On Mon, Aug 25, 2014 at 05:06:07PM -0700, [email protected] wrote: > This patch implements parsing of fine grained mediation for unix domain > sockets, that have abstract and anonymous paths. Sockets with file > system paths are handled by regular file access rules.
One quick question ...
> + */
> +int af_rule::move_base_cond(struct cond_entry *ent, bool peer)
> +{
> + if (!cond_check(supported_conds, ent, peer, "unknown"))
> + return false;
> +
> + if (strcmp(ent->name, "type") == 0) {
> + move_conditional_value("socket rule", &sock_type, ent);
> + sock_type_n = net_find_type_val(sock_type);
> + if (sock_type_n == -1)
> + yyerror("socket rule: invalid socket type '%s'",
> sock_type);
> + } else if (strcmp(ent->name, "protocol") == 0) {
> + yyerror("socket rule: 'protocol' conditional is not currently
> supported\n");
> + } else if (strcmp(ent->name, "label") == 0) {
> + if (peer)
> + move_conditional_value("unix", &label, ent);
> + else
> + move_conditional_value("unix", &peer_label, ent);
Is this if (peer) conditional test going in the correct direction?
> + } else
> + return false;
> +
> + return true;
> +}
Thanks
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
