mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/parser/parser_common.c

121 lines
4.2 KiB
C
Raw Normal View History

[v2: added clean-ups, backed off on some of the build silencing] This is a rather large rearrangement of how a subset of the parser global variables are defined. Right now, there are unit tests built without linking against parser_main.c. As a result, none of the globals defined in parser_main.c could be used in the code that is built for unit tests (misc, regex, symtab, variable). To get a clean build, either stubs needed to be added to "#ifdef UNIT_TEST" blocks in each .c file, or we had to depend on link-time optimizations that would throw out the unused routines. First, this is a problem because all the compile-time warnings had to be explicitly silenced, so reviewing the build logs becomes difficult on failures, and we can potentially (in really unlucky situations) test something that isn't actually part of the "real" parser. Second, not all compilers will allow this kind of linking (e.g. mips gcc), and the missing symbols at link time will fail the entire build even though they're technically not needed. To solve all of this, I've moved all of the global variables used in lex, yacc, and main to parser_common.c, and adjusted the .h files. On top of this, I made sure to fully link the tst builds so all symbols are resolved (including aare lib) and removedonly tst build-log silencing (for now, deferring to another future patchset to consolidate the build silencing). Signed-off-by: Kees Cook <kees.cook@canonical.com>
2011-05-13 02:12:49 -07:00
/*
Update the copyright dates for the apparmor_parser Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:21:59 -08:00
* Copyright (c) 2010 - 2012
* Canonical Ltd. (All rights reserved)
[v2: added clean-ups, backed off on some of the build silencing] This is a rather large rearrangement of how a subset of the parser global variables are defined. Right now, there are unit tests built without linking against parser_main.c. As a result, none of the globals defined in parser_main.c could be used in the code that is built for unit tests (misc, regex, symtab, variable). To get a clean build, either stubs needed to be added to "#ifdef UNIT_TEST" blocks in each .c file, or we had to depend on link-time optimizations that would throw out the unused routines. First, this is a problem because all the compile-time warnings had to be explicitly silenced, so reviewing the build logs becomes difficult on failures, and we can potentially (in really unlucky situations) test something that isn't actually part of the "real" parser. Second, not all compilers will allow this kind of linking (e.g. mips gcc), and the missing symbols at link time will fail the entire build even though they're technically not needed. To solve all of this, I've moved all of the global variables used in lex, yacc, and main to parser_common.c, and adjusted the .h files. On top of this, I made sure to fully link the tst builds so all symbols are resolved (including aare lib) and removedonly tst build-log silencing (for now, deferring to another future patchset to consolidate the build silencing). Signed-off-by: Kees Cook <kees.cook@canonical.com>
2011-05-13 02:12:49 -07:00
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of version 2 of the GNU General Public
* License published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, contact Novell, Inc. or Canonical,
* Ltd.
*/
#include <stdlib.h>
#include <stdarg.h>
put the gettext define in one place Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-08-23 23:50:43 -07:00
[v2: added clean-ups, backed off on some of the build silencing] This is a rather large rearrangement of how a subset of the parser global variables are defined. Right now, there are unit tests built without linking against parser_main.c. As a result, none of the globals defined in parser_main.c could be used in the code that is built for unit tests (misc, regex, symtab, variable). To get a clean build, either stubs needed to be added to "#ifdef UNIT_TEST" blocks in each .c file, or we had to depend on link-time optimizations that would throw out the unused routines. First, this is a problem because all the compile-time warnings had to be explicitly silenced, so reviewing the build logs becomes difficult on failures, and we can potentially (in really unlucky situations) test something that isn't actually part of the "real" parser. Second, not all compilers will allow this kind of linking (e.g. mips gcc), and the missing symbols at link time will fail the entire build even though they're technically not needed. To solve all of this, I've moved all of the global variables used in lex, yacc, and main to parser_common.c, and adjusted the .h files. On top of this, I made sure to fully link the tst builds so all symbols are resolved (including aare lib) and removedonly tst build-log silencing (for now, deferring to another future patchset to consolidate the build silencing). Signed-off-by: Kees Cook <kees.cook@canonical.com>
2011-05-13 02:12:49 -07:00
#include "parser.h"
