[apparmor] [PATCH 06/12] libapparmor: Move the aa_features API
Tyler Hicks
tyhicks at canonical.com
Wed Dec 10 22:12:27 UTC 2014
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
libraries/libapparmor/include/sys/apparmor.h | 22 ++
libraries/libapparmor/src/Makefile.am | 2 +-
libraries/libapparmor/src/features.c | 456 ++++++++++++++++++++++++++
libraries/libapparmor/src/libapparmor.map | 17 +
parser/Makefile | 9 +-
parser/features.c | 460 ---------------------------
parser/features.h | 44 ---
parser/kernel_interface.h | 2 +
8 files changed, 501 insertions(+), 511 deletions(-)
create mode 100644 libraries/libapparmor/src/features.c
delete mode 100644 parser/features.c
delete mode 100644 parser/features.h
diff --git a/libraries/libapparmor/include/sys/apparmor.h b/libraries/libapparmor/include/sys/apparmor.h
index e834290..b97cd7e 100644
--- a/libraries/libapparmor/include/sys/apparmor.h
+++ b/libraries/libapparmor/include/sys/apparmor.h
@@ -110,6 +110,28 @@ void aa_match_unref(aa_match *match);
bool aa_match_supports_perms_create(aa_match *match);
bool aa_match_supports_network(aa_match *match);
+typedef struct aa_features aa_features;
+int aa_features_new(aa_features **features, const char *path);
+int aa_features_new_from_string(aa_features **features,
+ const char *string, size_t size);
+int aa_features_new_from_kernel(aa_features **features);
+aa_features *aa_features_ref(aa_features *features);
+void aa_features_unref(aa_features *features);
+
+int aa_features_write_to_file(aa_features *features, const char *path);
+bool aa_features_is_equal(aa_features *features1, aa_features *features2);
+
+unsigned int aa_features_supports_max_abi(aa_features *features);
+bool aa_features_supports_policydb(aa_features *features);
+bool aa_features_supports_set_load(aa_features *features);
+bool aa_features_supports_network(aa_features *features);
+bool aa_features_supports_af_unix(aa_features *features);
+bool aa_features_supports_mount(aa_features *features);
+bool aa_features_supports_dbus(aa_features *features);
+bool aa_features_supports_signal(aa_features *features);
+bool aa_features_supports_ptrace(aa_features *features);
+bool aa_features_supports_diff_encode(aa_features *features);
+
__END_DECLS
#endif /* sys/apparmor.h */
diff --git a/libraries/libapparmor/src/Makefile.am b/libraries/libapparmor/src/Makefile.am
index 73bedb7..bc7412c 100644
--- a/libraries/libapparmor/src/Makefile.am
+++ b/libraries/libapparmor/src/Makefile.am
@@ -48,7 +48,7 @@ af_protos.h: /usr/include/netinet/in.h
lib_LTLIBRARIES = libapparmor.la
noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h private.h
-libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c private.c match.c
+libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c private.c match.c features.c
libapparmor_la_LDFLAGS = -version-info $(AA_LIB_CURRENT):$(AA_LIB_REVISION):$(AA_LIB_AGE) -XCClinker -dynamic -pthread \
-Wl,--version-script=$(top_srcdir)/src/libapparmor.map
diff --git a/libraries/libapparmor/src/features.c b/libraries/libapparmor/src/features.c
new file mode 100644
index 0000000..f59b3d1
--- /dev/null
+++ b/libraries/libapparmor/src/features.c
@@ -0,0 +1,456 @@
+/*
+ * Copyright (c) 2014
+ * Canonical, Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Novell, Inc. or Canonical
+ * Ltd.
