the deny rule. Deny rules do not have a
block form.
eg.
deny /foo/bar rw,
audit deny /etc/shadow w,
audit {
deny owner /blah w,
deny other /foo w,
deny /etc/shadow w,
}
2008-03-13 17:39:03 +00:00
|
|
|
if (!aare_add_rule(dfarules, tbuf, entry->deny, entry->mode,
|
2010-07-23 13:29:35 +02:00
|
|
|
entry->audit, dfaflags))
|
Add Audit control to AppArmor through, the use of audit and deny
key words. Deny is also used to subtract permissions from the
profiles permission set.
the audit key word can be prepended to any file, network, or capability
rule, to force a selective audit when that rule is matched. Audit
permissions accumulate just like standard permissions.
eg.
audit /bin/foo rw,
will force an audit message when the file /bin/foo is opened for
read or write.
audit /etc/shadow w,
/etc/shadow r,
will force an audit message when /etc/shadow is opened for writing.
The audit message is per permission bit so only opening the file
for read access will not, force an audit message.
audit can also be used in block form instead of prepending audit
to every rule.
audit {
/bin/foo rw,
/etc/shadow w,
}
/etc/shadow r, # don't audit r access to /etc/shadow
the deny key word can be prepended to file, network and capability
rules, to result in a denial of permissions when matching that rule.
The deny rule specifically does 3 things
- it gives AppArmor the ability to remember what has been denied
so that the tools don't prompt for what has been denied in
previous profiling sessions.
- it subtracts globally from the allowed permissions. Deny permissions
accumulate in the the deny set just as allow permissions accumulate
then, the deny set is subtracted from the allow set.
- it quiets known rejects. The default audit behavior of deny rules
is to quiet known rejects so that audit logs are not flooded
with already known rejects. To have known rejects logged prepend
the audit keyword to the deny rule. Deny rules do not have a
block form.
eg.
deny /foo/bar rw,
audit deny /etc/shadow w,
audit {
deny owner /blah w,
deny other /foo w,
deny /etc/shadow w,
}
2008-03-13 17:39:03 +00:00
|
|
|
return FALSE;
|
|
|
|
|
}
|
2008-04-09 23:56:31 +00:00
|
|
|
|
2007-11-16 09:36:42 +00:00
|
|
|
if (entry->mode & (AA_LINK_BITS)) {
|
|
|
|
|
/* add the pair rule */
|
|
|
|
|
char lbuf[PATH_MAX + 8];
|
|
|
|
|
int perms = AA_LINK_BITS & entry->mode;
|
2013-10-01 10:59:04 -07:00
|
|
|
const char *vec[2];
|
2009-07-30 06:09:19 +00:00
|
|
|
int pos;
|
2008-03-13 16:46:19 +00:00
|
|
|
vec[0] = tbuf;
|
2007-11-16 09:37:31 +00:00
|
|
|
if (entry->link_name) {
|
2009-07-30 06:09:19 +00:00
|
|
|
ptype = convert_aaregex_to_pcre(entry->link_name, 0, lbuf, PATH_MAX + 8, &pos);
|
2008-03-13 16:46:19 +00:00
|
|
|
if (ptype == ePatternInvalid)
|
|
|
|
|
return FALSE;
|
2008-03-13 16:49:10 +00:00
|
|
|
if (entry->subset)
|
|
|
|
|
perms |= LINK_TO_LINK_SUBSET(perms);
|
2008-03-13 16:46:19 +00:00
|
|
|
vec[1] = lbuf;
|
2007-11-16 09:37:31 +00:00
|
|
|
} else {
|
|
|
|
|
perms |= LINK_TO_LINK_SUBSET(perms);
|
2008-03-13 16:46:19 +00:00
|
|
|
vec[1] = "/[^/].*";
|
2007-11-16 09:37:31 +00:00
|
|
|
}
|
2010-07-23 13:29:35 +02:00
|
|
|
if (!aare_add_rule_vec(dfarules, entry->deny, perms, entry->audit & AA_LINK_BITS, 2, vec, dfaflags))
|
2007-11-16 09:36:42 +00:00
|
|
|
return FALSE;
|
|
|
|
|
}
|
2007-11-16 09:18:48 +00:00
|
|
|
if (entry->mode & AA_CHANGE_PROFILE) {
|
2013-10-01 10:59:04 -07:00
|
|
|
const char *vec[3];
|
2012-03-26 06:11:16 -07:00
|
|
|
char lbuf[PATH_MAX + 8];
|
|
|
|
|
int index = 1;
|
|
|
|
|
|
|
|
|
|
/* allow change_profile for all execs */
|
|
|
|
|
vec[0] = "/[^\\x00]*";
|
|
|
|
|
|
2013-09-27 16:13:22 -07:00
|
|
|
if (entry->ns) {
|
2009-07-30 06:09:19 +00:00
|
|
|
int pos;
|
2013-09-27 16:13:22 -07:00
|
|
|
ptype = convert_aaregex_to_pcre(entry->ns, 0, lbuf, PATH_MAX + 8, &pos);
|
2012-03-26 06:11:16 -07:00
|
|
|
vec[index++] = lbuf;
|
2008-03-13 16:46:19 +00:00
|
|
|
}
|
2012-03-26 06:11:16 -07:00
|
|
|
vec[index++] = tbuf;
|
|
|
|
|
|
|
|
|
|
/* regular change_profile rule */
|
2012-04-11 16:02:13 -07:00
|
|
|
if (!aare_add_rule_vec(dfarules, 0, AA_CHANGE_PROFILE | AA_ONEXEC, 0, index - 1, &vec[1], dfaflags))
|
2012-03-26 06:11:16 -07:00
|
|
|
return FALSE;
|
|
|
|
|
/* onexec rules - both rules are needed for onexec */
|
|
|
|
|
if (!aare_add_rule_vec(dfarules, 0, AA_ONEXEC, 0, 1, vec, dfaflags))
|
|
|
|
|
return FALSE;
|
|
|
|
|
if (!aare_add_rule_vec(dfarules, 0, AA_ONEXEC, 0, index, vec, dfaflags))
|
|
|
|
|
return FALSE;
|
2007-11-16 09:18:48 +00:00
|
|
|
}
|
2008-04-09 09:04:08 +00:00
|
|
|
if (entry->mode & (AA_USER_PTRACE | AA_OTHER_PTRACE)) {
|
|
|
|
|
int mode = entry->mode & (AA_USER_PTRACE | AA_OTHER_PTRACE);
|
2013-09-27 16:13:22 -07:00
|
|
|
if (entry->ns) {
|
2013-10-01 10:59:04 -07:00
|
|
|
const char *vec[2];
|
2013-09-27 16:13:22 -07:00
|
|
|
vec[0] = entry->ns;
|
2008-04-09 09:04:08 +00:00
|
|
|
vec[1] = entry->name;
|
2010-07-23 13:29:35 +02:00
|
|
|
if (!aare_add_rule_vec(dfarules, 0, mode, 0, 2, vec, dfaflags))
|
2008-04-09 09:04:08 +00:00
|
|
|
return FALSE;
|
|
|
|
|
} else {
|
2010-07-23 13:29:35 +02:00
|
|
|
if (!aare_add_rule(dfarules, entry->name, 0, mode, 0, dfaflags))
|
2008-04-09 09:04:08 +00:00
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
}
|
2007-11-16 09:36:42 +00:00
|
|
|
return TRUE;
|
2007-02-27 02:29:16 +00:00
|
|
|
}
|
|
|
|
|
|
2013-09-27 16:16:37 -07:00
|
|
|
int post_process_entries(Profile *prof)
|
2006-04-11 21:52:54 +00:00
|
|
|
{
|
2010-07-31 16:00:52 -07:00
|
|
|
int ret = TRUE;
|