Add the ability to separate policy_version from kernel and parser abi This will allow for the parser to invalidate its caches separate of whether the kernel policy version has changed. This can be desirable if a parser bug is discovered, a new version the parser is shipped and we need to force cache files to be regenerated. Policy current stores a 32 bit version number in the header binary policy. For newer policy (> v5 kernel abi) split this number into 3 separate fields policy_version, parser_abi, kernel_abi. If binary policy with a split version number is loaded to an older kernel it will be correctly rejected as unsupported as those kernels will see it as a none v5 version. For kernels that only support v5 policy on the kernel abi version is written. The rules for policy versioning should be policy_version: Set by text policy language version. Parsers that don't understand a specified version may fail, or drop rules they are unaware of. parser_abi_version: gets bumped when a userspace bug is discovered that requires policy be recompiled. The policy version could be reset for each new kernel version but since the parser needs to support multiple kernel versions tracking this is extra work and should be avoided. kernel_abi_version: gets bumped when semantic changes need to be applied. Eg unix domain sockets being mediated at connect. the kernel abi version does not encapsulate all supported features. As kernels could have different sets of patches supplied. Basic feature support is determined by the policy_mediates() encoding in the policydb. As such comparing cache features to kernel features is still needed to determine if cached policy is best matched to the kernel. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2014-04-23 11:00:32 -07:00
/* Policy versioning is determined by a combination of 3 values:
* policy_version: version of txt policy
* parser_abi_version: version of abi revision of policy generated by parser
* kernel_abi_version: version of abi revision for the kernel
*
* The version info is stored in a single 32 bit version field in the
* header portion of each binary policy file.
*
* policy_version:
* a gross revision number indicating what features and semantics are
* expected by the text policy. This does not necessarily map directly
* to a feature set as a kernel may not have all the supported features
* patched/builtin.
*
* policy_version is not supported by kernels that only support v5
* kernel abi, so it will not be written when creating policy for
* those kernels.
*
* kernel_abi_version:
* should be set to the highest version supported by both the parser and
* the kernel.
* This allows new kernels to detect old userspaces, and new parsers
* to support old kernels and policies semantics.
*
* parser_abi_version:
* should be bumped when a compiler error or some other event happens
* and policy cache needs to be forced to be recomputed, when the
* policy_version or kernel version has not changed.
*
* parser_abi_version is not supported by kernels that only support
* v5 kernel abi so it will not be written when creating policy for those
* kernels.
*
* Default values set to v5 kernel abi before the different versioning
* numbers where supported.
*/
uint32_t policy_version = 2;
bump parser abi version to force policy recompilation 2.9.x and 2.10 had some time stamp bugs around cache handling that result in the cache getting a wrong time stamp, and then not getting correctly updated when policy changes. Force cache recompiles for these versions by bumping the parser abi Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2015-11-17 16:21:46 -08:00
uint32_t parser_abi_version = 2;
Add the ability to separate policy_version from kernel and parser abi This will allow for the parser to invalidate its caches separate of whether the kernel policy version has changed. This can be desirable if a parser bug is discovered, a new version the parser is shipped and we need to force cache files to be regenerated. Policy current stores a 32 bit version number in the header binary policy. For newer policy (> v5 kernel abi) split this number into 3 separate fields policy_version, parser_abi, kernel_abi. If binary policy with a split version number is loaded to an older kernel it will be correctly rejected as unsupported as those kernels will see it as a none v5 version. For kernels that only support v5 policy on the kernel abi version is written. The rules for policy versioning should be policy_version: Set by text policy language version. Parsers that don't understand a specified version may fail, or drop rules they are unaware of. parser_abi_version: gets bumped when a userspace bug is discovered that requires policy be recompiled. The policy version could be reset for each new kernel version but since the parser needs to support multiple kernel versions tracking this is extra work and should be avoided. kernel_abi_version: gets bumped when semantic changes need to be applied. Eg unix domain sockets being mediated at connect. the kernel abi version does not encapsulate all supported features. As kernels could have different sets of patches supplied. Basic feature support is determined by the policy_mediates() encoding in the policydb. As such comparing cache features to kernel features is still needed to determine if cached policy is best matched to the kernel. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2014-04-23 11:00:32 -07:00
