diff --git a/plugins/sudoers/cvtsudoers_csv.c b/plugins/sudoers/cvtsudoers_csv.c index 8d8e39715..aa96c5d63 100644 --- a/plugins/sudoers/cvtsudoers_csv.c +++ b/plugins/sudoers/cvtsudoers_csv.c @@ -597,7 +597,7 @@ print_cmndspec_csv(FILE *fp, struct sudoers_parse_tree *parse_tree, || cs->role != next->role || cs->type != next->type #endif /* HAVE_SELINUX */ #ifdef HAVE_APPARMOR - || cs->apparmor_profile != next->apparmor_profile + || cs->apparmor_profile != next->apparmor_profile #endif /* HAVE_APPARMOR */ || cs->runchroot != next->runchroot || cs->runcwd != next->runcwd; diff --git a/plugins/sudoers/cvtsudoers_json.c b/plugins/sudoers/cvtsudoers_json.c index be5d55443..ab686e1d7 100644 --- a/plugins/sudoers/cvtsudoers_json.c +++ b/plugins/sudoers/cvtsudoers_json.c @@ -759,13 +759,13 @@ print_cmndspec_json(struct json_container *jsonc, #endif /* HAVE_SELINUX */ #ifdef HAVE_APPARMOR - if (cs->apparmor_profile != NULL) { + if (cs->apparmor_profile != NULL) { sudo_json_open_array(jsonc, "AppArmor_Spec"); value.type = JSON_STRING; value.u.string = cs->apparmor_profile; sudo_json_add_value(jsonc, "apparmor_profile", &value); sudo_json_close_array(jsonc); - } + } #endif /* HAVE_APPARMOR */ #ifdef HAVE_PRIV_SET diff --git a/plugins/sudoers/cvtsudoers_ldif.c b/plugins/sudoers/cvtsudoers_ldif.c index b3ddf2cb2..9be75e504 100644 --- a/plugins/sudoers/cvtsudoers_ldif.c +++ b/plugins/sudoers/cvtsudoers_ldif.c @@ -461,15 +461,15 @@ print_cmndspec_ldif(FILE *fp, struct sudoers_parse_tree *parse_tree, #endif /* HAVE_SELINUX */ #ifdef HAVE_APPARMOR - /* Print AppArmor profile */ - if (cs->apparmor_profile != NULL) { - if (asprintf(&attr_val, "apparmor_profile=%s", cs->apparmor_profile) == -1) { - sudo_fatalx(U_("%s: %s"), __func__, - U_("unable to allocate memory")); - } - print_attribute_ldif(fp, "sudoOption", attr_val); - free(attr_val); + /* Print AppArmor profile */ + if (cs->apparmor_profile != NULL) { + if (asprintf(&attr_val, "apparmor_profile=%s", cs->apparmor_profile) == -1) { + sudo_fatalx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); } + print_attribute_ldif(fp, "sudoOption", attr_val); + free(attr_val); + } #endif /* HAVE_APPARMOR */ #ifdef HAVE_PRIV_SET diff --git a/plugins/sudoers/cvtsudoers_merge.c b/plugins/sudoers/cvtsudoers_merge.c index dde5b9b37..bd62cc068 100644 --- a/plugins/sudoers/cvtsudoers_merge.c +++ b/plugins/sudoers/cvtsudoers_merge.c @@ -978,11 +978,11 @@ cmndspec_equivalent(struct cmndspec *cs1, struct cmndspec *cs2, bool check_negat #endif #ifdef HAVE_APPARMOR if (cs1->apparmor_profile != NULL && cs2->apparmor_profile != NULL) { - if (strcmp(cs1->apparmor_profile, cs2->apparmor_profile) != 0) - debug_return_bool(false); - } else if (cs1->apparmor_profile != cs2->apparmor_profile) { - debug_return_bool(false); - } + if (strcmp(cs1->apparmor_profile, cs2->apparmor_profile) != 0) + debug_return_bool(false); + } else if (cs1->apparmor_profile != cs2->apparmor_profile) { + debug_return_bool(false); + } #endif #ifdef HAVE_PRIV_SET if (cs1->privs != NULL && cs2->privs != NULL) { diff --git a/plugins/sudoers/def_data.in b/plugins/sudoers/def_data.in index 6372048c9..c24d6706c 100644 --- a/plugins/sudoers/def_data.in +++ b/plugins/sudoers/def_data.in @@ -481,4 +481,4 @@ intercept_type dso trace apparmor_profile T_STR - "AppArmor profile to use in the new security context: %s" \ No newline at end of file + "AppArmor profile to use in the new security context: %s" diff --git a/plugins/sudoers/gram.c b/plugins/sudoers/gram.c index fcbe50dc2..1dffb5723 100644 --- a/plugins/sudoers/gram.c +++ b/plugins/sudoers/gram.c @@ -2139,8 +2139,8 @@ yyreduce: parser_leak_remove(LEAK_PTR, (yyvsp[-2].options).type); #endif #ifdef HAVE_APPARMOR - cs->apparmor_profile = (yyvsp[-2].options).apparmor_profile; - parser_leak_remove(LEAK_PTR, (yyvsp[-2].options).apparmor_profile); + cs->apparmor_profile = (yyvsp[-2].options).apparmor_profile; + parser_leak_remove(LEAK_PTR, (yyvsp[-2].options).apparmor_profile); #endif #ifdef HAVE_PRIV_SET cs->privs = (yyvsp[-2].options).privs; @@ -2662,9 +2662,9 @@ yyreduce: #line 864 "gram.y" { #ifdef HAVE_APPARMOR - parser_leak_remove(LEAK_PTR, (yyval.options).apparmor_profile); - free((yyval.options).apparmor_profile); - (yyval.options).apparmor_profile = (yyvsp[0].string); + parser_leak_remove(LEAK_PTR, (yyval.options).apparmor_profile); + free((yyval.options).apparmor_profile); + (yyval.options).apparmor_profile = (yyvsp[0].string); #endif } #line 2665 "gram.c" diff --git a/plugins/sudoers/gram.y b/plugins/sudoers/gram.y index 055d36e1b..2ac370918 100644 --- a/plugins/sudoers/gram.y +++ b/plugins/sudoers/gram.y @@ -145,7 +145,7 @@ static void alias_error(const char *name, int errnum); %token CWD /* working directory for command */ %token TYPE /* SELinux type */ %token ROLE /* SELinux role */ -%token APPARMOR_PROFILE /* AppArmor profile */ +%token APPARMOR_PROFILE /* AppArmor profile */ %token PRIVS /* Solaris privileges */ %token LIMITPRIVS /* Solaris limit privileges */ %token CMND_TIMEOUT /* command timeout */ @@ -538,8 +538,8 @@ cmndspec : runasspec options cmndtag digcmnd { parser_leak_remove(LEAK_PTR, $2.type); #endif #ifdef HAVE_APPARMOR - cs->apparmor_profile = $2.apparmor_profile; - parser_leak_remove(LEAK_PTR, $2.apparmor_profile); + cs->apparmor_profile = $2.apparmor_profile; + parser_leak_remove(LEAK_PTR, $2.apparmor_profile); #endif #ifdef HAVE_PRIV_SET cs->privs = $2.privs; @@ -863,9 +863,9 @@ options : /* empty */ { } | options apparmor_profilespec { #ifdef HAVE_APPARMOR - parser_leak_remove(LEAK_PTR, $$.apparmor_profile); - free($$.apparmor_profile); - $$.apparmor_profile = $2; + parser_leak_remove(LEAK_PTR, $$.apparmor_profile); + free($$.apparmor_profile); + $$.apparmor_profile = $2; #endif } | options privsspec { diff --git a/plugins/sudoers/parse.c b/plugins/sudoers/parse.c index 5cb31cedb..a03d8ac7e 100644 --- a/plugins/sudoers/parse.c +++ b/plugins/sudoers/parse.c @@ -257,18 +257,18 @@ apply_cmndspec(struct cmndspec *cs) #ifdef HAVE_APPARMOR /* Set AppArmor profile, if specified */ if (cs->apparmor_profile != NULL) { - user_apparmor_profile = strdup(cs->apparmor_profile); - if (user_apparmor_profile == NULL) { - sudo_warnx(U_("%s: %s"), __func__, - U_("unable to allocate memory")); - debug_return_bool(false); - } + user_apparmor_profile = strdup(cs->apparmor_profile); + if (user_apparmor_profile == NULL) { + sudo_warnx(U_("%s: %s"), __func__, + U_("unable to allocate memory")); + debug_return_bool(false); + } } else { - user_apparmor_profile = def_apparmor_profile; - def_apparmor_profile = NULL; + user_apparmor_profile = def_apparmor_profile; + def_apparmor_profile = NULL; } if (user_apparmor_profile != NULL) { - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, "user_apparmor_profile -> %s", user_apparmor_profile); } #endif diff --git a/plugins/sudoers/parse.h b/plugins/sudoers/parse.h index e276faad0..cac32b611 100644 --- a/plugins/sudoers/parse.h +++ b/plugins/sudoers/parse.h @@ -150,7 +150,7 @@ struct command_options { char *role, *type; /* SELinux role and type */ #endif #ifdef HAVE_APPARMOR - char *apparmor_profile; /* AppArmor profile */ + char *apparmor_profile; /* AppArmor profile */ #endif #ifdef HAVE_PRIV_SET char *privs, *limitprivs; /* Solaris privilege sets */ @@ -237,7 +237,7 @@ struct cmndspec { char *role, *type; /* SELinux role and type */ #endif #ifdef HAVE_APPARMOR - char *apparmor_profile; /* AppArmor profile */ + char *apparmor_profile; /* AppArmor profile */ #endif #ifdef HAVE_PRIV_SET char *privs, *limitprivs; /* Solaris privilege sets */ diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c index 2fcb8dd12..5a0852f4d 100644 --- a/plugins/sudoers/policy.c +++ b/plugins/sudoers/policy.c @@ -331,12 +331,12 @@ sudoers_policy_deserialize_info(void *v, struct defaults_list *defaults) #endif /* HAVE_SELINUX */ #ifdef HAVE_APPARMOR if (MATCHES(*cur, "apparmor_profile=")) { - CHECK(*cur, "apparmor_profile="); - free(user_apparmor_profile); - user_apparmor_profile = strdup(*cur + sizeof("apparmor_profile=") - 1); - if (user_apparmor_profile == NULL) + CHECK(*cur, "apparmor_profile="); + free(user_apparmor_profile); + user_apparmor_profile = strdup(*cur + sizeof("apparmor_profile=") - 1); + if (user_apparmor_profile == NULL) goto oom; - continue; + continue; } #endif /* HAVE_APPARMOR */ #ifdef HAVE_BSD_AUTH_H @@ -970,7 +970,7 @@ sudoers_policy_store_result(bool accepted, char *argv[], char *envp[], #endif /* HAVE_SELINUX */ #ifdef HAVE_APPARMOR if (user_apparmor_profile != NULL) { - if ((command_info[info_len++] = sudo_new_key_val("apparmor_profile", user_apparmor_profile)) == NULL) + if ((command_info[info_len++] = sudo_new_key_val("apparmor_profile", user_apparmor_profile)) == NULL) goto oom; } #endif /* HAVE_APPARMOR */ diff --git a/src/apparmor.c b/src/apparmor.c index b7bd1a28a..cbfa2aa88 100644 --- a/src/apparmor.c +++ b/src/apparmor.c @@ -44,7 +44,8 @@ apparmor_is_enabled(void) FILE *fd; debug_decl(apparmor_is_enabled, SUDO_DEBUG_APPARMOR); - /* Check whether AppArmor is enabled by reading + /* + * Check whether AppArmor is enabled by reading * /sys/module/apparmor/parameters/enabled * * When this file exists and its contents are equal to "Y", AppArmor @@ -93,20 +94,21 @@ apparmor_prepare(const char *new_profile) goto done; } - if (mode == NULL) + if (mode == NULL) { sudo_debug_printf(SUDO_DEBUG_INFO, - "%s: changing AppArmor profile: %s -> %s", __func__, - old_profile, new_profile ? new_profile : "?" - ); - else + "%s: changing AppArmor profile: %s -> %s", __func__, + old_profile, new_profile ? new_profile : "?"); + } else { sudo_debug_printf(SUDO_DEBUG_INFO, - "%s: changing AppArmor profile: %s (%s) -> %s", __func__, - old_profile, mode, new_profile ? new_profile : "?" - ); + "%s: changing AppArmor profile: %s (%s) -> %s", __func__, + old_profile, mode, new_profile ? new_profile : "?"); + } done: - /* The profile string returned by aa_getcon must be free'd, while the - * mode string must _not_ be free'd */ + /* + * The profile string returned by aa_getcon must be free'd, while the + * mode string must _not_ be free'd. + */ if (old_profile != NULL) free(old_profile);