[apparmor] [PATCH 4/6] parser: stop splitting the namespace from the named transition targets

Tyler Hicks tyhicks at canonical.com
Fri Mar 11 19:04:57 UTC 2016


On 2016-03-04 02:16:39, Tyler Hicks wrote:
> The parser was splitting up the namespace and profile name from named
> transition targets only to rejoin it later when creating the binary
> policy. This complicated the changes needed to support the stacking
> identifier '&' in named transition targets.
> 
> To keep the stacking support simple, this patch keeps the entire named
> transition target string intact from initial profile parsing to writing
> out the binary.
> 
> All of these changes are straightforward except the hunk that removes
> the namespace string addition to the vector in the process_dfa_entry()
> function. After speaking with John, the kernel has never expected the
> namespace to be separated from the profile name.
> 
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>

John discovered and fixed a regression caused by this patch. The patch
has not been committed to lp:apparmor so I plan to fold the following
changes into this patch before committing it to trunk.

Tyler

From beafe1844615084bbaa93018b34dae8f3e93b735 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen at canonical.com>
Date: Fri, 11 Mar 2016 10:37:15 -0800
Subject: [PATCH] Fix addition of entries to xtable

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 parser/parser_policy.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/parser/parser_policy.c b/parser/parser_policy.c
index 545f613..38e33af 100644
--- a/parser/parser_policy.c
+++ b/parser/parser_policy.c
@@ -127,6 +127,13 @@ static int add_named_transition(Profile *prof, struct cod_entry *entry)
 			name = entry->nt_name;
 			entry->nt_name = NULL;
 		}
+	} else {
+		/**
+		 * pass control of the memory pointed to by nt_name
+		 * from entry to add_entry_to_x_table()
+		 */
+		name = entry->nt_name;
+		entry->nt_name = NULL;
 	}
 
 	return add_entry_to_x_table(prof, name);
-- 
2.7.0

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20160311/f87fa776/attachment.pgp>


More information about the AppArmor mailing list