parser: Clean up exec mode parsing

The opt_unsafe token was being used to represent 'safe' and 'unsafe' so it is renamed to opt_exec_mode. Create helpfully named macros to compare opt_exec_mode's value against instead of hard-coded '0', '1', and '2' values. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com>
2025-08-29 21:38:15 +00:00 · 2016-05-31 15:38:36 -05:00 · 2016-05-31 15:38:36 -05:00 · fe14a337ef
commit fe14a337ef
parent 138a9bf9ef
1 changed files with 19 additions and 15 deletions
--- a/parser/parser_yacc.y
+++ b/parser/parser_yacc.y
@ -69,6 +69,10 @@

 #define CAP_TO_MASK(x) (1ull << (x))

+#define EXEC_MODE_EMPTY		0
+#define EXEC_MODE_UNSAFE	1
+#define EXEC_MODE_SAFE		2
+
 int parser_token = 0;

 struct cod_entry *do_file_rule(char *id, int mode, char *link_id, char *nt);
@ -275,7 +279,7 @@ void add_local_entry(Profile *prof);
 %type <unix_entry>	unix_rule
 %type <id>	opt_target
 %type <id>	opt_named_transition
-%type <boolean> opt_unsafe
+%type <boolean> opt_exec_mode
 %type <boolean> opt_file
 %%

@ -1059,9 +1063,9 @@ opt_named_transition: { /* nothing */ $$ = NULL; }
 rule: file_rule { $$ = $1; }
 	| link_rule { $$ = $1; }

-opt_unsafe: { /* nothing */ $$ = 0; }
-	| TOK_UNSAFE { $$ = 1; };
-	| TOK_SAFE { $$ = 2; };
+opt_exec_mode: { /* nothing */ $$ = EXEC_MODE_EMPTY; }
+	| TOK_UNSAFE { $$ = EXEC_MODE_UNSAFE; };
+	| TOK_SAFE { $$ = EXEC_MODE_SAFE; };

 opt_file: { /* nothing */ $$ = 0; }
 	| TOK_FILE { $$ = 1; }
@ -1103,22 +1107,22 @@ file_rule: TOK_FILE TOK_END_OF_RULE
 	| opt_file file_rule_tail { $$ = $2; }


-file_rule_tail: opt_unsafe frule
+file_rule_tail: opt_exec_mode frule
 	{
-		if ($1) {
+		if ($1 != EXEC_MODE_EMPTY) {
 			if (!($2->mode & AA_EXEC_BITS))
 				yyerror(_("unsafe rule missing exec permissions"));
-			if ($1 == 1) {
+			if ($1 == EXEC_MODE_UNSAFE) {
 				$2->mode |= (($2->mode & AA_EXEC_BITS) << 8) &
 					 ALL_AA_EXEC_UNSAFE;
 			}
-			else if ($1 == 2)
+			else if ($1 == EXEC_MODE_SAFE)
 				$2->mode &= ~ALL_AA_EXEC_UNSAFE;
 		}
 		$$ = $2;
 	};

-file_rule_tail: opt_unsafe id_or_var file_mode id_or_var
+file_rule_tail: opt_exec_mode id_or_var file_mode id_or_var
 	{
 		/* Oopsie, we appear to be missing an EOL marker. If we
 		 * were *smart*, we could work around it. Since we're
@ -1474,7 +1478,7 @@ file_mode: TOK_MODE
 		free($1);
 	}

-change_profile: TOK_CHANGE_PROFILE opt_unsafe opt_id opt_named_transition TOK_END_OF_RULE
+change_profile: TOK_CHANGE_PROFILE opt_exec_mode opt_id opt_named_transition TOK_END_OF_RULE
 	{
 		struct cod_entry *entry;
 		int mode = AA_CHANGE_PROFILE;
@ -1482,19 +1486,19 @@ change_profile: TOK_CHANGE_PROFILE opt_unsafe opt_id opt_named_transition TOK_EN
 		char *exec = $3;
 		char *target = $4;

-		if (exec_mode) {
+		if (exec_mode != EXEC_MODE_EMPTY) {
 			if (!exec)
 				yyerror(_("Exec condition is required when unsafe or safe keywords are present"));

-			if (exec_mode == 1) {
+			if (exec_mode == EXEC_MODE_UNSAFE) {
 				mode |= (AA_EXEC_BITS | ALL_AA_EXEC_UNSAFE);
-			} else if (exec_mode == 2 &&
+			} else if (exec_mode == EXEC_MODE_SAFE &&
 				   !kernel_supports_stacking &&
 				   warnflags & WARN_RULE_DOWNGRADED) {
 				pwarn("downgrading change_profile safe rule to unsafe due to lack of necessary kernel support\n");
 				/**
-				 * No need to do anything because the 'unsafe'
-				 * variant is the only supported type of
+				 * No need to do anything because 'unsafe' exec
+				 * mode is the only supported mode of
 				 * change_profile rules in non-stacking kernels
 				 */
 			}