[apparmor] [PATCH 3/7] libapparmor: Move mode parsing into separate function
Tyler Hicks
tyhicks at canonical.com
Sun Jun 23 23:23:15 UTC 2013
The getpeercon functions need to parse the mode from the confinement
string. This patch creates a function that aa_getpeercon_raw() and
aa_getprocattr_raw() can both use.
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
libraries/libapparmor/src/kernel_interface.c | 46 +++++++++++++++++-----------
1 file changed, 28 insertions(+), 18 deletions(-)
diff --git a/libraries/libapparmor/src/kernel_interface.c b/libraries/libapparmor/src/kernel_interface.c
index ee7908a..afb51b5 100644
--- a/libraries/libapparmor/src/kernel_interface.c
+++ b/libraries/libapparmor/src/kernel_interface.c
@@ -150,6 +150,33 @@ static char *procattr_path(pid_t pid, const char *attr)
}
/**
+ * parse_confinement_mode - get the mode from the confinement string
+ * @con: the confinement string
+ * @size: size of the confinement string
+ *
+ * Modifies con to NUL-terminate the label string and the mode string.
+ *
+ * Returns: a pointer to the NUL-terminated mode inside the confinement string
+ * or NULL if the mode was not found
+ */
+static char *parse_confinement_mode(char *con, int size)
+{
+ if (strcmp(con, "unconfined") != 0 &&
+ size > 4 && con[size - 2] == ')') {
+ int pos = size - 3;
+
+ while (pos > 0 && !(con[pos] == ' ' && con[pos + 1] == '('))
+ pos--;
+ if (pos > 0) {
+ con[pos] = 0; /* overwrite ' ' */
+ con[size - 2] = 0; /* overwrite trailing ) */
+ return &con[pos + 2]; /* skip '(' */
+ }
+ }
+ return NULL;
+}
+
+/**
* aa_getprocattr_raw - get the contents of @attr for @tid into @buf
* @tid: tid of task to query
* @attr: which /proc/<tid>/attr/<attr> to query
@@ -217,25 +244,8 @@ int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
size++;
}
- /*
- * now separate the mode. If we don't find it just
- * return NULL
- */
if (mode)
- *mode = NULL;
- if (strcmp(buf, "unconfined") != 0 &&
- size > 4 && buf[size - 2] == ')') {
- int pos = size - 3;
- while (pos > 0 &&
- !(buf[pos] == ' ' && buf[pos + 1] == '('))
- pos--;
- if (pos > 0) {
- buf[pos] = 0; /* overwrite ' ' */
- buf[size - 2] = 0; /* overwrite trailing ) */
- if (mode)
- *mode = &buf[pos + 2]; /* skip '(' */
- }
- }
+ *mode = parse_confinement_mode(buf, size);
}
rc = size;
--
1.8.1.2
More information about the AppArmor
mailing list