+ */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <sys/apparmor.h>
+
+#include "private.h"
+
+#define FEATURES_FILE "/sys/kernel/security/apparmor/features"
+
+#define STRING_SIZE 8192
+
+#define SUPPORT_POLICYDB (1<<1)
+#define SUPPORT_ABI_V6 (1<<2)
+#define SUPPORT_ABI_V7 (1<<3)
+#define SUPPORT_SET_LOAD (1<<4)
+#define SUPPORT_NETWORK (1<<5)
+#define SUPPORT_AF_UNIX (1<<6)
+#define SUPPORT_MOUNT (1<<7)
+#define SUPPORT_DBUS (1<<8)
+#define SUPPORT_SIGNAL (1<<9)
+#define SUPPORT_PTRACE (1<<10)
+#define SUPPORT_DIFF_ENCODE (1<<11)
+
+struct aa_features {
+ unsigned int ref_count;
+ uint16_t support;
+ char string[STRING_SIZE];
+};
+
+struct features_struct {
+ char *buffer;
+ int size;
+ char *pos;
+};
+
+static int features_dir_cb(DIR *dir, const char *name, struct stat *st,
+ void *data)
+{
+ struct features_struct *fst = (struct features_struct *) data;
+ int remaining, len;
+
+ /* skip dot files and files with no name */
+ if (*name == '.' || !strlen(name))
+ return 0;
+
+ remaining = fst->size - (fst->pos - fst->buffer);
+ len = snprintf(fst->pos, remaining, "%s {", name);
+ if (len == -1) {
+ errno = EIO;
+ return -1;
+ } else if (len >= remaining) {
+ errno = ENOBUFS;
+ return -1;
+ } else
+ fst->pos += len;
+
+ if (S_ISREG(st->st_mode)) {
+ autoclose int file = -1;
+
+ if (!(file = openat(dirfd(dir), name, O_RDONLY)))
+ return -1;
+
+ remaining = fst->size - (fst->pos - fst->buffer);
+ if (st->st_size > remaining) {
+ errno = ENOBUFS;
+ return -1;
+ }
+
+ do {
+ len = read(file, fst->pos, remaining);
+ if (len > 0) {
+ remaining -= len;
+ fst->pos += len;
+ *fst->pos = 0;
+ }
+ } while (len > 0);
+
+ if (len < 0)
+ return -1;
+ } else if (S_ISDIR(st->st_mode)) {
+ if (_aa_dirat_for_each(dir, name, fst, features_dir_cb))
+ return -1;
+ }
+
+ remaining = fst->size - (fst->pos - fst->buffer);
+ len = snprintf(fst->pos, remaining, "}\n");
+ if (len == -1) {
+ errno = EIO;
+ return -1;
+ } else if (len >= remaining) {
+ errno = ENOBUFS;
+ return -1;
+ } else
+ fst->pos += len;
+
+ return 0;
+}
+
+static int handle_features_dir(const char *filename, char *buffer, int size,
+ char *pos)
+{
+ struct features_struct fst = { buffer, size, pos };
+
+ if (_aa_dirat_for_each(NULL, filename, &fst, features_dir_cb))
+ return -1;
+
+ return 0;
+}
+
+static int load_features_file(const char *name, char *buffer, size_t size)
+{
+ autofclose FILE *f = NULL;
+ size_t end;
+
+ f = fopen(name, "r");
+ if (!f)
+ return -1;
+
+ errno = 0;
+ end = fread(buffer, 1, size - 1, f);
+ if (ferror(f)) {
+ if (!errno)
+ errno = EIO;
+ return -1;
+ }
+ buffer[end] = 0;
+
+ return 0;
+}
+
+static void parse_features(aa_features *features)
+{
+ /* TODO: make this real parsing and config setting */
+ if (strstr(features->string, "file {")) /* pre policydb is file= */
+ features->support |= SUPPORT_POLICYDB;
+ if (strstr(features->string, "v6"))
+ features->support |= SUPPORT_ABI_V6;
+ if (strstr(features->string, "v7"))
+ features->support |= SUPPORT_ABI_V7;
+ if (strstr(features->string, "set_load"))
+ features->support |= SUPPORT_SET_LOAD;
+ if (strstr(features->string, "network"))
+ features->support |= SUPPORT_NETWORK;
+ if (strstr(features->string, "af_unix"))
+ features->support |= SUPPORT_AF_UNIX;
+ if (strstr(features->string, "mount"))
+ features->support |= SUPPORT_MOUNT;
+ if (strstr(features->string, "dbus"))
+ features->support |= SUPPORT_DBUS;
+ if (strstr(features->string, "signal"))
+ features->support |= SUPPORT_SIGNAL;
+ if (strstr(features->string, "ptrace {"))
+ features->support |= SUPPORT_PTRACE;
+ if (strstr(features->string, "diff_encode"))
+ features->support |= SUPPORT_DIFF_ENCODE;
+}
+
+/**
+ * aa_features_new - create a new features based on a path
+ * @features: will point to the address of an allocated and initialized
+ * aa_features object upon success
+ * @path: path to a features file or directory
+ *
+ * Returns: 0 on success, -1 on error with errno set and *@features pointing to
+ * NULL
+ */
+int aa_features_new(aa_features **features, const char *path)
+{
+ struct stat stat_file;
+ aa_features *f;
+ int retval;
+
+ *features = NULL;
+
+ if (stat(path, &stat_file) == -1)
+ return -1;
+
+ f = (aa_features *) calloc(1, sizeof(*f));
+ if (!f) {
+ errno = ENOMEM;
+ return -1;
+ }
+ aa_features_ref(f);
+
+ retval = S_ISDIR(stat_file.st_mode) ?
