mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 16:35:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update parser to allow for multiple debugs dump options

Browse source
This commit is contained in:
John Johansen 2010-01-07 18:09:37 -08:00
commit 56a9fded36
5 changed files with 73 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
parser/libapparmor_re/apparmor_re.h
View file

@ -15,6 +15,11 @@
extern "C" {
#endif
typedef enum dfaflags {
DFA_DUMP_TREE = 1,
DFA_DUMP_SIMPLE_TREE = 2,
} dfaflags_t;
struct aare_ruleset;
typedef struct aare_ruleset aare_ruleset_t;
@ -25,7 +30,8 @@ int aare_add_rule(aare_ruleset_t *rules, char *rule, int deny,
uint32_t perms, uint32_t audit);
int aare_add_rule_vec(aare_ruleset_t *rules, int deny, uint32_t perms,
uint32_t audit, int count, char **rulev);
void *aare_create_dfa(aare_ruleset_t *rules, int equiv_classes, size_t *size);
void *aare_create_dfa(aare_ruleset_t *rules, int equiv_classes, size_t *size,
dfaflags_t flags);
void aare_reset_matchflags(void);
#ifdef __cplusplus

23
parser/libapparmor_re/regexp.y
View file

@ -2214,20 +2214,25 @@ extern "C" int aare_add_rule_vec(aare_ruleset_t *rules, int deny,
* else NULL on failure
*/
extern "C" void *aare_create_dfa(aare_ruleset_t *rules, int equiv_classes,
size_t *size)
size_t *size, dfaflags_t flags)
{
char *buffer = NULL;
label_nodes(rules->root);
#ifdef DEBUG_TREE
cerr << "pre opt tree\n";
rules->root->dump(cerr);
#endif
if (flags & DFA_DUMP_TREE) {
cerr << "\nDFA: Expression Tree\n";
rules->root->dump(cerr);
cerr << "\n\n";
}
rules->root = simplify_tree(rules->root);
#ifdef DEBUG_TREE
cerr << "post opt tree\n";
rules->root->dump(cerr);
#endif
if (flags & DFA_DUMP_SIMPLE_TREE) {
cerr << "\nDFA: Simplified Expression Tree\n";
rules->root->dump(cerr);
cerr << "\n\n";
}
DFA dfa(rules->root);
map<uchar, uchar> eq;

1
parser/parser.h
View file

@ -168,6 +168,7 @@ struct var_string {
#define FLAG_CHANGEHAT_1_5 3
extern int flag_changehat_version;
extern int read_implies_exec;
extern dfaflags_t dfaflags;
#ifdef DEBUG
#define PDEBUG(fmt, args...) printf("parser: " fmt, ## args)

