update parser to use HAS_X macros

parser/immunix.h

@@ -88,4 +88,14 @@ enum pattern_t {
 	ePatternInvalid,
 };
 
+#define HAS_MAY_READ(mode)		((mode) & KERN_COD_MAY_READ)
+#define HAS_MAY_WRITE(mode)		((mode) & KERN_COD_MAY_WRITE)
+#define HAS_MAY_LINK(mode)		((mode) & KERN_COD_MAY_LINK)
+#define HAS_MAY_EXEC(mode)		((mode) & KERN_COD_MAY_EXEC)
+#define HAS_EXEC_INHERIT(mode)		((mode) & KERN_COD_EXEC_INHERIT)
+#define HAS_EXEC_PROFILE(mode)		((mode) & KERN_COD_EXEC_PROFILE)
+#define HAS_EXEC_UNCONSTRAINED(mode)	((mode) & KERN_COD_EXEC_UNCONSTRAINED)
+#define HAS_EXEC_MMAP(mode) 		((mode) & KERN_COD_EXEC_MMAP)
+#define HAS_EXEC_UNSAFE(mode) 		((mode) & KERN_COD_EXEC_UNSAFE)
+
 #endif				/* ! _IMMUNIX_H */

parser/parser_main.c

@@ -128,7 +128,7 @@ void pwarn(char *fmt, ...)
 	if (conf_quiet || names_only || option == OPTION_REMOVE)
 		return;
 
-	rc = asprintf(&newfmt, "Warning (%s line %d): %s",
+	rc = asprintf(&newfmt, _("Warning (%s line %d): %s"),
 		      profilename ? profilename : "stdin",
 		      current_lineno,
 		      fmt);

parser/parser_merge.c

@@ -75,19 +75,17 @@ static int process_file_entries(struct codomain *cod)
 	table[count] = NULL;
 
 #define CHECK_CONFLICT_UNSAFE(a, b) \
-	(((a & KERN_COD_EXEC_UNSAFE) ^ (b & KERN_COD_EXEC_UNSAFE)) && \
+	((HAS_EXEC_UNSAFE(a) ^ HAS_EXEC_UNSAFE(b)) && \
-	 (KERN_EXEC_MODIFIERS(a) & ~KERN_COD_EXEC_INHERIT) && \
+	 ((HAS_EXEC_PROFILE(a) && HAS_EXEC_PROFILE(b)) || \
-	 (KERN_EXEC_MODIFIERS(b) & ~KERN_COD_EXEC_INHERIT))
+	  (HAS_EXEC_UNCONSTRAINED(a) && HAS_EXEC_UNCONSTRAINED(b))))
 
 	/* walk the sorted table merging similar entries */
 	for (cur = table[0], next = table[1], n = 1; next != NULL; n++, next = table[n]) {
 		if (file_comp(&cur, &next) == 0) {
 			int conflict = CHECK_CONFLICT_UNSAFE(cur->mode, next->mode);
-			PDEBUG("%s: cur_mode: %x next_mode: %x conflict %d\n",
-				__FUNCTION__, cur->mode, next->mode, conflict);
 			cur->mode |= next->mode;
 			/* check for merged x consistency */
-			if (KERN_COD_MAY_EXEC & cur->mode &&
+			if (HAS_MAY_EXEC(cur->mode) &&
 			    ((KERN_EXEC_MODIFIERS(cur->mode) &
 			      (KERN_EXEC_MODIFIERS(cur->mode) - 1)) ||
 			     conflict)) {

parser/parser_misc.c

@@ -266,8 +266,8 @@ static int warned_uppercase = 0;
 static void warn_uppercase(void)
 {
 	if (!warned_uppercase) {
-		pwarn("Uppercase qualifiers \"RWLIMX\" are deprecated, please convert to lowercase\n"
+		pwarn(_("Uppercase qualifiers \"RWLIMX\" are deprecated, please convert to lowercase\n"
-		      "See the apparmor.d(5) manpage for details.\n");
+			"See the apparmor.d(5) manpage for details.\n"));
 		warned_uppercase = 1;
 	}
 }
@@ -324,16 +324,18 @@ reeval:
 
