On 05/25/2016 01:59 PM, Tyler Hicks wrote: > The opt_unsafe token was being used to represent 'safe' and 'unsafe' so > it is renamed to opt_exec_mode. Create helpfully named macros to compare > opt_exec_mode's value against instead of hard-coded '0', '1', and '2' > values. > > Signed-off-by: Tyler Hicks <[email protected]>
Acked-by: John Johansen <[email protected]> > --- > parser/parser_yacc.y | 34 +++++++++++++++++++--------------- > 1 file changed, 19 insertions(+), 15 deletions(-) > > diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y > index bb40f09..b76634f 100644 > --- a/parser/parser_yacc.y > +++ b/parser/parser_yacc.y > @@ -69,6 +69,10 @@ > > #define CAP_TO_MASK(x) (1ull << (x)) > > +#define EXEC_MODE_EMPTY 0 > +#define EXEC_MODE_UNSAFE 1 > +#define EXEC_MODE_SAFE 2 > + > int parser_token = 0; > > struct cod_entry *do_file_rule(char *id, int mode, char *link_id, char *nt); > @@ -275,7 +279,7 @@ void add_local_entry(Profile *prof); > %type <unix_entry> unix_rule > %type <id> opt_target > %type <id> opt_named_transition > -%type <boolean> opt_unsafe > +%type <boolean> opt_exec_mode > %type <boolean> opt_file > %% > > @@ -1059,9 +1063,9 @@ opt_named_transition: { /* nothing */ $$ = NULL; } > rule: file_rule { $$ = $1; } > | link_rule { $$ = $1; } > > -opt_unsafe: { /* nothing */ $$ = 0; } > - | TOK_UNSAFE { $$ = 1; }; > - | TOK_SAFE { $$ = 2; }; > +opt_exec_mode: { /* nothing */ $$ = EXEC_MODE_EMPTY; } > + | TOK_UNSAFE { $$ = EXEC_MODE_UNSAFE; }; > + | TOK_SAFE { $$ = EXEC_MODE_SAFE; }; > > opt_file: { /* nothing */ $$ = 0; } > | TOK_FILE { $$ = 1; } > @@ -1103,22 +1107,22 @@ file_rule: TOK_FILE TOK_END_OF_RULE > | opt_file file_rule_tail { $$ = $2; } > > > -file_rule_tail: opt_unsafe frule > +file_rule_tail: opt_exec_mode frule > { > - if ($1) { > + if ($1 != EXEC_MODE_EMPTY) { > if (!($2->mode & AA_EXEC_BITS)) > yyerror(_("unsafe rule missing exec > permissions")); > - if ($1 == 1) { > + if ($1 == EXEC_MODE_UNSAFE) { > $2->mode |= (($2->mode & AA_EXEC_BITS) << 8) & > ALL_AA_EXEC_UNSAFE; > } > - else if ($1 == 2) > + else if ($1 == EXEC_MODE_SAFE) > $2->mode &= ~ALL_AA_EXEC_UNSAFE; > } > $$ = $2; > }; > > -file_rule_tail: opt_unsafe id_or_var file_mode id_or_var > +file_rule_tail: opt_exec_mode id_or_var file_mode id_or_var > { > /* Oopsie, we appear to be missing an EOL marker. If we > * were *smart*, we could work around it. Since we're > @@ -1474,7 +1478,7 @@ file_mode: TOK_MODE > free($1); > } > > -change_profile: TOK_CHANGE_PROFILE opt_unsafe opt_id opt_named_transition > TOK_END_OF_RULE > +change_profile: TOK_CHANGE_PROFILE opt_exec_mode opt_id opt_named_transition > TOK_END_OF_RULE > { > struct cod_entry *entry; > int mode = AA_CHANGE_PROFILE; > @@ -1482,19 +1486,19 @@ change_profile: TOK_CHANGE_PROFILE opt_unsafe opt_id > opt_named_transition TOK_EN > char *exec = $3; > char *target = $4; > > - if (exec_mode) { > + if (exec_mode != EXEC_MODE_EMPTY) { > if (!exec) > yyerror(_("Exec condition is required when > unsafe or safe keywords are present")); > > - if (exec_mode == 1) { > + if (exec_mode == EXEC_MODE_UNSAFE) { > mode |= (AA_EXEC_BITS | ALL_AA_EXEC_UNSAFE); > - } else if (exec_mode == 2 && > + } else if (exec_mode == EXEC_MODE_SAFE && > !kernel_supports_stacking && > warnflags & WARN_RULE_DOWNGRADED) { > pwarn("downgrading change_profile safe rule to > unsafe due to lack of necessary kernel support\n"); > /** > - * No need to do anything because the 'unsafe' > - * variant is the only supported type of > + * No need to do anything because 'unsafe' exec > + * mode is the only supported mode of > * change_profile rules in non-stacking kernels > */ > } > -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
