mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 05:47:59 +00:00
Code Issues Releases Wiki Activity

parser: switch backend to perm32_t for permission bits

Browse Source 
switch permission bits to use perm32_t type. This is just annotating
the code as it is no different than uint32_t at this time.

We do not convert the accept values as they may be mapped permission
bits or they may be and index value.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2023-08-04 01:49:10 -07:00
parent 4264338bed
commit 373c095b3e
5 changed files with 27 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
parser/libapparmor_re/aare_rules.cc
View File

@ -44,8 +44,8 @@ aare_rules::~aare_rules(void)
expr_map.clear(); expr_map.clear();
} }
bool aare_rules::add_rule(const char *rule, rule_mode_t mode, uint32_t perms, bool aare_rules::add_rule(const char *rule, rule_mode_t mode, perm32_t perms,
uint32_t audit, optflags const &opts) perm32_t audit, optflags const &opts)
{ {
return add_rule_vec(mode, perms, audit, 1, &rule, opts, false); return add_rule_vec(mode, perms, audit, 1, &rule, opts, false);
} }
@ -71,7 +71,7 @@ static Node *cat_with_oob_separator(Node *l, Node *r)
return new CatNode(new CatNode(l, new CharNode(transchar(-1, true))), r); return new CatNode(new CatNode(l, new CharNode(transchar(-1, true))), r);
} }
bool aare_rules::add_rule_vec(rule_mode_t mode, uint32_t perms, uint32_t audit, bool aare_rules::add_rule_vec(rule_mode_t mode, perm32_t perms, perm32_t audit,
int count, const char **rulev, optflags const &opts, int count, const char **rulev, optflags const &opts,
bool oob) bool oob)
{ {

6
parser/libapparmor_re/aare_rules.h
View File

@ -109,9 +109,9 @@ class aare_rules {
aare_rules(int reverse): root(NULL), unique_perms(), expr_map(), reverse(reverse), rule_count(0) { }; aare_rules(int reverse): root(NULL), unique_perms(), expr_map(), reverse(reverse), rule_count(0) { };
~aare_rules(); ~aare_rules();
bool add_rule(const char *rule, rule_mode_t mode, uint32_t perms, bool add_rule(const char *rule, rule_mode_t mode, perm32_t perms,
uint32_t audit, optflags const &opts); perm32_t audit, optflags const &opts);
bool add_rule_vec(rule_mode_t mode, uint32_t perms, uint32_t audit, bool add_rule_vec(rule_mode_t mode, perm32_t perms, perm32_t audit,
int count, const char **rulev, optflags const &opts, int count, const char **rulev, optflags const &opts,
bool oob); bool oob);
bool append_rule(const char *rule, bool oob, bool with_perm, optflags const &opts); bool append_rule(const char *rule, bool oob, bool with_perm, optflags const &opts);

15
parser/libapparmor_re/expr-tree.h
View File

@ -41,6 +41,7 @@
#include <stdint.h> #include <stdint.h>
#include "../perms.h"
#include "apparmor_re.h" #include "apparmor_re.h"
using namespace std; using namespace std;
@ -885,19 +886,19 @@ public:
class MatchFlag: public AcceptNode { class MatchFlag: public AcceptNode {
public: public:
MatchFlag(uint32_t flag, uint32_t audit): flag(flag), audit(audit) MatchFlag(perm32_t perms, perm32_t audit): perms(perms), audit(audit)
{ {
type_flags |= NODE_TYPE_MATCHFLAG; type_flags |= NODE_TYPE_MATCHFLAG;
} }
ostream &dump(ostream &os) { return os << "< 0x" << hex << flag << '>'; } ostream &dump(ostream &os) { return os << "< 0x" << hex << perms << '>'; }
uint32_t flag; perm32_t perms;
uint32_t audit; perm32_t audit;
}; };
class ExactMatchFlag: public MatchFlag { class ExactMatchFlag: public MatchFlag {
public: public:
ExactMatchFlag(uint32_t flag, uint32_t audit): MatchFlag(flag, audit) ExactMatchFlag(perm32_t perms, perm32_t audit): MatchFlag(perms, audit)
{ {
type_flags |= NODE_TYPE_EXACTMATCHFLAG; type_flags |= NODE_TYPE_EXACTMATCHFLAG;
} }
@ -905,7 +906,7 @@ public:
class DenyMatchFlag: public MatchFlag { class DenyMatchFlag: public MatchFlag {
public: public:
DenyMatchFlag(uint32_t flag, uint32_t quiet): MatchFlag(flag, quiet) DenyMatchFlag(perm32_t perms, perm32_t quiet): MatchFlag(perms, quiet)
{ {
type_flags |= NODE_TYPE_DENYMATCHFLAG; type_flags |= NODE_TYPE_DENYMATCHFLAG;
} }
@ -913,7 +914,7 @@ public:
class PromptMatchFlag: public MatchFlag { class PromptMatchFlag: public MatchFlag {
public: public:
PromptMatchFlag(uint32_t prompt, uint32_t audit): MatchFlag(prompt, audit) {} PromptMatchFlag(perm32_t prompt, perm32_t audit): MatchFlag(prompt, audit) {}
}; };

