mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity
apparmor/parser
History
John Johansen f86fda02f5 parser: fix 16 bit state limitation 
The hfa stores next/check transitions in 16 bit fields to reduce memory
usage. However this means the state machine can on contain 2^16
states.

Allow the next/check tables to be 32 bit. This theoretically could allow
for 2^32 states however the base table uses the top 8 bits as flags
giving us only 2^24 bits to index into the next/check tables. With
most states having at least 1 transition this effectively caps the
number of states at 2^24.

To obtain 2^32 possible states a flags table needs to be added. Add
a skeleton around supporting a flags table, so we can note the remaining
work that needs to be done. This patch will only allow for 2^24 states.

Bug: https://gitlab.com/apparmor/apparmor/-/issues/419

Signed-off-by: John Johansen <john.johansen@canonical.com>
2024-08-14 17:01:30 -07:00
..
libapparmor_re
parser: fix 16 bit state limitation
2024-08-14 17:01:30 -07:00
po
translations: update generated pot files
2020-10-14 03:56:38 -07:00
tst
Merge parser: fix Normalizatin infinite loop
2024-06-14 19:39:21 +00:00
aa-teardown
aa-teardown: Replace /bin/bash with /bin/sh
2018-05-05 17:46:19 -07:00
aa-teardown.pod
docs: update documentation to point bug reporting to gitlab
2020-05-05 00:10:53 -07:00
af_rule.cc
parser: consolidate rule class handling into aa_class
2023-03-31 02:21:19 -07:00
af_rule.h
parser: rework perms rule merging
2023-07-10 20:04:53 -07:00
af_unix.cc
parser: pass rule mode prompt through to backend
2024-08-14 15:47:13 -07:00
af_unix.h
parser: rename rules.h perms_t to perm32_t
2024-08-14 14:39:18 -07:00
all_rule.cc
parser: fix mount for all rule
2024-07-17 15:07:06 -03:00
all_rule.h
parser: fix issues appointed by coverity
2024-03-18 10:36:56 -03:00
apparmor_parser.pod
fix typo: aggressive
2024-03-29 10:52:25 +01:00
apparmor_xattrs.pod
apparmor_xattrs.7: fix whatis entry
2020-10-25 11:54:47 +00:00
apparmor.d.pod
parser: add error=EXX flag support
2024-04-15 16:32:16 -03:00
apparmor.pod
fix typo: globally
2024-03-29 10:57:33 +01:00
apparmor.service
Add Documentation=... to apparmor.service
2023-10-29 10:49:33 +01:00
apparmor.systemd
apparmor.systemd: fix shellcheck false positive
2024-04-30 18:30:01 -03:00
base_af_names.h
Add 'mctp' network domain keyword
2022-02-08 19:09:24 +01:00
base_cap_names.h
parser: Add support for CAP_CHECKPOINT_RESTORE
2020-10-13 21:30:19 -07:00
bignum.h
parser: fix coverity issues found in snapshot 70858
2024-02-28 10:24:08 -03:00
capability.h
parser/capability.h: add missing <cstdint> include
2022-05-23 23:13:14 +01:00
common_flags.h
parser: Cleanup parser control flags, so they display as expected to user
2023-07-08 19:58:59 -07:00
common_optarg.c
parser: fix 16 bit state limitation
2024-08-14 17:01:30 -07:00
common_optarg.h
parser: Cleanup parser control flags, so they display as expected to user
2023-07-08 19:58:59 -07:00
cond_expr.cc
parser: refactor conditional logic into its own class
2024-08-14 17:22:48 -03:00
cond_expr.h
parser: refactor conditional logic into its own class
2024-08-14 17:22:48 -03:00
COPYING.GPL
rpmlint complains about an outdated FSF address in parser/COPYING.GPL.
2011-11-27 13:52:06 +01:00
dbus.cc
parser: pass rule mode prompt through to backend
2024-08-14 15:47:13 -07:00
dbus.h
convert owner to an enum
2024-08-14 15:47:13 -07:00
default_features.c
parser: Move to a pre-generated cap_names.h
2020-07-07 09:43:48 -07:00
file_cache.h
Fix comment wording in file_cache.h
2021-05-02 11:29:41 +02:00
frob_slack_rc
as ACKed on IRC, drop the unused $Id$ tags everywhere
2010-12-20 12:29:10 -08:00
immunix.h
parser: int mode to perms
2023-03-29 10:45:44 -07:00
io_uring.cc
parser: pass rule mode prompt through to backend
2024-08-14 15:47:13 -07:00
io_uring.h
parser: rename rules.h perms_t to perm32_t
2024-08-14 14:39:18 -07:00
lib.c
Fix comment typo in parser/lib.c
2021-12-05 18:16:53 +01:00
lib.h
libapparmor: Use directory file descriptor in _aa_dirat_for_each()
2015-06-15 15:11:51 -05:00
