mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 13:58:22 +00:00
Code Issues Releases Wiki Activity

deal with socket types to ignore, handle backward compat for earlier AF_MAX value

Browse Source
This commit is contained in:
Kees Cook
2009-11-11 10:58:57 -08:00
parent 0d2518551f
commit 4173f0a558
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
parser/Makefile
View File

@@ -181,9 +181,10 @@ parser_version.h: Makefile
@echo \#define PARSER_VERSION \"$(VERSION)\" > .ver @echo \#define PARSER_VERSION \"$(VERSION)\" > .ver
@mv -f .ver $@ @mv -f .ver $@
# These are the families that it doesn't make sense for apparmor to mediate.
# We use PF_ here since that is what is required in bits/socket.h, but we will # We use PF_ here since that is what is required in bits/socket.h, but we will
# rewrite these as AF_. # rewrite these as AF_.
FILTER_FAMILIES=PF_RXRPC PF_MAX PF_UNSPEC PF_UNIX PF_LOCAL PF_NETLINK PF_LLC PF_IUCV PF_TIPC PF_CAN FILTER_FAMILIES=PF_RXRPC PF_MAX PF_UNSPEC PF_UNIX PF_LOCAL PF_NETLINK PF_LLC PF_IUCV PF_TIPC PF_CAN PF_ISDN PF_PHONET
__FILTER=$(shell echo $(strip $(FILTER_FAMILIES)) | sed -e 's/ /\\\|/g') __FILTER=$(shell echo $(strip $(FILTER_FAMILIES)) | sed -e 's/ /\\\|/g')

2
parser/parser_misc.c
View File

@@ -246,6 +246,8 @@ static struct network_tuple network_mappings[] = {
* hence the wrapping function. * hence the wrapping function.
*/ */
size_t get_af_max() { size_t get_af_max() {
/* HACK: declare that version without "create" had a static AF_MAX */
if (!perms_create) return 36;
#if AA_AF_MAX > AF_MAX #if AA_AF_MAX > AF_MAX
return AA_AF_MAX; return AA_AF_MAX;
#else #else