The opt_unsafe token was being used to represent 'safe' and 'unsafe' so it is renamed to opt_exec_mode. Create helpfully named macros to compare opt_exec_mode's value against instead of hard-coded '0', '1', and '2' values.
Signed-off-by: Tyler Hicks <[email protected]> --- parser/parser_yacc.y | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y index bb40f09..b76634f 100644 --- a/parser/parser_yacc.y +++ b/parser/parser_yacc.y @@ -69,6 +69,10 @@ #define CAP_TO_MASK(x) (1ull << (x)) +#define EXEC_MODE_EMPTY 0 +#define EXEC_MODE_UNSAFE 1 +#define EXEC_MODE_SAFE 2 + int parser_token = 0; struct cod_entry *do_file_rule(char *id, int mode, char *link_id, char *nt); @@ -275,7 +279,7 @@ void add_local_entry(Profile *prof); %type <unix_entry> unix_rule %type <id> opt_target %type <id> opt_named_transition -%type <boolean> opt_unsafe +%type <boolean> opt_exec_mode %type <boolean> opt_file %% @@ -1059,9 +1063,9 @@ opt_named_transition: { /* nothing */ $$ = NULL; } rule: file_rule { $$ = $1; } | link_rule { $$ = $1; } -opt_unsafe: { /* nothing */ $$ = 0; } - | TOK_UNSAFE { $$ = 1; }; - | TOK_SAFE { $$ = 2; }; +opt_exec_mode: { /* nothing */ $$ = EXEC_MODE_EMPTY; } + | TOK_UNSAFE { $$ = EXEC_MODE_UNSAFE; }; + | TOK_SAFE { $$ = EXEC_MODE_SAFE; }; opt_file: { /* nothing */ $$ = 0; } | TOK_FILE { $$ = 1; } @@ -1103,22 +1107,22 @@ file_rule: TOK_FILE TOK_END_OF_RULE | opt_file file_rule_tail { $$ = $2; } -file_rule_tail: opt_unsafe frule +file_rule_tail: opt_exec_mode frule { - if ($1) { + if ($1 != EXEC_MODE_EMPTY) { if (!($2->mode & AA_EXEC_BITS)) yyerror(_("unsafe rule missing exec permissions")); - if ($1 == 1) { + if ($1 == EXEC_MODE_UNSAFE) { $2->mode |= (($2->mode & AA_EXEC_BITS) << 8) & ALL_AA_EXEC_UNSAFE; } - else if ($1 == 2) + else if ($1 == EXEC_MODE_SAFE) $2->mode &= ~ALL_AA_EXEC_UNSAFE; } $$ = $2; }; -file_rule_tail: opt_unsafe id_or_var file_mode id_or_var +file_rule_tail: opt_exec_mode id_or_var file_mode id_or_var { /* Oopsie, we appear to be missing an EOL marker. If we * were *smart*, we could work around it. Since we're @@ -1474,7 +1478,7 @@ file_mode: TOK_MODE free($1); } -change_profile: TOK_CHANGE_PROFILE opt_unsafe opt_id opt_named_transition TOK_END_OF_RULE +change_profile: TOK_CHANGE_PROFILE opt_exec_mode opt_id opt_named_transition TOK_END_OF_RULE { struct cod_entry *entry; int mode = AA_CHANGE_PROFILE; @@ -1482,19 +1486,19 @@ change_profile: TOK_CHANGE_PROFILE opt_unsafe opt_id opt_named_transition TOK_EN char *exec = $3; char *target = $4; - if (exec_mode) { + if (exec_mode != EXEC_MODE_EMPTY) { if (!exec) yyerror(_("Exec condition is required when unsafe or safe keywords are present")); - if (exec_mode == 1) { + if (exec_mode == EXEC_MODE_UNSAFE) { mode |= (AA_EXEC_BITS | ALL_AA_EXEC_UNSAFE); - } else if (exec_mode == 2 && + } else if (exec_mode == EXEC_MODE_SAFE && !kernel_supports_stacking && warnflags & WARN_RULE_DOWNGRADED) { pwarn("downgrading change_profile safe rule to unsafe due to lack of necessary kernel support\n"); /** - * No need to do anything because the 'unsafe' - * variant is the only supported type of + * No need to do anything because 'unsafe' exec + * mode is the only supported mode of * change_profile rules in non-stacking kernels */ } -- 2.7.4 -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
