mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 22:05:27 +00:00
Code Issues Releases Wiki Activity

exec modes per U:G:O

Browse Source
This commit is contained in:
John Johansen
2007-11-16 09:35:57 +00:00
parent ec639bc82c
commit 638535d650
6 changed files with 109 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
parser/parser_regex.c
View File

@@ -497,14 +497,16 @@ static int process_dfa_entry(aare_ruleset_t *dfarules, struct cod_entry *entry)
/* ix implies m but the apparmor module does not add m bit to
* dfa states like it does for pcre
*/
if ((entry->mode & AA_EXEC_MODIFIERS) == AA_EXEC_INHERIT) {
if (HAS_MAY_EXEC(SHIFT_TO_BASE(entry->mode, AA_OTHER_SHIFT)))
entry->mode |= AA_EXEC_MMAP << AA_OTHER_SHIFT;
if (HAS_MAY_EXEC(SHIFT_TO_BASE(entry->mode, AA_GROUP_SHIFT)))
entry->mode |= AA_EXEC_MMAP << AA_GROUP_SHIFT;
if (HAS_MAY_EXEC(SHIFT_TO_BASE(entry->mode, AA_USER_SHIFT)))
entry->mode |= AA_EXEC_MMAP << AA_USER_SHIFT;
}
if (((entry->mode >> AA_OTHER_SHIFT) & AA_EXEC_MODIFIERS) ==
AA_EXEC_INHERIT)
entry->mode |= AA_EXEC_MMAP << AA_OTHER_SHIFT;
if (((entry->mode >> AA_GROUP_SHIFT) & AA_EXEC_MODIFIERS) ==
AA_EXEC_INHERIT)
entry->mode |= AA_EXEC_MMAP << AA_GROUP_SHIFT;
if (((entry->mode >> AA_USER_SHIFT) & AA_EXEC_MODIFIERS) ==
AA_EXEC_INHERIT)
entry->mode |= AA_EXEC_MMAP << AA_USER_SHIFT;
if (!aare_add_rule(dfarules, tbuf, entry->mode))
ret = FALSE;