mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-28 12:58:07 +00:00
Code Issues Releases Wiki Activity

Update aliases so that they apply properly to profile names.

Browse Source 
Instead of updating the profile name, allow a profile to have multiple
alternate names.  Aliases are now added as alternate names and matched
through the xmatch dfa.
This commit is contained in:
John Johansen 2010-02-12 13:49:58 -08:00
parent eafddd3cea
commit ee00b0cea2
3 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
parser/parser.h
View File

@ -77,9 +77,15 @@ struct aa_rlimits {
rlim_t limits[RLIMIT_NLIMITS]; rlim_t limits[RLIMIT_NLIMITS];
}; };
struct alt_name {
char *name;
struct alt_name *next;
};
struct codomain { struct codomain {
char *namespace; char *namespace;
char *name; /* codomain name */ char *name; /* codomain name */
struct alt_name *altnames;
void *xmatch; void *xmatch;
size_t xmatch_size; size_t xmatch_size;
int xmatch_len; int xmatch_len;

10
parser/parser_alias.c
View File

@ -161,11 +161,17 @@ static void process_name(const void *nodep, VISIT value, int __unused level)
len = strlen((*t)->from); len = strlen((*t)->from);
if (cod->name && strncmp((*t)->from, cod->name, len) == 0) { if (cod->name && strncmp((*t)->from, cod->name, len) == 0) {
struct alt_name *alt;
char *new = do_alias(*t, cod->name); char *new = do_alias(*t, cod->name);
if (!new) if (!new)
return; return;
free(cod->name); /* aliases create alternate names */
cod->name = new; alt = calloc(1, sizeof(struct alt_name));
if (!alt)
return;
alt->name = new;
alt->next = cod->altnames;
cod->altnames = alt;
} }
} }

14
parser/parser_regex.c
View File

@ -509,7 +509,7 @@ static int process_profile_name_xmatch(struct codomain *cod)
if (ptype == ePatternInvalid) { if (ptype == ePatternInvalid) {
PERROR(_("%s: Invalid profile name '%s' - bad regular expression\n"), progname, name); PERROR(_("%s: Invalid profile name '%s' - bad regular expression\n"), progname, name);
return FALSE; return FALSE;
} else if (ptype == ePatternBasic) { } else if (ptype == ePatternBasic && !cod->altnames) {
/* no regex so do not set xmatch */ /* no regex so do not set xmatch */
cod->xmatch = NULL; cod->xmatch = NULL;
cod->xmatch_len = 0; cod->xmatch_len = 0;
@ -523,6 +523,18 @@ static int process_profile_name_xmatch(struct codomain *cod)
aare_delete_ruleset(rule); aare_delete_ruleset(rule);
return FALSE; return FALSE;
} }
if (cod->altnames) {
struct alt_name *alt;
list_for_each(cod->altnames, alt) {
int len;
convert_aaregex_to_pcre(alt->name, 0, tbuf,
PATH_MAX + 3, &len);
if (!aare_add_rule(rule, tbuf, 0, AA_MAY_EXEC, 0)) {
aare_delete_ruleset(rule);
return FALSE;
}
}
}
cod->xmatch = aare_create_dfa(rule, &cod->xmatch_size, cod->xmatch = aare_create_dfa(rule, &cod->xmatch_size,
dfaflags); dfaflags);
aare_delete_ruleset(rule); aare_delete_ruleset(rule);