[apparmor] [patch 1/3] libapparmor: move public headers to separate directory

Tyler Hicks tyhicks at canonical.com
Mon Jan 6 20:34:03 UTC 2014


On 2013-12-24 12:59:33, Steve Beattie wrote:
> This patch moves the apparmor.h and aalogparse.h headers
> from the libapparmor/src/ directory to a new directory
> libapparmor/include/. The apparmor.h header is stored in a sys/
> directory within libapparmor/include/ to match its usual install
> location in /usr/include/sys/, simplifying the #include statements of
> source that wishes to include either the in-tree or system installed
> version of the header (i.e. #include <sys/apparmor.h> can be used
> everywhere).
> 
> The patch size is inflated by the movements of the header files, which
> are unchanged except for their locations. Otherwise, the rest of the
> changes are to modify the include search path or to stop looking in
> $CWD for one of the headers.
> 
> Signed-off-by: Steve Beattie <steve at nxnw.org>

This is definitely the best solution for the problem. Thanks for putting
these patches together.

This patch looks good to me.

Acked-by: Tyler Hicks <tyhicks at canonical.com>

Tyler

> ---
> 
>  libraries/libapparmor/Makefile.am              |    2 
>  libraries/libapparmor/configure.ac             |    2 
>  libraries/libapparmor/include/Makefile.am      |    4 
>  libraries/libapparmor/include/aalogparse.h     |  175 +++++++++++++++++++++++++
>  libraries/libapparmor/include/sys/Makefile.am  |    3 
>  libraries/libapparmor/include/sys/apparmor.h   |  107 +++++++++++++++
>  libraries/libapparmor/src/Makefile.am          |    8 -
>  libraries/libapparmor/src/aalogparse.h         |  175 -------------------------
>  libraries/libapparmor/src/apparmor.h           |  107 ---------------
>  libraries/libapparmor/src/grammar.y            |    2 
>  libraries/libapparmor/src/kernel_interface.c   |    2 
>  libraries/libapparmor/src/libaalogparse.c      |    2 
>  libraries/libapparmor/src/scanner.l            |    2 
>  libraries/libapparmor/src/tst_aalogmisc.c      |    2 
>  libraries/libapparmor/swig/SWIG/libapparmor.i  |    6 
>  libraries/libapparmor/swig/perl/Makefile.PL.in |    2 
>  libraries/libapparmor/swig/perl/Makefile.am    |    2 
>  libraries/libapparmor/swig/python/Makefile.am  |    2 
>  libraries/libapparmor/swig/python/setup.py.in  |    2 
>  libraries/libapparmor/swig/ruby/Makefile.am    |    4 
>  libraries/libapparmor/testsuite/Makefile.am    |    2 
>  libraries/libapparmor/testsuite/test_multi.c   |    2 
>  22 files changed, 309 insertions(+), 306 deletions(-)
> 
> Index: b/libraries/libapparmor/include/sys/Makefile.am
> ===================================================================
> --- /dev/null
> +++ b/libraries/libapparmor/include/sys/Makefile.am
> @@ -0,0 +1,3 @@
> +
> +apparmor_hdrdir = $(includedir)/sys
> +apparmor_hdr_HEADERS = apparmor.h
> Index: b/libraries/libapparmor/include/sys/apparmor.h
> ===================================================================
> --- /dev/null
> +++ b/libraries/libapparmor/include/sys/apparmor.h
> @@ -0,0 +1,107 @@
> +/*
> + * Copyright (c) 2003-2008 Novell, Inc. (All rights reserved)
> + * Copyright 2009-2010 Canonical Ltd.
> + *
> + * The libapparmor library is licensed under the terms of the GNU
> + * Lesser General Public License, version 2.1. Please see the file
> + * COPYING.LGPL.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public License
> + * along with this program.  If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#ifndef _SYS_APPARMOR_H
> +#define _SYS_APPARMOR_H	1
> +
> +#include <stdint.h>
> +#include <sys/types.h>
> +
> +__BEGIN_DECLS
> +
> +/*
> + * Class of public mediation types in the AppArmor policy db
> + */
> +
> +#define AA_CLASS_DBUS		32
> +
> +
> +/* Permission flags for the AA_CLASS_DBUS mediation class */
> +#define AA_DBUS_SEND			(1 << 1)
> +#define AA_DBUS_RECEIVE		 	(1 << 2)
> +#define AA_DBUS_EAVESDROP		(1 << 5)
> +#define AA_DBUS_BIND			(1 << 6)
> +#define AA_VALID_DBUS_PERMS		(AA_DBUS_SEND | AA_DBUS_RECEIVE | \
> +					 AA_DBUS_BIND | AA_DBUS_EAVESDROP)
> +
> +
> +/* Prototypes for apparmor state queries */
> +extern int aa_is_enabled(void);
> +extern int aa_find_mountpoint(char **mnt);
> +
> +/* Prototypes for self directed domain transitions
> + * see <http://apparmor.net>
> + * Please see the change_hat(2) manpage for information.