+ handle_features_dir(path, f->string, STRING_SIZE, f->string) :
+ load_features_file(path, f->string, STRING_SIZE);
+ if (retval) {
+ int save = errno;
+
+ aa_features_unref(f);
+ errno = save;
+ return -1;
+ }
+
+ parse_features(f);
+ *features = f;
+
+ return 0;
+}
+
+/**
+ * aa_features_new_from_string - create a new features based on a string
+ * @features: will point to the address of an allocated and initialized
+ * aa_features object upon success
+ * @string: a NUL-terminated string representation of features
+ * @size: the size of @string, not counting the NUL-terminator
+ *
+ * Returns: 0 on success, -1 on error with errno set and *@features pointing to
+ * NULL
+ */
+int aa_features_new_from_string(aa_features **features,
+ const char *string, size_t size)
+{
+ aa_features *f;
+
+ *features = NULL;
+
+ /* Require size to be less than STRING_SIZE so there's room for a NUL */
+ if (size >= STRING_SIZE)
+ return ENOBUFS;
+
+ f = (aa_features *) calloc(1, sizeof(*f));
+ if (!f) {
+ errno = ENOMEM;
+ return -1;
+ }
+ aa_features_ref(f);
+
+ memcpy(f->string, string, size);
+ f->string[size] = '\0';
+ parse_features(f);
+ *features = f;
+
+ return 0;
+}
+
+/**
+ * aa_features_new_from_kernel - create a new features based on the current kernel
+ * @features: will point to the address of an allocated and initialized
+ * aa_features object upon success
+ *
+ * Returns: 0 on success, -1 on error with errno set and *@features pointing to
+ * NULL
+ */
+int aa_features_new_from_kernel(aa_features **features)
+{
+ return aa_features_new(features, FEATURES_FILE);
+}
+
+/**
+ * aa_features_ref - increments the ref count of a features
+ * @features: the features
+ *
+ * Returns: the features
+ */
+aa_features *aa_features_ref(aa_features *features)
+{
+ atomic_inc(&features->ref_count);
+ return features;
+}
+
+/**
+ * aa_features_unref - decrements the ref count and frees the features when 0
+ * @features: the features (can be NULL)
+ */
+void aa_features_unref(aa_features *features)
+{
+ if (features && atomic_dec_and_test(&features->ref_count))
+ free(features);
+}
+
+/**
+ * aa_features_write_to_file - write a string representation to a file
+ * @features: the features
+ * @path: the path to write to
+ *
+ * Returns: 0 on success, -1 on error with errno set
+ */
+int aa_features_write_to_file(aa_features *features, const char *path)
+{
+ autoclose int fd = -1;
+ size_t size;
+ ssize_t retval;
+ char *string;
+
+ fd = open(path, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC | O_CLOEXEC,
+ S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+ if (fd == -1)
+ return -1;
+
+ string = features->string;
+ size = strlen(string);
+ do {
+ retval = write(fd, string, size);
+ if (retval == -1)
+ return -1;
+
+ size -= retval;
+ string += retval;
+ } while (size);
+
+ return 0;
+}
+
+/**
+ * aa_features_is_equal - equality test for two features
+ * @features1: the first features (can be NULL)
+ * @features2: the second features (can be NULL)
+ *
+ * Returns: true if they're equal, false if they're not or either are NULL
+ */
+bool aa_features_is_equal(aa_features *features1, aa_features *features2)
+{
+ return features1 && features2 &&
+ strcmp(features1->string, features2->string) == 0;
+}
+
+/**
+ * aa_features_supports_max_abi - the max supported ABI reported by features
