mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

add hat flag and add it automatically for embedded hats

Browse source 
remove hat rules
This commit is contained in:
John Johansen 2008-06-09 11:48:13 +00:00
parent 8420935617
commit d8df8830f1
3 changed files with 3 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
parser/parser.h
View file

@ -26,7 +26,7 @@
typedef enum pattern_t pattern_t; typedef enum pattern_t pattern_t;
struct flagval { struct flagval {
int debug; int hat;
int complain; int complain;
int audit; int audit;
}; };

2
parser/parser_interface.c
View file

@ -632,7 +632,7 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile,
if (!sd_write_struct(p, "flags")) if (!sd_write_struct(p, "flags"))
return 0; return 0;
/* used to be flags.debug, but that's no longer supported */ /* used to be flags.debug, but that's no longer supported */
if (!sd_write32(p, 0)) if (!sd_write32(p, profile->flags.hat))
return 0; return 0;
if (!sd_write32(p, profile->flags.complain)) if (!sd_write32(p, profile->flags.complain))
return 0; return 0;

23
parser/parser_yacc.y
View file

@ -178,7 +178,6 @@ struct codomain *do_local_profile(struct codomain *cod, char *name, int mode, in
%type <cap> capability %type <cap> capability
%type <cap> set_caps %type <cap> set_caps
%type <user_entry> change_profile %type <user_entry> change_profile
%type <user_entry> change_hat
%type <set_var> TOK_SET_VAR %type <set_var> TOK_SET_VAR
%type <bool_var> TOK_BOOL_VAR %type <bool_var> TOK_BOOL_VAR
%type <var_val> TOK_VALUE %type <var_val> TOK_VALUE
@ -593,15 +592,6 @@ rules: rules change_profile
add_entry_to_policy($1, $2); add_entry_to_policy($1, $2);
$$ = $1; $$ = $1;
}; };
rules: rules change_hat
{
PDEBUG("matched: rules change_hat\n");
PDEBUG("rules change_hat: (%s)\n", $2->name);
if (!$2)
yyerror(_("Assert: `change_hat' returned NULL."));
add_entry_to_policy($1, $2);
$$ = $1;
};
rules: rules opt_audit_flag TOK_DENY capability rules: rules opt_audit_flag TOK_DENY capability
{ {
@ -895,18 +885,6 @@ rule: TOK_PTRACE TOK_COLON TOK_ID TOK_COLON TOK_ID TOK_END_OF_RULE
$$ = entry; $$ = entry;
}; };
change_hat: hat_start TOK_ID TOK_END_OF_RULE
{
/* allow change_hat to external hats */
struct cod_entry *entry;
PDEBUG("Matched change_hat: tok_id (%s)\n", $2);
entry = new_entry(NULL, $2, AA_CHANGE_HAT, NULL);
if (!entry)
yyerror(_("Memory allocation error."));
PDEBUG("change_hat.entry: (%s)\n", entry->name);
$$ = entry;
};
hat: hat_start TOK_ID flags TOK_OPEN rules TOK_CLOSE hat: hat_start TOK_ID flags TOK_OPEN rules TOK_CLOSE
{ {
struct codomain *cod = $5; struct codomain *cod = $5;
@ -916,6 +894,7 @@ hat: hat_start TOK_ID flags TOK_OPEN rules TOK_CLOSE
} }
cod->name = $2; cod->name = $2;
cod->flags = $3; cod->flags = $3;
cod->flags.hat = 1;
if (force_complain) if (force_complain)
cod->flags = force_complain_flags; cod->flags = force_complain_flags;
PDEBUG("^%s: flags='%s%s'\n", PDEBUG("^%s: flags='%s%s'\n",