[apparmor] [PATCH 02/14] add helper fn to query file path permissions

Tyler Hicks tyhicks at canonical.com
Thu Jun 4 14:00:09 UTC 2015


On 2015-06-04 03:56:31, John Johansen wrote:
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
>  libraries/libapparmor/doc/aa_query_label.pod  | 16 ++++++++
>  libraries/libapparmor/include/sys/apparmor.h  | 28 +++++++++++++-
>  libraries/libapparmor/src/kernel.c            | 56 +++++++++++++++++++++++++++
>  libraries/libapparmor/src/libapparmor.map     |  2 +
>  libraries/libapparmor/swig/SWIG/libapparmor.i |  5 +++
>  5 files changed, 106 insertions(+), 1 deletion(-)
> 
> diff --git a/libraries/libapparmor/doc/aa_query_label.pod b/libraries/libapparmor/doc/aa_query_label.pod
> index 3bba71b..002a106 100644
> --- a/libraries/libapparmor/doc/aa_query_label.pod
> +++ b/libraries/libapparmor/doc/aa_query_label.pod
> @@ -31,6 +31,14 @@ B<#include E<lt>sys/apparmor.hE<gt>>
>  B<int aa_query_label((uint32_t mask, char *query, size_t size,
>  		int *allowed, int *audited);>
>  
> +B<int aa_query_file_path((uint32_t mask, const char *label, size_t label_len,
> +		const char *path, int *allowed, int *audited);>
> +
> +B<int aa_query_file_path_len((uint32_t mask, const char *label,
> +		size_t label_len, const char *path, size_t n,

The actual function prototype uses path_len instead of n. I think
path_len is more clear so it is probably what should be used in the man
page, too.

> +		int *allowed, int *audited);>
> +
> +
>  Link with B<-lapparmor> when compiling.
>  
>  =head1 DESCRIPTION
> @@ -52,6 +60,14 @@ of directly using I<aa_query_label>. If directly using the interface the
>  I<query> string is required to have a header of B<AA_QUERY_CMD_LABEL_SIZE>
>  that will be used by I<aa_query_label>.
>  
> +The B<aa_query_file_path> and B<aa_query_file_path_len> functions are helper
> +function that assemble a properly formatted file path query for the
> +B<aa_query_label> function. The I<label> is a valid apparmor label as
> +returned by I<aa_splitcon> with I<label_len> being the lenght of the I<label>.

Should be "length" above

> +The I<path> is any valid filesystem path to query permissions for. For the
> +B<aa_query_file_path_len> variant the I<n> parameter specifies the number of
> +bytes in the I<path> to use as part of the query.

Change n to path_len in the above paragraph, too.

