[apparmor] [patch 1/3] libapparmor: move public headers to separate directory
Tyler Hicks
tyhicks at canonical.com
Mon Jan 6 20:34:03 UTC 2014
On 2013-12-24 12:59:33, Steve Beattie wrote:
> This patch moves the apparmor.h and aalogparse.h headers
> from the libapparmor/src/ directory to a new directory
> libapparmor/include/. The apparmor.h header is stored in a sys/
> directory within libapparmor/include/ to match its usual install
> location in /usr/include/sys/, simplifying the #include statements of
> source that wishes to include either the in-tree or system installed
> version of the header (i.e. #include <sys/apparmor.h> can be used
> everywhere).
>
> The patch size is inflated by the movements of the header files, which
> are unchanged except for their locations. Otherwise, the rest of the
> changes are to modify the include search path or to stop looking in
> $CWD for one of the headers.
>
> Signed-off-by: Steve Beattie <steve at nxnw.org>
This is definitely the best solution for the problem. Thanks for putting
these patches together.
This patch looks good to me.
Acked-by: Tyler Hicks <tyhicks at canonical.com>
Tyler
> ---
>
> libraries/libapparmor/Makefile.am | 2
> libraries/libapparmor/configure.ac | 2
> libraries/libapparmor/include/Makefile.am | 4
> libraries/libapparmor/include/aalogparse.h | 175 +++++++++++++++++++++++++
> libraries/libapparmor/include/sys/Makefile.am | 3
> libraries/libapparmor/include/sys/apparmor.h | 107 +++++++++++++++
> libraries/libapparmor/src/Makefile.am | 8 -
> libraries/libapparmor/src/aalogparse.h | 175 -------------------------
> libraries/libapparmor/src/apparmor.h | 107 ---------------
> libraries/libapparmor/src/grammar.y | 2
> libraries/libapparmor/src/kernel_interface.c | 2
> libraries/libapparmor/src/libaalogparse.c | 2
> libraries/libapparmor/src/scanner.l | 2
> libraries/libapparmor/src/tst_aalogmisc.c | 2
> libraries/libapparmor/swig/SWIG/libapparmor.i | 6
> libraries/libapparmor/swig/perl/Makefile.PL.in | 2
> libraries/libapparmor/swig/perl/Makefile.am | 2
> libraries/libapparmor/swig/python/Makefile.am | 2
> libraries/libapparmor/swig/python/setup.py.in | 2
> libraries/libapparmor/swig/ruby/Makefile.am | 4
> libraries/libapparmor/testsuite/Makefile.am | 2
> libraries/libapparmor/testsuite/test_multi.c | 2
> 22 files changed, 309 insertions(+), 306 deletions(-)
>
> Index: b/libraries/libapparmor/include/sys/Makefile.am
> ===================================================================
> --- /dev/null
> +++ b/libraries/libapparmor/include/sys/Makefile.am
> @@ -0,0 +1,3 @@
> +
> +apparmor_hdrdir = $(includedir)/sys
> +apparmor_hdr_HEADERS = apparmor.h
> Index: b/libraries/libapparmor/include/sys/apparmor.h
> ===================================================================
> --- /dev/null
> +++ b/libraries/libapparmor/include/sys/apparmor.h
> @@ -0,0 +1,107 @@
> +/*
> + * Copyright (c) 2003-2008 Novell, Inc. (All rights reserved)
> + * Copyright 2009-2010 Canonical Ltd.
> + *
> + * The libapparmor library is licensed under the terms of the GNU
> + * Lesser General Public License, version 2.1. Please see the file
> + * COPYING.LGPL.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public License
> + * along with this program. If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#ifndef _SYS_APPARMOR_H
> +#define _SYS_APPARMOR_H 1
> +
> +#include <stdint.h>
> +#include <sys/types.h>
> +
> +__BEGIN_DECLS
> +
> +/*
> + * Class of public mediation types in the AppArmor policy db
> + */
> +
> +#define AA_CLASS_DBUS 32
> +
> +
> +/* Permission flags for the AA_CLASS_DBUS mediation class */
> +#define AA_DBUS_SEND (1 << 1)
> +#define AA_DBUS_RECEIVE (1 << 2)
> +#define AA_DBUS_EAVESDROP (1 << 5)
> +#define AA_DBUS_BIND (1 << 6)
> +#define AA_VALID_DBUS_PERMS (AA_DBUS_SEND | AA_DBUS_RECEIVE | \
> + AA_DBUS_BIND | AA_DBUS_EAVESDROP)
> +
> +
> +/* Prototypes for apparmor state queries */
> +extern int aa_is_enabled(void);
> +extern int aa_find_mountpoint(char **mnt);
> +
> +/* Prototypes for self directed domain transitions
> + * see <http://apparmor.net>
> + * Please see the change_hat(2) manpage for information.
