mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity
apparmor/parser
History
Georgia Garcia 43fa5f88a7 parser: fix cases leaks when new state creation fails 
For every item in "cases", a new state is created, but if the creation
of one of them fails, the rest of the items in that list would not be
deleted and would leak. Fix it by continuing to iterate over the items
in the list and delete them, and then re-throw the exception.

$ /usr/bin/valgrind --leak-check=full --error-exitcode=151 ../apparmor_parser -Q -I simple_tests/ -M ./features_files/features.all simple_tests/xtrans/x-conflict.sd

==564911== 208 (48 direct, 160 indirect) bytes in 1 blocks are definitely lost in loss record 15 of 19
==564911==    at 0x4846FA3: operator new(unsigned long) (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==564911==    by 0x179E74: CharNode::follow(Cases&) (expr-tree.h:447)
==564911==    by 0x189F8B: DFA::update_state_transitions(optflags const&, State*) (hfa.cc:376)
==564911==    by 0x18A25B: DFA::process_work_queue(char const*, optflags const&) (hfa.cc:442)
==564911==    by 0x18CB65: DFA::DFA(Node*, optflags const&, bool) (hfa.cc:486)
==564911==    by 0x178263: aare_rules::create_chfa(int*, std::vector<aa_perms, std::allocator<aa_perms> >&, optflags const&, bool, bool) (aare_rules.cc:258)
==564911==    by 0x178A4F: aare_rules::create_dfablob(unsigned long*, int*, std::vector<aa_perms, std::allocator<aa_perms> >&, optflags const&, bool, bool) (aare_rules.cc:359)
==564911==    by 0x14E4E1: process_profile_regex(Profile*) (parser_regex.c:791)
==564911==    by 0x154CDF: process_profile_rules(Profile*) (parser_policy.c:194)
==564911==    by 0x154E0F: post_process_profile(Profile*, int) (parser_policy.c:240)
==564911==    by 0x154F7A: post_process_policy_list (parser_policy.c:257)
==564911==    by 0x154F7A: post_process_policy(int) (parser_policy.c:267)
==564911==    by 0x141B17: process_profile(int, aa_kernel_interface*, char const*, aa_policy_cache*) (parser_main.c:1227)

