[apparmor] PATCH [3/6] - allow error= field to return negative error codes

John Johansen john.johansen at canonical.com
Fri Sep 10 00:44:34 BST 2010 

On 09/09/2010 02:56 PM, Steve Beattie wrote:
> On Thu, Sep 09, 2010 at 08:36:32AM -0700, John Johansen wrote:
>> The kernel can return negative error codes for error=
>>
>> Index: libapparmor/src/grammar.y
>> ===================================================================
>> --- libapparmor.orig/src/grammar.y	2010-09-09 07:56:50.534193401 -0700
>> +++ libapparmor/src/grammar.y	2010-09-09 07:59:37.364193121 -0700
>> @@ -92,6 +92,7 @@
>>  
>>  %token TOK_EQUALS
>>  %token TOK_COLON
>> +%token TOK_MINUS
>>  %token TOK_OPEN_PAREN
>>  %token TOK_CLOSE_PAREN
>>  %token TOK_PERIOD
>> @@ -434,6 +435,8 @@
>>  	{ ret_record->event = lookup_aa_event($3);}
>>  	| TOK_KEY_ERROR TOK_EQUALS TOK_DIGITS
>>  	{ ret_record->error_code = $3;}
>> +	| TOK_KEY_ERROR TOK_EQUALS TOK_MINUS TOK_DIGITS
>> +	{ ret_record->error_code = $4;}
>>  	| TOK_KEY_FSUID TOK_EQUALS TOK_DIGITS
>>  	{ ret_record->fsuid = $3;}
>>  	| TOK_KEY_OUID TOK_EQUALS TOK_DIGITS
>> Index: libapparmor/src/scanner.l
>> ===================================================================
>> --- libapparmor.orig/src/scanner.l	2010-09-09 07:56:45.844193401 -0700
>> +++ libapparmor/src/scanner.l	2010-09-09 07:59:18.614191984 -0700
>> @@ -77,6 +77,7 @@
>>  digits		[0-9]+
>>  hex		[A-F0-9]
>>  colon		":"
>> +minus		"-"
>>  open_paren	"("
>>  close_paren	")"
>>  ID		[^ \t\n\(\)="'!]
>> @@ -280,6 +281,7 @@
>>  {equals}		{ return(TOK_EQUALS); }
>>  {digits}		{ yylval->t_long = atol(yytext); return(TOK_DIGITS); }
>>  {colon}			{ return(TOK_COLON); }
>> +{minus}			{ return(TOK_MINUS); }
>>  {open_paren}		{
>>  			BEGIN(sub_id);
>>  			return(TOK_OPEN_PAREN);
> 
> ACK from me for 2.5.1. Here's a testcase for this:

ACK on the test

> 
> === added file 'libraries/libapparmor/testsuite/test_multi/testcase_syslog_changehat_negative_error.err'
> === added file 'libraries/libapparmor/testsuite/test_multi/testcase_syslog_changehat_negative_error.in'
> --- libraries/libapparmor/testsuite/test_multi/testcase_syslog_changehat_negative_error.in	1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/testcase_syslog_changehat_negative_error.in	2010-09-09 21:39:54 +0000
> @@ -0,0 +1,1 @@
> +Sep  9 12:51:36 ubuntu-desktop kernel: [ 1597.774866] type=1400 audit(1284061896.005:28): apparmor="DENIED" operation="change_hat" info="unconfined" error=-1 pid=2698 comm="syscall_ptrace"
> 
> === added file 'libraries/libapparmor/testsuite/test_multi/testcase_syslog_changehat_negative_error.out'
> --- libraries/libapparmor/testsuite/test_multi/testcase_syslog_changehat_negative_error.out	1970-01-01 00:00:00 +0000
> +++ libraries/libapparmor/testsuite/test_multi/testcase_syslog_changehat_negative_error.out	2010-09-09 21:50:12 +0000
> @@ -0,0 +1,11 @@
> +START
> +File: test_multi/testcase_syslog_changehat_negative_error.in
> +Event type: AA_RECORD_DENIED
> +Audit ID: 1284061896.005:28
> +Operation: change_hat
> +Command: syscall_ptrace
> +Info: unconfined
> +ErrorCode: 1
> +PID: 2698
> +Epoch: 1284061896
> +Audit subid: 28
> 
> 
>

More information about the AppArmor mailing list