diff --git a/Makefile b/Makefile index 2793187a2..99f2edadf 100644 --- a/Makefile +++ b/Makefile @@ -49,6 +49,9 @@ export_dir: .PHONY: clean clean: -rm -rf ${RELEASE_DIR} ./apparmor-${VERSION}~* + for dir in $(DIRS); do \ + make -C $$dir clean; \ + done .PHONY: setup setup: diff --git a/parser/Makefile b/parser/Makefile index 37d60095b..de9a54bba 100644 --- a/parser/Makefile +++ b/parser/Makefile @@ -73,29 +73,31 @@ EXTRA_CFLAGS+=-DPACKAGE=\"${NAME}\" -DLOCALEDIR=\"${LOCALEDIR}\" # Compile-time configuration of the location of the config file EXTRA_CFLAGS+=-DSUBDOMAIN_CONFDIR=\"${CONFDIR}\" -SRCS = parser_include.c parser_interface.c parser_lex.c parser_main.c \ - parser_misc.c parser_merge.c parser_symtab.c parser_yacc.c \ - parser_regex.c parser_variable.c parser_policy.c parser_alias.c +SRCS = parser_common.c parser_include.c parser_interface.c parser_lex.c \ + parser_main.c parser_misc.c parser_merge.c parser_symtab.c \ + parser_yacc.c parser_regex.c parser_variable.c parser_policy.c \ + parser_alias.c HDRS = parser.h parser_include.h immunix.h TOOLS = apparmor_parser -OBJECTS = parser_lex.o parser_yacc.o parser_main.o parser_interface.o \ - parser_include.o parser_merge.o parser_symtab.o parser_misc.o \ - parser_regex.o parser_variable.o parser_policy.o parser_alias.o +OBJECTS = $(SRCS:.c=.o) AAREDIR= libapparmor_re -AAREOBJECTS = ${AAREDIR}/libapparmor_re.a +AAREOBJECT = ${AAREDIR}/libapparmor_re.a +AAREOBJECTS = $(AAREOBJECT) libstdc++.a +AARE_LDFLAGS=-static-libgcc -L. LEX_C_FILES = parser_lex.c YACC_C_FILES = parser_yacc.c parser_yacc.h TESTS = tst_regex tst_misc tst_symtab tst_variable -TEST_FLAGS = -Wl,--warn-unresolved-symbols -DISABLED_TESTS = - -TEST_OBJECTS = $(filter-out parser_lex.o, \ - $(filter-out parser_yacc.o, \ - $(filter-out parser_main.o, ${OBJECTS}))) +TEST_CFLAGS = $(EXTRA_CFLAGS) -DUNIT_TEST -Wno-unused-result +TEST_OBJECTS = $(filter-out \ + parser_lex.o \ + parser_yacc.o \ + parser_main.o, ${OBJECTS}) \ + $(AAREOBJECTS) +TEST_LDFLAGS = $(AARE_LDFLAGS) ifdef V VERBOSE = 1 @@ -141,11 +143,14 @@ docs: manpages htmlmanpages pdf all: main docs tests -apparmor_parser: $(OBJECTS) $(AAREOBJECTS) +.PHONY: libstdc++.a +libstdc++.a: rm -f ./libstdc++.a ln -s `g++ -print-file-name=libstdc++.a` + +apparmor_parser: $(OBJECTS) $(AAREOBJECTS) g++ $(EXTRA_CFLAGS) -o $@ $(OBJECTS) $(LIBS) \ - ${LEXLIB} $(AAREOBJECTS) -static-libgcc -L. + ${LEXLIB} $(AAREOBJECTS) $(AARE_LDFLAGS) parser_yacc.c parser_yacc.h: parser_yacc.y parser.h $(YACC) $(YFLAGS) -o parser_yacc.c parser_yacc.y @@ -209,17 +214,8 @@ af_names.h: /usr/include/bits/socket.h cap_names.h: /usr/include/linux/capability.h LC_ALL=C sed -n -e "/CAP_EMPTY_SET/d" -e "s/^\#define[ \\t]\\+CAP_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9xa-f]\\+\\)\\(.