mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00
Code Issues Releases Wiki Activity

parser: add rule merging for af_unix rules

Browse Source 
this is reuired because af_rule merging does not take into account
the potential af_unix addresses and could incorrectly merge af_unix
rules.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2023-07-05 03:56:20 -07:00
parent 00553a6dd5
commit 5e713276ca
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
parser/af_unix.h
View File

@@ -62,6 +62,19 @@ public:
virtual int expand_variables(void);
virtual int gen_policy_re(Profile &prof);
// inherit is_mergable() from af_rule
virtual int cmp(rule_t const &rhs) const
{
int res = af_rule::cmp(rhs);
if (res)
return res;
unix_rule const &trhs = (rule_cast<unix_rule const &>(rhs));
res = null_strcmp(addr, trhs.addr);
if (res)
return res;
return null_strcmp(peer_addr, trhs.peer_addr);
};
protected:
virtual void warn_once(const char *name) override;
};