Signed-off-by: John Johansen <john.johan...@canonical.com>
---
parser/parser.h | 3 ++-
parser/parser_lex.l | 17 +++++++++++++++++
parser/parser_misc.c | 4 +++-
parser/parser_yacc.y | 15 +++++++++++++--
parser/tst/simple_tests/mount/in_1.sd | 7 +++++++
parser/tst/simple_tests/mount/in_1.sd~ | 7 +++++++
parser/tst/simple_tests/mount/in_2.sd | 7 +++++++
parser/tst/simple_tests/mount/in_2.sd~ | 7 +++++++
parser/tst/simple_tests/mount/in_3.sd | 7 +++++++
parser/tst/simple_tests/mount/in_3.sd~ | 7 +++++++
parser/tst/simple_tests/mount/in_4.sd | 7 +++++++
parser/tst/simple_tests/mount/in_4.sd~ | 7 +++++++
12 files changed, 91 insertions(+), 4 deletions(-)
create mode 100644 parser/tst/simple_tests/mount/in_1.sd
create mode 100644 parser/tst/simple_tests/mount/in_1.sd~
create mode 100644 parser/tst/simple_tests/mount/in_2.sd
create mode 100644 parser/tst/simple_tests/mount/in_2.sd~
create mode 100644 parser/tst/simple_tests/mount/in_3.sd
create mode 100644 parser/tst/simple_tests/mount/in_3.sd~
create mode 100644 parser/tst/simple_tests/mount/in_4.sd
create mode 100644 parser/tst/simple_tests/mount/in_4.sd~
diff --git a/parser/parser.h b/parser/parser.h
index 799d44b..fa2d191 100644
--- a/parser/parser.h
+++ b/parser/parser.h
@@ -62,6 +62,7 @@ struct value_list {
struct cond_entry {
char *name;
+ int eq; /* where equals was used in specifying list */
struct value_list *vals;
struct cond_entry *next;
@@ -316,7 +317,7 @@ extern struct value_list *new_value_list(char *value);
extern struct value_list *dup_value_list(struct value_list *list);
extern void free_value_list(struct value_list *list);
extern void print_value_list(struct value_list *list);
-extern struct cond_entry *new_cond_entry(char *name, struct value_list *list);
+extern struct cond_entry *new_cond_entry(char *name, int eq, struct value_list
*list);
extern void free_cond_entry(struct cond_entry *ent);
extern void print_cond_entry(struct cond_entry *ent);
extern char *processid(char *string, int len);
diff --git a/parser/parser_lex.l b/parser/parser_lex.l
index b5627ad..529c079 100644
--- a/parser/parser_lex.l
+++ b/parser/parser_lex.l
@@ -280,6 +280,18 @@ LT_EQUAL <=
yy_push_state(EXTCOND_MODE);
return TOK_CONDID;
}
+ {VARIABLE_NAME}/{WS}*in {
+ /* we match to 'in' in the lexer so that
+ * we can switch scanner state. By the time
+ * the parser see the 'in' it may be to late
+ * as bison may have requested the next
+ * token from the scanner
+ */
+ PDEBUG("conditional %s=\n", yytext);
+ yylval.id = processid(yytext, yyleng);
+ yy_push_state(EXTCOND_MODE);
+ return TOK_CONDID;
+ }
}
<SUB_ID>{
@@ -384,6 +396,11 @@ LT_EQUAL <=
return TOK_OPENPAREN;
}
+ in {
+ DUMP_PREPROCESS;
+ return TOK_IN;
+ }
+
[^\n] {
DUMP_PREPROCESS;
/* Something we didn't expect */
diff --git a/parser/parser_misc.c b/parser/parser_misc.c
index 7ff6348..9d2fc4b 100644
--- a/parser/parser_misc.c
+++ b/parser/parser_misc.c
@@ -84,6 +84,7 @@ static struct keyword_table keyword_table[] = {
{"umount", TOK_UMOUNT},
{"unmount", TOK_UMOUNT},
{"pivot_root", TOK_PIVOTROOT},
+ {"in", TOK_IN},
/* terminate */
{NULL, 0}
};
@@ -1025,12 +1026,13 @@ void print_value_list(struct value_list *list)
}
}
-struct cond_entry *new_cond_entry(char *name, struct value_list *list)
+struct cond_entry *new_cond_entry(char *name, int eq, struct value_list *list)
{
struct cond_entry *ent = calloc(1, sizeof(struct cond_entry));
if (ent) {
ent->name = name;
ent->vals = list;
+ ent->eq = eq;
}