*\\)\$$/\{\"\\L\\1\", \\UCAP_\\1\},/p" $< > $@ -tst_symtab: parser_symtab.c parser.h parser_variable.o - $(Q)$(CC) -DUNIT_TEST $(EXTRA_CFLAGS) $(TEST_FLAGS) -o $@ $< parser_variable.o $(BUILD_OUTPUT) - -tst_variable: parser_variable.c parser.h $(filter-out parser_variable.o, ${TEST_OBJECTS}) - $(Q)$(CC) -DUNIT_TEST $(EXTRA_CFLAGS) $(TEST_FLAGS) -o $@ $< $(filter-out parser_variable.o, ${TEST_OBJECTS}) $(BUILD_OUTPUT) - -tst_misc: parser_misc.c parser.h parser_yacc.h af_names.h cap_names.h - $(Q)$(CC) -DUNIT_TEST $(EXTRA_CFLAGS) $(TEST_FLAGS) -o $@ $< $(BUILD_OUTPUT) - -tst_regex: parser_regex.c parser.h parser_yacc.h - $(Q)$(CC) -DUNIT_TEST $(EXTRA_CFLAGS) $(TEST_FLAGS) -o $@ $< $(BUILD_OUTPUT) +tst_%: parser_%.c parser.h $(filter-out parser_%.o, ${TEST_OBJECTS}) + $(CC) $(TEST_CFLAGS) -o $@ $< $(filter-out $(<:.c=.o), ${TEST_OBJECTS}) $(TEST_LDFLAGS) .SILENT: check .PHONY: check @@ -227,16 +223,16 @@ check: tests .SILENT: tests tests: ${TESTS} - sh -e -c 'for test in ${TESTS} ; do echo "*** running $${test}" && ./$${test} $(BUILD_OUTPUT) ; done' + sh -e -c 'for test in ${TESTS} ; do echo "*** running $${test}" && ./$${test}; done' $(Q)make -s -C tst tests .SILENT: check check: tests # always need to rebuild. -.SILENT: $(AAREOBJECTS) -.PHONY: $(AAREOBJECTS) -$(AAREOBJECTS): +.SILENT: $(AAREOBJECT) +.PHONY: $(AAREOBJECT) +$(AAREOBJECT): make -C $(AAREDIR) CFLAGS="$(EXTRA_CXXFLAGS)" .PHONY: install-rhel4 @@ -297,7 +293,6 @@ clean: _clean rm -f $(YACC_C_FILES) rm -f parser_version.h rm -f $(NAME)*.tar.gz $(NAME)*.tgz - rm -f libstdc++.a rm -f af_names.h rm -f cap_names.h rm -rf techdoc.aux techdoc.log techdoc.pdf techdoc.toc techdor.txt techdoc/ diff --git a/parser/parser.h b/parser/parser.h index d7cd49af7..3677506ad 100644 --- a/parser/parser.h +++ b/parser/parser.h @@ -179,13 +179,8 @@ struct var_string { #define FLAG_CHANGEHAT_1_4 2 #define FLAG_CHANGEHAT_1_5 3 -extern int kernel_supports_network; -extern int net_af_max_override; -extern int flag_changehat_version; -extern int read_implies_exec; -extern dfaflags_t dfaflags; + extern int preprocess_only; -extern FILE *ofile; #define PATH_CHROOT_REL 0x1 #define PATH_NS_REL 0x2 @@ -228,23 +223,34 @@ extern FILE *ofile; #define list_last_entry(LIST, ENTRY) \ for ((ENTRY) = (LIST); (ENTRY) && (ENTRY)->next; (ENTRY) = (ENTRY)->next) -/* Some external definitions to make b0rken programs happy */ +/* from parser_common.c */ +extern int regex_type; +extern int perms_create; +extern int net_af_max_override; +extern int kernel_load; +extern int kernel_supports_network; +extern int flag_changehat_version; +extern int conf_verbose; +extern int conf_quiet; +extern int names_only; +extern int option; +extern int current_lineno; +extern dfaflags_t dfaflags; extern char *progname; extern char *subdomainbase; extern char *profilename; extern char *profile_namespace; - -/* from parser_main */ -extern int force_complain; -extern int conf_quiet; -extern int conf_verbose; -extern int kernel_load; -extern int regex_type; -extern int perms_create; -extern struct timespec mru_tstamp; -extern void update_mru_tstamp(FILE *file); +extern char *current_filename; +extern FILE *ofile; +extern int read_implies_exec; extern void pwarn(char *fmt, ...) __attribute__((__format__(__printf__, 1, 2))); +/* from parser_main (cannot be used in tst builds) */ +extern int force_complain; +extern struct timespec mru_tstamp; +extern void update_mru_tstamp(FILE *file); + +/* provided by parser_lex.l (cannot be used in tst builds) */ extern FILE *yyin; extern void yyrestart(FILE *fp); extern int yyparse(void); @@ -340,3 +346,32 @@ extern void dump_policy_hats(struct codomain *cod); extern void dump_policy_names(void); extern int die_if_any_regex(void); void free_policies(void); + +#ifdef UNIT_TEST +/* For the unit-test builds, we must include function stubs for stuff that + * only exists in the excluded object files; everything else should live + * in parser_common.c. + */ + +/* parser_yacc.y */ +void yyerror(char *msg, ...) +{ + va_list arg; + char buf[PATH_MAX]; + + va_start(arg, msg); + vsnprintf(buf, sizeof(buf), msg, arg); + va_end(arg); + + PERROR(_("AppArmor parser error: %s\n"), buf); + + exit(1); +} + +#define MY_TEST(statement, error) \ + if (!(statement)) { \ + PERROR("FAIL: %s\n", error); \ + rc = 1; \ + } + +#endif diff --git a/parser/parser_common.c b/parser/parser_common.c new file mode 100644 index 000000000..f409f8792 --- /dev/null +++ b/parser/parser_common.c @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2010, 2011 + * Canonical, Ltd. (All rights reserved) + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of version 2 of the GNU General Public + * License published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, contact Novell, Inc. or Canonical, + * Ltd. + */ +#include +#include +#include +#include +#define _(s) gettext(s) +#include "parser.h" + +int regex_type = AARE_DFA; +int perms_create = 0; /* perms contain create flag */ +int net_af_max_override = -1; /* use kernel to determine af_max */ +int kernel_load = 1; +int kernel_supports_network = 1; /* kernel supports network rules */ +int flag_changehat_version = FLAG_CHANGEHAT_1_5; +int conf_verbose = 0; +int conf_quiet = 0; +int names_only = 0; +int current_lineno = 1; +int option = OPTION_ADD; + +dfaflags_t dfaflags = DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE | DFA_CONTROL_MINIMIZE | DFA_CONTROL_MINIMIZE_HASH_TRANS | DFA_CONTROL_MINIMIZE_HASH_PERMS; + +char *subdomainbase = NULL; +char *progname = __FILE__; +char *profile_namespace = NULL; +char *profilename = NULL; +char *current_filename = NULL; + +FILE *ofile = NULL; + +#ifdef FORCE_READ_IMPLIES_EXEC +int read_implies_exec = 1; +#else +int read_implies_exec = 0; +#endif + +void pwarn(char *fmt, ...) +{ + va_list arg; + char *newfmt; + int rc; + + if (conf_quiet || names_only || option == OPTION_REMOVE) + return; + + rc = asprintf(&newfmt, _("Warning from %s (%s%sline %d): %s"), + profilename ? profilename : "stdin", + current_filename ? current_filename : "", + current_filename ? " " : "", + current_lineno, + fmt); + if (!newfmt) + return; + + va_start(arg, fmt); + vfprintf(stderr, newfmt, arg); + va_end(arg); + + free(newfmt); +} diff --git a/parser/parser_include.h b/parser/parser_include.h index cbcfc1d16..505bf48c1 100644 --- a/parser/parser_include.h +++ b/parser/parser_include.h @@ -21,8 +21,6 @@ #define PARSER_INCLUDE_H extern int preprocess_only; -extern int current_lineno; -extern char *current_filename; extern int add_search_dir(char *dir); extern void init_base_dir(void); diff --git a/parser/parser_lex.l b/parser/parser_lex.l index b78300ed4..f833b14ce 100644 --- a/parser/parser_lex.l +++ b/parser/parser_lex.l @@ -54,9 +54,6 @@ #define YY_NO_INPUT -int current_lineno = 1; -char *current_filename = NULL; - struct ignored_suffix_t { char * text; int len; diff --git a/parser/parser_main.c b/parser/parser_main.c index 1151219ec..ec1852f36 100644 --- a/parser/parser_main.c +++ b/parser/parser_main.c @@ -2,7 +2,7 @@ * Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 * NOVELL (All rights reserved) * - * Copyright (c) 2010 + * Copyright (c) 2010, 2011 * Canonical, Ltd. (All rights reserved) * * This program is free software; you can redistribute it and/or @@ -58,46 +58,26 @@ #define UNPRIVILEGED_OPS (!(PRIVILEGED_OPS)) const char *parser_title = "AppArmor parser"; -const char *parser_copyright = "Copyright (C) 1999-2008 Novell Inc.\nCopyright 2009-2010 Canonical Ltd."; +const char *parser_copyright = "Copyright (C) 1999-2008 Novell Inc.\nCopyright 2009-2011 Canonical Ltd."; char *progname; -int option = OPTION_ADD; int opt_force_complain = 0; int binary_input = 0; -int names_only = 0; int dump_vars = 0; int dump_expanded_vars = 0; -dfaflags_t dfaflags = DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE | DFA_CONTROL_MINIMIZE | DFA_CONTROL_MINIMIZE_HASH_TRANS | DFA_CONTROL_MINIMIZE_HASH_PERMS; -int conf_verbose = 0; -int conf_quiet = 0; -int kernel_load = 1; int show_cache = 0; int skip_cache = 0; int skip_read_cache = 0; int write_cache = 0; -#ifdef FORCE_READ_IMPLIES_EXEC -int read_implies_exec = 1; -#else -int read_implies_exec = 0; -#endif int preprocess_only = 0; int skip_mode_force = 0; struct timespec mru_tstamp; -char *subdomainbase = NULL; char *match_string = NULL; char *flags_string = NULL; -int regex_type = AARE_DFA; -int perms_create = 0; /* perms contain create flag */ -int kernel_supports_network = 1; /* kernel supports network rules */ -int net_af_max_override = -1; /* use kernel to determine af_max */ -char *profile_namespace = NULL; -int flag_changehat_version = FLAG_CHANGEHAT_1_5; -FILE *ofile = NULL; /* per-profile settings */ int force_complain = 0; -char *profilename = NULL; struct option long_options[] = { {"add", 0, 0, 'a'}, @@ -322,31 +302,6 @@ static void display_optimize(char *command) print_flag_table(optflag_table); } -void pwarn(char *fmt, ...) -{ - va_list arg; - char *newfmt; - int rc; - - if (conf_quiet || names_only || option == OPTION_REMOVE) - return; - - rc = asprintf(&newfmt, _("Warning from %s (%s%sline %d): %s"), - profilename ? profilename : "stdin", - current_filename ? current_filename : "", - current_filename ? " " : "", - current_lineno, - fmt); - if (!newfmt) - return; - - va_start(arg, fmt); - vfprintf(stderr, newfmt, arg); - va_end(arg); - - free(newfmt); -} - static int process_args(int argc, char *argv[]) { int c, o; diff --git a/parser/parser_misc.c b/parser/parser_misc.c index c767716eb..90aea161a 100644 --- a/parser/parser_misc.c +++ b/parser/parser_misc.c @@ -929,27 +929,6 @@ void debug_cod_list(struct codomain *cod) } #ifdef UNIT_TEST -#define MY_TEST(statement, error) \ - if (!