2006-04-11 21:52:54 +00:00
|
|
|
struct cod_entry *entry;
|
2007-02-27 02:29:16 +00:00
|
|
|
int count = 0;
|
2006-04-11 21:52:54 +00:00
|
|
|
|
2013-09-27 16:16:37 -07:00
|
|
|
list_for_each(prof->entries, entry) {
|
|
|
|
|
if (!process_dfa_entry(prof->dfa.rules, entry))
|
2006-04-11 21:52:54 +00:00
|
|
|
ret = FALSE;
|
2007-02-27 02:29:16 +00:00
|
|
|
count++;
|
2006-04-11 21:52:54 +00:00
|
|
|
}
|
|
|
|
|
|
2013-09-27 16:16:37 -07:00
|
|
|
prof->dfa.count = count;
|
2006-04-11 21:52:54 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-27 16:16:37 -07:00
|
|
|
int process_profile_regex(Profile *prof)
|
2006-04-11 21:52:54 +00:00
|
|
|
{
|
2007-02-27 02:29:16 +00:00
|
|
|
int error = -1;
|
2008-11-07 01:31:19 +00:00
|
|
|
|
2013-09-27 16:16:37 -07:00
|
|
|
if (!process_profile_name_xmatch(prof))
|
2013-09-27 16:11:00 -07:00
|
|
|
goto out;
|
|
|
|
|
|
2013-09-27 16:16:37 -07:00
|
|
|
prof->dfa.rules = aare_new_ruleset(0);
|
|
|
|
|
if (!prof->dfa.rules)
|
2013-09-27 16:11:00 -07:00
|
|
|
goto out;
|
2009-07-30 06:09:19 +00:00
|
|
|
|
2013-09-27 16:16:37 -07:00
|
|
|
if (!post_process_entries(prof))
|
2007-02-27 02:29:16 +00:00
|
|
|
goto out;
|
2006-04-11 21:52:54 +00:00
|
|
|
|
2013-09-27 16:16:37 -07:00
|
|
|
if (prof->dfa.count > 0) {
|
|
|
|
|
prof->dfa.dfa = aare_create_dfa(prof->dfa.rules, &prof->dfa.size,
|
|
|
|
|
dfaflags);
|
|
|
|
|
aare_delete_ruleset(prof->dfa.rules);
|
|
|
|
|
prof->dfa.rules = NULL;
|
|
|
|
|
if (!prof->dfa.dfa)
|
2007-02-27 02:29:16 +00:00
|
|
|
goto out;
|
|
|
|
|
/*
|
2013-09-27 16:16:37 -07:00
|
|
|
if (prof->dfa_size == 0) {
|
2007-02-27 02:29:16 +00:00
|
|
|
PERROR(_("profile %s: has merged rules (%s) with "
|
|
|
|
|
"multiple x modifiers\n"),
|
2013-09-27 16:16:37 -07:00
|
|
|
prof->name, (char *) prof->dfa);
|
|
|
|
|
free(prof->dfa);
|
|
|
|
|
prof->dfa = NULL;
|
2007-02-27 02:29:16 +00:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
*/
|
|
|
|
|
}
|
2007-02-01 20:18:50 +00:00
|
|
|
|
2007-02-27 02:29:16 +00:00
|
|
|
error = 0;
|
|
|
|
|
|
|
|
|
|
out:
|
2006-04-11 21:52:54 +00:00
|
|
|
return error;
|
|
|
|
|
}
|
|
|
|
|
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
static int build_list_val_expr(char *buffer, int size, struct value_list *list)
|
|
|
|
|
{
|
|
|
|
|
struct value_list *ent;
|
|
|
|
|
char tmp[PATH_MAX + 3];
|
|
|
|
|
char *p;
|
|
|
|
|
int len;
|
|
|
|
|
pattern_t ptype;
|
|
|
|
|
int pos;
|
|
|
|
|
|
|
|
|
|
if (!list) {
|
|
|
|
|
strncpy(buffer, "[^\\000]*", size);
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
p = buffer;
|
|
|
|
|
strncpy(p, "(", size - (p - buffer));
|
|
|
|
|
p++;
|
|
|
|
|
if (p > buffer + size)
|
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
|
|
ptype = convert_aaregex_to_pcre(list->value, 0, tmp, PATH_MAX+3, &pos);
|
|
|
|
|
if (ptype == ePatternInvalid)
|
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
|
|
len = strlen(tmp);
|
|
|
|
|
if (len > size - (p - buffer))
|
|
|
|
|
goto fail;
|
|
|
|
|
strcpy(p, tmp);
|
|
|
|
|
p += len;
|
|
|
|
|
|
|
|
|
|
list_for_each(list->next, ent) {
|
|
|
|
|
ptype = convert_aaregex_to_pcre(ent->value, 0, tmp,
|
|
|
|
|
PATH_MAX+3, &pos);
|
|
|
|
|
if (ptype == ePatternInvalid)
|
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
|
|
strncpy(p, "|", size - (p - buffer));
|
|
|
|
|
p++;
|
|
|
|
|
len = strlen(tmp);
|
|
|
|
|
if (len > size - (p - buffer))
|
|
|
|
|
goto fail;
|
|
|
|
|
strcpy(p, tmp);
|
|
|
|
|
p += len;
|
|
|
|
|
}
|
|
|
|
|
strncpy(p, ")", size - (p - buffer));
|
|
|
|
|
p++;
|
|
|
|
|
if (p > buffer + size)
|
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
|
fail:
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int convert_entry(char *buffer, int size, char *entry)
|
|
|
|
|
{
|
|
|
|
|
pattern_t ptype;
|
|
|
|
|
int pos;
|
|
|
|
|
|
|
|
|
|
if (entry) {
|
|
|
|
|
ptype = convert_aaregex_to_pcre(entry, 0, buffer, size, &pos);
|
|
|
|
|
if (ptype == ePatternInvalid)
|
|
|
|
|
return FALSE;
|
|
|
|
|
} else {
|
|
|
|
|
/* match any char except \000 0 or more times */
|
|
|
|
|
if (size < 8)
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
|
|
strcpy(buffer, "[^\\000]*");
|
|
|
|
|
}
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int build_mnt_flags(char *buffer, int size, unsigned int flags,
|
|
|
|
|
unsigned int inv_flags)
|
|
|
|
|
{
|
|
|
|
|
char *p = buffer;
|
|
|
|
|
int i, len = 0;
|
|
|
|
|
|
2012-03-15 09:03:48 -07:00
|
|
|
if (flags == MS_ALL_FLAGS) {
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
/* all flags are optional */
|
|
|
|
|
len = snprintf(p, size, "[^\\000]*");
|
|
|
|
|
if (len < 0 || len >= size)
|
|
|
|
|
return FALSE;
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
for (i = 0; i <= 31; ++i) {
|
|
|
|
|
if ((flags & inv_flags) & (1 << i))
|
|
|
|
|
len = snprintf(p, size, "(\\x%02x|)", i + 1);
|
|
|
|
|
else if (flags & (1 << i))
|
|
|
|
|
len = snprintf(p, size, "\\x%02x", i + 1);
|
2012-03-15 09:03:48 -07:00
|
|
|
else /* no entry = not set */
|
|
|
|
|
continue;
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
|
|
|
|
|
if (len < 0 || len >= size)
|
|
|
|
|
return FALSE;
|
|
|
|
|
p += len;
|
|
|
|
|
size -= len;
|
|
|
|
|
}
|
2012-03-15 12:10:35 -07:00
|
|
|
|
|
|
|
|
/* this needs to go once the backend is updated. */
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
if (buffer == p) {
|
|
|
|
|
/* match nothing - use impossible 254 as regex parser doesn't
|
|
|
|
|
* like the empty string
|
|
|
|
|
*/
|
|
|
|
|
if (size < 9)
|
|
|
|
|
return FALSE;
|
|
|
|
|
|
