Re: [apparmor] [patch 05/12] Make the af type protocol mappings available for use

Mon, 25 Aug 2014 15:10:03 -0700 

On Mon, Aug 25, 2014 at 02:31:26PM -0700, John Johansen wrote:
> On 08/25/2014 01:42 PM, Steve Beattie wrote:
> > On Mon, Aug 25, 2014 at 12:47:26PM -0700, John Johansen wrote:
> >> This is a fix for [patch 05/12] Make the af type protocol mappings 
> >> available for use
> >>
> >> before the af type protocol mappings patch was applied, a single rule could
> >> result in multiple rule entries being created. The af type protocol 
> >> mappings
> >> patch broke this by apply only the first of the mappings that could be
> >> found.
> >>
> >> Restore the previous behavior by search through the entire table until
> >> all matches have been made.
> > 
> > NACK.
> > 
> 
> And the revised version

This looks good to me: Acked-by: Steve Beattie <[email protected]>

> === modified file 'parser/network.c'
> --- parser/network.c  2014-08-24 07:00:28 +0000
> +++ parser/network.c  2014-08-25 21:22:41 +0000
> @@ -249,22 +249,27 @@
>  }
>  
>  
> -const struct network_tuple *net_find_mapping(const char *family,
> +const struct network_tuple *net_find_mapping(const struct network_tuple *map,
> +                                          const char *family,
>                                            const char *type,
>                                            const char *protocol)
>  {
> -     int i;
> +     if (!map)
> +             map = network_mappings;
> +     else
> +             /* assumes it points to last entry returned */
> +             map++;
>  
> -     for (i = 0; network_mappings[i].family_name; i++) {
> +     for (; map->family_name; map++) {
>               if (family) {
> -                     PDEBUG("Checking family %s\n", 
> network_mappings[i].family_name);
> -                     if (strcmp(family, network_mappings[i].family_name) != 
> 0)
> +                     PDEBUG("Checking family %s\n", map->family_name);
> +                     if (strcmp(family, map->family_name) != 0)
>                               continue;
>                       PDEBUG("Found family %s\n", family);
>               }
>               if (type) {
> -                     PDEBUG("Checking type %s\n", 
> network_mappings[i].type_name);
> -                     if (strcmp(type, network_mappings[i].type_name) != 0)
> +                     PDEBUG("Checking type %s\n", map->type_name);
> +                     if (strcmp(type, map->type_name) != 0)
>                               continue;
>                       PDEBUG("Found type %s\n", type);
>               }
> @@ -272,12 +277,12 @@
>                       /* allows the proto to be the "type", ie. tcp implies
>                        * stream */
>                       if (!type) {
> -                             PDEBUG("Checking protocol type %s\n", 
> network_mappings[i].type_name);
> -                             if (strcmp(protocol, 
> network_mappings[i].type_name) == 0)
> +                             PDEBUG("Checking protocol type %s\n", 
> map->type_name);
> +                             if (strcmp(protocol, map->type_name) == 0)
>                                       goto match;
>                       }
> -                     PDEBUG("Checking type %s protocol %s\n", 
> network_mappings[i].type_name, network_mappings[i].protocol_name);
> -                     if (strcmp(protocol, network_mappings[i].protocol_name) 
> != 0)
> +                     PDEBUG("Checking type %s protocol %s\n", 
> map->type_name, map->protocol_name);
> +                     if (strcmp(protocol, map->protocol_name) != 0)
>                               continue;
>                       /* fixme should we allow specifying protocol by #
>                        * without needing the protocol mapping? */
> @@ -285,7 +290,7 @@
>  
>               /* if we get this far we have a match */
>       match:
> -             return &network_mappings[i];
> +             return map;
>       }
>  
>       return NULL;
> @@ -295,9 +300,9 @@
>                                      const char *protocol)
>  {
>       struct aa_network_entry *new_entry, *entry = NULL;
> -     const struct network_tuple *mapping = net_find_mapping(family, type, 
> protocol);
> +     const struct network_tuple *mapping = NULL;
>  
> -     if (mapping) {
> +     while ((mapping = net_find_mapping(mapping, family, type, protocol))) {
>               new_entry = new_network_ent(mapping->family, mapping->type,
>                                           mapping->protocol);
>               if (!new_entry)
> 
> === modified file 'parser/network.h'
> --- parser/network.h  2014-08-24 07:00:28 +0000
> +++ parser/network.h  2014-08-25 21:05:41 +0000
> @@ -88,7 +88,8 @@
>  const char *net_find_type_name(int type);
>  int net_find_af_val(const char *af);
>  const char *net_find_af_name(unsigned int af);
> -const struct network_tuple *net_find_mapping(const char *family,
> +const struct network_tuple *net_find_mapping(const struct network_tuple *map,
> +                                          const char *family,
>                                            const char *type,
>                                            const char *protocol);
>  
> 
> 
> -- 
> AppArmor mailing list
> [email protected]
> Modify settings or unsubscribe at: 
> https://lists.ubuntu.com/mailman/listinfo/apparmor

-- 
Steve Beattie
<[email protected]>
http://NxNW.org/~steve/

Attachment: signature.asc
Description: Digital signature

-- 
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to