parser: Stop splitting the namespace from the named transition targets

The parser was splitting up the namespace and profile name from named transition targets only to rejoin it later when creating the binary policy. This complicated the changes needed to support the stacking identifier '&' in named transition targets. To keep the stacking support simple, this patch keeps the entire named transition target string intact from initial profile parsing to writing out the binary. All of these changes are straightforward except the hunk that removes the namespace string addition to the vector in the process_dfa_entry() function. After speaking with John, kernels with stacking have support for consuming the namespace with the profile name. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com>
2025-08-31 14:25:52 +00:00 · 2016-03-18 17:28:51 -05:00
parent a49c988c03
commit a83d03a6a7
6 changed files with 40 additions and 87 deletions
--- a/parser/parser_policy.c
+++ b/parser/parser_policy.c
@@ -91,7 +91,7 @@ static int add_named_transition(Profile *prof, struct cod_entry *entry)
 	char *name = NULL;

 	/* check to see if it is a local transition */
-	if (!entry->ns) {
+	if (!label_contains_ns(entry->nt_name)) {
 		char *sub = strstr(entry->nt_name, "//");
 		/* does the subprofile name match the rule */

@@ -128,15 +128,11 @@ static int add_named_transition(Profile *prof, struct cod_entry *entry)
 			entry->nt_name = NULL;
 		}
 	} else {
-	  name = (char *) malloc(strlen(entry->ns) + strlen(entry->nt_name) + 3);
-		if (!name) {
-			PERROR("Memory allocation error\n");
-			exit(1);
-		}
-		sprintf(name, ":%s:%s", entry->ns, entry->nt_name);
-		free(entry->ns);
-		free(entry->nt_name);
-		entry->ns = NULL;
+		/**
+		 * pass control of the memory pointed to by nt_name
+		 * from entry to add_entry_to_x_table()
+		 */
+		name = entry->nt_name;
 		entry->nt_name = NULL;
 	}

@@ -184,7 +180,7 @@ void post_process_file_entries(Profile *prof)
 			PERROR("Memory allocation error\n");
 			exit(1);
 		}
-		new_ent = new_entry(NULL, buffer, AA_MAY_WRITE, NULL);
+		new_ent = new_entry(buffer, AA_MAY_WRITE, NULL);
 		if (!new_ent) {
 			PERROR("Memory allocation error\n");
 			exit(1);
@@ -214,7 +210,7 @@ static int profile_add_hat_rules(Profile *prof)
 		return 0;

 	/* add entry to hat */
-	entry = new_entry(NULL, strdup(CHANGEHAT_PATH), AA_MAY_WRITE, NULL);
+	entry = new_entry(strdup(CHANGEHAT_PATH), AA_MAY_WRITE, NULL);
 	if (!entry)
 		return ENOMEM;