uint32_t kernel_abi_version = 5;
int force_complain = 0;
[v2: added clean-ups, backed off on some of the build silencing] This is a rather large rearrangement of how a subset of the parser global variables are defined. Right now, there are unit tests built without linking against parser_main.c. As a result, none of the globals defined in parser_main.c could be used in the code that is built for unit tests (misc, regex, symtab, variable). To get a clean build, either stubs needed to be added to "#ifdef UNIT_TEST" blocks in each .c file, or we had to depend on link-time optimizations that would throw out the unused routines. First, this is a problem because all the compile-time warnings had to be explicitly silenced, so reviewing the build logs becomes difficult on failures, and we can potentially (in really unlucky situations) test something that isn't actually part of the "real" parser. Second, not all compilers will allow this kind of linking (e.g. mips gcc), and the missing symbols at link time will fail the entire build even though they're technically not needed. To solve all of this, I've moved all of the global variables used in lex, yacc, and main to parser_common.c, and adjusted the .h files. On top of this, I made sure to fully link the tst builds so all symbols are resolved (including aare lib) and removedonly tst build-log silencing (for now, deferring to another future patchset to consolidate the build silencing). Signed-off-by: Kees Cook <kees.cook@canonical.com>
2011-05-13 02:12:49 -07:00
int perms_create = 0; /* perms contain create flag */
int net_af_max_override = -1; /* use kernel to determine af_max */
int kernel_load = 1;
Fix profile loads from cache files that contain multiple profiles v3: fix freeing of filename when undefined v2: address tyhicks feedback refactor to have a common write routine fix issue with set profile load being done even if !kernel_load Profile loads from cache files that contain multiple profiles can result in multiple reloads of the same profile or error messages about failure to load profiles if the --add option is used. eg. apparmor="STATUS" operation="profile_load" name="/usr/lib/apache2/mpm-prefork/apache2" pid=8631 comm="apparmor_parser" <sth0R> [82932.058388] type=1400 audit(1395415826.937:616): apparmor="STATUS" operation="profile_load" name="DEFAULT_URI" pid=8631 comm="apparmor_parser" <sth0R> [82932.058391] type=1400 audit(1395415826.937:617): apparmor="STATUS" operation="profile_load" name="HANDLING_UNTRUSTED_INPUT" pid=8631 comm="apparmor_parser" <sth0R> [82932.058394] type=1400 audit(1395415826.937:618): apparmor="STATUS" operation="profile_load" name="phpsysinfo" pid=8631 comm="apparmor_parser" <sth0R> [82932.059058] type=1400 audit(1395415826.937:619): apparmor="STATUS" operation="profile_replace" info="profile can not be replaced" error=-17 name="/usr/lib/apache2/mpm-prefork/apache2//DEFAULT_URI" pid=8631 comm="apparmor_parser" <sth0R> [82932.059574] type=1400 audit(1395415826.937:620): apparmor="STATUS" operation="profile_replace" info="profile can not be replaced" error=-17 name="/usr/lib/apache2/mpm-prefork/apache2//HANDLING_UNTRUSTED_INPUT" pid=8631 comm="apparmor_parser" The reason this happens is that the cache file is a container that can contain multiple profiles in sequential order profile1 profile2 profile3 The parser loads the entire cache file to memory and the writes the whole file to the kernel interface. It then skips foward in the file to the next profile and reloads the file from that profile into the kernel. eg. First load profile1 profile2 profile3 advance to profile2, do second load profile2 profile3 advance to profile3, do third load profile3 With older kernels the interface would stop after the first profile and return that it had processed the whole file, thus while wasting compute resources copying extra data no errors occurred. However newer kernels now support atomic loading of multipe profiles, so that all the profiles passed in to the interface get processed. This means on newer kernels the current parser load behavior results in multiple loads/replacements when a cache file contains more than one profile (note: loads from a compile do not have this problem). To fix this, detect if the kernel supports atomic set loads, and load the cache file once. If it doesn't only load one profile section from a cache file at a time. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2014-05-08 09:03:13 -07:00
int kernel_supports_setload = 0; /* kernel supports atomic set loads */
fix: network detection The features file patch broke detection of network support. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2014-04-23 10:55:46 -07:00
int kernel_supports_network = 0; /* kernel supports network rules */
parser: first step implementing fine grained mediation for unix domain sockets This patch implements parsing of fine grained mediation for unix domain sockets, that have abstract and anonymous paths. Sockets with file system paths are handled by regular file access rules. The unix network rules follow the general fine grained network rule pattern of [<qualifiers>] af_name [<access expr>] [<rule conds>] [<local expr>] [<peer expr>] specifically for af_unix this is [<qualifiers>] 'unix' [<access expr>] [<rule conds>] [<local expr>] [<peer expr>] <qualifiers> = [ 'audit' ] [ 'allow' | 'deny' ] <access expr> = ( <access> | <access list> ) <access> = ( 'server' | 'create' | 'bind' | 'listen' | 'accept' | 'connect' | 'shutdown' | 'getattr' | 'setattr' | 'getopt' | 'setopt' | 'send' | 'receive' | 'r' | 'w' | 'rw' ) (some access modes are incompatible with some rules or require additional parameters) <access list> = '(' <access> ( [','] <WS> <access> )* ')' <WS> = white space <rule conds> = ( <type cond> | <protocol cond> )* each cond can appear at most once <type cond> = 'type' '=' ( <AARE> | '(' ( '"' <AARE> '"' | <AARE> )+ ')' ) <protocol cond> = 'protocol' '=' ( <AARE> | '(' ( '"' <AARE> '"' | <AARE> )+ ')' ) <local expr> = ( <path cond> | <attr cond> | <opt cond> )* each cond can appear at most once <peer expr> = 'peer' '=' ( <path cond> | <label cond> )+ each cond can appear at most once <path cond> = 'path' '=' ( <AARE> | '(' '"' <AARE> '"' | <AARE> ')' ) <label cond> = 'label' '=' ( <AARE> | '(' '"' <AARE> '"' | <AARE> ')') <attr cond> = 'attr' '=' ( <AARE> | '(' '"' <AARE> '"' | <AARE> ')' ) <opt cond> = 'opt' '=' ( <AARE> | '(' '"' <AARE> '"' | <AARE> ')' ) <AARE> = ?*[]{}^ ( see man page ) unix domain socket rules are accumulated so that the granted unix socket permissions are the union of all the listed unix rule permissions. unix domain socket rules are broad and general and become more restrictive as further information is specified. Policy may be specified down to the path and label level. The content of the communication is not examined. Some permissions are not compatible with all unix rules. unix socket rule permissions are implied when a rule does not explicitly state an access list. By default if a rule does not have an access list all permissions that are compatible with the specified set of local and peer conditionals are implied. The 'server', 'r', 'w' and 'rw' permissions are aliases for other permissions. server = (create, bind, listen, accept) r = (receive, getattr, getopt) w = (create, connect, send, setattr, setopt) In addition it supports the v7 kernel abi semantics around generic network rules. The v7 abi removes the masking unix and netlink address families from the generic masking and uses fine grained mediation for an address type if supplied. This means that the rules network unix, network netlink, are now enforced instead of ignored. The parser previously could accept these but the kernel would ignore anything written to them. If a network rule is supplied it takes precedence over the finer grained mediation rule. If permission is not granted via a broad network access rule fine grained mediation is applied. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2014-09-03 13:22:26 -07:00
int kernel_supports_unix = 0; /* kernel supports unix socket rules */
Add tag indicating file policy is mediated. Tag start of entries in the policydb as being mediated. This makes the start state for any class being mediated be none 0. The kernel can detect this to determine whether the parser expected mediation for the class. This is just a way of encoding what features expect mediation within the policydb it self so that a separate table isn't needed. This is also used to indicate the new unix semantics for mediation of unix domain sockets on connect should be applied. Note: this does cause a fail open on situation on Ubuntu Saucy, which did not properly indicate support. That is if a kernel using this patch is installed on an Ubuntu Saucy system, unix domain socket mediation on connect won't happen, instead the older behavior will be applied. This won't cause policy failures as it is less strict than what Ubuntu Saucy applies. This is necessary so that AppArmor can properly function on older userspaces without a compile time configuration on the kernel to determine behavior. A kernel expecting this behavior will function correctly with all old userspaces expect it will not enforce connect time mediation on Ubuntu Saucy. However Ubuntu does not support Trusty (or newer) kernels as backports to Saucy, so this does not break them. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2014-04-23 10:59:07 -07:00
int kernel_supports_policydb = 0; /* kernel supports new policydb */
Generate the features list from the features directory Newer versions of AppArmor use a features directory instead of a file update the parser to use this to determine features and match string This is just a first pass at this to get things up quickly. A much more comprehensive rework that can parse and use the full information set is needed. Signed-off-by: John Johansen <john.johansen@canonical.com>
2012-02-24 04:18:45 -08:00
int kernel_supports_mount = 0; /* kernel supports mount rules */
parser: Check for kernel support prior to processing dbus entries When a parser that is aware of dbus rules is running under a kernel that is unaware of dbus rules, the parser should ignore the dbus rules instead of attempting to load them into the kernel. Otherwise, the kernel will reject the entire profile, leaving the application unconfined. Similar to what is done for mount rules, the features listed in apparmorfs should be checked to see if dbus is supported under the current kernel. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com>
2013-10-29 17:03:23 -07:00
int kernel_supports_dbus = 0; /* kernel supports dbus rules */
Turn on diff-encoding if the kernel supports it Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2014-04-23 11:05:58 -07:00
int kernel_supports_diff_encode = 0; /* kernel supports diff_encode */
Add the ability to mediate signals. Add signal rules and make sure the parser encodes support for them if the supported feature set reports supporting them. The current format of the signal rule is [audit] [deny] signal [<signal_perms>] [<signal_set>] <target_profile>, signal_perm := 'send'|'receive'|'r'|'w'|'rw' signal_perms := <signal_perm> | '(' <signal_perm> ([,]<signal_perm>)* ')' signal := ("hup"|"int"|"quit"|"ill"|"trap"|"abrt"|"bus"|"fpe"|"kill"| "usr1"|"segv"|"usr2"|"pipe"|"alrm"|"term"|"tkflt"|"chld"| "cont"|"stop"|"stp"|"ttin"|"ttou"|"urg"|"xcpu"|"xfsz"|"vtalrm"| "prof"|"winch"|"io"|"pwr"|"sys"|"emt"|"exists") signal_set := set=<signal> | '(' <signal> ([,]<signal>)* ')' it does not currently follow the peer=() format, and there is some question as to whether it should or not. Input welcome. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2014-04-23 11:35:29 -07:00
int kernel_supports_signal = 0; /* kernel supports signal rules */
Add the ability to specify ptrace rules ptrace rules currently take the form of ptrace [<ptrace_perms>] [<peer_profile_name>], ptrace_perm := read|trace|readby|tracedby ptrace_perms := ptrace_perm | '(' ptrace_perm+ ')' After having used the cross check (permission needed in both profiles) I am not sure it is correct for ptrace. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2014-04-23 11:38:04 -07:00
int kernel_supports_ptrace = 0; /* kernel supports ptrace rules */
parser: Check kernel stacking support when handling stacked transitions Check if the current kernel supports stacking. If not, ensure that named transitions (exec, change_profile, etc.) do not attempt to stack their targets. Also, set up the change_profile vector according to whether or not the kernel supports stacking. Earlier kernels expect the policy namespace to be in its own NUL-terminated vector element rather than passing the entire label (namespace and profile name) as a single string to the kernel. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2016-03-18 17:28:51 -05:00
int kernel_supports_stacking = 0; /* kernel supports stacking */
[v2: added clean-ups, backed off on some of the build silencing] This is a rather large rearrangement of how a subset of the parser global variables are defined. Right now, there are unit tests built without linking against parser_main.c. As a result, none of the globals defined in parser_main.c could be used in the code that is built for unit tests (misc, regex, symtab, variable). To get a clean build, either stubs needed to be added to "#ifdef UNIT_TEST" blocks in each .c file, or we had to depend on link-time optimizations that would throw out the unused routines. First, this is a problem because all the compile-time warnings had to be explicitly silenced, so reviewing the build logs becomes difficult on failures, and we can potentially (in really unlucky situations) test something that isn't actually part of the "real" parser. Second, not all compilers will allow this kind of linking (e.g. mips gcc), and the missing symbols at link time will fail the entire build even though they're technically not needed. To solve all of this, I've moved all of the global variables used in lex, yacc, and main to parser_common.c, and adjusted the .h files. On top of this, I made sure to fully link the tst builds so all symbols are resolved (including aare lib) and removedonly tst build-log silencing (for now, deferring to another future patchset to consolidate the build silencing). Signed-off-by: Kees Cook <kees.cook@canonical.com>
2011-05-13 02:12:49 -07:00
int conf_verbose = 0;
int conf_quiet = 0;
int names_only = 0;
int current_lineno = 1;
int option = OPTION_ADD;
Turn on diff-encoding if the kernel supports it Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2014-04-23 11:05:58 -07:00
dfaflags_t dfaflags = (dfaflags_t)(DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE | DFA_CONTROL_MINIMIZE | DFA_CONTROL_DIFF_ENCODE);