2012-03-15 12:10:35 -07:00
|
|
|
strcpy(p, "(\\xfe|)");
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int build_mnt_opts(char *buffer, int size, struct value_list *opts)
|
|
|
|
|
{
|
|
|
|
|
struct value_list *ent;
|
|
|
|
|
char tmp[PATH_MAX + 3];
|
|
|
|
|
char *p;
|
|
|
|
|
int len;
|
|
|
|
|
pattern_t ptype;
|
|
|
|
|
int pos;
|
|
|
|
|
|
|
|
|
|
if (!opts) {
|
|
|
|
|
if (size < 8)
|
|
|
|
|
return FALSE;
|
|
|
|
|
strncpy(buffer, "[^\\000]*", size);
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
p = buffer;
|
|
|
|
|
list_for_each(opts, ent) {
|
|
|
|
|
ptype = convert_aaregex_to_pcre(ent->value, 0, tmp,
|
|
|
|
|
PATH_MAX+3, &pos);
|
|
|
|
|
if (ptype == ePatternInvalid)
|
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
|
|
len = strlen(tmp);
|
|
|
|
|
if (len > size - (p - buffer))
|
|
|
|
|
goto fail;
|
|
|
|
|
strcpy(p, tmp);
|
|
|
|
|
p += len;
|
|
|
|
|
if (ent->next && size - (p - buffer) > 1) {
|
|
|
|
|
*p++ = ',';
|
|
|
|
|
*p = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
|
|
|
|
|
|
fail:
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int process_mnt_entry(aare_ruleset_t *dfarules, struct mnt_entry *entry)
|
|
|
|
|
{
|
|
|
|
|
char mntbuf[PATH_MAX + 3];
|
|
|
|
|
char devbuf[PATH_MAX + 3];
|
|
|
|
|
char typebuf[PATH_MAX + 3];
|
|
|
|
|
char flagsbuf[PATH_MAX + 3];
|
|
|
|
|
char optsbuf[PATH_MAX + 3];
|
2013-10-01 10:59:04 -07:00
|
|
|
char *p;
|
|
|
|
|
const char *vec[5];
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
int count = 0;
|
2012-03-15 09:03:48 -07:00
|
|
|
unsigned int flags, inv_flags;
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
|
|
|
|
|
/* a single mount rule may result in multiple matching rules being
|
|
|
|
|
* created in the backend to cover all the possible choices
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
if ((entry->allow & AA_MAY_MOUNT) && (entry->flags & MS_REMOUNT)
|
|
|
|
|
&& !entry->device && !entry->dev_type) {
|
2012-03-15 12:54:34 -07:00
|
|
|
int allow;
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
/* remount can't be conditional on device and type */
|
|
|
|
|
p = mntbuf;
|
|
|
|
|
/* rule class single byte header */
|
|
|
|
|
p += sprintf(p, "\\x%02x", AA_CLASS_MOUNT);
|
|
|
|
|
if (entry->mnt_point) {
|
|
|
|
|
/* both device && mnt_point or just mnt_point */
|
|
|
|
|
if (!convert_entry(p, PATH_MAX +3, entry->mnt_point))
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[0] = mntbuf;
|
|
|
|
|
} else {
|
|
|
|
|
if (!convert_entry(p, PATH_MAX +3, entry->device))
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[0] = mntbuf;
|
|
|
|
|
}
|
|
|
|
|
/* skip device */
|
|
|
|
|
if (!convert_entry(devbuf, PATH_MAX +3, NULL))
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[1] = devbuf;
|
|
|
|
|
/* skip type */
|
|
|
|
|
vec[2] = devbuf;
|
2012-03-15 09:03:48 -07:00
|
|
|
|
|
|
|
|
flags = entry->flags;
|
|
|
|
|
inv_flags = entry->inv_flags;
|
|
|
|
|
if (flags != MS_ALL_FLAGS)
|
|
|
|
|
flags &= MS_REMOUNT_FLAGS;
|
|
|
|
|
if (inv_flags != MS_ALL_FLAGS)
|
|
|
|
|
flags &= MS_REMOUNT_FLAGS;
|
|
|
|
|
if (!build_mnt_flags(flagsbuf, PATH_MAX, flags, inv_flags))
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
goto fail;
|
|
|
|
|
vec[3] = flagsbuf;
|
|
|
|
|
if (!build_mnt_opts(optsbuf, PATH_MAX, entry->opts))
|
|
|
|
|
goto fail;
|
2012-03-15 12:54:34 -07:00
|
|
|
|
|
|
|
|
if (entry->opts)
|
|
|
|
|
allow = AA_MATCH_CONT;
|
|
|
|
|
else
|
|
|
|
|
allow = entry->allow;
|
|
|
|
|
|
|
|
|
|
/* rule for match without required data || data MATCH_CONT */
|
|
|
|
|
if (!aare_add_rule_vec(dfarules, entry->deny, allow,
|
|
|
|
|
entry->audit | AA_AUDIT_MNT_DATA, 4,
|
|
|
|
|
vec, dfaflags))
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
goto fail;
|
|
|
|
|
count++;
|
2012-03-15 12:54:34 -07:00
|
|
|
|
|
|
|
|
if (entry->opts) {
|
|
|
|
|
/* rule with data match required */
|
|
|
|
|
if (!build_mnt_opts(optsbuf, PATH_MAX, entry->opts))
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[4] = optsbuf;
|
|
|
|
|
if (!aare_add_rule_vec(dfarules, entry->deny,
|
|
|
|
|
entry->allow,
|
|
|
|
|
entry->audit | AA_AUDIT_MNT_DATA,
|
|
|
|
|
5, vec, dfaflags))
|
|
|
|
|
goto fail;
|
|
|
|
|
count++;
|
|
|
|
|
}
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
}
|
|
|
|
|
if ((entry->allow & AA_MAY_MOUNT) && (entry->flags & MS_BIND)
|
|
|
|
|
&& !entry->dev_type && !entry->opts) {
|
|
|
|
|
/* bind mount rules can't be conditional on dev_type or data */
|
|
|
|
|
p = mntbuf;
|
|
|
|
|
/* rule class single byte header */
|
|
|
|
|
p += sprintf(p, "\\x%02x", AA_CLASS_MOUNT);
|
|
|
|
|
if (!convert_entry(p, PATH_MAX +3, entry->mnt_point))
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[0] = mntbuf;
|
|
|
|
|
if (!convert_entry(devbuf, PATH_MAX +3, entry->device))
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[1] = devbuf;
|
|
|
|
|
if (!convert_entry(typebuf, PATH_MAX +3, NULL))
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[2] = typebuf;
|
2012-03-15 09:03:48 -07:00
|
|
|
|
|
|
|
|
flags = entry->flags;
|
|
|
|
|
inv_flags = entry->inv_flags;
|
|
|
|
|
if (flags != MS_ALL_FLAGS)
|
|
|
|
|
flags &= MS_BIND_FLAGS;
|
|
|
|
|
if (inv_flags != MS_ALL_FLAGS)
|
|
|
|
|
flags &= MS_BIND_FLAGS;
|
|
|
|
|
if (!build_mnt_flags(flagsbuf, PATH_MAX, flags, inv_flags))
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
goto fail;
|
|
|
|
|
vec[3] = flagsbuf;
|
|
|
|
|
if (!aare_add_rule_vec(dfarules, entry->deny, entry->allow,
|
|
|
|
|
entry->audit, 4, vec, dfaflags))
|
|
|
|
|
