parser: add basic support for feature abis

Add basic support for policy to specify a feature abi. Under the current implementation the first feature abi specified will be used as the policy abi for the entire profile. If no feature abi is defined before rules are processed then the default policy abi will be used. If multiple feature abi rules are encountered and the specified abi is different then a warning will be issued, and the initial abi will continue to be used. The ability to support multiple policy feature abis during a compile will be added in a future patch. MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/491 Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <sbeattie@ubuntu.com>
2025-08-31 06:16:03 +00:00 · 2020-04-24 17:43:47 -07:00
parent a29e232831
commit 162da1ba48
37 changed files with 704 additions and 103 deletions
--- a/parser/parser.h
+++ b/parser/parser.h
@@ -295,6 +295,9 @@ extern uint32_t policy_version;
 extern uint32_t parser_abi_version;
 extern uint32_t kernel_abi_version;

+extern aa_features *policy_features;
+extern aa_features *kernel_features;
+
 extern int force_complain;
 extern int perms_create;
 extern int net_af_max_override;
@@ -474,4 +477,13 @@ void dump_policy(void);

 void free_policies(void);

+/* parser_main.c */
+extern void set_supported_features();
+
+/* default_features.c */
+extern const char *match_n_abi;
+extern const char *match_c_abi;
+extern const char *match_cn_abi;
+extern const char *default_features_abi;
+
 #endif /** __AA_PARSER_H */