Fixes: https://gitlab.com/apparmor/apparmor/-/issues/534
Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2025-08-06 19:15:37 -03:00
..
libapparmor_re
parser: fix cases leaks when new state creation fails
2025-08-06 19:15:37 -03:00
po
Import translations from launchpad
2025-02-24 01:28:04 -08:00
tst
parser: fix variable expansion
2025-07-31 18:04:16 -03:00
aa-teardown
aa-teardown: Replace /bin/bash with /bin/sh
2018-05-05 17:46:19 -07:00
aa-teardown.pod
docs: update documentation to point bug reporting to gitlab
2020-05-05 00:10:53 -07:00
af_rule.cc
parser: consolidate rule class handling into aa_class
2023-03-31 02:21:19 -07:00
af_rule.h
fix(inconsistent-missing-override): add missed override specifiers
2025-05-05 17:52:52 +09:00
af_unix.cc
fix: avoid using namespace std; in header files
2025-05-04 23:14:36 +09:00
af_unix.h
fix(inconsistent-missing-override): add missed override specifiers
2025-05-05 17:52:52 +09:00
all_rule.cc
parser: make ix of file, rule have lower priority so it can be overridden
2024-08-14 18:21:26 -07:00
all_rule.h
fix(inconsistent-missing-override): add missed override specifiers
2025-05-05 17:52:52 +09:00
apparmor_parser.pod
fix typo: aggressive
2024-03-29 10:52:25 +01:00
apparmor_xattrs.pod
apparmor_xattrs.7: fix whatis entry
2020-10-25 11:54:47 +00:00
apparmor.d.pod
Deduplicate example rules in apparmor.d manpage
2025-06-11 14:34:20 +02:00
apparmor.pod
Replace 'scrub the environment' wording in man pages with something more accurate
2024-08-28 11:22:08 -07:00
apparmor.service
Add Documentation=... to apparmor.service
2023-10-29 10:49:33 +01:00
apparmor.systemd
apparmor.systemd: fix shellcheck false positive
2024-04-30 18:30:01 -03:00
base_af_names.h
Add 'mctp' network domain keyword
2022-02-08 19:09:24 +01:00
base_cap_names.h
parser: Add support for CAP_CHECKPOINT_RESTORE
2020-10-13 21:30:19 -07:00
bignum.h
parser: fix coverity issues found in snapshot 70858
2024-02-28 10:24:08 -03:00
capability.h
Make capabilities tracker into a class
2024-11-08 14:55:43 -08:00
common_flags.h
parser: Cleanup parser control flags, so they display as expected to user
2023-07-08 19:58:59 -07:00
common_optarg.c
parser: change priority so that it accumulates based on permissions
2025-02-06 11:02:20 -08:00
common_optarg.h
parser: Cleanup parser control flags, so they display as expected to user
2023-07-08 19:58:59 -07:00
cond_expr.cc
parser: refactor variables and symbols table into their own class
2025-06-25 12:29:17 -03:00
cond_expr.h
parser: refactor conditional logic into its own class
2024-08-14 17:22:48 -03:00
COPYING.GPL
rpmlint complains about an outdated FSF address in parser/COPYING.GPL.
2011-11-27 13:52:06 +01:00
dbus.cc
parser: minimization - remove unnecessary second minimization pass
2024-08-14 17:15:24 -07:00
dbus.h
fix(inconsistent-missing-override): add missed override specifiers
2025-05-05 17:52:52 +09:00
default_features.c
parser: Move to a pre-generated cap_names.h
2020-07-07 09:43:48 -07:00
file_cache.h
fix: avoid using namespace std; in header files
2025-05-04 23:14:36 +09:00
frob_slack_rc
as ACKed on IRC, drop the unused $Id$ tags everywhere
2010-12-20 12:29:10 -08:00
immunix.h
parser: change priority so that it accumulates based on permissions
2025-02-06 11:02:20 -08:00
io_uring.cc
parser: fix rule priority destroying rule permissions for some classes
2024-08-15 03:51:20 -07:00
io_uring.h
fix(inconsistent-missing-override): add missed override specifiers
2025-05-05 17:52:52 +09:00
lib.c
fix: avoid using namespace std; in header files
2025-05-04 23:14:36 +09:00
lib.h
libapparmor: Use directory file descriptor in _aa_dirat_for_each()
2015-06-15 15:11:51 -05:00
Makefile
parser: refactor variables and symbols table into their own class
2025-06-25 12:29:17 -03:00
mount.cc
Merge parser: drop dead code in mount.cc
2025-08-05 08:31:10 +00:00
mount.h
fix(inconsistent-missing-override): add missed override specifiers
2025-05-05 17:52:52 +09:00
mqueue.cc
parser: add label to mqueue debug output
2025-04-14 09:48:15 -03:00
mqueue.h
Merge parser: enable create perm when label is defined
2025-05-12 08:00:11 +00:00
network.cc
parser: fix mapping of AA_CONT_MATCH for policydb compat entries
2024-11-06 12:33:36 -08:00
network.h
fix(inconsistent-missing-override): add missed override specifiers