+ * @features: the features
+ *
+ * Returns: an unsigned int specifying the max supported ABI
+ */
+unsigned int aa_features_supports_max_abi(aa_features *features)
+{
+ if (features->support & SUPPORT_ABI_V7)
+ return 7;
+ else if (features->support & SUPPORT_ABI_V6)
+ return 6;
+
+ return 5;
+}
+
+/**
+ * aa_features_supports_policydb - provides features support status of policydb
+ * @features: the features
+ *
+ * Returns: true if policydb is supported, false if not
+ */
+bool aa_features_supports_policydb(aa_features *features)
+{
+ return features->support & SUPPORT_POLICYDB;
+}
+
+/**
+ * aa_features_supports_set_load - provides features support status of set_load
+ * @features: the features
+ *
+ * Returns: true if set_load is supported, false if not
+ */
+bool aa_features_supports_set_load(aa_features *features)
+{
+ return features->support & SUPPORT_SET_LOAD;
+}
+
+/**
+ * aa_features_supports_network - provides features support status of network
+ * @features: the features
+ *
+ * Returns: true if network is supported, false if not
+ */
+bool aa_features_supports_network(aa_features *features)
+{
+ return features->support & SUPPORT_NETWORK;
+}
+
+/**
+ * aa_features_supports_af_unix - provides features support status of af_unix
+ * @features: the features
+ *
+ * Returns: true if af_unix is supported, false if not
+ */
+bool aa_features_supports_af_unix(aa_features *features)
+{
+ return features->support & SUPPORT_AF_UNIX;
+}
+
+/**
+ * aa_features_supports_mount - provides features support status of mount
+ * @features: the features
+ *
+ * Returns: true if mount is supported, false if not
+ */
+bool aa_features_supports_mount(aa_features *features)
+{
+ return features->support & SUPPORT_MOUNT;
+}
+
+/**
+ * aa_features_supports_dbus - provides features support status of dbus
+ * @features: the features
+ *
+ * Returns: true if dbus is supported, false if not
+ */
+bool aa_features_supports_dbus(aa_features *features)
+{
+ return features->support & SUPPORT_DBUS;
+}
+
+/**
+ * aa_features_supports_signal - provides features support status of signal
+ * @features: the features
+ *
+ * Returns: true if signal is supported, false if not
+ */
+bool aa_features_supports_signal(aa_features *features)
+{
+ return features->support & SUPPORT_SIGNAL;
+}
+
+/**
+ * aa_features_supports_ptrace - provides features support status of ptrace
+ * @features: the features
+ *
+ * Returns: true if ptrace is supported, false if not
+ */
+bool aa_features_supports_ptrace(aa_features *features)
+{
+ return features->support & SUPPORT_PTRACE;
+}
+
+/**
+ * aa_features_supports_diff_encode - provides features support status of diff_encode
+ * @features: the features
+ *
+ * Returns: true if diff_encode is supported, false if not
+ */
+bool aa_features_supports_diff_encode(aa_features *features)
+{
+ return features->support & SUPPORT_DIFF_ENCODE;
+}
diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map
index c8b9a91..8b3d887 100644
--- a/libraries/libapparmor/src/libapparmor.map
+++ b/libraries/libapparmor/src/libapparmor.map
@@ -59,6 +59,23 @@ APPARMOR_2.10 {
aa_match_unref;
aa_match_supports_perms_create;
aa_match_supports_network;
+ aa_features_new;
+ aa_features_new_from_string;
+ aa_features_new_from_kernel;
+ aa_features_ref;
+ aa_features_unref;
