[apparmor] [PATCH 4/7] libapparmor: Parse mode from confinement string in getpeercon functions

Seth Arnold seth.arnold at canonical.com
Mon Jun 24 21:30:32 UTC 2013 

On Sun, Jun 23, 2013 at 04:23:16PM -0700, Tyler Hicks wrote:
> The functions that return the confinement information of a peer socket
> connection should parse and return the mode like the task-based
> functions.
> 
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>

Acked-by: Seth Arnold <seth.arnold at canonical.com>

> ---
>  libraries/libapparmor/src/apparmor.h          |  4 ++--
>  libraries/libapparmor/src/kernel_interface.c  | 16 +++++++++++++---
>  libraries/libapparmor/swig/SWIG/libapparmor.i |  4 ++--
>  3 files changed, 17 insertions(+), 7 deletions(-)
> 
> diff --git a/libraries/libapparmor/src/apparmor.h b/libraries/libapparmor/src/apparmor.h
> index c93bee8..142d1e1 100644
> --- a/libraries/libapparmor/src/apparmor.h
> +++ b/libraries/libapparmor/src/apparmor.h
> @@ -48,8 +48,8 @@ extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
>  extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char **mode);
>  extern int aa_gettaskcon(pid_t target, char **con, char **mode);
>  extern int aa_getcon(char **con, char **mode);
> -extern int aa_getpeercon_raw(int fd, char *buffer, int *size);
> -extern int aa_getpeercon(int fd, char **con);
> +extern int aa_getpeercon_raw(int fd, char *buffer, int *size, char **mode);
> +extern int aa_getpeercon(int fd, char **con, char **mode);
>  
>  #define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y)
>  #define __macroarg_count1(Y...) __macroarg_count2 (Y, 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0)
> diff --git a/libraries/libapparmor/src/kernel_interface.c b/libraries/libapparmor/src/kernel_interface.c
> index afb51b5..0c02d15 100644
> --- a/libraries/libapparmor/src/kernel_interface.c
> +++ b/libraries/libapparmor/src/kernel_interface.c
> @@ -563,13 +563,15 @@ int aa_getcon(char **con, char **mode)
>   * @fd: socket to get peer confinement for
>   * @con: pointer to buffer to store confinement string
>   * @size: initially contains size of the buffer, returns size of data read
> + * @mode: if set will point to mode string within buffer if it is present
>   *
>   * Returns: length of confinement data including null termination or -1 on error
>   *          if errno == ERANGE then @size will hold the size needed
>   */
> -int aa_getpeercon_raw(int fd, char *buffer, int *size)
> +int aa_getpeercon_raw(int fd, char *buffer, int *size, char **mode)
>  {
>  	socklen_t optlen = *size;
> +	char *mode_str;
>  	int rc;
>  
>  	if (optlen <= 0 || buffer == NULL) {
> @@ -591,9 +593,14 @@ int aa_getpeercon_raw(int fd, char *buffer, int *size)
>  			rc = -1;
>  			errno = ERANGE;
>  			optlen++;
> +			goto out;
>  		}
>  	}
>  
> +	mode_str = parse_confinement_mode(buffer, optlen);
> +	if (mode)
> +		*mode = mode_str;
> +
>  	rc = optlen;
>  out:
>  	*size = optlen;
> @@ -604,12 +611,13 @@ out:
>   * aa_getpeercon - get the confinement of the socket's peer (other end)
>   * @fd: socket to get peer confinement for
>   * @con: pointer to allocated buffer with the confinement string
> + * @mode: if provided will point to the mode string in @con if present
>   *
>   * Returns: length of confinement data including null termination or -1 on error
>   *
>   * Caller is responsible for freeing the buffer returned.
>   */
> -int aa_getpeercon(int fd, char **con)
> +int aa_getpeercon(int fd, char **con, char **mode)
>  {
>  	int rc, last_size, size = INITIAL_GUESS_SIZE;
>  	char *buffer = NULL;
> @@ -626,13 +634,15 @@ int aa_getpeercon(int fd, char **con)
>  			return -1;
>  		memset(buffer, 0, size);
>  
> -		rc = aa_getpeercon_raw(fd, buffer, &size);
> +		rc = aa_getpeercon_raw(fd, buffer, &size, mode);
>  		/* size should contain actual size needed if errno == ERANGE */
>  	} while (rc == -1 && errno == ERANGE && size > last_size);
>  
>  	if (rc == -1) {
>  		free(buffer);
>  		*con = NULL;
> +		if (mode)
> +			*mode = NULL;
>  		size = -1;
>  	} else
>  		*con = buffer;
> diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i
> index f0ebf5a..13b86b8 100644
> --- a/libraries/libapparmor/swig/SWIG/libapparmor.i
> +++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
> @@ -25,5 +25,5 @@ extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
>  extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char **mode);
>  extern int aa_gettaskcon(pid_t target, char **con, char **mode);
>  extern int aa_getcon(char **con, char **mode);
> -extern int aa_getpeercon_raw(int fd, char *buffer, int *size);
> -extern int aa_getpeercon(int fd, char **con);
> +extern int aa_getpeercon_raw(int fd, char *buffer, int *size, char **mode);
> +extern int aa_getpeercon(int fd, char **con, char **mode);
> -- 
> 1.8.1.2
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130624/92b14779/attachment-0001.pgp>

More information about the AppArmor mailing list