[apparmor] [patch 5/5] Make the af type protocol mappings available for use

Thu Aug 7 23:21:25 UTC 2014

On Wed, Aug 06, 2014 at 05:32:49AM -0700, john.johansen at canonical.com wrote:
> Signed-off-by: John Johansen <john.johansen at canonical.com>

Hah, of course this fixes the bug I spotted earlier. :)

Acked-by: Seth Arnold <seth.arnold at canonical.com>

Thanks

> ---
>  parser/network.c |   49 ++++++++++++++++++++++++++++++++-----------------
>  parser/network.h |    9 +++++++++
>  2 files changed, 41 insertions(+), 17 deletions(-)
> 
> --- 2.9-test.orig/parser/network.c
> +++ 2.9-test/parser/network.c
> @@ -80,14 +80,6 @@
>  	return NULL;
>  }
>  
> -struct network_tuple {
> -	const char *family_name;
> -	unsigned int family;
> -	const char *type_name;
> -	unsigned int type;
> -	const char *protocol_name;
> -	unsigned int protocol;
> -};
>  
>  /* FIXME: currently just treating as a bit mask this will have to change
>   * set up a table of mappings, there can be several mappings for a
> @@ -256,11 +248,12 @@
>  	return new_entry;
>  }
>  
> -struct aa_network_entry *network_entry(const char *family, const char *type,
> -				       const char *protocol)
> +
> +const struct network_tuple *net_find_mapping(const char *family,
> +					     const char *type,
> +					     const char *protocol)
>  {
>  	int i;
> -	struct aa_network_entry *new_entry, *entry = NULL;
>  
>  	for (i = 0; network_mappings[i].family_name; i++) {
>  		if (family) {
> @@ -276,16 +269,38 @@
>  			PDEBUG("Found type %s\n", type);
>  		}
>  		if (protocol) {
> -			PDEBUG("Checking protocol type %s\n", network_mappings[i].protocol_name);
> -			if (strcmp(type, network_mappings[i].protocol_name) != 0)
> +			/* allows the proto to be the "type", ie. tcp implies
> +			 * stream */
> +			if (!type) {
> +				PDEBUG("Checking protocol type %s\n", network_mappings[i].type_name);
> +				if (strcmp(protocol, network_mappings[i].type_name) == 0)
> +					goto match;
> +			}
> +			PDEBUG("Checking type %s protocol %s\n", network_mappings[i].type_name, network_mappings[i].protocol_name);
> +			if (strcmp(protocol, network_mappings[i].protocol_name) != 0)
>  				continue;
>  			/* fixme should we allow specifying protocol by #
>  			 * without needing the protocol mapping? */
>  		}
> -		/* if here we have a match */
> -		new_entry = new_network_ent(network_mappings[i].family,
> -					    network_mappings[i].type,
> -					    network_mappings[i].protocol);
> +
> +		/* if we get this far we have a match */
> +match:
> +		return &network_mappings[i];
> +	}
> +
> +	return NULL;
> +
> +}
> +
> +struct aa_network_entry *network_entry(const char *family, const char *type,
> +				       const char *protocol)
> +{
> +	struct aa_network_entry *new_entry, *entry = NULL;
> +	const struct network_tuple *mapping = net_find_mapping(family, type, protocol);
> +
> +	if (mapping) {
> +		new_entry = new_network_ent(mapping->family, mapping->type,
> +					    mapping->protocol);
>  		if (!new_entry)
>  			yyerror(_("Memory allocation error."));
>  		new_entry->next = entry;
> --- 2.9-test.orig/parser/network.h
> +++ 2.9-test/parser/network.h
> @@ -35,6 +35,15 @@
>  #include "rule.h"
>  #include "profile.h"
>  
> +struct network_tuple {
> +	const char *family_name;
> +	unsigned int family;
> +	const char *type_name;
> +	unsigned int type;
> +	const char *protocol_name;
> +	unsigned int protocol;
> +};
> +
>  /* supported AF protocols */
>  struct aa_network_entry {
>  	unsigned int family;
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140807/51769b2a/attachment.pgp>