> + */
> +
> +#define change_hat(X, Y) aa_change_hat((X), (Y))
> +extern int (change_hat)(const char *subprofile, unsigned int magic_token);
> +extern int aa_change_hat(const char *subprofile, unsigned long magic_token);
> +extern int aa_change_profile(const char *profile);
> +extern int aa_change_onexec(const char *profile);
> +
> +extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
> +extern int (aa_change_hat_vargs)(unsigned long token, int count, ...);
> +
> +/* Protypes for introspecting task confinement
> + * Please see the aa_getcon(2) manpage for information
> + */
> +extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
> + char **mode);
> +extern int aa_getprocattr(pid_t tid, const char *attr, char **con, char **mode);
> +extern int aa_gettaskcon(pid_t target, char **con, char **mode);
> +extern int aa_getcon(char **con, char **mode);
> +extern int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode);
> +extern int aa_getpeercon(int fd, char **con, char **mode);
> +
> +/* A NUL character is used to separate the query command prefix string from the
> + * rest of the query string. The query command sizes intentionally include the
> + * NUL-terminator in their values.
> + */
> +#define AA_QUERY_CMD_LABEL "label"
> +#define AA_QUERY_CMD_LABEL_SIZE sizeof(AA_QUERY_CMD_LABEL)
> +
> +extern int aa_query_label(uint32_t mask, char *query, size_t size, int *allow,
> + int *audit);
> +
> +#define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y)
> +#define __macroarg_count1(Y...) __macroarg_count2 (Y, 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0)
> +#define __macroarg_count2(_,x0,x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,x14,x15,n,Y...) n
> +
> +/**
> + * change_hat_vargs - a wrapper macro for change_hat_vargs
> + * @T: the magic token
> + * @X...: the parameter list of hats being passed
> + *
> + * The change_hat_vargs macro makes it so the caller doesn't have to
> + * specify the number of hats passed as parameters to the change_hat_vargs
> + * fn.
> + *
> + * eg.
> + * change_hat_vargs(10, hat1, hat2, hat3, hat4);
> + * expandes to
> + * (change_hat_vargs)(10, 4, hat1, hat2, hat3, hat4);
> + *
> + * to call change_hat_vargs direction do
> + * (change_hat_vargs)(token, nhats, hat1, hat2...)
> + */
> +#define aa_change_hat_vargs(T, X...) \
> + (aa_change_hat_vargs)(T, __macroarg_counter(X), X)
> +
> +__END_DECLS
> +
> +#endif /* sys/apparmor.h */
> Index: b/libraries/libapparmor/src/apparmor.h
> ===================================================================
> --- a/libraries/libapparmor/src/apparmor.h
> +++ /dev/null
> @@ -1,107 +0,0 @@
> -/*
> - * Copyright (c) 2003-2008 Novell, Inc. (All rights reserved)
> - * Copyright 2009-2010 Canonical Ltd.
> - *
> - * The libapparmor library is licensed under the terms of the GNU
> - * Lesser General Public License, version 2.1. Please see the file
> - * COPYING.LGPL.
> - *
> - * This library is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - * GNU Lesser General Public License for more details.
> - *
> - * You should have received a copy of the GNU Lesser General Public License
> - * along with this program. If not, see <http://www.gnu.org/licenses/>.
> - */
> -
> -#ifndef _SYS_APPARMOR_H
> -#define _SYS_APPARMOR_H 1
> -
> -#include <stdint.h>
> -#include <sys/types.h>
> -
> -__BEGIN_DECLS
> -
> -/*
> - * Class of public mediation types in the AppArmor policy db
> - */
> -
> -#define AA_CLASS_DBUS 32
> -
> -
> -/* Permission flags for the AA_CLASS_DBUS mediation class */
> -#define AA_DBUS_SEND (1 << 1)
> -#define AA_DBUS_RECEIVE (1 << 2)
> -#define AA_DBUS_EAVESDROP (1 << 5)
> -#define AA_DBUS_BIND (1 << 6)
> -#define AA_VALID_DBUS_PERMS (AA_DBUS_SEND | AA_DBUS_RECEIVE | \
> - AA_DBUS_BIND | AA_DBUS_EAVESDROP)
> -
> -
> -/* Prototypes for apparmor state queries */
> -extern int aa_is_enabled(void);
> -extern int aa_find_mountpoint(char **mnt);
> -
> -/* Prototypes for self directed domain transitions
> - * see <http://apparmor.net>
> - * Please see the change_hat(2) manpage for information.
