mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

Patch from jjohansen@suse.de

Browse Source 
Acked-By: Steve Beattie <sbeattie@suse.de>

Support placing the permission modes first before the pathname. This
makes things somewhat more consistent with other types of permissions
(capability [specific_cap], network [stuff], etc.).
This commit is contained in:
Steve Beattie 2007-07-27 20:55:25 +00:00
parent 318df7804a
commit 6c1d6fdd80
2 changed files with 39 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
parser/parser_misc.c
View File

@ -102,6 +102,7 @@ static struct keyword_table keyword_table[] = {
{"not", TOK_NOT}, {"not", TOK_NOT},
{"defined", TOK_DEFINED}, {"defined", TOK_DEFINED},
{"change_profile", TOK_CHANGE_PROFILE}, {"change_profile", TOK_CHANGE_PROFILE},
{"unsafe", TOK_UNSAFE},
/* terminate */ /* terminate */
{NULL, 0} {NULL, 0}
}; };

52
parser/parser_yacc.y
View File

@ -67,6 +67,7 @@ struct value_list {
}; };
void free_value_list(struct value_list *list); void free_value_list(struct value_list *list);
struct cod_entry *do_file_rule(char *id, int mode);
%} %}
@ -88,6 +89,7 @@ void free_value_list(struct value_list *list);
%token TOK_CHANGE_PROFILE %token TOK_CHANGE_PROFILE
%token TOK_NETWORK %token TOK_NETWORK
%token TOK_HAT %token TOK_HAT
%token TOK_UNSAFE
/* network tokens */ /* network tokens */
%token TOK_IP %token TOK_IP
@ -565,26 +567,38 @@ expr: TOK_DEFINED TOK_BOOL_VAR
rule: TOK_ID file_mode TOK_END_OF_RULE rule: TOK_ID file_mode TOK_END_OF_RULE
{ {
struct cod_entry *entry; $$ = do_file_rule($1, $2);
PDEBUG("Matched: tok_id (%s) tok_mode (%s)\n", $1, $2);
entry = new_entry($1, $2);
if (!entry)
yyerror(_("Memory allocation error."));
PDEBUG("rule.entry: (%s)\n", entry->name);
$$ = entry;
}; };
rule: TOK_SET_VAR file_mode TOK_END_OF_RULE rule: TOK_SET_VAR file_mode TOK_END_OF_RULE
{ {
struct cod_entry *entry; $$ = do_file_rule($1, $2);
PDEBUG("Matched: tok_id (%s) tok_mode (%s)\n", $1, $2);
entry = new_entry($1, $2);
if (!entry)
yyerror(_("Memory allocation error."));
PDEBUG("rule.entry: (%s)\n", entry->name);
$$ = entry;
}; };
rule: file_mode TOK_ID TOK_END_OF_RULE
{
$$ = do_file_rule($2, $1 & ~AA_EXEC_UNSAFE);
};
rule: file_mode TOK_SET_VAR TOK_END_OF_RULE
{
$$ = do_file_rule($2, $1 & ~AA_EXEC_UNSAFE);
};
rule: TOK_UNSAFE file_mode TOK_ID TOK_END_OF_RULE
{
if (!($2 & AA_MAY_EXEC))
yyerror(_("unsafe rule missing exec permissions"));
$$ = do_file_rule($3, $2 | AA_EXEC_UNSAFE);
};
rule: TOK_UNSAFE file_mode TOK_SET_VAR TOK_END_OF_RULE
{
if (!($2 & AA_MAY_EXEC))
yyerror(_("unsafe rule missing exec permissions"));
$$ = do_file_rule($3, $2 | AA_EXEC_UNSAFE);
};
rule: TOK_ID file_mode TOK_ID rule: TOK_ID file_mode TOK_ID
{ {
/* Oopsie, we appear to be missing an EOL marker. If we /* Oopsie, we appear to be missing an EOL marker. If we
@ -1003,3 +1017,13 @@ void free_value_list(struct value_list *list)
} }
} }
struct cod_entry *do_file_rule(char *id, int mode)
{
struct cod_entry *entry;
PDEBUG("Matched: tok_id (%s) tok_mode (0x%x)\n", id, mode);
entry = new_entry(id, mode);
if (!entry)
yyerror(_("Memory allocation error."));
PDEBUG("rule.entry: (%s)\n", entry->name);
return entry;
}