[apparmor] [PATCH 31/31] libapparmor: Create a private API

Fri Jan 23 03:17:40 UTC 2015

On 2015-01-22 10:16:59, John Johansen wrote:
> On 12/05/2014 04:22 PM, Tyler Hicks wrote:
> > This patch creates a private API in libapparmor in which upstream
> > provides no guarantees in regards to ABI stability.
> > 
> > A new header file, <sys/apparmor_private.h>, is created. The "_aa"
> > prefix will be used for symbols belonging to the private API.
> > 
> > To kick things off, a library friendly version of is_blacklisted() is
> > moved into libapparmor.
> > 
> > The purpose of a private libapparmor API is to prevent duplicated code
> > between the parser and libapparmor. This becomes an issue as we prepare
> > to move chunks of the parser into libapparmor.
> > 
> > Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> Acked-by: John Johansen <john.johansen at canonical.com>

Thanks again!

> 
> though I agree with Christian that we are going to want a public version
> of the is_blacklisted() api. But that can come in another patch

I do this in the second patch set where I move everything into
libapparmor. It is exported as a "private" function named
_aa_is_blacklisted(). See the "libapparmor: Create a private API" patch
in the second patch set, if interested.

Tyler

> 
> 
> > ---
> >  libraries/libapparmor/include/sys/Makefile.am      |  2 +-
> >  .../libapparmor/include/sys/apparmor_private.h     | 26 +++++++++
> >  libraries/libapparmor/src/Makefile.am              |  2 +-
> >  libraries/libapparmor/src/libapparmor.map          |  7 +++
> >  libraries/libapparmor/src/private.c                | 66 ++++++++++++++++++++++
> >  parser/parser_misc.c                               | 50 ++--------------
> >  6 files changed, 107 insertions(+), 46 deletions(-)
> >  create mode 100644 libraries/libapparmor/include/sys/apparmor_private.h
> >  create mode 100644 libraries/libapparmor/src/private.c
> > 
> > diff --git a/libraries/libapparmor/include/sys/Makefile.am b/libraries/libapparmor/include/sys/Makefile.am
> > index 38efc3e..2c12780 100644
> > --- a/libraries/libapparmor/include/sys/Makefile.am
> > +++ b/libraries/libapparmor/include/sys/Makefile.am
> > @@ -1,3 +1,3 @@
> >  
> >  apparmor_hdrdir = $(includedir)/sys
> > -apparmor_hdr_HEADERS = apparmor.h
> > +apparmor_hdr_HEADERS = apparmor.h apparmor_private.h
> > diff --git a/libraries/libapparmor/include/sys/apparmor_private.h b/libraries/libapparmor/include/sys/apparmor_private.h
> > new file mode 100644
> > index 0000000..6138b2c
> > --- /dev/null
> > +++ b/libraries/libapparmor/include/sys/apparmor_private.h
> > @@ -0,0 +1,26 @@
> > +/*
> > + * Copyright 2014 Canonical Ltd.
> > + *
> > + * The libapparmor library is licensed under the terms of the GNU
> > + * Lesser General Public License, version 2.1. Please see the file
> > + * COPYING.LGPL.
> > + *
> > + * This library is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > + * GNU Lesser General Public License for more details.
> > + *
> > + * You should have received a copy of the GNU Lesser General Public License
> > + * along with this program.  If not, see <http://www.gnu.org/licenses/>.
> > + */
> > +
> > +#ifndef _SYS_APPARMOR_PRIVATE_H
> > +#define _SYS_APPARMOR_PRIVATE_H	1
> > +
> > +__BEGIN_DECLS
> > +
> > +int _aa_is_blacklisted(const char *name, const char *path);
> > +
> > +__END_DECLS
> > +
> > +#endif	/* sys/apparmor_private.h */
> > diff --git a/libraries/libapparmor/src/Makefile.am b/libraries/libapparmor/src/Makefile.am
> > index a234264..2a7f600 100644
> > --- a/libraries/libapparmor/src/Makefile.am
> > +++ b/libraries/libapparmor/src/Makefile.am
> > @@ -48,7 +48,7 @@ af_protos.h: /usr/include/netinet/in.h
> >  lib_LTLIBRARIES = libapparmor.la
> >  noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h
> >  
> > -libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c
> > +libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c private.c
> >  libapparmor_la_LDFLAGS = -version-info $(AA_LIB_CURRENT):$(AA_LIB_REVISION):$(AA_LIB_AGE) -XCClinker -dynamic -pthread \
> >  	-Wl,--version-script=$(top_srcdir)/src/libapparmor.map
> >  
> > diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map
> > index 67175d0..c7bc606 100644
> > --- a/libraries/libapparmor/src/libapparmor.map
> > +++ b/libraries/libapparmor/src/libapparmor.map
> > @@ -51,3 +51,10 @@ APPARMOR_2.9 {
> >    local:
> >  	*;
> >  } APPARMOR_1.1;