With those changes,

Acked-by: Tyler Hicks <tyhicks at canonical.com>

Tyler

> +
>  =head1 RETURN VALUE
>  
>  On success 0 is returned, and the I<allowed> and I<audited> parameters
> diff --git a/libraries/libapparmor/include/sys/apparmor.h b/libraries/libapparmor/include/sys/apparmor.h
> index a7f9098..43f9549 100644
> --- a/libraries/libapparmor/include/sys/apparmor.h
> +++ b/libraries/libapparmor/include/sys/apparmor.h
> @@ -27,10 +27,31 @@ __BEGIN_DECLS
>  /*
>   * Class of public mediation types in the AppArmor policy db
>   */
> -
> +#define AA_CLASS_FILE		2
>  #define AA_CLASS_DBUS		32
>  
>  
> +/* Permission flags for the AA_CLASS_FILE mediation class */
> +#define AA_MAY_EXEC			(1 << 0)
> +#define AA_MAY_WRITE			(1 << 1)
> +#define AA_MAY_READ			(1 << 2)
> +#define AA_MAY_APPEND			(1 << 3)
> +#define AA_MAY_CREATE			(1 << 4)
> +#define AA_MAY_DELETE			(1 << 5)
> +#define AA_MAY_OPEN			(1 << 6)
> +#define AA_MAY_RENAME			(1 << 7)
> +#define AA_MAY_SETATTR			(1 << 8)
> +#define AA_MAY_GETATTR			(1 << 9)
> +#define AA_MAY_SETCRED			(1 << 10)
> +#define AA_MAY_GETCRED			(1 << 11)
> +#define AA_MAY_CHMOD			(1 << 12)
> +#define AA_MAY_CHOWN			(1 << 13)
> +#define AA_MAY_LOCK			0x8000
> +#define AA_EXEC_MMAP			0x10000
> +#define AA_MAY_LINK			0x40000
> +#define AA_MAY_ONEXEC			0x20000000
> +#define AA_MAY_CHANGE_PROFILE		0x40000000
> +
>  /* Permission flags for the AA_CLASS_DBUS mediation class */
>  #define AA_DBUS_SEND			(1 << 1)
>  #define AA_DBUS_RECEIVE		 	(1 << 2)
> @@ -80,6 +101,11 @@ extern int aa_getpeercon(int fd, char **label, char **mode);
>  
>  extern int aa_query_label(uint32_t mask, char *query, size_t size, int *allow,
>  			  int *audit);
> +extern int aa_query_file_path_len(uint32_t mask, const char *label,
> +				  size_t label_len, const char *path,
> +				  size_t path_len, int *allowed, int *audited);
> +extern int aa_query_file_path(uint32_t mask, const char *label,
> +			      const char *path, int *allowed, int *audited);
>  
>  #define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y)
>  #define __macroarg_count1(Y...) __macroarg_count2 (Y, 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0)
> diff --git a/libraries/libapparmor/src/kernel.c b/libraries/libapparmor/src/kernel.c
> index 07bc9b4..50bc062 100644
> --- a/libraries/libapparmor/src/kernel.c
> +++ b/libraries/libapparmor/src/kernel.c
> @@ -32,6 +32,7 @@
>  #include <pthread.h>
>  
>  #include <sys/apparmor.h>
> +#include "private.h"
>  
>  /* some non-Linux systems do not define a static value */
>  #ifndef PATH_MAX
> @@ -849,3 +850,58 @@ int query_label(uint32_t mask, char *query, size_t size, int *allowed,
>  extern typeof((query_label)) __aa_query_label __attribute__((alias ("query_label")));
>  symbol_version(__aa_query_label, aa_query_label, APPARMOR_1.1);
>  default_symbol_version(query_label, aa_query_label, APPARMOR_2.9);
> +
> +
> +/**
> + * aa_query_file_path_len - query access permissions for a file @path
> + * @mask: permission bits to query
> + * @label: apparmor label
> + * @label_len: length of @label (does not include any terminating nul byte)
> + * @path: file path to query permissions for
> + * @path_len: length of @path (does not include any terminating nul byte)
> + * @allowed: upon successful return, will be 1 if query is allowed and 0 if not
> + * @audited: upon successful return, will be 1 if query should be audited and 0
> + *           if not
> + *
> + * Returns: 0 on success else -1 and sets errno. If -1 is returned and errno is
> + *          ENOENT, the subject label in the query string is unknown to the
> + *          kernel.
> + */
> +int aa_query_file_path_len(uint32_t mask, const char *label, size_t label_len,
> +			   const char *path, size_t path_len, int *allowed,
> +			   int *audited)
> +{
> +	autofree char *query = NULL;
> +
> +	/* + 1 for null separator */
> +	size_t size = AA_QUERY_CMD_LABEL_SIZE + label_len + 1 + path_len;
> +	query = malloc(size + 1);
> +	if (!query)
> +		return -1;
> +	memcpy(query + AA_QUERY_CMD_LABEL_SIZE, label, label_len);
> +	/* null separator */
> +	query[AA_QUERY_CMD_LABEL_SIZE + label_len] = 0;
> +	query[AA_QUERY_CMD_LABEL_SIZE + label_len + 1] = AA_CLASS_FILE;
> +	memcpy(query + AA_QUERY_CMD_LABEL_SIZE + label_len + 2, path, path_len);
> +	return aa_query_label(mask, query, size , allowed, audited);
> +}
> +
> +/**
> + * aa_query_file_path - query access permissions for a file @path
> + * @mask: permission bits to query
> + * @label: apparmor label
> + * @path: file path to query permissions for
> + * @allowed: upon successful return, will be 1 if query is allowed and 0 if not
> + * @audited: upon successful return, will be 1 if query should be audited and 0
> + *           if not
> + *
> + * Returns: 0 on success else -1 and sets errno. If -1 is returned and errno is
> + *          ENOENT, the subject label in the query string is unknown to the
> + *          kernel.
> + */
> +int aa_query_file_path(uint32_t mask, const char *label, const char *path,
> +		       int *allowed, int *audited)
> +{
> +	return aa_query_file_path_len(mask, label, strlen(label), path,
> +				      strlen(path), allowed, audited);
> +}
> diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map
> index 28f245f..8a3c60b 100644
> --- a/libraries/libapparmor/src/libapparmor.map
> +++ b/libraries/libapparmor/src/libapparmor.map
> @@ -54,6 +54,8 @@ APPARMOR_2.9 {
>  
>  APPARMOR_2.10 {
>    global:
> +        aa_query_file_path;
> +        aa_query_file_path_len;
>          aa_features_new;
>          aa_features_new_from_string;
>          aa_features_new_from_kernel;
> diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i
> index 6bae3f6..c98cca8 100644
> --- a/libraries/libapparmor/swig/SWIG/libapparmor.i
> +++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
> @@ -39,5 +39,10 @@ extern int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode);
>  extern int aa_getpeercon(int fd, char **label, char **mode);
>  extern int aa_query_label(uint32_t mask, char *query, size_t size, int *allow,
>  			  int *audit);
> +extern int aa_query_file_path_len(uint32_t mask, const char *label,
> +				  size_t label_len, const char *path,
> +				  size_t path_len, int *allowed, int *audited);
> +extern int aa_query_file_path(uint32_t mask, const char *label,
> +			      const char *path, int *allowed, int *audited);
>  
>  %exception;
> -- 
> 2.1.4
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150604/fc7d533f/attachment.pgp>


More information about the AppArmor mailing list