allow specifying the change_profile keyword change_profile,
to grant all permissions change_profile permissions Signed-off-by: John Johansen <[email protected]> --- parser/parser_lex.l | 2 +- parser/parser_yacc.y | 14 ++++++++++++++ parser/tst/equality.sh | 4 ++++ parser/tst/simple_tests/change_profile/bare_ok_1.sd | 7 +++++++ 4 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 parser/tst/simple_tests/change_profile/bare_ok_1.sd diff --git a/parser/parser_lex.l b/parser/parser_lex.l index 0456843..286d9a2 100644 --- a/parser/parser_lex.l +++ b/parser/parser_lex.l @@ -612,7 +612,7 @@ LT_EQUAL <= PUSH_AND_RETURN(state, token); } -<INITIAL,NETWORK_MODE,RLIMIT_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE>{ +<INITIAL,NETWORK_MODE,RLIMIT_MODE,CHANGE_PROFILE_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE>{ {END_OF_RULE} { if (YY_START != INITIAL) POP_NODUMP(); diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y index 3ebaed4..ce57153 100644 --- a/parser/parser_yacc.y +++ b/parser/parser_yacc.y @@ -1481,6 +1481,20 @@ file_mode: TOK_MODE free($1); } +change_profile: TOK_CHANGE_PROFILE TOK_END_OF_RULE + { + struct cod_entry *entry; + char *rule = strdup("**"); + if (!rule) + yyerror(_("Memory allocation error.")); + PDEBUG("Matched change_profile,\n"); + entry = new_entry(NULL, rule, AA_CHANGE_PROFILE, NULL); + if (!entry) + yyerror(_("Memory allocation error.")); + PDEBUG("change_profile,\n"); + $$ = entry; + }; + change_profile: TOK_CHANGE_PROFILE TOK_ARROW TOK_ID TOK_END_OF_RULE { struct cod_entry *entry; diff --git a/parser/tst/equality.sh b/parser/tst/equality.sh index 89a048e..700ac8b 100755 --- a/parser/tst/equality.sh +++ b/parser/tst/equality.sh @@ -458,6 +458,10 @@ verify_binary_equality "Deny of ungranted perm" \ "/t { /foo/[abc] r, }" +verify_binary_equality "change_profile == change_profile -> **" \ + "/t { change_profile, }" \ + "/t { change_profile -> **, }" + if [ $fails -ne 0 -o $errors -ne 0 ] then printf "ERRORS: %d\nFAILS: %d\n" $errors $fails 2>&1 diff --git a/parser/tst/simple_tests/change_profile/bare_ok_1.sd b/parser/tst/simple_tests/change_profile/bare_ok_1.sd new file mode 100644 index 0000000..3ea58d2 --- /dev/null +++ b/parser/tst/simple_tests/change_profile/bare_ok_1.sd @@ -0,0 +1,7 @@ +# +#=DESCRIPTION change_profile +#=EXRESULT PASS +# +/usr/bin/foo { + change_profile, +} -- 2.1.4 -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