> + */
> +
> +#define change_hat(X, Y) aa_change_hat((X), (Y))
> +extern int (change_hat)(const char *subprofile, unsigned int magic_token);
> +extern int aa_change_hat(const char *subprofile, unsigned long magic_token);
> +extern int aa_change_profile(const char *profile);
> +extern int aa_change_onexec(const char *profile);
> +
> +extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
> +extern int (aa_change_hat_vargs)(unsigned long token, int count, ...);
> +
> +/* Protypes for introspecting task confinement
> + * Please see the aa_getcon(2) manpage for information
> + */
> +extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
> +			      char **mode);
> +extern int aa_getprocattr(pid_t tid, const char *attr, char **con, char **mode);
> +extern int aa_gettaskcon(pid_t target, char **con, char **mode);
> +extern int aa_getcon(char **con, char **mode);
> +extern int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode);
> +extern int aa_getpeercon(int fd, char **con, char **mode);
> +
> +/* A NUL character is used to separate the query command prefix string from the
> + * rest of the query string. The query command sizes intentionally include the
> + * NUL-terminator in their values.
> + */
> +#define AA_QUERY_CMD_LABEL		"label"
> +#define AA_QUERY_CMD_LABEL_SIZE		sizeof(AA_QUERY_CMD_LABEL)
> +
> +extern int aa_query_label(uint32_t mask, char *query, size_t size, int *allow,
> +			  int *audit);
> +
> +#define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y)
> +#define __macroarg_count1(Y...) __macroarg_count2 (Y, 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0)
> +#define __macroarg_count2(_,x0,x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,x14,x15,n,Y...) n
> +
> +/**
> + * change_hat_vargs - a wrapper macro for change_hat_vargs
> + * @T: the magic token
> + * @X...: the parameter list of hats being passed
> + *
> + * The change_hat_vargs macro makes it so the caller doesn't have to
> + * specify the number of hats passed as parameters to the change_hat_vargs
> + * fn.
> + *
> + * eg.
> + * change_hat_vargs(10, hat1, hat2, hat3, hat4);
> + * expandes to
> + * (change_hat_vargs)(10, 4, hat1, hat2, hat3, hat4);
> + *
> + * to call change_hat_vargs direction do
> + * (change_hat_vargs)(token, nhats, hat1, hat2...)
> + */
> +#define aa_change_hat_vargs(T, X...) \
> +	(aa_change_hat_vargs)(T, __macroarg_counter(X), X)
> +
> +__END_DECLS
> +
> +#endif	/* sys/apparmor.h */
> Index: b/libraries/libapparmor/src/apparmor.h
> ===================================================================
> --- a/libraries/libapparmor/src/apparmor.h
> +++ /dev/null
> @@ -1,107 +0,0 @@
> -/*
> - * Copyright (c) 2003-2008 Novell, Inc. (All rights reserved)
> - * Copyright 2009-2010 Canonical Ltd.
> - *
> - * The libapparmor library is licensed under the terms of the GNU
> - * Lesser General Public License, version 2.1. Please see the file
> - * COPYING.LGPL.
> - *
> - * This library is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> - * GNU Lesser General Public License for more details.
> - *
> - * You should have received a copy of the GNU Lesser General Public License
> - * along with this program.  If not, see <http://www.gnu.org/licenses/>.
> - */
> -
> -#ifndef _SYS_APPARMOR_H
> -#define _SYS_APPARMOR_H	1
> -
> -#include <stdint.h>
> -#include <sys/types.h>
> -
> -__BEGIN_DECLS
> -
> -/*
> - * Class of public mediation types in the AppArmor policy db
> - */
> -
> -#define AA_CLASS_DBUS		32
> -
> -
> -/* Permission flags for the AA_CLASS_DBUS mediation class */
> -#define AA_DBUS_SEND			(1 << 1)
> -#define AA_DBUS_RECEIVE		 	(1 << 2)
> -#define AA_DBUS_EAVESDROP		(1 << 5)
> -#define AA_DBUS_BIND			(1 << 6)
> -#define AA_VALID_DBUS_PERMS		(AA_DBUS_SEND | AA_DBUS_RECEIVE | \
> -					 AA_DBUS_BIND | AA_DBUS_EAVESDROP)
> -
> -
> -/* Prototypes for apparmor state queries */
> -extern int aa_is_enabled(void);
> -extern int aa_find_mountpoint(char **mnt);
> -
> -/* Prototypes for self directed domain transitions
> - * see <http://apparmor.net>
> - * Please see the change_hat(2) manpage for information.
