[apparmor] [PATCH 05/12] libapparmor: Move the aa_match API
Tyler Hicks
tyhicks at canonical.com
Wed Dec 10 22:12:26 UTC 2014
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
libraries/libapparmor/include/sys/apparmor.h | 8 ++
libraries/libapparmor/src/Makefile.am | 2 +-
libraries/libapparmor/src/libapparmor.map | 11 +++
libraries/libapparmor/src/match.c | 136 +++++++++++++++++++++++++++
parser/Makefile | 10 +-
parser/match.c | 136 ---------------------------
parser/match.h | 31 ------
parser/parser_main.c | 1 -
8 files changed, 159 insertions(+), 176 deletions(-)
create mode 100644 libraries/libapparmor/src/match.c
delete mode 100644 parser/match.c
delete mode 100644 parser/match.h
diff --git a/libraries/libapparmor/include/sys/apparmor.h b/libraries/libapparmor/include/sys/apparmor.h
index 12a7691..e834290 100644
--- a/libraries/libapparmor/include/sys/apparmor.h
+++ b/libraries/libapparmor/include/sys/apparmor.h
@@ -18,6 +18,7 @@
#ifndef _SYS_APPARMOR_H
#define _SYS_APPARMOR_H 1
+#include <stdbool.h>
#include <stdint.h>
#include <sys/types.h>
@@ -102,6 +103,13 @@ extern int aa_query_label(uint32_t mask, char *query, size_t size, int *allow,
#define aa_change_hat_vargs(T, X...) \
(aa_change_hat_vargs)(T, __macroarg_counter(X), X)
+typedef struct aa_match aa_match;
+int aa_match_new_from_kernel(aa_match **match);
+aa_match *aa_match_ref(aa_match *);
+void aa_match_unref(aa_match *match);
+bool aa_match_supports_perms_create(aa_match *match);
+bool aa_match_supports_network(aa_match *match);
+
__END_DECLS
#endif /* sys/apparmor.h */
diff --git a/libraries/libapparmor/src/Makefile.am b/libraries/libapparmor/src/Makefile.am
index 0a55b34..73bedb7 100644
--- a/libraries/libapparmor/src/Makefile.am
+++ b/libraries/libapparmor/src/Makefile.am
@@ -48,7 +48,7 @@ af_protos.h: /usr/include/netinet/in.h
lib_LTLIBRARIES = libapparmor.la
noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h private.h
-libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c private.c
+libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c private.c match.c
libapparmor_la_LDFLAGS = -version-info $(AA_LIB_CURRENT):$(AA_LIB_REVISION):$(AA_LIB_AGE) -XCClinker -dynamic -pthread \
-Wl,--version-script=$(top_srcdir)/src/libapparmor.map
diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map
index 1ea221f..c8b9a91 100644
--- a/libraries/libapparmor/src/libapparmor.map
+++ b/libraries/libapparmor/src/libapparmor.map
@@ -52,6 +52,17 @@ APPARMOR_2.9 {
*;
} APPARMOR_1.1;
+APPARMOR_2.10 {
+ global:
+ aa_match_new_from_kernel;
+ aa_match_ref;
+ aa_match_unref;
+ aa_match_supports_perms_create;
+ aa_match_supports_network;
+ local:
+ *;
+} APPARMOR_2.9;
+
PRIVATE {
global:
_aa_is_blacklisted;
diff --git a/libraries/libapparmor/src/match.c b/libraries/libapparmor/src/match.c
new file mode 100644
index 0000000..fe3d9f7
--- /dev/null
+++ b/libraries/libapparmor/src/match.c
@@ -0,0 +1,136 @@
+/*
+ * Copyright (c) 2014
+ * Canonical, Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Novell, Inc. or Canonical
+ * Ltd.
