From 5655affcda34aa56ca1bb2100791eabaf30b4bdd Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Tue, 26 Jun 2007 21:09:46 +0000
Subject: [PATCH] flatten hats for individual profile load

---
 parser/parser.h           |  6 ++++-
 parser/parser_interface.c | 53 +++++++++++++++++++++++++++++++++------
 parser/parser_policy.c    | 23 ++++++++++++++++-
 3 files changed, 72 insertions(+), 10 deletions(-)

diff --git a/parser/parser.h b/parser/parser.h
index ac6542e3f..3519dba48 100644
--- a/parser/parser.h
+++ b/parser/parser.h
@@ -62,6 +62,8 @@ struct codomain {
 	char *sub_name;				/* subdomain name or NULL */
 	int default_deny;			/* TRUE or FALSE */
 
+	struct codomain *parent;
+
 	struct flagval flags;
 
 	unsigned int capabilities;
@@ -212,7 +214,8 @@ extern int codomain_merge_rules(struct codomain *cod);
 /* parser_interface.c */
 typedef struct __sdserialize sd_serialize;
 extern int load_codomain(int option, struct codomain *cod);
-extern int sd_serialize_profile(sd_serialize *p, struct codomain *cod);
+extern int sd_serialize_profile(sd_serialize *p, struct codomain *cod,
+				int flatten);
 
 /* parser_policy.c */
 extern void add_to_list(struct codomain *codomain);
@@ -227,6 +230,7 @@ extern int merge_hat_rules(struct codomain *cod);
 extern struct codomain *merge_policy(struct codomain *a, struct codomain *b);
 extern int load_policy(int option);
 extern int load_hats(sd_serialize *p, struct codomain *cod);
+extern int load_flattened_hats(struct codomain *cod);
 extern void free_policy(struct codomain *cod);
 extern void dump_policy(void);
 extern void dump_policy_hats(struct codomain *cod);
diff --git a/parser/parser_interface.c b/parser/parser_interface.c
index 44643e76d..9289e5863 100644
--- a/parser/parser_interface.c
+++ b/parser/parser_interface.c
@@ -18,6 +18,7 @@
  */
 
 #define _GNU_SOURCE    /* for asprintf */
+#include <assert.h>
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
@@ -538,15 +539,31 @@ int count_pcre_ents(struct cod_entry *list)
 	return count;
 }
 
-int sd_serialize_profile(sd_serialize *p, struct codomain *profile)
+int sd_serialize_profile(sd_serialize *p, struct codomain *profile,
+			 int flattened)
 {
 	struct cod_entry *entry;
 	struct cod_net_entry *net_entry;
 
 	if (!sd_write_struct(p, "profile"))
 		return 0;
-	if (!sd_write_string(p, profile->name, NULL))
-		return 0;
+	if (flattened) {
+		assert(profile->parent);
+		int res;
+
+		char *name = malloc(3 + strlen(profile->name) +
+				    strlen(profile->parent->name));
+		if (!name)
+			return 0;
+		sprintf(name, "%s//%s", profile->parent->name, profile->name);
+		res = sd_write_string(p, name, NULL);
+		free(name);
+		if (!res)
+			return 0;
+	} else {
+		if (!sd_write_string(p, profile->name, NULL))
+			return 0;
+	}
 	if (!sd_write_struct(p, "flags"))
 		return 0;
 	/* used to be flags.debug, but that's no longer supported */
@@ -621,7 +638,7 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile)
 
 	}
 
-	if (profile->hat_table) {
+	if (profile->hat_table && regex_type != AARE_DFA) {
 		if (!sd_write_list(p, "hats"))
 			return 0;
 		if (load_hats(p, profile) != 0)
@@ -651,7 +668,7 @@ int sd_serialize_top_profile(sd_serialize *p, struct codomain *profile)
 
 	if (!sd_write32(p, version))
 		return 0;
-	return sd_serialize_profile(p, profile);
+	return sd_serialize_profile(p, profile, profile->parent ? 1 : 0);
 }
 
 int sd_serialize_codomain(int option, struct codomain *cod)
@@ -695,11 +712,25 @@ int sd_serialize_codomain(int option, struct codomain *cod)
 		free(filename);
 
 	if (option == OPTION_REMOVE) {
-		size = strlen(cod->name) + 1;
-		wsize = write(fd, cod->name, size);
+		char *name;
+		if (cod->parent) {
+			name = malloc(strlen(cod->name) + 3 +
+				      strlen(cod->parent->name));
+			if (!name) {
+				PERROR(_("Unable to remove ^%s\n"), cod->name);
+				error = -errno;
+				goto exit;
+			}
+			sprintf(name, "%s//%s", cod->parent->name, cod->name);
+		} else {
+			name = cod->name;
+		}
+		size = strlen(name) + 1;
+		wsize = write(fd, name, size);
 		if (wsize < 0)
 			error = -errno;
-
+		if (cod->parent)
+			free(name);
 	} else {
 
 		work_area = alloc_sd_serial();
@@ -731,6 +762,12 @@ int sd_serialize_codomain(int option, struct codomain *cod)
 
 	close(fd);
 
+	if (cod->hat_table && regex_type == AARE_DFA) {
+		if (load_flattened_hats(cod) != 0)
+			return 0;
+	}
+
+
 exit:
 	return error;
 }
diff --git a/parser/parser_policy.c b/parser/parser_policy.c
index dd1a24408..92dfd5ef9 100644
--- a/parser/parser_policy.c
+++ b/parser/parser_policy.c
@@ -66,6 +66,8 @@ void add_hat_to_policy(struct codomain *cod, struct codomain *hat)
 {
 	struct codomain **result;
 
+	hat->parent = cod;
+
 	result = (struct codomain **) tsearch(hat, &(cod->hat_table), codomain_compare);
 	if (!result) {
 		PERROR("Memory allocation error\n");
@@ -256,13 +258,32 @@ static void __load_hat(const void *nodep, const VISIT value,
 	if (value == preorder || value == endorder)
 		return;
 
-	if (!sd_serialize_profile(__p, *t)) {
+	if (!sd_serialize_profile(__p, *t, 0)) {
 		PERROR(_("ERROR in profile %s, failed to load\n"),
 		       (*t)->name);
 		exit(1);
 	}
 }
 
+static void __load_flattened_hat(const void *nodep, const VISIT value,
+				 const int __unused depth)
+{
+	struct codomain **t = (struct codomain **) nodep;
+
+	if (value == preorder || value == endorder)
+		return;
+
+	if (load_codomain(__load_option, *t) != 0) {
+		exit(1);
+	}
+}
+
+int load_flattened_hats(struct codomain *cod)
+{
+	twalk(cod->hat_table, __load_flattened_hat);
+	return 0;
+}
+
 int load_hats(sd_serialize *p, struct codomain *cod)
 {
 	__p = p;