[apparmor] [PATCH 2/6] parser: parser clean up add_named_transition()

John Johansen john.johansen at canonical.com
Fri Mar 4 16:24:19 UTC 2016 

On 03/04/2016 12:16 AM, Tyler Hicks wrote:
> The add_named_transition function was written in a way that is difficult
> to understand while attempting to read the function. This patch attempts
> to clean it up.
> 
> First, this patch removes this confusing code flow issue:
> 
>   if (!entry->ns) { ... }
>   if (entry->ns) { ... } else { ... }
> 
> It then unifies the way that the ns and nt_name strings of the cod_entry
> struct are handled prior to calling add_entry_to_x_table() and/or
> returning. ns and nt_name are now guaranteed to be NULL before
> performing either of those actions.
> 
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>

Acked-by: John Johansen <john.johansen at canonical.com>

> ---
>  parser/parser_policy.c | 16 +++++++++-------
>  1 file changed, 9 insertions(+), 7 deletions(-)
> 
> diff --git a/parser/parser_policy.c b/parser/parser_policy.c
> index 5e4add6..292abff 100644
> --- a/parser/parser_policy.c
> +++ b/parser/parser_policy.c
> @@ -118,10 +118,16 @@ static int add_named_transition(Profile *prof, struct cod_entry *entry)
>  			}
>  			sprintf(name, "%s//%s", prof->name, entry->nt_name);
>  			free(entry->nt_name);
> -			entry->nt_name = name;
> +			entry->nt_name = NULL;
> +		} else {
> +			/**
> +			 * pass control of the memory pointed to by nt_name
> +			 * from entry to add_entry_to_x_table()
> +			 */
> +			name = entry->nt_name;
> +			entry->nt_name = NULL;
>  		}
> -	}
> -	if (entry->ns) {
> +	} else {
>  	  name = (char *) malloc(strlen(entry->ns) + strlen(entry->nt_name) + 3);
>  		if (!name) {
>  			PERROR("Memory allocation error\n");
> @@ -132,8 +138,6 @@ static int add_named_transition(Profile *prof, struct cod_entry *entry)
>  		free(entry->nt_name);
>  		entry->ns = NULL;
>  		entry->nt_name = NULL;
> -	} else {
> -		name = entry->nt_name;
>  	}
>  
>  	return add_entry_to_x_table(prof, name);
> @@ -164,8 +168,6 @@ void post_process_file_entries(Profile *prof)
>  				mode |= SHIFT_MODE(n << 10, AA_OTHER_SHIFT);
>  			entry->mode = ((entry->mode & ~AA_ALL_EXEC_MODIFIERS) |
>  				       (mode & AA_ALL_EXEC_MODIFIERS));
> -			entry->ns = NULL;
> -			entry->nt_name = NULL;
>  		}
>  		/* FIXME: currently change_profile also implies onexec */
>  		cp_mode |= entry->mode & (AA_CHANGE_PROFILE);
>

More information about the AppArmor mailing list