summaryrefslogtreecommitdiff
path: root/bin/systrace/policy.c
diff options
context:
space:
mode:
authorNiels Provos <provos@cvs.openbsd.org>2002-06-05 21:09:03 +0000
committerNiels Provos <provos@cvs.openbsd.org>2002-06-05 21:09:03 +0000
commit7bd57261c7d93a1f815813d58639a52f4c59eedb (patch)
tree329d5c222e3b04896a1f813b081e1c3ad5262a92 /bin/systrace/policy.c
parentf99479c4660de1aa46826aa9f6bc3ddf453883aa (diff)
append predicate, instead of prepending. makes rules sortable again.
pointed out by dugsong@
Diffstat (limited to 'bin/systrace/policy.c')
-rw-r--r--bin/systrace/policy.c39
1 files changed, 19 insertions, 20 deletions
diff --git a/bin/systrace/policy.c b/bin/systrace/policy.c
index 187be64a906..c2b50df0b02 100644
--- a/bin/systrace/policy.c
+++ b/bin/systrace/policy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: policy.c,v 1.6 2002/06/05 20:52:47 provos Exp $ */
+/* $OpenBSD: policy.c,v 1.7 2002/06/05 21:09:02 provos Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
@@ -410,25 +410,6 @@ systrace_readpolicy(char *filename)
policy->flags |= POLICY_DETACHED;
policy = NULL;
continue;
- } else if (!strncasecmp(p, "if", 2)) {
- int match;
- char *predicate;
-
- /* Process predicates */
- p += 2;
- p += strspn(p, " \t");
- predicate = strsep(&p, ",");
- if (p == NULL)
- goto error;
-
- match = systrace_predicatematch(predicate);
- if (match == -1)
- goto error;
- /* If the predicate does not match skip rule */
- if (!match)
- continue;
-
- p += strspn(p, " \t");
}
emulation = strsep(&p, "-");
@@ -444,6 +425,24 @@ systrace_readpolicy(char *filename)
p++;
rule = p;
+ if ((p = strrchr(p, ',')) != NULL &&
+ !strncasecmp(p, ", if", 4)) {
+ int match;
+
+ *p = '\0';
+
+ /* Process predicates */
+ p += 4;
+ p += strspn(p, " \t");
+
+ match = systrace_predicatematch(p);
+ if (match == -1)
+ goto error;
+ /* If the predicate does not match skip rule */
+ if (!match)
+ continue;
+ }
+
if (filter_parse_simple(rule, &action, &future) == -1) {
if (parse_filter(rule, &parsed) == -1)
goto error;