[apparmor] [PATCH RFC] Add profile-based libapparmor query interface

Tyler Hicks tyhicks at canonical.com
Thu Mar 7 23:38:17 UTC 2013 

On 2013-03-06 18:49:42, Seth Arnold wrote:
> On Tue, Mar 05, 2013 at 10:44:35PM -0800, Tyler Hicks wrote:
> > * Setting two int return parameters to indicate allow and audit isn't a
> >   final solution. I was thinking that I'd return a special return code
> >   that will indicate error or allow and audit statuses. Then define some
> >   simple macros (aa_query_profile_err(rc), aa_query_profile_allow(rc),
> >   aa_query_profile_audit(rc)) in apparmor.h that can be used to
> >   translate the return code. I'm open to other suggestions...
> 
> I could imagine a function might want to get the four masks.

Yes, some application may want to get the four masks in the future. My
point has been that we don't know of any application that needs all four
right now, so this is the simple-as-it-gets libapparmor function to do
userspace queries.

If we add userspace mediation to something else down the road and we
need all of the masks then we can add a new function at that point. But,
I suspect that nearly all uses of this query interface just want to know
if they should allow and if they should audit.

> 
> I could imagine adding more queries, beyond just "profile\0", and doing
> some slight re-factoring of the code to support it.

I agree, I think that we'd add a new function for a new query so I
called this function aa_query_profile(). If we added a pid-based query,
we would add aa_query_pid() and it would share much of the same code but
prepend the query with "pid\0" rather than profile.

> 
> This current code reads beautifully anyway. It'd be a shame to
> over-generalize it before the need is demonstrated. I _assume_ that
> those changes can be made later without too much hassle, but I'm afraid
> I never learned enough about the library end of things.

It sounds like we're both on the same page.

> 
> > ===================================================================
> > --- apparmor-2.8.0.orig/libraries/libapparmor/src/Makefile.am	2013-03-05 16:45:24.411511315 -0800
> > +++ apparmor-2.8.0/libraries/libapparmor/src/Makefile.am	2013-03-05 19:55:23.144369240 -0800
> > @@ -24,7 +24,7 @@
> >  noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h
> >  
> >  libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c
> > -libapparmor_la_LDFLAGS = -version-info 1:2:0 -XCClinker -dynamic \
> > +libapparmor_la_LDFLAGS = -version-info 1:2:0 -XCClinker -dynamic -pthread \
> >  	-Wl,--version-script=$(top_srcdir)/src/libapparmor.map -Wl,-soname=libapparmor.so.1
> >  
> >  libimmunix_la_SOURCES = kernel_interface.c libimmunix_warning.c
> 
> What does this do for callers of the api? Will all programs that use the
> library _also_ need -lpthread? Or just ones that use functions that use
> the pthread_once functionality? Or will _none_ need to use it, because
> it's somewhat hidden in the application?

They don't need to be built with -pthread, but libpthread.so is added to
their shared library dependencies. Here's the compilation of a simple
program that calls aa_query_profile() and the ldd output:

$ gcc -Wall -o query-profile query_profile.c -lapparmor
$ ldd query-profile 
	linux-vdso.so.1 =>  (0x00007fffe41fe000)
	libapparmor.so.1 => /usr/lib/libapparmor.so.1 (0x00007fcf8dfdf000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fcf8dc17000)
	libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fcf8d9f9000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fcf8e20d000)

Here's the source:

#include <sys/apparmor.h>
#include <stdio.h>

int main(void)
{
	char query[] = "        /usr/bin/app\0 system\0org.freedesktop.DBus\0/org/freedesktop/DBus\0org.freedesktop.DBus\0Hello";
	size_t query_len = sizeof(query) - 1;
	int allow, audit, rc;
	uint32_t mask = AA_MAY_WRITE;

	rc = aa_query_profile(mask, query, query_len, &allow, &audit);
	printf("%sallowed\n%saudited\n",
	       allow ? "" : "not ", audit ? "" : "not "); 

	return rc;
}

Tyler

> 
> Thanks Tyler



> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130307/3648c33d/attachment.pgp>

More information about the AppArmor mailing list