[apparmor] [PATCH 0/31] Prepare to move cache loading functionality to libapparmor
Tyler Hicks
tyhicks at canonical.com
Sat Dec 6 00:21:59 UTC 2014
This patch set is the precursor to moving the cache loading code into
libapparmor. It sets up a clean, supportable interface for external
programs to interact with match files, feature files, the policy cache,
and the kernel interface (apparmorfs). It doesn't provide an API for
individual binary cache files. That will come in the future but
shouldn't be needed yet as this patch set provides a way to load all
binaries in the policy cache.
Code that is being moved into libapparmor must not print to
stdout/stderr and it must not make calls such as exit(). A good portion
of this patch set is shuffling code around so that error codes can be
returned up the stack instead of printing to stderr and calling exit().
Unfortunately, some useful user-facing logging and developer-facing
debug logging must be dropped. errno values are used to convey the error
back up the stack. The use of errno is probably my least favorite thing
about the patch set.
The new APIs mimic those found in GLib with _new(), _ref(), and _unref()
functions that operate on opaque objects. This style is used so that we
can, for example, change what our underlying policy cache looks like
without breaking our ABI. This is important as we're looking to make
some considerably large changes to the policy cache in the near term.
There are a few warts in this patch set:
1) The most obvious is that the cache loading functions aren't yet in
libapparmor. This patch set lays the groundwork and has the
potential to be controversial. There's just a little more work left
to move the functions over and I've got a decent start on it.
2) Objects created from the new APIs aren't properly unref'ed/freed.
This is because there are still quite a few exit()'s being called in
apparmor_parser. More refactoring needs to be done before we can be
sure that cleanup is done before the process dies. Luckily, the new
aa_*_unref() functions only free memory (as compared to unlinking a
file, for example) and there are many pre-existing memory
allocations that aren't currently being freed at exit().
3) As mentioned above, individual binary policy files aren't
represented in the API. That's not too important until we start
looking at moving the policy compilation code over to libapparmor.
Right now, saying "load all binaries in the policy cache" should be
sufficient.
This patch set passes the parser's make check tests (including the
caching tests). I also built a parser against a Utopic libapparmor,
copied the new parser into /sbin/, and did a successful QRT
test-apparmor.py run which includes a wide array of tests. I think it
should be pretty solid.
Sorry for the patch set growing so large. John initially handed me a set
of 10 or more patches to begin with and then I tried to follow his lead
and just kept coming across more and more that needed to be done.
Tyler
More information about the AppArmor
mailing list