[apparmor] [PATCH 4/5] Update the parser to support the 'in' keyword for value lists

John Johansen john.johansen at canonical.com
Mon Mar 26 13:03:56 UTC 2012 

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 parser/parser.h                        |    3 ++-
 parser/parser_lex.l                    |   17 +++++++++++++++++
 parser/parser_misc.c                   |    4 +++-
 parser/parser_yacc.y                   |   15 +++++++++++++--
 parser/tst/simple_tests/mount/in_1.sd  |    7 +++++++
 parser/tst/simple_tests/mount/in_1.sd~ |    7 +++++++
 parser/tst/simple_tests/mount/in_2.sd  |    7 +++++++
 parser/tst/simple_tests/mount/in_2.sd~ |    7 +++++++
 parser/tst/simple_tests/mount/in_3.sd  |    7 +++++++
 parser/tst/simple_tests/mount/in_3.sd~ |    7 +++++++
 parser/tst/simple_tests/mount/in_4.sd  |    7 +++++++
 parser/tst/simple_tests/mount/in_4.sd~ |    7 +++++++
 12 files changed, 91 insertions(+), 4 deletions(-)
 create mode 100644 parser/tst/simple_tests/mount/in_1.sd
 create mode 100644 parser/tst/simple_tests/mount/in_1.sd~
 create mode 100644 parser/tst/simple_tests/mount/in_2.sd
 create mode 100644 parser/tst/simple_tests/mount/in_2.sd~
 create mode 100644 parser/tst/simple_tests/mount/in_3.sd
 create mode 100644 parser/tst/simple_tests/mount/in_3.sd~
 create mode 100644 parser/tst/simple_tests/mount/in_4.sd
 create mode 100644 parser/tst/simple_tests/mount/in_4.sd~

diff --git a/parser/parser.h b/parser/parser.h
index 799d44b..fa2d191 100644
--- a/parser/parser.h
+++ b/parser/parser.h
@@ -62,6 +62,7 @@ struct value_list {
 
 struct cond_entry {
 	char *name;
+	int eq;			/* where equals was used in specifying list */
 	struct value_list *vals;
 
 	struct cond_entry *next;
@@ -316,7 +317,7 @@ extern struct value_list *new_value_list(char *value);
 extern struct value_list *dup_value_list(struct value_list *list);
 extern void free_value_list(struct value_list *list);
 extern void print_value_list(struct value_list *list);
-extern struct cond_entry *new_cond_entry(char *name, struct value_list *list);
+extern struct cond_entry *new_cond_entry(char *name, int eq, struct value_list *list);
 extern void free_cond_entry(struct cond_entry *ent);
 extern void print_cond_entry(struct cond_entry *ent);
 extern char *processid(char *string, int len);
diff --git a/parser/parser_lex.l b/parser/parser_lex.l
index b5627ad..7c6cb5d 100644
--- a/parser/parser_lex.l
+++ b/parser/parser_lex.l
@@ -280,6 +280,18 @@ LT_EQUAL	<=
 				yy_push_state(EXTCOND_MODE);
 				return TOK_CONDID;
 			}
+	{VARIABLE_NAME}/{WS}+in{WS}*\(	{
+				/* we match to 'in' in the lexer so that
+				 * we can switch scanner state.  By the time
+				 * the parser see the 'in' it may be to late
+				 * as bison may have requested the next
+				 * token from the scanner
+				 */
+				PDEBUG("conditional %s=\n", yytext);
+				yylval.id = processid(yytext, yyleng);
+				yy_push_state(EXTCOND_MODE);
+				return TOK_CONDID;
+			}
 }
 
 <SUB_ID>{
@@ -384,6 +396,11 @@ LT_EQUAL	<=
 			return TOK_OPENPAREN;
 		}
 
+	in	{
+			DUMP_PREPROCESS;
+			return TOK_IN;
+		}
+
 	[^\n]	{
 			DUMP_PREPROCESS;
 			/* Something we didn't expect */
diff --git a/parser/parser_misc.c b/parser/parser_misc.c
index 7ff6348..9d2fc4b 100644
--- a/parser/parser_misc.c
+++ b/parser/parser_misc.c
@@ -84,6 +84,7 @@ static struct keyword_table keyword_table[] = {
 	{"umount",		TOK_UMOUNT},
 	{"unmount",		TOK_UMOUNT},
 	{"pivot_root",		TOK_PIVOTROOT},
+	{"in",			TOK_IN},
 	/* terminate */
 	{NULL, 0}
 };
@@ -1025,12 +1026,13 @@ void print_value_list(struct value_list *list)
 	}
 }
 
