mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 22:05:27 +00:00
Code Issues Releases Wiki Activity

parser: Check kernel stacking support when handling stacked transitions

Browse Source 
Check if the current kernel supports stacking. If not, ensure that named
transitions (exec, change_profile, etc.) do not attempt to stack their
targets.

Also, set up the change_profile vector according to whether or not the
kernel supports stacking. Earlier kernels expect the policy namespace to
be in its own NUL-terminated vector element rather than passing the
entire label (namespace and profile name) as a single string to the
kernel.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
This commit is contained in:
Tyler Hicks
2016-03-18 17:28:51 -05:00
parent 00fb4e94ab
commit 1a7663e89a
6 changed files with 59 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
parser/parser_misc.c
View File

@@ -661,8 +661,10 @@ bool label_contains_ns(const char *label)
return _parse_label(&stack, &ns, &ns_len, &name, &name_len, label) == 0 && ns;
}
void parse_label(bool *_stack, char **_ns, char **_name, const char *label)
bool parse_label(bool *_stack, char **_ns, char **_name,
const char *label, bool yyerr)
{
const char *err = NULL;
char *ns = NULL;
char *name = NULL;
size_t ns_len = 0;
@@ -671,19 +673,28 @@ void parse_label(bool *_stack, char **_ns, char **_name, const char *label)
res = _parse_label(_stack, &ns, &ns_len, &name, &name_len, label);
if (res == 1) {
yyerror(_("Namespace not terminated: %s\n"), label);
err = _("Namespace not terminated: %s\n");
} else if (res == 2) {
yyerror(_("Empty namespace: %s\n"), label);
err = _("Empty namespace: %s\n");
} else if (res == 3) {
yyerror(_("Empty named transition profile name: %s\n"), label);
err = _("Empty named transition profile name: %s\n");
} else if (res != 0) {
yyerror(_("Unknown error while parsing label: %s\n"), label);
err = _("Unknown error while parsing label: %s\n");
}
if (err) {
if (yyerr)
yyerror(err, label);
else
fprintf(stderr, err, label);
return false;
}
if (ns) {
*_ns = strndup(ns, ns_len);
if (!*_ns)
yyerror(_("Memory allocation error."));
goto alloc_fail;
} else {
*_ns = NULL;
}
@@ -691,8 +702,19 @@ void parse_label(bool *_stack, char **_ns, char **_name, const char *label)
*_name = strndup(name, name_len);
if (!*_name) {
free(*_ns);
yyerror(_("Memory allocation error."));
goto alloc_fail;
}
return true;
alloc_fail:
err = _("Memory allocation error.");
if (yyerr)
yyerror(err);
else
fprintf(stderr, "%s", err);
return false;
}
struct cod_entry *new_entry(char *id, int mode, char *link_id)