[apparmor] [PATCH 3/3] Update the parser to support the 'in' keyword for value lists
Steve Beattie
steve at nxnw.org
Thu Mar 22 19:49:10 UTC 2012
On Thu, Mar 22, 2012 at 11:44:55AM -0700, John Johansen wrote:
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
> parser/parser.h | 3 ++-
> parser/parser_lex.l | 17 +++++++++++++++++
> parser/parser_misc.c | 4 +++-
> parser/parser_yacc.y | 15 +++++++++++++--
> parser/tst/simple_tests/mount/in_1.sd | 7 +++++++
> parser/tst/simple_tests/mount/in_1.sd~ | 7 +++++++
> parser/tst/simple_tests/mount/in_2.sd | 7 +++++++
> parser/tst/simple_tests/mount/in_2.sd~ | 7 +++++++
> parser/tst/simple_tests/mount/in_3.sd | 7 +++++++
> parser/tst/simple_tests/mount/in_3.sd~ | 7 +++++++
> parser/tst/simple_tests/mount/in_4.sd | 7 +++++++
> parser/tst/simple_tests/mount/in_4.sd~ | 7 +++++++
Note that you ended up adding in_[1-4].sd~ ; acked with the provision
that you remove these.
> 12 files changed, 91 insertions(+), 4 deletions(-)
> create mode 100644 parser/tst/simple_tests/mount/in_1.sd
> create mode 100644 parser/tst/simple_tests/mount/in_1.sd~
> create mode 100644 parser/tst/simple_tests/mount/in_2.sd
> create mode 100644 parser/tst/simple_tests/mount/in_2.sd~
> create mode 100644 parser/tst/simple_tests/mount/in_3.sd
> create mode 100644 parser/tst/simple_tests/mount/in_3.sd~
> create mode 100644 parser/tst/simple_tests/mount/in_4.sd
> create mode 100644 parser/tst/simple_tests/mount/in_4.sd~
>
> diff --git a/parser/parser.h b/parser/parser.h
> index 799d44b..fa2d191 100644
> --- a/parser/parser.h
> +++ b/parser/parser.h
> @@ -62,6 +62,7 @@ struct value_list {
>
> struct cond_entry {
> char *name;
> + int eq; /* where equals was used in specifying list */
> struct value_list *vals;
>
> struct cond_entry *next;
> @@ -316,7 +317,7 @@ extern struct value_list *new_value_list(char *value);
> extern struct value_list *dup_value_list(struct value_list *list);
> extern void free_value_list(struct value_list *list);
> extern void print_value_list(struct value_list *list);
> -extern struct cond_entry *new_cond_entry(char *name, struct value_list *list);
> +extern struct cond_entry *new_cond_entry(char *name, int eq, struct value_list *list);
> extern void free_cond_entry(struct cond_entry *ent);
> extern void print_cond_entry(struct cond_entry *ent);
> extern char *processid(char *string, int len);
> diff --git a/parser/parser_lex.l b/parser/parser_lex.l
> index b5627ad..529c079 100644
> --- a/parser/parser_lex.l
> +++ b/parser/parser_lex.l
> @@ -280,6 +280,18 @@ LT_EQUAL <=
> yy_push_state(EXTCOND_MODE);
> return TOK_CONDID;
> }
> + {VARIABLE_NAME}/{WS}*in {
> + /* we match to 'in' in the lexer so that
> + * we can switch scanner state. By the time
> + * the parser see the 'in' it may be to late
> + * as bison may have requested the next
> + * token from the scanner
> + */
> + PDEBUG("conditional %s=\n", yytext);
> + yylval.id = processid(yytext, yyleng);
> + yy_push_state(EXTCOND_MODE);
> + return TOK_CONDID;
> + }
> }
>
> <SUB_ID>{
> @@ -384,6 +396,11 @@ LT_EQUAL <=
> return TOK_OPENPAREN;
> }
>
> + in {
> + DUMP_PREPROCESS;
> + return TOK_IN;
> + }
> +
> [^\n] {
> DUMP_PREPROCESS;
> /* Something we didn't expect */
> diff --git a/parser/parser_misc.c b/parser/parser_misc.c
> index 7ff6348..9d2fc4b 100644
> --- a/parser/parser_misc.c
> +++ b/parser/parser_misc.c
> @@ -84,6 +84,7 @@ static struct keyword_table keyword_table[] = {
> {"umount", TOK_UMOUNT},
> {"unmount", TOK_UMOUNT},
> {"pivot_root", TOK_PIVOTROOT},
> + {"in", TOK_IN},
> /* terminate */
> {NULL, 0}
> };
> @@ -1025,12 +1026,13 @@ void print_value_list(struct value_list *list)
> }
> }
>
> -struct cond_entry *new_cond_entry(char *name, struct value_list *list)
> +struct cond_entry *new_cond_entry(char *name, int eq, struct value_list *list)
> {
> struct cond_entry *ent = calloc(1, sizeof(struct cond_entry));
> if (ent) {
> ent->name = name;
> ent->vals = list;
> + ent->eq = eq;
> }
>
> return ent;
> diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
> index 65cf365..a79be85 100644