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/apparmor.h>
+
+#include "private.h"
+
+#define AA_MATCH_FILE "/sys/kernel/security/apparmor/matching"
+
+#define MATCH_STRING_SIZE 1000
+
+#define SUPPORT_PERMS_CREATE (1<<1)
+#define SUPPORT_NETWORK (1<<2)
+
+struct aa_match {
+ unsigned int ref_count;
+ uint8_t support;
+};
+
+/**
+ * aa_match_new_from_kernel - create a new match based on the current kernel
+ * @match: will point to the address of an allocated and initialized aa_match
+ * object upon success
+ *
+ * Returns: 0 on success, -1 on error with errno set and *@match pointing to
+ * NULL
+ */
+int aa_match_new_from_kernel(aa_match **match)
+{
+ autofclose FILE *match_file = NULL;
+ autofree char *match_string = NULL;
+ aa_match *m;
+
+ *match = NULL;
+
+ m = (aa_match *) calloc(1, sizeof(*m));
+ if (!m) {
+ aa_match_unref(m);
+ errno = ENOMEM;
+ return -1;
+ }
+ aa_match_ref(m);
+
+ match_file = fopen(AA_MATCH_FILE, "r");
+ if (!match_file) {
+ int save = errno;
+
+ aa_match_unref(m);
+ errno = save;
+ return -1;
+ }
+
+ match_string = (char *) malloc(MATCH_STRING_SIZE);
+ if (!match_string) {
+ aa_match_unref(m);
+ errno = ENOMEM;
+ return -1;
+ }
+
+ if (!fgets(match_string, MATCH_STRING_SIZE, match_file)) {
+ aa_match_unref(m);
+ errno = EIO;
+ return -1;
+ }
+
+ if (strstr(match_string, " perms=c"))
+ m->support |= SUPPORT_PERMS_CREATE;
+
+ m->support |= SUPPORT_NETWORK;
+ *match = m;
+
+ return 0;
+}
+
+/**
+ * aa_match_ref - increments the ref count of a match
+ * @match: the match
+ *
+ * Returns: the match
+ */
+aa_match *aa_match_ref(aa_match *match)
+{
+ atomic_inc(&match->ref_count);
+ return match;
+}
+
+/**
+ * aa_match_unref - decrements the ref count and frees the match when 0
+ * @match: the match (can be NULL)
+ */
+void aa_match_unref(aa_match *match)
+{
+ if (match && atomic_dec_and_test(&match->ref_count))
+ free(match);
+}
+
+/**
+ * aa_match_supports_perms_create - provides match support status of perms_create
+ * @match: the match
+ *
+ * Returns: true if perms_create is supported, false if not
+ */
+bool aa_match_supports_perms_create(aa_match *match)
+{
+ return match->support & SUPPORT_PERMS_CREATE;
+}
+
+/**
+ * aa_match_supports_network - provides match supports status of network
+ * @match: the match
+ *
+ * Returns: true if network is supported, false if not
+ */
+bool aa_match_supports_network(aa_match *match)
+{
+ return match->support & SUPPORT_NETWORK;
+}
diff --git a/parser/Makefile b/parser/Makefile
index 7f2a532..c50398f 100644
--- a/parser/Makefile
+++ b/parser/Makefile
@@ -81,11 +81,10 @@ SRCS = parser_common.c parser_include.c parser_interface.c parser_lex.c \
parser_yacc.c parser_regex.c parser_variable.c parser_policy.c \
parser_alias.c common_optarg.c lib.c network.c \
mount.cc dbus.cc profile.cc rule.cc signal.cc ptrace.cc \
- af_rule.cc af_unix.cc features.c policy_cache.c kernel_interface.c \
- match.c
+ af_rule.cc af_unix.cc features.c policy_cache.c kernel_interface.c
HDRS = parser.h parser_include.h immunix.h mount.h dbus.h lib.h profile.h \
rule.h common_optarg.h signal.h ptrace.h network.h af_rule.h af_unix.h \
- features.h policy_cache.h kernel_interface.h match.h
+ features.h policy_cache.h kernel_interface.h
TOOLS = apparmor_parser
OBJECTS = $(patsubst %.cc, %.o, $(SRCS:.c=.o))
@@ -244,10 +243,7 @@ mount.o: mount.cc mount.h parser.h immunix.h rule.h
common_optarg.o: common_optarg.c common_optarg.h parser.h libapparmor_re/apparmor_re.h
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-features.o: features.c features.h parser.h match.h libapparmor_re/apparmor_re.h
- $(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-
-match.o: match.c match.h parser.h
+features.o: features.c features.h parser.h libapparmor_re/apparmor_re.h
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
policy_cache.o: policy_cache.c policy_cache.h parser.h features.h
diff --git a/parser/match.c b/parser/match.c
deleted file mode 100644