> > +
> > +PRIVATE {
> > +	global:
> > +		_aa_is_blacklisted;
> > +	local:
> > +		*;
> > +};
> > diff --git a/libraries/libapparmor/src/private.c b/libraries/libapparmor/src/private.c
> > new file mode 100644
> > index 0000000..f6f40b5
> > --- /dev/null
> > +++ b/libraries/libapparmor/src/private.c
> > @@ -0,0 +1,66 @@
> > +/*
> > + * Copyright 2014 Canonical Ltd.
> > + *
> > + * The libapparmor library is licensed under the terms of the GNU
> > + * Lesser General Public License, version 2.1. Please see the file
> > + * COPYING.LGPL.
> > + *
> > + * This library is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > + * GNU Lesser General Public License for more details.
> > + *
> > + * You should have received a copy of the GNU Lesser General Public License
> > + * along with this program.  If not, see <http://www.gnu.org/licenses/>.
> > + */
> > +
> > +#include <string.h>
> > +
> > +struct ignored_suffix_t {
> > +	const char * text;
> > +	int len;
> > +	int silent;
> > +};
> > +
> > +static struct ignored_suffix_t ignored_suffixes[] = {
> > +	/* Debian packging files, which are in flux during install
> > +           should be silently ignored. */
> > +	{ ".dpkg-new", 9, 1 },
> > +	{ ".dpkg-old", 9, 1 },
> > +	{ ".dpkg-dist", 10, 1 },
> > +	{ ".dpkg-bak", 9, 1 },
> > +	/* RPM packaging files have traditionally not been silently
> > +           ignored */
> > +	{ ".rpmnew", 7, 0 },
> > +	{ ".rpmsave", 8, 0 },
> > +	/* patch file backups/conflicts */
> > +	{ ".orig", 5, 0 },
> > +	{ ".rej", 4, 0 },
> > +	/* Backup files should be mentioned */
> > +	{ "~", 1, 0 },
> > +	{ NULL, 0, 0 }
> > +};
> > +
> > +int _aa_is_blacklisted(const char *name, const char *path)
> > +{
> > +	int name_len;
> > +	struct ignored_suffix_t *suffix;
> > +
> > +	/* skip dot files and files with no name */
> > +	if (*name == '.' || !strlen(name))
> > +		return 1;
> > +
> > +	name_len = strlen(name);
> > +	/* skip blacklisted suffixes */
> > +	for (suffix = ignored_suffixes; suffix->text; suffix++) {
> > +		char *found;
> > +		if ( (found = strstr((char *) name, suffix->text)) &&
> > +		     found - name + suffix->len == name_len ) {
> > +			if (!suffix->silent)
> > +				return -1;
> > +			return 1;
> > +		}
> > +	}
> > +
> > +	return 0;
> > +}
> > diff --git a/parser/parser_misc.c b/parser/parser_misc.c
> > index 97a2103..cb46d84 100644
> > --- a/parser/parser_misc.c
> > +++ b/parser/parser_misc.c
> > @@ -32,6 +32,7 @@
> >  #include <fcntl.h>
> >  #include <unistd.h>
> >  #include <sys/apparmor.h>
> > +#include <sys/apparmor_private.h>
> >  
> >  #include "lib.h"
> >  #include "parser.h"
> > @@ -50,53 +51,14 @@
> >  #endif
> >  #define NPDEBUG(fmt, args...)	/* Do nothing */
> >  
> > -struct ignored_suffix_t {
> > -	const char * text;
> > -	int len;
> > -	int silent;
> > -};
> > -
> > -static struct ignored_suffix_t ignored_suffixes[] = {
> > -	/* Debian packging files, which are in flux during install
> > -           should be silently ignored. */
> > -	{ ".dpkg-new", 9, 1 },
> > -	{ ".dpkg-old", 9, 1 },
> > -	{ ".dpkg-dist", 10, 1 },
> > -	{ ".dpkg-bak", 9, 1 },
> > -	/* RPM packaging files have traditionally not been silently
> > -           ignored */
> > -	{ ".rpmnew", 7, 0 },
> > -	{ ".rpmsave", 8, 0 },
> > -	/* patch file backups/conflicts */
> > -	{ ".orig", 5, 0 },
> > -	{ ".rej", 4, 0 },
> > -	/* Backup files should be mentioned */
> > -	{ "~", 1, 0 },
> > -	{ NULL, 0, 0 }
> > -};
> > -
> >  int is_blacklisted(const char *name, const char *path)
> >  {
> > -	int name_len;
> > -	struct ignored_suffix_t *suffix;
> > -
> > -	/* skip dot files and files with no name */
> > -	if (*name == '.' || !strlen(name))
> > -		return 1;
> > -
> > -	name_len = strlen(name);
> > -	/* skip blacklisted suffixes */
> > -	for (suffix = ignored_suffixes; suffix->text; suffix++) {
> > -		char *found;
> > -		if ( (found = strstr((char *) name, suffix->text)) &&
> > -		     found - name + suffix->len == name_len ) {
> > -			if (!suffix->silent)
> > -				PERROR("Ignoring: '%s'\n", path ? path : name);
> > -			return 1;
> > -		}
> > -	}
> > +	int retval = _aa_is_blacklisted(name, path);
> > +
> > +	if (retval == -1)
> > +		PERROR("Ignoring: '%s'\n", path ? path : name);
> >  
> > -	return 0;
> > +	return !retval ? 0 : 1;
> >  }
> >  
> >  struct keyword_table {
> > 
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150122/26a941d0/attachment-0001.pgp>