allow specifying the change_profile keyword

  change_profile,

to grant all permissions change_profile permissions

Signed-off-by: John Johansen <[email protected]>
---
 parser/parser_lex.l                                 |  2 +-
 parser/parser_yacc.y                                | 14 ++++++++++++++
 parser/tst/equality.sh                              |  4 ++++
 parser/tst/simple_tests/change_profile/bare_ok_1.sd |  7 +++++++
 4 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 parser/tst/simple_tests/change_profile/bare_ok_1.sd

diff --git a/parser/parser_lex.l b/parser/parser_lex.l
index 0456843..286d9a2 100644
--- a/parser/parser_lex.l
+++ b/parser/parser_lex.l
@@ -612,7 +612,7 @@ LT_EQUAL    <=
        PUSH_AND_RETURN(state, token);
 }
 
-<INITIAL,NETWORK_MODE,RLIMIT_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE>{
+<INITIAL,NETWORK_MODE,RLIMIT_MODE,CHANGE_PROFILE_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE>{
        {END_OF_RULE}   {
                if (YY_START != INITIAL)
                        POP_NODUMP();
diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
index 3ebaed4..ce57153 100644
--- a/parser/parser_yacc.y
+++ b/parser/parser_yacc.y
@@ -1481,6 +1481,20 @@ file_mode: TOK_MODE
                free($1);
        }
 
+change_profile: TOK_CHANGE_PROFILE TOK_END_OF_RULE
+       {
+               struct cod_entry *entry;
+               char *rule = strdup("**");
+               if (!rule)
+                       yyerror(_("Memory allocation error."));
+               PDEBUG("Matched change_profile,\n");
+               entry = new_entry(NULL, rule, AA_CHANGE_PROFILE, NULL);
+               if (!entry)
+                       yyerror(_("Memory allocation error."));
+               PDEBUG("change_profile,\n");
+               $$ = entry;
+       };
+
 change_profile:        TOK_CHANGE_PROFILE TOK_ARROW TOK_ID TOK_END_OF_RULE
        {
                struct cod_entry *entry;
diff --git a/parser/tst/equality.sh b/parser/tst/equality.sh
index 89a048e..700ac8b 100755
--- a/parser/tst/equality.sh
+++ b/parser/tst/equality.sh
@@ -458,6 +458,10 @@ verify_binary_equality "Deny of ungranted perm" \
                       "/t { /foo/[abc] r, }"
 
 
+verify_binary_equality "change_profile == change_profile -> **" \
+                      "/t { change_profile, }" \
+                      "/t { change_profile -> **, }"
+
 if [ $fails -ne 0 -o $errors -ne 0 ]
 then
        printf "ERRORS: %d\nFAILS: %d\n" $errors $fails 2>&1
diff --git a/parser/tst/simple_tests/change_profile/bare_ok_1.sd 
b/parser/tst/simple_tests/change_profile/bare_ok_1.sd
new file mode 100644
index 0000000..3ea58d2
--- /dev/null
+++ b/parser/tst/simple_tests/change_profile/bare_ok_1.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION change_profile
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+   change_profile,
+}
-- 
2.1.4


-- 
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to