[apparmor] [patch] [parser] allow the parser to process directories as a parameter

John Johansen john.johansen at canonical.com
Mon Oct 14 08:58:23 UTC 2013 

On 09/29/2013 02:50 AM, John Johansen wrote:
> allow directories to be passed to the parser
> 
> Allow directories to be passed directly to the parser and handled instead
> of needing an initscript to find the files in the directory.
> 
> Signed-off-by: John Johansen <john.johansen at canonical.com>
bump

> ---
>  parser/parser.h         |  1 +
>  parser/parser_include.c |  4 +--
>  parser/parser_include.h |  2 +-
>  parser/parser_lex.l     | 40 ----------------------------
>  parser/parser_main.c    | 70 ++++++++++++++++++++++++++++++++++++++++++++-----
>  parser/parser_misc.c    | 41 +++++++++++++++++++++++++++++
>  6 files changed, 109 insertions(+), 49 deletions(-)
> 
> diff --git a/parser/parser.h b/parser/parser.h
> index c1622c3..1dd9895 100644
> --- a/parser/parser.h
> +++ b/parser/parser.h
> @@ -268,6 +268,7 @@ extern struct var_string *split_out_var(char *string);
>  extern void free_var_string(struct var_string *var);
>  
>  /* parser_misc.c */
> +extern int is_blacklisted(const char *name, const char *path);
>  extern struct value_list *new_value_list(char *value);
>  extern struct value_list *dup_value_list(struct value_list *list);
>  extern void free_value_list(struct value_list *list);
> diff --git a/parser/parser_include.c b/parser/parser_include.c
> index 697fad3..88fe2d6 100644
> --- a/parser/parser_include.c
> +++ b/parser/parser_include.c
> @@ -279,7 +279,7 @@ struct include_stack_t {
>  
>  struct include_stack_t *include_stack_head = NULL;
>  
> -static void start_include_position(char *filename)
> +static void start_include_position(const char *filename)
>  {
>  	if (current_filename)
>  		free(current_filename);
> @@ -323,7 +323,7 @@ void pop_include_stack(void)
>  	free(include);
>  }
>  
> -void reset_include_stack(char *filename)
> +void reset_include_stack(const char *filename)
>  {
>  	while (include_stack_head)
>  		pop_include_stack();
> diff --git a/parser/parser_include.h b/parser/parser_include.h
> index 08ea8aa..6a5b294 100644
> --- a/parser/parser_include.h
> +++ b/parser/parser_include.h
> @@ -31,6 +31,6 @@ FILE *search_path(char *filename, char **fullpath);
>  
>  extern void push_include_stack(char *filename);
>  extern void pop_include_stack(void);
> -extern void reset_include_stack(char *filename);
> +extern void reset_include_stack(const char *filename);
>  
>  #endif
> diff --git a/parser/parser_lex.l b/parser/parser_lex.l
> index 7e4574f..9a4bc6c 100644
> --- a/parser/parser_lex.l
> +++ b/parser/parser_lex.l
> @@ -107,46 +107,6 @@ do { \
>  #define STATE_TABLE_ENT(X) [(X)] = #X
>  /* static char *const state_names[]; */
>  
> -struct ignored_suffix_t {
> -	const char * text;
> -	int len;
> -	int silent;
> -};
> -
> -struct ignored_suffix_t ignored_suffixes[] = {
> -	/* Debian packging files, which are in flux during install
> -           should be silently ignored. */
> -	{ ".dpkg-new", 9, 1 },
> -	{ ".dpkg-old", 9, 1 },
> -	{ ".dpkg-dist", 10, 1 },
> -	{ ".dpkg-bak", 9, 1 },
> -	/* RPM packaging files have traditionally not been silently
> -           ignored */
> -	{ ".rpmnew", 7, 0 },
> -	{ ".rpmsave", 8, 0 },
> -	/* Backup files should be mentioned */
> -	{ "~", 1, 0 },
> -	{ NULL, 0, 0 }
> -};
> -
> -static int is_blacklisted(const char *name, const char *path)
> -{
> -	int name_len;
> -	struct ignored_suffix_t *suffix;
> -	name_len = strlen(name);
> -	/* skip blacklisted suffixes */
> -	for (suffix = ignored_suffixes; suffix->text; suffix++) {
> -		char *found;
> -		if ( (found = strstr((char *) name, suffix->text)) &&
> -		     found - name + suffix->len == name_len ) {
> -			if (!suffix->silent)
> -				PERROR("Ignoring: '%s'\n", path);
> -			return 1;
> -		}
> -	}
> -
> -	return 0;
> -}
>  
>  struct cb_struct {
>  	const char *fullpath;
> diff --git a/parser/parser_main.c b/parser/parser_main.c
> index 75f318f..e3af8a8 100644
> --- a/parser/parser_main.c
> +++ b/parser/parser_main.c
> @@ -822,7 +822,7 @@ fail:
>  	return;
>  }
>  
> -int process_binary(int option, char *profilename)
> +int process_binary(int option, const char *profilename)
>  {
>  	char *buffer = NULL;
>  	int retval = 0, size = 0, asize = 0, rsize;
> @@ -883,7 +883,7 @@ int process_binary(int option, char *profilename)
>  	return retval;
>  }
>  
> -void reset_parser(char *filename)
> +void reset_parser(const char *filename)
>  {
>  	memset(&mru_tstamp, 0, sizeof(mru_tstamp));
>  	free_aliases();
> @@ -928,7 +928,7 @@ void update_mru_tstamp(FILE *file)
>  		mru_tstamp = stat_file.st_ctim;
>  }
>  
> -int process_profile(int option, char *profilename)
> +int process_profile(int option, const char *profilename)
>  {
>  	struct stat stat_bin;
>  	int retval = 0;
> @@ -953,11 +953,11 @@ int process_profile(int option, char *profilename)
>  
>  	if (profilename && option != OPTION_REMOVE) {
>  		/* make decisions about disabled or complain-mode profiles */
> -		basename = strrchr(profilename, '/');
> +		basename = (char *) strrchr(profilename, '/');
>  		if (basename)
>  			basename++;
>  		else
> -			basename = profilename;
> +			basename = (char *) profilename;
>  
>  		if (test_for_dir_mode(basename, "disable")) {
>   			if (!conf_quiet)
> @@ -1106,6 +1106,48 @@ out:
>  	return retval;
>  }
>  
> +/* data - name of parent dir */
> +static int profile_dir_cb(__unused DIR *dir, const char *name, struct stat *st,
> +			  void *data)
> +{
> +	int rc = 0;
> +
> +	/* skip dot files and files with no name */
> +	if (*name == '.' || !strlen(name))
> +		return 0;
> +
> +	if (!S_ISDIR(st->st_mode) && !is_blacklisted(name, NULL)) {
> +		const char *dirname = (const char *)data;
> +		char *path;
> +		if (asprintf(&path, "%s/%s", dirname, name) < 0)
> +			PERROR(_("Out of memory"));
> +		rc = process_profile(option, path);
> +		free(path);
> +	}
> +	return rc;
> +}
> +
> +/* data - name of parent dir */
> +static int binary_dir_cb(__unused DIR *dir, const char *name, struct stat *st,
> +			 void *data)
> +{
> +	int rc = 0;
> +
> +	/* skip dot files and files with no name */
> +	if (*name == '.' || !strlen(name))
> +		return 0;
> +
> +	if (!S_ISDIR(st->st_mode) && !is_blacklisted(name, NULL)) {
> +		const char *dirname = (const char *)data;
> +		char *path;
> +		if (asprintf(&path, "%s/%s", dirname, name) < 0)
> +			PERROR(_("Out of memory"));
> +		rc = process_binary(option, name);
> +		free(path);
> +	}
> +	return rc;
> +}
> +
>  static int clear_cache_cb(DIR *dir, const char *path, struct stat *st,
>  			  __unused void *data)
>  {
> @@ -1254,6 +1296,8 @@ int main(int argc, char *argv[])
>  
>  	retval = 0;
>  	for (i = optind; retval == 0 && i <= argc; i++) {
> +		struct stat stat_file;
> +
>  		if (i < argc && !(profilename = strdup(argv[i]))) {
>  			perror("strdup");
>  			return -1;
> @@ -1262,7 +1306,21 @@ int main(int argc, char *argv[])
>  		if (i == argc && optind != argc)
>  			continue;
>  
> -		if (binary_input) {
> +		if (stat(profilename, &stat_file) == -1) {
> +			PERROR("File %s not found, skipping...\n", profilename);
> +			continue;
> +		}
> +
> +		if (S_ISDIR(stat_file.st_mode)) {
> +			int (*cb)(DIR *dir, const char *name, struct stat *st,
> +				  void *data);
> +			cb = binary_input ? binary_dir_cb : profile_dir_cb;
> +			if (dirat_for_each(NULL, profilename, profilename, cb)) {
> +				PDEBUG("Failed loading profiles from %s\n",
> +				       profilename);
> +				exit(1);
> +			}
> +		} else if (binary_input) {
>  			retval = process_binary(option, profilename);
>  		} else {
>  			retval = process_profile(option, profilename);
> diff --git a/parser/parser_misc.c b/parser/parser_misc.c
> index 67a7779..e3b9d6a 100644
> --- a/parser/parser_misc.c
> +++ b/parser/parser_misc.c
> @@ -51,6 +51,47 @@
>  #endif
>  #define NPDEBUG(fmt, args...)	/* Do nothing */
>  
> +struct ignored_suffix_t {
> +	const char * text;
> +	int len;
> +	int silent;
> +};
> +
> +static struct ignored_suffix_t ignored_suffixes[] = {
> +	/* Debian packging files, which are in flux during install
> +           should be silently ignored. */
> +	{ ".dpkg-new", 9, 1 },
> +	{ ".dpkg-old", 9, 1 },
> +	{ ".dpkg-dist", 10, 1 },
> +	{ ".dpkg-bak", 9, 1 },
> +	/* RPM packaging files have traditionally not been silently
> +           ignored */
> +	{ ".rpmnew", 7, 0 },
> +	{ ".rpmsave", 8, 0 },
> +	/* Backup files should be mentioned */
> +	{ "~", 1, 0 },
> +	{ NULL, 0, 0 }
> +};
> +
> +int is_blacklisted(const char *name, const char *path)
> +{
> +	int name_len;
> +	struct ignored_suffix_t *suffix;
> +	name_len = strlen(name);
> +	/* skip blacklisted suffixes */
> +	for (suffix = ignored_suffixes; suffix->text; suffix++) {
> +		char *found;
> +		if ( (found = strstr((char *) name, suffix->text)) &&
> +		     found - name + suffix->len == name_len ) {
> +			if (!suffix->silent)
> +				PERROR("Ignoring: '%s'\n", path ? path : name);
> +			return 1;
> +		}
> +	}
> +
> +	return 0;
> +}
> +
>  struct keyword_table {
>  	const char *keyword;
>  	int token;
>

More information about the AppArmor mailing list