[apparmor] [patch 05/12] Make the af type protocol mappings available for use
John Johansen
john.johansen at canonical.com
Mon Aug 25 19:47:26 UTC 2014
On 08/15/2014 12:20 PM, john.johansen at canonical.com wrote:
This is a fix for [patch 05/12] Make the af type protocol mappings available for use
before the af type protocol mappings patch was applied, a single rule could
result in multiple rule entries being created. The af type protocol mappings
patch broke this by apply only the first of the mappings that could be
found.
Restore the previous behavior by search through the entire table until
all matches have been made.
---
=== modified file 'parser/network.c'
--- parser/network.c 2014-08-24 07:00:28 +0000
+++ parser/network.c 2014-08-25 19:45:28 +0000
@@ -249,22 +249,24 @@
}
-const struct network_tuple *net_find_mapping(const char *family,
+const struct network_tuple *net_find_mapping(struct network_tuple *map,
+ const char *family,
const char *type,
const char *protocol)
{
- int i;
+ if (!map)
+ map = network_mappings;
- for (i = 0; network_mappings[i].family_name; i++) {
+ while (map->family_name) {
if (family) {
- PDEBUG("Checking family %s\n", network_mappings[i].family_name);
- if (strcmp(family, network_mappings[i].family_name) != 0)
+ PDEBUG("Checking family %s\n", map->family_name);
+ if (strcmp(family, map->family_name) != 0)
continue;
PDEBUG("Found family %s\n", family);
}
if (type) {
- PDEBUG("Checking type %s\n", network_mappings[i].type_name);
- if (strcmp(type, network_mappings[i].type_name) != 0)
+ PDEBUG("Checking type %s\n", map->type_name);
+ if (strcmp(type, map->type_name) != 0)
continue;
PDEBUG("Found type %s\n", type);
}
@@ -272,12 +274,12 @@
/* allows the proto to be the "type", ie. tcp implies
* stream */
if (!type) {
- PDEBUG("Checking protocol type %s\n", network_mappings[i].type_name);
- if (strcmp(protocol, network_mappings[i].type_name) == 0)
+ PDEBUG("Checking protocol type %s\n", map->type_name);
+ if (strcmp(protocol, map->type_name) == 0)
goto match;
}
- PDEBUG("Checking type %s protocol %s\n", network_mappings[i].type_name, network_mappings[i].protocol_name);
- if (strcmp(protocol, network_mappings[i].protocol_name) != 0)
+ PDEBUG("Checking type %s protocol %s\n", map->type_name, map->protocol_name);
+ if (strcmp(protocol, map->protocol_name) != 0)
continue;
/* fixme should we allow specifying protocol by #
* without needing the protocol mapping? */
@@ -285,7 +287,7 @@
/* if we get this far we have a match */
match:
- return &network_mappings[i];
+ return map;
}
return NULL;
@@ -295,9 +297,9 @@
const char *protocol)
{
struct aa_network_entry *new_entry, *entry = NULL;
- const struct network_tuple *mapping = net_find_mapping(family, type, protocol);
+ const struct network_tuple *mapping = NULL;
- if (mapping) {
+ while ((mapping = net_find_mapping(NULL, family, type, protocol))) {
new_entry = new_network_ent(mapping->family, mapping->type,
mapping->protocol);
if (!new_entry)
=== modified file 'parser/network.h'
--- parser/network.h 2014-08-24 07:00:28 +0000
+++ parser/network.h 2014-08-25 19:39:10 +0000
@@ -88,7 +88,8 @@
const char *net_find_type_name(int type);
int net_find_af_val(const char *af);
const char *net_find_af_name(unsigned int af);
-const struct network_tuple *net_find_mapping(const char *family,
+const struct network_tuple *net_find_mapping(struct network_tuple *map,
+ const char *family,
const char *type,
const char *protocol);
More information about the AppArmor
mailing list