diff --git a/parser/immunix.h b/parser/immunix.h index 817f462c1..b6483c146 100644 --- a/parser/immunix.h +++ b/parser/immunix.h @@ -32,7 +32,7 @@ #define AA_MAY_LINK (1 << 4) #define AA_MAY_LOCK (1 << 5) #define AA_EXEC_MMAP (1 << 6) -#define AA_MAY_MOUNT (1 << 7) +#define AA_EXEC_PUX (1 << 7) #define AA_EXEC_UNSAFE (1 << 8) #define AA_EXEC_INHERIT (1 << 9) #define AA_EXEC_MOD_0 (1 << 10) @@ -43,7 +43,7 @@ #define AA_BASE_PERMS (AA_MAY_EXEC | AA_MAY_WRITE | \ AA_MAY_READ | AA_MAY_APPEND | \ AA_MAY_LINK | AA_MAY_LOCK | \ - AA_MAY_MOUNT | AA_EXEC_MMAP | \ + AA_EXEC_PUX | AA_EXEC_MMAP | \ AA_EXEC_UNSAFE | AA_EXEC_INHERIT | \ AA_EXEC_MOD_0 | AA_EXEC_MOD_1 | \ AA_EXEC_MOD_2 | AA_EXEC_MOD_3) @@ -74,7 +74,7 @@ AA_OTHER_EXEC_MODIFIERS) #define AA_EXEC_TYPE (AA_EXEC_UNSAFE | AA_EXEC_INHERIT | \ - AA_EXEC_MODIFIERS) + AA_EXEC_PUX | AA_EXEC_MODIFIERS) #define AA_EXEC_UNCONFINED (AA_EXEC_MOD_0) #define AA_EXEC_PROFILE (AA_EXEC_MOD_1) diff --git a/parser/parser_lex.l b/parser/parser_lex.l index 4e5ceda3c..c7d586dba 100644 --- a/parser/parser_lex.l +++ b/parser/parser_lex.l @@ -162,7 +162,7 @@ COLON : END_OF_RULE [,] SEPARATOR {UP} RANGE - -MODE_CHARS ([RrWwaLlMmkXx])|(([Uu]|[Pp]|[Cc])[Xx])|(([Pp]|[Cc])?[Ii][Xx]) +MODE_CHARS ([RrWwaLlMmkXx])|(([Pp]|[Cc])[Xx])|(([Pp]|[Cc])?([IiUu])[Xx]) MODES {MODE_CHARS}+ WS [[:blank:]] NUMBER [[:digit:]]+ diff --git a/parser/parser_misc.c b/parser/parser_misc.c index c891f412e..e0f82c0a3 100644 --- a/parser/parser_misc.c +++ b/parser/parser_misc.c @@ -570,6 +570,14 @@ reeval: mode |= tmode; p += 2; /* skip x */ } + } else if (tolower(next) == COD_UNSAFE_UNCONFINED_CHAR) { + tmode |= AA_EXEC_PUX; + if (IS_DIFF_QUAL(mode, tmode)) { + yyerror(_("Exec qualifier '%c%c' invalid, conflicting qualifier already specified"), this, next); + } else { + mode |= tmode; + p += 2; /* skip x */ + } } else if (IS_DIFF_QUAL(mode, tmode)) { yyerror(_("Exec qualifier '%c' invalid, conflicting qualifier already specified"), this);