20
parser/libapparmor_re/hfa.cc
View File

@ -1376,7 +1376,7 @@ map<ImportantNode *, AcceptNodes> dominance(DFA & dfa)
} }
#endif #endif
static inline int diff_qualifiers(uint32_t perm1, uint32_t perm2) static inline int diff_qualifiers(perm32_t perm1, perm32_t perm2)
{ {
return ((perm1 & AA_EXEC_TYPE) && (perm2 & AA_EXEC_TYPE) && return ((perm1 & AA_EXEC_TYPE) && (perm2 & AA_EXEC_TYPE) &&
(perm1 & AA_EXEC_TYPE) != (perm2 & AA_EXEC_TYPE)); (perm1 & AA_EXEC_TYPE) != (perm2 & AA_EXEC_TYPE));
@ -1390,9 +1390,9 @@ static inline int diff_qualifiers(uint32_t perm1, uint32_t perm2)
int accept_perms(NodeVec *state, perms_t &perms, bool filedfa) int accept_perms(NodeVec *state, perms_t &perms, bool filedfa)
{ {
int error = 0; int error = 0;
uint32_t exact_match_allow = 0; perm32_t exact_match_allow = 0;
uint32_t exact_match_prompt = 0; perm32_t exact_match_prompt = 0;
uint32_t exact_audit = 0; perm32_t exact_audit = 0;
perms.clear(); perms.clear();
@ -1407,20 +1407,20 @@ int accept_perms(NodeVec *state, perms_t &perms, bool filedfa)
if (match->is_type(NODE_TYPE_EXACTMATCHFLAG)) { if (match->is_type(NODE_TYPE_EXACTMATCHFLAG)) {
/* exact match only ever happens with x */ /* exact match only ever happens with x */
if (filedfa && !is_merged_x_consistent(exact_match_allow, if (filedfa && !is_merged_x_consistent(exact_match_allow,
match->flag)) match->perms))
error = 1;; error = 1;;
exact_match_allow |= match->flag; exact_match_allow |= match->perms;
exact_audit |= match->audit; exact_audit |= match->audit;
} else if (match->is_type(NODE_TYPE_DENYMATCHFLAG)) { } else if (match->is_type(NODE_TYPE_DENYMATCHFLAG)) {
perms.deny |= match->flag; perms.deny |= match->perms;
perms.quiet |= match->audit; perms.quiet |= match->audit;
} else if (dynamic_cast<PromptMatchFlag *>(match)) { } else if (dynamic_cast<PromptMatchFlag *>(match)) {
perms.prompt |= match->flag; perms.prompt |= match->perms;
perms.audit |= match->audit; perms.audit |= match->audit;
} else { } else {
if (filedfa && !is_merged_x_consistent(perms.allow, match->flag)) if (filedfa && !is_merged_x_consistent(perms.allow, match->perms))
error = 1; error = 1;
perms.allow |= match->flag; perms.allow |= match->perms;
perms.audit |= match->audit; perms.audit |= match->audit;
} }
} }

6
parser/libapparmor_re/hfa.h
View File

@ -142,7 +142,7 @@ public:
return quiet < rhs.quiet; return quiet < rhs.quiet;
} }
uint32_t allow, deny, prompt, audit, quiet, exact; perm32_t allow, deny, prompt, audit, quiet, exact;
}; };
int accept_perms(NodeVec *state, perms_t &perms, bool filedfa); int accept_perms(NodeVec *state, perms_t &perms, bool filedfa);
@ -260,8 +260,8 @@ public:
void flatten_relative(State *, int upper_bound); void flatten_relative(State *, int upper_bound);
int apply_and_clear_deny(void) { return perms.apply_and_clear_deny(); } int apply_and_clear_deny(void) { return perms.apply_and_clear_deny(); }
void map_perms_to_accept(uint32_t &accept1, uint32_t &accept2, void map_perms_to_accept(perm32_t &accept1, perm32_t &accept2,
uint32_t &accept3, bool prompt) perm32_t &accept3, bool prompt)
{ {
accept1 = perms.allow; accept1 = perms.allow;
if (prompt && prompt_compat_mode == PROMPT_COMPAT_DEV) if (prompt && prompt_compat_mode == PROMPT_COMPAT_DEV)