File: parser_common.c

package info (click to toggle)
apparmor 2.13.2-10
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 28,404 kB
  • sloc: python: 19,093; ansic: 17,037; perl: 11,105; sh: 10,442; cpp: 5,323; yacc: 1,933; makefile: 1,679; pascal: 1,097; lex: 1,088; ruby: 374; exp: 250; java: 212; xml: 159
file content (120 lines) | stat: -rw-r--r-- 4,320 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
 
/*
 *   Copyright (c) 2010 - 2012
 *   Canonical Ltd. (All rights reserved)
 *
 *   This program is free software; you can redistribute it and/or
 *   modify it under the terms of version 2 of the GNU General Public
 *   License published by the Free Software Foundation.
 *
 *   This program is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with this program; if not, contact Novell, Inc. or Canonical,
 *   Ltd.
 */
#include <stdlib.h>
#include <stdarg.h>

#include "parser.h"

/* Policy versioning is determined by a combination of 3 values:
 * policy_version:     version of txt policy
 * parser_abi_version: version of abi revision of policy generated by parser
 * kernel_abi_version: version of abi revision for the kernel
 *
 * The version info is stored in a single 32 bit version field in the
 * header portion of each binary policy file.
 *
 * policy_version:
 *   a gross revision number indicating what features and semantics are
 *   expected by the text policy. This does not necessarily map directly
 *   to a feature set as a kernel may not have all the supported features
 *   patched/builtin.
 *
 *   policy_version is not supported by kernels that only support v5
 *   kernel abi, so it will not be written when creating policy for
 *   those kernels.
 *
 * kernel_abi_version:
 *   should be set to the highest version supported by both the parser and
 *   the kernel.
 *   This allows new kernels to detect old userspaces, and new parsers
 *   to support old kernels and policies semantics.
 *
 * parser_abi_version:
 *   should be bumped when a compiler error or some other event happens
 *   and policy cache needs to be forced to be recomputed, when the
 *   policy_version or kernel version has not changed.
 *
 *   parser_abi_version is not supported by kernels that only support
 *   v5 kernel abi so it will not be written when creating policy for those
 *   kernels.
 *
 * Default values set to v5 kernel abi before the different versioning
 * numbers where supported.
 */
uint32_t policy_version = 2;
uint32_t parser_abi_version = 2;
uint32_t kernel_abi_version = 5;

int force_complain = 0;
int perms_create = 0;                   /* perms contain create flag */
int net_af_max_override = -1;           /* use kernel to determine af_max */
int kernel_load = 1;
int kernel_supports_setload = 0;	/* kernel supports atomic set loads */
int kernel_supports_network = 0;        /* kernel supports network rules */
int kernel_supports_unix = 0;		/* kernel supports unix socket rules */
int kernel_supports_policydb = 0;	/* kernel supports new policydb */
int kernel_supports_mount = 0;	        /* kernel supports mount rules */
int kernel_supports_dbus = 0;		/* kernel supports dbus rules */
int kernel_supports_diff_encode = 0;	/* kernel supports diff_encode */
int kernel_supports_signal = 0;		/* kernel supports signal rules */
int kernel_supports_ptrace = 0;		/* kernel supports ptrace rules */
int kernel_supports_stacking = 0;	/* kernel supports stacking */
int conf_verbose = 0;
int conf_quiet = 0;
int names_only = 0;
int current_lineno = 1;
int option = OPTION_ADD;

dfaflags_t dfaflags = (dfaflags_t)(DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE | DFA_CONTROL_MINIMIZE | DFA_CONTROL_DIFF_ENCODE);
dfaflags_t warnflags = 0;

const char *progname = __FILE__;
char *profile_ns = NULL;
char *profilename = NULL;
char *current_filename = NULL;

FILE *ofile = NULL;

#ifdef FORCE_READ_IMPLIES_EXEC
int read_implies_exec = 1;
#else
int read_implies_exec = 0;
#endif

void pwarn(const char *fmt, ...)
{
        va_list arg;
        char *newfmt;

        if (conf_quiet || names_only || option == OPTION_REMOVE)
                return;

        if (asprintf(&newfmt, _("Warning from %s (%s%sline %d): %s"),
		     profilename ? profilename : "stdin",
		     current_filename ? current_filename : "",
		     current_filename ? " " : "",
		     current_lineno,
		     fmt) == -1)
                return;

        va_start(arg, fmt);
        vfprintf(stderr, newfmt, arg);
        va_end(arg);

        free(newfmt);
}