From b43f1c4073402484239e14fc1a8b1213b9c2660d Mon Sep 17 00:00:00 2001 From: Ryan Lee Date: Thu, 10 Oct 2024 10:55:10 -0700 Subject: [PATCH 1/2] Make parser_include push_include_stack take const char because it doesn't actually modify it Signed-off-by: Ryan Lee --- parser/parser_include.c | 2 +- parser/parser_include.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/parser/parser_include.c b/parser/parser_include.c index d708cb8d7..d44670a1b 100644 --- a/parser/parser_include.c +++ b/parser/parser_include.c @@ -202,7 +202,7 @@ static void start_include_position(const char *filename) current_lineno = 1; } -void push_include_stack(char *filename) +void push_include_stack(const char *filename) { struct include_stack_t *include = NULL; diff --git a/parser/parser_include.h b/parser/parser_include.h index 76b5a647c..52050a7c1 100644 --- a/parser/parser_include.h +++ b/parser/parser_include.h @@ -29,7 +29,7 @@ extern void parse_default_paths(void); extern int do_include_preprocessing(char *profilename); FILE *search_path(char *filename, char **fullpath, bool *skip); -extern void push_include_stack(char *filename); +extern void push_include_stack(const char *filename); extern void pop_include_stack(void); extern void reset_include_stack(const char *filename); From 6a1e9f916b66cdd849080918640ca4270cc7a217 Mon Sep 17 00:00:00 2001 From: Ryan Lee Date: Wed, 16 Oct 2024 17:21:24 -0700 Subject: [PATCH 2/2] Replace BOOL,TRUE,FALSE macros with actual C++ boolean type Signed-off-by: Ryan Lee --- parser/mount.cc | 20 ++++----- parser/parser.h | 15 ++----- parser/parser_regex.c | 94 ++++++++++++++++++++-------------------- parser/parser_variable.c | 13 ++---- parser/profile.cc | 14 +++--- parser/profile.h | 2 +- 6 files changed, 72 insertions(+), 86 deletions(-) diff --git a/parser/mount.cc b/parser/mount.cc index f3b9c01a4..3a966a82a 100644 --- a/parser/mount.cc +++ b/parser/mount.cc @@ -677,7 +677,7 @@ int mnt_rule::cmp(rule_t const &rhs) const { return cmp_vec_int(opt_flagsv, rhs_mnt.opt_flagsv); } -static int build_mnt_flags(char *buffer, int size, unsigned int flags, +static bool build_mnt_flags(char *buffer, int size, unsigned int flags, unsigned int opt_flags) { char *p = buffer; @@ -687,8 +687,8 @@ static int build_mnt_flags(char *buffer, int size, unsigned int flags, /* all flags are optional */ len = snprintf(p, size, "%s", default_match_pattern); if (len < 0 || len >= size) - return FALSE; - return TRUE; + return false; + return true; } for (i = 0; i <= 31; ++i) { if ((opt_flags) & (1 << i)) @@ -699,7 +699,7 @@ static int build_mnt_flags(char *buffer, int size, unsigned int flags, continue; if (len < 0 || len >= size) - return FALSE; + return false; p += len; size -= len; } @@ -710,15 +710,15 @@ static int build_mnt_flags(char *buffer, int size, unsigned int flags, * like the empty string */ if (size < 9) - return FALSE; + return false; strcpy(p, "(\\xfe|)"); } - return TRUE; + return true; } -static int build_mnt_opts(std::string& buffer, struct value_list *opts) +static bool build_mnt_opts(std::string& buffer, struct value_list *opts) { struct value_list *ent; pattern_t ptype; @@ -726,19 +726,19 @@ static int build_mnt_opts(std::string& buffer, struct value_list *opts) if (!opts) { buffer.append(default_match_pattern); - return TRUE; + return true; } list_for_each(opts, ent) { ptype = convert_aaregex_to_pcre(ent->value, 0, glob_default, buffer, &pos); if (ptype == ePatternInvalid) - return FALSE; + return false; if (ent->next) buffer.append(","); } - return TRUE; + return true; } void mnt_rule::warn_once(const char *name) diff --git a/parser/parser.h b/parser/parser.h index 6f0425c81..10cb29a2a 100644 --- a/parser/parser.h +++ b/parser/parser.h @@ -185,8 +185,6 @@ struct var_string { #define OPTION_STDOUT 4 #define OPTION_OFILE 5 -#define BOOL int - extern int preprocess_only; #define PATH_CHROOT_REL 0x1 @@ -219,13 +217,6 @@ do { \ errno = perror_error; \ } while (0) -#ifndef TRUE -#define TRUE (1) -#endif -#ifndef FALSE -#define FALSE (0) -#endif - #define MIN_PORT 0 #define MAX_PORT 65535 @@ -429,10 +420,10 @@ extern const char *basedir; #define glob_null 1 extern pattern_t convert_aaregex_to_pcre(const char *aare, int anchor, int glob, std::string& pcre, int *first_re_pos); -extern int build_list_val_expr(std::string& buffer, struct value_list *list); -extern int convert_entry(std::string& buffer, char *entry); +extern bool build_list_val_expr(std::string& buffer, struct value_list *list); +extern bool convert_entry(std::string& buffer, char *entry); extern int clear_and_convert_entry(std::string& buffer, char *entry); -extern int convert_range(std::string& buffer, bignum start, bignum end); +extern bool convert_range(std::string& buffer, bignum start, bignum end); extern int process_regex(Profile *prof); extern int post_process_entry(struct cod_entry *entry); diff --git a/parser/parser_regex.c b/parser/parser_regex.c index 7810458d5..07e5a5cb3 100644 --- a/parser/parser_regex.c +++ b/parser/parser_regex.c @@ -50,7 +50,7 @@ enum error_type { void filter_slashes(char *path) { char *sptr, *dptr; - BOOL seen_slash = 0; + bool seen_slash = false; if (!path || (strlen(path) < 2)) return; @@ -69,7 +69,7 @@ void filter_slashes(char *path) ++sptr; } else { *dptr++ = *sptr++; - seen_slash = TRUE; + seen_slash = true; } } else { seen_slash = 0; @@ -111,14 +111,14 @@ pattern_t convert_aaregex_to_pcre(const char *aare, int anchor, int glob, #define MAX_ALT_DEPTH 50 *first_re_pos = 0; - int ret = TRUE; + int ret = 1; /* flag to indicate input error */ enum error_type error; const char *sptr; pattern_t ptype; - BOOL bEscape = 0; /* flag to indicate escape */ + bool bEscape = false; /* flag to indicate escape */ int ingrouping = 0; /* flag to indicate {} context */ int incharclass = 0; /* flag to indicate [ ] context */ int grouping_count[MAX_ALT_DEPTH] = {0}; @@ -150,7 +150,7 @@ pattern_t convert_aaregex_to_pcre(const char *aare, int anchor, int glob, if (bEscape) { pcre.append("\\\\"); } else { - bEscape = TRUE; + bEscape = true; ++sptr; continue; /*skip turning bEscape off */ } /* bEscape */ @@ -393,7 +393,7 @@ pattern_t convert_aaregex_to_pcre(const char *aare, int anchor, int glob, break; } /* switch (*sptr) */ - bEscape = FALSE; + bEscape = false; ++sptr; } /* while error == e_no_error && *sptr) */ @@ -419,12 +419,12 @@ pattern_t convert_aaregex_to_pcre(const char *aare, int anchor, int glob, PERROR(_("%s: Unable to parse input line '%s'\n"), progname, aare); - ret = FALSE; + ret = 0; goto out; } out: - if (ret == FALSE) + if (ret == 0) ptype = ePatternInvalid; if (parseopts.dump & DUMP_DFA_RULE_EXPR) @@ -464,7 +464,7 @@ static void warn_once_xattr(const char *name) common_warn_once(name, "xattr attachment conditional ignored", &warned_name); } -static int process_profile_name_xmatch(Profile *prof) +static bool process_profile_name_xmatch(Profile *prof) { std::string tbuf; pattern_t ptype; @@ -479,7 +479,7 @@ static int process_profile_name_xmatch(Profile *prof) /* don't filter_slashes for profile names, do on attachment */ name = strdup(local_name(prof->name)); if (!name) - return FALSE; + return false; } filter_slashes(name); ptype = convert_aaregex_to_pcre(name, 0, glob_default, tbuf, @@ -491,7 +491,7 @@ static int process_profile_name_xmatch(Profile *prof) PERROR(_("%s: Invalid profile name '%s' - bad regular expression\n"), progname, name); if (!prof->attachment) free(name); - return FALSE; + return false; } if (!prof->attachment) @@ -506,11 +506,11 @@ static int process_profile_name_xmatch(Profile *prof) /* build a dfa */ aare_rules *rules = new aare_rules(); if (!rules) - return FALSE; + return false; if (!rules->add_rule(tbuf.c_str(), 0, RULE_ALLOW, AA_MAY_EXEC, 0, parseopts)) { delete rules; - return FALSE; + return false; } if (prof->altnames) { struct alt_name *alt; @@ -525,7 +525,7 @@ static int process_profile_name_xmatch(Profile *prof) RULE_ALLOW, AA_MAY_EXEC, 0, parseopts)) { delete rules; - return FALSE; + return false; } } } @@ -567,7 +567,7 @@ static int process_profile_name_xmatch(Profile *prof) &len); if (!rules->append_rule(tbuf.c_str(), true, true, parseopts)) { delete rules; - return FALSE; + return false; } } } @@ -581,10 +581,10 @@ build: prof->xmatch = rules->create_dfablob(&prof->xmatch_size, &prof->xmatch_len, prof->xmatch_perms_table, parseopts, false, false, false); delete rules; if (!prof->xmatch) - return FALSE; + return false; } - return TRUE; + return true; } static int warn_change_profile = 1; @@ -606,21 +606,21 @@ static bool is_change_profile_perms(perm32_t perms) return perms & AA_CHANGE_PROFILE; } -static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry) +static bool process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry) { std::string tbuf; pattern_t ptype; int pos; if (!entry) /* shouldn't happen */ - return TRUE; + return false; if (!is_change_profile_perms(entry->perms)) filter_slashes(entry->name); ptype = convert_aaregex_to_pcre(entry->name, 0, glob_default, tbuf, &pos); if (ptype == ePatternInvalid) - return FALSE; + return false; entry->pattern_type = ptype; @@ -649,13 +649,13 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry) entry->perms & ~(AA_LINK_BITS | AA_CHANGE_PROFILE), entry->audit == AUDIT_FORCE ? entry->perms & ~(AA_LINK_BITS | AA_CHANGE_PROFILE) : 0, parseopts)) - return FALSE; + return false; } else if (!is_change_profile_perms(entry->perms)) { if (!dfarules->add_rule(tbuf.c_str(), entry->priority, entry->rule_mode, entry->perms, entry->audit == AUDIT_FORCE ? entry->perms : 0, parseopts)) - return FALSE; + return false; } if (entry->perms & (AA_LINK_BITS)) { @@ -669,7 +669,7 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry) filter_slashes(entry->link_name); ptype = convert_aaregex_to_pcre(entry->link_name, 0, glob_default, lbuf, &pos); if (ptype == ePatternInvalid) - return FALSE; + return false; if (entry->subset) perms |= LINK_TO_LINK_SUBSET(perms); vec[1] = lbuf.c_str(); @@ -681,7 +681,7 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry) entry->rule_mode, perms, entry->audit == AUDIT_FORCE ? perms & AA_LINK_BITS : 0, 2, vec, parseopts, false)) - return FALSE; + return false; } if (is_change_profile_perms(entry->perms)) { const char *vec[3]; @@ -702,7 +702,7 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry) if (entry->onexec) { ptype = convert_aaregex_to_pcre(entry->onexec, 0, glob_default, xbuf, &pos); if (ptype == ePatternInvalid) - return FALSE; + return false; vec[0] = xbuf.c_str(); } else /* allow change_profile for all execs */ @@ -713,14 +713,14 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry) if (!parse_label(&stack, &ns, &name, tbuf.c_str(), false)) { - return FALSE; + return false; } if (stack) { fprintf(stderr, _("The current kernel does not support stacking of named transitions: %s\n"), tbuf.c_str()); - return FALSE; + return false; } if (ns) @@ -734,13 +734,13 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry) if (!dfarules->add_rule_vec(entry->priority, entry->rule_mode, AA_CHANGE_PROFILE | onexec_perms, 0, index - 1, &vec[1], parseopts, false)) - return FALSE; + return false; /* onexec rules - both rules are needed for onexec */ if (!dfarules->add_rule_vec(entry->priority, entry->rule_mode, onexec_perms, 0, 1, vec, parseopts, false)) - return FALSE; + return false; /** * pick up any exec bits, from the frontend parser, related to @@ -750,19 +750,19 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry) if (!dfarules->add_rule_vec(entry->priority, entry->rule_mode, onexec_perms, 0, index, vec, parseopts, false)) - return FALSE; + return false; } - return TRUE; + return true; } -int post_process_entries(Profile *prof) +bool post_process_entries(Profile *prof) { - int ret = TRUE; + int ret = true; struct cod_entry *entry; list_for_each(prof->entries, entry) { if (!process_dfa_entry(prof->dfa.rules, entry)) - ret = FALSE; + ret = false; } return ret; @@ -815,7 +815,7 @@ out: return error; } -int build_list_val_expr(std::string& buffer, struct value_list *list) +bool build_list_val_expr(std::string& buffer, struct value_list *list) { struct value_list *ent; pattern_t ptype; @@ -823,7 +823,7 @@ int build_list_val_expr(std::string& buffer, struct value_list *list) if (!list) { buffer.append(default_match_pattern); - return TRUE; + return true; } buffer.append("("); @@ -840,12 +840,12 @@ int build_list_val_expr(std::string& buffer, struct value_list *list) } buffer.append(")"); - return TRUE; + return true; fail: - return FALSE; + return