[apparmor] [PATCH 28/31] parser: Use aa_kernel_interface API in parser_interface.c
John Johansen
john.johansen at canonical.com
Thu Jan 22 18:16:22 UTC 2015
On 12/05/2014 04:22 PM, Tyler Hicks wrote:
> __sd_serialize_profile() had a duplicated implementation for writing to
> apparmorfs interface files after a profile compilation. This patch
> migrates it to the new aa_kernel_interface API.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: John Johansen <john.johansen at canonical.com>
> ---
> parser/parser_interface.c | 56 ++++++++++++++++++++++-------------------------
> 1 file changed, 26 insertions(+), 30 deletions(-)
>
> diff --git a/parser/parser_interface.c b/parser/parser_interface.c
> index 49c8748..fef26bf 100644
> --- a/parser/parser_interface.c
> +++ b/parser/parser_interface.c
> @@ -478,32 +478,31 @@ void sd_serialize_top_profile(std::ostringstream &buf, Profile *profile)
> int __sd_serialize_profile(int option, Profile *prof, int cache_fd)
> {
> autoclose int fd = -1;
> - int error = -ENOMEM, size, wsize;
> + int error, size, wsize;
> std::ostringstream work_area;
> - autofree char *filename = NULL;
>
> switch (option) {
> case OPTION_ADD:
> - if (asprintf(&filename, "%s/.load", subdomainbase) == -1)
> - goto exit;
> - if (kernel_load) fd = open(filename, O_WRONLY);
> - break;
> case OPTION_REPLACE:
> - if (asprintf(&filename, "%s/.replace", subdomainbase) == -1)
> - goto exit;
> - if (kernel_load) fd = open(filename, O_WRONLY);
> - break;
> case OPTION_REMOVE:
> - if (asprintf(&filename, "%s/.remove", subdomainbase) == -1)
> - goto exit;
> - if (kernel_load) fd = open(filename, O_WRONLY);
> break;
> case OPTION_STDOUT:
> - filename = strdup("stdout");
> fd = dup(1);
> + if (fd < 0) {
> + error = -errno;
> + PERROR(_("Unable to open stdout - %s\n"),
> + strerror(errno));
> + goto exit;
> + }
> break;
> case OPTION_OFILE:
> fd = dup(fileno(ofile));
> + if (fd < 0) {
> + error = -errno;
> + PERROR(_("Unable to open output file - %s\n"),
> + strerror(errno));
> + goto exit;
> + }
> break;
> default:
> error = -EINVAL;
> @@ -511,13 +510,6 @@ int __sd_serialize_profile(int option, Profile *prof, int cache_fd)
> break;
> }
>
> - if (fd < 0 && (kernel_load || option == OPTION_OFILE || option == OPTION_STDOUT)) {
> - PERROR(_("Unable to open %s - %s\n"), filename,
> - strerror(errno));
> - error = -errno;
> - goto exit;
> - }
> -
> error = 0;
>
> if (option == OPTION_REMOVE) {
> @@ -526,22 +518,26 @@ int __sd_serialize_profile(int option, Profile *prof, int cache_fd)
> error = -errno;
> }
> } else {
> + std::string tmp;
> +
> sd_serialize_top_profile(work_area, prof);
>
> + tmp = work_area.str();
> size = (long) work_area.tellp();
> - if (kernel_load || option == OPTION_STDOUT || option == OPTION_OFILE) {
> - std::string tmp = work_area.str();
> - wsize = write(fd, tmp.c_str(), size);
> - if (wsize < 0) {
> + if (kernel_load) {
> + if (option == OPTION_ADD &&
> + aa_kernel_interface_load_policy(tmp.c_str(), size) == -1) {
> + error = -errno;
> + } else if (option == OPTION_REPLACE &&
> + aa_kernel_interface_replace_policy(tmp.c_str(), size) == -1) {
> error = -errno;
> - } else if (wsize < size) {
> - PERROR(_("%s: Unable to write entire profile entry\n"),
> - progname);
> - error = -EIO;
> }
> + } else if ((option == OPTION_STDOUT || option == OPTION_OFILE) &&
> + aa_kernel_interface_write_policy(fd, tmp.c_str(), size) == -1) {
> + error = -errno;
> }
> +
> if (cache_fd != -1) {
> - std::string tmp = work_area.str();
> wsize = write(cache_fd, tmp.c_str(), size);
> if (wsize < 0) {
> error = -errno;
>
More information about the AppArmor
mailing list