disable downgrade and not enforced rule messages by default Currently the apparmor parser warns about rules that are not enforced or downgraded. This is a problem for distros that are not carrying the out of tree kernel patches, as most profile loads result in warnings. Change the behavior to not output a message unless a warn flag is passed. This patch adds 2 different warn flags --warn rule-downgraded # warn if a rule is downgraded --warn rule-not-enforced # warn if a rule is not enforced at all If the warnings are desired by default the flags can be set in the parser.conf file. v2 of patch - update man page - add --warn to usage statement - make --quiet clear warn flags Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2014-10-08 13:20:20 -07:00
dfaflags_t warnflags = 0;
[v2: added clean-ups, backed off on some of the build silencing] This is a rather large rearrangement of how a subset of the parser global variables are defined. Right now, there are unit tests built without linking against parser_main.c. As a result, none of the globals defined in parser_main.c could be used in the code that is built for unit tests (misc, regex, symtab, variable). To get a clean build, either stubs needed to be added to "#ifdef UNIT_TEST" blocks in each .c file, or we had to depend on link-time optimizations that would throw out the unused routines. First, this is a problem because all the compile-time warnings had to be explicitly silenced, so reviewing the build logs becomes difficult on failures, and we can potentially (in really unlucky situations) test something that isn't actually part of the "real" parser. Second, not all compilers will allow this kind of linking (e.g. mips gcc), and the missing symbols at link time will fail the entire build even though they're technically not needed. To solve all of this, I've moved all of the global variables used in lex, yacc, and main to parser_common.c, and adjusted the .h files. On top of this, I made sure to fully link the tst builds so all symbols are resolved (including aare lib) and removedonly tst build-log silencing (for now, deferring to another future patchset to consolidate the build silencing). Signed-off-by: Kees Cook <kees.cook@canonical.com>
2011-05-13 02:12:49 -07:00
parser - Fix const char warnings This patch addresses a bunch of the compiler string conversion warnings that were introduced with the C++-ification patch. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: Tyler Hicks <tyhicks@canonical.com>
2013-10-01 10:59:04 -07:00
const char *progname = __FILE__;
Convert the parser to C++ This conversion is nothing more than what is required to get it to compile. Further improvements will come as the code is refactored. Unfortunately due to C++ not supporting designated initializers, the auto generation of af names needed to be reworked, and "netlink" and "unix" domain socket keywords leaked in. Since these where going to be added in separate patches I have not bothered to do the extra work to replace them with a temporary place holder. Signed-off-by: John Johansen <john.johansen@canonical.com> [tyhicks: merged with dbus changes and memory leak fixes] Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2013-09-27 16:13:22 -07:00
char *profile_ns = NULL;
[v2: added clean-ups, backed off on some of the build silencing] This is a rather large rearrangement of how a subset of the parser global variables are defined. Right now, there are unit tests built without linking against parser_main.c. As a result, none of the globals defined in parser_main.c could be used in the code that is built for unit tests (misc, regex, symtab, variable). To get a clean build, either stubs needed to be added to "#ifdef UNIT_TEST" blocks in each .c file, or we had to depend on link-time optimizations that would throw out the unused routines. First, this is a problem because all the compile-time warnings had to be explicitly silenced, so reviewing the build logs becomes difficult on failures, and we can potentially (in really unlucky situations) test something that isn't actually part of the "real" parser. Second, not all compilers will allow this kind of linking (e.g. mips gcc), and the missing symbols at link time will fail the entire build even though they're technically not needed. To solve all of this, I've moved all of the global variables used in lex, yacc, and main to parser_common.c, and adjusted the .h files. On top of this, I made sure to fully link the tst builds so all symbols are resolved (including aare lib) and removedonly tst build-log silencing (for now, deferring to another future patchset to consolidate the build silencing). Signed-off-by: Kees Cook <kees.cook@canonical.com>
2011-05-13 02:12:49 -07:00
char *profilename = NULL;
char *current_filename = NULL;
FILE *ofile = NULL;
#ifdef FORCE_READ_IMPLIES_EXEC
int read_implies_exec = 1;
#else
int read_implies_exec = 0;
#endif
parser - Fix const char warnings This patch addresses a bunch of the compiler string conversion warnings that were introduced with the C++-ification patch. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: Tyler Hicks <tyhicks@canonical.com>
2013-10-01 10:59:04 -07:00
void pwarn(const char *fmt, ...)
