Commit b0a14888 authored by John Johansen's avatar John Johansen Committed by Tyler Hicks

Remove testing for AARE as it is the only matching engine

Remove use of AARE_DFA as the alternate pcre matching engine was removed
years ago.
Signed-off-by: default avatarJohn Johansen <[email protected]>
Acked-by: default avatarSeth Arnold <[email protected]>
Acked-by: Steve Beattie's avatarSteve Beattie <[email protected]>
parent 17f0565a
...@@ -209,9 +209,6 @@ struct var_string { ...@@ -209,9 +209,6 @@ struct var_string {
#define OPTION_STDOUT 4 #define OPTION_STDOUT 4
#define OPTION_OFILE 5 #define OPTION_OFILE 5
#define AARE_NONE 0
#define AARE_DFA 2
#define BOOL int #define BOOL int
#define FLAG_CHANGEHAT_1_4 2 #define FLAG_CHANGEHAT_1_4 2
...@@ -275,7 +272,6 @@ extern int preprocess_only; ...@@ -275,7 +272,6 @@ extern int preprocess_only;
} while (0) } while (0)
/* from parser_common.c */ /* from parser_common.c */
extern int regex_type;
extern int perms_create; extern int perms_create;
extern int net_af_max_override; extern int net_af_max_override;
extern int kernel_load; extern int kernel_load;
......
...@@ -22,7 +22,6 @@ ...@@ -22,7 +22,6 @@
#define _(s) gettext(s) #define _(s) gettext(s)
#include "parser.h" #include "parser.h"
int regex_type = AARE_DFA;
int perms_create = 0; /* perms contain create flag */ int perms_create = 0; /* perms contain create flag */
int net_af_max_override = -1; /* use kernel to determine af_max */ int net_af_max_override = -1; /* use kernel to determine af_max */
int kernel_load = 1; int kernel_load = 1;
......
...@@ -57,9 +57,7 @@ ...@@ -57,9 +57,7 @@
#define SD_CODE_SIZE (sizeof(u8)) #define SD_CODE_SIZE (sizeof(u8))
#define SD_STR_LEN (sizeof(u16)) #define SD_STR_LEN (sizeof(u16))
#define SUBDOMAIN_INTERFACE_VERSION 2
#define SUBDOMAIN_INTERFACE_DFA_VERSION 5 #define SUBDOMAIN_INTERFACE_DFA_VERSION 5
#define SUBDOMAIN_INTERFACE_POLICY_DB 16
int sd_serialize_codomain(int option, struct codomain *cod); int sd_serialize_codomain(int option, struct codomain *cod);
...@@ -573,7 +571,7 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile, ...@@ -573,7 +571,7 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile,
/* only emit this if current kernel at least supports "create" */ /* only emit this if current kernel at least supports "create" */
if (perms_create) { if (perms_create) {
if (regex_type == AARE_DFA && profile->xmatch) { if (profile->xmatch) {
if (!sd_serialize_dfa(p, profile->xmatch, profile->xmatch_size)) if (!sd_serialize_dfa(p, profile->xmatch, profile->xmatch_size))
return 0; return 0;
if (!sd_write32(p, profile->xmatch_len)) if (!sd_write32(p, profile->xmatch_len))
...@@ -655,7 +653,7 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile, ...@@ -655,7 +653,7 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile,
} else if (profile->network_allowed) } else if (profile->network_allowed)
pwarn(_("profile %s network rules not enforced\n"), profile->name); pwarn(_("profile %s network rules not enforced\n"), profile->name);
if (profile->policy_dfa && regex_type == AARE_DFA) { if (profile->policy_dfa) {
if (!sd_write_struct(p, "policydb")) if (!sd_write_struct(p, "policydb"))
return 0; return 0;
if (!sd_serialize_dfa(p, profile->policy_dfa, profile->policy_dfa_size)) if (!sd_serialize_dfa(p, profile->policy_dfa, profile->policy_dfa_size))
