[apparmor] [PATCH 5/5] Library interface for tasks introspectingconfinement.
Seth Arnold
seth.arnold at gmail.com
Tue Jul 12 19:03:42 UTC 2011
I think the leading whitespace in the map file is different for the two new lines, they are quite different when rendered on my blackberry.
-----Original Message-----
From: John Johansen <john.johansen at canonical.com>
Sender: apparmor-bounces at lists.ubuntu.com
Date: Tue, 12 Jul 2011 11:49:05
To: <apparmor at lists.ubuntu.com>
Subject: [apparmor] [PATCH 5/5] Library interface for tasks introspecting
confinement.
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
libraries/libapparmor/src/apparmor.h | 2 +
libraries/libapparmor/src/kernel_interface.c | 30 +++++++++++++++++++++++++
libraries/libapparmor/src/libapparmor.map | 2 +
libraries/libapparmor/swig/SWIG/libapparmor.i | 3 +-
4 files changed, 36 insertions(+), 1 deletions(-)
diff --git a/libraries/libapparmor/src/apparmor.h b/libraries/libapparmor/src/apparmor.h
index 4ae0a03..4d131c5 100644
--- a/libraries/libapparmor/src/apparmor.h
+++ b/libraries/libapparmor/src/apparmor.h
@@ -33,6 +33,8 @@ extern int aa_change_onexec(const char *profile);
extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
extern int (aa_change_hat_vargs)(unsigned long token, int count, ...);
+extern int aa_query_confinement(char **confinement, pid_t target);
+extern int aa_introspect_confinement(char **confinement);
#define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y)
#define __macroarg_count1(Y...) __macroarg_count2 (Y, 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0)
diff --git a/libraries/libapparmor/src/kernel_interface.c b/libraries/libapparmor/src/kernel_interface.c
index 8e275f2..3782e5f 100644
--- a/libraries/libapparmor/src/kernel_interface.c
+++ b/libraries/libapparmor/src/kernel_interface.c
@@ -327,3 +327,33 @@ int (aa_change_hat_vargs)(unsigned long token, int nhats, ...)
va_end(ap);
return aa_change_hatv(argv, token);
}
+
+/**
+ * aa_query_confinement - query what the confinement for task @target is
+ * @profile: pointer to the buffer with the profile name if successful
+ * @target: task to query
+ *
+ * Returns: length of confinement data or -1 on error and sets errno
+ */
+int aa_query_confinement(char **confinement, pid_t target)
+{
+ int size;
+ char *buffer = malloc(PATH_MAX);
+ if (!buffer)
+ return -1;
+ size = getprocattr(target, "current", buffer, PATH_MAX);
+ if (size != -1)
+ *confinement = buffer;
+ return size;
+}
+
+/**
+ * aa_introspect_confinement - query what the confinement for current task is
+ * @profile: pointer to the buffer with the profile name if successful
+ *
+ * Returns: length of confinement data or -1 on error and sets errno
+ */
+int aa_introspect_confinement(char **confinement)
+{
+ return aa_query_confinement(confinement, aa_gettid());
+}
diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map
index c56cb86..9450a37 100644
--- a/libraries/libapparmor/src/libapparmor.map
+++ b/libraries/libapparmor/src/libapparmor.map
@@ -21,6 +21,8 @@ APPARMOR_1.1 {
aa_change_hat_vargs;
aa_change_profile;
aa_change_onexec;
+ aa_query_confinement;
+ aa_introspect_confinement;
parse_record;
free_record;
local:
diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i
index 1f2ede3..2b11ade 100644
--- a/libraries/libapparmor/swig/SWIG/libapparmor.i
+++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
@@ -18,4 +18,5 @@ extern int aa_change_profile(const char *profile);
extern int aa_change_onexec(const char *profile);
extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
extern int aa_change_hat_vargs(unsigned long token, int count, ...);
-
+extern int aa_query_confinement(char **confinement, pid_t target);
+extern int aa_introspect_confinement(char **confinement);
--
1.7.5.4
--
AppArmor mailing list
AppArmor at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
More information about the AppArmor
mailing list