[apparmor] [patch 02/12] parser: Add support for unix domain socket rules.
Seth Arnold
seth.arnold at canonical.com
Tue Aug 26 22:31:26 UTC 2014
On Mon, Aug 25, 2014 at 05:06:07PM -0700, john.johansen at canonical.com wrote:
> This patch implements parsing of fine grained mediation for unix domain
> sockets, that have abstract and anonymous paths. Sockets with file
> system paths are handled by regular file access rules.
One quick question ...
> + */
> +int af_rule::move_base_cond(struct cond_entry *ent, bool peer)
> +{
> + if (!cond_check(supported_conds, ent, peer, "unknown"))
> + return false;
> +
> + if (strcmp(ent->name, "type") == 0) {
> + move_conditional_value("socket rule", &sock_type, ent);
> + sock_type_n = net_find_type_val(sock_type);
> + if (sock_type_n == -1)
> + yyerror("socket rule: invalid socket type '%s'", sock_type);
> + } else if (strcmp(ent->name, "protocol") == 0) {
> + yyerror("socket rule: 'protocol' conditional is not currently supported\n");
> + } else if (strcmp(ent->name, "label") == 0) {
> + if (peer)
> + move_conditional_value("unix", &label, ent);
> + else
> + move_conditional_value("unix", &peer_label, ent);
Is this if (peer) conditional test going in the correct direction?
> + } else
> + return false;
> +
> + return true;
> +}
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140826/e6416561/attachment.pgp>
More information about the AppArmor
mailing list