The use of xbits can not pass verification so we need to leave them
off this makes the profile a leaf profile.
Signed-off-by: John Johansen <john.johansen@canonical.com>
There are two distinct declarations of perms_t.
rule.h: typedef uint32_t perms_t
hfa.h: class perms_t
these definitions clash when the front end and backend share more info.
To avoid this rename rule.h to perm32_t, and move the definition into
perms.h and use it in struct aa_perms.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Add the ability to parse the prompt qualifier but do not provide
functionality because the backend does not currently support prompt
permissions.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Extend the policy syntax to have a rule that allows specifying all
permissions for all rule types.
allow all,
This is useful for making blacklist based policy, but can also be
useful when combined with other rule prefixes, eg. to add audit
to all rules.
audit access all,
Signed-off-by: John Johansen <john.johansen@canonical.com>
Instead of pushing the cmp logic for rule merging into each rule
class make it the default behavior for the perms_rule_t parent class.
Also save off the original perms for the merged rule.
For classes that don't want perms merging add an alternate
dedup_perms_rule_t clase.
Signed-off-by: John Johansen <john.johansen@canonical.com>
By changing the compare function from each rule to use class_rule_t,
instead of perms_rule_t, we temporarily ignore if permissions are
different. If every rule attribute is the same, then the permissions
can be merged. This is done at the perms_rule_t's level.
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
Currently only file rules get merged. Finish adding basic support
for rule merging and make the default the behavior to dedup
merge rules that are exact matches.
Signed-off-by: John Johansen <john.johansen@canonical.com>
In preparation for file rules and rule duplication removal add
flags to rule_t with the first flag indicating if the rule is
deleted.
We do this instead of actually deleting the rule so we can hold
on to the rule for debug and printing output in the future.
Signed-off-by: John Johansen <john.johansen@canonical.com>
in preparation for file rules switching to rule_t add a method to
indicate whether a particular rule is mergeable/dedupable.
Whether a rule merges or dedups will be up to the rules comparison
and merge methods.
Signed-off-by: John Johansen <john.johansen@canonical.com>
In preparation for rule comparison and elemination have each rule
carry a type that can be used as the base of comparison. The
rule class is folded into this type.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Instead of having each rule individually handle the class info
introduce a class_rule_t into the hierarchy and consolidate.
Signed-off-by: John Johansen <john.johansen@canonical.com>
The post_process() method is misnamed, it fires when the profile is
finished parsing but fires before variable expansion. Rename it
to better reflect what it does and move the trigger code into
profile as a start of cleaning this stage up.
Also document the order the hooks fire in
Signed-off-by: John Johansen <john.johansen@canonical.com>
Cleanup the parse code by making shared prefix and perms classes for
rules and convert rules to use them.
Signed-off-by: John Johansen <john.johansen@canonical.com>
The warn_once() function is duplicated in 6 different places. A common,
reusable version has been added to parser_common.c.
Signed-off-by: Mike Salvatore <mike.salvatore@canonical.com>
