mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

old style link compatability

Browse source
This commit is contained in:
John Johansen 2007-11-16 09:36:42 +00:00
parent 0e5484ce77
commit 398102afa8
2 changed files with 29 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
parser/immunix.h
View file

@ -80,11 +80,22 @@
#define AA_GROUP_EXEC_TYPE (AA_EXEC_TYPE << AA_GROUP_SHIFT) #define AA_GROUP_EXEC_TYPE (AA_EXEC_TYPE << AA_GROUP_SHIFT)
#define AA_OTHER_EXEC_TYPE (AA_EXEC_TYPE << AA_OTHER_SHIFT) #define AA_OTHER_EXEC_TYPE (AA_EXEC_TYPE << AA_OTHER_SHIFT)
#define AA_LINK_BITS ((AA_MAY_LINK << AA_USER_SHIFT) | \
(AA_MAY_LINK << AA_GROUP_SHIFT) | \
(AA_MAY_LINK << AA_OTHER_SHIFT))
#define SHIFT_MODE(MODE, SHIFT) ((((MODE) & AA_BASE_PERMS) << (SHIFT))\ #define SHIFT_MODE(MODE, SHIFT) ((((MODE) & AA_BASE_PERMS) << (SHIFT))\
| ((MODE) & ~AA_FILE_PERMS)) | ((MODE) & ~AA_FILE_PERMS))
#define SHIFT_TO_BASE(MODE, SHIFT) ((((MODE) & AA_FILE_PERMS) >> (SHIFT))\ #define SHIFT_TO_BASE(MODE, SHIFT) ((((MODE) & AA_FILE_PERMS) >> (SHIFT))\
| ((MODE) & ~AA_FILE_PERMS)) | ((MODE) & ~AA_FILE_PERMS))
#define AA_LINK_SUBSET_TEST (AA_MAY_LINK << 1)
#define LINK_SUBSET_BITS ((AA_LINK_SUBSET_TEST << AA_USER_SHIFT) | \
(AA_LINK_SUBSET_TEST << AA_GROUP_SHIFT) | \
(AA_LINK_SUBSET_TEST << AA_OTHER_SHIFT))
#define LINK_TO_LINK_SUBSET(X) (((X) << 1) & AA_LINK_SUBSET_TEST)
#define AA_HAT_SIZE 975 /* Maximum size of a subdomain #define AA_HAT_SIZE 975 /* Maximum size of a subdomain
* ident (hat) */ * ident (hat) */
#define AA_IP_TCP 0x0001 #define AA_IP_TCP 0x0001

22
parser/parser_regex.c
View file

@ -482,7 +482,6 @@ static int process_pcre_entry(struct cod_entry *entry)
static int process_dfa_entry(aare_ruleset_t *dfarules, struct cod_entry *entry) static int process_dfa_entry(aare_ruleset_t *dfarules, struct cod_entry *entry)
{ {
char tbuf[PATH_MAX + 3]; /* +3 for ^, $ and \0 */ char tbuf[PATH_MAX + 3]; /* +3 for ^, $ and \0 */
int ret = TRUE;
pattern_t ptype; pattern_t ptype;
if (!entry) /* shouldn't happen */ if (!entry) /* shouldn't happen */
@ -508,8 +507,23 @@ static int process_dfa_entry(aare_ruleset_t *dfarules, struct cod_entry *entry)
entry->mode |= AA_EXEC_MMAP << AA_USER_SHIFT; entry->mode |= AA_EXEC_MMAP << AA_USER_SHIFT;
if (!aare_add_rule(dfarules, tbuf, entry->mode)) if (!aare_add_rule(dfarules, tbuf, entry->mode))
ret = FALSE; return FALSE;
if (entry->mode & (AA_LINK_BITS)) {
/* add the pair rule */
char lbuf[PATH_MAX + 8];
int perms = AA_LINK_BITS & entry->mode;
perms |= LINK_TO_LINK_SUBSET(perms);
sprintf(lbuf, "%s///**", entry->name);
ptype = convert_aaregex_to_pcre(lbuf, 0, tbuf, PATH_MAX + 8);
if (ptype == ePatternInvalid)
return FALSE;
if (!aare_add_rule(dfarules, tbuf, perms))
return FALSE;
/* if (!aare_add_vec_rule(dfarules, perms,
tbuf, "/**", NULL))
return FALSE;
*/
}
if (entry->mode & AA_CHANGE_PROFILE) { if (entry->mode & AA_CHANGE_PROFILE) {
char lbuf[2*PATH_MAX + 8]; char lbuf[2*PATH_MAX + 8];
if (entry->namespace) if (entry->namespace)
@ -522,7 +536,7 @@ static int process_dfa_entry(aare_ruleset_t *dfarules, struct cod_entry *entry)
if (!aare_add_rule(dfarules, tbuf, AA_CHANGE_PROFILE)) if (!aare_add_rule(dfarules, tbuf, AA_CHANGE_PROFILE))
return FALSE; return FALSE;
} }
return ret; return TRUE;
} }
int post_process_entries(struct codomain *cod) int post_process_entries(struct codomain *cod)