(statement)) { \ - PERROR("FAIL: %s\n", error); \ - rc = 1; \ - } - -/* Guh, fake routine */ -void yyerror(char *msg, ...) -{ - va_list arg; - char buf[PATH_MAX]; - - va_start(arg, msg); - vsnprintf(buf, sizeof(buf), msg, arg); - va_end(arg); - - PERROR(_("AppArmor parser error: %s\n"), buf); - - exit(1); -} - int test_str_to_boolean(void) { int rc = 0; @@ -973,7 +952,7 @@ int test_str_to_boolean(void) int test_processunquoted(void) { int rc = 0; - const char *teststring, *processedstring; + char *teststring, *processedstring; teststring = ""; MY_TEST(strcmp(teststring, processunquoted(teststring, strlen(teststring))) == 0, @@ -1001,7 +980,7 @@ int test_processunquoted(void) int test_processquoted(void) { int rc = 0; - const char *teststring, *processedstring; + char *teststring, *processedstring; char *out; teststring = ""; diff --git a/parser/parser_regex.c b/parser/parser_regex.c index 7aa8e2332..f5de63a48 100644 --- a/parser/parser_regex.c +++ b/parser/parser_regex.c @@ -617,29 +617,6 @@ void reset_regex(void) } #ifdef UNIT_TEST -#define MY_TEST(statement, error) \ - if (!(statement)) { \ - PERROR("FAIL: %s\n", error); \ - rc = 1; \ - } - -/* Guh, fake routine */ -void yyerror(char *msg, ...) -{ - va_list arg; - char buf[PATH_MAX]; - - va_start(arg, msg); - vsnprintf(buf, sizeof(buf), msg, arg); - va_end(arg); - - PERROR(_("AppArmor parser error: %s\n"), buf); - - exit(1); -} -/* Guh, fake symbol */ -char *progname; - static int test_filter_slashes(void) { int rc = 0; diff --git a/parser/parser_symtab.c b/parser/parser_symtab.c index 420ecaf28..6deb328bc 100644 --- a/parser/parser_symtab.c +++ b/parser/parser_symtab.c @@ -539,30 +539,6 @@ void free_symtabs(void) } #ifdef UNIT_TEST -#define MY_TEST(statement, error) \ - if (!(statement)) { \ - PERROR("FAIL: %s\n", error); \ - rc = 1; \ - } - -/* Guh, fake symbol */ -char *progname; - -/* Guh, fake routine */ -void yyerror(char *msg, ...) -{ - va_list arg; - char buf[PATH_MAX]; - - va_start(arg, msg); - vsnprintf(buf, sizeof(buf), msg, arg); - va_end(arg); - - PERROR(_("AppArmor parser error: %s\n"), buf); - - exit(1); -} - int main(void) { int rc = 0; @@ -589,7 +565,7 @@ int main(void) retval = new_set_var("test", "different value"); MY_TEST(retval != 0, "new set variable 2"); - retval = new_set_var("testes", "testes"); + retval = new_set_var("testing", "testing"); MY_TEST(retval == 0, "new set variable 3"); retval = new_set_var("monopuff", "Mockingbird"); diff --git a/parser/parser_variable.c b/parser/parser_variable.c index e9427f56d..1afae188f 100644 --- a/parser/parser_variable.c +++ b/parser/parser_variable.c @@ -216,29 +216,6 @@ int process_variables(struct codomain *cod) } #ifdef UNIT_TEST -#define MY_TEST(statement, error) \ - if (!(statement)) { \ - PERROR("FAIL: %s\n", error); \ - rc = 1; \ - } - -/* Guh, fake routine */ -void yyerror(char *msg, ...) -{ - va_list arg; - char buf[PATH_MAX]; - - va_start(arg, msg); - vsnprintf(buf, sizeof(buf), msg, arg); - va_end(arg); - - PERROR(_("AppArmor parser error: %s\n"), buf); - - exit(1); -} -/* Guh, fake symbol */ -char *progname; - int test_get_var_end(void) { int rc = 0; @@ -277,7 +254,7 @@ int test_split_string(void) char *var = "boogie"; char *suffix = "suffixication"; - (void) asprintf(&tst_string, "%s@{%s}%s", prefix, var, suffix); + asprintf(&tst_string, "%s@{%s}%s", prefix, var, suffix); var_start = tst_string + strlen(prefix); var_end = var_start + strlen(var) + strlen("@\{"); ret_struct = split_string(tst_string, var_start, var_end);