[apparmor] [PATCH 6/8] Remove dead code around pattern matching in rules
Tyler Hicks
tyhicks at canonical.com
Wed Sep 11 08:47:45 UTC 2013
From: John Johansen <john.johansen at canonical.com>
remove old dead code that used to fail compilation if regular expressions
where detected in the rules and the apparmor kernel module did not support
regular expression matching.
Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
---
parser/parser.h | 2 +-
parser/parser_policy.c | 50 --------------------------------------------------
2 files changed, 1 insertion(+), 51 deletions(-)
diff --git a/parser/parser.h b/parser/parser.h
index 3eae519..5640a09 100644
--- a/parser/parser.h
+++ b/parser/parser.h
@@ -411,7 +411,7 @@ extern void free_policy(struct codomain *cod);
extern void dump_policy(void);
extern void dump_policy_hats(struct codomain *cod);
extern void dump_policy_names(void);
-extern int die_if_any_regex(void);
+
void free_policies(void);
#ifdef UNIT_TEST
diff --git a/parser/parser_policy.c b/parser/parser_policy.c
index ec3387c..8ca1654 100644
--- a/parser/parser_policy.c
+++ b/parser/parser_policy.c
@@ -274,56 +274,6 @@ int merge_hat_rules(struct codomain *cod)
return 0;
}
-int die_if_any_regex(void);
-static int die_if_any_hat_regex(struct codomain *cod);
-static int any_regex_entries(struct cod_entry *entry_list);
-
-/* only call if regex is not allowed */
-static void __any_regex(const void *nodep, const VISIT value,
- const int __unused depth)
-{
- struct codomain **t = (struct codomain **) nodep;
-
- if (value == preorder || value == endorder)
- return;
-
- if (any_regex_entries((*t)->entries)) {
- PERROR(_("ERROR profile %s contains policy elements not usable with this kernel:\n"
- "\t'*', '?', character ranges, and alternations are not allowed.\n"
- "\t'**' may only be used at the end of a rule.\n"),
- (*t)->name);
- exit(1);
- }
-
- die_if_any_hat_regex(*t);
-}
-
-/* only call if regex is not allowed */
-int die_if_any_regex(void)
-{
- twalk(policy_list, __any_regex);
- return 0;
-}
-
-/* only call if regex is not allowed */
-static int die_if_any_hat_regex(struct codomain *cod)
-{
- twalk(cod->hat_table, __any_regex);
- return 0;
-}
-
-static int any_regex_entries(struct cod_entry *entry_list)
-{
- struct cod_entry *entry;
-
- list_for_each(entry_list, entry) {
- if (entry->pattern_type == ePatternRegex)
- return TRUE;
- }
-
- return FALSE;
-}
-
static void __process_regex(const void *nodep, const VISIT value,
const int __unused depth)
{
--
1.8.3.2
More information about the AppArmor
mailing list