[apparmor] [PATCH 05/10] From 030feaef9487e90fcd8ce3c1d7e97bf85ef1b320 Mon Sep 17 00:00:00 2001 From: John Johansen <john.johansen at canonical.com> Date: Sat, 27 Oct 2012 04:51:19 -0700 Subject: [PATCH 05/10] Remove testing for AARE as it is the only matching engine
Seth Arnold
seth.arnold at canonical.com
Thu Jul 25 01:59:40 UTC 2013
On Sun, Jul 21, 2013 at 10:32:48PM -0700, John Johansen wrote:
> Remove use of AARE_DFA as the alternate pcre matching engine was removed
> years ago.
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Wow, keep these cleanups coming :)
Thanks
> ---
> parser/parser.h | 4 ----
> parser/parser_common.c | 1 -
> parser/parser_interface.c | 33 +++++++++------------------------
> parser/parser_main.c | 8 --------
> parser/parser_policy.c | 6 +-----
> parser/parser_regex.c | 31 +++++++++++++------------------
> 6 files changed, 23 insertions(+), 60 deletions(-)
>
> diff --git a/parser/parser.h b/parser/parser.h
> index ab57db9..3b4ac63 100644
> --- a/parser/parser.h
> +++ b/parser/parser.h
> @@ -208,9 +208,6 @@ struct var_string {
> #define OPTION_STDOUT 4
> #define OPTION_OFILE 5
>
> -#define AARE_NONE 0
> -#define AARE_DFA 2
> -
> #define BOOL int
>
> #define FLAG_CHANGEHAT_1_4 2
> @@ -267,7 +264,6 @@ extern int preprocess_only;
> } while (0)
>
> /* from parser_common.c */
> -extern int regex_type;
> extern int perms_create;
> extern int net_af_max_override;
> extern int kernel_load;
> diff --git a/parser/parser_common.c b/parser/parser_common.c
> index 15f0978..bf4dd41 100644
> --- a/parser/parser_common.c
> +++ b/parser/parser_common.c
> @@ -22,7 +22,6 @@
> #define _(s) gettext(s)
> #include "parser.h"
>
> -int regex_type = AARE_DFA;
> int perms_create = 0; /* perms contain create flag */
> int net_af_max_override = -1; /* use kernel to determine af_max */
> int kernel_load = 1;
> diff --git a/parser/parser_interface.c b/parser/parser_interface.c
> index fdd610d..5c2b486 100644
> --- a/parser/parser_interface.c
> +++ b/parser/parser_interface.c
> @@ -57,9 +57,7 @@
> #define SD_CODE_SIZE (sizeof(u8))
> #define SD_STR_LEN (sizeof(u16))
>
> -#define SUBDOMAIN_INTERFACE_VERSION 2
> #define SUBDOMAIN_INTERFACE_DFA_VERSION 5
> -#define SUBDOMAIN_INTERFACE_POLICY_DB 16
>
> int sd_serialize_codomain(int option, struct codomain *cod);
>
> @@ -573,7 +571,7 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile,
>
> /* only emit this if current kernel at least supports "create" */
> if (perms_create) {
> - if (regex_type == AARE_DFA && profile->xmatch) {
> + if (profile->xmatch) {
> if (!sd_serialize_dfa(p, profile->xmatch, profile->xmatch_size))
> return 0;
> if (!sd_write32(p, profile->xmatch_len))
> @@ -655,7 +653,7 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile,
> } else if (profile->network_allowed)
> pwarn(_("profile %s network rules not enforced\n"), profile->name);
>
> - if (profile->policy_dfa && regex_type == AARE_DFA) {
> + if (profile->policy_dfa) {
> if (!sd_write_struct(p, "policydb"))
> return 0;
> if (!sd_serialize_dfa(p, profile->policy_dfa, profile->policy_dfa_size))
> @@ -665,18 +663,13 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile,
> }
>
> /* either have a single dfa or lists of different entry types */
> - if (regex_type == AARE_DFA) {
> - if (!sd_serialize_dfa(p, profile->dfa, profile->dfa_size))
> - return 0;
> + if (!sd_serialize_dfa(p, profile->dfa, profile->dfa_size))
> + return 0;
>
> - if (!sd_serialize_xtable(p, profile->exec_table))
> - return 0;
> - } else {
> - PERROR(_("Unknown pattern type\n"));
> - return 1;
> - }
> + if (!sd_serialize_xtable(p, profile->exec_table))
> + return 0;
>
> - if (profile->hat_table && regex_type != AARE_DFA) {
> + if (profile->hat_table) {
> if (!sd_write_list(p, "hats"))
> return 0;
> if (load_hats(p, profile) != 0)
> @@ -695,15 +688,7 @@ int sd_serialize_top_profile(sd_serialize *p, struct codomain *profile)
> {
> int version;
>
> - if (regex_type == AARE_DFA) {
> - /* Not yet
> - if (profile->policy_dfa)
> - version = SUBDOMAIN_INTERFACE_POLICYDB;
> - else */