false; } -int convert_entry(std::string& buffer, char *entry) +bool convert_entry(std::string& buffer, char *entry) { pattern_t ptype; int pos; @@ -853,12 +853,12 @@ int convert_entry(std::string& buffer, char *entry) if (entry) { ptype = convert_aaregex_to_pcre(entry, 0, glob_default, buffer, &pos); if (ptype == ePatternInvalid) - return FALSE; + return false; } else { buffer.append(default_match_pattern); } - return TRUE; + return true; } int clear_and_convert_entry(std::string& buffer, char *entry) @@ -959,7 +959,7 @@ static std::string generate_regex_range(bignum start, bignum end) return result.str(); } -int convert_range(std::string& buffer, bignum start, bignum end) +bool convert_range(std::string& buffer, bignum start, bignum end) { pattern_t ptype; int pos; @@ -969,24 +969,24 @@ int convert_range(std::string& buffer, bignum start, bignum end) if (!regex_range.empty()) { ptype = convert_aaregex_to_pcre(regex_range.c_str(), 0, glob_default, buffer, &pos); if (ptype == ePatternInvalid) - return FALSE; + return false; } else { buffer.append(default_match_pattern); } - return TRUE; + return true; } -int post_process_policydb_ents(Profile *prof) +bool post_process_policydb_ents(Profile *prof) { for (RuleList::iterator i = prof->rule_ents.begin(); i != prof->rule_ents.end(); i++) { if ((*i)->skip()) continue; if ((*i)->gen_policy_re(*prof) == RULE_ERROR) - return FALSE; + return false; } - return TRUE; + return true; } diff --git a/parser/parser_variable.c b/parser/parser_variable.c index 35bbd7dd7..69ef7a7e3 100644 --- a/parser/parser_variable.c +++ b/parser/parser_variable.c @@ -79,7 +79,7 @@ struct var_string *split_out_var(const char *string) { struct var_string *n = NULL; const char *sptr; - BOOL bEscape = 0; /* flag to indicate escape */ + bool bEscape = false; /* flag to indicate escape */ if (!string) /* shouldn't happen */ return NULL; @@ -89,15 +89,11 @@ struct var_string *split_out_var(const char *string) while (!n && *sptr) { switch (*sptr) { case '\\': - if (bEscape) { - bEscape = FALSE; - } else { - bEscape = TRUE; - } + bEscape = !bEscape; break; case '@': if (bEscape) { - bEscape = FALSE; + bEscape = false; } else if (*(sptr + 1) == '{') { const char *eptr = get_var_end(sptr + 2); if (!eptr) @@ -111,8 +107,7 @@ struct var_string *split_out_var(const char *string) } break; default: - if (bEscape) - bEscape = FALSE; + bEscape = false; } sptr++; } diff --git a/parser/profile.cc b/parser/profile.cc index 71f423b0f..d43913581 100644 --- a/parser/profile.cc +++ b/parser/profile.cc @@ -226,13 +226,13 @@ static bool add_proc_access(Profile *prof, const char *rule) char *buffer = strdup("/proc/*/attr/apparmor/"); if (!buffer) { PERROR("Memory allocation error\n"); - return FALSE; + return false; } new_ent = new_entry(buffer, AA_MAY_READ, NULL); if (!new_ent) { free(buffer); PERROR("Memory allocation error\n"); - return FALSE; + return false; } add_entry_to_policy(prof, new_ent); @@ -240,13 +240,13 @@ static bool add_proc_access(Profile *prof, const char *rule) buffer = strdup("/sys/module/apparmor/parameters/enabled"); if (!buffer) { PERROR("Memory allocation error\n"); - return FALSE; + return false; } new_ent = new_entry(buffer, AA_MAY_READ, NULL); if (!new_ent) { free(buffer); PERROR("Memory allocation error\n"); - return FALSE; + return false; } add_entry_to_policy(prof, new_ent); @@ -254,17 +254,17 @@ static bool add_proc_access(Profile *prof, const char *rule) buffer = strdup(rule); if (!buffer) { PERROR("Memory allocation error\n"); - return FALSE; + return false; } new_ent = new_entry(buffer, AA_MAY_WRITE, NULL); if (!new_ent) { free(buffer); PERROR("Memory allocation error\n"); - return FALSE; + return false; } add_entry_to_policy(prof, new_ent); - return TRUE; + return true; } #define CHANGEPROFILE_PATH "/proc/*/attr/{apparmor/,}{current,exec}" diff --git a/parser/profile.h b/parser/profile.h index 2c13be17b..370bdaa4b 100644 --- a/parser/profile.h +++ b/parser/profile.h @@ -363,7 +363,7 @@ public: struct cond_entry_list xattrs; /* char *sub_name; */ /* subdomain name or NULL */ - /* int default_deny; */ /* TRUE or FALSE */ + /* bool default_deny; */ bool local; Profile *parent;