goto fail;
|
|
|
|
|
count++;
|
|
|
|
|
}
|
|
|
|
|
if ((entry->allow & AA_MAY_MOUNT) &&
|
|
|
|
|
(entry->flags & (MS_UNBINDABLE | MS_PRIVATE | MS_SLAVE | MS_SHARED))
|
|
|
|
|
&& !entry->device && !entry->dev_type && !entry->opts) {
|
|
|
|
|
/* change type base rules can not be conditional on device,
|
|
|
|
|
* device type or data
|
|
|
|
|
*/
|
|
|
|
|
p = mntbuf;
|
|
|
|
|
/* rule class single byte header */
|
|
|
|
|
p += sprintf(p, "\\x%02x", AA_CLASS_MOUNT);
|
|
|
|
|
if (!convert_entry(p, PATH_MAX +3, entry->mnt_point))
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[0] = mntbuf;
|
|
|
|
|
/* skip device and type */
|
|
|
|
|
if (!convert_entry(devbuf, PATH_MAX +3, NULL))
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[1] = devbuf;
|
|
|
|
|
vec[2] = devbuf;
|
2012-03-15 09:03:48 -07:00
|
|
|
|
|
|
|
|
flags = entry->flags;
|
|
|
|
|
inv_flags = entry->inv_flags;
|
|
|
|
|
if (flags != MS_ALL_FLAGS)
|
|
|
|
|
flags &= MS_MAKE_FLAGS;
|
|
|
|
|
if (inv_flags != MS_ALL_FLAGS)
|
|
|
|
|
flags &= MS_MAKE_FLAGS;
|
|
|
|
|
if (!build_mnt_flags(flagsbuf, PATH_MAX, flags, inv_flags))
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
goto fail;
|
|
|
|
|
vec[3] = flagsbuf;
|
|
|
|
|
if (!aare_add_rule_vec(dfarules, entry->deny, entry->allow,
|
|
|
|
|
entry->audit, 4, vec, dfaflags))
|
|
|
|
|
goto fail;
|
|
|
|
|
count++;
|
|
|
|
|
}
|
|
|
|
|
if ((entry->allow & AA_MAY_MOUNT) && (entry->flags & MS_MOVE)
|
|
|
|
|
&& !entry->dev_type && !entry->opts) {
|
|
|
|
|
/* mount move rules can not be conditional on dev_type,
|
|
|
|
|
* or data
|
|
|
|
|
*/
|
|
|
|
|
p = mntbuf;
|
|
|
|
|
/* rule class single byte header */
|
|
|
|
|
p += sprintf(p, "\\x%02x", AA_CLASS_MOUNT);
|
|
|
|
|
if (!convert_entry(p, PATH_MAX +3, entry->mnt_point))
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[0] = mntbuf;
|
|
|
|
|
if (!convert_entry(devbuf, PATH_MAX +3, entry->device))
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[1] = devbuf;
|
|
|
|
|
/* skip type */
|
|
|
|
|
if (!convert_entry(typebuf, PATH_MAX +3, NULL))
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[2] = typebuf;
|
2012-03-15 09:03:48 -07:00
|
|
|
|
|
|
|
|
flags = entry->flags;
|
|
|
|
|
inv_flags = entry->inv_flags;
|
|
|
|
|
if (flags != MS_ALL_FLAGS)
|
|
|
|
|
flags &= MS_MOVE_FLAGS;
|
|
|
|
|
if (inv_flags != MS_ALL_FLAGS)
|
|
|
|
|
flags &= MS_MOVE_FLAGS;
|
|
|
|
|
if (!build_mnt_flags(flagsbuf, PATH_MAX, flags, inv_flags))
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
goto fail;
|
|
|
|
|
vec[3] = flagsbuf;
|
|
|
|
|
if (!aare_add_rule_vec(dfarules, entry->deny, entry->allow,
|
|
|
|
|
entry->audit, 4, vec, dfaflags))
|
|
|
|
|
goto fail;
|
|
|
|
|
count++;
|
|
|
|
|
}
|
|
|
|
|
if ((entry->allow & AA_MAY_MOUNT) &&
|
|
|
|
|
(entry->flags | entry->inv_flags) & ~MS_CMDS) {
|
2012-03-15 12:54:34 -07:00
|
|
|
int allow;
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
/* generic mount if flags are set that are not covered by
|
|
|
|
|
* above commands
|
|
|
|
|
*/
|
|
|
|
|
p = mntbuf;
|
|
|
|
|
/* rule class single byte header */
|
|
|
|
|
p += sprintf(p, "\\x%02x", AA_CLASS_MOUNT);
|
|
|
|
|
if (!convert_entry(p, PATH_MAX +3, entry->mnt_point))
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[0] = mntbuf;
|
|
|
|
|
if (!convert_entry(devbuf, PATH_MAX +3, entry->device))
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[1] = devbuf;
|
|
|
|
|
if (!build_list_val_expr(typebuf, PATH_MAX+2, entry->dev_type))
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[2] = typebuf;
|
2012-03-15 09:03:48 -07:00
|
|
|
|
|
|
|
|
flags = entry->flags;
|
|
|
|
|
inv_flags = entry->inv_flags;
|
|
|
|
|
if (flags != MS_ALL_FLAGS)
|
|
|
|
|
flags &= ~MS_CMDS;
|
|
|
|
|
if (inv_flags != MS_ALL_FLAGS)
|
|
|
|
|
flags &= ~MS_CMDS;
|
|
|
|
|
if (!build_mnt_flags(flagsbuf, PATH_MAX, flags, inv_flags))
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
goto fail;
|
|
|
|
|
vec[3] = flagsbuf;
|
2012-03-15 12:54:34 -07:00
|
|
|
|
|
|
|
|
if (entry->opts)
|
|
|
|
|
allow = AA_MATCH_CONT;
|
|
|
|
|
else
|
|
|
|
|
allow = entry->allow;
|
|
|
|
|
|
|
|
|
|
/* rule for match without required data || data MATCH_CONT */
|
|
|
|
|
if (!aare_add_rule_vec(dfarules, entry->deny, allow,
|
|
|
|
|
entry->audit | AA_AUDIT_MNT_DATA, 4,
|
|
|
|
|
vec, dfaflags))
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
goto fail;
|
|
|
|
|
count++;
|
2012-03-15 12:54:34 -07:00
|
|
|
|
|
|
|
|
if (entry->opts) {
|
|
|
|
|
/* rule with data match required */
|
|
|
|
|
if (!build_mnt_opts(optsbuf, PATH_MAX, entry->opts))
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[4] = optsbuf;
|
|
|
|
|
if (!aare_add_rule_vec(dfarules, entry->deny,
|
|
|
|
|
entry->allow,
|
|
|
|
|
entry->audit | AA_AUDIT_MNT_DATA,
|
|
|
|
|
5, vec, dfaflags))
|
|
|
|
|
goto fail;
|
|
|
|
|
count++;
|
|
|
|
|
}
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
}
|
|
|
|
|
if (entry->allow & AA_MAY_UMOUNT) {
|
|
|
|
|
p = mntbuf;
|
|
|
|
|
/* rule class single byte header */
|
|
|
|
|
p += sprintf(p, "\\x%02x", AA_CLASS_MOUNT);
|
|
|
|
|
if (!convert_entry(p, PATH_MAX +3, entry->mnt_point))
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[0] = mntbuf;
|
|
|
|
|
if (!aare_add_rule_vec(dfarules, entry->deny, entry->allow,
|
|
|
|
|
entry->audit, 1, vec, dfaflags))
|
|
|
|
|
goto fail;
|
|
|
|
|
count++;
|
|
|
|
|
}
|
|
|
|
|
if (entry->allow & AA_MAY_PIVOTROOT) {
|
|
|
|
|
p = mntbuf;
|
|
|
|
|
/* rule class single byte header */
|
|
|
|
|
p += sprintf(p, "\\x%02x", AA_CLASS_MOUNT);
