[apparmor] [PATCH 31/31] libapparmor: Create a private API
John Johansen
john.johansen at canonical.com
Thu Jan 22 18:16:59 UTC 2015
On 12/05/2014 04:22 PM, Tyler Hicks wrote:
> This patch creates a private API in libapparmor in which upstream
> provides no guarantees in regards to ABI stability.
>
> A new header file, <sys/apparmor_private.h>, is created. The "_aa"
> prefix will be used for symbols belonging to the private API.
>
> To kick things off, a library friendly version of is_blacklisted() is
> moved into libapparmor.
>
> The purpose of a private libapparmor API is to prevent duplicated code
> between the parser and libapparmor. This becomes an issue as we prepare
> to move chunks of the parser into libapparmor.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: John Johansen <john.johansen at canonical.com>
though I agree with Christian that we are going to want a public version
of the is_blacklisted() api. But that can come in another patch
> ---
> libraries/libapparmor/include/sys/Makefile.am | 2 +-
> .../libapparmor/include/sys/apparmor_private.h | 26 +++++++++
> libraries/libapparmor/src/Makefile.am | 2 +-
> libraries/libapparmor/src/libapparmor.map | 7 +++
> libraries/libapparmor/src/private.c | 66 ++++++++++++++++++++++
> parser/parser_misc.c | 50 ++--------------
> 6 files changed, 107 insertions(+), 46 deletions(-)
> create mode 100644 libraries/libapparmor/include/sys/apparmor_private.h
> create mode 100644 libraries/libapparmor/src/private.c
>
> diff --git a/libraries/libapparmor/include/sys/Makefile.am b/libraries/libapparmor/include/sys/Makefile.am
> index 38efc3e..2c12780 100644
> --- a/libraries/libapparmor/include/sys/Makefile.am
> +++ b/libraries/libapparmor/include/sys/Makefile.am
> @@ -1,3 +1,3 @@
>
> apparmor_hdrdir = $(includedir)/sys
> -apparmor_hdr_HEADERS = apparmor.h
> +apparmor_hdr_HEADERS = apparmor.h apparmor_private.h
> diff --git a/libraries/libapparmor/include/sys/apparmor_private.h b/libraries/libapparmor/include/sys/apparmor_private.h
> new file mode 100644
> index 0000000..6138b2c
> --- /dev/null
> +++ b/libraries/libapparmor/include/sys/apparmor_private.h
> @@ -0,0 +1,26 @@
> +/*
> + * Copyright 2014 Canonical Ltd.
> + *
> + * The libapparmor library is licensed under the terms of the GNU
> + * Lesser General Public License, version 2.1. Please see the file
> + * COPYING.LGPL.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public License
> + * along with this program. If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#ifndef _SYS_APPARMOR_PRIVATE_H
> +#define _SYS_APPARMOR_PRIVATE_H 1
> +
> +__BEGIN_DECLS
> +
> +int _aa_is_blacklisted(const char *name, const char *path);
> +
> +__END_DECLS
> +
> +#endif /* sys/apparmor_private.h */
> diff --git a/libraries/libapparmor/src/Makefile.am b/libraries/libapparmor/src/Makefile.am
> index a234264..2a7f600 100644
> --- a/libraries/libapparmor/src/Makefile.am
> +++ b/libraries/libapparmor/src/Makefile.am
> @@ -48,7 +48,7 @@ af_protos.h: /usr/include/netinet/in.h
> lib_LTLIBRARIES = libapparmor.la
> noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h
>
> -libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c
> +libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c private.c
> libapparmor_la_LDFLAGS = -version-info $(AA_LIB_CURRENT):$(AA_LIB_REVISION):$(AA_LIB_AGE) -XCClinker -dynamic -pthread \
> -Wl,--version-script=$(top_srcdir)/src/libapparmor.map
>
> diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map
> index 67175d0..c7bc606 100644
> --- a/libraries/libapparmor/src/libapparmor.map
> +++ b/libraries/libapparmor/src/libapparmor.map
> @@ -51,3 +51,10 @@ APPARMOR_2.9 {
> local:
> *;
> } APPARMOR_1.1;
> +
> +PRIVATE {
> + global:
> + _aa_is_blacklisted;
> + local:
> + *;
> +};
> diff --git a/libraries/libapparmor/src/private.c b/libraries/libapparmor/src/private.c
> new file mode 100644
> index 0000000..f6f40b5
> --- /dev/null
> +++ b/libraries/libapparmor/src/private.c
> @@ -0,0 +1,66 @@
> +/*
> + * Copyright 2014 Canonical Ltd.
