mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00
Code Issues Releases Wiki Activity

Patch by jjohansen@suse.de

Browse Source 
Acked-By: Steve Beattie <sbeattie@suse.de>

Add mediation/keywords for locks.
This commit is contained in:
Steve Beattie
2007-07-27 20:38:43 +00:00
parent 95d6ab1b1b
commit 9df76dbcda
5 changed files with 24 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
parser/immunix.h
View File

@@ -30,16 +30,18 @@
#define AA_MAY_READ (1 << 2) #define AA_MAY_READ (1 << 2)
#define AA_MAY_APPEND (1 << 3) #define AA_MAY_APPEND (1 << 3)
#define AA_MAY_LINK (1 << 4) #define AA_MAY_LINK (1 << 4)
#define AA_EXEC_INHERIT (1 << 5) #define AA_MAY_LOCK (1 << 5)
#define AA_EXEC_UNCONSTRAINED (1 << 6) #define AA_EXEC_MMAP (1 << 6)
#define AA_EXEC_PROFILE (1 << 7)
#define AA_EXEC_MMAP (1 << 8) #define AA_CHANGE_PROFILE (1 << 26)
#define AA_EXEC_UNSAFE (1 << 9) #define AA_EXEC_INHERIT (1 << 27)
#define AA_EXEC_UNCONSTRAINED (1 << 28)
#define AA_EXEC_PROFILE (1 << 29)
#define AA_EXEC_UNSAFE (1 << 30)
#define AA_EXEC_MODIFIERS (AA_EXEC_INHERIT | \ #define AA_EXEC_MODIFIERS (AA_EXEC_INHERIT | \
AA_EXEC_UNCONSTRAINED | \ AA_EXEC_UNCONSTRAINED | \
AA_EXEC_PROFILE) AA_EXEC_PROFILE)
#define AA_CHANGE_PROFILE (1 << 31)
/* Network subdomain extensions. */ /* Network subdomain extensions. */
#define AA_TCP_CONNECT (1 << 16) #define AA_TCP_CONNECT (1 << 16)
@@ -73,12 +75,13 @@ enum pattern_t {
#define HAS_MAY_READ(mode) ((mode) & AA_MAY_READ) #define HAS_MAY_READ(mode) ((mode) & AA_MAY_READ)
#define HAS_MAY_WRITE(mode) ((mode) & AA_MAY_WRITE) #define HAS_MAY_WRITE(mode) ((mode) & AA_MAY_WRITE)
#define HAS_MAY_APPEND(mode) ((mode) & AA_MAY_APPEND) #define HAS_MAY_APPEND(mode) ((mode) & AA_MAY_APPEND)
#define HAS_MAY_LINK(mode) ((mode) & AA_MAY_LINK)
#define HAS_MAY_EXEC(mode) ((mode) & AA_MAY_EXEC) #define HAS_MAY_EXEC(mode) ((mode) & AA_MAY_EXEC)
#define HAS_MAY_LINK(mode) ((mode) & AA_MAY_LINK)
#define HAS_MAY_LOCK(mode) ((mode) & AA_MAY_LOCK)
#define HAS_EXEC_MMAP(mode) ((mode) & AA_EXEC_MMAP)
#define HAS_EXEC_INHERIT(mode) ((mode) & AA_EXEC_INHERIT) #define HAS_EXEC_INHERIT(mode) ((mode) & AA_EXEC_INHERIT)
#define HAS_EXEC_PROFILE(mode) ((mode) & AA_EXEC_PROFILE) #define HAS_EXEC_PROFILE(mode) ((mode) & AA_EXEC_PROFILE)
#define HAS_EXEC_UNCONSTRAINED(mode) ((mode) & AA_EXEC_UNCONSTRAINED) #define HAS_EXEC_UNCONSTRAINED(mode) ((mode) & AA_EXEC_UNCONSTRAINED)
#define HAS_EXEC_MMAP(mode) ((mode) & AA_EXEC_MMAP)
#define HAS_EXEC_UNSAFE(mode) ((mode) & AA_EXEC_UNSAFE) #define HAS_EXEC_UNSAFE(mode) ((mode) & AA_EXEC_UNSAFE)
#define HAS_CHANGE_PROFILE(mode) ((mode) & AA_CHANGE_PROFILE) #define HAS_CHANGE_PROFILE(mode) ((mode) & AA_CHANGE_PROFILE)

