[apparmor] [PATCH 5/5] Library interface for tasks introspectingconfinement.

Tue Jul 12 19:12:39 UTC 2011

On 07/12/2011 12:03 PM, Seth Arnold wrote:
> I think the leading whitespace in the map file is different for the two new lines, they are quite different when rendered on my blackberry.
Indeed they are, turns out I used tabs and spaces are what exists in the file

> -----Original Message-----
> From: John Johansen <john.johansen at canonical.com>
> Sender: apparmor-bounces at lists.ubuntu.com
> Date: Tue, 12 Jul 2011 11:49:05 
> To: <apparmor at lists.ubuntu.com>
> Subject: [apparmor] [PATCH 5/5] Library interface for tasks introspecting
> 	confinement.
> 
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
>  libraries/libapparmor/src/apparmor.h          |    2 +
>  libraries/libapparmor/src/kernel_interface.c  |   30 +++++++++++++++++++++++++
>  libraries/libapparmor/src/libapparmor.map     |    2 +
>  libraries/libapparmor/swig/SWIG/libapparmor.i |    3 +-
>  4 files changed, 36 insertions(+), 1 deletions(-)
> 
> diff --git a/libraries/libapparmor/src/apparmor.h b/libraries/libapparmor/src/apparmor.h
> index 4ae0a03..4d131c5 100644
> --- a/libraries/libapparmor/src/apparmor.h
> +++ b/libraries/libapparmor/src/apparmor.h
> @@ -33,6 +33,8 @@ extern int aa_change_onexec(const char *profile);
>  
>  extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
>  extern int (aa_change_hat_vargs)(unsigned long token, int count, ...);
> +extern int aa_query_confinement(char **confinement, pid_t target);
> +extern int aa_introspect_confinement(char **confinement);
>  
>  #define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y)
>  #define __macroarg_count1(Y...) __macroarg_count2 (Y, 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0)
> diff --git a/libraries/libapparmor/src/kernel_interface.c b/libraries/libapparmor/src/kernel_interface.c
> index 8e275f2..3782e5f 100644
> --- a/libraries/libapparmor/src/kernel_interface.c
> +++ b/libraries/libapparmor/src/kernel_interface.c
> @@ -327,3 +327,33 @@ int (aa_change_hat_vargs)(unsigned long token, int nhats, ...)
>  	va_end(ap);
>  	return aa_change_hatv(argv, token);
>  }
> +
> +/**
> + * aa_query_confinement - query what the confinement for task @target is
> + * @profile: pointer to the buffer with the profile name if successful
> + * @target: task to query
> + *
> + * Returns: length of confinement data or -1 on error and sets errno
> + */
> +int aa_query_confinement(char **confinement, pid_t target)
> +{
> +	int size;
> +	char *buffer = malloc(PATH_MAX);
> +	if (!buffer)
> +		return -1;
> +	size = getprocattr(target, "current", buffer, PATH_MAX);
> +	if (size != -1)
> +		*confinement = buffer;
> +	return size;
> +}
> +
> +/**
> + * aa_introspect_confinement - query what the confinement for current task is
> + * @profile: pointer to the buffer with the profile name if successful
> + *
> + * Returns: length of confinement data or -1 on error and sets errno
> + */
> +int aa_introspect_confinement(char **confinement)
> +{
> +	return aa_query_confinement(confinement, aa_gettid());
> +}
> diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map
> index c56cb86..9450a37 100644
> --- a/libraries/libapparmor/src/libapparmor.map
> +++ b/libraries/libapparmor/src/libapparmor.map
> @@ -21,6 +21,8 @@ APPARMOR_1.1 {
>          aa_change_hat_vargs;
>          aa_change_profile;
>          aa_change_onexec;
> +	aa_query_confinement;
> +	aa_introspect_confinement;
>          parse_record;
>          free_record;
>    local:
> diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i
> index 1f2ede3..2b11ade 100644
> --- a/libraries/libapparmor/swig/SWIG/libapparmor.i
> +++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
> @@ -18,4 +18,5 @@ extern int aa_change_profile(const char *profile);
>  extern int aa_change_onexec(const char *profile);
>  extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
>  extern int aa_change_hat_vargs(unsigned long token, int count, ...);
> -
> +extern int aa_query_confinement(char **confinement, pid_t target);
> +extern int aa_introspect_confinement(char **confinement);