+ aa_features_write_to_file;
+ aa_features_is_equal;
+ aa_features_supports_max_abi;
+ aa_features_supports_policydb;
+ aa_features_supports_set_load;
+ aa_features_supports_network;
+ aa_features_supports_af_unix;
+ aa_features_supports_mount;
+ aa_features_supports_dbus;
+ aa_features_supports_signal;
+ aa_features_supports_ptrace;
+ aa_features_supports_diff_encode;
local:
*;
} APPARMOR_2.9;
diff --git a/parser/Makefile b/parser/Makefile
index c50398f..7d69fb7 100644
--- a/parser/Makefile
+++ b/parser/Makefile
@@ -81,10 +81,10 @@ SRCS = parser_common.c parser_include.c parser_interface.c parser_lex.c \
parser_yacc.c parser_regex.c parser_variable.c parser_policy.c \
parser_alias.c common_optarg.c lib.c network.c \
mount.cc dbus.cc profile.cc rule.cc signal.cc ptrace.cc \
- af_rule.cc af_unix.cc features.c policy_cache.c kernel_interface.c
+ af_rule.cc af_unix.cc policy_cache.c kernel_interface.c
HDRS = parser.h parser_include.h immunix.h mount.h dbus.h lib.h profile.h \
rule.h common_optarg.h signal.h ptrace.h network.h af_rule.h af_unix.h \
- features.h policy_cache.h kernel_interface.h
+ policy_cache.h kernel_interface.h
TOOLS = apparmor_parser
OBJECTS = $(patsubst %.cc, %.o, $(SRCS:.c=.o))
@@ -243,10 +243,7 @@ mount.o: mount.cc mount.h parser.h immunix.h rule.h
common_optarg.o: common_optarg.c common_optarg.h parser.h libapparmor_re/apparmor_re.h
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-features.o: features.c features.h parser.h libapparmor_re/apparmor_re.h
- $(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-
-policy_cache.o: policy_cache.c policy_cache.h parser.h features.h
+policy_cache.o: policy_cache.c policy_cache.h parser.h
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
kernel_interface.o: kernel_interface.c kernel_interface.h
diff --git a/parser/features.c b/parser/features.c
deleted file mode 100644
index 7b79b85..0000000
--- a/parser/features.c
+++ /dev/null
@@ -1,460 +0,0 @@
-/*
- * Copyright (c) 2014
- * Canonical, Ltd. (All rights reserved)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of version 2 of the GNU General Public
- * License published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, contact Novell, Inc. or Canonical
- * Ltd.
- */
-
-#include <errno.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <libintl.h>
-#include <locale.h>
-#define _(s) gettext(s)
-
-#include "features.h"
-#include "lib.h"
-#include "parser.h"
-
-#define FEATURES_FILE "/sys/kernel/security/" MODULE_NAME "/features"
-
-#define STRING_SIZE 8192
-
-#define SUPPORT_POLICYDB (1<<1)
-#define SUPPORT_ABI_V6 (1<<2)
-#define SUPPORT_ABI_V7 (1<<3)
-#define SUPPORT_SET_LOAD (1<<4)
-#define SUPPORT_NETWORK (1<<5)
-#define SUPPORT_AF_UNIX (1<<6)
-#define SUPPORT_MOUNT (1<<7)
-#define SUPPORT_DBUS (1<<8)
-#define SUPPORT_SIGNAL (1<<9)
-#define SUPPORT_PTRACE (1<<10)
-#define SUPPORT_DIFF_ENCODE (1<<11)
-
-struct aa_features {
- unsigned int ref_count;
- uint16_t support;
- char string[STRING_SIZE];
-};
-
-struct features_struct {
- char *buffer;
- int size;
- char *pos;
-};
-
-static int features_dir_cb(DIR *dir, const char *name, struct stat *st,
- void *data)
-{
- struct features_struct *fst = (struct features_struct *) data;
- int remaining, len;
-
- /* skip dot files and files with no name */
- if (*name == '.' || !strlen(name))
- return 0;
-