Makefile
parser: refactor conditional logic into its own class
2024-08-14 17:22:48 -03:00
mount.cc
parser: pass rule mode prompt through to backend
2024-08-14 15:47:13 -07:00
mount.h
convert owner to an enum
2024-08-14 15:47:13 -07:00
mqueue.cc
parser: pass rule mode prompt through to backend
2024-08-14 15:47:13 -07:00
mqueue.h
parser: rename rules.h perms_t to perm32_t
2024-08-14 14:39:18 -07:00
network.cc
parser: pass rule mode prompt through to backend
2024-08-14 15:47:13 -07:00
network.h
parser: rename rules.h perms_t to perm32_t
2024-08-14 14:39:18 -07:00
parser_alias.c
parser: make alias_ignore a bool
2023-03-31 02:17:28 -07:00
parser_common.c
parser: fix 16 bit state limitation
2024-08-14 17:01:30 -07:00
parser_include.c
parser: fix definitely and possibly lost memory leaks
2023-03-16 18:03:57 -03:00
parser_include.h
parser: add include dedup cache to handle include loops
2021-04-27 20:26:57 -07:00
parser_interface.c
parser: fix protocol error on older kernels caused by additional xtable
2024-08-14 15:47:13 -07:00
parser_lex.l
parser: make lead # in assignment value indicate a comment
2024-06-08 01:32:22 -07:00
parser_main.c
parser: fix 16 bit state limitation
2024-08-14 17:01:30 -07:00
parser_merge.c
parser: Cleanup parser control flags, so they display as expected to user
2023-07-08 19:58:59 -07:00
parser_misc.c
parser: rename rules.h perms_t to perm32_t
2024-08-14 14:39:18 -07:00
parser_policy.c
parser: don't set xbits when using permstable32_v1
2024-08-14 15:47:13 -07:00
parser_regex.c
parser: don't set xbits when using permstable32_v1
2024-08-14 15:47:13 -07:00
parser_symtab.c
treewide: spelling/typo fixes in code strings
2020-12-01 12:47:18 -08:00
parser_variable.c
parser: add support for attach_disconnected.path
2023-08-14 01:42:28 -07:00
parser_yacc.y
Merge parser: add support for prompt rules
2024-08-14 23:34:29 +00:00
parser.conf
Revert "policy: pin policy to 4.0 abi for dev"
2023-07-19 17:37:24 -03:00
parser.h
parser: fix 16 bit state limitation
2024-08-14 17:01:30 -07:00
perms.h
parser: add note of what perms.h is
2024-08-14 15:47:13 -07:00
policy_cache.c
Fix wording of some warnings
2020-10-11 12:22:23 +02:00
policy_cache.h
drop unused extern int debug_cache
2021-02-07 16:02:20 +01:00
policydb.h
parser: consolidate rule class handling into aa_class
2023-03-31 02:21:19 -07:00
profile-load
profile-load: use less ambiguous if/then construct
2022-02-15 07:34:17 +00:00
profile.cc
parser: frontend carry use of prompt rules flag on profile
2024-08-14 15:45:58 -07:00
profile.h
parser: Add prompt dev compat support
2024-08-14 15:47:13 -07:00
ptrace.cc
parser: pass rule mode prompt through to backend
2024-08-14 15:47:13 -07:00
ptrace.h
convert owner to an enum
2024-08-14 15:47:13 -07:00
rc.apparmor.functions
aa-teardown: print out which profile removal failed
2024-06-08 23:35:02 +02:00
rc.apparmor.slackware
added missing functions to slackware init script
2019-11-08 13:49:48 +01:00
README
README: Move project contact info into the main README
2018-09-13 16:54:09 +00:00
README.devel
parser: add some developer documentation
2013-12-10 14:15:02 -08:00
rule.cc
parser: consolidate rule class handling into aa_class
2023-03-31 02:21:19 -07:00
rule.h
convert owner to an enum
2024-08-14 15:47:13 -07:00
signal.cc
parser: pass rule mode prompt through to backend
2024-08-14 15:47:13 -07:00
signal.h
convert owner to an enum
2024-08-14 15:47:13 -07:00
techdoc.tex
treewide: spelling/typo fixes in comments and docs
2020-12-01 12:47:11 -08:00
unit_test.h
Convert codomain to a class
2013-09-27 16:16:37 -07:00
userns.cc
parser: pass rule mode prompt through to backend
2024-08-14 15:47:13 -07:00
userns.h
parser: rename rules.h perms_t to perm32_t
2024-08-14 14:39:18 -07:00

README 

The apparmor_parser allows you to add, replace, and remove AppArmor
policy through the use of command line options. The default is to add.
`apparmor_parser --help` shows what the command line options are.

You can also find more information at https://wiki.apparmor.net

-- The AppArmor development team