[apparmor] [PATCH 21/31] parser: Add features comparison function

Thu Jan 22 18:14:54 UTC 2015

On 12/05/2014 04:22 PM, Tyler Hicks wrote:
> This is a simple aa_features equality test. Placing it behind a function
> call allows us to do something more complex than a simple string
> comparison later.
> 
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>

So the code is fine, but I had really hoped to kill off the equals comparison
and hesitate having this show up in the library.

Basically I want feature subsets comparison so we don't run into issues where
the compiler supports fewer features than the kernel, and builds the cache
as such but writes the kernel feature set.

When we get into these situations an updated userspace might not clear out
the cache current, when it really should

> ---
>  parser/features.c     | 13 +++++++++++++
>  parser/features.h     |  1 +
>  parser/policy_cache.c |  5 +----
>  3 files changed, 15 insertions(+), 4 deletions(-)
> 
> diff --git a/parser/features.c b/parser/features.c
> index f3bdcd0..429eb21 100644
> --- a/parser/features.c
> +++ b/parser/features.c
> @@ -266,3 +266,16 @@ const char *aa_features_get_string(aa_features *features)
>  {
>  	return features->string;
>  }
> +
> +/**
> + * aa_features_is_equal - equality test for two features
> + * @features1: the first features (can be NULL)
> + * @features2: the second features (can be NULL)
> + *
> + * Returns: true if they're equal, false if they're not or either are NULL
> + */
> +bool aa_features_is_equal(aa_features *features1, aa_features *features2)
> +{
> +	return features1 && features2 &&
> +	       strcmp(features1->string, features2->string) == 0;
> +}
> diff --git a/parser/features.h b/parser/features.h
> index 100f460..a0c177f 100644
> --- a/parser/features.h
> +++ b/parser/features.h
> @@ -28,5 +28,6 @@ int aa_features_new_from_kernel(aa_features **features);
>  aa_features *aa_features_ref(aa_features *features);
>  void aa_features_unref(aa_features *features);
>  const char *aa_features_get_string(aa_features *features);
> +bool aa_features_is_equal(aa_features *features1, aa_features *features2);
>  
>  #endif /* __AA_FEATURES_H */
> diff --git a/parser/policy_cache.c b/parser/policy_cache.c
> index 8d34f34..27c83c1 100644
> --- a/parser/policy_cache.c
> +++ b/parser/policy_cache.c
> @@ -252,10 +252,7 @@ int setup_cache(aa_features *kernel_features, const char *cacheloc)
>  
>  	kernel_features_string = aa_features_get_string(kernel_features);
>  	if (!aa_features_new(&cache_features, cache_features_path)) {
> -		const char *cache_features_string;
> -
> -		cache_features_string = aa_features_get_string(cache_features);
> -		if (strcmp(kernel_features_string, cache_features_string) != 0) {
> +		if (!aa_features_is_equal(kernel_features, cache_features)) {
>  			if (write_cache && cond_clear_cache) {
>  				if (create_cache(cacheloc, cache_features_path,
>  						 kernel_features_string))
> 