> - */
> -
> -#define change_hat(X, Y) aa_change_hat((X), (Y))
> -extern int (change_hat)(const char *subprofile, unsigned int magic_token);
> -extern int aa_change_hat(const char *subprofile, unsigned long magic_token);
> -extern int aa_change_profile(const char *profile);
> -extern int aa_change_onexec(const char *profile);
> -
> -extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
> -extern int (aa_change_hat_vargs)(unsigned long token, int count, ...);
> -
> -/* Protypes for introspecting task confinement
> - * Please see the aa_getcon(2) manpage for information
> - */
> -extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
> - char **mode);
> -extern int aa_getprocattr(pid_t tid, const char *attr, char **con, char **mode);
> -extern int aa_gettaskcon(pid_t target, char **con, char **mode);
> -extern int aa_getcon(char **con, char **mode);
> -extern int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode);
> -extern int aa_getpeercon(int fd, char **con, char **mode);
> -
> -/* A NUL character is used to separate the query command prefix string from the
> - * rest of the query string. The query command sizes intentionally include the
> - * NUL-terminator in their values.
> - */
> -#define AA_QUERY_CMD_LABEL "label"
> -#define AA_QUERY_CMD_LABEL_SIZE sizeof(AA_QUERY_CMD_LABEL)
> -
> -extern int aa_query_label(uint32_t mask, char *query, size_t size, int *allow,
> - int *audit);
> -
> -#define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y)
> -#define __macroarg_count1(Y...) __macroarg_count2 (Y, 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0)
> -#define __macroarg_count2(_,x0,x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,x14,x15,n,Y...) n
> -
> -/**
> - * change_hat_vargs - a wrapper macro for change_hat_vargs
> - * @T: the magic token
> - * @X...: the parameter list of hats being passed
> - *
> - * The change_hat_vargs macro makes it so the caller doesn't have to
> - * specify the number of hats passed as parameters to the change_hat_vargs
> - * fn.
> - *
> - * eg.
> - * change_hat_vargs(10, hat1, hat2, hat3, hat4);
> - * expandes to
> - * (change_hat_vargs)(10, 4, hat1, hat2, hat3, hat4);
> - *
> - * to call change_hat_vargs direction do
> - * (change_hat_vargs)(token, nhats, hat1, hat2...)
> - */
> -#define aa_change_hat_vargs(T, X...) \
> - (aa_change_hat_vargs)(T, __macroarg_counter(X), X)
> -
> -__END_DECLS
> -
> -#endif /* sys/apparmor.h */
> Index: b/libraries/libapparmor/include/Makefile.am
> ===================================================================
> --- /dev/null
> +++ b/libraries/libapparmor/include/Makefile.am
> @@ -0,0 +1,4 @@
> +SUBDIRS = sys
> +
> +aalogparsedir = $(includedir)/aalogparse
> +aalogparse_HEADERS = aalogparse.h
> Index: b/libraries/libapparmor/include/aalogparse.h
> ===================================================================
> --- /dev/null
> +++ b/libraries/libapparmor/include/aalogparse.h
> @@ -0,0 +1,175 @@
> +/*
> + * Copyright (c) 1999-2008 NOVELL (All rights reserved)
> + * Copyright 2009-2010 Canonical Ltd.
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of version 2.1 of the GNU Lesser General
> + * Public License published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public License
> + * along with this program. If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +
> +#ifndef __LIBAALOGPARSE_H_
> +#define __LIBAALOGPARSE_H_
> +
> +#define AA_RECORD_EXEC_MMAP 1
> +#define AA_RECORD_READ 2
> +#define AA_RECORD_WRITE 4
> +#define AA_RECORD_EXEC 8
> +#define AA_RECORD_LINK 16
> +
> +/**
> + * This is just for convenience now that we have two
> + * wildly different grammars.