-struct cond_entry *new_cond_entry(char *name, struct value_list *list)
+struct cond_entry *new_cond_entry(char *name, int eq, struct value_list *list)
 {
 	struct cond_entry *ent = calloc(1, sizeof(struct cond_entry));
 	if (ent) {
 		ent->name = name;
 		ent->vals = list;
+		ent->eq = eq;
 	}
 
 	return ent;
diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
index 65cf365..a79be85 100644
--- a/parser/parser_yacc.y
+++ b/parser/parser_yacc.y
@@ -121,6 +121,7 @@ void add_local_entry(struct codomain *cod);
 %token TOK_REMOUNT
 %token TOK_UMOUNT
 %token TOK_PIVOTROOT
+%token TOK_IN
 
  /* rlimits */
 %token TOK_RLIMIT
@@ -1072,7 +1073,7 @@ cond: TOK_CONDID TOK_EQUALS TOK_VALUE
 		struct value_list *value = new_value_list($3);
 		if (!value)
 			yyerror(_("Memory allocation error."));
-		ent = new_cond_entry($1, value);
+		ent = new_cond_entry($1, 1, value);
 		if (!ent) {
 			free_value_list(value);
 			yyerror(_("Memory allocation error."));
@@ -1082,7 +1083,17 @@ cond: TOK_CONDID TOK_EQUALS TOK_VALUE
 
 cond: TOK_CONDID TOK_EQUALS TOK_OPENPAREN valuelist TOK_CLOSEPAREN
 	{
-		struct cond_entry *ent = new_cond_entry($1, $4);
+		struct cond_entry *ent = new_cond_entry($1, 1, $4);
+
+		if (!ent)
+			yyerror(_("Memory allocation error."));
+		$$ = ent;
+	}
+
+
+cond: TOK_CONDID TOK_IN TOK_OPENPAREN valuelist TOK_CLOSEPAREN
+	{
+		struct cond_entry *ent = new_cond_entry($1, 0, $4);
 
 		if (!ent)
 			yyerror(_("Memory allocation error."));
diff --git a/parser/tst/simple_tests/mount/in_1.sd b/parser/tst/simple_tests/mount/in_1.sd
new file mode 100644
index 0000000..076d5dc
--- /dev/null
+++ b/parser/tst/simple_tests/mount/in_1.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+  mount options in (rw) -> /foo,
+}
diff --git a/parser/tst/simple_tests/mount/in_1.sd~ b/parser/tst/simple_tests/mount/in_1.sd~
new file mode 100644
index 0000000..3b552f7
--- /dev/null
+++ b/parser/tst/simple_tests/mount/in_1.sd~
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+  mount options=(rw) -> /foo,
+}
diff --git a/parser/tst/simple_tests/mount/in_2.sd b/parser/tst/simple_tests/mount/in_2.sd
new file mode 100644
index 0000000..5bf4beb
--- /dev/null
+++ b/parser/tst/simple_tests/mount/in_2.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+  mount options in (rw, ro) -> /foo,
+}
diff --git a/parser/tst/simple_tests/mount/in_2.sd~ b/parser/tst/simple_tests/mount/in_2.sd~
new file mode 100644
index 0000000..12c21aa
--- /dev/null
+++ b/parser/tst/simple_tests/mount/in_2.sd~
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+  mount options=(rw, ro) -> /foo,
+}
diff --git a/parser/tst/simple_tests/mount/in_3.sd b/parser/tst/simple_tests/mount/in_3.sd
new file mode 100644
index 0000000..cd5bae5
--- /dev/null
+++ b/parser/tst/simple_tests/mount/in_3.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+  mount options in (rw ro) -> /foo,
+}
diff --git a/parser/tst/simple_tests/mount/in_3.sd~ b/parser/tst/simple_tests/mount/in_3.sd~
new file mode 100644
index 0000000..08aa1bb
--- /dev/null
+++ b/parser/tst/simple_tests/mount/in_3.sd~
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+  mount options=(rw ro) -> /foo,
+}
diff --git a/parser/tst/simple_tests/mount/in_4.sd b/parser/tst/simple_tests/mount/in_4.sd
new file mode 100644
index 0000000..8acaa88
--- /dev/null
+++ b/parser/tst/simple_tests/mount/in_4.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+  mount options in (rw ro) fstype=procfs -> /foo,
+}
diff --git a/parser/tst/simple_tests/mount/in_4.sd~ b/parser/tst/simple_tests/mount/in_4.sd~
new file mode 100644
index 0000000..96a93a2
--- /dev/null
+++ b/parser/tst/simple_tests/mount/in_4.sd~
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+  mount options=(rw ro) fstype=procfs -> /foo,
+}
-- 
1.7.9.1

More information about the AppArmor mailing list