|
|
|
|
|
if (!convert_entry(p, PATH_MAX +3, entry->mnt_point))
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[0] = mntbuf;
|
|
|
|
|
if (!convert_entry(devbuf, PATH_MAX +3, entry->device))
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[1] = devbuf;
|
|
|
|
|
if (!aare_add_rule_vec(dfarules, entry->deny, entry->allow,
|
|
|
|
|
entry->audit, 2, vec, dfaflags))
|
|
|
|
|
goto fail;
|
|
|
|
|
count++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!count)
|
|
|
|
|
/* didn't actually encode anything */
|
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
|
|
|
|
|
|
fail:
|
|
|
|
|
PERROR("Enocoding of mount rule failed\n");
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2013-07-31 09:05:51 -07:00
|
|
|
static int process_dbus_entry(aare_ruleset_t *dfarules, struct dbus_entry *entry)
|
|
|
|
|
{
|
|
|
|
|
char busbuf[PATH_MAX + 3];
|
|
|
|
|
char namebuf[PATH_MAX + 3];
|
|
|
|
|
char peer_labelbuf[PATH_MAX + 3];
|
|
|
|
|
char pathbuf[PATH_MAX + 3];
|
|
|
|
|
char ifacebuf[PATH_MAX + 3];
|
|
|
|
|
char memberbuf[PATH_MAX + 3];
|
2013-10-01 10:59:04 -07:00
|
|
|
char *p;
|
|
|
|
|
const char *vec[6];
|
2013-07-31 09:05:51 -07:00
|
|
|
|
|
|
|
|
pattern_t ptype;
|
|
|
|
|
int pos;
|
|
|
|
|
|
|
|
|
|
if (!entry) /* shouldn't happen */
|
|
|
|
|
return TRUE;
|
|
|
|
|
|
|
|
|
|
p = busbuf;
|
|
|
|
|
p += sprintf(p, "\\x%02x", AA_CLASS_DBUS);
|
|
|
|
|
|
|
|
|
|
if (entry->bus) {
|
|
|
|
|
ptype = convert_aaregex_to_pcre(entry->bus, 0, p,
|
|
|
|
|
PATH_MAX+3 - (p - busbuf), &pos);
|
|
|
|
|
if (ptype == ePatternInvalid)
|
|
|
|
|
goto fail;
|
|
|
|
|
} else {
|
|
|
|
|
/* match any char except \000 0 or more times */
|
|
|
|
|
strcpy(p, "[^\\000]*");
|
|
|
|
|
}
|
|
|
|
|
vec[0] = busbuf;
|
|
|
|
|
|
|
|
|
|
if (entry->name) {
|
|
|
|
|
ptype = convert_aaregex_to_pcre(entry->name, 0, namebuf,
|
|
|
|
|
PATH_MAX+3, &pos);
|
|
|
|
|
if (ptype == ePatternInvalid)
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[1] = namebuf;
|
|
|
|
|
} else {
|
|
|
|
|
/* match any char except \000 0 or more times */
|
|
|
|
|
vec[1] = "[^\\000]*";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (entry->peer_label) {
|
|
|
|
|
ptype = convert_aaregex_to_pcre(entry->peer_label, 0,
|
|
|
|
|
peer_labelbuf, PATH_MAX+3,
|
|
|
|
|
&pos);
|
|
|
|
|
if (ptype == ePatternInvalid)
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[2] = peer_labelbuf;
|
|
|
|
|
} else {
|
|
|
|
|
/* match any char except \000 0 or more times */
|
|
|
|
|
vec[2] = "[^\\000]*";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (entry->path) {
|
|
|
|
|
ptype = convert_aaregex_to_pcre(entry->path, 0, pathbuf,
|
|
|
|
|
PATH_MAX+3, &pos);
|
|
|
|
|
if (ptype == ePatternInvalid)
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[3] = pathbuf;
|
|
|
|
|
} else {
|
|
|
|
|
/* match any char except \000 0 or more times */
|
|
|
|
|
vec[3] = "[^\\000]*";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (entry->interface) {
|
|
|
|
|
ptype = convert_aaregex_to_pcre(entry->interface, 0, ifacebuf,
|
|
|
|
|
PATH_MAX+3, &pos);
|
|
|
|
|
if (ptype == ePatternInvalid)
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[4] = ifacebuf;
|
|
|
|
|
} else {
|
|
|
|
|
/* match any char except \000 0 or more times */
|
|
|
|
|
vec[4] = "[^\\000]*";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (entry->member) {
|
|
|
|
|
ptype = convert_aaregex_to_pcre(entry->member, 0, memberbuf,
|
|
|
|
|
PATH_MAX+3, &pos);
|
|
|
|
|
if (ptype == ePatternInvalid)
|
|
|
|
|
goto fail;
|
|
|
|
|
vec[5] = memberbuf;
|
|
|
|
|
} else {
|
|
|
|
|
/* match any char except \000 0 or more times */
|
|
|
|
|
vec[5] = "[^\\000]*";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (entry->mode & AA_DBUS_BIND) {
|
2013-09-27 17:27:23 -07:00
|
|
|
if (!aare_add_rule_vec(dfarules, entry->deny,
|
|
|
|
|
entry->mode & AA_DBUS_BIND,
|
|
|
|
|
entry->audit & AA_DBUS_BIND,
|
|
|
|
|
2, vec, dfaflags))
|
2013-07-31 09:05:51 -07:00
|
|
|
goto fail;
|
|
|
|
|
}
|
2013-09-27 17:27:23 -07:00
|
|
|
if (entry->mode & (AA_DBUS_SEND | AA_DBUS_RECEIVE)) {
|
|
|
|
|
if (!aare_add_rule_vec(dfarules, entry->deny,
|
|
|
|
|
entry->mode & (AA_DBUS_SEND | AA_DBUS_RECEIVE),
|
|
|
|
|
entry->audit & (AA_DBUS_SEND | AA_DBUS_RECEIVE),
|
|
|
|
|
6, vec, dfaflags))
|
2013-07-31 09:05:51 -07:00
|
|
|
goto fail;
|
|
|
|
|
}
|
parser: Add dbus eavesdrop permission support to apparmor_parser
Allows for the policy writer to grant permission to eavesdrop on the
specified bus. Some example rules for granting the eavesdrop permission
are:
# Grant send, receive, bind, and eavesdrop
dbus,
# Grant send, receive, bind, and eavesdrop on the session bus
dbus bus=session,
# Grant send and eavesdrop on the system bus
dbus (send eavesdrop) bus=system,
# Grant eavesdrop on any bus
dbus eavesdrop,
Eavesdropping rules can contain the bus conditional. Any other
conditionals are not compatible with eavesdropping rules and the parser
will return an error.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-12-06 11:17:43 -08:00
|
|
|
if (entry->mode & AA_DBUS_EAVESDROP) {
|
|
|
|
|
if (!aare_add_rule_vec(dfarules, entry->deny,
|
|
|
|
|
entry->mode & AA_DBUS_EAVESDROP,
|
|
|
|
|
entry->audit & AA_DBUS_EAVESDROP,
|
|
|
|
|
1, vec, dfaflags))
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
2013-07-31 09:05:51 -07:00
|
|
|
return TRUE;
|
|
|
|
|
|
|
|
|
|
fail:
|
|
|
|
|
return FALSE;
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-27 16:16:37 -07:00
|
|
|
static int post_process_mnt_ents(Profile *prof)