> - */
> -
> -#define change_hat(X, Y) aa_change_hat((X), (Y))
> -extern int (change_hat)(const char *subprofile, unsigned int magic_token);
> -extern int aa_change_hat(const char *subprofile, unsigned long magic_token);
> -extern int aa_change_profile(const char *profile);
> -extern int aa_change_onexec(const char *profile);
> -
> -extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
> -extern int (aa_change_hat_vargs)(unsigned long token, int count, ...);
> -
> -/* Protypes for introspecting task confinement
> - * Please see the aa_getcon(2) manpage for information
> - */
> -extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
> -			      char **mode);
> -extern int aa_getprocattr(pid_t tid, const char *attr, char **con, char **mode);
> -extern int aa_gettaskcon(pid_t target, char **con, char **mode);
> -extern int aa_getcon(char **con, char **mode);
> -extern int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode);
> -extern int aa_getpeercon(int fd, char **con, char **mode);
> -
> -/* A NUL character is used to separate the query command prefix string from the
> - * rest of the query string. The query command sizes intentionally include the
> - * NUL-terminator in their values.
> - */
> -#define AA_QUERY_CMD_LABEL		"label"
> -#define AA_QUERY_CMD_LABEL_SIZE		sizeof(AA_QUERY_CMD_LABEL)
> -
> -extern int aa_query_label(uint32_t mask, char *query, size_t size, int *allow,
> -			  int *audit);
> -
> -#define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y)
> -#define __macroarg_count1(Y...) __macroarg_count2 (Y, 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0)
> -#define __macroarg_count2(_,x0,x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,x14,x15,n,Y...) n
> -
> -/**
> - * change_hat_vargs - a wrapper macro for change_hat_vargs
> - * @T: the magic token
> - * @X...: the parameter list of hats being passed
> - *
> - * The change_hat_vargs macro makes it so the caller doesn't have to
> - * specify the number of hats passed as parameters to the change_hat_vargs
> - * fn.
> - *
> - * eg.
> - * change_hat_vargs(10, hat1, hat2, hat3, hat4);
> - * expandes to
> - * (change_hat_vargs)(10, 4, hat1, hat2, hat3, hat4);
> - *
> - * to call change_hat_vargs direction do
> - * (change_hat_vargs)(token, nhats, hat1, hat2...)
> - */
> -#define aa_change_hat_vargs(T, X...) \
> -	(aa_change_hat_vargs)(T, __macroarg_counter(X), X)
> -
> -__END_DECLS
> -
> -#endif	/* sys/apparmor.h */
> Index: b/libraries/libapparmor/include/Makefile.am
> ===================================================================
> --- /dev/null
> +++ b/libraries/libapparmor/include/Makefile.am
> @@ -0,0 +1,4 @@
> +SUBDIRS = sys
> +
> +aalogparsedir = $(includedir)/aalogparse
> +aalogparse_HEADERS = aalogparse.h
> Index: b/libraries/libapparmor/include/aalogparse.h
> ===================================================================
> --- /dev/null
> +++ b/libraries/libapparmor/include/aalogparse.h
> @@ -0,0 +1,175 @@
> +/*
> + * Copyright (c) 1999-2008 NOVELL (All rights reserved)
> + * Copyright 2009-2010 Canonical Ltd.
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of version 2.1 of the GNU Lesser General
> + * Public License published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public License
> + * along with this program.  If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +
> +#ifndef __LIBAALOGPARSE_H_
> +#define __LIBAALOGPARSE_H_
> +
> +#define AA_RECORD_EXEC_MMAP	1
> +#define AA_RECORD_READ		2
> +#define AA_RECORD_WRITE		4
> +#define AA_RECORD_EXEC		8
> +#define AA_RECORD_LINK		16
> +
> +/**
> + * This is just for convenience now that we have two
> + * wildly different grammars.
