[apparmor] [PATCH 05/10] From 030feaef9487e90fcd8ce3c1d7e97bf85ef1b320 Mon Sep 17 00:00:00 2001 From: John Johansen <john.johansen at canonical.com> Date: Sat, 27 Oct 2012 04:51:19 -0700 Subject: [PATCH 05/10] Remove testing for AARE as it is the only matching engine

John Johansen john.johansen at canonical.com
Mon Jul 22 05:32:48 UTC 2013 

Remove use of AARE_DFA as the alternate pcre matching engine was removed
years ago.

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 parser/parser.h           |  4 ----
 parser/parser_common.c    |  1 -
 parser/parser_interface.c | 33 +++++++++------------------------
 parser/parser_main.c      |  8 --------
 parser/parser_policy.c    |  6 +-----
 parser/parser_regex.c     | 31 +++++++++++++------------------
 6 files changed, 23 insertions(+), 60 deletions(-)

diff --git a/parser/parser.h b/parser/parser.h
index ab57db9..3b4ac63 100644
--- a/parser/parser.h
+++ b/parser/parser.h
@@ -208,9 +208,6 @@ struct var_string {
 #define OPTION_STDOUT	4
 #define OPTION_OFILE	5
 
-#define AARE_NONE 0
-#define AARE_DFA 2
-
 #define BOOL int
 
 #define FLAG_CHANGEHAT_1_4  2
@@ -267,7 +264,6 @@ extern int preprocess_only;
 	} while (0)
 
 /* from parser_common.c */
-extern int regex_type;
 extern int perms_create;
 extern int net_af_max_override;
 extern int kernel_load;
diff --git a/parser/parser_common.c b/parser/parser_common.c
index 15f0978..bf4dd41 100644
--- a/parser/parser_common.c
+++ b/parser/parser_common.c
@@ -22,7 +22,6 @@
 #define _(s) gettext(s)
 #include "parser.h"
 
-int regex_type = AARE_DFA;
 int perms_create = 0;                   /* perms contain create flag */
 int net_af_max_override = -1;           /* use kernel to determine af_max */
 int kernel_load = 1;
diff --git a/parser/parser_interface.c b/parser/parser_interface.c
index fdd610d..5c2b486 100644
--- a/parser/parser_interface.c
+++ b/parser/parser_interface.c
@@ -57,9 +57,7 @@
 #define SD_CODE_SIZE (sizeof(u8))
 #define SD_STR_LEN (sizeof(u16))
 
-#define SUBDOMAIN_INTERFACE_VERSION 2
 #define SUBDOMAIN_INTERFACE_DFA_VERSION 5
-#define SUBDOMAIN_INTERFACE_POLICY_DB 16
 
 int sd_serialize_codomain(int option, struct codomain *cod);
 
@@ -573,7 +571,7 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile,
 
 	/* only emit this if current kernel at least supports "create" */
 	if (perms_create) {
-		if (regex_type == AARE_DFA && profile->xmatch) {
+		if (profile->xmatch) {
 			if (!sd_serialize_dfa(p, profile->xmatch, profile->xmatch_size))
 				return 0;
 			if (!sd_write32(p, profile->xmatch_len))
@@ -655,7 +653,7 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile,
 	} else if (profile->network_allowed)
 		pwarn(_("profile %s network rules not enforced\n"), profile->name);
 
-	if (profile->policy_dfa && regex_type == AARE_DFA) {
+	if (profile->policy_dfa) {
 		if (!sd_write_struct(p, "policydb"))
 			return 0;
 		if (!sd_serialize_dfa(p, profile->policy_dfa, profile->policy_dfa_size))
@@ -665,18 +663,13 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile,
 	}
 
 	/* either have a single dfa or lists of different entry types */
-	if (regex_type == AARE_DFA) {
-		if (!sd_serialize_dfa(p, profile->dfa, profile->dfa_size))
-			return 0;
+	if (!sd_serialize_dfa(p, profile->dfa, profile->dfa_size))
+		return 0;
 
-		if (!sd_serialize_xtable(p, profile->exec_table))
-			return 0;
-	} else {
-		PERROR(_("Unknown pattern type\n"));
-		return 1;
-	}
+	if (!sd_serialize_xtable(p, profile->exec_table))
+		return 0;
 
-	if (profile->hat_table && regex_type != AARE_DFA) {
+	if (profile->hat_table) {
 		if (!sd_write_list(p, "hats"))
 			return 0;
 		if (load_hats(p, profile) != 0)
@@ -695,15 +688,7 @@ int sd_serialize_top_profile(sd_serialize *p, struct codomain *profile)
 {
 	int version;
 
-	if (regex_type == AARE_DFA) {
-		/* Not yet
-		if (profile->policy_dfa)
-			version = SUBDOMAIN_INTERFACE_POLICYDB;
-		else */
-			version = SUBDOMAIN_INTERFACE_DFA_VERSION;
-	} else
-		version = SUBDOMAIN_INTERFACE_VERSION;
-
+	version = SUBDOMAIN_INTERFACE_DFA_VERSION;
 
 	if (!sd_write_name(p, "version"))
 		return 0;
@@ -859,7 +844,7 @@ int sd_serialize_codomain(int option, struct codomain *cod)
 
 	close(fd);
 