|
2012-02-16 08:14:46 -08:00
|
|
|
{
|
|
|
|
|
int ret = TRUE;
|
|
|
|
|
int count = 0;
|
|
|
|
|
|
|
|
|
|
/* Add fns for rules that should be added to policydb here */
|
2013-09-27 16:16:37 -07:00
|
|
|
if (prof->mnt_ents && kernel_supports_mount) {
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
struct mnt_entry *entry;
|
2013-09-27 16:16:37 -07:00
|
|
|
list_for_each(prof->mnt_ents, entry) {
|
|
|
|
|
if (!process_mnt_entry(prof->policy.rules, entry))
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
ret = FALSE;
|
|
|
|
|
count++;
|
|
|
|
|
}
|
2013-09-27 16:16:37 -07:00
|
|
|
} else if (prof->mnt_ents && !kernel_supports_mount)
|
|
|
|
|
pwarn("profile %s mount rules not enforced\n", prof->name);
|
|
|
|
|
|
|
|
|
|
prof->policy.count += count;
|
2012-02-16 08:14:46 -08:00
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-27 16:16:37 -07:00
|
|
|
static int post_process_dbus_ents(Profile *prof)
|
2013-07-31 09:05:51 -07:00
|
|
|
{
|
|
|
|
|
int ret = TRUE;
|
|
|
|
|
int count = 0;
|
|
|
|
|
|
2013-10-29 17:03:23 -07:00
|
|
|
if (prof->dbus_ents && kernel_supports_dbus) {
|
|
|
|
|
struct dbus_entry *entry;
|
|
|
|
|
|
|
|
|
|
list_for_each(prof->dbus_ents, entry) {
|
|
|
|
|
if (!process_dbus_entry(prof->policy.rules, entry))
|
|
|
|
|
ret = FALSE;
|
|
|
|
|
count++;
|
|
|
|
|
}
|
|
|
|
|
} else if (prof->dbus_ents && !kernel_supports_dbus)
|
|
|
|
|
pwarn("profile %s dbus rules not enforced\n", prof->name);
|
2013-07-31 09:05:51 -07:00
|
|
|
|
2013-09-27 16:16:37 -07:00
|
|
|
prof->policy.count += count;
|
2013-07-31 09:05:51 -07:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-27 16:16:37 -07:00
|
|
|
int post_process_policydb_ents(Profile *prof)
|
2013-07-31 09:05:51 -07:00
|
|
|
{
|
2013-09-27 16:16:37 -07:00
|
|
|
if (!post_process_mnt_ents(prof))
|
2013-07-31 09:05:51 -07:00
|
|
|
return FALSE;
|
2013-09-27 16:16:37 -07:00
|
|
|
if (!post_process_dbus_ents(prof))
|
2013-07-31 09:05:51 -07:00
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-27 16:16:37 -07:00
|
|
|
int process_profile_policydb(Profile *prof)
|
2012-02-16 08:14:46 -08:00
|
|
|
{
|
|
|
|
|
int error = -1;
|
|
|
|
|
|
2013-09-27 16:16:37 -07:00
|
|
|
prof->policy.rules = aare_new_ruleset(0);
|
|
|
|
|
if (!prof->policy.rules)
|
2013-09-27 16:11:00 -07:00
|
|
|
goto out;
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
|
2013-09-27 16:16:37 -07:00
|
|
|
if (!post_process_policydb_ents(prof))
|
2012-02-16 08:14:46 -08:00
|
|
|
goto out;
|
|
|
|
|
|
2013-09-27 16:16:37 -07:00
|
|
|
if (prof->policy.count > 0) {
|
|
|
|
|
prof->policy.dfa = aare_create_dfa(prof->policy.rules,
|
|
|
|
|
&prof->policy.size,
|
2012-02-16 08:14:46 -08:00
|
|
|
dfaflags);
|
2013-09-27 16:16:37 -07:00
|
|
|
aare_delete_ruleset(prof->policy.rules);
|
|
|
|
|
prof->policy.rules = NULL;
|
|
|
|
|
if (!prof->policy.dfa)
|
2012-02-16 08:14:46 -08:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
Add mount rules
Add the ability to control mounting and unmounting
The basic form of the rules are.
[audit] [deny] mount [conds]* [device] [ -> [conds] path],
[audit] [deny] remount [conds]* [path],
[audit] [deny] umount [conds]* [path],
[audit] [deny] pivotroot [oldroot=<value>] <path> -> <profile>
remount is just a short cut for mount options=remount
where [conds] can be
fstype=<expr>
options=<expr>
conds follow the extended conditional syntax of allowing either:
* a single value after the equals, which has the same character range as
regular IDS (ie most anything but it can't be terminated with a , (comma)
and if spaces or other characters are needed it can be quoted
eg.
options=foo
options = foo
options="foo bar"
* a list of values after the equals, the list of values is enclosed within
parenthesis () and its has a slightly reduced character set but again
elements can be quoted.
the separation between elements is whitespace and commas.
eg.
options=(foo bar)
options=(foo, bar)
options=(foo , bar)
options=(foo,bar)
The rules are flexible and follow a similar pattern as network, capability,
etc.
mount, # allow all mounts, but not umount or pivotroot
mount fstype=procfs, # allow mounting procfs anywhere
mount options=(bind, ro) /foo -> /bar, # readonly bind mount
mount /dev/sda -> /mnt,
mount /dev/sd** -> /mnt/**,
mount fstype=overlayfs options=(rw,upperdir=/tmp/upper/,lowerdir=/) overlay -> /mnt/
umount,
umount /m*,
Currently variables and regexs are are supported on the device and mount
point. ie.
mount <devince> -> <mount point>,
Regexes are supported in fstype and options. The options have a further
caveat that regexs only work if the option is fs specific option.
eg. options=(upperdir=/tmp/*,lowerdir=/)
regex's will not currently work against the standard options like ro, rw
nosuid
Conditionals (fstype) can only be applied to the device (source) at this
time and will be disregarded in situations where the mount is manipulating
an existing mount (bind, remount).
Options can be specified multiple times
mount option=rw option=(nosuid,upperdir=/foo),
and will be combined together into a single set of values
The ordering of the standard mount options (rw,ro, ...) does not matter
but the ordering of fs specific options does.
Specifying that the value of a particular option does not matter can be
acheived by providing both the positive and negative forms of and option
option=(rw,ro) options=(suid,nosuid)
For the fs specific options specifying that a particular value does not
matter is achieve using a regex with alternations.