return ent;
diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
index 65cf365..a79be85 100644
--- a/parser/parser_yacc.y
+++ b/parser/parser_yacc.y
@@ -121,6 +121,7 @@ void add_local_entry(struct codomain *cod);
%token TOK_REMOUNT
%token TOK_UMOUNT
%token TOK_PIVOTROOT
+%token TOK_IN
/* rlimits */
%token TOK_RLIMIT
@@ -1072,7 +1073,7 @@ cond: TOK_CONDID TOK_EQUALS TOK_VALUE
struct value_list *value = new_value_list($3);
if (!value)
yyerror(_("Memory allocation error."));
- ent = new_cond_entry($1, value);
+ ent = new_cond_entry($1, 1, value);
if (!ent) {
free_value_list(value);
yyerror(_("Memory allocation error."));
@@ -1082,7 +1083,17 @@ cond: TOK_CONDID TOK_EQUALS TOK_VALUE
cond: TOK_CONDID TOK_EQUALS TOK_OPENPAREN valuelist TOK_CLOSEPAREN
{
- struct cond_entry *ent = new_cond_entry($1, $4);
+ struct cond_entry *ent = new_cond_entry($1, 1, $4);
+
+ if (!ent)
+ yyerror(_("Memory allocation error."));
+ $$ = ent;
+ }
+
+
+cond: TOK_CONDID TOK_IN TOK_OPENPAREN valuelist TOK_CLOSEPAREN
+ {
+ struct cond_entry *ent = new_cond_entry($1, 0, $4);
if (!ent)
yyerror(_("Memory allocation error."));
diff --git a/parser/tst/simple_tests/mount/in_1.sd
b/parser/tst/simple_tests/mount/in_1.sd
new file mode 100644
index 0000000..076d5dc
--- /dev/null
+++ b/parser/tst/simple_tests/mount/in_1.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mount options in (rw) -> /foo,
+}
diff --git a/parser/tst/simple_tests/mount/in_1.sd~
b/parser/tst/simple_tests/mount/in_1.sd~
new file mode 100644
index 0000000..3b552f7
--- /dev/null
+++ b/parser/tst/simple_tests/mount/in_1.sd~
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mount options=(rw) -> /foo,
+}
diff --git a/parser/tst/simple_tests/mount/in_2.sd
b/parser/tst/simple_tests/mount/in_2.sd
new file mode 100644
index 0000000..5bf4beb
--- /dev/null
+++ b/parser/tst/simple_tests/mount/in_2.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mount options in (rw, ro) -> /foo,
+}
diff --git a/parser/tst/simple_tests/mount/in_2.sd~
b/parser/tst/simple_tests/mount/in_2.sd~
new file mode 100644
index 0000000..12c21aa
--- /dev/null
+++ b/parser/tst/simple_tests/mount/in_2.sd~
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mount options=(rw, ro) -> /foo,
+}
diff --git a/parser/tst/simple_tests/mount/in_3.sd
b/parser/tst/simple_tests/mount/in_3.sd
new file mode 100644
index 0000000..cd5bae5
--- /dev/null
+++ b/parser/tst/simple_tests/mount/in_3.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mount options in (rw ro) -> /foo,
+}
diff --git a/parser/tst/simple_tests/mount/in_3.sd~
b/parser/tst/simple_tests/mount/in_3.sd~
new file mode 100644
index 0000000..08aa1bb
--- /dev/null
+++ b/parser/tst/simple_tests/mount/in_3.sd~
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mount options=(rw ro) -> /foo,
+}
diff --git a/parser/tst/simple_tests/mount/in_4.sd
b/parser/tst/simple_tests/mount/in_4.sd
new file mode 100644
index 0000000..8acaa88
--- /dev/null
+++ b/parser/tst/simple_tests/mount/in_4.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mount options in (rw ro) fstype=procfs -> /foo,
+}
diff --git a/parser/tst/simple_tests/mount/in_4.sd~
b/parser/tst/simple_tests/mount/in_4.sd~
new file mode 100644
index 0000000..96a93a2
--- /dev/null
+++ b/parser/tst/simple_tests/mount/in_4.sd~
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mount options=(rw ro) fstype=procfs -> /foo,
+}
--
1.7.9.1
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