> + */
> +
> +typedef enum
> +{
> +	AA_RECORD_SYNTAX_V1,
> +	AA_RECORD_SYNTAX_V2,
> +	AA_RECORD_SYNTAX_UNKNOWN
> +} aa_record_syntax_version;
> +
> +typedef enum
> +{
> +	AA_RECORD_INVALID,	/* Default event type */
> +	AA_RECORD_ERROR,	/* Internal AA error */
> +	AA_RECORD_AUDIT,	/* Audited event */
> +	AA_RECORD_ALLOWED,	/* Complain mode event */
> +	AA_RECORD_DENIED,	/* Denied access event */
> +	AA_RECORD_HINT,		/* Process tracking info */
> +	AA_RECORD_STATUS	/* Configuration change */
> +} aa_record_event_type;
> +
> +/**
> + * With the sole exception of active_hat, this is a 1:1
> + * mapping from the keys that the new syntax uses.
> + *
> + * Some examples of the old syntax and how they're mapped with the aa_log_record struct:
> + *
> + * "PERMITTING r access to /path (program_name(12345) profile /profile active hat)"
> + * - operation: access
> + * - requested_mask: r
> + * - pid: 12345
> + * - profile: /profile
> + * - name: /path
> + * - info: program_name
> + * - active_hat: hat
> + *
> + * "REJECTING mkdir on /path/to/something (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out"
> + * - operation: mkdir
> + * - name: /path/to/something
> + * - info: bash
> + * - pid: 23415
> + * - profile: /bin/freak-aa-out
> + * - active_hat: /bin/freak-aa-out
> + *
> + * "REJECTING xattr set on /path/to/something (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)"
> + * - operation: xattr
> + * - attribute: set
> + * - name: /path/to/something
> + * - info: bash
> + * - pid: 23415
> + * - profile: /bin/freak-aa-out
> + * - active_hat: /bin/freak-aa-out
> + *
> + * "PERMITTING attribute (something) change to /else (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)"
> + * - operation: setattr
> + * - attribute: something
> + * - name: /else
> + * - info: bash
> + * - pid: 23415
> + * - profile: /bin/freak-aa-out
> + * - active_hat: /bin/freak-aa-out
> + *
> + * "PERMITTING access to capability 'cap' (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)"
> + * - operation: capability
> + * - name: cap
> + * - info: bash
> + * - pid: 23415
> + * - profile: /bin/freak-aa-out
> + * - active_hat: /bin/freak-aa-out
> + *
> + * "LOGPROF-HINT unknown_hat TESTHAT pid=27764 profile=/change_hat_test/test_hat active=/change_hat_test/test_hat"
> + * - operation: change_hat
> + * - name: TESTHAT
> + * - info: unknown_hat
> + * - pid: 27764
> + * - profile: /change_hat_test/test_hat
> + * - active_hat: /change_hat_test/test_hat
> + *
> + * "LOGPROF-HINT fork pid=27764 child=38229"
> + * - operation: clone
> + * - task: 38229
> + * - pid: 27764
> + **/
> +
> +typedef struct
> +{
> +	aa_record_syntax_version version;
> +	aa_record_event_type event;	/* Event type */
> +	unsigned long pid;		/* PID of the program logging the message */
> +	unsigned long peer_pid;
> +	unsigned long task;
> +	unsigned long magic_token;
> +	long epoch;			/* example: 12345679 */
> +	unsigned int audit_sub_id;	/* example: 12 */
> +
> +	int bitmask;			/* Bitmask containing "r" "w" "x" etc */
> +	char *audit_id;			/* example: 12345679.1234:12 */
> +	char *operation;		/* "Exec" "Ptrace", etc. */
> +	char *denied_mask;		/* "r", "w", etc. */
> +	char *requested_mask;
> +	unsigned long fsuid;		/* fsuid of task - if logged */
> +	unsigned long ouid;		/* ouid of task - if logged */
> +	char *profile;			/* The name of the profile */
> +	char *peer_profile;
> +	char *comm;			/* Command that triggered msg */
> +	char *name;
> +	char *name2;
> +	char *namespace;
> +	char *attribute;
> +	unsigned long parent;
> +	char *info;
> +	char *peer_info;
> +	int error_code;			/* error_code returned if logged */
> +	char *active_hat;
> +	char *net_family;
> +	char *net_protocol;
> +	char *net_sock_type;
> +	char *net_local_addr;
> +	unsigned long net_local_port;
> +	char *net_foreign_addr;
> +	unsigned long net_foreign_port;
> +	char *dbus_bus;
> +	char *dbus_path;
> +	char *dbus_interface;
> +	char *dbus_member;
> +} aa_log_record;
> +
> +/**
> + * Parses a single log record string and returns a pointer to the parsed
> + * data.  It is the calling program's responsibility to free that struct
> + * with free_record();
> + * @param[in] Record to parse.
> + * @return Parsed data.
