[apparmor] [PATCH 4/7] libapparmor: Parse mode from confinement string in getpeercon functions

Sun Jun 23 23:23:16 UTC 2013

The functions that return the confinement information of a peer socket
connection should parse and return the mode like the task-based
functions.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
 libraries/libapparmor/src/apparmor.h          |  4 ++--
 libraries/libapparmor/src/kernel_interface.c  | 16 +++++++++++++---
 libraries/libapparmor/swig/SWIG/libapparmor.i |  4 ++--
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/libraries/libapparmor/src/apparmor.h b/libraries/libapparmor/src/apparmor.h
index c93bee8..142d1e1 100644
--- a/libraries/libapparmor/src/apparmor.h
+++ b/libraries/libapparmor/src/apparmor.h
@@ -48,8 +48,8 @@ extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
 extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char **mode);
 extern int aa_gettaskcon(pid_t target, char **con, char **mode);
 extern int aa_getcon(char **con, char **mode);
-extern int aa_getpeercon_raw(int fd, char *buffer, int *size);
-extern int aa_getpeercon(int fd, char **con);
+extern int aa_getpeercon_raw(int fd, char *buffer, int *size, char **mode);
+extern int aa_getpeercon(int fd, char **con, char **mode);
 
 #define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y)
 #define __macroarg_count1(Y...) __macroarg_count2 (Y, 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0)
diff --git a/libraries/libapparmor/src/kernel_interface.c b/libraries/libapparmor/src/kernel_interface.c
index afb51b5..0c02d15 100644
--- a/libraries/libapparmor/src/kernel_interface.c
+++ b/libraries/libapparmor/src/kernel_interface.c
@@ -563,13 +563,15 @@ int aa_getcon(char **con, char **mode)
  * @fd: socket to get peer confinement for
  * @con: pointer to buffer to store confinement string
  * @size: initially contains size of the buffer, returns size of data read
+ * @mode: if set will point to mode string within buffer if it is present
  *
  * Returns: length of confinement data including null termination or -1 on error
  *          if errno == ERANGE then @size will hold the size needed
  */
-int aa_getpeercon_raw(int fd, char *buffer, int *size)
+int aa_getpeercon_raw(int fd, char *buffer, int *size, char **mode)
 {
 	socklen_t optlen = *size;
+	char *mode_str;
 	int rc;
 
 	if (optlen <= 0 || buffer == NULL) {
@@ -591,9 +593,14 @@ int aa_getpeercon_raw(int fd, char *buffer, int *size)
 			rc = -1;
 			errno = ERANGE;
 			optlen++;
+			goto out;
 		}
 	}
 
+	mode_str = parse_confinement_mode(buffer, optlen);
+	if (mode)
+		*mode = mode_str;
+
 	rc = optlen;
 out:
 	*size = optlen;
@@ -604,12 +611,13 @@ out:
  * aa_getpeercon - get the confinement of the socket's peer (other end)
  * @fd: socket to get peer confinement for
  * @con: pointer to allocated buffer with the confinement string
+ * @mode: if provided will point to the mode string in @con if present
  *
  * Returns: length of confinement data including null termination or -1 on error
  *
  * Caller is responsible for freeing the buffer returned.
  */
-int aa_getpeercon(int fd, char **con)
+int aa_getpeercon(int fd, char **con, char **mode)
 {
 	int rc, last_size, size = INITIAL_GUESS_SIZE;
 	char *buffer = NULL;
@@ -626,13 +634,15 @@ int aa_getpeercon(int fd, char **con)
 			return -1;
 		memset(buffer, 0, size);
 
-		rc = aa_getpeercon_raw(fd, buffer, &size);
+		rc = aa_getpeercon_raw(fd, buffer, &size, mode);
 		/* size should contain actual size needed if errno == ERANGE */
 	} while (rc == -1 && errno == ERANGE && size > last_size);
 
 	if (rc == -1) {
 		free(buffer);
 		*con = NULL;
+		if (mode)
+			*mode = NULL;
 		size = -1;
 	} else
 		*con = buffer;
diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i
index f0ebf5a..13b86b8 100644
--- a/libraries/libapparmor/swig/SWIG/libapparmor.i
+++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
@@ -25,5 +25,5 @@ extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
 extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char **mode);
 extern int aa_gettaskcon(pid_t target, char **con, char **mode);
 extern int aa_getcon(char **con, char **mode);
-extern int aa_getpeercon_raw(int fd, char *buffer, int *size);
-extern int aa_getpeercon(int fd, char **con);
+extern int aa_getpeercon_raw(int fd, char *buffer, int *size, char **mode);
+extern int aa_getpeercon(int fd, char **con, char **mode);
-- 
1.8.1.2


