[apparmor] [patch 8/8] mod_apparmor: convert aa_change_hat()s into single aa_change_hatv()
Steve Beattie
steve at nxnw.org
Wed Jan 22 20:47:54 UTC 2014
This patch converts the request entry point from using multiple (if
necessary) aa_change_hat() calls into a single aa_change_hatv() call,
simplifying the code a bit, and requiring fewer round trips between
mod_apparmor and the kernel for each request.
[This patch is currently triggering a couple of issues in the kernel.
John is looking into them.]
Signed-off-by: Steve Beattie <steve at nxnw.org>
---
changehat/mod_apparmor/mod_apparmor.c | 54 ++++++++++++++--------------------
1 file changed, 23 insertions(+), 31 deletions(-)
Index: b/changehat/mod_apparmor/mod_apparmor.c
===================================================================
--- a/changehat/mod_apparmor/mod_apparmor.c
+++ b/changehat/mod_apparmor/mod_apparmor.c
@@ -135,6 +135,8 @@ immunix_enter_hat (request_rec *r)
ap_get_module_config (r->per_dir_config, &apparmor_module);
immunix_srv_cfg * scfg = (immunix_srv_cfg *)
ap_get_module_config (r->server->module_config, &apparmor_module);
+ const char *aa_hat_array[5] = { NULL, NULL, NULL, NULL, NULL };
+ int i = 0;
debug_dump_uri(r);
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "in immunix_enter_hat (%s) n:0x%lx p:0x%lx main:0x%lx",
@@ -151,22 +153,14 @@ immunix_enter_hat (request_rec *r)
}
if (dcfg != NULL && dcfg->hat_name != NULL) {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "calling change_hat [dcfg] %s", dcfg->hat_name);
- sd_ret = aa_change_hat(dcfg->hat_name, magic_token);
- if (sd_ret < 0) {
- aa_change_hat(NULL, magic_token);
- } else {
- return OK;
- }
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "[dcfg] adding hat '%s' to aa_change_hat vector", dcfg->hat_name);
+ aa_hat_array[i++] = dcfg->hat_name;
}
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "calling change_hat [uri] %s", r->uri);
- sd_ret = aa_change_hat(r->uri, magic_token);
- if (sd_ret < 0) {
- aa_change_hat(NULL, magic_token);
- } else {
- return OK;
- }
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "[uri] adding uri '%s' to aa_change_hat vector", r->uri);
+ aa_hat_array[i++] = r->uri;
if (scfg) {
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "Dumping scfg info: "
@@ -177,27 +171,25 @@ immunix_enter_hat (request_rec *r)
}
if (scfg != NULL) {
if (scfg->hat_name != NULL) {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "calling change_hat [scfg] %s", scfg->hat_name);
- sd_ret = aa_change_hat(scfg->hat_name, magic_token);
- if (sd_ret < 0) {
- aa_change_hat(NULL, magic_token);
- } else {
- return OK;
- }
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "[scfg] adding hat '%s' to aa_change_hat vector", scfg->hat_name);
+ aa_hat_array[i++] = dcfg->hat_name;
} else {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "calling change_hat w/server_name %s", r->server->server_hostname);
- sd_ret = aa_change_hat(r->server->server_hostname, magic_token);
- if (sd_ret < 0) {
- aa_change_hat(NULL, magic_token);
- } else {
- return OK;
- }
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "[scfg] adding server_name '%s' to aa_change_hat vector",
+ r->server->server_hostname);
+ aa_hat_array[i++] = r->server->server_hostname;
}
}
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "calling change_hat DEFAULT_URI");
- sd_ret = aa_change_hat(DEFAULT_URI_HAT, magic_token);
- if (sd_ret < 0) aa_change_hat(NULL, magic_token);
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "[default] adding '%s' to aa_change_hat vector", DEFAULT_URI_HAT);
+ sd_ret = aa_change_hatv(aa_hat_array, magic_token);
+ if (sd_ret < 0) {
+ aa_change_hat(NULL, magic_token);
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
+ "aa_change_hatv call failed with error '%d'", sd_ret);
+ }
return OK;
}
More information about the AppArmor
mailing list