 		case COD_UNSAFE_UNCONSTRAINED_CHAR:
 			mode |= KERN_COD_EXEC_UNSAFE;
-			pwarn("Unconstrained exec qualifier (%c%c) allows some dangerous environment variables\n"
+			pwarn(_("Unconstrained exec qualifier (%c%c) allows some dangerous environment variables "
-			      "to be passed to the unconfined process; see the apparmor.d(5) manpage for details.\n",
+				"to be passed to the unconfined process; 'man 5 apparmor.d' for details.\n"),
 			      COD_UNSAFE_UNCONSTRAINED_CHAR, COD_EXEC_CHAR);
 			/* fall through */
 		case COD_UNCONSTRAINED_CHAR:
 			PDEBUG("Parsing mode: found UNCONSTRAINED\n");
 			if (next != COD_EXEC_CHAR && tolower(next) != COD_EXEC_CHAR) {
-				yyerror(_("Exec qualifier 'u' must be followed by 'x'"));
+				yyerror(_("Exec qualifier '%c' must be followed by 'x'"),
+					this);
 			} else if (IS_DIFF_QUAL(this)) {
-				yyerror(_("Exec qualifier 'u' invalid, conflicting qualifier already specified"));
+				yyerror(_("Exec qualifier '%c' invalid, conflicting qualifier already specified"),
+					this);
 			} else {
 				if (next != tolower(next))
 					warn_uppercase();
@@ -350,9 +352,11 @@ reeval:
 		case COD_PROFILE_CHAR:
 			PDEBUG("Parsing mode: found PROFILE\n");
 			if (next != COD_EXEC_CHAR && tolower(next) != COD_EXEC_CHAR) {
-				yyerror(_("Exec qualifier 'p' must be followed by 'x'"));
+				yyerror(_("Exec qualifier '%c' must be followed by 'x'"),
+					this);
 			} else if (IS_DIFF_QUAL(this)) {
-				yyerror(_("Exec qualifier 'p' invalid, conflicting qualifier already specified"));
+				yyerror(_("Exec qualifier '%c' invalid, conflicting qualifier already specified"),
+					this);
 			} else {
 				if (next != tolower(next))
 					warn_uppercase();
@@ -556,29 +560,29 @@ void debug_cod_entries(struct cod_entry *list)
 			printf("Item is NULL!\n");
 
 		printf("Mode:\t");
-		if (item->mode & KERN_COD_MAY_READ)
+		if (HAS_MAY_READ(item->mode))
 			printf("%c", COD_READ_CHAR);
-		if (item->mode & KERN_COD_MAY_WRITE)
+		if (HAS_MAY_WRITE(item->mode))
 			printf("%c", COD_WRITE_CHAR);
-		if (item->mode & KERN_COD_MAY_LINK)
+		if (HAS_MAY_LINK(item->mode))
 			printf("%c", COD_LINK_CHAR);
-		if (item->mode & KERN_COD_EXEC_INHERIT)
+		if (HAS_EXEC_INHERIT(item->mode))
 			printf("%c", COD_INHERIT_CHAR);
-		if (item->mode & KERN_COD_EXEC_UNCONSTRAINED) {
+		if (HAS_EXEC_UNCONSTRAINED(item->mode)) {
-			if (item->mode & KERN_COD_EXEC_UNSAFE)
+			if (HAS_EXEC_UNSAFE(item->mode))
 				printf("%c", COD_UNSAFE_UNCONSTRAINED_CHAR);
 			else
 				printf("%c", COD_UNCONSTRAINED_CHAR);
 		}
-		if (item->mode & KERN_COD_EXEC_PROFILE) {
+		if (HAS_EXEC_PROFILE(item->mode)) {
-			if (item->mode & KERN_COD_EXEC_UNSAFE)
+			if (HAS_EXEC_UNSAFE(item->mode))
 				printf("%c", COD_UNSAFE_PROFILE_CHAR);
 			else
 				printf("%c", COD_PROFILE_CHAR);
 		}
-		if (item->mode & KERN_COD_EXEC_MMAP)
+		if (HAS_EXEC_MMAP(item->mode))
 			printf("%c", COD_MMAP_CHAR);
-		if (item->mode & KERN_COD_MAY_EXEC)
+		if (HAS_MAY_EXEC(item->mode))
 			printf("%c", COD_EXEC_CHAR);
 
 		if (item->name)