> + */
> +
> +typedef enum
> +{
> + AA_RECORD_SYNTAX_V1,
> + AA_RECORD_SYNTAX_V2,
> + AA_RECORD_SYNTAX_UNKNOWN
> +} aa_record_syntax_version;
> +
> +typedef enum
> +{
> + AA_RECORD_INVALID, /* Default event type */
> + AA_RECORD_ERROR, /* Internal AA error */
> + AA_RECORD_AUDIT, /* Audited event */
> + AA_RECORD_ALLOWED, /* Complain mode event */
> + AA_RECORD_DENIED, /* Denied access event */
> + AA_RECORD_HINT, /* Process tracking info */
> + AA_RECORD_STATUS /* Configuration change */
> +} aa_record_event_type;
> +
> +/**
> + * With the sole exception of active_hat, this is a 1:1
> + * mapping from the keys that the new syntax uses.
> + *
> + * Some examples of the old syntax and how they're mapped with the aa_log_record struct:
> + *
> + * "PERMITTING r access to /path (program_name(12345) profile /profile active hat)"
> + * - operation: access
> + * - requested_mask: r
> + * - pid: 12345
> + * - profile: /profile
> + * - name: /path
> + * - info: program_name
> + * - active_hat: hat
> + *
> + * "REJECTING mkdir on /path/to/something (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out"
> + * - operation: mkdir
> + * - name: /path/to/something
> + * - info: bash
> + * - pid: 23415
> + * - profile: /bin/freak-aa-out
> + * - active_hat: /bin/freak-aa-out
> + *
> + * "REJECTING xattr set on /path/to/something (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)"
> + * - operation: xattr
> + * - attribute: set
> + * - name: /path/to/something
> + * - info: bash
> + * - pid: 23415
> + * - profile: /bin/freak-aa-out
> + * - active_hat: /bin/freak-aa-out
> + *
> + * "PERMITTING attribute (something) change to /else (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)"
> + * - operation: setattr
> + * - attribute: something
> + * - name: /else
> + * - info: bash
> + * - pid: 23415
> + * - profile: /bin/freak-aa-out
> + * - active_hat: /bin/freak-aa-out
> + *
> + * "PERMITTING access to capability 'cap' (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)"
> + * - operation: capability
> + * - name: cap
> + * - info: bash
> + * - pid: 23415
> + * - profile: /bin/freak-aa-out
> + * - active_hat: /bin/freak-aa-out
> + *
> + * "LOGPROF-HINT unknown_hat TESTHAT pid=27764 profile=/change_hat_test/test_hat active=/change_hat_test/test_hat"
> + * - operation: change_hat
> + * - name: TESTHAT
> + * - info: unknown_hat
> + * - pid: 27764
> + * - profile: /change_hat_test/test_hat
> + * - active_hat: /change_hat_test/test_hat
> + *
> + * "LOGPROF-HINT fork pid=27764 child=38229"
> + * - operation: clone
> + * - task: 38229
> + * - pid: 27764
> + **/
> +
> +typedef struct
> +{
> + aa_record_syntax_version version;
> + aa_record_event_type event; /* Event type */
> + unsigned long pid; /* PID of the program logging the message */
> + unsigned long peer_pid;
> + unsigned long task;
> + unsigned long magic_token;
> + long epoch; /* example: 12345679 */
> + unsigned int audit_sub_id; /* example: 12 */
> +
> + int bitmask; /* Bitmask containing "r" "w" "x" etc */
> + char *audit_id; /* example: 12345679.1234:12 */
> + char *operation; /* "Exec" "Ptrace", etc. */
> + char *denied_mask; /* "r", "w", etc. */
> + char *requested_mask;
> + unsigned long fsuid; /* fsuid of task - if logged */
> + unsigned long ouid; /* ouid of task - if logged */
> + char *profile; /* The name of the profile */
> + char *peer_profile;
> + char *comm; /* Command that triggered msg */
> + char *name;
> + char *name2;
> + char *namespace;
> + char *attribute;
> + unsigned long parent;
> + char *info;
> + char *peer_info;
> + int error_code; /* error_code returned if logged */
> + char *active_hat;
> + char *net_family;
> + char *net_protocol;
> + char *net_sock_type;
> + char *net_local_addr;
> + unsigned long net_local_port;
> + char *net_foreign_addr;
> + unsigned long net_foreign_port;
> + char *dbus_bus;
> + char *dbus_path;
> + char *dbus_interface;
> + char *dbus_member;
> +} aa_log_record;
> +
> +/**
> + * Parses a single log record string and returns a pointer to the parsed
> + * data. It is the calling program's responsibility to free that struct
> + * with free_record();
> + * @param[in] Record to parse.
> + * @return Parsed data.
> + */
> +aa_log_record *
> +parse_record(char *str);
> +
> +/**
> + * Frees all struct data.
> + * @param[in] Data to free.
