mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 01:57:43 +00:00
Code Issues Releases Wiki Activity
apparmor/parser/cond_expr.h
Georgia Garcia 8d0c248fe4 parser: expand conditionals to allow comparisons 
The apparmor parser supports if comparisons of boolean variables and
the definition status of set variables.

This commit expands the currently supported set to include comparisons
such as 'in', '>', '>=', '<', '<=', '==', and '!=' between
variables and/or text.

The comparison is done in lexicographical order, and since that can
cause issues comparing numbers, comparison between sets and numbers is
not allowed and the profile will fail to compile. Please refer to
apparmor.d.pod for example and details.

This commit also adds a file that generates test cases in the
parser. It is generated automatically with make check, but you can
generate them by running

make -C tst gen_conditionals

The generated tests will be under
tst/simple_tests/generated_conditional/

Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2025-08-12 20:45:31 -03:00

55 lines
1.2 KiB
C++
Raw Blame History

/*
* Copyright (c) 2024
* Canonical Ltd. (All rights reserved)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of version 2 of the GNU General Public
* License published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, contact Novell, Inc. or Canonical
* Ltd.
*/
#ifndef __AA_COND_EXPR_H
#define __AA_COND_EXPR_H
#include <set>
#include <string>
typedef enum {
EQ_OP,
NE_OP,
IN_OP,
GT_OP,
GE_OP,
LT_OP,
LE_OP,
BOOLEAN_OP,
DEFINED_OP,
} cond_op;
class cond_expr {
private:
bool result;
public:
cond_expr(bool result);
cond_expr(const char *var, cond_op op);
cond_expr(const char *var, cond_op op, const char *cond_id);
std::set<std::string> get_set(const char *var);
template <typename T>
void compare(cond_op op, T lhs, T rhs);
virtual ~cond_expr()
{
};
bool eval(void) { return result; }
};
#endif /* __AA_COND_EXPR_H */
Reference in New Issue View Git Blame Copy Permalink