- remaining = fst->size - (fst->pos - fst->buffer);
- len = snprintf(fst->pos, remaining, "%s {", name);
- if (len == -1) {
- errno = EIO;
- return -1;
- } else if (len >= remaining) {
- errno = ENOBUFS;
- return -1;
- } else
- fst->pos += len;
-
- if (S_ISREG(st->st_mode)) {
- autoclose int file = -1;
-
- if (!(file = openat(dirfd(dir), name, O_RDONLY)))
- return -1;
-
- remaining = fst->size - (fst->pos - fst->buffer);
- if (st->st_size > remaining) {
- errno = ENOBUFS;
- return -1;
- }
-
- do {
- len = read(file, fst->pos, remaining);
- if (len > 0) {
- remaining -= len;
- fst->pos += len;
- *fst->pos = 0;
- }
- } while (len > 0);
-
- if (len < 0)
- return -1;
- } else if (S_ISDIR(st->st_mode)) {
- if (dirat_for_each(dir, name, fst, features_dir_cb))
- return -1;
- }
-
- remaining = fst->size - (fst->pos - fst->buffer);
- len = snprintf(fst->pos, remaining, "}\n");
- if (len == -1) {
- errno = EIO;
- return -1;
- } else if (len >= remaining) {
- errno = ENOBUFS;
- return -1;
- } else
- fst->pos += len;
-
- return 0;
-}
-
-static int handle_features_dir(const char *filename, char *buffer, int size,
- char *pos)
-{
- struct features_struct fst = { buffer, size, pos };
-
- if (dirat_for_each(NULL, filename, &fst, features_dir_cb))
- return -1;
-
- return 0;
-}
-
-static int load_features_file(const char *name, char *buffer, size_t size)
-{
- autofclose FILE *f = NULL;
- size_t end;
-
- f = fopen(name, "r");
- if (!f)
- return -1;
-
- errno = 0;
- end = fread(buffer, 1, size - 1, f);
- if (ferror(f)) {
- if (!errno)
- errno = EIO;
- return -1;
- }
- buffer[end] = 0;
-
- return 0;
-}
-
-static void parse_features(aa_features *features)
-{
- /* TODO: make this real parsing and config setting */
- if (strstr(features->string, "file {")) /* pre policydb is file= */
- features->support |= SUPPORT_POLICYDB;
- if (strstr(features->string, "v6"))
- features->support |= SUPPORT_ABI_V6;
- if (strstr(features->string, "v7"))
- features->support |= SUPPORT_ABI_V7;
- if (strstr(features->string, "set_load"))
- features->support |= SUPPORT_SET_LOAD;
- if (strstr(features->string, "network"))
- features->support |= SUPPORT_NETWORK;
- if (strstr(features->string, "af_unix"))
- features->support |= SUPPORT_AF_UNIX;
- if (strstr(features->string, "mount"))
- features->support |= SUPPORT_MOUNT;
- if (strstr(features->string, "dbus"))
- features->support |= SUPPORT_DBUS;
- if (strstr(features->string, "signal"))
- features->support |= SUPPORT_SIGNAL;
- if (strstr(features->string, "ptrace {"))
- features->support |= SUPPORT_PTRACE;
- if (strstr(features->string, "diff_encode"))
- features->support |= SUPPORT_DIFF_ENCODE;
-}
-
-/**
- * aa_features_new - create a new features based on a path
- * @features: will point to the address of an allocated and initialized
- * aa_features object upon success
- * @path: path to a features file or directory
- *
- * Returns: 0 on success, -1 on error with errno set and *@features pointing to
- * NULL
- */
-int aa_features_new(aa_features **features, const char *path)
-{
- struct stat stat_file;
- aa_features *f;
- int retval;
-
- *features = NULL;
-
- if (stat(path, &stat_file) == -1)
- return -1;
-
- f = (aa_features *) calloc(1, sizeof(*f));
- if (!f) {
- errno = ENOMEM;
- return -1;
- }
- aa_features_ref(f);
-
- retval = S_ISDIR(stat_file.st_mode) ?
