Re: [apparmor] [PATCH 3/3] Update the parser to support the 'in' keyword for value lists

John Johansen Thu, 22 Mar 2012 13:12:48 -0700

On 03/22/2012 12:49 PM, Steve Beattie wrote:
> On Thu, Mar 22, 2012 at 11:44:55AM -0700, John Johansen wrote:
>> Signed-off-by: John Johansen <john.johan...@canonical.com>
>> ---
>>  parser/parser.h                        |    3 ++-
>>  parser/parser_lex.l                    |   17 +++++++++++++++++
>>  parser/parser_misc.c                   |    4 +++-
>>  parser/parser_yacc.y                   |   15 +++++++++++++--
>>  parser/tst/simple_tests/mount/in_1.sd  |    7 +++++++
>>  parser/tst/simple_tests/mount/in_1.sd~ |    7 +++++++
>>  parser/tst/simple_tests/mount/in_2.sd  |    7 +++++++
>>  parser/tst/simple_tests/mount/in_2.sd~ |    7 +++++++
>>  parser/tst/simple_tests/mount/in_3.sd  |    7 +++++++
>>  parser/tst/simple_tests/mount/in_3.sd~ |    7 +++++++
>>  parser/tst/simple_tests/mount/in_4.sd  |    7 +++++++
>>  parser/tst/simple_tests/mount/in_4.sd~ |    7 +++++++
> 
> Note that you ended up adding in_[1-4].sd~ ; acked with the provision
> that you remove these.
> 
Doh, of course


