108
115
struct alt_name *next;
113
char *name; /* codomain name */
115
struct alt_name *altnames;
120
/* char *sub_name; */ /* subdomain name or NULL */
121
/* int default_deny; */ /* TRUE or FALSE */
123
int local_mode; /* true if local, not hat */
126
struct codomain *parent;
128
struct flagval flags;
130
uint64_t capabilities;
135
unsigned int *network_allowed; /* array of type masks
136
* indexed by AF_FAMILY */
137
unsigned int *audit_network;
138
unsigned int *deny_network;
139
unsigned int *quiet_network;
141
struct aa_rlimits rlimits;
143
char *exec_table[AA_EXEC_COUNT];
144
struct cod_entry *entries;
145
struct mnt_entry *mnt_ents;
148
//struct codomain *next;
150
aare_ruleset_t *dfarules;
155
aare_ruleset_t *policy_rules;
156
int policy_rule_count;
158
size_t policy_dfa_size;
163
120
unsigned int hat_magic;
260
211
___tmp->next = (LISTB); \
214
#define DUP_STRING(orig, new, field, fail_target) \
216
(new)->field = ((orig)->field) ? strdup((orig)->field) : NULL; \
217
if (((orig)->field) && !((new)->field)) \
263
221
/* from parser_common.c */
264
extern int regex_type;
265
222
extern int perms_create;
266
223
extern int net_af_max_override;
267
224
extern int kernel_load;
268
225
extern int kernel_supports_network;
269
226
extern int kernel_supports_mount;
270
extern int flag_changehat_version;
227
extern int kernel_supports_dbus;
271
228
extern int conf_verbose;
272
229
extern int conf_quiet;
273
230
extern int names_only;
274
231
extern int option;
275
232
extern int current_lineno;
276
233
extern dfaflags_t dfaflags;
277
extern char *progname;
234
extern const char *progname;
278
235
extern char *subdomainbase;
279
236
extern char *profilename;
280
extern char *profile_namespace;
237
extern char *profile_ns;
281
238
extern char *current_filename;
282
239
extern FILE *ofile;
283
240
extern int read_implies_exec;
284
extern void pwarn(char *fmt, ...) __attribute__((__format__(__printf__, 1, 2)));
241
extern void pwarn(const char *fmt, ...) __attribute__((__format__(__printf__, 1, 2)));
286
243
/* from parser_main (cannot be used in tst builds) */
287
244
extern int force_complain;
296
253
extern int yylex(void);
298
255
/* parser_include.c */
299
extern char *basedir;
256
extern const char *basedir;
301
258
/* parser_regex.c */
302
extern int process_regex(struct codomain *cod);
259
extern int process_regex(Profile *prof);
303
260
extern int post_process_entry(struct cod_entry *entry);
261
extern int process_dbus(Profile *prof);
304
263
extern void reset_regex(void);
306
extern int process_policydb(struct codomain *cod);
265
extern int process_policydb(Profile *prof);
308
extern int process_policy_ents(struct codomain *cod);
267
extern int process_policy_ents(Profile *prof);
310
269
/* parser_variable.c */
311
extern int process_variables(struct codomain *cod);
312
extern struct var_string *split_out_var(char *string);
270
extern int process_variables(Profile *prof);
271
extern struct var_string *split_out_var(const char *string);
313
272
extern void free_var_string(struct var_string *var);
315
274
/* parser_misc.c */
275
extern int is_blacklisted(const char *name, const char *path);
316
276
extern struct value_list *new_value_list(char *value);
317
277
extern struct value_list *dup_value_list(struct value_list *list);
318
278
extern void free_value_list(struct value_list *list);
319
279
extern void print_value_list(struct value_list *list);
320
280
extern struct cond_entry *new_cond_entry(char *name, int eq, struct value_list *list);
321
281
extern void free_cond_entry(struct cond_entry *ent);
282
extern void free_cond_list(struct cond_entry *ents);
322
283
extern void print_cond_entry(struct cond_entry *ent);
323
extern char *processid(char *string, int len);
324
extern char *processquoted(char *string, int len);
325
extern char *processunquoted(char *string, int len);
284
extern char *processid(const char *string, int len);
285
extern char *processquoted(const char *string, int len);
286
extern char *processunquoted(const char *string, int len);
326
287
extern int get_keyword_token(const char *keyword);
327
288
extern int name_to_capability(const char *keyword);
328
289
extern int get_rlimit(const char *name);
329
290
extern char *process_var(const char *var);
330
291
extern int parse_mode(const char *mode);
331
extern struct cod_entry *new_entry(char *namespace, char *id, int mode,
