parser: add non-functional prompt parsing

Add the ability to parse the prompt qualifier but do not provide functionality because the backend does not currently support prompt permissions. Signed-off-by: John Johansen <john.johansen@canonical.com>
2025-03-04 08:24:42 +01:00 · 2020-06-18 04:06:42 -07:00 · 2020-06-18 04:06:42 -07:00 · c86f8f06dd
commit c86f8f06dd
parent db66b36064
3 changed files with 23 additions and 3 deletions
--- a/parser/parser_misc.c
+++ b/parser/parser_misc.c
@ -97,6 +97,7 @@ static struct keyword_table keyword_table[] = {
 	{"audit",		TOK_AUDIT},
 	{"deny",		TOK_DENY},
 	{"allow",		TOK_ALLOW},
+	{"prompt",		TOK_PROMPT},
 	{"set",			TOK_SET},
 	{"rlimit",		TOK_RLIMIT},
 	{"alias",		TOK_ALIAS},
--- a/parser/parser_yacc.y
+++ b/parser/parser_yacc.y
@ -115,6 +115,7 @@ static void abi_features(char *filename, bool search);
 %token TOK_AUDIT
 %token TOK_DENY
 %token TOK_ALLOW
+%token TOK_PROMPT
 %token TOK_PROFILE
 %token TOK_SET
 %token TOK_ALIAS
@ -632,6 +633,7 @@ opt_owner_flag: { /* nothing */ $$ = 0; }
 opt_rule_mode: { /* nothing */ $$ = RULE_UNSPECIFIED; }
 	| TOK_ALLOW { $$ = RULE_ALLOW; }
 	| TOK_DENY { $$ = RULE_DENY; }
+	| TOK_PROMPT { $$ = RULE_PROMPT; }

 opt_prefix: opt_audit_flag opt_rule_mode opt_owner_flag
 	{
@ -674,8 +676,11 @@ rules: rules opt_prefix block
 	{
 		struct cod_entry *entry, *tmp;

-		PDEBUG("matched: %s%s%sblock\n", $2.audit == AUDIT_FORCE ? "audit " : "",
-		       $2.rule_mode == RULE_DENY ? "deny " : "", $2.owner ? "owner " : "");
+		PDEBUG("matched: %s%s%sblock\n",
+		       $2.audit == AUDIT_FORCE ? "audit " : "",
+		       $2.rule_mode == RULE_DENY ? "deny " : "",
+		       $2.rule_mode == RULE_PROMPT ? "prompt " : "",
+		       $2.owner ? "owner " : "");
 		list_for_each_safe($3->entries, entry, tmp) {
 			const char *error;
 			entry->next = NULL;
--- a/parser/rule.h
+++ b/parser/rule.h
@ -153,7 +153,7 @@ typedef std::list<rule_t *> RuleList;
 /* Not classes so they can be used in the bison front end */
 typedef uint32_t perms_t;
 typedef enum { AUDIT_UNSPECIFIED, AUDIT_FORCE, AUDIT_QUIET } audit_t;
-typedef enum { RULE_UNSPECIFIED, RULE_ALLOW, RULE_DENY } rule_mode_t;
+typedef enum { RULE_UNSPECIFIED, RULE_ALLOW, RULE_DENY, RULE_PROMPT } rule_mode_t;

 /* NOTE: we can not have a constructor for class prefixes. This is
 * because it will break bison, and we would need to transition to
@ -183,6 +183,13 @@ public:
 		}

 		switch (rule_mode) {
+		case RULE_ALLOW:
+			if (output)
+				os << " ";
+
+			os << "allow";
+			output = true;
+			break;
 		case RULE_DENY:
 			if (output)
 				os << " ";
@ -190,6 +197,13 @@ public:
 			os << "deny";
 			output = true;
 			break;
+		case RULE_PROMPT:
+			if (output)
+				os << " ";
+
+			os << "prompt";
+			output = true;
+			break;
 		default:
 			break;
 		}