On 08/25/2014 01:42 PM, Steve Beattie wrote:
> On Mon, Aug 25, 2014 at 12:47:26PM -0700, John Johansen wrote:
>> This is a fix for [patch 05/12] Make the af type protocol mappings available
>> for use
>>
>> before the af type protocol mappings patch was applied, a single rule could
>> result in multiple rule entries being created. The af type protocol mappings
>> patch broke this by apply only the first of the mappings that could be
>> found.
>>
>> Restore the previous behavior by search through the entire table until
>> all matches have been made.
>
> NACK.
>
And the revised version
---
=== modified file 'parser/network.c'
--- parser/network.c 2014-08-24 07:00:28 +0000
+++ parser/network.c 2014-08-25 21:22:41 +0000
@@ -249,22 +249,27 @@
}
-const struct network_tuple *net_find_mapping(const char *family,
+const struct network_tuple *net_find_mapping(const struct network_tuple *map,
+ const char *family,
const char *type,
const char *protocol)
{
- int i;
+ if (!map)
+ map = network_mappings;
+ else
+ /* assumes it points to last entry returned */
+ map++;
- for (i = 0; network_mappings[i].family_name; i++) {
+ for (; map->family_name; map++) {
if (family) {
- PDEBUG("Checking family %s\n",
network_mappings[i].family_name);
- if (strcmp(family, network_mappings[i].family_name) !=
0)
+ PDEBUG("Checking family %s\n", map->family_name);
+ if (strcmp(family, map->family_name) != 0)
continue;
PDEBUG("Found family %s\n", family);
}
if (type) {
- PDEBUG("Checking type %s\n",
network_mappings[i].type_name);
- if (strcmp(type, network_mappings[i].type_name) != 0)
+ PDEBUG("Checking type %s\n", map->type_name);
+ if (strcmp(type, map->type_name) != 0)
continue;
PDEBUG("Found type %s\n", type);
}
@@ -272,12 +277,12 @@
/* allows the proto to be the "type", ie. tcp implies
* stream */
if (!type) {
- PDEBUG("Checking protocol type %s\n",
network_mappings[i].type_name);
- if (strcmp(protocol,
network_mappings[i].type_name) == 0)
+ PDEBUG("Checking protocol type %s\n",
map->type_name);
+ if (strcmp(protocol, map->type_name) == 0)
goto match;
}
- PDEBUG("Checking type %s protocol %s\n",
network_mappings[i].type_name, network_mappings[i].protocol_name);
- if (strcmp(protocol, network_mappings[i].protocol_name)
!= 0)
+ PDEBUG("Checking type %s protocol %s\n",
map->type_name, map->protocol_name);
+ if (strcmp(protocol, map->protocol_name) != 0)
continue;
/* fixme should we allow specifying protocol by #
* without needing the protocol mapping? */
@@ -285,7 +290,7 @@
/* if we get this far we have a match */
match:
- return &network_mappings[i];
+ return map;
}
return NULL;
@@ -295,9 +300,9 @@
const char *protocol)
{
struct aa_network_entry *new_entry, *entry = NULL;
- const struct network_tuple *mapping = net_find_mapping(family, type,
protocol);
+ const struct network_tuple *mapping = NULL;
- if (mapping) {
+ while ((mapping = net_find_mapping(mapping, family, type, protocol))) {
new_entry = new_network_ent(mapping->family, mapping->type,
mapping->protocol);
if (!new_entry)
=== modified file 'parser/network.h'
--- parser/network.h 2014-08-24 07:00:28 +0000
+++ parser/network.h 2014-08-25 21:05:41 +0000
@@ -88,7 +88,8 @@
const char *net_find_type_name(int type);
int net_find_af_val(const char *af);
const char *net_find_af_name(unsigned int af);
-const struct network_tuple *net_find_mapping(const char *family,
+const struct network_tuple *net_find_mapping(const struct network_tuple *map,
+ const char *family,
const char *type,
const char *protocol);
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
