mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-28 12:58:07 +00:00
Code Issues Releases Wiki Activity

parser: Add a set of debug flags that can be passed to the kernel

Browse Source 
The kernel will allow for a couple of debug flags on a profile that
can be used to trigger debug messages for only profiles/labels that
have the flag set. Add basic support for these to the parser.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2022-03-26 16:29:37 -07:00 committed by Georgia Garcia
parent 673e8f9d36
commit 3cc73ffe8d
4 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
parser/parser_interface.c
View File

@ -420,7 +420,7 @@ void sd_serialize_profile(std::ostringstream &buf, Profile *profile,
sd_write_struct(buf, "flags"); sd_write_struct(buf, "flags");
/* used to be flags.debug, but that's no longer supported */ /* used to be flags.debug, but that's no longer supported */
sd_write_uint32(buf, profile->flags.hat); sd_write_uint32(buf, profile->flags.flags);
sd_write_uint32(buf, profile_mode_packed(profile->flags.mode)); sd_write_uint32(buf, profile_mode_packed(profile->flags.mode));
sd_write_uint32(buf, profile->flags.audit); sd_write_uint32(buf, profile->flags.audit);
sd_write_structend(buf); sd_write_structend(buf);

2
parser/parser_policy.c
View File

@ -243,7 +243,7 @@ void post_process_rule_entries(Profile *prof)
static int profile_add_hat_rules(Profile *prof) static int profile_add_hat_rules(Profile *prof)
{ {
/* don't add hat rules if not hat or profile doesn't have hats */ /* don't add hat rules if not hat or profile doesn't have hats */
if (!prof->flags.hat && prof->hat_table.empty()) if (!(prof->flags.flags & FLAG_HAT) && prof->hat_table.empty())
return 0; return 0;
if (!add_proc_access(prof, CHANGEHAT_PATH)) if (!add_proc_access(prof, CHANGEHAT_PATH))

4
parser/parser_yacc.y
View File

@ -421,7 +421,7 @@ profile: opt_profile_flag profile_base
yyerror(_("Profile names must begin with a '/', namespace or keyword 'profile' or 'hat'.")); yyerror(_("Profile names must begin with a '/', namespace or keyword 'profile' or 'hat'."));
if ($1 == 2) if ($1 == 2)
prof->flags.hat = 1; prof->flags.flags |= FLAG_HAT;
$$ = prof; $$ = prof;
}; };
@ -448,7 +448,7 @@ hat: hat_start profile_base
if ($2->xattrs.list) if ($2->xattrs.list)
yyerror("hat profiles can't use xattrs matches"); yyerror("hat profiles can't use xattrs matches");
prof->flags.hat = 1; prof->flags.flags |= FLAG_HAT;
$$ = prof; $$ = prof;
}; };

8
parser/profile.h
View File

@ -110,9 +110,13 @@ static inline enum profile_mode str_to_mode(const char *str)
return MODE_UNSPECIFIED; return MODE_UNSPECIFIED;
}; };
#define FLAG_HAT 1
#define FLAG_DEBUG1 2
#define FLAG_DEBUG2 4
class flagvals { class flagvals {
public: public:
int hat; int flags;
enum profile_mode mode; enum profile_mode mode;
int audit; int audit;
int path; int path;
@ -124,7 +128,7 @@ public:
if (audit) if (audit)
os << ", Audit"; os << ", Audit";
if (hat) if (flags & FLAG_HAT)
os << ", Hat"; os << ", Hat";
os << "\n"; os << "\n";