-	if (cod->hat_table && regex_type == AARE_DFA && option != OPTION_REMOVE) {
+	if (cod->hat_table && option != OPTION_REMOVE) {
 		if (load_flattened_hats(cod) != 0)
 			return 0;
 	}
diff --git a/parser/parser_main.c b/parser/parser_main.c
index 0fe4ccf..afbe78c 100644
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -791,7 +791,6 @@ static void get_match_string(void) {
 
 	if (S_ISDIR(stat_file.st_mode)) {
 		/* if we have a features directory default to */
-		regex_type = AARE_DFA;
 		perms_create = 1;
 
 		flags_string = malloc(FLAGS_STRING_SIZE);
@@ -821,16 +820,9 @@ static void get_match_string(void) {
 
 out:
 	if (match_string) {
-		if (strstr(match_string, AADFA))
-			regex_type = AARE_DFA;
-
 		if (strstr(match_string, " perms=c"))
 			perms_create = 1;
 	} else {
-		/* no match string default to 2.6.36 version which doesn't
-		 * have a match string
-		 */
-		regex_type = AARE_DFA;
 		perms_create = 1;
 		kernel_supports_network = 0;
 	}
diff --git a/parser/parser_policy.c b/parser/parser_policy.c
index dce1b0d..77d4a19 100644
--- a/parser/parser_policy.c
+++ b/parser/parser_policy.c
@@ -635,11 +635,7 @@ static void __dump_policy_hatnames(const void *nodep, const VISIT value,
 	if (value == preorder || value == endorder)
 		return;
 
-	if (regex_type == AARE_DFA) {
-	    printf("%s//%s\n", __dump_policy_name->name, (*t)->name);
-	} else {
-	    printf("%s^%s\n", __dump_policy_name->name, (*t)->name);
-	}
+	printf("%s//%s\n", __dump_policy_name->name, (*t)->name);
 }
 
 void dump_policy_hatnames(struct codomain *cod)
diff --git a/parser/parser_regex.c b/parser/parser_regex.c
index 30a86cc..4bc0691 100644
--- a/parser/parser_regex.c
+++ b/parser/parser_regex.c
@@ -556,8 +556,7 @@ int post_process_entries(struct codomain *cod)
 	int count = 0;
 
 	list_for_each(cod->entries, entry) {
-		if (regex_type == AARE_DFA &&
-		    !process_dfa_entry(cod->dfarules, entry))
+		if (!process_dfa_entry(cod->dfarules, entry))
 			ret = FALSE;
 		count++;
 	}
@@ -570,18 +569,17 @@ int process_regex(struct codomain *cod)
 {
 	int error = -1;
 
-	if (regex_type == AARE_DFA) {
-		if (!process_profile_name_xmatch(cod))
-			goto out;
+	if (!process_profile_name_xmatch(cod))
+		goto out;
+
+	cod->dfarules = aare_new_ruleset(0);
+	if (!cod->dfarules)
+		goto out;
 
-		cod->dfarules = aare_new_ruleset(0);
-		if (!cod->dfarules)
-			goto out;
-	}
 	if (!post_process_entries(cod))
 		goto out;
 
-	if (regex_type == AARE_DFA && cod->dfarule_count > 0) {
+	if (cod->dfarule_count > 0) {
 		cod->dfa = aare_create_dfa(cod->dfarules, &cod->dfa_size,
 					   dfaflags);
 		aare_delete_ruleset(cod->dfarules);
@@ -1050,8 +1048,7 @@ int post_process_mnt_ents(struct codomain *cod)
 	if (cod->mnt_ents && kernel_supports_mount) {
 		struct mnt_entry *entry;
 		list_for_each(cod->mnt_ents, entry) {
-			if (regex_type == AARE_DFA &&
-			    !process_mnt_entry(cod->policy_rules, entry))
+			if (!process_mnt_entry(cod->policy_rules, entry))
 				ret = FALSE;
 			count++;
 		}
@@ -1075,16 +1072,14 @@ int process_policydb(struct codomain *cod)
 {
 	int error = -1;
 
-	if (regex_type == AARE_DFA) {
-		cod->policy_rules = aare_new_ruleset(0);
-		if (!cod->policy_rules)
-			goto out;
-	}
+	cod->policy_rules = aare_new_ruleset(0);
+	if (!cod->policy_rules)
+		goto out;
 
 	if (!post_process_policydb_ents(cod))
 		goto out;
 
-	if (regex_type == AARE_DFA && cod->policy_rule_count > 0) {
+	if (cod->policy_rule_count > 0) {
 		cod->policy_dfa = aare_create_dfa(cod->policy_rules,
 						  &cod->policy_dfa_size,
 						  dfaflags);
-- 
1.8.1.2

More information about the AppArmor mailing list