LogoopenSUSE Build Service > Projects
Sign Up | Log In

View File apparmor-parser-separate-hat-removal-fix of Package apparmor-parser (Project home:zhy20120210:failed_1)

From: Jeff Mahoney <jeffm@suse.com>
Subject: apparmor-parser: Newer kernels don't require separate removal of hats
References: bnc#588248

 The version of AppArmor shipped with kernels later than that shipped with
 SLE11 GA automatically remove hats underneath profiles.

 Prior kernels didn't track a parent-child relationship between the profiles
 and required taht they be cleaned up separately.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
 parser.h           |    3 +++
 parser_interface.c |   12 ++++++++++--
 parser_main.c      |   13 ++++++++++++-
 3 files changed, 25 insertions(+), 3 deletions(-)

--- a/parser.h
+++ b/parser.h
@@ -170,6 +170,9 @@ struct var_string {
 #define FLAG_CHANGEHAT_1_5  3
 extern int flag_changehat_version;
 
+extern int flag_file_version_major;
+extern int flag_file_version_minor;
+
 
 #ifdef DEBUG
 #define PDEBUG(fmt, args...) printf("parser: " fmt, ## args)
--- a/parser_interface.c
+++ b/parser_interface.c
@@ -764,6 +764,13 @@ int sd_serialize_top_profile(sd_serializ
 	return sd_serialize_profile(p, profile, profile->parent ? 1 : 0);
 }
 
+static int
+hats_need_separate_removal(void)
+{
+	return flag_file_version_major < 3 ||
+	       flag_file_version_minor <= 0;
+}
+
 int sd_serialize_codomain(int option, struct codomain *cod)
 {
 	int fd;
@@ -878,8 +885,9 @@ int sd_serialize_codomain(int option, st
 	close(fd);
 
 	if (cod->hat_table && regex_type == AARE_DFA) {
-		if (load_flattened_hats(cod) != 0)
-			return 0;
+		if (option != OPTION_REMOVE || hats_need_separate_removal())
+			if (load_flattened_hats(cod) != 0)
+				return 0;
 	}
 
 
--- a/parser_main.c
+++ b/parser_main.c
@@ -72,7 +72,8 @@ char *flags_string = NULL;
 int regex_type = AARE_DFA;
 char *profile_namespace = NULL;
 int flag_changehat_version = FLAG_CHANGEHAT_1_5;
-
+int flag_file_version_major = 3;
+int flag_file_version_minor = 0;
 
 extern int current_lineno;
 
@@ -418,6 +419,16 @@ static void get_flags_string(void) {
 //fprintf(stderr, "flags string: %s\n", flags_string);
 //fprintf(stderr, "changehat %d\n", flag_changehat_version);
 	}
+
+	pos = strstr(flags_string, "file=");
+	if (pos) {
+		if (sscanf(pos, "file=%d.%d%*s", &flag_file_version_major,
+		       &flag_file_version_minor) != 2) {
+			flag_file_version_major = 3;
+			flag_file_version_minor = 0;
+		}
+	}
+
 	return;
 
 fail: