Re: [apparmor] [PATCH 4/5] Update the parser to support the 'in' keyword for value lists

Steve Beattie Mon, 26 Mar 2012 09:48:52 -0700

On Mon, Mar 26, 2012 at 06:03:56AM -0700, John Johansen wrote:
> Signed-off-by: John Johansen <john.johan...@canonical.com>
> ---
>  parser/parser.h                        |    3 ++-
>  parser/parser_lex.l                    |   17 +++++++++++++++++
>  parser/parser_misc.c                   |    4 +++-
>  parser/parser_yacc.y                   |   15 +++++++++++++--
>  parser/tst/simple_tests/mount/in_1.sd  |    7 +++++++
>  parser/tst/simple_tests/mount/in_1.sd~ |    7 +++++++
>  parser/tst/simple_tests/mount/in_2.sd  |    7 +++++++
>  parser/tst/simple_tests/mount/in_2.sd~ |    7 +++++++
>  parser/tst/simple_tests/mount/in_3.sd  |    7 +++++++
>  parser/tst/simple_tests/mount/in_3.sd~ |    7 +++++++
>  parser/tst/simple_tests/mount/in_4.sd  |    7 +++++++
>  parser/tst/simple_tests/mount/in_4.sd~ |    7 +++++++


Again, the ~ backup files need to go. Otherwise,
Acked-By: Steve Beattie <sbeat...@ubuntu.com>