> - version = SUBDOMAIN_INTERFACE_DFA_VERSION;
> - } else
> - version = SUBDOMAIN_INTERFACE_VERSION;
> -
> + version = SUBDOMAIN_INTERFACE_DFA_VERSION;
>
> if (!sd_write_name(p, "version"))
> return 0;
> @@ -859,7 +844,7 @@ int sd_serialize_codomain(int option, struct codomain *cod)
>
> close(fd);
>
> - if (cod->hat_table && regex_type == AARE_DFA && option != OPTION_REMOVE) {
> + if (cod->hat_table && option != OPTION_REMOVE) {
> if (load_flattened_hats(cod) != 0)
> return 0;
> }
> diff --git a/parser/parser_main.c b/parser/parser_main.c
> index 0fe4ccf..afbe78c 100644
> --- a/parser/parser_main.c
> +++ b/parser/parser_main.c
> @@ -791,7 +791,6 @@ static void get_match_string(void) {
>
> if (S_ISDIR(stat_file.st_mode)) {
> /* if we have a features directory default to */
> - regex_type = AARE_DFA;
> perms_create = 1;
>
> flags_string = malloc(FLAGS_STRING_SIZE);
> @@ -821,16 +820,9 @@ static void get_match_string(void) {
>
> out:
> if (match_string) {
> - if (strstr(match_string, AADFA))
> - regex_type = AARE_DFA;
> -
> if (strstr(match_string, " perms=c"))
> perms_create = 1;
> } else {
> - /* no match string default to 2.6.36 version which doesn't
> - * have a match string
> - */
> - regex_type = AARE_DFA;
> perms_create = 1;
> kernel_supports_network = 0;
> }
> diff --git a/parser/parser_policy.c b/parser/parser_policy.c
> index dce1b0d..77d4a19 100644
> --- a/parser/parser_policy.c
> +++ b/parser/parser_policy.c
> @@ -635,11 +635,7 @@ static void __dump_policy_hatnames(const void *nodep, const VISIT value,
> if (value == preorder || value == endorder)
> return;
>
> - if (regex_type == AARE_DFA) {
> - printf("%s//%s\n", __dump_policy_name->name, (*t)->name);
> - } else {
> - printf("%s^%s\n", __dump_policy_name->name, (*t)->name);
> - }
> + printf("%s//%s\n", __dump_policy_name->name, (*t)->name);
> }
>
> void dump_policy_hatnames(struct codomain *cod)
> diff --git a/parser/parser_regex.c b/parser/parser_regex.c
> index 30a86cc..4bc0691 100644
> --- a/parser/parser_regex.c
> +++ b/parser/parser_regex.c
> @@ -556,8 +556,7 @@ int post_process_entries(struct codomain *cod)
> int count = 0;
>
> list_for_each(cod->entries, entry) {
> - if (regex_type == AARE_DFA &&
> - !process_dfa_entry(cod->dfarules, entry))
> + if (!process_dfa_entry(cod->dfarules, entry))
> ret = FALSE;
> count++;
> }
> @@ -570,18 +569,17 @@ int process_regex(struct codomain *cod)
> {
> int error = -1;
>
> - if (regex_type == AARE_DFA) {
> - if (!process_profile_name_xmatch(cod))
> - goto out;
> + if (!process_profile_name_xmatch(cod))
> + goto out;
> +
> + cod->dfarules = aare_new_ruleset(0);
> + if (!cod->dfarules)
> + goto out;
>
> - cod->dfarules = aare_new_ruleset(0);
> - if (!cod->dfarules)
> - goto out;
> - }
> if (!post_process_entries(cod))
> goto out;
>
> - if (regex_type == AARE_DFA && cod->dfarule_count > 0) {
> + if (cod->dfarule_count > 0) {
> cod->dfa = aare_create_dfa(cod->dfarules, &cod->dfa_size,
> dfaflags);
> aare_delete_ruleset(cod->dfarules);
> @@ -1050,8 +1048,7 @@ int post_process_mnt_ents(struct codomain *cod)
> if (cod->mnt_ents && kernel_supports_mount) {
> struct mnt_entry *entry;
> list_for_each(cod->mnt_ents, entry) {
> - if (regex_type == AARE_DFA &&
> - !process_mnt_entry(cod->policy_rules, entry))
> + if (!process_mnt_entry(cod->policy_rules, entry))
> ret = FALSE;
> count++;
> }
> @@ -1075,16 +1072,14 @@ int process_policydb(struct codomain *cod)
> {
> int error = -1;
>
> - if (regex_type == AARE_DFA) {
> - cod->policy_rules = aare_new_ruleset(0);
> - if (!cod->policy_rules)
> - goto out;
> - }
> + cod->policy_rules = aare_new_ruleset(0);
> + if (!cod->policy_rules)
> + goto out;
>
> if (!post_process_policydb_ents(cod))
> goto out;
>
> - if (regex_type == AARE_DFA && cod->policy_rule_count > 0) {
> + if (cod->policy_rule_count > 0) {
> cod->policy_dfa = aare_create_dfa(cod->policy_rules,
> &cod->policy_dfa_size,
> dfaflags);
> --
> 1.8.1.2
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130724/33be145c/attachment-0001.pgp>
More information about the AppArmor
mailing list