mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-30 22:05:27 +00:00
Code Issues Releases Wiki Activity

parser: Stop splitting the namespace from the named transition targets

Browse Source 
The parser was splitting up the namespace and profile name from named
transition targets only to rejoin it later when creating the binary
policy. This complicated the changes needed to support the stacking
identifier '&' in named transition targets.

To keep the stacking support simple, this patch keeps the entire named
transition target string intact from initial profile parsing to writing
out the binary.

All of these changes are straightforward except the hunk that removes
the namespace string addition to the vector in the process_dfa_entry()
function. After speaking with John, kernels with stacking have support
for consuming the namespace with the profile name.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Tyler Hicks
2016-03-18 17:28:51 -05:00
parent a49c988c03
commit a83d03a6a7
6 changed files with 40 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
parser/parser_misc.c
View File

@@ -637,6 +637,16 @@ static int _parse_label(char **ns, size_t *ns_len,
return 0;
}
bool label_contains_ns(const char *label)
{
char *ns = NULL;
char *name = NULL;
size_t ns_len = 0;
size_t name_len = 0;
return _parse_label(&ns, &ns_len, &name, &name_len, label) == 0 && ns;
}
void parse_label(char **_ns, char **_name, const char *label)
{
char *ns = NULL;
@@ -671,20 +681,7 @@ void parse_label(char **_ns, char **_name, const char *label)
}
}
void parse_named_transition_target(struct named_transition *nt,
const char *target)
{
memset(nt, 0, sizeof(*nt));
if (!target) {
/* Return with nt->present set to 0 (thanks to the memset) */
return;
}
parse_label(&nt->ns, &nt->name, target);
nt->present = 1;
}
struct cod_entry *new_entry(char *ns, char *id, int mode, char *link_id)
struct cod_entry *new_entry(char *id, int mode, char *link_id)
{
struct cod_entry *entry = NULL;
@@ -692,7 +689,6 @@ struct cod_entry *new_entry(char *ns, char *id, int mode, char *link_id)
if (!entry)
return NULL;
entry->ns = ns;
entry->name = id;
entry->link_name = link_id;
entry->mode = mode;
@@ -716,7 +712,6 @@ struct cod_entry *copy_cod_entry(struct cod_entry *orig)
if (!entry)
return NULL;
DUP_STRING(orig, entry, ns, err);
DUP_STRING(orig, entry, name, err);
DUP_STRING(orig, entry, link_name, err);
DUP_STRING(orig, entry, nt_name, err);
@@ -743,8 +738,6 @@ void free_cod_entries(struct cod_entry *list)
return;
if (list->next)
free_cod_entries(list->next);
if (list->ns)
free(list->ns);
if (list->name)
free(list->name);
if (list->link_name)
@@ -797,9 +790,6 @@ void debug_cod_entries(struct cod_entry *list)
else
printf("\tName:\tNULL\n");
if (item->ns)
printf("\tNs:\t(%s)\n", item->ns);
if (AA_LINK_BITS & item->mode)
printf("\tlink:\t(%s)\n", item->link_name ? item->link_name : "/**");