> --- a/parser/parser_yacc.y
> +++ b/parser/parser_yacc.y
> @@ -121,6 +121,7 @@ void add_local_entry(struct codomain *cod);
> %token TOK_REMOUNT
> %token TOK_UMOUNT
> %token TOK_PIVOTROOT
> +%token TOK_IN
>
> /* rlimits */
> %token TOK_RLIMIT
> @@ -1072,7 +1073,7 @@ cond: TOK_CONDID TOK_EQUALS TOK_VALUE
> struct value_list *value = new_value_list($3);
> if (!value)
> yyerror(_("Memory allocation error."));
> - ent = new_cond_entry($1, value);
> + ent = new_cond_entry($1, 1, value);
> if (!ent) {
> free_value_list(value);
> yyerror(_("Memory allocation error."));
> @@ -1082,7 +1083,17 @@ cond: TOK_CONDID TOK_EQUALS TOK_VALUE
>
> cond: TOK_CONDID TOK_EQUALS TOK_OPENPAREN valuelist TOK_CLOSEPAREN
> {
> - struct cond_entry *ent = new_cond_entry($1, $4);
> + struct cond_entry *ent = new_cond_entry($1, 1, $4);
> +
> + if (!ent)
> + yyerror(_("Memory allocation error."));
> + $$ = ent;
> + }
> +
> +
> +cond: TOK_CONDID TOK_IN TOK_OPENPAREN valuelist TOK_CLOSEPAREN
> + {
> + struct cond_entry *ent = new_cond_entry($1, 0, $4);
>
> if (!ent)
> yyerror(_("Memory allocation error."));
> diff --git a/parser/tst/simple_tests/mount/in_1.sd b/parser/tst/simple_tests/mount/in_1.sd
> new file mode 100644
> index 0000000..076d5dc
> --- /dev/null
> +++ b/parser/tst/simple_tests/mount/in_1.sd
> @@ -0,0 +1,7 @@
> +#
> +#=Description basic mount rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + mount options in (rw) -> /foo,
> +}
> diff --git a/parser/tst/simple_tests/mount/in_1.sd~ b/parser/tst/simple_tests/mount/in_1.sd~
> new file mode 100644
> index 0000000..3b552f7
> --- /dev/null
> +++ b/parser/tst/simple_tests/mount/in_1.sd~
> @@ -0,0 +1,7 @@
> +#
> +#=Description basic mount rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + mount options=(rw) -> /foo,
> +}
> diff --git a/parser/tst/simple_tests/mount/in_2.sd b/parser/tst/simple_tests/mount/in_2.sd
> new file mode 100644
> index 0000000..5bf4beb
> --- /dev/null
> +++ b/parser/tst/simple_tests/mount/in_2.sd
> @@ -0,0 +1,7 @@
> +#
> +#=Description basic mount rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + mount options in (rw, ro) -> /foo,
> +}
> diff --git a/parser/tst/simple_tests/mount/in_2.sd~ b/parser/tst/simple_tests/mount/in_2.sd~
> new file mode 100644
> index 0000000..12c21aa
> --- /dev/null
> +++ b/parser/tst/simple_tests/mount/in_2.sd~
> @@ -0,0 +1,7 @@
> +#
> +#=Description basic mount rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + mount options=(rw, ro) -> /foo,
> +}
> diff --git a/parser/tst/simple_tests/mount/in_3.sd b/parser/tst/simple_tests/mount/in_3.sd
> new file mode 100644
> index 0000000..cd5bae5
> --- /dev/null
> +++ b/parser/tst/simple_tests/mount/in_3.sd
> @@ -0,0 +1,7 @@
> +#
> +#=Description basic mount rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + mount options in (rw ro) -> /foo,
> +}
> diff --git a/parser/tst/simple_tests/mount/in_3.sd~ b/parser/tst/simple_tests/mount/in_3.sd~
> new file mode 100644
> index 0000000..08aa1bb
> --- /dev/null
> +++ b/parser/tst/simple_tests/mount/in_3.sd~
> @@ -0,0 +1,7 @@
> +#
> +#=Description basic mount rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + mount options=(rw ro) -> /foo,
> +}
> diff --git a/parser/tst/simple_tests/mount/in_4.sd b/parser/tst/simple_tests/mount/in_4.sd
> new file mode 100644
> index 0000000..8acaa88
> --- /dev/null
> +++ b/parser/tst/simple_tests/mount/in_4.sd
> @@ -0,0 +1,7 @@
> +#
> +#=Description basic mount rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + mount options in (rw ro) fstype=procfs -> /foo,
> +}
> diff --git a/parser/tst/simple_tests/mount/in_4.sd~ b/parser/tst/simple_tests/mount/in_4.sd~
> new file mode 100644
> index 0000000..96a93a2
> --- /dev/null
> +++ b/parser/tst/simple_tests/mount/in_4.sd~
> @@ -0,0 +1,7 @@
> +#
> +#=Description basic mount rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + mount options=(rw ro) fstype=procfs -> /foo,
> +}
> --
> 1.7.9.1
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20120322/1d74b53e/attachment-0001.pgp>
More information about the AppArmor
mailing list