mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 00:14:44 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/parser
History
John Johansen 50452e1147 parser: add a hfa dump that matches the renumbered chfa 
Construction of the chfa can reorder states from what the numbering
given during the hfa constuctions because of reordering for better
compression, dead state removal to ensure better packing etc.

This however means the dfa dump is difficult (it is possible using
multiple dumpes) to match up to the chfa that the kernel is
using. Make this easier by making the dfa dump be able to take the
emapping as input, and provide an option to dump the chfa equivalent
hfa.

Renumbered states will show up as {new <== {orig}} in the dump

Eg.
--D dfa-states
{1} <== priority (allow/deny/prompt/audit/quiet)
{5} 0 (0x 4/0//0/0/0)

{1} perms: none
    0x2 -> {5}  0 (0x 4/0//0/0/0)
    0x4 -> {5}  0 (0x 4/0//0/0/0)
    \a 0x7 -> {5}  0 (0x 4/0//0/0/0)
    \t 0x9 -> {5}  0 (0x 4/0//0/0/0)
    \n 0xa -> {5}  0 (0x 4/0//0/0/0)
    \  0x20 -> {5}  0 (0x 4/0//0/0/0)
    4 0x34 -> {3}
{3} perms: none
    0x0 -> {6}
{6} perms: none
    1 0x31 -> {5}  0 (0x 4/0//0/0/0)

-D dfa-compressed-states
{1} <== priority (allow/deny/prompt/audit/quiet)
{2 == {5}} 0 (0x 4/0//0/0/0)

{1} perms: none
    0x2 -> {2 == {5}}  0 (0x 4/0//0/0/0)
    0x4 -> {2 == {5}}  0 (0x 4/0//0/0/0)
    \a 0x7 -> {2 == {5}}  0 (0x 4/0//0/0/0)
    \t 0x9 -> {2 == {5}}  0 (0x 4/0//0/0/0)
    \n 0xa -> {2 == {5}}  0 (0x 4/0//0/0/0)
    \  0x20 -> {2 == {5}}  0 (0x 4/0//0/0/0)
    4 0x34 -> {3}
{3} perms: none
    0x0 -> {4 == {6}}
{4 == {6}} perms: none
    1 0x31 -> {2 == {5}}  0 (0x 4/0//0/0/0)

