Re: [apparmor] [PATCH] Fix mount rule preprocessor output

Mon, 24 Jun 2013 11:16:26 -0700 

On Sun, Jun 23, 2013 at 03:50:45PM -0700, Tyler Hicks wrote:
> Currently, mount rule preprocessor output is incorrect:
> 
> $ echo '/t { mount options=(rw,nosuid) /dev/sda3 -> /home, }' \
>   | apparmor_parser -p
> /t { mountmount =(rw,nosuid) /dev/sda3 -> /home, }
> 
> This is due to incorrect placement of DUMP_PREPROCESS in parser_lex.l
> 
> Signed-off-by: Tyler Hicks <[email protected]>
> ---
>  parser/parser_lex.l | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/parser/parser_lex.l b/parser/parser_lex.l
> index 1258b01..78ee0bf 100644
> --- a/parser/parser_lex.l
> +++ b/parser/parser_lex.l
> @@ -286,6 +286,7 @@ LT_EQUAL  <=
>                                * as bison may have requested the next
>                                * token from the scanner
>                                */
> +                             DUMP_PREPROCESS;
>                               PDEBUG("conditional %s=\n", yytext);
>                               yylval.id = processid(yytext, yyleng);
>                               yy_push_state(EXTCOND_MODE);

I'm not sure this is sufficient; there are two branches here and I
think both need the DUMP_PREPROCESS:

<INITIAL,MOUNT_MODE>{
        {VARIABLE_NAME}/{WS}*=  {
                                /* we match to the = in the lexer so that
                                 * can switch scanner state.  By the time
                                 * the parser see the = it may be to late
                                 * as bison may have requested the next
                                 * token from the scanner
                                 */
                                PDEBUG("conditional %s=\n", yytext);
                                yylval.id = processid(yytext, yyleng);
                                yy_push_state(EXTCOND_MODE);
                                return TOK_CONDID;
                        }
        {VARIABLE_NAME}/{WS}+in{WS}*\(  {
                                /* we match to 'in' in the lexer so that
                                 * we can switch scanner state.  By the time
                                 * the parser see the 'in' it may be to late
                                 * as bison may have requested the next
                                 * token from the scanner
                                 */
                                PDEBUG("conditional %s=\n", yytext);
                                yylval.id = processid(yytext, yyleng);
                                yy_push_state(EXTCOND_MODE);
                                return TOK_CONDID;
                        }
}

Do both branches need the DUMP_PREPROCESS?

> @@ -704,7 +705,6 @@ LT_EQUAL  <=
>                       case TOK_MOUNT:
>                       case TOK_REMOUNT:
>                       case TOK_UMOUNT:
> -                             DUMP_PREPROCESS;
>                               PDEBUG("Entering mount\n");
>                               yy_push_state(MOUNT_MODE);
>                               break;

This bit looks good :)

Thanks

Attachment: signature.asc
Description: Digital signature

-- 
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to