> + */
> +aa_log_record *
> +parse_record(char *str);
> +
> +/**
> + * Frees all struct data.
> + * @param[in] Data to free.
> + */
> +void
> +free_record(aa_log_record *record);
> +
> +#endif
> +
> Index: b/libraries/libapparmor/src/Makefile.am
> ===================================================================
> --- a/libraries/libapparmor/src/Makefile.am
> +++ b/libraries/libapparmor/src/Makefile.am
> @@ -28,7 +28,7 @@ BUILT_SOURCES = grammar.h scanner.h af_p
>  AM_LFLAGS = -v
>  AM_YFLAGS = -d -p aalogparse_
>  AM_CFLAGS = -Wall
> -AM_CPPFLAGS = -D_GNU_SOURCE
> +AM_CPPFLAGS = -D_GNU_SOURCE -I$(top_srcdir)/include/
>  scanner.h: scanner.l
>  	$(LEX) -v $<
>  
> @@ -37,12 +37,6 @@ scanner.c: scanner.l
>  af_protos.h: /usr/include/netinet/in.h
>  	 LC_ALL=C  sed  -n -e "/IPPROTO_MAX/d"  -e "s/^\#define[ \\t]\\+IPPROTO_\\([A-Z0-9_]\\+\\)\\(.*\\)$$/AA_GEN_PROTO_ENT(\\UIPPROTO_\\1, \"\\L\\1\")/p" $< > $@
>  
> -changehatdir = $(includedir)/sys
> -changehat_HEADERS = apparmor.h
> -
> -aalogparsedir = $(includedir)/aalogparse
> -aalogparse_HEADERS = aalogparse.h
> -
>  lib_LTLIBRARIES = libapparmor.la
>  noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h
>  
> Index: b/libraries/libapparmor/src/aalogparse.h
> ===================================================================
> --- a/libraries/libapparmor/src/aalogparse.h
> +++ /dev/null
> @@ -1,175 +0,0 @@
> -/*
> - * Copyright (c) 1999-2008 NOVELL (All rights reserved)
> - * Copyright 2009-2010 Canonical Ltd.
> - *
> - * This program is free software; you can redistribute it and/or
> - * modify it under the terms of version 2.1 of the GNU Lesser General
> - * Public License published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> - * GNU Lesser General Public License for more details.
> - *
> - * You should have received a copy of the GNU Lesser General Public License
> - * along with this program.  If not, see <http://www.gnu.org/licenses/>.
> - */
> -
> -
> -#ifndef __LIBAALOGPARSE_H_
> -#define __LIBAALOGPARSE_H_
> -
> -#define AA_RECORD_EXEC_MMAP	1
> -#define AA_RECORD_READ		2
> -#define AA_RECORD_WRITE		4
> -#define AA_RECORD_EXEC		8
> -#define AA_RECORD_LINK		16
> -
> -/**
> - * This is just for convenience now that we have two 
> - * wildly different grammars.
> - */
> -
> -typedef enum
> -{
> -	AA_RECORD_SYNTAX_V1,
> -	AA_RECORD_SYNTAX_V2,
> -	AA_RECORD_SYNTAX_UNKNOWN
> -} aa_record_syntax_version;
> -
> -typedef enum
> -{
> -	AA_RECORD_INVALID,	/* Default event type */
> -	AA_RECORD_ERROR,	/* Internal AA error */
> -	AA_RECORD_AUDIT,	/* Audited event */
> -	AA_RECORD_ALLOWED,	/* Complain mode event */
> -	AA_RECORD_DENIED,	/* Denied access event */
> -	AA_RECORD_HINT,		/* Process tracking info */
> -	AA_RECORD_STATUS	/* Configuration change */
> -} aa_record_event_type;
> -
> -/**
> - * With the sole exception of active_hat, this is a 1:1
> - * mapping from the keys that the new syntax uses.
