mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-03 15:55:46 +00:00
Code Issues Releases Wiki Activity

parser: and prompt-compat control flag

Browse Source 
Allow contronling which prompt compat mode fallback is used.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2023-04-23 11:56:00 -07:00
parent 5c2bd20720
commit 1d0d1fd0c2
5 changed files with 87 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
parser/parser_interface.c
View File

@@ -549,14 +549,14 @@ void sd_serialize_profile(std::ostringstream &buf, Profile *profile,
// fprintf(stderr, "profile %s: policy xtable\n", profile->name);
// TODO: this is dummy exec make dependent on V1
sd_serialize_xtable(buf, profile->exec_table,
kernel_supports_permstable32_v1 ?
profile->uses_prompt_rules && prompt_compat_mode == PROMPT_COMPAT_PERMSV1 ?
profile->policy.perms_table.size() : 0);
}
sd_write_structend(buf);
}
/* either have a single dfa or lists of different entry types */
if (kernel_supports_permstable32_v1) {
if (profile->uses_prompt_rules && prompt_compat_mode == PROMPT_COMPAT_PERMSV1) {
/* special compat mode to work around verification problem */
sd_serialize_dfa(buf, profile->policy.dfa, profile->policy.size,
profile->policy.perms_table);