[apparmor] [PATCH 5/5] Library interface for tasks introspecting confinement.

Steve Beattie steve at nxnw.org
Thu Jul 14 23:35:03 UTC 2011


Modulo the space issue in the map file that Seth pointed out,
Acked-By: Steve Beattie <sbeattie at ubuntu.com>

Thanks!

On Tue, Jul 12, 2011 at 11:49:05AM -0700, John Johansen wrote:
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
>  libraries/libapparmor/src/apparmor.h          |    2 +
>  libraries/libapparmor/src/kernel_interface.c  |   30 +++++++++++++++++++++++++
>  libraries/libapparmor/src/libapparmor.map     |    2 +
>  libraries/libapparmor/swig/SWIG/libapparmor.i |    3 +-
>  4 files changed, 36 insertions(+), 1 deletions(-)
> 
> diff --git a/libraries/libapparmor/src/apparmor.h b/libraries/libapparmor/src/apparmor.h
> index 4ae0a03..4d131c5 100644
> --- a/libraries/libapparmor/src/apparmor.h
> +++ b/libraries/libapparmor/src/apparmor.h
> @@ -33,6 +33,8 @@ extern int aa_change_onexec(const char *profile);
>  
>  extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
>  extern int (aa_change_hat_vargs)(unsigned long token, int count, ...);
> +extern int aa_query_confinement(char **confinement, pid_t target);
> +extern int aa_introspect_confinement(char **confinement);
>  
>  #define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y)
>  #define __macroarg_count1(Y...) __macroarg_count2 (Y, 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0)
> diff --git a/libraries/libapparmor/src/kernel_interface.c b/libraries/libapparmor/src/kernel_interface.c
> index 8e275f2..3782e5f 100644
> --- a/libraries/libapparmor/src/kernel_interface.c
> +++ b/libraries/libapparmor/src/kernel_interface.c
> @@ -327,3 +327,33 @@ int (aa_change_hat_vargs)(unsigned long token, int nhats, ...)
>  	va_end(ap);
>  	return aa_change_hatv(argv, token);
>  }
> +
> +/**
> + * aa_query_confinement - query what the confinement for task @target is
> + * @profile: pointer to the buffer with the profile name if successful
> + * @target: task to query
> + *
> + * Returns: length of confinement data or -1 on error and sets errno
> + */
> +int aa_query_confinement(char **confinement, pid_t target)
> +{
> +	int size;
> +	char *buffer = malloc(PATH_MAX);
> +	if (!buffer)
> +		return -1;
> +	size = getprocattr(target, "current", buffer, PATH_MAX);
> +	if (size != -1)
> +		*confinement = buffer;
> +	return size;
> +}
> +
> +/**
> + * aa_introspect_confinement - query what the confinement for current task is
> + * @profile: pointer to the buffer with the profile name if successful
> + *
> + * Returns: length of confinement data or -1 on error and sets errno
> + */
> +int aa_introspect_confinement(char **confinement)
> +{
> +	return aa_query_confinement(confinement, aa_gettid());
> +}
> diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map
> index c56cb86..9450a37 100644
> --- a/libraries/libapparmor/src/libapparmor.map
> +++ b/libraries/libapparmor/src/libapparmor.map
> @@ -21,6 +21,8 @@ APPARMOR_1.1 {
>          aa_change_hat_vargs;
>          aa_change_profile;
>          aa_change_onexec;
> +	aa_query_confinement;
> +	aa_introspect_confinement;
>          parse_record;
>          free_record;
>    local:
> diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i
> index 1f2ede3..2b11ade 100644
> --- a/libraries/libapparmor/swig/SWIG/libapparmor.i
> +++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
> @@ -18,4 +18,5 @@ extern int aa_change_profile(const char *profile);
>  extern int aa_change_onexec(const char *profile);
>  extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
>  extern int aa_change_hat_vargs(unsigned long token, int count, ...);
> -
> +extern int aa_query_confinement(char **confinement, pid_t target);
> +extern int aa_introspect_confinement(char **confinement);
> -- 
> 1.7.5.4
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

-- 
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110714/78bbf2b6/attachment-0001.pgp>


More information about the AppArmor mailing list