>>  12 files changed, 91 insertions(+), 4 deletions(-)
>>  create mode 100644 parser/tst/simple_tests/mount/in_1.sd
>>  create mode 100644 parser/tst/simple_tests/mount/in_1.sd~
>>  create mode 100644 parser/tst/simple_tests/mount/in_2.sd
>>  create mode 100644 parser/tst/simple_tests/mount/in_2.sd~
>>  create mode 100644 parser/tst/simple_tests/mount/in_3.sd
>>  create mode 100644 parser/tst/simple_tests/mount/in_3.sd~
>>  create mode 100644 parser/tst/simple_tests/mount/in_4.sd
>>  create mode 100644 parser/tst/simple_tests/mount/in_4.sd~
>>
>> diff --git a/parser/parser.h b/parser/parser.h
>> index 799d44b..fa2d191 100644
>> --- a/parser/parser.h
>> +++ b/parser/parser.h
>> @@ -62,6 +62,7 @@ struct value_list {
>>  
>>  struct cond_entry {
>>      char *name;
>> +    int eq;                 /* where equals was used in specifying list */
>>      struct value_list *vals;
>>  
>>      struct cond_entry *next;
>> @@ -316,7 +317,7 @@ extern struct value_list *new_value_list(char *value);
>>  extern struct value_list *dup_value_list(struct value_list *list);
>>  extern void free_value_list(struct value_list *list);
>>  extern void print_value_list(struct value_list *list);
>> -extern struct cond_entry *new_cond_entry(char *name, struct value_list 
>> *list);
>> +extern struct cond_entry *new_cond_entry(char *name, int eq, struct 
>> value_list *list);
>>  extern void free_cond_entry(struct cond_entry *ent);
>>  extern void print_cond_entry(struct cond_entry *ent);
>>  extern char *processid(char *string, int len);
>> diff --git a/parser/parser_lex.l b/parser/parser_lex.l
>> index b5627ad..529c079 100644
>> --- a/parser/parser_lex.l
>> +++ b/parser/parser_lex.l
>> @@ -280,6 +280,18 @@ LT_EQUAL        <=
>>                              yy_push_state(EXTCOND_MODE);
>>                              return TOK_CONDID;
>>                      }
>> +    {VARIABLE_NAME}/{WS}*in {
>> +                            /* we match to 'in' in the lexer so that
>> +                             * we can switch scanner state.  By the time
>> +                             * the parser see the 'in' it may be to late
>> +                             * as bison may have requested the next
>> +                             * token from the scanner
>> +                             */
>> +                            PDEBUG("conditional %s=\n", yytext);
>> +                            yylval.id = processid(yytext, yyleng);
>> +                            yy_push_state(EXTCOND_MODE);
>> +                            return TOK_CONDID;
>> +                    }
>>  }
>>  
>>  <SUB_ID>{
>> @@ -384,6 +396,11 @@ LT_EQUAL        <=
>>                      return TOK_OPENPAREN;
>>              }
>>  
>> +    in      {
>> +                    DUMP_PREPROCESS;
>> +                    return TOK_IN;
>> +            }
>> +
>>      [^\n]   {
>>                      DUMP_PREPROCESS;
>>                      /* Something we didn't expect */
>> diff --git a/parser/parser_misc.c b/parser/parser_misc.c
>> index 7ff6348..9d2fc4b 100644
>> --- a/parser/parser_misc.c
>> +++ b/parser/parser_misc.c
>> @@ -84,6 +84,7 @@ static struct keyword_table keyword_table[] = {
>>      {"umount",              TOK_UMOUNT},
>>      {"unmount",             TOK_UMOUNT},
>>      {"pivot_root",          TOK_PIVOTROOT},
>> +    {"in",                  TOK_IN},
>>      /* terminate */
>>      {NULL, 0}
>>  };
>> @@ -1025,12 +1026,13 @@ void print_value_list(struct value_list *list)
>>      }
>>  }
>>  
>> -struct cond_entry *new_cond_entry(char *name, struct value_list *list)
>> +struct cond_entry *new_cond_entry(char *name, int eq, struct value_list 
>> *list)
>>  {
>>      struct cond_entry *ent = calloc(1, sizeof(struct cond_entry));
>>      if (ent) {
>>              ent->name = name;
>>              ent->vals = list;
>> +            ent->eq = eq;
>>      }
>>  
>>      return ent;
>> diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
>> index 65cf365..a79be85 100644
>> --- a/parser/parser_yacc.y
>> +++ b/parser/parser_yacc.y
>> @@ -121,6 +121,7 @@ void add_local_entry(struct codomain *cod);
>>  %token TOK_REMOUNT
>>  %token TOK_UMOUNT
>>  %token TOK_PIVOTROOT
>> +%token TOK_IN
>>  
>>   /* rlimits */
>>  %token TOK_RLIMIT
>> @@ -1072,7 +1073,7 @@ cond: TOK_CONDID TOK_EQUALS TOK_VALUE