> + */
> +void
> +free_record(aa_log_record *record);
> +
> +#endif
> +
> Index: b/libraries/libapparmor/src/Makefile.am
> ===================================================================
> --- a/libraries/libapparmor/src/Makefile.am
> +++ b/libraries/libapparmor/src/Makefile.am
> @@ -28,7 +28,7 @@ BUILT_SOURCES = grammar.h scanner.h af_p
> AM_LFLAGS = -v
> AM_YFLAGS = -d -p aalogparse_
> AM_CFLAGS = -Wall
> -AM_CPPFLAGS = -D_GNU_SOURCE
> +AM_CPPFLAGS = -D_GNU_SOURCE -I$(top_srcdir)/include/
> scanner.h: scanner.l
> $(LEX) -v $<
>
> @@ -37,12 +37,6 @@ scanner.c: scanner.l
> af_protos.h: /usr/include/netinet/in.h
> LC_ALL=C sed -n -e "/IPPROTO_MAX/d" -e "s/^\#define[ \\t]\\+IPPROTO_\\([A-Z0-9_]\\+\\)\\(.*\\)$$/AA_GEN_PROTO_ENT(\\UIPPROTO_\\1, \"\\L\\1\")/p" $< > $@
>
> -changehatdir = $(includedir)/sys
> -changehat_HEADERS = apparmor.h
> -
> -aalogparsedir = $(includedir)/aalogparse
> -aalogparse_HEADERS = aalogparse.h
> -
> lib_LTLIBRARIES = libapparmor.la
> noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h
>
> Index: b/libraries/libapparmor/src/aalogparse.h
> ===================================================================
> --- a/libraries/libapparmor/src/aalogparse.h
> +++ /dev/null
> @@ -1,175 +0,0 @@
> -/*
> - * Copyright (c) 1999-2008 NOVELL (All rights reserved)
> - * Copyright 2009-2010 Canonical Ltd.
> - *
> - * This program is free software; you can redistribute it and/or
> - * modify it under the terms of version 2.1 of the GNU Lesser General
> - * Public License published by the Free Software Foundation.
> - *
> - * This program is distributed in the hope that it will be useful,
> - * but WITHOUT ANY WARRANTY; without even the implied warranty of
> - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> - * GNU Lesser General Public License for more details.
> - *
> - * You should have received a copy of the GNU Lesser General Public License
> - * along with this program. If not, see <http://www.gnu.org/licenses/>.
> - */
> -
> -
> -#ifndef __LIBAALOGPARSE_H_
> -#define __LIBAALOGPARSE_H_
> -
> -#define AA_RECORD_EXEC_MMAP 1
> -#define AA_RECORD_READ 2
> -#define AA_RECORD_WRITE 4
> -#define AA_RECORD_EXEC 8
> -#define AA_RECORD_LINK 16
> -
> -/**
> - * This is just for convenience now that we have two
> - * wildly different grammars.
> - */
> -
> -typedef enum
> -{
> - AA_RECORD_SYNTAX_V1,
> - AA_RECORD_SYNTAX_V2,
> - AA_RECORD_SYNTAX_UNKNOWN
> -} aa_record_syntax_version;
> -
> -typedef enum
> -{
> - AA_RECORD_INVALID, /* Default event type */
> - AA_RECORD_ERROR, /* Internal AA error */
> - AA_RECORD_AUDIT, /* Audited event */
> - AA_RECORD_ALLOWED, /* Complain mode event */
> - AA_RECORD_DENIED, /* Denied access event */
> - AA_RECORD_HINT, /* Process tracking info */
> - AA_RECORD_STATUS /* Configuration change */
> -} aa_record_event_type;
> -
> -/**
> - * With the sole exception of active_hat, this is a 1:1
> - * mapping from the keys that the new syntax uses.
