mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-04 16:25:10 +00:00
Code Issues Releases Wiki Activity

parser: convert to dynamically allocated capability list

Browse Source 
We need to be able to dynamically add capabilities to the capability
list so switch to using a dynamically allocated table that we can
extend.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen
2020-07-02 07:17:36 -07:00
parent 48974e552c
commit 7b4197f0da
3 changed files with 21 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
parser/parser.h
View File

@@ -398,6 +398,7 @@ extern char *processquoted(const char *string, int len);
extern char *processunquoted(const char *string, int len);
extern int get_keyword_token(const char *keyword);
extern int name_to_capability(const char *keyword);
extern void capabilities_init(void);
extern int get_rlimit(const char *name);
extern char *process_var(const char *var);
extern int parse_mode(const char *mode);

1
parser/parser_main.c
View File

@@ -1332,6 +1332,7 @@ int main(int argc, char *argv[])
progname = argv[0];
init_base_dir();
capabilities_init();
process_early_args(argc, argv);
process_config_file(config_file);

26
parser/parser_misc.c
View File

@@ -210,6 +210,18 @@ static struct capability_table base_capability_table[] = {
{NULL, 0, 0, CAPFLAGS_CLEAR}
};
static struct capability_table *cap_table;
static int cap_table_size;
void capabilities_init(void)
{
cap_table = (struct capability_table *) malloc(sizeof(base_capability_table));
if (!cap_table)
yyerror(_("Memory allocation error."));
memcpy(cap_table, base_capability_table, sizeof(base_capability_table));
cap_table_size = sizeof(base_capability_table)/sizeof(struct capability_table);
}
static int get_cap_token(const char *name unused, struct capability_table *table,
const char *cap)
{
@@ -229,16 +241,16 @@ static int get_cap_token(const char *name unused, struct capability_table *table
int name_to_capability(const char *keyword)
{
return get_cap_token("capability", base_capability_table, keyword);
return get_cap_token("capability", cap_table, keyword);
}
const char *capability_to_name(unsigned int cap)
{
int i;
for (i = 0; base_capability_table[i].cap; i++) {
if (base_capability_table[i].token == cap)
return base_capability_table[i].cap;
for (i = 0; cap_table[i].cap; i++) {
if (cap_table[i].token == cap)
return cap_table[i].cap;
}
return "invalid-capability";
@@ -250,9 +262,9 @@ void __debug_capabilities(uint64_t capset, const char *name)
printf("%s:", name);
for (i = 0; base_capability_table[i].cap; i++) {
if ((1ull << base_capability_table[i].token) & capset)
printf (" %s", base_capability_table[i].cap);
for (i = 0; cap_table[i].cap; i++) {
if ((1ull << cap_table[i].token) & capset)
printf (" %s", cap_table[i].cap);
}
printf("\n");
}