mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-05 08:45:22 +00:00
Code Issues Releases Wiki Activity

parser: maintain compatibility for fine grained inet network mediation

Browse Source 
A simple rule without conditionals need to be generated for when the
kernel does not support fine grained inet network mediation.

Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
This commit is contained in:
Georgia Garcia
2024-02-29 17:30:38 -03:00
parent dd0d145a19
commit 119e3f38f9
4 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
parser/network.cc
View File

@@ -612,6 +612,15 @@ bool network_rule::gen_net_rule(Profile &prof, u16 family, unsigned int type_mas
buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << (type_mask & 0xff);
}
if (!features_supports_inet) {
buf = buffer.str();
if (!prof.policy.rules->add_rule(buf.c_str(), rule_mode == RULE_DENY, map_perms(AA_VALID_NET_PERMS),
dedup_perms_rule_t::audit == AUDIT_FORCE ? map_perms(AA_VALID_NET_PERMS) : 0,
parseopts))
return false;
return true;
}
if (perms & AA_PEER_NET_PERMS) {
gen_ip_conds(buffer, peer, true, false);