> - *
> - * Some examples of the old syntax and how they're mapped with the aa_log_record struct:
> - *
> - * "PERMITTING r access to /path (program_name(12345) profile /profile active hat)"
> - * - operation: access
> - * - requested_mask: r
> - * - pid: 12345
> - * - profile: /profile
> - * - name: /path
> - * - info: program_name
> - * - active_hat: hat
> - *
> - * "REJECTING mkdir on /path/to/something (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out"
> - * - operation: mkdir
> - * - name: /path/to/something
> - * - info: bash
> - * - pid: 23415
> - * - profile: /bin/freak-aa-out 
> - * - active_hat: /bin/freak-aa-out 
> - * 
> - * "REJECTING xattr set on /path/to/something (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)"
> - * - operation: xattr
> - * - attribute: set
> - * - name: /path/to/something
> - * - info: bash
> - * - pid: 23415
> - * - profile: /bin/freak-aa-out
> - * - active_hat: /bin/freak-aa-out
> - *
> - * "PERMITTING attribute (something) change to /else (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)"
> - * - operation: setattr
> - * - attribute: something
> - * - name: /else
> - * - info: bash
> - * - pid: 23415
> - * - profile: /bin/freak-aa-out
> - * - active_hat: /bin/freak-aa-out
> - * 
> - * "PERMITTING access to capability 'cap' (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)"
> - * - operation: capability
> - * - name: cap
> - * - info: bash
> - * - pid: 23415
> - * - profile: /bin/freak-aa-out
> - * - active_hat: /bin/freak-aa-out
> - * 
> - * "LOGPROF-HINT unknown_hat TESTHAT pid=27764 profile=/change_hat_test/test_hat active=/change_hat_test/test_hat"
> - * - operation: change_hat
> - * - name: TESTHAT
> - * - info: unknown_hat
> - * - pid: 27764
> - * - profile: /change_hat_test/test_hat
> - * - active_hat: /change_hat_test/test_hat
> - *
> - * "LOGPROF-HINT fork pid=27764 child=38229"
> - * - operation: clone
> - * - task: 38229
> - * - pid: 27764
> - **/
> -
> -typedef struct
> -{
> -	aa_record_syntax_version version;
> -	aa_record_event_type event;	/* Event type */
> -	unsigned long pid;		/* PID of the program logging the message */
> -	unsigned long peer_pid;
> -	unsigned long task;
> -	unsigned long magic_token;
> -	long epoch;			/* example: 12345679 */
> -	unsigned int audit_sub_id;	/* example: 12 */
> -
> -	int bitmask;			/* Bitmask containing "r" "w" "x" etc */
> -	char *audit_id;			/* example: 12345679.1234:12 */
> -	char *operation;		/* "Exec" "Ptrace", etc. */
> -	char *denied_mask;		/* "r", "w", etc. */
> -	char *requested_mask;
> -	unsigned long fsuid;		/* fsuid of task - if logged */
> -	unsigned long ouid;		/* ouid of task - if logged */
> -	char *profile;			/* The name of the profile */
> -	char *peer_profile;
> -	char *comm;			/* Command that triggered msg */
> -	char *name;
> -	char *name2;
> -	char *namespace;
> -	char *attribute;
> -	unsigned long parent;	
> -	char *info;
> -	char *peer_info;
> -	int error_code;			/* error_code returned if logged */
> -	char *active_hat;
> -	char *net_family;
> -	char *net_protocol;
> -	char *net_sock_type;
> -	char *net_local_addr;
> -	unsigned long net_local_port;
> -	char *net_foreign_addr;
> -	unsigned long net_foreign_port;
> -	char *dbus_bus;
> -	char *dbus_path;
> -	char *dbus_interface;
> -	char *dbus_member;
> -} aa_log_record;
> -
> -/**
> - * Parses a single log record string and returns a pointer to the parsed
> - * data.  It is the calling program's responsibility to free that struct
> - * with free_record();
> - * @param[in] Record to parse.
> - * @return Parsed data.
> - */
> -aa_log_record *
> -parse_record(char *str);
> -
> -/**
> - * Frees all struct data.
> - * @param[in] Data to free.
