[apparmor] [PATCH 1/2] Move public mediation class types and perms to apparmor.h

Tyler Hicks tyhicks at canonical.com
Fri Nov 22 01:59:29 UTC 2013 

Now that the parser links against libapparmor, it makes sense to move
all public permission types and flags to libapparmor's apparmor.h. This
prevents duplication across header files for the parser and libapparmor.

Additionally, this patch breaks the connection between
AA_DBUS_{SEND,RECEIVE,BIND} and AA_MAY_{WRITE,READ,BIND} by using raw
values when defining the AA_DBUS_{SEND,RECEIVE,BIND} macros. This makes
sense because the two sets of permission flags are from two distinctly
different mediation types (AA_CLASS_DBUS and AA_CLASS_FILE). While it is
nice that they share some of the same values, the macros don't need to
be linked together. In other words, when you're creating a D-Bus rule,
it would be incorrect to use permission flags from the AA_CLASS_FILE
type.

The change mentioned above allows the AA_MAY_{WRITE,READ,BIND} macros
to be removed from public-facing apparmor.h header.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
 libraries/libapparmor/src/apparmor.h | 16 +++++++---------
 parser/dbus.c                        |  1 +
 parser/immunix.h                     |  8 --------
 parser/parser_misc.c                 |  1 +
 parser/parser_regex.c                |  1 +
 parser/parser_yacc.y                 |  1 +
 parser/policydb.h                    |  5 +++--
 7 files changed, 14 insertions(+), 19 deletions(-)

diff --git a/libraries/libapparmor/src/apparmor.h b/libraries/libapparmor/src/apparmor.h
index 7648eae..8c0476c 100644
--- a/libraries/libapparmor/src/apparmor.h
+++ b/libraries/libapparmor/src/apparmor.h
@@ -43,15 +43,13 @@ __BEGIN_DECLS
 #define AA_CLASS_X		33
 
 
-/* Permission Flags for Mediation classes */
-#define AA_MAY_WRITE		(1 << 1)
-#define AA_MAY_READ		(1 << 2)
-#define AA_MAY_BIND		(1 << 6)
-
-#define AA_DBUS_SEND		AA_MAY_WRITE
-#define AA_DBUS_RECEIVE		AA_MAY_READ
-#define AA_DBUS_EAVESDROP	(1 << 5)
-#define AA_DBUS_BIND		AA_MAY_BIND
+/* Permission flags for the AA_CLASS_DBUS mediation class */
+#define AA_DBUS_SEND			(1 << 1)
+#define AA_DBUS_RECEIVE		 	(1 << 2)
+#define AA_DBUS_EAVESDROP		(1 << 5)
+#define AA_DBUS_BIND			(1 << 6)
+#define AA_VALID_DBUS_PERMS		(AA_DBUS_SEND | AA_DBUS_RECEIVE | \
+					 AA_DBUS_BIND | AA_DBUS_EAVESDROP)
 
 
 /* Prototypes for apparmor state queries */
diff --git a/parser/dbus.c b/parser/dbus.c
index d408478..f5aaca2 100644
--- a/parser/dbus.c
+++ b/parser/dbus.c
@@ -18,6 +18,7 @@
 
 #include <stdlib.h>
 #include <string.h>
+#include <apparmor.h>
 
 #include "parser.h"
 #include "profile.h"
diff --git a/parser/immunix.h b/parser/immunix.h
index c53d18f..ebb2d2e 100644
--- a/parser/immunix.h
+++ b/parser/immunix.h
@@ -40,14 +40,6 @@
 #define AA_EXEC_MOD_2			(1 << 12)
 #define AA_EXEC_MOD_3			(1 << 13)
 
-#define AA_DBUS_SEND			AA_MAY_WRITE
-#define AA_DBUS_RECEIVE			AA_MAY_READ
-#define AA_DBUS_EAVESDROP		(1 << 5)
-#define AA_DBUS_BIND			(1 << 6)
-
-#define AA_VALID_DBUS_PERMS		(AA_DBUS_SEND | AA_DBUS_RECEIVE | \
-					 AA_DBUS_BIND | AA_DBUS_EAVESDROP)
-
 #define AA_BASE_PERMS			(AA_MAY_EXEC | AA_MAY_WRITE | \
 					 AA_MAY_READ | AA_MAY_APPEND | \
 					 AA_MAY_LINK | AA_MAY_LOCK | \
diff --git a/parser/parser_misc.c b/parser/parser_misc.c
index 36285e8..dfa2240 100644
--- a/parser/parser_misc.c
+++ b/parser/parser_misc.c
@@ -37,6 +37,7 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <unistd.h>
+#include <apparmor.h>
 
 #include "parser.h"
 #include "profile.h"
diff --git a/parser/parser_regex.c b/parser/parser_regex.c
index 6dee472..9412c1e 100644
--- a/parser/parser_regex.c
+++ b/parser/parser_regex.c
@@ -21,6 +21,7 @@
 #include <string.h>
 #include <libintl.h>
 #include <linux/limits.h>
+#include <apparmor.h>
 #define _(s) gettext(s)
 
 /* #define DEBUG */
diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
index 166798e..99c1456 100644
--- a/parser/parser_yacc.y
+++ b/parser/parser_yacc.y
@@ -27,6 +27,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <libintl.h>
+#include <apparmor.h>
 #define _(s) gettext(s)
 
 /* #define DEBUG */
diff --git a/parser/policydb.h b/parser/policydb.h
index 2d021a8..616b7bf 100644
--- a/parser/policydb.h
+++ b/parser/policydb.h
@@ -17,7 +17,9 @@
 #define __AA_POLICYDB_H
 
 /*
- * Class of mediation types in the AppArmor policy db
+ * Class of private mediation types in the AppArmor policy db
+ *
+ * See libapparmor's apparmor.h for public mediation types
  */
 #define AA_CLASS_COND		0
 #define AA_CLASS_UNKNOWN	1
@@ -32,7 +34,6 @@
 
 #define AA_CLASS_ENV		16
 
-#define AA_CLASS_DBUS		32
 #define AA_CLASS_X		33
 
 #endif /* __AA_POLICYDB_H */
-- 
1.8.3.2

More information about the AppArmor mailing list