59
parser/parser_main.c
View file

@ -38,6 +38,7 @@
#include "parser.h"
#include "parser_version.h"
#include "parser_include.h"
#include "libapparmor_re/apparmor_re.h"
#define MODULE_NAME "apparmor"
#define OLD_MODULE_NAME "subdomain"
@ -62,6 +63,7 @@ int binary_input = 0;
int names_only = 0;
int dump_vars = 0;
int dump_expanded_vars = 0;
dfaflags_t dfaflags = 0;
int conf_verbose = 0;
int conf_quiet = 0;
int kernel_load = 1;
@ -93,16 +95,13 @@ struct option long_options[] = {
{"add", 0, 0, 'a'},
{"binary", 0, 0, 'B'},
{"base", 1, 0, 'b'},
{"debug", 0, 0, 'd'},
{"subdomainfs", 0, 0, 'f'},
{"help", 0, 0, 'h'},
{"help", 2, 0, 'h'},
{"replace", 0, 0, 'r'},
{"reload", 0, 0, 'r'}, /* undocumented reload option == replace */
{"version", 0, 0, 'V'},
{"complain", 0, 0, 'C'},
{"Complain", 0, 0, 'C'}, /* Erk, apparently documented as --Complain */
{"dump-variables", 0, 0, 'D'},
{"dump-expanded-variables", 0, 0, 'E'},
{"Include", 1, 0, 'I'},
{"remove", 0, 0, 'R'},
{"names", 0, 0, 'N'},
@ -117,6 +116,9 @@ struct option long_options[] = {
{"skip-read-cache", 0, 0, 'T'},
{"write-cache", 0, 0, 'W'},
{"show-cache", 0, 0, 'k'},
{"debug", 0, 0, 'd'},
{"dump", 1, 0, 'D'},
{"Dump", 1, 0, 'D'},
{NULL, 0, 0, 0},
};
@ -156,7 +158,22 @@ static void display_usage(char *command)
"-Q, --skip-kernel-load Do everything except loading into kernel\n"
"-V, --version Display version info and exit\n"
"-d, --debug Debug apparmor definitions\n"
"-h, --help Display this text and exit\n"
"-D [n], --dump Dump internal info for debugging\n"
"-h [command], --help Display this text or info about command\n"
,command);
}
static void display_dump(char *command)
{
display_version();
printf("\n%s: --dump [Option]\n\n"
"Options:\n"
"--------\n"
"no option specified Dump variables\n"
"variables Dump variables\n"
"expanded-variables Dump expanded variables\n"
"dfa-tree Dump expression tree\n"
"dfa-simple-tree Dump simplified expression tree\n"
,command);
}
@ -189,7 +206,7 @@ static int process_args(int argc, char *argv[])
int count = 0;
option = OPTION_ADD;
while ((c = getopt_long(argc, argv, "adf:hrRVvI:b:BCDENSm:qQn:XKTWk", long_options, &o)) != -1)
while ((c = getopt_long(argc, argv, "adf:h::rRVvI:b:BCD:NSm:qQn:XKTWk", long_options, &o)) != -1)
{
switch (c) {
case 0:
@ -206,7 +223,15 @@ static int process_args(int argc, char *argv[])
skip_cache = 1;
break;
case 'h':
display_usage(progname);
if (!optarg) {
display_usage(progname);
} else if (strcmp(optarg, "dump") == 0) {
display_dump(progname);
} else {
PERROR("%s: Invalid --help option %s\n",
progname, optarg);
exit(1);
}
exit(0);
break;
case 'r':
@ -246,12 +271,22 @@ static int process_args(int argc, char *argv[])
subdomainbase = strndup(optarg, PATH_MAX);
break;
case 'D':
dump_vars = 1;
skip_cache = 1;
break;
case 'E':
dump_expanded_vars = 1;
skip_cache = 1;
if (!optarg) {
dump_vars = 1;
} else if (strcmp(optarg, "variables") == 0) {
dump_vars = 1;
} else if (strcmp(optarg, "expanded-variables") == 0) {
dump_expanded_vars = 1;
} else if (strcmp(optarg, "dfa-tree") == 0) {
dfaflags |= DFA_DUMP_TREE;
} else if (strcmp(optarg, "dfa-simple-tree") == 0) {
dfaflags |= DFA_DUMP_SIMPLE_TREE;
} else {
PERROR("%s: Invalid --Dump option %s\n",
progname, optarg);
exit(1);
}
break;
case 'm':
match_string = strdup(optarg);

6
parser/parser_regex.c
View file

@ -523,7 +523,8 @@ static int process_profile_name_xmatch(struct codomain *cod)
aare_delete_ruleset(rule);
return FALSE;
}
cod->xmatch = aare_create_dfa(rule, 0, &cod->xmatch_size);
cod->xmatch = aare_create_dfa(rule, 0, &cod->xmatch_size,
dfaflags);
aare_delete_ruleset(rule);
if (!cod->xmatch)
return FALSE;
@ -666,7 +667,8 @@ int process_regex(struct codomain *cod)
goto out;
if (regex_type == AARE_DFA && cod->dfarule_count > 0) {
cod->dfa = aare_create_dfa(cod->dfarules, 0, &cod->dfa_size);
cod->dfa = aare_create_dfa(cod->dfarules, 0, &cod->dfa_size,
dfaflags);
aare_delete_ruleset(cod->dfarules);
cod->dfarules = NULL;
if (!cod->dfa)