mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 01:57:43 +00:00
Code Issues Releases Wiki Activity

parser: refactor rules parser for a common block

Browse Source 
Another step towards having a block rule and retaining parsed rule
structure. Setup the parse to use a common block pattern, that when
we are ready will become an actual rule.

Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
John Johansen 2023-02-19 02:41:22 -08:00
parent dad26e6cd2
commit 9eb23475de
1 changed files with 22 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
parser/parser_yacc.y
View File

@ -227,6 +227,7 @@ void add_local_entry(Profile *prof);
%type <prof> profile_base %type <prof> profile_base
%type <prof> profile %type <prof> profile
%type <prof> rules %type <prof> rules
%type <prof> block
%type <prof> hat %type <prof> hat
%type <prof> local_profile %type <prof> local_profile
%type <prof> cond_rule %type <prof> cond_rule
@ -708,8 +709,12 @@ rules: rules opt_prefix rule
$$ = $1; $$ = $1;
}; };
block: TOK_OPEN rules TOK_CLOSE
{
$$ = $2;
};
rules: rules opt_prefix TOK_OPEN rules TOK_CLOSE rules: rules opt_prefix block
{ {
struct cod_entry *entry, *tmp; struct cod_entry *entry, *tmp;
if ($2.rule_mode == RULE_DENY) if ($2.rule_mode == RULE_DENY)
@ -717,7 +722,7 @@ rules: rules opt_prefix TOK_OPEN rules TOK_CLOSE
PDEBUG("matched: %s%s%sblock\n", $2.audit == AUDIT_FORCE ? "audit " : "", PDEBUG("matched: %s%s%sblock\n", $2.audit == AUDIT_FORCE ? "audit " : "",
$2.rule_mode == RULE_DENY ? "deny " : "", $2.owner ? "owner " : ""); $2.rule_mode == RULE_DENY ? "deny " : "", $2.owner ? "owner " : "");
list_for_each_safe($4->entries, entry, tmp) { list_for_each_safe($3->entries, entry, tmp) {
entry->next = NULL; entry->next = NULL;
if (entry->perms & AA_EXEC_BITS) { if (entry->perms & AA_EXEC_BITS) {
if ((entry->rule_mode == RULE_DENY) && if ((entry->rule_mode == RULE_DENY) &&
@ -738,9 +743,9 @@ rules: rules opt_prefix TOK_OPEN rules TOK_CLOSE
entry->audit = AUDIT_FORCE; entry->audit = AUDIT_FORCE;
add_entry_to_policy($1, entry); add_entry_to_policy($1, entry);
} }
$4->entries = NULL; $3->entries = NULL;
// fix me transfer rules and free sub profile // fix me transfer rules and free sub profile
delete $4; delete $3;
$$ = $1; $$ = $1;
}; };
@ -974,42 +979,42 @@ rules: rules TOK_SET TOK_RLIMIT TOK_ID TOK_LE TOK_VALUE opt_id TOK_END_OF_RULE
}; };
cond_rule: TOK_IF expr TOK_OPEN rules TOK_CLOSE cond_rule: TOK_IF expr block
{ {
Profile *ret = NULL; Profile *ret = NULL;
PDEBUG("Matched: found conditional rules\n"); PDEBUG("Matched: found conditional rules\n");
if ($2) { if ($2) {
ret = $4; ret = $3;
} else { } else {
delete $4; delete $3;
} }
$$ = ret; $$ = ret;
} }
cond_rule: TOK_IF expr TOK_OPEN rules TOK_CLOSE TOK_ELSE TOK_OPEN rules TOK_CLOSE cond_rule: TOK_IF expr block TOK_ELSE block
{ {
Profile *ret = NULL; Profile *ret = NULL;
PDEBUG("Matched: found conditional else rules\n"); PDEBUG("Matched: found conditional else rules\n");
if ($2) { if ($2) {
ret = $4; ret = $3;
delete $8; delete $5;
} else { } else {
ret = $8; ret = $5;
delete $4; delete $3;
} }
$$ = ret; $$ = ret;
} }
cond_rule: TOK_IF expr TOK_OPEN rules TOK_CLOSE TOK_ELSE cond_rule cond_rule: TOK_IF expr block TOK_ELSE cond_rule
{ {
Profile *ret = NULL; Profile *ret = NULL;
PDEBUG("Matched: found conditional else-if rules\n"); PDEBUG("Matched: found conditional else-if rules\n");
if ($2) { if ($2) {
ret = $4; ret = $3;
delete $7; delete $5;
} else { } else {
ret = $7; ret = $5;
delete $4; delete $3;
} }
$$ = ret; $$ = ret;
} }