> - *
> - * Some examples of the old syntax and how they're mapped with the aa_log_record struct:
> - *
> - * "PERMITTING r access to /path (program_name(12345) profile /profile active hat)"
> - * - operation: access
> - * - requested_mask: r
> - * - pid: 12345
> - * - profile: /profile
> - * - name: /path
> - * - info: program_name
> - * - active_hat: hat
> - *
> - * "REJECTING mkdir on /path/to/something (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out"
> - * - operation: mkdir
> - * - name: /path/to/something
> - * - info: bash
> - * - pid: 23415
> - * - profile: /bin/freak-aa-out
> - * - active_hat: /bin/freak-aa-out
> - *
> - * "REJECTING xattr set on /path/to/something (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)"
> - * - operation: xattr
> - * - attribute: set
> - * - name: /path/to/something
> - * - info: bash
> - * - pid: 23415
> - * - profile: /bin/freak-aa-out
> - * - active_hat: /bin/freak-aa-out
> - *
> - * "PERMITTING attribute (something) change to /else (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)"
> - * - operation: setattr
> - * - attribute: something
> - * - name: /else
> - * - info: bash
> - * - pid: 23415
> - * - profile: /bin/freak-aa-out
> - * - active_hat: /bin/freak-aa-out
> - *
> - * "PERMITTING access to capability 'cap' (bash(23415) profile /bin/freak-aa-out active /bin/freak-aa-out)"
> - * - operation: capability
> - * - name: cap
> - * - info: bash
> - * - pid: 23415
> - * - profile: /bin/freak-aa-out
> - * - active_hat: /bin/freak-aa-out
> - *
> - * "LOGPROF-HINT unknown_hat TESTHAT pid=27764 profile=/change_hat_test/test_hat active=/change_hat_test/test_hat"
> - * - operation: change_hat
> - * - name: TESTHAT
> - * - info: unknown_hat
> - * - pid: 27764
> - * - profile: /change_hat_test/test_hat
> - * - active_hat: /change_hat_test/test_hat
> - *
> - * "LOGPROF-HINT fork pid=27764 child=38229"
> - * - operation: clone
> - * - task: 38229
> - * - pid: 27764
> - **/
> -
> -typedef struct
> -{
> - aa_record_syntax_version version;
> - aa_record_event_type event; /* Event type */
> - unsigned long pid; /* PID of the program logging the message */
> - unsigned long peer_pid;
> - unsigned long task;
> - unsigned long magic_token;
> - long epoch; /* example: 12345679 */
> - unsigned int audit_sub_id; /* example: 12 */
> -
> - int bitmask; /* Bitmask containing "r" "w" "x" etc */
> - char *audit_id; /* example: 12345679.1234:12 */
> - char *operation; /* "Exec" "Ptrace", etc. */
> - char *denied_mask; /* "r", "w", etc. */
> - char *requested_mask;
> - unsigned long fsuid; /* fsuid of task - if logged */
> - unsigned long ouid; /* ouid of task - if logged */
> - char *profile; /* The name of the profile */
> - char *peer_profile;
> - char *comm; /* Command that triggered msg */
> - char *name;
> - char *name2;
> - char *namespace;
> - char *attribute;
> - unsigned long parent;
> - char *info;
> - char *peer_info;
> - int error_code; /* error_code returned if logged */
> - char *active_hat;
> - char *net_family;
> - char *net_protocol;
> - char *net_sock_type;
> - char *net_local_addr;
> - unsigned long net_local_port;
> - char *net_foreign_addr;
> - unsigned long net_foreign_port;
> - char *dbus_bus;
> - char *dbus_path;
> - char *dbus_interface;
> - char *dbus_member;
> -} aa_log_record;
> -
> -/**
> - * Parses a single log record string and returns a pointer to the parsed
> - * data. It is the calling program's responsibility to free that struct
> - * with free_record();
> - * @param[in] Record to parse.
> - * @return Parsed data.
> - */
> -aa_log_record *
> -parse_record(char *str);
> -
> -/**
> - * Frees all struct data.
> - * @param[in] Data to free.
