parser: and prompt-compat control flag

Allow contronling which prompt compat mode fallback is used. Signed-off-by: John Johansen <john.johansen@canonical.com>
2025-08-31 06:16:03 +00:00 · 2023-04-23 11:56:00 -07:00
parent 5c2bd20720
commit 1d0d1fd0c2
5 changed files with 87 additions and 9 deletions
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -137,6 +137,8 @@ static const char *config_file = "/etc/apparmor/parser.conf";
 #define EARLY_ARG_CONFIG_FILE		142
 #define ARG_WERROR			143
 #define ARG_ESTIMATED_COMPILE_SIZE	144
+#define ARG_PROMPT_COMPAT		145
+#define ARG_PRINT_PROMPT_COMPAT		146

 /* Make sure to update BOTH the short and long_options */
 static const char *short_options = "ad::f:h::rRVvI:b:BCD:NSm:M:qQn:XKTWkL:O:po:j:";
@@ -192,6 +194,8 @@ struct option long_options[] = {
 	{"override-policy-abi",	1, 0, ARG_OVERRIDE_POLICY_ABI},	/* no short option */
 	{"config-file",		1, 0, EARLY_ARG_CONFIG_FILE},	/* early option, no short option */
 	{"estimated-compile-size", 1, 0, ARG_ESTIMATED_COMPILE_SIZE}, /* no short option, not in help */
+	{"prompt-compat",	1, 0, ARG_PROMPT_COMPAT},	/* no short option */
+	{"print-prompt-compat",	1, 0, ARG_PRINT_PROMPT_COMPAT},	/* no short option */

 	{NULL, 0, 0, 0},
 };
@@ -789,6 +793,26 @@ static int process_arg(int c, char *optarg)
 			estimated_job_size = tmp * mult;
 		}
 		break;
+	case ARG_PROMPT_COMPAT:
+		if (strcmp(optarg, "permsv2") == 0) {
+			prompt_compat_mode = PROMPT_COMPAT_PERMSV1;
+		} else if (strcmp(optarg, "permsv1") == 0) {
+			prompt_compat_mode = PROMPT_COMPAT_PERMSV1;
+		} else if (strcmp(optarg, "default") == 0) {
+			prompt_compat_mode = default_prompt_compat_mode();
+		} else if (strcmp(optarg, "ignore") == 0) {
+			prompt_compat_mode = PROMPT_COMPAT_IGNORE;
+		} else {
+			PERROR("%s: Invalid --prompt-compat option '%s'\n",
+			       progname, optarg);
+			exit(1);
+		}
+		break;
+	case ARG_PRINT_PROMPT_COMPAT:
+		fprintf(stderr, "Prompt compat mode: ");
+		print_prompt_compat_mode(stderr);
+		fprintf(stderr, "\n");
+		break;
 	default:
 		/* 'unrecognized option' error message gets printed by getopt_long() */
 		exit(1);
@@ -1552,6 +1576,9 @@ static bool get_kernel_features(struct aa_features **features)
 	if (kernel_supports_permstable32_v1) {
 		fprintf(stderr, "kernel supports prompt\n");
 	}
+
+	/* set default prompt_compat_mode to the best that is supported */
+	prompt_compat_mode = default_prompt_compat_mode();
 	if (!kernel_supports_diff_encode)
 		/* clear diff_encode because it is not supported */
 		parseopts.control &= ~CONTROL_DFA_DIFF_ENCODE;