[apparmor] [patch 21/26] change syntax of ptrace target

[john.johansen at canonical.com]

change from
  ptrace /foo,

to
  ptrace peer=/foo,

Signed-off-by: John Johansen <john.johansen at canonical.com>


---
 parser/parser_yacc.y |    7 +------
 parser/ptrace.c      |   13 ++++++++-----
 parser/ptrace.h      |    2 +-
 3 files changed, 10 insertions(+), 12 deletions(-)

--- 2.9-test.orig/parser/parser_yacc.y
+++ 2.9-test/parser/parser_yacc.y
@@ -1349,12 +1349,7 @@
 
 ptrace_rule: TOK_PTRACE opt_ptrace_perm opt_conds TOK_END_OF_RULE
 	{
-		ptrace_rule *ent = new ptrace_rule($2, $3, NULL);
-		$$ = ent;
-	}
-	|  TOK_PTRACE opt_ptrace_perm opt_conds TOK_ID TOK_END_OF_RULE
-	{
-		ptrace_rule *ent = new ptrace_rule($2, $3, $4);
+		ptrace_rule *ent = new ptrace_rule($2, $3);
 		$$ = ent;
 	}
 
--- 2.9-test.orig/parser/ptrace.c
+++ 2.9-test/parser/ptrace.c
@@ -39,14 +39,17 @@
 		if (!cond_ent->eq)
 			yyerror("keyword \"in\" is not allowed in ptrace rules\n");
 
-		/* no valid conditionals atm */
-		yyerror("invalid ptrace rule conditional \"%s\"\n",
-			cond_ent->name);
+		if (strcmp(cond_ent->name, "peer") == 0) {
+			move_conditional_value("ptrace", &peer_label, cond_ent);
+		} else {
+			yyerror("invalid ptrace rule conditional \"%s\"\n",
+				cond_ent->name);
+		}
 	}
 }
 
-ptrace_rule::ptrace_rule(int mode_p, struct cond_entry *conds, char *peer):
-	peer_label(peer), audit(0), deny(0)
+ptrace_rule::ptrace_rule(int mode_p, struct cond_entry *conds):
+	peer_label(NULL), audit(0), deny(0)
 {
 	if (mode_p) {
 		if (mode_p & ~AA_VALID_PTRACE_PERMS)
--- 2.9-test.orig/parser/ptrace.h
+++ 2.9-test/parser/ptrace.h
@@ -37,7 +37,7 @@
 	int audit;
 	int deny;
 
-	ptrace_rule(int mode, struct cond_entry *conds, char *peer);
+	ptrace_rule(int mode, struct cond_entry *conds);
 	virtual ~ptrace_rule()
 	{
 		free(peer_label);