[apparmor] [PATCH 6/8] Remove dead code around pattern matching in rules

Tyler Hicks tyhicks at canonical.com
Wed Sep 11 08:47:45 UTC 2013


From: John Johansen <john.johansen at canonical.com>

remove old dead code that used to fail compilation if regular expressions
where detected in the rules and the apparmor kernel module did not support
regular expression matching.

Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
---
 parser/parser.h        |  2 +-
 parser/parser_policy.c | 50 --------------------------------------------------
 2 files changed, 1 insertion(+), 51 deletions(-)

diff --git a/parser/parser.h b/parser/parser.h
index 3eae519..5640a09 100644
--- a/parser/parser.h
+++ b/parser/parser.h
@@ -411,7 +411,7 @@ extern void free_policy(struct codomain *cod);
 extern void dump_policy(void);
 extern void dump_policy_hats(struct codomain *cod);
 extern void dump_policy_names(void);
-extern int die_if_any_regex(void);
+
 void free_policies(void);
 
 #ifdef UNIT_TEST
diff --git a/parser/parser_policy.c b/parser/parser_policy.c
index ec3387c..8ca1654 100644
--- a/parser/parser_policy.c
+++ b/parser/parser_policy.c
@@ -274,56 +274,6 @@ int merge_hat_rules(struct codomain *cod)
 	return 0;
 }
 
-int die_if_any_regex(void);
-static int die_if_any_hat_regex(struct codomain *cod);
-static int any_regex_entries(struct cod_entry *entry_list);
-
-/* only call if regex is not allowed */
-static void __any_regex(const void *nodep, const VISIT value,
-		        const int __unused depth)
-{
-	struct codomain **t = (struct codomain **) nodep;
-
-	if (value == preorder || value == endorder)
-		return;
-
-	if (any_regex_entries((*t)->entries)) {
-		PERROR(_("ERROR profile %s contains policy elements not usable with this kernel:\n"
-			 "\t'*', '?', character ranges, and alternations are not allowed.\n"
-			 "\t'**' may only be used at the end of a rule.\n"),
-			(*t)->name);
-		exit(1);
-	}
-
-	die_if_any_hat_regex(*t);
-}
-
-/* only call if regex is not allowed */
-int die_if_any_regex(void)
-{
-	twalk(policy_list, __any_regex);
-	return 0;
-}
-
-/* only call if regex is not allowed */
-static int die_if_any_hat_regex(struct codomain *cod)
-{
-	twalk(cod->hat_table, __any_regex);
-	return 0;
-}
-
-static int any_regex_entries(struct cod_entry *entry_list)
-{
-	struct cod_entry *entry;
-
-	list_for_each(entry_list, entry) {
-		if (entry->pattern_type == ePatternRegex)
-			return TRUE;
-	}
-
-	return FALSE;
-}
-
 static void __process_regex(const void *nodep, const VISIT value,
 			    const int __unused depth)
 {
-- 
1.8.3.2




More information about the AppArmor mailing list