Signed-off-by: John Johansen <john.johansen@canonical.com>
2025-01-03 14:18:50 -08:00
..
libapparmor_re parser: add a hfa dump that matches the renumbered chfa 2025-01-03 14:18:50 -08:00
po parser: update translations pot file to current code 2024-09-03 03:39:16 -07:00
tst parser: equality tests: convert to using sha256sum for the hashes 2024-12-23 23:36:55 -08:00
aa-teardown aa-teardown: Replace /bin/bash with /bin/sh 2018-05-05 17:46:19 -07:00
aa-teardown.pod docs: update documentation to point bug reporting to gitlab 2020-05-05 00:10:53 -07:00
af_rule.cc parser: consolidate rule class handling into aa_class 2023-03-31 02:21:19 -07:00
af_rule.h parser: rework perms rule merging 2023-07-10 20:04:53 -07:00
af_unix.cc parser: add the ability to specify a priority prefix to rules 2024-08-14 17:15:24 -07:00
af_unix.h parser: add the ability to specify a priority prefix to rules 2024-08-14 17:15:24 -07:00
all_rule.cc parser: make ix of file, rule have lower priority so it can be overridden 2024-08-14 18:21:26 -07:00
all_rule.h parser: add the ability to specify a priority prefix to rules 2024-08-14 17:15:24 -07:00
apparmor.d.pod parser: add port range support on network policy 2024-09-05 17:01:46 -03:00
apparmor.pod Replace 'scrub the environment' wording in man pages with something more accurate 2024-08-28 11:22:08 -07:00
apparmor.service Add Documentation=... to apparmor.service 2023-10-29 10:49:33 +01:00
apparmor.systemd apparmor.systemd: fix shellcheck false positive 2024-04-30 18:30:01 -03:00
apparmor_parser.pod fix typo: aggressive 2024-03-29 10:52:25 +01:00
apparmor_xattrs.pod apparmor_xattrs.7: fix whatis entry 2020-10-25 11:54:47 +00:00
base_af_names.h Add 'mctp' network domain keyword 2022-02-08 19:09:24 +01:00
base_cap_names.h parser: Add support for CAP_CHECKPOINT_RESTORE 2020-10-13 21:30:19 -07:00
bignum.h parser: fix coverity issues found in snapshot 70858 2024-02-28 10:24:08 -03:00
capability.h Make capabilities tracker into a class 2024-11-08 14:55:43 -08:00
common_flags.h parser: Cleanup parser control flags, so they display as expected to user 2023-07-08 19:58:59 -07:00
common_optarg.c parser: add a hfa dump that matches the renumbered chfa 2025-01-03 14:18:50 -08:00
common_optarg.h parser: Cleanup parser control flags, so they display as expected to user 2023-07-08 19:58:59 -07:00
cond_expr.cc parser: refactor conditional logic into its own class 2024-08-14 17:22:48 -03:00
cond_expr.h parser: refactor conditional logic into its own class 2024-08-14 17:22:48 -03:00
COPYING.GPL rpmlint complains about an outdated FSF address in parser/COPYING.GPL. 2011-11-27 13:52:06 +01:00
dbus.cc parser: minimization - remove unnecessary second minimization pass 2024-08-14 17:15:24 -07:00
dbus.h convert owner to an enum 2024-08-14 15:47:13 -07:00
default_features.c parser: Move to a pre-generated cap_names.h 2020-07-07 09:43:48 -07:00
file_cache.h Fix comment wording in file_cache.h 2021-05-02 11:29:41 +02:00
frob_slack_rc as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00
immunix.h parser: fix integer overflow bug in rule priority comparisons 2024-10-28 04:03:53 -07:00
io_uring.cc parser: fix rule priority destroying rule permissions for some classes 2024-08-15 03:51:20 -07:00
io_uring.h parser: rename rules.h perms_t to perm32_t 2024-08-14 14:39:18 -07:00
lib.c Fix comment typo in parser/lib.c 2021-12-05 18:16:53 +01:00
lib.h libapparmor: Use directory file descriptor in _aa_dirat_for_each() 2015-06-15 15:11:51 -05:00
Makefile parser: quote BISON_MAJOR in case it is empty 2024-11-25 13:54:25 +01:00
mount.cc Add separator between mount flags in dump_flags 2024-12-17 11:50:35 -08:00
mount.h Allow make-* flags with remount operations 2024-12-17 11:59:54 -08:00
mqueue.cc parser: minimization - remove unnecessary second minimization pass 2024-08-14 17:15:24 -07:00
mqueue.h parser: rename rules.h perms_t to perm32_t 2024-08-14 14:39:18 -07:00
network.cc parser: fix mapping of AA_CONT_MATCH for policydb compat entries 2024-11-06 12:33:36 -08:00
network.h parser: add port range support on network policy 2024-09-05 17:01:46 -03:00
parser.conf Revert "policy: pin policy to 4.0 abi for dev" 2023-07-19 17:37:24 -03:00
parser.h Merge Small fixset 2 for parser code nits 2024-11-15 00:31:57 +00:00
parser_alias.c Clarify duplicate insertion logic in parser_alias.c:process_entries 2024-11-13 14:34:55 -08:00
parser_common.c parser: fix minimization check for filtering_deny 2024-10-25 01:14:18 -07:00
parser_include.c Make parser_include push_include_stack take const char because it doesn't actually modify it 2024-10-28 12:35:26 +01:00
parser_include.h Make parser_include push_include_stack take const char because it doesn't actually modify it 2024-10-28 12:35:26 +01:00
parser_interface.c Fix compiler warnings about format specifiers with DEBUG set 2024-10-16 12:26:54 -07:00
parser_lex.l parser: add the ability to specify a priority prefix to rules 2024-08-14 17:15:24 -07:00
parser_main.c Make capabilities tracker into a class 2024-11-08 14:55:43 -08:00
parser_merge.c parser: fix priority for file rules. 2024-12-22 15:02:04 -08:00
parser_misc.c parser: fix priority for file rules. 2024-12-22 15:02:04 -08:00
parser_policy.c parser: don't set xbits when using permstable32_v1 2024-08-14 15:47:13 -07:00
parser_regex.c Merge Small fixset 1 for parser code nits 2024-10-29 12:33:02 +00:00
parser_symtab.c treewide: spelling/typo fixes in code strings 2020-12-01 12:47:18 -08:00
parser_variable.c Replace BOOL,TRUE,FALSE macros with actual C++ boolean type 2024-10-28 12:35:57 +01:00
parser_yacc.y parser: fix integer overflow bug in rule priority comparisons 2024-10-28 04:03:53 -07:00
perms.h Merge parser: improve libapparmor_re build and dump info 2024-11-15 00:32:30 +00:00
policy_cache.c Fix wording of some warnings 2020-10-11 12:22:23 +02:00
policy_cache.h drop unused extern int debug_cache 2021-02-07 16:02:20 +01:00
policydb.h parser: consolidate rule class handling into aa_class 2023-03-31 02:21:19 -07:00
profile-load profile-load: use less ambiguous if/then construct 2022-02-15 07:34:17 +00:00
profile.cc Replace BOOL,TRUE,FALSE macros with actual C++ boolean type 2024-10-28 12:35:57 +01:00
profile.h Replace BOOL,TRUE,FALSE macros with actual C++ boolean type 2024-10-28 12:35:57 +01:00
ptrace.cc parser: minimization - remove unnecessary second minimization pass 2024-08-14 17:15:24 -07:00
ptrace.h convert owner to an enum 2024-08-14 15:47:13 -07:00
rc.apparmor.functions aa-teardown: print out which profile removal failed 2024-06-08 23:35:02 +02:00
rc.apparmor.slackware added missing functions to slackware init script 2019-11-08 13:49:48 +01:00
README README: Move project contact info into the main README 2018-09-13 16:54:09 +00:00
README.devel parser: add some developer documentation 2013-12-10 14:15:02 -08:00
rule.cc parser: consolidate rule class handling into aa_class 2023-03-31 02:21:19 -07:00
rule.h parser: add the ability to specify a priority prefix to rules 2024-08-14 17:15:24 -07:00
signal.cc Make signal.cc:signal_map an unordered_map 2024-11-18 15:25:56 -08:00
signal.h convert owner to an enum 2024-08-14 15:47:13 -07:00
techdoc.tex treewide: spelling/typo fixes in comments and docs 2020-12-01 12:47:11 -08:00
unit_test.h Convert codomain to a class 2013-09-27 16:16:37 -07:00
userns.cc parser: fix rule priority destroying rule permissions for some classes 2024-08-15 03:51:20 -07:00
userns.h parser: rename rules.h perms_t to perm32_t 2024-08-14 14:39:18 -07:00

README 

The apparmor_parser allows you to add, replace, and remove AppArmor
policy through the use of command line options. The default is to add.
`apparmor_parser --help` shows what the command line options are.

You can also find more information at https://wiki.apparmor.net

-- The AppArmor development team