> - */
> -void
> -free_record(aa_log_record *record);
> -
> -#endif
> -
> Index: b/libraries/libapparmor/src/grammar.y
> ===================================================================
> --- a/libraries/libapparmor/src/grammar.y
> +++ b/libraries/libapparmor/src/grammar.y
> @@ -22,7 +22,7 @@
> * information about tokens given and rules matched. */
> #define YYDEBUG 0
> #include <string.h>
> -#include "aalogparse.h"
> +#include <aalogparse.h>
> #include "parser.h"
> #include "grammar.h"
> #include "scanner.h"
> Index: b/libraries/libapparmor/src/kernel_interface.c
> ===================================================================
> --- a/libraries/libapparmor/src/kernel_interface.c
> +++ b/libraries/libapparmor/src/kernel_interface.c
> @@ -31,7 +31,7 @@
> #include <inttypes.h>
> #include <pthread.h>
>
> -#include "apparmor.h"
> +#include <sys/apparmor.h>
>
> /* some non-Linux systems do not define a static value */
> #ifndef PATH_MAX
> Index: b/libraries/libapparmor/src/libaalogparse.c
> ===================================================================
> --- a/libraries/libapparmor/src/libaalogparse.c
> +++ b/libraries/libapparmor/src/libaalogparse.c
> @@ -31,7 +31,7 @@
> #include <string.h>
> #include <stdio.h>
> #include <netinet/in.h>
> -#include "aalogparse.h"
> +#include <aalogparse.h>
> #include "parser.h"
>
> /* This is mostly just a wrapper around the code in grammar.y */
> Index: b/libraries/libapparmor/src/tst_aalogmisc.c
> ===================================================================
> --- a/libraries/libapparmor/src/tst_aalogmisc.c
> +++ b/libraries/libapparmor/src/tst_aalogmisc.c
> @@ -18,7 +18,7 @@
> #include <stdlib.h>
> #include <string.h>
> #include <stdio.h>
> -#include "aalogparse.h"
> +#include <aalogparse.h>
> #include "parser.h"
>
>
> Index: b/libraries/libapparmor/swig/SWIG/libapparmor.i
> ===================================================================
> --- a/libraries/libapparmor/swig/SWIG/libapparmor.i
> +++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
> @@ -1,13 +1,13 @@
> %module LibAppArmor
>
> %{
> -#include "aalogparse.h"
> -#include "apparmor.h"
> +#include <aalogparse.h>
> +#include <sys/apparmor.h>
>
> %}
>
> %include "typemaps.i"
> -%include "aalogparse.h"
> +%include <aalogparse.h>
>
> /* swig doesn't like the macro magic we do in apparmor.h so the fn prototypes
> * are manually inserted here
> Index: b/libraries/libapparmor/swig/perl/Makefile.PL.in
> ===================================================================
> --- a/libraries/libapparmor/swig/perl/Makefile.PL.in
> +++ b/libraries/libapparmor/swig/perl/Makefile.PL.in
> @@ -10,7 +10,7 @@ WriteMakefile(
> 'FIRST_MAKEFILE' => 'Makefile.perl',
> 'ABSTRACT' => q[Perl interface to AppArmor] ,
> 'VERSION' => q[@VERSION@],
> - 'INC' => q[@CPPFLAGS@ -I at top_srcdir@/src @CFLAGS@],
> + 'INC' => q[@CPPFLAGS@ -I at top_srcdir@/include @CFLAGS@],
> 'LIBS' => q[-L at top_builddir@/src/.libs/ -lapparmor @LIBS@],
> 'OBJECT' => 'libapparmor_wrap.o', # $(OBJ_EXT)
> ) ;
> Index: b/libraries/libapparmor/swig/perl/Makefile.am
> ===================================================================
> --- a/libraries/libapparmor/swig/perl/Makefile.am
> +++ b/libraries/libapparmor/swig/perl/Makefile.am
> @@ -4,7 +4,7 @@ if HAVE_PERL
> noinst_DATA =LibAppArmor.so
>
> libapparmor_wrap.c: $(srcdir)/../SWIG/libapparmor.i
> - $(SWIG) -perl -I$(srcdir)/../../src -module LibAppArmor -o $@ $(srcdir)/../SWIG/libapparmor.i
> + $(SWIG) -perl -I$(srcdir)/../../include -module LibAppArmor -o $@ $(srcdir)/../SWIG/libapparmor.i
>
> MOSTLYCLEANFILES=libapparmor_wrap.c LibAppArmor.pm
>
> Index: b/libraries/libapparmor/swig/python/Makefile.am
> ===================================================================
> --- a/libraries/libapparmor/swig/python/Makefile.am
> +++ b/libraries/libapparmor/swig/python/Makefile.am
> @@ -5,7 +5,7 @@ EXTRA_DIST = libapparmor_wrap.c
> SUBDIRS = test
>
> libapparmor_wrap.c: $(srcdir)/../SWIG/libapparmor.i
