[apparmor] [Patch][parser] Fix: Parser error when using regex profile names in IPC rules

Steve Beattie steve at nxnw.org
Tue Sep 30 23:41:15 UTC 2014 

On Thu, Sep 25, 2014 at 02:38:06AM -0700, John Johansen wrote:
> On 09/24/2014 11:32 AM, John Johansen wrote:
> 
> v2 changes
> - added support for character escaping to IDs
> - added tests
> - updated existing tests to support character escaping
> 
> Fix: Parser error when using regex profile names in IPC rules
> 
> BugLink: http://bugs.launchpad.net/bugs/1373085
> 
> The parser fails to accept certain characters, even when escaped or quoted
> as part of the profile or label name in ipc rules. This is due to the
> lexer not accepting those characters as part of the input pattern.
> 
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Steve Beattie <steve at nxnw.org>

with a couple of minor requests:

> === renamed file 'parser/tst/simple_tests/dbus/bad_regex_03.sd' => 'parser/tst/simple_tests/dbus/ok_regex_01.sd'
> --- parser/tst/simple_tests/dbus/bad_regex_03.sd	2014-04-26 04:48:25 +0000
> +++ parser/tst/simple_tests/dbus/ok_regex_01.sd	2014-09-25 08:23:00 +0000
> @@ -1,6 +1,6 @@
>  #
> -#=DESCRIPTION dbus rule with a bad peer regex expansion
> -#=EXRESULT FAIL
> +#=DESCRIPTION dbus rule with a peer regex expansion that needs escaping
> +#=EXRESULT PASS
>  #
>  
>  profile foo {
> 

I'm okay with this move, but can we leave a failing case as well, like
so:

  #
  #=DESCRIPTION dbus rule with a peer regex expansion that needs escaping
  #=EXRESULT PASS
  #

  profile foo {
    dbus send bus=session peer=(label=spl{at),
  }

This helps ensure that (a) regex expansion occurs in peer labels and (b) bad
ones trigger errors.

> === renamed file 'parser/tst/simple_tests/file/file/bad_embedded_spaces_1.sd' => 'parser/tst/simple_tests/file/file/ok_embedded_spaces_4.sd'
> --- parser/tst/simple_tests/file/file/bad_embedded_spaces_1.sd	2012-02-16 16:06:04 +0000
> +++ parser/tst/simple_tests/file/file/ok_embedded_spaces_4.sd	2014-09-25 09:21:16 +0000
> @@ -1,5 +1,5 @@
>  #=DESCRIPTION Simple test case for embedded spaces
> -#=EXRESULT FAIL
> +#=EXRESULT PASS
>  
>  /bin/foo {
>    file /abc\ def r,
> 

Similarly, can we also keep:

  #=DESCRIPTION Simple test case for embedded spaces
  #=EXRESULT FAIL

  /bin/foo {
    /abc def r,
  }

Thanks.
-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140930/a57a1a70/attachment.pgp>

More information about the AppArmor mailing list