basic change_profile support

parser/immunix.h

@@ -39,6 +39,8 @@
 					 AA_EXEC_UNCONSTRAINED | \
 					 AA_EXEC_PROFILE)
 
+#define AA_CHANGE_PROFILE		(1 << 31)
+
 /* Network subdomain extensions.  */
 #define AA_TCP_CONNECT			(1 << 16)
 #define AA_TCP_ACCEPT			(1 << 17)

parser/parser.h

@@ -186,7 +186,7 @@ extern char *processunquoted(char *string, int len);
 extern int get_keyword_token(const char *keyword);
 extern char *process_var(const char *var);
 extern int parse_mode(const char *mode);
-extern struct cod_entry *new_entry(char *id, char *mode);
+extern struct cod_entry *new_entry(char *id, int mode);
 extern struct cod_net_entry *new_network_entry(int action,
 					       struct ipv4_endpoints *addrs,
 					       char *interface);

parser/parser_misc.c

@@ -100,6 +100,7 @@ static struct keyword_table keyword_table[] = {
 	{"else",		TOK_ELSE},
 	{"not",			TOK_NOT},
 	{"defined",		TOK_DEFINED},
+	{"change_profile",	TOK_CHANGE_PROFILE},
 	/* terminate */
 	{NULL, 0}
 };
@@ -287,6 +288,9 @@ int parse_mode(const char *str_mode)
 
 	PDEBUG("Parsing mode: %s\n", str_mode);
 
+	if (!str_mode)
+		return 0;
+
 	p = str_mode;
 	while (*p) {
 		char this = *p;
@@ -463,7 +467,7 @@ struct cod_net_entry *new_network_entry(int action,
 	return entry;
 }
 
-struct cod_entry *new_entry(char *id, char *mode)
+struct cod_entry *new_entry(char *id, int mode)
 {
 	struct cod_entry *entry = NULL;
 
@@ -472,7 +476,7 @@ struct cod_entry *new_entry(char *id, char *mode)
 		return NULL;
 
 	entry->name = id ? id : NULL;
-	entry->mode = mode ? parse_mode(mode) : 0;
+	entry->mode = mode;
 	entry->deny = FALSE;
 
 	entry->pattern_type = ePatternInvalid;

parser/parser_yacc.y

@@ -85,6 +85,7 @@ void free_value_list(struct value_list *list);
 %token TOK_ELSE
 %token TOK_NOT
 %token TOK_DEFINED
+%token TOK_CHANGE_PROFILE
 
 /* network tokens */
 %token TOK_IP
@@ -200,6 +201,7 @@ void free_value_list(struct value_list *list);
 %type <flags>	flagval
 %type <cap>	cap
 %type <cap>	capability
+%type <user_entry> change_profile
 %type <set_var> TOK_SET_VAR
 %type <bool_var> TOK_BOOL_VAR
 %type <var_val>	TOK_VALUE
@@ -417,6 +419,17 @@ rules: rules netrule
 		$$ = $1;
 	};
 
+rules:	rules change_profile
+	{
+		PDEBUG("matched: rules change_profile\n");
+		PDEBUG("rules change_profile: (%s)\n", $2->name);
+		if (!$2)
+			yyerror(_("Assert: `change_profile' returned NULL."));
+  fprintf(stderr, "Hello adding change_profile\n");
+		add_entry_to_policy($1, $2);
+		$$ = $1;
+	};
+
 rules:	rules capability
 	{
 		$1->capabilities = $1->capabilities | CAP_TO_MASK($2);
@@ -522,7 +535,7 @@ rule:	TOK_ID TOK_MODE TOK_END_OF_RULE
 	{
 		struct cod_entry *entry;
 		PDEBUG("Matched: tok_id (%s) tok_mode (%s)\n", $1, $2);
-		entry = new_entry($1, $2);
+		entry = new_entry($1, parse_mode($2));
 		if (!entry)
 			yyerror(_("Memory allocation error."));
 		PDEBUG("rule.entry: (%s)\n", entry->name);
@@ -534,7 +547,7 @@ rule:	TOK_SET_VAR TOK_MODE TOK_END_OF_RULE
 	{
 		struct cod_entry *entry;
 		PDEBUG("Matched: tok_id (%s) tok_mode (%s)\n", $1, $2);
-		entry = new_entry($1, $2);
+		entry = new_entry($1, parse_mode($2));
 		if (!entry)
 			yyerror(_("Memory allocation error."));
 		PDEBUG("rule.entry: (%s)\n", entry->name);
@@ -830,6 +843,19 @@ ports:		TOK_COLON TOK_NUM TOK_RANGE TOK_NUM
 		$$ = ports;
 	};
 
+change_profile:	TOK_CHANGE_PROFILE TOK_ID TOK_END_OF_RULE
+	{
+		struct cod_entry *entry;
+		PDEBUG("Matched change_profile: tok_id (%s)\n", $2);
+		fprintf(stderr, "change_profile\n");
+		entry = new_entry($2, AA_CHANGE_PROFILE);
+		if (!entry)
+			yyerror(_("Memory allocation error."));
+		PDEBUG("change_profile.entry: (%s)\n", entry->name);
+		$$ = entry;
+		fprintf(stderr, "change_prifle got entry\n");
+	};
+
 capability:	TOK_CAPABILITY cap TOK_END_OF_RULE
 	{
 		$$ = $2;