>  12 files changed, 91 insertions(+), 4 deletions(-)
>  create mode 100644 parser/tst/simple_tests/mount/in_1.sd
>  create mode 100644 parser/tst/simple_tests/mount/in_1.sd~
>  create mode 100644 parser/tst/simple_tests/mount/in_2.sd
>  create mode 100644 parser/tst/simple_tests/mount/in_2.sd~
>  create mode 100644 parser/tst/simple_tests/mount/in_3.sd
>  create mode 100644 parser/tst/simple_tests/mount/in_3.sd~
>  create mode 100644 parser/tst/simple_tests/mount/in_4.sd
>  create mode 100644 parser/tst/simple_tests/mount/in_4.sd~
> 
> diff --git a/parser/parser.h b/parser/parser.h
> index 799d44b..fa2d191 100644
> --- a/parser/parser.h
> +++ b/parser/parser.h
> @@ -62,6 +62,7 @@ struct value_list {
>  
>  struct cond_entry {
>       char *name;
> +     int eq;                 /* where equals was used in specifying list */
>       struct value_list *vals;
>  
>       struct cond_entry *next;
> @@ -316,7 +317,7 @@ extern struct value_list *new_value_list(char *value);
>  extern struct value_list *dup_value_list(struct value_list *list);
>  extern void free_value_list(struct value_list *list);
>  extern void print_value_list(struct value_list *list);
> -extern struct cond_entry *new_cond_entry(char *name, struct value_list 
> *list);
> +extern struct cond_entry *new_cond_entry(char *name, int eq, struct 
> value_list *list);
>  extern void free_cond_entry(struct cond_entry *ent);
>  extern void print_cond_entry(struct cond_entry *ent);
>  extern char *processid(char *string, int len);
> diff --git a/parser/parser_lex.l b/parser/parser_lex.l
> index b5627ad..7c6cb5d 100644
> --- a/parser/parser_lex.l
> +++ b/parser/parser_lex.l
> @@ -280,6 +280,18 @@ LT_EQUAL <=
>                               yy_push_state(EXTCOND_MODE);
>                               return TOK_CONDID;
>                       }
> +     {VARIABLE_NAME}/{WS}+in{WS}*\(  {
> +                             /* we match to 'in' in the lexer so that
> +                              * we can switch scanner state.  By the time
> +                              * the parser see the 'in' it may be to late
> +                              * as bison may have requested the next
> +                              * token from the scanner
> +                              */
> +                             PDEBUG("conditional %s=\n", yytext);
> +                             yylval.id = processid(yytext, yyleng);
> +                             yy_push_state(EXTCOND_MODE);
> +                             return TOK_CONDID;
> +                     }
>  }
>  
>  <SUB_ID>{
> @@ -384,6 +396,11 @@ LT_EQUAL <=
>                       return TOK_OPENPAREN;
>               }
>  
> +     in      {
> +                     DUMP_PREPROCESS;
> +                     return TOK_IN;
> +             }
> +
>       [^\n]   {
>                       DUMP_PREPROCESS;
>                       /* Something we didn't expect */
> diff --git a/parser/parser_misc.c b/parser/parser_misc.c
> index 7ff6348..9d2fc4b 100644
> --- a/parser/parser_misc.c
> +++ b/parser/parser_misc.c
> @@ -84,6 +84,7 @@ static struct keyword_table keyword_table[] = {
>       {"umount",              TOK_UMOUNT},
>       {"unmount",             TOK_UMOUNT},
>       {"pivot_root",          TOK_PIVOTROOT},
> +     {"in",                  TOK_IN},
>       /* terminate */
>       {NULL, 0}
>  };
> @@ -1025,12 +1026,13 @@ void print_value_list(struct value_list *list)
>       }
>  }
>  
> -struct cond_entry *new_cond_entry(char *name, struct value_list *list)
> +struct cond_entry *new_cond_entry(char *name, int eq, struct value_list 
> *list)
>  {
>       struct cond_entry *ent = calloc(1, sizeof(struct cond_entry));
>       if (ent) {
>               ent->name = name;
>               ent->vals = list;
> +             ent->eq = eq;
>       }
>  
>       return ent;
> diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
> index 65cf365..a79be85 100644
> --- a/parser/parser_yacc.y
> +++ b/parser/parser_yacc.y
> @@ -121,6 +121,7 @@ void add_local_entry(struct codomain *cod);
>  %token TOK_REMOUNT
>  %token TOK_UMOUNT
>  %token TOK_PIVOTROOT
> +%token TOK_IN
>  
>   /* rlimits */
>  %token TOK_RLIMIT
> @@ -1072,7 +1073,7 @@ cond: TOK_CONDID TOK_EQUALS TOK_VALUE
>               struct value_list *value = new_value_list($3);
>               if (!value)
>                       yyerror(_("Memory allocation error."));
> -             ent = new_cond_entry($1, value);
> +             ent = new_cond_entry($1, 1, value);
>               if (!ent) {
>                       free_value_list(value);
>                       yyerror(_("Memory allocation error."));
> @@ -1082,7 +1083,17 @@ cond: TOK_CONDID TOK_EQUALS TOK_VALUE
>  
>  cond: TOK_CONDID TOK_EQUALS TOK_OPENPAREN valuelist TOK_CLOSEPAREN
>       {
> -             struct cond_entry *ent = new_cond_entry($1, $4);
> +             struct cond_entry *ent = new_cond_entry($1, 1, $4);
> +
> +             if (!ent)
> +                     yyerror(_("Memory allocation error."));
> +             $$ = ent;
> +     }
> +
> +
> +cond: TOK_CONDID TOK_IN TOK_OPENPAREN valuelist TOK_CLOSEPAREN
> +     {
> +             struct cond_entry *ent = new_cond_entry($1, 0, $4);
>  
>               if (!ent)
>                       yyerror(_("Memory allocation error."));
> diff --git a/parser/tst/simple_tests/mount/in_1.sd 
> b/parser/tst/simple_tests/mount/in_1.sd
> new file mode 100644
> index 0000000..076d5dc
> --- /dev/null
> +++ b/parser/tst/simple_tests/mount/in_1.sd
> @@ -0,0 +1,7 @@
> +#
> +#=Description basic mount rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  mount options in (rw) -> /foo,
> +}
> diff --git a/parser/tst/simple_tests/mount/in_1.sd~ 
> b/parser/tst/simple_tests/mount/in_1.sd~
> new file mode 100644
> index 0000000..3b552f7
> --- /dev/null
> +++ b/parser/tst/simple_tests/mount/in_1.sd~
> @@ -0,0 +1,7 @@
> +#
> +#=Description basic mount rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  mount options=(rw) -> /foo,
> +}
> diff --git a/parser/tst/simple_tests/mount/in_2.sd 
> b/parser/tst/simple_tests/mount/in_2.sd
> new file mode 100644
> index 0000000..5bf4beb
> --- /dev/null
> +++ b/parser/tst/simple_tests/mount/in_2.sd
> @@ -0,0 +1,7 @@
> +#
> +#=Description basic mount rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  mount options in (rw, ro) -> /foo,
> +}
> diff --git a/parser/tst/simple_tests/mount/in_2.sd~ 
> b/parser/tst/simple_tests/mount/in_2.sd~
> new file mode 100644
> index 0000000..12c21aa
> --- /dev/null
> +++ b/parser/tst/simple_tests/mount/in_2.sd~
> @@ -0,0 +1,7 @@
> +#
> +#=Description basic mount rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  mount options=(rw, ro) -> /foo,
> +}
> diff --git a/parser/tst/simple_tests/mount/in_3.sd 
> b/parser/tst/simple_tests/mount/in_3.sd
> new file mode 100644
> index 0000000..cd5bae5
> --- /dev/null
> +++ b/parser/tst/simple_tests/mount/in_3.sd
> @@ -0,0 +1,7 @@
> +#
> +#=Description basic mount rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  mount options in (rw ro) -> /foo,
> +}
> diff --git a/parser/tst/simple_tests/mount/in_3.sd~ 
> b/parser/tst/simple_tests/mount/in_3.sd~
> new file mode 100644
> index 0000000..08aa1bb
> --- /dev/null
> +++ b/parser/tst/simple_tests/mount/in_3.sd~
> @@ -0,0 +1,7 @@
> +#
> +#=Description basic mount rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  mount options=(rw ro) -> /foo,
> +}
> diff --git a/parser/tst/simple_tests/mount/in_4.sd 
> b/parser/tst/simple_tests/mount/in_4.sd
> new file mode 100644
> index 0000000..8acaa88
> --- /dev/null
> +++ b/parser/tst/simple_tests/mount/in_4.sd
> @@ -0,0 +1,7 @@
> +#
> +#=Description basic mount rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  mount options in (rw ro) fstype=procfs -> /foo,
> +}
> diff --git a/parser/tst/simple_tests/mount/in_4.sd~ 
> b/parser/tst/simple_tests/mount/in_4.sd~
> new file mode 100644
> index 0000000..96a93a2
> --- /dev/null
> +++ b/parser/tst/simple_tests/mount/in_4.sd~
> @@ -0,0 +1,7 @@
> +#
> +#=Description basic mount rule
> +#=EXRESULT PASS
> +#
> +/usr/bin/foo {
> +  mount options=(rw ro) fstype=procfs -> /foo,
> +}
> -- 
> 1.7.9.1
> 
> 
> -- 
> AppArmor mailing list
> AppArmor@lists.ubuntu.com
> Modify settings or unsubscribe at: 
> https://lists.ubuntu.com/mailman/listinfo/apparmor

-- 
Steve Beattie
<sbeat...@ubuntu.com>
http://NxNW.org/~steve/

signature.asc
Description: Digital signature

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Re: [apparmor] [PATCH 4/5] Update the parser to support the 'in' keyword for value lists

Reply via email to