> - */
> -void
> -free_record(aa_log_record *record);
> -
> -#endif
> -
> Index: b/libraries/libapparmor/src/grammar.y
> ===================================================================
> --- a/libraries/libapparmor/src/grammar.y
> +++ b/libraries/libapparmor/src/grammar.y
> @@ -22,7 +22,7 @@
>   * information about tokens given and rules matched. */
>  #define YYDEBUG 0
>  #include <string.h>
> -#include "aalogparse.h"
> +#include <aalogparse.h>
>  #include "parser.h"
>  #include "grammar.h"
>  #include "scanner.h"
> Index: b/libraries/libapparmor/src/kernel_interface.c
> ===================================================================
> --- a/libraries/libapparmor/src/kernel_interface.c
> +++ b/libraries/libapparmor/src/kernel_interface.c
> @@ -31,7 +31,7 @@
>  #include <inttypes.h>
>  #include <pthread.h>
>  
> -#include "apparmor.h"
> +#include <sys/apparmor.h>
>  
>  /* some non-Linux systems do not define a static value */
>  #ifndef PATH_MAX
> Index: b/libraries/libapparmor/src/libaalogparse.c
> ===================================================================
> --- a/libraries/libapparmor/src/libaalogparse.c
> +++ b/libraries/libapparmor/src/libaalogparse.c
> @@ -31,7 +31,7 @@
>  #include <string.h>
>  #include <stdio.h>
>  #include <netinet/in.h>
> -#include "aalogparse.h"
> +#include <aalogparse.h>
>  #include "parser.h"
>  
>  /* This is mostly just a wrapper around the code in grammar.y */
> Index: b/libraries/libapparmor/src/tst_aalogmisc.c
> ===================================================================
> --- a/libraries/libapparmor/src/tst_aalogmisc.c
> +++ b/libraries/libapparmor/src/tst_aalogmisc.c
> @@ -18,7 +18,7 @@
>  #include <stdlib.h>
>  #include <string.h>
>  #include <stdio.h>
> -#include "aalogparse.h"
> +#include <aalogparse.h>
>  #include "parser.h"
>  
>  
> Index: b/libraries/libapparmor/swig/SWIG/libapparmor.i
> ===================================================================
> --- a/libraries/libapparmor/swig/SWIG/libapparmor.i
> +++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
> @@ -1,13 +1,13 @@
>  %module LibAppArmor
>  
>  %{
> -#include "aalogparse.h"
> -#include "apparmor.h"
> +#include <aalogparse.h>
> +#include <sys/apparmor.h>
>  
>  %}
>  
>  %include "typemaps.i"
> -%include "aalogparse.h"
> +%include <aalogparse.h>
>  
>  /* swig doesn't like the macro magic we do in apparmor.h so the fn prototypes
>   * are manually inserted here
> Index: b/libraries/libapparmor/swig/perl/Makefile.PL.in
> ===================================================================
> --- a/libraries/libapparmor/swig/perl/Makefile.PL.in
> +++ b/libraries/libapparmor/swig/perl/Makefile.PL.in
> @@ -10,7 +10,7 @@ WriteMakefile(
>  	'FIRST_MAKEFILE' => 'Makefile.perl',
>  	'ABSTRACT' => q[Perl interface to AppArmor] ,
>  	'VERSION' => q[@VERSION@],
> -	'INC' => q[@CPPFLAGS@ -I at top_srcdir@/src @CFLAGS@],
> +	'INC' => q[@CPPFLAGS@ -I at top_srcdir@/include @CFLAGS@],
>  	'LIBS' => q[-L at top_builddir@/src/.libs/ -lapparmor @LIBS@],
>  	'OBJECT' => 'libapparmor_wrap.o', # $(OBJ_EXT)
>  ) ;
> Index: b/libraries/libapparmor/swig/perl/Makefile.am
> ===================================================================
> --- a/libraries/libapparmor/swig/perl/Makefile.am
> +++ b/libraries/libapparmor/swig/perl/Makefile.am
> @@ -4,7 +4,7 @@ if HAVE_PERL
>  noinst_DATA =LibAppArmor.so
>  
>  libapparmor_wrap.c: $(srcdir)/../SWIG/libapparmor.i
> -	$(SWIG) -perl -I$(srcdir)/../../src -module LibAppArmor -o $@ $(srcdir)/../SWIG/libapparmor.i
> +	$(SWIG) -perl -I$(srcdir)/../../include -module LibAppArmor -o $@ $(srcdir)/../SWIG/libapparmor.i
>  
>  MOSTLYCLEANFILES=libapparmor_wrap.c LibAppArmor.pm
>  
> Index: b/libraries/libapparmor/swig/python/Makefile.am
> ===================================================================
> --- a/libraries/libapparmor/swig/python/Makefile.am
> +++ b/libraries/libapparmor/swig/python/Makefile.am
> @@ -5,7 +5,7 @@ EXTRA_DIST      = libapparmor_wrap.c
>  SUBDIRS = test
>  
>  libapparmor_wrap.c: $(srcdir)/../SWIG/libapparmor.i
> -	$(SWIG) -python -I$(srcdir)/../../src -module LibAppArmor -o $@ $(srcdir)/../SWIG/libapparmor.i