> - $(SWIG) -python -I$(srcdir)/../../src -module LibAppArmor -o $@ $(srcdir)/../SWIG/libapparmor.i
> + $(SWIG) -python -I$(srcdir)/../../include -module LibAppArmor -o $@ $(srcdir)/../SWIG/libapparmor.i
> mv LibAppArmor.py __init__.py
>
> MOSTLYCLEANFILES=libapparmor_wrap.c __init__.py
> Index: b/libraries/libapparmor/swig/python/setup.py.in
> ===================================================================
> --- a/libraries/libapparmor/swig/python/setup.py.in
> +++ b/libraries/libapparmor/swig/python/setup.py.in
> @@ -12,7 +12,7 @@ setup(name = 'LibAppArmor',
> packages = [ 'LibAppArmor' ],
> ext_package = 'LibAppArmor',
> ext_modules = [Extension('_LibAppArmor', ['libapparmor_wrap.c'],
> - include_dirs=['@top_srcdir@/src'],
> + include_dirs=['@top_srcdir@/include'],
> extra_link_args = '-L at top_builddir@/src/.libs -lapparmor'.split(),
> )],
> scripts = [],
> Index: b/libraries/libapparmor/swig/ruby/Makefile.am
> ===================================================================
> --- a/libraries/libapparmor/swig/ruby/Makefile.am
> +++ b/libraries/libapparmor/swig/ruby/Makefile.am
> @@ -4,12 +4,12 @@ EXTRA_DIST = extconf.rb LibAp
> noinst_DATA = LibAppArmor.so
>
> LibAppArmor_wrap.c : $(srcdir)/../SWIG/libapparmor.i
> - $(SWIG) -ruby -module LibAppArmor -I$(top_srcdir)/src -o $@ $(srcdir)/../SWIG/libapparmor.i
> + $(SWIG) -ruby -module LibAppArmor -I$(top_srcdir)/include -o $@ $(srcdir)/../SWIG/libapparmor.i
>
> MOSTLYCLEANFILES=LibAppArmor_wrap.c
>
> Makefile.ruby: extconf.rb
> - PREFIX=$(prefix) $(RUBY) $< --with-LibAppArmor-include=$(top_srcdir)/src
> + PREFIX=$(prefix) $(RUBY) $< --with-LibAppArmor-include=$(top_srcdir)/include
>
> LibAppArmor.so: LibAppArmor_wrap.c Makefile.ruby
> $(MAKE) -fMakefile.ruby
> Index: b/libraries/libapparmor/testsuite/Makefile.am
> ===================================================================
> --- a/libraries/libapparmor/testsuite/Makefile.am
> +++ b/libraries/libapparmor/testsuite/Makefile.am
> @@ -2,7 +2,7 @@ SUBDIRS = lib config libaalogparse.test
> PACKAGE = libaalogparse
> AUTOMAKE_OPTIONS = dejagnu
>
> -INCLUDES = -I. -I$(top_srcdir)/src
> +INCLUDES = -I. -I$(top_srcdir)/include
>
> AM_CPPFLAGS = $(DEBUG_FLAGS) -DLOCALEDIR=\"${localedir}\"
> AM_CFLAGS = -Wall
> Index: b/libraries/libapparmor/src/scanner.l
> ===================================================================
> --- a/libraries/libapparmor/src/scanner.l
> +++ b/libraries/libapparmor/src/scanner.l
> @@ -27,7 +27,7 @@
> %{
>
> #include "grammar.h"
> -#include "aalogparse.h"
> +#include <aalogparse.h>
> #include "parser.h"
>
> #include <assert.h>
> Index: b/libraries/libapparmor/testsuite/test_multi.c
> ===================================================================
> --- a/libraries/libapparmor/testsuite/test_multi.c
> +++ b/libraries/libapparmor/testsuite/test_multi.c
> @@ -5,7 +5,7 @@
> #include <string.h>
> #include <errno.h>
>
> -#include "aalogparse.h"
> +#include <aalogparse.h>
>
> int print_results(aa_log_record *record);
>
> Index: b/libraries/libapparmor/Makefile.am
> ===================================================================
> --- a/libraries/libapparmor/Makefile.am
> +++ b/libraries/libapparmor/Makefile.am
> @@ -2,7 +2,7 @@ AUTOMAKE_OPTIONS = foreign 1.4
> NAME = libapparmor
> SRCDIR = src
>
> -SUBDIRS = doc src swig testsuite
> +SUBDIRS = doc src include swig testsuite
>
> REPO_VERSION=$(shell if [ -x /usr/bin/svn ] ; then \
> /usr/bin/svn info . 2> /dev/null | grep "^Last Changed Rev:" | sed "s/^Last Changed Rev: //" ; \
> Index: b/libraries/libapparmor/configure.ac
> ===================================================================
> --- a/libraries/libapparmor/configure.ac
> +++ b/libraries/libapparmor/configure.ac
> @@ -82,4 +82,6 @@ testsuite/Makefile
> testsuite/config/Makefile
> testsuite/libaalogparse.test/Makefile
> testsuite/lib/Makefile
> +include/Makefile
> +include/sys/Makefile
> )
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140106/6c920082/attachment-0001.pgp>
More information about the AppArmor
mailing list