index e5a3ede..0000000
--- a/parser/match.c
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * Copyright (c) 2014
- * Canonical, Ltd. (All rights reserved)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of version 2 of the GNU General Public
- * License published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, contact Novell, Inc. or Canonical
- * Ltd.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "match.h"
-#include "lib.h"
-#include "parser.h"
-
-#define AA_MATCH_FILE "/sys/kernel/security/" MODULE_NAME "/matching"
-
-#define MATCH_STRING_SIZE 1000
-
-#define SUPPORT_PERMS_CREATE (1<<1)
-#define SUPPORT_NETWORK (1<<2)
-
-struct aa_match {
- unsigned int ref_count;
- uint8_t support;
-};
-
-/**
- * aa_match_new_from_kernel - create a new match based on the current kernel
- * @match: will point to the address of an allocated and initialized aa_match
- * object upon success
- *
- * Returns: 0 on success, -1 on error with errno set and *@match pointing to
- * NULL
- */
-int aa_match_new_from_kernel(aa_match **match)
-{
- autofclose FILE *match_file = NULL;
- autofree char *match_string = NULL;
- aa_match *m;
-
- *match = NULL;
-
- m = (aa_match *) calloc(1, sizeof(*m));
- if (!m) {
- aa_match_unref(m);
- errno = ENOMEM;
- return -1;
- }
- aa_match_ref(m);
-
- match_file = fopen(AA_MATCH_FILE, "r");
- if (!match_file) {
- int save = errno;
-
- aa_match_unref(m);
- errno = save;
- return -1;
- }
-
- match_string = (char *) malloc(MATCH_STRING_SIZE);
- if (!match_string) {
- aa_match_unref(m);
- errno = ENOMEM;
- return -1;
- }
-
- if (!fgets(match_string, MATCH_STRING_SIZE, match_file)) {
- aa_match_unref(m);
- errno = EIO;
- return -1;
- }
-
- if (strstr(match_string, " perms=c"))
- m->support |= SUPPORT_PERMS_CREATE;
-
- m->support |= SUPPORT_NETWORK;
- *match = m;
-
- return 0;
-}
-
-/**
- * aa_match_ref - increments the ref count of a match
- * @match: the match
- *
- * Returns: the match
- */
-aa_match *aa_match_ref(aa_match *match)
-{
- atomic_inc(&match->ref_count);
- return match;
-}
-
-/**
- * aa_match_unref - decrements the ref count and frees the match when 0
- * @match: the match (can be NULL)
- */
-void aa_match_unref(aa_match *match)
-{
- if (match && atomic_dec_and_test(&match->ref_count))
- free(match);
-}
-
-/**
- * aa_match_supports_perms_create - provides match support status of perms_create
- * @match: the match
- *
- * Returns: true if perms_create is supported, false if not
- */
-bool aa_match_supports_perms_create(aa_match *match)
-{
- return match->support & SUPPORT_PERMS_CREATE;
-}
-
-/**
- * aa_match_supports_network - provides match supports status of network
- * @match: the match
- *
- * Returns: true if network is supported, false if not
- */
-bool aa_match_supports_network(aa_match *match)
-{
- return match->support & SUPPORT_NETWORK;
-}
diff --git a/parser/match.h b/parser/match.h
deleted file mode 100644
index 6ad157a..0000000
--- a/parser/match.h
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Copyright (c) 2014
- * Canonical, Ltd. (All rights reserved)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of version 2 of the GNU General Public
- * License published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, contact Novell, Inc. or Canonical
- * Ltd.
- */
-
-#ifndef __AA_MATCH_H
-#define __AA_MATCH_H
-
-typedef struct aa_match aa_match;
-
-int aa_match_new_from_kernel(aa_match **match);
-aa_match *aa_match_ref(aa_match *);
-void aa_match_unref(aa_match *match);
-
-bool aa_match_supports_perms_create(aa_match *match);
-bool aa_match_supports_network(aa_match *match);
-
-#endif /* __AA_MATCH_H */
diff --git a/parser/parser_main.c b/parser/parser_main.c
index f86d8c5..7c445ab 100644
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -41,7 +41,6 @@
#include "lib.h"
#include "features.h"
-#include "match.h"
#include "kernel_interface.h"
#include "parser.h"
#include "parser_version.h"
--
2.1.0
More information about the AppArmor
mailing list