deal with socket types to ignore, handle backward compat for earlier AF_MAX value

2025-08-30 05:47:59 +00:00 · 2009-11-11 10:58:57 -08:00 · 2009-11-11 10:58:57 -08:00 · 4173f0a558
commit 4173f0a558
parent 0d2518551f
2 changed files with 4 additions and 1 deletions
--- a/parser/Makefile
+++ b/parser/Makefile
@ -181,9 +181,10 @@ parser_version.h: Makefile
 	@echo \#define PARSER_VERSION \"$(VERSION)\" > .ver
 	@mv -f .ver $@

+# These are the families that it doesn't make sense for apparmor to mediate.
 # We use PF_ here since that is what is required in bits/socket.h, but we will
 # rewrite these as AF_.
-FILTER_FAMILIES=PF_RXRPC PF_MAX PF_UNSPEC PF_UNIX PF_LOCAL PF_NETLINK PF_LLC PF_IUCV PF_TIPC PF_CAN
+FILTER_FAMILIES=PF_RXRPC PF_MAX PF_UNSPEC PF_UNIX PF_LOCAL PF_NETLINK PF_LLC PF_IUCV PF_TIPC PF_CAN PF_ISDN PF_PHONET

 __FILTER=$(shell echo $(strip $(FILTER_FAMILIES)) | sed -e 's/ /\\\|/g')

--- a/parser/parser_misc.c
+++ b/parser/parser_misc.c
@ -246,6 +246,8 @@ static struct network_tuple network_mappings[] = {
 * hence the wrapping function.
 */
 size_t get_af_max() {
+	/* HACK: declare that version without "create" had a static AF_MAX */
+	if (!perms_create) return 36;
 #if AA_AF_MAX > AF_MAX
 	return AA_AF_MAX;
 #else