[apparmor] [PATCH 06/14] Add support for bare change_profile rule
Tyler Hicks
tyhicks at canonical.com
Thu Jun 4 14:20:25 UTC 2015
On 2015-06-04 03:56:35, John Johansen wrote:
> allow specifying the change_profile keyword
>
> change_profile,
>
> to grant all permissions change_profile permissions
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Tyler Hicks <tyhicks at canonical.com>
> ---
> parser/parser_lex.l | 2 +-
> parser/parser_yacc.y | 14 ++++++++++++++
> parser/tst/equality.sh | 4 ++++
> parser/tst/simple_tests/change_profile/bare_ok_1.sd | 7 +++++++
> 4 files changed, 26 insertions(+), 1 deletion(-)
> create mode 100644 parser/tst/simple_tests/change_profile/bare_ok_1.sd
>
> diff --git a/parser/parser_lex.l b/parser/parser_lex.l
> index 0456843..286d9a2 100644
> --- a/parser/parser_lex.l
> +++ b/parser/parser_lex.l
> @@ -612,7 +612,7 @@ LT_EQUAL <=
> PUSH_AND_RETURN(state, token);
> }
>
> -<INITIAL,NETWORK_MODE,RLIMIT_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE>{
> +<INITIAL,NETWORK_MODE,RLIMIT_MODE,CHANGE_PROFILE_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE>{
> {END_OF_RULE} {
> if (YY_START != INITIAL)
> POP_NODUMP();
> diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
> index 3ebaed4..ce57153 100644
> --- a/parser/parser_yacc.y
> +++ b/parser/parser_yacc.y
> @@ -1481,6 +1481,20 @@ file_mode: TOK_MODE
> free($1);
> }
>
> +change_profile: TOK_CHANGE_PROFILE TOK_END_OF_RULE
> + {
> + struct cod_entry *entry;
> + char *rule = strdup("**");
> + if (!rule)
> + yyerror(_("Memory allocation error."));
> + PDEBUG("Matched change_profile,\n");
> + entry = new_entry(NULL, rule, AA_CHANGE_PROFILE, NULL);
> + if (!entry)
> + yyerror(_("Memory allocation error."));
> + PDEBUG("change_profile,\n");
> + $$ = entry;
> + };
> +
> change_profile: TOK_CHANGE_PROFILE TOK_ARROW TOK_ID TOK_END_OF_RULE
> {
> struct cod_entry *entry;
> diff --git a/parser/tst/equality.sh b/parser/tst/equality.sh
> index 89a048e..700ac8b 100755
> --- a/parser/tst/equality.sh
> +++ b/parser/tst/equality.sh
> @@ -458,6 +458,10 @@ verify_binary_equality "Deny of ungranted perm" \
> "/t { /foo/[abc] r, }"
>
>
> +verify_binary_equality "change_profile == change_profile -> **" \
> + "/t { change_profile, }" \
> + "/t { change_profile -> **, }"
> +
> if [ $fails -ne 0 -o $errors -ne 0 ]
> then
> printf "ERRORS: %d\nFAILS: %d\n" $errors $fails 2>&1
> diff --git a/parser/tst/simple_tests/change_profile/bare_ok_1.sd b/parser/tst/simple_tests/change_profile/bare_ok_1.sd
> new file mode 100644
> index 0000000..3ea58d2
> --- /dev/null
> +++ b/parser/tst/simple_tests/change_profile/bare_ok_1.sd
> @@ -0,0 +1,7 @@
> +#
> +#=DESCRIPTION change_profile
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> + change_profile,
> +}
> --
> 2.1.4
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150604/5022cf0e/attachment-0001.pgp>
More information about the AppArmor
mailing list