mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

parser: add flags to rule_t

Browse source 
In preparation for file rules and rule duplication removal add
flags to rule_t with the first flag indicating if the rule is
deleted.

We do this instead of actually deleting the rule so we can hold
on to the rule for debug and printing output in the future.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2021-09-19 00:59:45 -07:00
parent 1acc90e06a
commit b061155c9a
4 changed files with 20 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
parser/parser_regex.c
View file

@ -843,6 +843,8 @@ int clear_and_convert_entry(std::string& buffer, char *entry)
int post_process_policydb_ents(Profile *prof)
{
for (RuleList::iterator i = prof->rule_ents.begin(); i != prof->rule_ents.end(); i++) {
if ((*i)->flags & RULE_FLAG_DELETED)
continue;
if ((*i)->gen_policy_re(*prof) == RULE_ERROR)
return FALSE;
}

2
parser/parser_variable.c
View file

@ -267,6 +267,8 @@ static int process_variables_in_entries(struct cod_entry *entry_list)
static int process_variables_in_rules(Profile &prof)
{
for (RuleList::iterator i = prof.rule_ents.begin(); i != prof.rule_ents.end(); i++) {
if ((*i)->flags & RULE_FLAG_DELETED)
continue;
int error = (*i)->expand_variables();
if (error)
return error;

5
parser/profile.cc
View file

@ -280,8 +280,11 @@ void post_process_file_entries(Profile *prof)
void post_process_rule_entries(Profile *prof)
{
for (RuleList::iterator i = prof->rule_ents.begin(); i != prof->rule_ents.end(); i++)
for (RuleList::iterator i = prof->rule_ents.begin(); i != prof->rule_ents.end(); i++) {
if ((*i)->flags & RULE_FLAG_DELETED)
continue;
(*i)->post_parse_profile(*prof);
}
}

12
parser/rule.h
View file

@ -38,11 +38,21 @@ class Profile;
#define RULE_TYPE_CLASS 3
typedef enum { RULE_FLAG_NONE = 0,
RULE_FLAG_DELETED = 1, // rule deleted - skip
RULE_FLAG_MERGED = 2, // rule merged with another rule
RULE_FLAG_EXPANDED = 4, // variable expanded
RULE_FLAG_SUB = 8, // rule expanded to subrule(s)
RULE_FLAG_IMPLIED = 16, // rule not specified in policy but
// added because it is implied
} rule_flags_t;
class rule_t {
public:
int rule_type;
rule_flags_t flags;
rule_t(int t): rule_type(t) { }
rule_t(int t): rule_type(t), flags(RULE_FLAG_NONE) { }
virtual ~rule_t() { };
bool is_type(int type) { return rule_type == type; }