2
parser/libapparmor_re/regexp.y
View File

@@ -1495,7 +1495,7 @@ extern "C" void aare_delete_ruleset(aare_ruleset_t *rules)
#define ACCUMULATING_FLAGS \ #define ACCUMULATING_FLAGS \
(AA_MAY_READ | AA_MAY_WRITE | AA_MAY_APPEND | AA_MAY_EXEC | \ (AA_MAY_READ | AA_MAY_WRITE | AA_MAY_APPEND | AA_MAY_EXEC | \
AA_MAY_LINK | AA_EXEC_MMAP | AA_CHANGE_PROFILE) AA_MAY_LINK | AA_MAY_LOCK | AA_EXEC_MMAP | AA_CHANGE_PROFILE)
/** /**
* Compute the permission flags that this state corresponds to. If we * Compute the permission flags that this state corresponds to. If we

5
parser/parser.h
View File

@@ -124,13 +124,14 @@ struct var_string {
#define COD_WRITE_CHAR 'w' #define COD_WRITE_CHAR 'w'
#define COD_APPEND_CHAR 'a' #define COD_APPEND_CHAR 'a'
#define COD_EXEC_CHAR 'x' #define COD_EXEC_CHAR 'x'
#define COD_INHERIT_CHAR 'i'
#define COD_LINK_CHAR 'l' #define COD_LINK_CHAR 'l'
#define COD_LOCK_CHAR 'k'
#define COD_MMAP_CHAR 'm'
#define COD_INHERIT_CHAR 'i'
#define COD_UNCONSTRAINED_CHAR 'U' #define COD_UNCONSTRAINED_CHAR 'U'
#define COD_UNSAFE_UNCONSTRAINED_CHAR 'u' #define COD_UNSAFE_UNCONSTRAINED_CHAR 'u'
#define COD_PROFILE_CHAR 'P' #define COD_PROFILE_CHAR 'P'
#define COD_UNSAFE_PROFILE_CHAR 'p' #define COD_UNSAFE_PROFILE_CHAR 'p'
#define COD_MMAP_CHAR 'm'
#define OPTION_ADD 1 #define OPTION_ADD 1
#define OPTION_REMOVE 2 #define OPTION_REMOVE 2

4
parser/parser_lex.l
View File

@@ -53,7 +53,7 @@ COLON :
END_OF_RULE [,] END_OF_RULE [,]
SEPERATOR {UP} SEPERATOR {UP}
RANGE - RANGE -
MODES [RrWwaXxIiLlUuPpMm] MODES ([RrWwaLlMmk]|([Pp][Xx])|([Uu][Xx])|([Ii][Xx]))+
WS [[:blank:]] WS [[:blank:]]
NUMBER [[:digit:]]+ NUMBER [[:digit:]]+
ID [^ \t\n"!,]|(,[^ \t\n"!]) ID [^ \t\n"!,]|(,[^ \t\n"!])
@@ -334,7 +334,7 @@ ADD_ASSIGN \+=
return TOK_ID; return TOK_ID;
} }
{MODES}+ { {MODES} {
yylval = (YYSTYPE) strdup(yytext); yylval = (YYSTYPE) strdup(yytext);
PDEBUG("Found modes: %s\n", yylval); PDEBUG("Found modes: %s\n", yylval);
return TOK_MODE; return TOK_MODE;

7
parser/parser_misc.c
View File

@@ -472,6 +472,11 @@ reeval:
mode |= AA_MAY_LINK; mode |= AA_MAY_LINK;
break; break;
case COD_LOCK_CHAR:
PDEBUG("Parsing mode: found LOCK\n");
mode |= AA_MAY_LOCK;
break;
case COD_INHERIT_CHAR: case COD_INHERIT_CHAR:
PDEBUG("Parsing mode: found INHERIT\n"); PDEBUG("Parsing mode: found INHERIT\n");
if (next != COD_EXEC_CHAR && tolower(next) != COD_EXEC_CHAR) { if (next != COD_EXEC_CHAR && tolower(next) != COD_EXEC_CHAR) {
@@ -734,6 +739,8 @@ void debug_cod_entries(struct cod_entry *list)
printf("%c", COD_APPEND_CHAR); printf("%c", COD_APPEND_CHAR);
if (HAS_MAY_LINK(item->mode)) if (HAS_MAY_LINK(item->mode))
printf("%c", COD_LINK_CHAR); printf("%c", COD_LINK_CHAR);
if (HAS_MAY_LOCK(item->mode))
printf("%c", COD_LOCK_CHAR);
if (HAS_EXEC_INHERIT(item->mode)) if (HAS_EXEC_INHERIT(item->mode))
printf("%c", COD_INHERIT_CHAR); printf("%c", COD_INHERIT_CHAR);
if (HAS_EXEC_UNCONSTRAINED(item->mode)) { if (HAS_EXEC_UNCONSTRAINED(item->mode)) {