Remove use of AARE_DFA as the alternate pcre matching engine was removed years ago.
Signed-off-by: John Johansen <[email protected]> --- parser/parser.h | 4 ---- parser/parser_common.c | 1 - parser/parser_interface.c | 33 +++++++++------------------------ parser/parser_main.c | 8 -------- parser/parser_policy.c | 6 +----- parser/parser_regex.c | 31 +++++++++++++------------------ 6 files changed, 23 insertions(+), 60 deletions(-) diff --git a/parser/parser.h b/parser/parser.h index ab57db9..3b4ac63 100644 --- a/parser/parser.h +++ b/parser/parser.h @@ -208,9 +208,6 @@ struct var_string { #define OPTION_STDOUT 4 #define OPTION_OFILE 5 -#define AARE_NONE 0 -#define AARE_DFA 2 - #define BOOL int #define FLAG_CHANGEHAT_1_4 2 @@ -267,7 +264,6 @@ extern int preprocess_only; } while (0) /* from parser_common.c */ -extern int regex_type; extern int perms_create; extern int net_af_max_override; extern int kernel_load; diff --git a/parser/parser_common.c b/parser/parser_common.c index 15f0978..bf4dd41 100644 --- a/parser/parser_common.c +++ b/parser/parser_common.c @@ -22,7 +22,6 @@ #define _(s) gettext(s) #include "parser.h" -int regex_type = AARE_DFA; int perms_create = 0; /* perms contain create flag */ int net_af_max_override = -1; /* use kernel to determine af_max */ int kernel_load = 1; diff --git a/parser/parser_interface.c b/parser/parser_interface.c index fdd610d..5c2b486 100644 --- a/parser/parser_interface.c +++ b/parser/parser_interface.c @@ -57,9 +57,7 @@ #define SD_CODE_SIZE (sizeof(u8)) #define SD_STR_LEN (sizeof(u16)) -#define SUBDOMAIN_INTERFACE_VERSION 2 #define SUBDOMAIN_INTERFACE_DFA_VERSION 5 -#define SUBDOMAIN_INTERFACE_POLICY_DB 16 int sd_serialize_codomain(int option, struct codomain *cod); @@ -573,7 +571,7 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile, /* only emit this if current kernel at least supports "create" */ if (perms_create) { - if (regex_type == AARE_DFA && profile->xmatch) { + if (profile->xmatch) { if (!sd_serialize_dfa(p, profile->xmatch, profile->xmatch_size)) return 0; if (!sd_write32(p, profile->xmatch_len)) @@ -655,7 +653,7 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile, } else if (profile->network_allowed) pwarn(_("profile %s network rules not enforced\n"), profile->name); - if (profile->policy_dfa && regex_type == AARE_DFA) { + if (profile->policy_dfa) { if (!sd_write_struct(p, "policydb")) return 0; if (!sd_serialize_dfa(p, profile->policy_dfa, profile->policy_dfa_size)) @@ -665,18 +663,13 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile, } /* either have a single dfa or lists of different entry types */ - if (regex_type == AARE_DFA) { - if (!sd_serialize_dfa(p, profile->dfa, profile->dfa_size)) - return 0; + if (!sd_serialize_dfa(p, profile->dfa, profile->dfa_size)) + return 0; - if (!sd_serialize_xtable(p, profile->exec_table)) - return 0; - } else { - PERROR(_("Unknown pattern type\n")); - return 1; - } + if (!sd_serialize_xtable(p, profile->exec_table)) + return 0; - if (profile->hat_table && regex_type != AARE_DFA) { + if (profile->hat_table) { if (!sd_write_list(p, "hats")) return 0; if (load_hats(p, profile) != 0) @@ -695,15 +688,7 @@ int sd_serialize_top_profile(sd_serialize *p, struct codomain *profile) { int version; - if (regex_type == AARE_DFA) { - /* Not yet - if (profile->policy_dfa) - version = SUBDOMAIN_INTERFACE_POLICYDB; - else */ - version = SUBDOMAIN_INTERFACE_DFA_VERSION; - } else - version = SUBDOMAIN_INTERFACE_VERSION; - + version = SUBDOMAIN_INTERFACE_DFA_VERSION; if (!sd_write_name(p, "version")) return 0; @@ -859,7 +844,7 @@ int sd_serialize_codomain(int option, struct codomain *cod) close(fd); - if (cod->hat_table && regex_type == AARE_DFA && option != OPTION_REMOVE) { + if (cod->hat_table && option != OPTION_REMOVE) { if (load_flattened_hats(cod) != 0) return 0; } diff --git a/parser/parser_main.c b/parser/parser_main.c index 0fe4ccf..afbe78c 100644 --- a/parser/parser_main.c +++ b/parser/parser_main.c @@ -791,7 +791,6 @@ static void get_match_string(void) { if (S_ISDIR(stat_file.st_mode)) { /* if we have a features directory default to */ - regex_type = AARE_DFA; perms_create = 1; flags_string = malloc(FLAGS_STRING_SIZE); @@ -821,16 +820,9 @@ static void get_match_string(void) { out: if (match_string) { - if (strstr(match_string, AADFA)) - regex_type = AARE_DFA; - if (strstr(match_string, " perms=c")) perms_create = 1; } else { - /* no match string default to 2.6.36 version which doesn't - * have a match string - */ - regex_type = AARE_DFA; perms_create = 1; kernel_supports_network = 0; } diff --git a/parser/parser_policy.c b/parser/parser_policy.c index dce1b0d..77d4a19 100644 --- a/parser/parser_policy.c +++ b/parser/parser_policy.c @@ -635,11 +635,7 @@ static void __dump_policy_hatnames(const void *nodep, const VISIT value, if (value == preorder || value == endorder) return; - if (regex_type == AARE_DFA) { - printf("%s//%s\n", __dump_policy_name->name, (*t)->name); - } else { - printf("%s^%s\n", __dump_policy_name->name, (*t)->name); - } + printf("%s//%s\n", __dump_policy_name->name, (*t)->name); } void dump_policy_hatnames(struct codomain *cod) diff --git a/parser/parser_regex.c b/parser/parser_regex.c index 30a86cc..4bc0691 100644 --- a/parser/parser_regex.c +++ b/parser/parser_regex.c @@ -556,8 +556,7 @@ int post_process_entries(struct codomain *cod) int count = 0; list_for_each(cod->entries, entry) { - if (regex_type == AARE_DFA && - !process_dfa_entry(cod->dfarules, entry)) + if (!process_dfa_entry(cod->dfarules, entry)) ret = FALSE; count++; } @@ -570,18 +569,17 @@ int process_regex(struct codomain *cod) { int error = -1; - if (regex_type == AARE_DFA) { - if (!process_profile_name_xmatch(cod)) - goto out; + if (!process_profile_name_xmatch(cod)) + goto out; + + cod->dfarules = aare_new_ruleset(0); + if (!cod->dfarules) + goto out; - cod->dfarules = aare_new_ruleset(0); - if (!cod->dfarules) - goto out; - } if (!post_process_entries(cod)) goto out; - if (regex_type == AARE_DFA && cod->dfarule_count > 0) { + if (cod->dfarule_count > 0) { cod->dfa = aare_create_dfa(cod->dfarules, &cod->dfa_size, dfaflags); aare_delete_ruleset(cod->dfarules); @@ -1050,8 +1048,7 @@ int post_process_mnt_ents(struct codomain *cod) if (cod->mnt_ents && kernel_supports_mount) { struct mnt_entry *entry; list_for_each(cod->mnt_ents, entry) { - if (regex_type == AARE_DFA && - !process_mnt_entry(cod->policy_rules, entry)) + if (!process_mnt_entry(cod->policy_rules, entry)) ret = FALSE; count++; } @@ -1075,16 +1072,14 @@ int process_policydb(struct codomain *cod) { int error = -1; - if (regex_type == AARE_DFA) { - cod->policy_rules = aare_new_ruleset(0); - if (!cod->policy_rules) - goto out; - } + cod->policy_rules = aare_new_ruleset(0); + if (!cod->policy_rules) + goto out; if (!post_process_policydb_ents(cod)) goto out; - if (regex_type == AARE_DFA && cod->policy_rule_count > 0) { + if (cod->policy_rule_count > 0) { cod->policy_dfa = aare_create_dfa(cod->policy_rules, &cod->policy_dfa_size, dfaflags); -- 1.8.1.2 -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