...@@ -665,26 +663,12 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile, ...@@ -665,26 +663,12 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile,
} }
/* either have a single dfa or lists of different entry types */ /* either have a single dfa or lists of different entry types */
if (regex_type == AARE_DFA) { if (!sd_serialize_dfa(p, profile->dfa, profile->dfa_size))
if (!sd_serialize_dfa(p, profile->dfa, profile->dfa_size)) return 0;
return 0;
if (!sd_serialize_xtable(p, profile->exec_table))
return 0;
} else {
PERROR(_("Unknown pattern type\n"));
return 1;
}
if (profile->hat_table && regex_type != AARE_DFA) { if (!sd_serialize_xtable(p, profile->exec_table))
if (!sd_write_list(p, "hats")) return 0;
return 0;
if (load_hats(p, profile) != 0)
return 0;
if (!sd_write_listend(p))
return 0;
}
if (!sd_write_structend(p)) if (!sd_write_structend(p))
return 0; return 0;
...@@ -695,15 +679,7 @@ int sd_serialize_top_profile(sd_serialize *p, struct codomain *profile) ...@@ -695,15 +679,7 @@ int sd_serialize_top_profile(sd_serialize *p, struct codomain *profile)
{ {
int version; int version;
if (regex_type == AARE_DFA) { version = SUBDOMAIN_INTERFACE_DFA_VERSION;
/* Not yet
if (profile->policy_dfa)
version = SUBDOMAIN_INTERFACE_POLICYDB;
else */
version = SUBDOMAIN_INTERFACE_DFA_VERSION;
} else
version = SUBDOMAIN_INTERFACE_VERSION;
if (!sd_write_name(p, "version")) if (!sd_write_name(p, "version"))
return 0; return 0;
...@@ -859,7 +835,7 @@ int sd_serialize_codomain(int option, struct codomain *cod) ...@@ -859,7 +835,7 @@ int sd_serialize_codomain(int option, struct codomain *cod)
close(fd); close(fd);
if (cod->hat_table && regex_type == AARE_DFA && option != OPTION_REMOVE) { if (cod->hat_table && option != OPTION_REMOVE) {
if (load_flattened_hats(cod) != 0) if (load_flattened_hats(cod) != 0)
return 0; return 0;
} }
......
...@@ -791,7 +791,6 @@ static void get_match_string(void) { ...@@ -791,7 +791,6 @@ static void get_match_string(void) {
if (S_ISDIR(stat_file.st_mode)) { if (S_ISDIR(stat_file.st_mode)) {
/* if we have a features directory default to */ /* if we have a features directory default to */
regex_type = AARE_DFA;
perms_create = 1; perms_create = 1;
flags_string = malloc(FLAGS_STRING_SIZE); flags_string = malloc(FLAGS_STRING_SIZE);
...@@ -821,16 +820,9 @@ static void get_match_string(void) { ...@@ -821,16 +820,9 @@ static void get_match_string(void) {
out: out:
if (match_string) { if (match_string) {
if (strstr(match_string, AADFA))
regex_type = AARE_DFA;
if (strstr(match_string, " perms=c")) if (strstr(match_string, " perms=c"))
perms_create = 1; perms_create = 1;
} else { } else {
/* no match string default to 2.6.36 version which doesn't
* have a match string
*/
regex_type = AARE_DFA;
perms_create = 1; perms_create = 1;
kernel_supports_network = 0; kernel_supports_network = 0;
} }
......
...@@ -636,11 +636,7 @@ static void __dump_policy_hatnames(const void *nodep, const VISIT value, ...@@ -636,11 +636,7 @@ static void __dump_policy_hatnames(const void *nodep, const VISIT value,
if (value == preorder || value == endorder) if (value == preorder || value == endorder)
return; return;
if (regex_type == AARE_DFA) { printf("%s//%s\n", __dump_policy_name->name, (*t)->name);
printf("%s//%s\n", __dump_policy_name->name, (*t)->name);
} else {
printf("%s^%s\n", __dump_policy_name->name, (*t)->name);
}
} }
void dump_policy_hatnames(struct codomain *cod) void dump_policy_hatnames(struct codomain *cod)
......