Improvements to the syntax and order restrictions are planned for the
future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:19:38 -08:00
|
|
|
aare_reset_matchflags();
|
2012-02-16 08:14:46 -08:00
|
|
|
|
|
|
|
|
error = 0;
|
|
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
return error;
|
|
|
|
|
}
|
|
|
|
|
|
2009-07-24 07:34:11 +00:00
|
|
|
void reset_regex(void)
|
|
|
|
|
{
|
|
|
|
|
aare_reset_matchflags();
|
|
|
|
|
}
|
|
|
|
|
|
2006-04-11 21:52:54 +00:00
|
|
|
#ifdef UNIT_TEST
|
2013-09-27 16:16:37 -07:00
|
|
|
|
|
|
|
|
#include "unit_test.h"
|
|
|
|
|
|
2006-04-11 21:52:54 +00:00
|
|
|
static int test_filter_slashes(void)
|
|
|
|
|
{
|
|
|
|
|
int rc = 0;
|
|
|
|
|
char *test_string;
|
|
|
|
|
|
|
|
|
|
test_string = strdup("///foo//////f//oo////////////////");
|
|
|
|
|
filter_slashes(test_string);
|
2010-07-31 16:00:52 -07:00
|
|
|
MY_TEST(strcmp(test_string, "/foo/f/oo/") == 0, "simple tests");
|
2006-04-11 21:52:54 +00:00
|
|
|
|
|
|
|
|
test_string = strdup("/foo/f/oo");
|
|
|
|
|
filter_slashes(test_string);
|
|
|
|
|
MY_TEST(strcmp(test_string, "/foo/f/oo") == 0, "simple test for no changes");
|
|
|
|
|
|
|
|
|
|
test_string = strdup("/");
|
|
|
|
|
filter_slashes(test_string);
|
|
|
|
|
MY_TEST(strcmp(test_string, "/") == 0, "simple test for '/'");
|
|
|
|
|
|
|
|
|
|
test_string = strdup("");
|
|
|
|
|
filter_slashes(test_string);
|
|
|
|
|
MY_TEST(strcmp(test_string, "") == 0, "simple test for ''");
|
|
|
|
|
|
|
|
|
|
test_string = strdup("//usr");
|
|
|
|
|
filter_slashes(test_string);
|
|
|
|
|
MY_TEST(strcmp(test_string, "//usr") == 0, "simple test for // namespace");
|
|
|
|
|
|
|
|
|
|
test_string = strdup("//");
|
|
|
|
|
filter_slashes(test_string);
|
|
|
|
|
MY_TEST(strcmp(test_string, "//") == 0, "simple test 2 for // namespace");
|
|
|
|
|
|
|
|
|
|
test_string = strdup("///usr");
|
|
|
|
|
filter_slashes(test_string);
|
|
|
|
|
MY_TEST(strcmp(test_string, "/usr") == 0, "simple test for ///usr");
|
|
|
|
|
|
|
|
|
|
test_string = strdup("///");
|
|
|
|
|
filter_slashes(test_string);
|
|
|
|
|
MY_TEST(strcmp(test_string, "/") == 0, "simple test for ///");
|
|
|
|
|
|
|
|
|
|
test_string = strdup("/a/");
|
|
|
|
|
filter_slashes(test_string);
|
2010-07-31 16:00:52 -07:00
|
|
|
MY_TEST(strcmp(test_string, "/a/") == 0, "simple test for /a/");
|
2006-04-11 21:52:54 +00:00
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
2013-12-03 11:30:46 -08:00
|
|
|
#define MY_REGEX_TEST(input, expected_str, expected_type) \
|
|
|
|
|
do { \
|
|
|
|
|
char tbuf[PATH_MAX + 3]; \
|
|
|
|
|
char *test_string; \
|
|
|
|
|
char* output_string = NULL; \
|
|
|
|
|
pattern_t ptype; \
|
|
|
|
|
int pos; \
|
|
|
|
|
\
|
|
|
|
|
test_string = strdup((input)); \
|
|
|
|
|
ptype = convert_aaregex_to_pcre(test_string, 0, tbuf, PATH_MAX + 3, &pos); \
|
|
|
|
|
asprintf(&output_string, "simple regex conversion for '%s'\texpected = '%s'\tresult = '%s'", \
|
|
|
|
|
(input), expected_str, tbuf); \
|
|
|
|
|
MY_TEST(strcmp(tbuf, (expected_str)) == 0, output_string); \
|
|
|
|
|
MY_TEST(ptype == (expected_type), "simple regex conversion type check for '" input "'"); \
|
|
|
|
|
free(test_string); free(output_string); \
|
|
|
|
|
} \
|
|
|
|
|
while (0)
|
|
|
|
|
|
|
|
|
|
#define MY_REGEX_FAIL_TEST(input) \
|
|
|
|
|
do { \
|
|
|
|
|
char tbuf[PATH_MAX + 3]; \
|
|
|
|
|
char *test_string; \
|
|
|
|
|
pattern_t ptype; \
|
|
|
|
|
int pos; \
|
|
|
|
|
\
|
|
|
|
|
test_string = strdup((input)); \
|
|
|
|
|
ptype = convert_aaregex_to_pcre(test_string, 0, tbuf, PATH_MAX + 3, &pos); \
|
|
|
|
|
MY_TEST(ptype == ePatternInvalid, "simple regex conversion invalid type check for '" input "'"); \
|
|
|
|
|
free(test_string); \
|
|
|
|
|
} \
|
|
|
|
|
while (0)
|
|
|
|
|
|
|
|
|
|
static int test_aaregex_to_pcre(void)
|
|
|
|
|
{
|
|
|
|
|
int rc = 0;
|
|
|
|
|
|
|
|
|
|
MY_REGEX_TEST("/most/basic/test", "/most/basic/test", ePatternBasic);
|
|
|
|
|
|
2013-12-06 06:01:12 -08:00
|
|
|
MY_REGEX_FAIL_TEST("\\");
|
2013-12-03 11:30:46 -08:00
|
|
|
MY_REGEX_TEST("\\\\", "\\\\", ePatternBasic);
|
2013-12-06 06:01:12 -08:00
|
|
|
MY_REGEX_TEST("\\blort", "blort", ePatternBasic);
|
2013-12-03 11:30:46 -08:00
|
|
|
MY_REGEX_TEST("\\\\blort", "\\\\blort", ePatternBasic);
|
2013-12-06 06:01:12 -08:00
|
|
|
MY_REGEX_FAIL_TEST("blort\\");
|
2013-12-03 11:30:46 -08:00
|
|
|
MY_REGEX_TEST("blort\\\\", "blort\\\\", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("*", "[^/\\x00]*", ePatternRegex);
|
|
|
|
|
MY_REGEX_TEST("blort*", "blort[^/\\x00]*", ePatternRegex);
|
|
|
|
|
MY_REGEX_TEST("*blort", "[^/\\x00]*blort", ePatternRegex);
|
|
|
|
|
MY_REGEX_TEST("\\*", "\\*", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("blort\\*", "blort\\*", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\*blort", "\\*blort", ePatternBasic);
|
|
|
|
|
|
|
|
|
|
/* simple quoting */
|
|
|
|
|
MY_REGEX_TEST("\\[", "\\[", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\]", "\\]", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\?", "?", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\{", "\\{", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\}", "\\}", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\,", ",", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("^", "\\^", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("$", "\\$", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST(".", "\\.", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("+", "\\+", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("|", "\\|", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("(", "\\(", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST(")", "\\)", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\^", "\\^", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\$", "\\$", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\.", "\\.", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\+", "\\+", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\|", "\\|", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\(", "\\(", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\)", "\\)", ePatternBasic);
|
|
|
|
|
|
|
|
|
|
/* simple character class tests */
|
|
|
|
|
MY_REGEX_TEST("[blort]", "[blort]", ePatternRegex);
|
|
|
|
|
MY_REGEX_FAIL_TEST("[blort");
|
|
|
|
|
MY_REGEX_FAIL_TEST("b[lort");
|
|
|
|
|
MY_REGEX_FAIL_TEST("blort[");
|
|
|
|
|
MY_REGEX_FAIL_TEST("blort]");
|
|
|
|
|
MY_REGEX_FAIL_TEST("blo]rt");
|
|
|
|
|
MY_REGEX_FAIL_TEST("]blort");
|
2013-12-06 06:07:24 -08:00
|
|
|
MY_REGEX_TEST("b[lor]t", "b[lor]t", ePatternRegex);
|
2013-12-03 11:30:46 -08:00
|
|
|
|
|
|
|
|
/* simple alternation tests */
|
|
|
|
|
MY_REGEX_TEST("{alpha,beta}", "(alpha|beta)", ePatternRegex);
|
|
|
|
|
MY_REGEX_TEST("baz{alpha,beta}blort", "baz(alpha|beta)blort", ePatternRegex);
|
|
|
|
|
MY_REGEX_FAIL_TEST("{beta}");
|
|
|
|
|
MY_REGEX_FAIL_TEST("biz{beta");
|
|
|
|
|
MY_REGEX_FAIL_TEST("biz}beta");
|
|
|
|
|
MY_REGEX_FAIL_TEST("biz{be,ta");
|
|
|
|
|
MY_REGEX_FAIL_TEST("biz,be}ta");
|
|
|
|
|
MY_REGEX_FAIL_TEST("biz{}beta");
|
|
|
|
|
|
|
|
|
|
/* nested alternations */
|
|
|
|
|
MY_REGEX_TEST("{{alpha,blort,nested},beta}", "((alpha|blort|nested)|beta)", ePatternRegex);
|
|
|
|
|
MY_REGEX_FAIL_TEST("{{alpha,blort,nested}beta}");
|
|
|
|
|
MY_REGEX_TEST("{{alpha,{blort,nested}},beta}", "((alpha|(blort|nested))|beta)", ePatternRegex);
|
|
|
|
|
MY_REGEX_TEST("{{alpha,alpha{blort,nested}}beta,beta}", "((alpha|alpha(blort|nested))beta|beta)", ePatternRegex);
|
|
|
|
|
MY_REGEX_TEST("{{alpha,alpha{blort,nested}}beta,beta}", "((alpha|alpha(blort|nested))beta|beta)", ePatternRegex);
|
|
|
|
|
MY_REGEX_TEST("{{a,b{c,d}}e,{f,{g,{h{i,j,k},l}m},n}o}", "((a|b(c|d))e|(f|(g|(h(i|j|k)|l)m)|n)o)", ePatternRegex);
|
2013-12-06 06:07:24 -08:00
|
|
|
/* max nesting depth = 50 */
|
|
|
|
|
MY_REGEX_TEST("{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a,b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b}b,blort}",
|
|
|
|
|
"(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a(a|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)|b)b|blort)", ePatternRegex);
|
|
|
|
|
MY_REGEX_FAIL_TEST("{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a{a,b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b},b}b,blort}");
|
|
|
|
|
|
|
|
|
|
/* simple single char */
|
|
|
|
|
MY_REGEX_TEST("blor?t", "blor[^/\\x00]t", ePatternRegex);
|
|
|
|
|
|
|
|
|
|
/* simple globbing */
|
|
|
|
|
MY_REGEX_TEST("/*", "/[^/\\x00][^/\\x00]*", ePatternRegex);
|
|
|
|
|
MY_REGEX_TEST("/blort/*", "/blort/[^/\\x00][^/\\x00]*", ePatternRegex);
|
|
|
|
|
MY_REGEX_TEST("/*/blort", "/[^/\\x00][^/\\x00]*/blort", ePatternRegex);
|
2013-12-06 11:00:05 -08:00
|
|
|
MY_REGEX_TEST("/*/", "/[^/\\x00][^/\\x00]*/", ePatternRegex);
|
2013-12-06 06:07:24 -08:00
|
|
|
MY_REGEX_TEST("/**", "/[^/\\x00][^\\x00]*", ePatternTailGlob);
|
|
|
|
|
MY_REGEX_TEST("/blort/**", "/blort/[^/\\x00][^\\x00]*", ePatternTailGlob);
|
|
|
|
|
MY_REGEX_TEST("/**/blort", "/[^/\\x00][^\\x00]*/blort", ePatternRegex);
|
2013-12-06 11:00:05 -08:00
|
|
|
MY_REGEX_TEST("/**/", "/[^/\\x00][^\\x00]*/", ePatternRegex);
|
2013-12-06 06:07:24 -08:00
|
|
|
|
|
|
|
|
/* more complicated quoting */
|
|
|
|
|
MY_REGEX_FAIL_TEST("\\\\[");
|
|
|
|
|
MY_REGEX_FAIL_TEST("\\\\]");
|
|
|
|
|
MY_REGEX_TEST("\\\\?", "\\\\[^/\\x00]", ePatternRegex);
|
|
|
|
|
MY_REGEX_FAIL_TEST("\\\\{");
|
|
|
|
|
MY_REGEX_FAIL_TEST("\\\\}");
|
|
|
|
|
MY_REGEX_TEST("\\\\,", "\\\\,", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\\\^", "\\\\\\^", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\\\$", "\\\\\\$", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\\\.", "\\\\\\.", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\\\+", "\\\\\\+", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\\\|", "\\\\\\|", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\\\(", "\\\\\\(", ePatternBasic);
|
|
|
|
|
MY_REGEX_TEST("\\\\)", "\\\\\\)", ePatternBasic);
|
2013-12-03 11:30:46 -08:00
|
|
|
|
2013-12-10 12:22:32 -08:00
|
|
|
/* more complicated character class tests */
|
|
|
|
|
/* -- embedded alternations */
|
|
|
|
|
MY_REGEX_TEST("b[\\lor]t", "b[lor]t", ePatternRegex);
|
|
|
|
|
MY_REGEX_TEST("b[{a,b}]t", "b[{a,b}]t", ePatternRegex);
|
|
|
|
|
MY_REGEX_TEST("{alpha,b[{a,b}]t,gamma}", "(alpha|b[{a,b}]t|gamma)", ePatternRegex);
|
|
|
|
|
|
|
|
|
|
/* pcre will ignore the '\' before '\{', but it should be okay
|
|
|
|
|
* for us to pass this on to pcre as '\{' */
|
|
|
|
|
MY_REGEX_TEST("b[\\{a,b\\}]t", "b[\\{a,b\\}]t", ePatternRegex);
|
|
|
|
|
MY_REGEX_TEST("{alpha,b[\\{a,b\\}]t,gamma}", "(alpha|b[\\{a,b\\}]t|gamma)", ePatternRegex);
|
|
|
|
|
MY_REGEX_TEST("{alpha,b[\\{a\\,b\\}]t,gamma}", "(alpha|b[\\{a\\,b\\}]t|gamma)", ePatternRegex);
|
|
|
|
|
|
2013-12-03 11:30:46 -08:00
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
2006-04-11 21:52:54 +00:00
|
|
|
int main(void)
|
|
|
|
|
{
|
|
|
|
|
int rc = 0;
|
|
|
|
|
int retval;
|
|
|
|
|
|
|
|
|
|
retval = test_filter_slashes();
|
|
|
|
|
if (retval != 0)
|
|
|
|
|
rc = retval;
|
|
|
|
|
|
2013-12-03 11:30:46 -08:00
|
|
|
retval = test_aaregex_to_pcre();
|
|
|
|
|
if (retval != 0)
|
|
|
|
|
rc = retval;
|
|
|
|
|
|
2006-04-11 21:52:54 +00:00
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
#endif /* UNIT_TEST */
|