mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update aliases so that they apply properly to profile names.

Browse source 
Instead of updating the profile name, allow a profile to have multiple
alternate names.  Aliases are now added as alternate names and matched
through the xmatch dfa.
This commit is contained in:
John Johansen 2010-02-12 13:49:58 -08:00
parent eafddd3cea
commit ee00b0cea2
3 changed files with 27 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
parser/parser.h
View file

@ -77,9 +77,15 @@ struct aa_rlimits {
rlim_t limits[RLIMIT_NLIMITS];
};
struct alt_name {
char *name;
struct alt_name *next;
};
struct codomain {
char *namespace;
char *name; /* codomain name */
struct alt_name *altnames;
void *xmatch;
size_t xmatch_size;
int xmatch_len;

10
parser/parser_alias.c
View file

@ -161,11 +161,17 @@ static void process_name(const void *nodep, VISIT value, int __unused level)
len = strlen((*t)->from);
if (cod->name && strncmp((*t)->from, cod->name, len) == 0) {
struct alt_name *alt;
char *new = do_alias(*t, cod->name);
if (!new)
return;
free(cod->name);
cod->name = new;
/* aliases create alternate names */
alt = calloc(1, sizeof(struct alt_name));
if (!alt)
return;
alt->name = new;
alt->next = cod->altnames;
cod->altnames = alt;
}
}

14
parser/parser_regex.c
View file

@ -509,7 +509,7 @@ static int process_profile_name_xmatch(struct codomain *cod)
if (ptype == ePatternInvalid) {
PERROR(_("%s: Invalid profile name '%s' - bad regular expression\n"), progname, name);
return FALSE;
} else if (ptype == ePatternBasic) {
} else if (ptype == ePatternBasic && !cod->altnames) {
/* no regex so do not set xmatch */
cod->xmatch = NULL;
cod->xmatch_len = 0;
@ -523,6 +523,18 @@ static int process_profile_name_xmatch(struct codomain *cod)
aare_delete_ruleset(rule);
return FALSE;
}
if (cod->altnames) {
struct alt_name *alt;
list_for_each(cod->altnames, alt) {
int len;
convert_aaregex_to_pcre(alt->name, 0, tbuf,
PATH_MAX + 3, &len);
if (!aare_add_rule(rule, tbuf, 0, AA_MAY_EXEC, 0)) {
aare_delete_ruleset(rule);
return FALSE;
}
}
}
cod->xmatch = aare_create_dfa(rule, &cod->xmatch_size,
dfaflags);
aare_delete_ruleset(rule);