> + *
> + * The libapparmor library is licensed under the terms of the GNU
> + * Lesser General Public License, version 2.1. Please see the file
> + * COPYING.LGPL.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public License
> + * along with this program. If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include <string.h>
> +
> +struct ignored_suffix_t {
> + const char * text;
> + int len;
> + int silent;
> +};
> +
> +static struct ignored_suffix_t ignored_suffixes[] = {
> + /* Debian packging files, which are in flux during install
> + should be silently ignored. */
> + { ".dpkg-new", 9, 1 },
> + { ".dpkg-old", 9, 1 },
> + { ".dpkg-dist", 10, 1 },
> + { ".dpkg-bak", 9, 1 },
> + /* RPM packaging files have traditionally not been silently
> + ignored */
> + { ".rpmnew", 7, 0 },
> + { ".rpmsave", 8, 0 },
> + /* patch file backups/conflicts */
> + { ".orig", 5, 0 },
> + { ".rej", 4, 0 },
> + /* Backup files should be mentioned */
> + { "~", 1, 0 },
> + { NULL, 0, 0 }
> +};
> +
> +int _aa_is_blacklisted(const char *name, const char *path)
> +{
> + int name_len;
> + struct ignored_suffix_t *suffix;
> +
> + /* skip dot files and files with no name */
> + if (*name == '.' || !strlen(name))
> + return 1;
> +
> + name_len = strlen(name);
> + /* skip blacklisted suffixes */
> + for (suffix = ignored_suffixes; suffix->text; suffix++) {
> + char *found;
> + if ( (found = strstr((char *) name, suffix->text)) &&
> + found - name + suffix->len == name_len ) {
> + if (!suffix->silent)
> + return -1;
> + return 1;
> + }
> + }
> +
> + return 0;
> +}
> diff --git a/parser/parser_misc.c b/parser/parser_misc.c
> index 97a2103..cb46d84 100644
> --- a/parser/parser_misc.c
> +++ b/parser/parser_misc.c
> @@ -32,6 +32,7 @@
> #include <fcntl.h>
> #include <unistd.h>
> #include <sys/apparmor.h>
> +#include <sys/apparmor_private.h>
>
> #include "lib.h"
> #include "parser.h"
> @@ -50,53 +51,14 @@
> #endif
> #define NPDEBUG(fmt, args...) /* Do nothing */
>
> -struct ignored_suffix_t {
> - const char * text;
> - int len;
> - int silent;
> -};
> -
> -static struct ignored_suffix_t ignored_suffixes[] = {
> - /* Debian packging files, which are in flux during install
> - should be silently ignored. */
> - { ".dpkg-new", 9, 1 },
> - { ".dpkg-old", 9, 1 },
> - { ".dpkg-dist", 10, 1 },
> - { ".dpkg-bak", 9, 1 },
> - /* RPM packaging files have traditionally not been silently
> - ignored */
> - { ".rpmnew", 7, 0 },
> - { ".rpmsave", 8, 0 },
> - /* patch file backups/conflicts */
> - { ".orig", 5, 0 },
> - { ".rej", 4, 0 },
> - /* Backup files should be mentioned */
> - { "~", 1, 0 },
> - { NULL, 0, 0 }
> -};
> -
> int is_blacklisted(const char *name, const char *path)
> {
> - int name_len;
> - struct ignored_suffix_t *suffix;
> -
> - /* skip dot files and files with no name */
> - if (*name == '.' || !strlen(name))
> - return 1;
> -
> - name_len = strlen(name);
> - /* skip blacklisted suffixes */
> - for (suffix = ignored_suffixes; suffix->text; suffix++) {
> - char *found;
> - if ( (found = strstr((char *) name, suffix->text)) &&
> - found - name + suffix->len == name_len ) {
> - if (!suffix->silent)
> - PERROR("Ignoring: '%s'\n", path ? path : name);
> - return 1;
> - }
> - }
> + int retval = _aa_is_blacklisted(name, path);
> +
> + if (retval == -1)
> + PERROR("Ignoring: '%s'\n", path ? path : name);
>
> - return 0;
> + return !retval ? 0 : 1;
> }
>
> struct keyword_table {
>
More information about the AppArmor
mailing list