parser: convert the stored audit from a bit mask to a bool

This delays the convertion of the audit flag until passing to the backend. This is a step towards fix the parser front end so that it doesn't use encoded permission mappings. Note: the patch embedds the bool conversion into a struct to ensure the compiler will fail to build unless every use is fixed. The struct is removed in the following patch. Signed-off-by: John Johansen <john.johansen@canonical.com>
2025-08-31 14:25:52 +00:00 · 2021-06-11 03:07:54 -07:00
parent 4fd1f97102
commit 44f3be091a
21 changed files with 102 additions and 92 deletions
--- a/parser/signal.cc
+++ b/parser/signal.cc
@@ -174,7 +174,7 @@ void signal_rule::move_conditionals(struct cond_entry *conds)
 }

 signal_rule::signal_rule(perms_t perms_p, struct cond_entry *conds):
-	signals(), peer_label(NULL), audit(0), deny(0)
+	signals(), peer_label(NULL), audit( { false} ), deny(0)
 {
 	if (perms_p) {
 		perms = perms_p;
@@ -191,7 +191,7 @@ signal_rule::signal_rule(perms_t perms_p, struct cond_entry *conds):

 ostream &signal_rule::dump(ostream &os)
 {
-	if (audit)
+	if (audit.audit)
 		os << "audit ";
 	if (deny)
 		os << "deny ";
@@ -292,7 +292,7 @@ int signal_rule::gen_policy_re(Profile &prof)

 	buf = buffer.str();
 	if (perms & (AA_MAY_SEND | AA_MAY_RECEIVE)) {
-		if (!prof.policy.rules->add_rule(buf.c_str(), deny, perms, audit,
+		if (!prof.policy.rules->add_rule(buf.c_str(), deny, perms, audit.audit ? perms : 0,
 						 dfaflags))
 			goto fail;
 	}