- handle_features_dir(path, f->string, STRING_SIZE, f->string) :
- load_features_file(path, f->string, STRING_SIZE);
- if (retval) {
- int save = errno;
-
- aa_features_unref(f);
- errno = save;
- return -1;
- }
-
- parse_features(f);
- *features = f;
-
- return 0;
-}
-
-/**
- * aa_features_new_from_string - create a new features based on a string
- * @features: will point to the address of an allocated and initialized
- * aa_features object upon success
- * @string: a NUL-terminated string representation of features
- * @size: the size of @string, not counting the NUL-terminator
- *
- * Returns: 0 on success, -1 on error with errno set and *@features pointing to
- * NULL
- */
-int aa_features_new_from_string(aa_features **features,
- const char *string, size_t size)
-{
- aa_features *f;
-
- *features = NULL;
-
- /* Require size to be less than STRING_SIZE so there's room for a NUL */
- if (size >= STRING_SIZE)
- return ENOBUFS;
-
- f = (aa_features *) calloc(1, sizeof(*f));
- if (!f) {
- errno = ENOMEM;
- return -1;
- }
- aa_features_ref(f);
-
- memcpy(f->string, string, size);
- f->string[size] = '\0';
- parse_features(f);
- *features = f;
-
- return 0;
-}
-
-/**
- * aa_features_new_from_kernel - create a new features based on the current kernel
- * @features: will point to the address of an allocated and initialized
- * aa_features object upon success
- *
- * Returns: 0 on success, -1 on error with errno set and *@features pointing to
- * NULL
- */
-int aa_features_new_from_kernel(aa_features **features)
-{
- return aa_features_new(features, FEATURES_FILE);
-}
-
-/**
- * aa_features_ref - increments the ref count of a features
- * @features: the features
- *
- * Returns: the features
- */
-aa_features *aa_features_ref(aa_features *features)
-{
- atomic_inc(&features->ref_count);
- return features;
-}
-
-/**
- * aa_features_unref - decrements the ref count and frees the features when 0
- * @features: the features (can be NULL)
- */
-void aa_features_unref(aa_features *features)
-{
- if (features && atomic_dec_and_test(&features->ref_count))
- free(features);
-}
-
-/**
- * aa_features_write_to_file - write a string representation to a file
- * @features: the features
- * @path: the path to write to
- *
- * Returns: 0 on success, -1 on error with errno set
- */
-int aa_features_write_to_file(aa_features *features, const char *path)
-{
- autoclose int fd = -1;
- size_t size;
- ssize_t retval;
- char *string;
-
- fd = open(path, O_WRONLY | O_CREAT | O_TRUNC | O_SYNC | O_CLOEXEC,
- S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
- if (fd == -1)
- return -1;
-
- string = features->string;
- size = strlen(string);
- do {
- retval = write(fd, string, size);
- if (retval == -1)
- return -1;
-
- size -= retval;
- string += retval;
- } while (size);
-
- return 0;
-}
-
-/**
- * aa_features_is_equal - equality test for two features
- * @features1: the first features (can be NULL)
- * @features2: the second features (can be NULL)
- *
- * Returns: true if they're equal, false if they're not or either are NULL
- */
-bool aa_features_is_equal(aa_features *features1, aa_features *features2)
-{
- return features1 && features2 &&
- strcmp(features1->string, features2->string) == 0;
-}
-
-/**
- * aa_features_supports_max_abi - the max supported ABI reported by features
- * @features: the features
- *
- * Returns: an unsigned int specifying the max supported ABI
- */
-unsigned int aa_features_supports_max_abi(aa_features *features)
-{
- if (features->support & SUPPORT_ABI_V7)
- return 7;
- else if (features->support & SUPPORT_ABI_V6)
- return 6;
-
- return 5;
-}
-
-/**
- * aa_features_supports_policydb - provides features support status of policydb
- * @features: the features
- *
- * Returns: true if policydb is supported, false if not
- */
-bool aa_features_supports_policydb(aa_features *features)
-{
- return features->support & SUPPORT_POLICYDB;
-}
-
-/**
- * aa_features_supports_set_load - provides features support status of set_load
- * @features: the features
- *
- * Returns: true if set_load is supported, false if not
- */
-bool aa_features_supports_set_load(aa_features *features)