2025-05-05 17:52:52 +09:00
parser_alias.c
parser: free leaking cod_entry in case of failure in do_alias
2025-08-04 18:55:58 -03:00
parser_common.c
parser: drop support for prompt_compat_permsv1, and prompt_compat_dev
2025-07-31 10:23:22 -07:00
parser_include.c
Make parser_include push_include_stack take const char because it doesn't actually modify it
2024-10-28 12:35:26 +01:00
parser_include.h
Make parser_include push_include_stack take const char because it doesn't actually modify it
2024-10-28 12:35:26 +01:00
parser_interface.c
parser: fix xtable generation
2025-07-31 10:23:22 -07:00
parser_lex.l
fix: avoid using namespace std; in header files
2025-05-04 23:14:36 +09:00
parser_main.c
parser: drop support for prompt_compat_permsv1, and prompt_compat_dev
2025-07-31 10:23:22 -07:00
parser_merge.c
parser: fix priority for file rules.
2024-12-22 15:02:04 -08:00
parser_misc.c
parser: refactor variables and symbols table into their own class
2025-06-25 12:29:17 -03:00
parser_policy.c
parser: drop support for prompt_compat_permsv1, and prompt_compat_dev
2025-07-31 10:23:22 -07:00
parser_regex.c
parser: drop unused create_welded_dfablob and related code
2025-07-31 10:23:22 -07:00
parser_symtab.c
parser: refactor variables and symbols table into their own class
2025-06-25 12:29:17 -03:00
parser_variable.c
parser: fix leaks in deleted variables
2025-08-04 18:55:58 -03:00
parser_yacc.y
parser: fix leaking disconnected paths when merging
2025-08-06 19:15:37 -03:00
parser.conf
Revert "policy: pin policy to 4.0 abi for dev"
2023-07-19 17:37:24 -03:00
parser.h
parser: refactor variables and symbols table into their own class
2025-06-25 12:29:17 -03:00
perms.h
Merge parser: improve libapparmor_re build and dump info
2024-11-15 00:32:30 +00:00
policy_cache.c
Fix wording of some warnings
2020-10-11 12:22:23 +02:00
policy_cache.h
drop unused extern int debug_cache
2021-02-07 16:02:20 +01:00
policydb.h
parser: consolidate rule class handling into aa_class
2023-03-31 02:21:19 -07:00
profile-load
profile-load: use less ambiguous if/then construct
2022-02-15 07:34:17 +00:00
profile.cc
parser: fix leaking disconnected paths when merging
2025-08-06 19:15:37 -03:00
profile.h
parser: fix leaking disconnected paths when merging
2025-08-06 19:15:37 -03:00
ptrace.cc
parser: minimization - remove unnecessary second minimization pass
2024-08-14 17:15:24 -07:00
ptrace.h
fix(inconsistent-missing-override): add missed override specifiers
2025-05-05 17:52:52 +09:00
rc.apparmor.functions
Support unloading profiles in kill and prompt mode
2025-01-13 18:07:39 +01:00
rc.apparmor.slackware
added missing functions to slackware init script
2019-11-08 13:49:48 +01:00
README
README: Move project contact info into the main README
2018-09-13 16:54:09 +00:00
README.devel
parser: add some developer documentation
2013-12-10 14:15:02 -08:00
rule.cc
parser: consolidate rule class handling into aa_class
2023-03-31 02:21:19 -07:00
rule.h
parser: fix coverity's "not restoring ostream format"
2025-08-04 18:55:58 -03:00
signal.cc
fix: avoid using namespace std; in header files
2025-05-04 23:14:36 +09:00
signal.h
Merge branch 'master' into 'override'
2025-05-07 23:04:59 +00:00
symtab.cc
parser: fix leaks from variable refactoring
2025-07-18 14:56:29 -03:00
symtab.h
parser: refactor variables and symbols table into their own class
2025-06-25 12:29:17 -03:00
techdoc.tex
treewide: spelling/typo fixes in comments and docs
2020-12-01 12:47:11 -08:00
unit_test.h
Convert codomain to a class
2013-09-27 16:16:37 -07:00
userns.cc
parser: fix rule priority destroying rule permissions for some classes
2024-08-15 03:51:20 -07:00
userns.h
fix(inconsistent-missing-override): add missed override specifiers
2025-05-05 17:52:52 +09:00
variable.cc
parser: fix leaking name in variable expansion
2025-08-04 18:55:58 -03:00
variable.h
parser: refactor variables and symbols table into their own class
2025-06-25 12:29:17 -03:00

README 

The apparmor_parser allows you to add, replace, and remove AppArmor
policy through the use of command line options. The default is to add.
`apparmor_parser --help` shows what the command line options are.

You can also find more information at https://wiki.apparmor.net

-- The AppArmor development team