parser: add support for a generic all rule type

Extend the policy syntax to have a rule that allows specifying all permissions for all rule types. allow all, This is useful for making blacklist based policy, but can also be useful when combined with other rule prefixes, eg. to add audit to all rules. audit access all, Signed-off-by: John Johansen <john.johansen@canonical.com>
2025-08-31 06:16:03 +00:00 · 2023-09-21 20:39:27 -07:00
parent a9c5388f69
commit 197d00d21a
22 changed files with 379 additions and 50 deletions
--- a/parser/rule.h
+++ b/parser/rule.h
@@ -35,8 +35,9 @@ class Profile;
 #define RULE_TYPE_RULE		0
 #define RULE_TYPE_PREFIX	1
 #define RULE_TYPE_PERMS		2
+#define RULE_TYPE_ALL		3
 // RULE_TYPE_CLASS needs to be last because various class follow it
-#define RULE_TYPE_CLASS		3
+#define RULE_TYPE_CLASS		4

 // rule_cast should only be used after a comparison of rule_type to ensure
 // that it is valid. Change to dynamic_cast for debugging
@@ -289,6 +290,10 @@ public:

 		return true;
 	}
+	virtual bool add_prefix(const prefixes &p) {
+		const char *err;
+		return add_prefix(p, err);
+	}

 	int cmp(prefixes const &rhs) const {
 		return prefixes::cmp(rhs);