[v2: added clean-ups, backed off on some of the build silencing] This is a rather large rearrangement of how a subset of the parser global variables are defined. Right now, there are unit tests built without linking against parser_main.c. As a result, none of the globals defined in parser_main.c could be used in the code that is built for unit tests (misc, regex, symtab, variable). To get a clean build, either stubs needed to be added to "#ifdef UNIT_TEST" blocks in each .c file, or we had to depend on link-time optimizations that would throw out the unused routines. First, this is a problem because all the compile-time warnings had to be explicitly silenced, so reviewing the build logs becomes difficult on failures, and we can potentially (in really unlucky situations) test something that isn't actually part of the "real" parser. Second, not all compilers will allow this kind of linking (e.g. mips gcc), and the missing symbols at link time will fail the entire build even though they're technically not needed. To solve all of this, I've moved all of the global variables used in lex, yacc, and main to parser_common.c, and adjusted the .h files. On top of this, I made sure to fully link the tst builds so all symbols are resolved (including aare lib) and removedonly tst build-log silencing (for now, deferring to another future patchset to consolidate the build silencing). Signed-off-by: Kees Cook <kees.cook@canonical.com>
2011-05-13 02:12:49 -07:00
{
va_list arg;
char *newfmt;
if (conf_quiet || names_only || option == OPTION_REMOVE)
return;
Remove asprintf warning and fix invalid test asprintf is marked with warn_unused_result and its return value should not be ignored, even casting to (void) will not remove this warning. The current code ignored the result and used the value of newfmt to make a decision. This is however not correct in that according to the asprintf man page newfmt is undefined if asprintf returns an error. Fix the warning and error by using the return value of asprintf Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-By: Steve Beattie <sbeattie@ubuntu.com>
2012-01-06 07:09:12 -08:00
if (asprintf(&newfmt, _("Warning from %s (%s%sline %d): %s"),
profilename ? profilename : "stdin",
current_filename ? current_filename : "",
current_filename ? " " : "",
current_lineno,
fmt) == -1)
[v2: added clean-ups, backed off on some of the build silencing] This is a rather large rearrangement of how a subset of the parser global variables are defined. Right now, there are unit tests built without linking against parser_main.c. As a result, none of the globals defined in parser_main.c could be used in the code that is built for unit tests (misc, regex, symtab, variable). To get a clean build, either stubs needed to be added to "#ifdef UNIT_TEST" blocks in each .c file, or we had to depend on link-time optimizations that would throw out the unused routines. First, this is a problem because all the compile-time warnings had to be explicitly silenced, so reviewing the build logs becomes difficult on failures, and we can potentially (in really unlucky situations) test something that isn't actually part of the "real" parser. Second, not all compilers will allow this kind of linking (e.g. mips gcc), and the missing symbols at link time will fail the entire build even though they're technically not needed. To solve all of this, I've moved all of the global variables used in lex, yacc, and main to parser_common.c, and adjusted the .h files. On top of this, I made sure to fully link the tst builds so all symbols are resolved (including aare lib) and removedonly tst build-log silencing (for now, deferring to another future patchset to consolidate the build silencing). Signed-off-by: Kees Cook <kees.cook@canonical.com>
2011-05-13 02:12:49 -07:00
return;
va_start(arg, fmt);
vfprintf(stderr, newfmt, arg);
va_end(arg);
free(newfmt);
}
Reference in a new issue Copy permalink