...@@ -557,8 +557,7 @@ int post_process_entries(struct codomain *cod) ...@@ -557,8 +557,7 @@ int post_process_entries(struct codomain *cod)
int count = 0; int count = 0;
list_for_each(cod->entries, entry) { list_for_each(cod->entries, entry) {
if (regex_type == AARE_DFA && if (!process_dfa_entry(cod->dfarules, entry))
!process_dfa_entry(cod->dfarules, entry))
ret = FALSE; ret = FALSE;
count++; count++;
} }
...@@ -571,18 +570,17 @@ int process_regex(struct codomain *cod) ...@@ -571,18 +570,17 @@ int process_regex(struct codomain *cod)
{ {
int error = -1; int error = -1;
if (regex_type == AARE_DFA) { if (!process_profile_name_xmatch(cod))
if (!process_profile_name_xmatch(cod)) goto out;
goto out;
cod->dfarules = aare_new_ruleset(0);
if (!cod->dfarules)
goto out;
cod->dfarules = aare_new_ruleset(0);
if (!cod->dfarules)
goto out;
}
if (!post_process_entries(cod)) if (!post_process_entries(cod))
goto out; goto out;
if (regex_type == AARE_DFA && cod->dfarule_count > 0) { if (cod->dfarule_count > 0) {
cod->dfa = aare_create_dfa(cod->dfarules, &cod->dfa_size, cod->dfa = aare_create_dfa(cod->dfarules, &cod->dfa_size,
dfaflags); dfaflags);
aare_delete_ruleset(cod->dfarules); aare_delete_ruleset(cod->dfarules);
...@@ -1151,8 +1149,7 @@ static int post_process_mnt_ents(struct codomain *cod) ...@@ -1151,8 +1149,7 @@ static int post_process_mnt_ents(struct codomain *cod)
if (cod->mnt_ents && kernel_supports_mount) { if (cod->mnt_ents && kernel_supports_mount) {
struct mnt_entry *entry; struct mnt_entry *entry;
list_for_each(cod->mnt_ents, entry) { list_for_each(cod->mnt_ents, entry) {
if (regex_type == AARE_DFA && if (!process_mnt_entry(cod->policy_rules, entry))
!process_mnt_entry(cod->policy_rules, entry))
ret = FALSE; ret = FALSE;
count++; count++;
} }
...@@ -1170,8 +1167,7 @@ static int post_process_dbus_ents(struct codomain *cod) ...@@ -1170,8 +1167,7 @@ static int post_process_dbus_ents(struct codomain *cod)
int count = 0; int count = 0;
list_for_each(cod->dbus_ents, entry) { list_for_each(cod->dbus_ents, entry) {
if (regex_type == AARE_DFA && if (!process_dbus_entry(cod->policy_rules, entry))
!process_dbus_entry(cod->policy_rules, entry))
ret = FALSE; ret = FALSE;
count++; count++;
} }
...@@ -1194,16 +1190,14 @@ int process_policydb(struct codomain *cod) ...@@ -1194,16 +1190,14 @@ int process_policydb(struct codomain *cod)
{ {
int error = -1; int error = -1;
if (regex_type == AARE_DFA) { cod->policy_rules = aare_new_ruleset(0);
cod->policy_rules = aare_new_ruleset(0); if (!cod->policy_rules)
if (!cod->policy_rules) goto out;
goto out;
}
if (!post_process_policydb_ents(cod)) if (!post_process_policydb_ents(cod))
goto out; goto out;
if (regex_type == AARE_DFA && cod->policy_rule_count > 0) { if (cod->policy_rule_count > 0) {
cod->policy_dfa = aare_create_dfa(cod->policy_rules, cod->policy_dfa = aare_create_dfa(cod->policy_rules,
&cod->policy_dfa_size, &cod->policy_dfa_size,
dfaflags); dfaflags);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment