[apparmor] [PATCH 31/31] libapparmor: Create a private API
Tyler Hicks
tyhicks at canonical.com
Fri Jan 23 03:17:40 UTC 2015
On 2015-01-22 10:16:59, John Johansen wrote:
> On 12/05/2014 04:22 PM, Tyler Hicks wrote:
> > This patch creates a private API in libapparmor in which upstream
> > provides no guarantees in regards to ABI stability.
> >
> > A new header file, <sys/apparmor_private.h>, is created. The "_aa"
> > prefix will be used for symbols belonging to the private API.
> >
> > To kick things off, a library friendly version of is_blacklisted() is
> > moved into libapparmor.
> >
> > The purpose of a private libapparmor API is to prevent duplicated code
> > between the parser and libapparmor. This becomes an issue as we prepare
> > to move chunks of the parser into libapparmor.
> >
> > Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> Acked-by: John Johansen <john.johansen at canonical.com>
Thanks again!
>
> though I agree with Christian that we are going to want a public version
> of the is_blacklisted() api. But that can come in another patch
I do this in the second patch set where I move everything into
libapparmor. It is exported as a "private" function named
_aa_is_blacklisted(). See the "libapparmor: Create a private API" patch
in the second patch set, if interested.
Tyler
>
>
> > ---
> > libraries/libapparmor/include/sys/Makefile.am | 2 +-
> > .../libapparmor/include/sys/apparmor_private.h | 26 +++++++++
> > libraries/libapparmor/src/Makefile.am | 2 +-
> > libraries/libapparmor/src/libapparmor.map | 7 +++
> > libraries/libapparmor/src/private.c | 66 ++++++++++++++++++++++
> > parser/parser_misc.c | 50 ++--------------
> > 6 files changed, 107 insertions(+), 46 deletions(-)
> > create mode 100644 libraries/libapparmor/include/sys/apparmor_private.h
> > create mode 100644 libraries/libapparmor/src/private.c
> >
> > diff --git a/libraries/libapparmor/include/sys/Makefile.am b/libraries/libapparmor/include/sys/Makefile.am
> > index 38efc3e..2c12780 100644
> > --- a/libraries/libapparmor/include/sys/Makefile.am
> > +++ b/libraries/libapparmor/include/sys/Makefile.am
> > @@ -1,3 +1,3 @@
> >
> > apparmor_hdrdir = $(includedir)/sys
> > -apparmor_hdr_HEADERS = apparmor.h
> > +apparmor_hdr_HEADERS = apparmor.h apparmor_private.h
> > diff --git a/libraries/libapparmor/include/sys/apparmor_private.h b/libraries/libapparmor/include/sys/apparmor_private.h
> > new file mode 100644
> > index 0000000..6138b2c
> > --- /dev/null
> > +++ b/libraries/libapparmor/include/sys/apparmor_private.h
> > @@ -0,0 +1,26 @@
> > +/*
> > + * Copyright 2014 Canonical Ltd.
> > + *
> > + * The libapparmor library is licensed under the terms of the GNU
> > + * Lesser General Public License, version 2.1. Please see the file
> > + * COPYING.LGPL.
> > + *
> > + * This library is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> > + * GNU Lesser General Public License for more details.
> > + *
> > + * You should have received a copy of the GNU Lesser General Public License
> > + * along with this program. If not, see <http://www.gnu.org/licenses/>.
> > + */
> > +
> > +#ifndef _SYS_APPARMOR_PRIVATE_H
> > +#define _SYS_APPARMOR_PRIVATE_H 1
> > +
> > +__BEGIN_DECLS
> > +
> > +int _aa_is_blacklisted(const char *name, const char *path);
> > +
> > +__END_DECLS
> > +
> > +#endif /* sys/apparmor_private.h */
> > diff --git a/libraries/libapparmor/src/Makefile.am b/libraries/libapparmor/src/Makefile.am
> > index a234264..2a7f600 100644
> > --- a/libraries/libapparmor/src/Makefile.am
> > +++ b/libraries/libapparmor/src/Makefile.am
> > @@ -48,7 +48,7 @@ af_protos.h: /usr/include/netinet/in.h
> > lib_LTLIBRARIES = libapparmor.la
> > noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h
> >
> > -libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c
> > +libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c private.c
> > libapparmor_la_LDFLAGS = -version-info $(AA_LIB_CURRENT):$(AA_LIB_REVISION):$(AA_LIB_AGE) -XCClinker -dynamic -pthread \
> > -Wl,--version-script=$(top_srcdir)/src/libapparmor.map
> >
> > diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map
> > index 67175d0..c7bc606 100644
> > --- a/libraries/libapparmor/src/libapparmor.map
> > +++ b/libraries/libapparmor/src/libapparmor.map
> > @@ -51,3 +51,10 @@ APPARMOR_2.9 {
> > local:
> > *;
> > } APPARMOR_1.1;
> > +
> > +PRIVATE {
> > + global:
> > + _aa_is_blacklisted;
> > + local:
> > + *;
> > +};
> > diff --git a/libraries/libapparmor/src/private.c b/libraries/libapparmor/src/private.c
> > new file mode 100644
> > index 0000000..f6f40b5
> > --- /dev/null
> > +++ b/libraries/libapparmor/src/private.c
> > @@ -0,0 +1,66 @@
> > +/*
> > + * Copyright 2014 Canonical Ltd.
> > + *
> > + * The libapparmor library is licensed under the terms of the GNU
> > + * Lesser General Public License, version 2.1. Please see the file
> > + * COPYING.LGPL.
> > + *
> > + * This library is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> > + * GNU Lesser General Public License for more details.
> > + *
> > + * You should have received a copy of the GNU Lesser General Public License
> > + * along with this program. If not, see <http://www.gnu.org/licenses/>.
> > + */
> > +
> > +#include <string.h>
> > +
> > +struct ignored_suffix_t {
> > + const char * text;
> > + int len;
> > + int silent;
> > +};
> > +
> > +static struct ignored_suffix_t ignored_suffixes[] = {
> > + /* Debian packging files, which are in flux during install
> > + should be silently ignored. */
> > + { ".dpkg-new", 9, 1 },
> > + { ".dpkg-old", 9, 1 },
> > + { ".dpkg-dist", 10, 1 },
> > + { ".dpkg-bak", 9, 1 },
> > + /* RPM packaging files have traditionally not been silently
> > + ignored */
> > + { ".rpmnew", 7, 0 },
> > + { ".rpmsave", 8, 0 },
> > + /* patch file backups/conflicts */
> > + { ".orig", 5, 0 },
> > + { ".rej", 4, 0 },
> > + /* Backup files should be mentioned */
> > + { "~", 1, 0 },
> > + { NULL, 0, 0 }
> > +};
> > +
> > +int _aa_is_blacklisted(const char *name, const char *path)
> > +{
> > + int name_len;
> > + struct ignored_suffix_t *suffix;
> > +
> > + /* skip dot files and files with no name */
> > + if (*name == '.' || !strlen(name))
> > + return 1;
> > +
> > + name_len = strlen(name);
> > + /* skip blacklisted suffixes */
> > + for (suffix = ignored_suffixes; suffix->text; suffix++) {
> > + char *found;
> > + if ( (found = strstr((char *) name, suffix->text)) &&
> > + found - name + suffix->len == name_len ) {
> > + if (!suffix->silent)
> > + return -1;
> > + return 1;
> > + }
> > + }
> > +
> > + return 0;
> > +}
> > diff --git a/parser/parser_misc.c b/parser/parser_misc.c
> > index 97a2103..cb46d84 100644
> > --- a/parser/parser_misc.c
> > +++ b/parser/parser_misc.c
> > @@ -32,6 +32,7 @@
> > #include <fcntl.h>
> > #include <unistd.h>
> > #include <sys/apparmor.h>
> > +#include <sys/apparmor_private.h>
> >
> > #include "lib.h"
> > #include "parser.h"
> > @@ -50,53 +51,14 @@
> > #endif
> > #define NPDEBUG(fmt, args...) /* Do nothing */
> >
> > -struct ignored_suffix_t {
> > - const char * text;
> > - int len;
> > - int silent;
> > -};
> > -
> > -static struct ignored_suffix_t ignored_suffixes[] = {
> > - /* Debian packging files, which are in flux during install
> > - should be silently ignored. */
> > - { ".dpkg-new", 9, 1 },
> > - { ".dpkg-old", 9, 1 },
> > - { ".dpkg-dist", 10, 1 },
> > - { ".dpkg-bak", 9, 1 },
> > - /* RPM packaging files have traditionally not been silently
> > - ignored */
> > - { ".rpmnew", 7, 0 },
> > - { ".rpmsave", 8, 0 },
> > - /* patch file backups/conflicts */
> > - { ".orig", 5, 0 },
> > - { ".rej", 4, 0 },
> > - /* Backup files should be mentioned */
> > - { "~", 1, 0 },
> > - { NULL, 0, 0 }
> > -};
> > -
> > int is_blacklisted(const char *name, const char *path)
> > {
> > - int name_len;
> > - struct ignored_suffix_t *suffix;
> > -
> > - /* skip dot files and files with no name */
> > - if (*name == '.' || !strlen(name))
> > - return 1;
> > -
> > - name_len = strlen(name);
> > - /* skip blacklisted suffixes */
> > - for (suffix = ignored_suffixes; suffix->text; suffix++) {
> > - char *found;
> > - if ( (found = strstr((char *) name, suffix->text)) &&
> > - found - name + suffix->len == name_len ) {
> > - if (!suffix->silent)
> > - PERROR("Ignoring: '%s'\n", path ? path : name);
> > - return 1;
> > - }
> > - }
> > + int retval = _aa_is_blacklisted(name, path);
> > +
> > + if (retval == -1)
> > + PERROR("Ignoring: '%s'\n", path ? path : name);
> >
> > - return 0;
> > + return !retval ? 0 : 1;
> > }
> >
> > struct keyword_table {
> >
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150122/26a941d0/attachment-0001.pgp>
More information about the AppArmor
mailing list