-{
- return features->support & SUPPORT_SET_LOAD;
-}
-
-/**
- * aa_features_supports_network - provides features support status of network
- * @features: the features
- *
- * Returns: true if network is supported, false if not
- */
-bool aa_features_supports_network(aa_features *features)
-{
- return features->support & SUPPORT_NETWORK;
-}
-
-/**
- * aa_features_supports_af_unix - provides features support status of af_unix
- * @features: the features
- *
- * Returns: true if af_unix is supported, false if not
- */
-bool aa_features_supports_af_unix(aa_features *features)
-{
- return features->support & SUPPORT_AF_UNIX;
-}
-
-/**
- * aa_features_supports_mount - provides features support status of mount
- * @features: the features
- *
- * Returns: true if mount is supported, false if not
- */
-bool aa_features_supports_mount(aa_features *features)
-{
- return features->support & SUPPORT_MOUNT;
-}
-
-/**
- * aa_features_supports_dbus - provides features support status of dbus
- * @features: the features
- *
- * Returns: true if dbus is supported, false if not
- */
-bool aa_features_supports_dbus(aa_features *features)
-{
- return features->support & SUPPORT_DBUS;
-}
-
-/**
- * aa_features_supports_signal - provides features support status of signal
- * @features: the features
- *
- * Returns: true if signal is supported, false if not
- */
-bool aa_features_supports_signal(aa_features *features)
-{
- return features->support & SUPPORT_SIGNAL;
-}
-
-/**
- * aa_features_supports_ptrace - provides features support status of ptrace
- * @features: the features
- *
- * Returns: true if ptrace is supported, false if not
- */
-bool aa_features_supports_ptrace(aa_features *features)
-{
- return features->support & SUPPORT_PTRACE;
-}
-
-/**
- * aa_features_supports_diff_encode - provides features support status of diff_encode
- * @features: the features
- *
- * Returns: true if diff_encode is supported, false if not
- */
-bool aa_features_supports_diff_encode(aa_features *features)
-{
- return features->support & SUPPORT_DIFF_ENCODE;
-}
diff --git a/parser/features.h b/parser/features.h
deleted file mode 100644
index fd71f3f..0000000
--- a/parser/features.h
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 2014
- * Canonical, Ltd. (All rights reserved)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of version 2 of the GNU General Public
- * License published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, contact Novell, Inc. or Canonical
- * Ltd.
- */
-
-#ifndef __AA_FEATURES_H
-#define __AA_FEATURES_H
-
-typedef struct aa_features aa_features;
-
-int aa_features_new(aa_features **features, const char *path);
-int aa_features_new_from_string(aa_features **features,
- const char *string, size_t size);
-int aa_features_new_from_kernel(aa_features **features);
-aa_features *aa_features_ref(aa_features *features);
-void aa_features_unref(aa_features *features);
-int aa_features_write_to_file(aa_features *features, const char *path);
-bool aa_features_is_equal(aa_features *features1, aa_features *features2);
-
-unsigned int aa_features_supports_max_abi(aa_features *features);
-bool aa_features_supports_policydb(aa_features *features);
-bool aa_features_supports_set_load(aa_features *features);
-bool aa_features_supports_network(aa_features *features);
-bool aa_features_supports_af_unix(aa_features *features);
-bool aa_features_supports_mount(aa_features *features);
-bool aa_features_supports_dbus(aa_features *features);
-bool aa_features_supports_signal(aa_features *features);
-bool aa_features_supports_ptrace(aa_features *features);
-bool aa_features_supports_diff_encode(aa_features *features);
-
-#endif /* __AA_FEATURES_H */
diff --git a/parser/kernel_interface.h b/parser/kernel_interface.h
index 6dcd3ca..8e210d1 100644
--- a/parser/kernel_interface.h
+++ b/parser/kernel_interface.h
@@ -19,6 +19,8 @@
#ifndef __AA_KERNEL_INTERFACE_H
#define __AA_KERNEL_INTERFACE_H
+#include <sys/apparmor.h>
+
#include "features.h"
typedef struct aa_kernel_interface aa_kernel_interface;
--
2.1.0
More information about the AppArmor
mailing list