292
extern int parse_dbus_mode(const char *str_mode, int *mode, int fail);
293
extern struct cod_entry *new_entry(char *ns, char *id, int mode, char *link_id);
333
294
extern struct aa_network_entry *new_network_ent(unsigned int family,
334
295
unsigned int type,
335
296
unsigned int protocol);
338
299
const char *protocol);
339
300
extern size_t get_af_max(void);
341
extern void debug_cod_list(struct codomain *list);
342
302
/* returns -1 if value != true or false, otherwise 0 == false, 1 == true */
343
303
extern int str_to_boolean(const char* str);
344
304
extern struct cod_entry *copy_cod_entry(struct cod_entry *cod);
345
305
extern void free_cod_entries(struct cod_entry *list);
346
306
extern void free_mnt_entries(struct mnt_entry *list);
307
extern void free_dbus_entries(struct dbus_entry *list);
308
extern void __debug_capabilities(uint64_t capset, const char *name);
309
void __debug_network(unsigned int *array, const char *name);
310
void debug_cod_entries(struct cod_entry *list);
348
313
/* parser_symtab.c */
349
314
struct set_value {;
363
328
/* parser_alias.c */
364
329
extern int new_alias(const char *from, const char *to);
365
extern void replace_aliases(struct codomain *cod);
330
extern int replace_profile_aliases(Profile *prof);
366
331
extern void free_aliases(void);
368
333
/* parser_merge.c */
369
extern int codomain_merge_rules(struct codomain *cod);
334
extern int profile_merge_rules(Profile *prof);
371
336
/* parser_interface.c */
372
337
typedef struct __sdserialize sd_serialize;
373
extern int load_codomain(int option, struct codomain *cod);
374
extern int sd_serialize_profile(sd_serialize *p, struct codomain *cod,
338
extern int load_profile(int option, Profile *prof);
339
extern int sd_serialize_profile(sd_serialize *p, Profile *prof,
376
341
extern int sd_load_buffer(int option, char *buffer, int size);
377
342
extern int cache_fd;
380
345
/* parser_policy.c */
381
extern void add_to_list(struct codomain *codomain);
382
extern void add_hat_to_policy(struct codomain *policy, struct codomain *hat);
383
extern void add_entry_to_policy(struct codomain *policy, struct cod_entry *entry);
384
extern void post_process_file_entries(struct codomain *cod);
385
extern void post_process_mnt_entries(struct codomain *cod);
346
extern void add_to_list(Profile *profile);
347
extern void add_hat_to_policy(Profile *policy, Profile *hat);
348
extern void add_entry_to_policy(Profile *policy, struct cod_entry *entry);
349
extern void post_process_file_entries(Profile *prof);
350
extern void post_process_mnt_entries(Profile *prof);
386
351
extern int post_process_policy(int debug_only);
387
extern int process_hat_regex(struct codomain *cod);
388
extern int process_hat_variables(struct codomain *cod);
389
extern int process_hat_policydb(struct codomain *cod);
352
extern int process_profile_regex(Profile *prof);
353
extern int process_profile_variables(Profile *prof);
354
extern int process_profile_policydb(Profile *prof);
390
355
extern int post_merge_rules(void);
391
extern int merge_hat_rules(struct codomain *cod);
392
extern struct codomain *merge_policy(struct codomain *a, struct codomain *b);
356
extern int merge_hat_rules(Profile *prof);
357
extern Profile *merge_policy(Profile *a, Profile *b);
393
358
extern int load_policy(int option);
394
extern int load_hats(sd_serialize *p, struct codomain *cod);
395
extern int load_flattened_hats(struct codomain *cod);
396
extern void free_policy(struct codomain *cod);
397
extern void dump_policy(void);
398
extern void dump_policy_hats(struct codomain *cod);
359
extern int load_hats(sd_serialize *p, Profile *prof);
360
extern int load_flattened_hats(Profile *prof, int option);
361
extern void dump_policy_hats(Profile *prof);
399
362
extern void dump_policy_names(void);
400
extern int die_if_any_regex(void);
363
void dump_policy(void);
401
365
void free_policies(void);
404
/* For the unit-test builds, we must include function stubs for stuff that
405
* only exists in the excluded object files; everything else should live
406
* in parser_common.c.
410
void yyerror(const char *msg, ...)
416
vsnprintf(buf, sizeof(buf), msg, arg);
419
PERROR(_("AppArmor parser error: %s\n"), buf);
424
#define MY_TEST(statement, error) \
425
if (!(statement)) { \
426
PERROR("FAIL: %s\n", error); \
432
367
#endif /** __AA_PARSER_H */