[apparmor] [PATCH 6/7] add query_dconf_raw, and split query_dconf to share base, setup

Fri Feb 10 20:55:01 UTC 2017

dconf needs to do a raw query, so refactor the query_dconf fn into
a setup, query fns.

Signed-off-by: John Johansen <john.johansen at canonical.com>
---
 libraries/libapparmor/src/kernel.c | 69 ++++++++++++++++++++++++++++++++------
 1 file changed, 59 insertions(+), 10 deletions(-)

diff --git a/libraries/libapparmor/src/kernel.c b/libraries/libapparmor/src/kernel.c
index c504c9d..7aa665d 100644
--- a/libraries/libapparmor/src/kernel.c
+++ b/libraries/libapparmor/src/kernel.c
@@ -1099,6 +1099,60 @@ int aa_query_link_path(const char *label, const char *target, const char *link,
 }
 
 /**
+ * aa_query_dconf_setup - setup query access permissions for a dconf @path
+ * @label: apparmor label
+ * @label_len: length of @label (does not include any terminating nul byte)
+ * @path: file path to query permissions for
+ * @path_len: length of @path (does not include any terminating nul byte)
+ *
+ * Returns: size on success else -1 and sets errno. If -1 is returned and
+ *          errno is ENOENT, the subject label in the query string is unknown
+ *          to the kernel.
+ */
+static ssize_t query_dconf_setup(char **query, const char *label, size_t label_len,
+			     const char *path, size_t path_len)
+{
+	/* + 1 for null separator, + 1 for AA_CLASS_DCONF */
+	ssize_t size = AA_QUERY_CMD_LABEL_SIZE + label_len + 1 + 1 + path_len;
+	*query = malloc(size);
+	if (!*query)
+		return -1;
+	memcpy(*query + AA_QUERY_CMD_LABEL_SIZE, label, label_len);
+	/* null separator */
+	*query[AA_QUERY_CMD_LABEL_SIZE + label_len] = 0;
+	*query[AA_QUERY_CMD_LABEL_SIZE + label_len + 1] = AA_CLASS_DCONF;
+	memcpy(*query + AA_QUERY_CMD_LABEL_SIZE + label_len + 2, path, path_len);
+
+	return size;
+}
+
+/**
+ * aa_query_dconf_raw - query access permissions for a dconf @path
+ * @label: apparmor label
+ * @label_len: length of @label (does not include any terminating nul byte)
+ * @path: file path to query permissions for
+ * @path_len: length of @path (does not include any terminating nul byte)
+ * @perms: Returns: perms for the query.
+ *
+ * Returns: 0 on success else -1 and sets errno. If -1 is returned and errno is
+ *          ENOENT, the subject label in the query string is unknown to the
+ *          kernel.
+ */
+static int aa_query_dconf_raw(const char *label, size_t label_len,
+			      const char *path, size_t path_len,
+			      aa_perms_t *perms)
+
+{
+	autofree char *query = NULL;
+	ssize_t size;
+	size = query_dconf_setup(&query, label, label_len, path, path_len);
+	if (size == -1)
+		return -1;
+
+	return query_label_raw(query, size, perms);
+}
+
+/**
  * aa_query_dconf_len - query access permissions for a dconf @path
  * @mask: permission bits to query
  * @label: apparmor label
@@ -1118,18 +1172,13 @@ int aa_query_dconf_len(uint32_t mask, const char *label, size_t label_len,
 		       int *audited)
 {
 	autofree char *query = NULL;
+	ssize_t size;
 
-	/* + 1 for null separator, + 1 for AA_CLASS_DCONF */
-	size_t size = AA_QUERY_CMD_LABEL_SIZE + label_len + 1 + 1 + path_len;
-	query = malloc(size);
-	if (!query)
+	size = query_dconf_setup(&query, label, label_len, path, path_len);
+	if  (size == -1)
 		return -1;
-	memcpy(query + AA_QUERY_CMD_LABEL_SIZE, label, label_len);
-	/* null separator */
-	query[AA_QUERY_CMD_LABEL_SIZE + label_len] = 0;
-	query[AA_QUERY_CMD_LABEL_SIZE + label_len + 1] = AA_CLASS_DCONF;
-	memcpy(query + AA_QUERY_CMD_LABEL_SIZE + label_len + 2, path, path_len);
-	return aa_query_label(mask, query, size , allowed, audited);
+
+	return aa_query_label(mask, query, size, allowed, audited);
 }
 
 /**
-- 
2.9.3



