mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: [patch 05/12] Make the af type protocol mappings available for use

Browse source 
before the af type protocol mappings patch was applied, a single rule could
result in multiple rule entries being created. The af type protocol mappings
patch broke this by apply only the first of the mappings that could be
found.

Restore the previous behavior by search through the entire table until
all matches have been made.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
This commit is contained in:
John Johansen 2014-08-25 15:29:20 -07:00
parent 9e37c3278e
commit 659e5ff11d
2 changed files with 21 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
parser/network.c
View file

@ -249,22 +249,27 @@ struct aa_network_entry *new_network_ent(unsigned int family,
}
const struct network_tuple *net_find_mapping(const char *family,
const struct network_tuple *net_find_mapping(const struct network_tuple *map,
const char *family,
const char *type,
const char *protocol)
{
int i;
if (!map)
map = network_mappings;
else
/* assumes it points to last entry returned */
map++;
for (i = 0; network_mappings[i].family_name; i++) {
for (; map->family_name; map++) {
if (family) {
PDEBUG("Checking family %s\n", network_mappings[i].family_name);
if (strcmp(family, network_mappings[i].family_name) != 0)
PDEBUG("Checking family %s\n", map->family_name);
if (strcmp(family, map->family_name) != 0)
continue;
PDEBUG("Found family %s\n", family);
}
if (type) {
PDEBUG("Checking type %s\n", network_mappings[i].type_name);
if (strcmp(type, network_mappings[i].type_name) != 0)
PDEBUG("Checking type %s\n", map->type_name);
if (strcmp(type, map->type_name) != 0)
continue;
PDEBUG("Found type %s\n", type);
}
@ -272,12 +277,12 @@ const struct network_tuple *net_find_mapping(const char *family,
/* allows the proto to be the "type", ie. tcp implies
* stream */
if (!type) {
PDEBUG("Checking protocol type %s\n", network_mappings[i].type_name);
if (strcmp(protocol, network_mappings[i].type_name) == 0)
PDEBUG("Checking protocol type %s\n", map->type_name);
if (strcmp(protocol, map->type_name) == 0)
goto match;
}
PDEBUG("Checking type %s protocol %s\n", network_mappings[i].type_name, network_mappings[i].protocol_name);
if (strcmp(protocol, network_mappings[i].protocol_name) != 0)
PDEBUG("Checking type %s protocol %s\n", map->type_name, map->protocol_name);
if (strcmp(protocol, map->protocol_name) != 0)
continue;
/* fixme should we allow specifying protocol by #
* without needing the protocol mapping? */
@ -285,7 +290,7 @@ const struct network_tuple *net_find_mapping(const char *family,
/* if we get this far we have a match */
match:
return &network_mappings[i];
return map;
}
return NULL;
@ -295,9 +300,9 @@ struct aa_network_entry *network_entry(const char *family, const char *type,
const char *protocol)
{
struct aa_network_entry *new_entry, *entry = NULL;
const struct network_tuple *mapping = net_find_mapping(family, type, protocol);
const struct network_tuple *mapping = NULL;
if (mapping) {
while ((mapping = net_find_mapping(mapping, family, type, protocol))) {
new_entry = new_network_ent(mapping->family, mapping->type,
mapping->protocol);
if (!new_entry)

3
parser/network.h
View file

@ -88,7 +88,8 @@ int net_find_type_val(const char *type);
const char *net_find_type_name(int type);
int net_find_af_val(const char *af);
const char *net_find_af_name(unsigned int af);
const struct network_tuple *net_find_mapping(const char *family,
const struct network_tuple *net_find_mapping(const struct network_tuple *map,
const char *family,
const char *type,
const char *protocol);