[apparmor] [PATCH 5/5] Library interface for tasks introspecting confinement.
Steve Beattie
steve at nxnw.org
Thu Jul 14 23:35:03 UTC 2011
Modulo the space issue in the map file that Seth pointed out,
Acked-By: Steve Beattie <sbeattie at ubuntu.com>
Thanks!
On Tue, Jul 12, 2011 at 11:49:05AM -0700, John Johansen wrote:
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
> libraries/libapparmor/src/apparmor.h | 2 +
> libraries/libapparmor/src/kernel_interface.c | 30 +++++++++++++++++++++++++
> libraries/libapparmor/src/libapparmor.map | 2 +
> libraries/libapparmor/swig/SWIG/libapparmor.i | 3 +-
> 4 files changed, 36 insertions(+), 1 deletions(-)
>
> diff --git a/libraries/libapparmor/src/apparmor.h b/libraries/libapparmor/src/apparmor.h
> index 4ae0a03..4d131c5 100644
> --- a/libraries/libapparmor/src/apparmor.h
> +++ b/libraries/libapparmor/src/apparmor.h
> @@ -33,6 +33,8 @@ extern int aa_change_onexec(const char *profile);
>
> extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
> extern int (aa_change_hat_vargs)(unsigned long token, int count, ...);
> +extern int aa_query_confinement(char **confinement, pid_t target);
> +extern int aa_introspect_confinement(char **confinement);
>
> #define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y)
> #define __macroarg_count1(Y...) __macroarg_count2 (Y, 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0)
> diff --git a/libraries/libapparmor/src/kernel_interface.c b/libraries/libapparmor/src/kernel_interface.c
> index 8e275f2..3782e5f 100644
> --- a/libraries/libapparmor/src/kernel_interface.c
> +++ b/libraries/libapparmor/src/kernel_interface.c
> @@ -327,3 +327,33 @@ int (aa_change_hat_vargs)(unsigned long token, int nhats, ...)
> va_end(ap);
> return aa_change_hatv(argv, token);
> }
> +
> +/**
> + * aa_query_confinement - query what the confinement for task @target is
> + * @profile: pointer to the buffer with the profile name if successful
> + * @target: task to query
> + *
> + * Returns: length of confinement data or -1 on error and sets errno
> + */
> +int aa_query_confinement(char **confinement, pid_t target)
> +{
> + int size;
> + char *buffer = malloc(PATH_MAX);
> + if (!buffer)
> + return -1;
> + size = getprocattr(target, "current", buffer, PATH_MAX);
> + if (size != -1)
> + *confinement = buffer;
> + return size;
> +}
> +
> +/**
> + * aa_introspect_confinement - query what the confinement for current task is
> + * @profile: pointer to the buffer with the profile name if successful
> + *
> + * Returns: length of confinement data or -1 on error and sets errno
> + */
> +int aa_introspect_confinement(char **confinement)
> +{
> + return aa_query_confinement(confinement, aa_gettid());
> +}
> diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map
> index c56cb86..9450a37 100644
> --- a/libraries/libapparmor/src/libapparmor.map
> +++ b/libraries/libapparmor/src/libapparmor.map
> @@ -21,6 +21,8 @@ APPARMOR_1.1 {
> aa_change_hat_vargs;
> aa_change_profile;
> aa_change_onexec;
> + aa_query_confinement;
> + aa_introspect_confinement;
> parse_record;
> free_record;
> local:
> diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i
> index 1f2ede3..2b11ade 100644
> --- a/libraries/libapparmor/swig/SWIG/libapparmor.i
> +++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
> @@ -18,4 +18,5 @@ extern int aa_change_profile(const char *profile);
> extern int aa_change_onexec(const char *profile);
> extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
> extern int aa_change_hat_vargs(unsigned long token, int count, ...);
> -
> +extern int aa_query_confinement(char **confinement, pid_t target);
> +extern int aa_introspect_confinement(char **confinement);
> --
> 1.7.5.4
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110714/78bbf2b6/attachment-0001.pgp>
More information about the AppArmor
mailing list