>>              struct value_list *value = new_value_list($3);
>>              if (!value)
>>                      yyerror(_("Memory allocation error."));
>> -            ent = new_cond_entry($1, value);
>> +            ent = new_cond_entry($1, 1, value);
>>              if (!ent) {
>>                      free_value_list(value);
>>                      yyerror(_("Memory allocation error."));
>> @@ -1082,7 +1083,17 @@ cond: TOK_CONDID TOK_EQUALS TOK_VALUE
>>  
>>  cond: TOK_CONDID TOK_EQUALS TOK_OPENPAREN valuelist TOK_CLOSEPAREN
>>      {
>> -            struct cond_entry *ent = new_cond_entry($1, $4);
>> +            struct cond_entry *ent = new_cond_entry($1, 1, $4);
>> +
>> +            if (!ent)
>> +                    yyerror(_("Memory allocation error."));
>> +            $$ = ent;
>> +    }
>> +
>> +
>> +cond: TOK_CONDID TOK_IN TOK_OPENPAREN valuelist TOK_CLOSEPAREN
>> +    {
>> +            struct cond_entry *ent = new_cond_entry($1, 0, $4);
>>  
>>              if (!ent)
>>                      yyerror(_("Memory allocation error."));
>> diff --git a/parser/tst/simple_tests/mount/in_1.sd 
>> b/parser/tst/simple_tests/mount/in_1.sd
>> new file mode 100644
>> index 0000000..076d5dc
>> --- /dev/null
>> +++ b/parser/tst/simple_tests/mount/in_1.sd
>> @@ -0,0 +1,7 @@
>> +#
>> +#=Description basic mount rule
>> +#=EXRESULT PASS
>> +#
>> +/usr/bin/foo {
>> +  mount options in (rw) -> /foo,
>> +}
>> diff --git a/parser/tst/simple_tests/mount/in_1.sd~ 
>> b/parser/tst/simple_tests/mount/in_1.sd~
>> new file mode 100644
>> index 0000000..3b552f7
>> --- /dev/null
>> +++ b/parser/tst/simple_tests/mount/in_1.sd~
>> @@ -0,0 +1,7 @@
>> +#
>> +#=Description basic mount rule
>> +#=EXRESULT PASS
>> +#
>> +/usr/bin/foo {
>> +  mount options=(rw) -> /foo,
>> +}
>> diff --git a/parser/tst/simple_tests/mount/in_2.sd 
>> b/parser/tst/simple_tests/mount/in_2.sd
>> new file mode 100644
>> index 0000000..5bf4beb
>> --- /dev/null
>> +++ b/parser/tst/simple_tests/mount/in_2.sd
>> @@ -0,0 +1,7 @@
>> +#
>> +#=Description basic mount rule
>> +#=EXRESULT PASS
>> +#
>> +/usr/bin/foo {
>> +  mount options in (rw, ro) -> /foo,
>> +}
>> diff --git a/parser/tst/simple_tests/mount/in_2.sd~ 
>> b/parser/tst/simple_tests/mount/in_2.sd~
>> new file mode 100644
>> index 0000000..12c21aa
>> --- /dev/null
>> +++ b/parser/tst/simple_tests/mount/in_2.sd~
>> @@ -0,0 +1,7 @@
>> +#
>> +#=Description basic mount rule
>> +#=EXRESULT PASS
>> +#
>> +/usr/bin/foo {
>> +  mount options=(rw, ro) -> /foo,
>> +}
>> diff --git a/parser/tst/simple_tests/mount/in_3.sd 
>> b/parser/tst/simple_tests/mount/in_3.sd
>> new file mode 100644
>> index 0000000..cd5bae5
>> --- /dev/null
>> +++ b/parser/tst/simple_tests/mount/in_3.sd
>> @@ -0,0 +1,7 @@
>> +#
>> +#=Description basic mount rule
>> +#=EXRESULT PASS
>> +#
>> +/usr/bin/foo {
>> +  mount options in (rw ro) -> /foo,
>> +}
>> diff --git a/parser/tst/simple_tests/mount/in_3.sd~ 
>> b/parser/tst/simple_tests/mount/in_3.sd~
>> new file mode 100644
>> index 0000000..08aa1bb
>> --- /dev/null
>> +++ b/parser/tst/simple_tests/mount/in_3.sd~
>> @@ -0,0 +1,7 @@
>> +#
>> +#=Description basic mount rule
>> +#=EXRESULT PASS
>> +#
>> +/usr/bin/foo {
>> +  mount options=(rw ro) -> /foo,
>> +}
>> diff --git a/parser/tst/simple_tests/mount/in_4.sd 
>> b/parser/tst/simple_tests/mount/in_4.sd
>> new file mode 100644
>> index 0000000..8acaa88
>> --- /dev/null
>> +++ b/parser/tst/simple_tests/mount/in_4.sd
>> @@ -0,0 +1,7 @@
>> +#
>> +#=Description basic mount rule
>> +#=EXRESULT PASS
>> +#
>> +/usr/bin/foo {
>> +  mount options in (rw ro) fstype=procfs -> /foo,
>> +}
>> diff --git a/parser/tst/simple_tests/mount/in_4.sd~ 
>> b/parser/tst/simple_tests/mount/in_4.sd~
>> new file mode 100644
>> index 0000000..96a93a2
>> --- /dev/null
>> +++ b/parser/tst/simple_tests/mount/in_4.sd~
>> @@ -0,0 +1,7 @@
>> +#
>> +#=Description basic mount rule
>> +#=EXRESULT PASS
>> +#
>> +/usr/bin/foo {
>> +  mount options=(rw ro) fstype=procfs -> /foo,
>> +}
>> -- 
>> 1.7.9.1
>>
>>
>> -- 
>> AppArmor mailing list
>> AppArmor@lists.ubuntu.com
>> Modify settings or unsubscribe at: 
>> https://lists.ubuntu.com/mailman/listinfo/apparmor
> 
> 
> 


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Re: [apparmor] [PATCH 3/3] Update the parser to support the 'in' keyword for value lists

Reply via email to