mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 14:25:52 +00:00
Code Issues Releases Wiki Activity

parser: convert audit from bool to enum

Browse Source 
Audit control support is going to be extended to support allowing
policy to which rules should quiet auditing. Update the frontend
internals to prepare for this.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2021-08-28 02:11:11 -07:00
parent 134e95f783
commit 7a318d99f2
22 changed files with 111 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
parser/mqueue.cc
View File

@@ -87,7 +87,7 @@ void mqueue_rule::move_conditionals(struct cond_entry *conds)
}
mqueue_rule::mqueue_rule(perms_t perms_p, struct cond_entry *conds, char *qname_p):
qtype(mqueue_unspecified), qname(qname_p), label(NULL), audit(false), deny(0)
qtype(mqueue_unspecified), qname(qname_p), label(NULL), audit({AUDIT_UNSPECIFIED}), deny(0)
{
move_conditionals(conds);
free_cond_list(conds);
@@ -115,7 +115,7 @@ mqueue_rule::mqueue_rule(perms_t perms_p, struct cond_entry *conds, char *qname_
ostream &mqueue_rule::dump(ostream &os)
{
if (audit)
if (audit.audit_mode == AUDIT_FORCE)
os << "audit ";
if (deny)
os << "deny ";
@@ -233,10 +233,10 @@ int mqueue_rule::gen_policy_re(Profile &prof)
/* store perms at name match so label doesn't need
* to be checked
*/
if (!label && !prof.policy.rules->add_rule_vec(deny, perms, audit ? perms : 0, 1, vec, dfaflags, false))
if (!label && !prof.policy.rules->add_rule_vec(deny, perms, audit.audit_mode == AUDIT_FORCE ? perms : 0, 1, vec, dfaflags, false))
goto fail;
/* also provide label match with perm */
if (!prof.policy.rules->add_rule_vec(deny, perms, audit ? perms : 0, size, vec, dfaflags, false))
if (!prof.policy.rules->add_rule_vec(deny, perms, audit.audit_mode == AUDIT_FORCE ? perms : 0, size, vec, dfaflags, false))
goto fail;
}
}
@@ -268,10 +268,10 @@ int mqueue_rule::gen_policy_re(Profile &prof)
}
if (perms & AA_VALID_SYSV_MQ_PERMS) {
if (!label && !prof.policy.rules->add_rule_vec(deny, perms, audit ? perms : 0, 1, vec, dfaflags, false))
if (!label && !prof.policy.rules->add_rule_vec(deny, perms, audit.audit_mode ? perms : 0, 1, vec, dfaflags, false))
goto fail;
/* also provide label match with perm */
if (!prof.policy.rules->add_rule_vec(deny, perms, audit ? perms : 0, size, vec, dfaflags, false))
if (!prof.policy.rules->add_rule_vec(deny, perms, audit.audit_mode ? perms : 0, size, vec, dfaflags, false))
goto fail;
}
}