> +	$(SWIG) -python -I$(srcdir)/../../include -module LibAppArmor -o $@ $(srcdir)/../SWIG/libapparmor.i
>  	mv LibAppArmor.py __init__.py
>  
>  MOSTLYCLEANFILES=libapparmor_wrap.c __init__.py
> Index: b/libraries/libapparmor/swig/python/setup.py.in
> ===================================================================
> --- a/libraries/libapparmor/swig/python/setup.py.in
> +++ b/libraries/libapparmor/swig/python/setup.py.in
> @@ -12,7 +12,7 @@ setup(name          = 'LibAppArmor',
>        packages      = [ 'LibAppArmor' ],
>        ext_package   = 'LibAppArmor',
>        ext_modules   = [Extension('_LibAppArmor', ['libapparmor_wrap.c'],
> -                                 include_dirs=['@top_srcdir@/src'],
> +                                 include_dirs=['@top_srcdir@/include'],
>                                   extra_link_args = '-L at top_builddir@/src/.libs -lapparmor'.split(),
>                      )],
>        scripts       = [],
> Index: b/libraries/libapparmor/swig/ruby/Makefile.am
> ===================================================================
> --- a/libraries/libapparmor/swig/ruby/Makefile.am
> +++ b/libraries/libapparmor/swig/ruby/Makefile.am
> @@ -4,12 +4,12 @@ EXTRA_DIST =            extconf.rb LibAp
>  noinst_DATA =           LibAppArmor.so
>  
>  LibAppArmor_wrap.c : $(srcdir)/../SWIG/libapparmor.i
> -	$(SWIG) -ruby -module LibAppArmor -I$(top_srcdir)/src -o $@ $(srcdir)/../SWIG/libapparmor.i
> +	$(SWIG) -ruby -module LibAppArmor -I$(top_srcdir)/include -o $@ $(srcdir)/../SWIG/libapparmor.i
>  
>  MOSTLYCLEANFILES=LibAppArmor_wrap.c
>  
>  Makefile.ruby: extconf.rb
> -	PREFIX=$(prefix) $(RUBY) $< --with-LibAppArmor-include=$(top_srcdir)/src
> +	PREFIX=$(prefix) $(RUBY) $< --with-LibAppArmor-include=$(top_srcdir)/include
>  
>  LibAppArmor.so: LibAppArmor_wrap.c Makefile.ruby
>  	$(MAKE) -fMakefile.ruby
> Index: b/libraries/libapparmor/testsuite/Makefile.am
> ===================================================================
> --- a/libraries/libapparmor/testsuite/Makefile.am
> +++ b/libraries/libapparmor/testsuite/Makefile.am
> @@ -2,7 +2,7 @@ SUBDIRS = lib config libaalogparse.test
>  PACKAGE = libaalogparse
>  AUTOMAKE_OPTIONS = dejagnu
>  
> -INCLUDES = -I. -I$(top_srcdir)/src
> +INCLUDES = -I. -I$(top_srcdir)/include
>  
>  AM_CPPFLAGS = $(DEBUG_FLAGS) -DLOCALEDIR=\"${localedir}\"
>  AM_CFLAGS = -Wall
> Index: b/libraries/libapparmor/src/scanner.l
> ===================================================================
> --- a/libraries/libapparmor/src/scanner.l
> +++ b/libraries/libapparmor/src/scanner.l
> @@ -27,7 +27,7 @@
>  %{
>  
>  #include "grammar.h"
> -#include "aalogparse.h"
> +#include <aalogparse.h>
>  #include "parser.h"
>  
>  #include <assert.h>
> Index: b/libraries/libapparmor/testsuite/test_multi.c
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi.c
> +++ b/libraries/libapparmor/testsuite/test_multi.c
> @@ -5,7 +5,7 @@
>  #include <string.h>
>  #include <errno.h>
>  
> -#include "aalogparse.h"
> +#include <aalogparse.h>
>  
>  int print_results(aa_log_record *record);
>  
> Index: b/libraries/libapparmor/Makefile.am
> ===================================================================
> --- a/libraries/libapparmor/Makefile.am
> +++ b/libraries/libapparmor/Makefile.am
> @@ -2,7 +2,7 @@ AUTOMAKE_OPTIONS = foreign 1.4
>  NAME = libapparmor
>  SRCDIR = src
>  
> -SUBDIRS = doc src swig testsuite
> +SUBDIRS = doc src include swig testsuite
>  
>  REPO_VERSION=$(shell if [ -x /usr/bin/svn ] ; then \
>  	/usr/bin/svn info . 2> /dev/null | grep "^Last Changed Rev:" | sed "s/^Last Changed Rev: //" ; \
> Index: b/libraries/libapparmor/configure.ac
> ===================================================================
> --- a/libraries/libapparmor/configure.ac
> +++ b/libraries/libapparmor/configure.ac
> @@ -82,4 +82,6 @@ testsuite/Makefile
>  testsuite/config/Makefile
>  testsuite/libaalogparse.test/Makefile
>  testsuite/lib/Makefile
> +include/Makefile
> +include/sys/Makefile
>  )
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140106/6c920082/attachment-0001.pgp>


More information about the AppArmor mailing list