[apparmor] [PATCH 03/14] add query helper for link permissions

Tyler Hicks tyhicks at canonical.com
Fri Jun 5 13:36:10 UTC 2015


On 2015-06-05 01:17:36, John Johansen wrote:
> slightly revised version of the patch. It just comments out the first
> query and adds a comment around what is going on.
> 
> ---
> 
> commit 4321e8ffc9c63bbb1483e5aca32d865adab06623
> Author: John Johansen <john.johansen at canonical.com>
> Date:   Tue Jun 2 03:24:38 2015 -0700
> 
>     add query helper for link permissions
>     
>     Signed-off-by: John Johansen <john.johansen at canonical.com>

I typically despise commented out code but I think it makes sense in
this case. Thanks for clearing up my confusion around the double query.

Acked-by: Tyler Hicks <tyhicks at canonical.com>

Tyler

> 
> diff --git a/libraries/libapparmor/doc/aa_query_label.pod b/libraries/libapparmor/doc/aa_query_label.pod
> index 613e9d0..3e943a7 100644
> --- a/libraries/libapparmor/doc/aa_query_label.pod
> +++ b/libraries/libapparmor/doc/aa_query_label.pod
> @@ -38,6 +38,14 @@ B<int aa_query_file_path_len((uint32_t mask, const char *label,
>  		size_t label_len, const char *path, size_t path_len,
>  		int *allowed, int *audited);>
>  
> +B<int aa_query_link_path_len(const char *label, size_t label_len,
> +			     const char *target, size_t target_len,
> +			     const char *link, size_t link_len,
> +			     int *allowed, int *audited);>
> +
> +B<int aa_query_link_path(const char *label, const char *target,
> +			 const char *link, int *allowed, int *audited);>
> +
>  
>  Link with B<-lapparmor> when compiling.
>  
> @@ -68,6 +76,12 @@ The I<path> is any valid filesystem path to query permissions for. For the
>  B<aa_query_file_path_len> variant the I<path_len> parameter specifies the
>  number of bytes in the I<path> to use as part of the query.
>  
> +The B<aa_query_link_path> and B<aa_query_link_path_len> functions are helper
> +functions that assemble a properly formatted link path query for the
> +B<aa_query_label> function. The I<link_len> and I<target_len> parameters
> +specify the number of bytes in the I<link> and I<target> to use as part of
> +the query.
> +
>  =head1 RETURN VALUE
>  
>  On success 0 is returned, and the I<allowed> and I<audited> parameters
> diff --git a/libraries/libapparmor/include/sys/apparmor.h b/libraries/libapparmor/include/sys/apparmor.h
> index 43f9549..5a920ad 100644
> --- a/libraries/libapparmor/include/sys/apparmor.h
> +++ b/libraries/libapparmor/include/sys/apparmor.h
> @@ -106,6 +106,12 @@ extern int aa_query_file_path_len(uint32_t mask, const char *label,
>  				  size_t path_len, int *allowed, int *audited);
>  extern int aa_query_file_path(uint32_t mask, const char *label,
>  			      const char *path, int *allowed, int *audited);
> +extern int aa_query_link_path_len(const char *label, size_t label_len,
> +				  const char *target, size_t target_len,
> +				  const char *link, size_t link_len,
> +				  int *allowed, int *audited);
> +extern int aa_query_link_path(const char *label, const char *target,
> +			      const char *link, int *allowed, int *audited);
>  
>  #define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y)
>  #define __macroarg_count1(Y...) __macroarg_count2 (Y, 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0)
> diff --git a/libraries/libapparmor/src/kernel.c b/libraries/libapparmor/src/kernel.c
> index 50bc062..a3f8efa 100644
> --- a/libraries/libapparmor/src/kernel.c
> +++ b/libraries/libapparmor/src/kernel.c
> @@ -905,3 +905,78 @@ int aa_query_file_path(uint32_t mask, const char *label, const char *path,
>  	return aa_query_file_path_len(mask, label, strlen(label), path,
>  				      strlen(path), allowed, audited);
>  }
> +
> +/**
> + * aa_query_link_path_len - query access permissions for a hard link @link
> + * @label: apparmor label
> + * @label_len: length of @label (does not include any terminating nul byte)
> + * @target: file path that hard link will point to
> + * @target_len: length of @target (does not include any terminating nul byte)
> + * @link: file path of hard link
> + * @link_len: length of @link (does not include any terminating nul byte)
> + * @allowed: upon successful return, will be 1 if query is allowed and 0 if not
> + * @audited: upon successful return, will be 1 if query should be audited and 0
> + *           if not
> + *
> + * Returns: 0 on success else -1 and sets errno. If -1 is returned and errno is
> + *          ENOENT, the subject label in the query string is unknown to the
> + *          kernel.
> + */
> +int aa_query_link_path_len(const char *label, size_t label_len,
> +			   const char *target, size_t target_len,
> +			   const char *link, size_t link_len,
> +			   int *allowed, int *audited)
> +{
> +	autofree char *query = NULL;
> +	int rc;
> +
> +	/* + 1 for null separators */
> +	size_t size = AA_QUERY_CMD_LABEL_SIZE + label_len + 1 + target_len +
> +		1 + link_len;
> +	size_t pos = AA_QUERY_CMD_LABEL_SIZE;
> +
> +	query = malloc(size);
> +	if (!query)
> +		return -1;
> +	memcpy(query + pos, label, label_len);
> +	/* null separator */
> +	pos += label_len;
> +	query[pos] = 0;
> +	query[++pos] = AA_CLASS_FILE;
> +	memcpy(query + pos + 1, link, link_len);
> +	/* The kernel does the query in two parts we could similate this
> +	 * doing the following, however as long as policy is compiled
> +	 * correctly this isn't requied, and it requires and extra round
> +	 * trip to the kernel and adds a race on policy replacement between
> +	 * the two queries.
> +	 *
> +	rc = aa_query_label(AA_MAY_LINK, query, size, allowed, audited);
> +	if (rc || !*allowed)
> +		return rc;
> +	*/
> +	pos += 1 + link_len;
> +	query[pos] = 0;
> +	memcpy(query + pos + 1, target, target_len);
> +	return aa_query_label(AA_MAY_LINK, query, size, allowed, audited);
> +}
> +
> +/**
> + * aa_query_link_path - query access permissions for a hard link @link
> + * @label: apparmor label
> + * @target: file path that hard link will point to
> + * @link: file path of hard link
> + * @allowed: upon successful return, will be 1 if query is allowed and 0 if not
> + * @audited: upon successful return, will be 1 if query should be audited and 0
> + *           if not
> + *
> + * Returns: 0 on success else -1 and sets errno. If -1 is returned and errno is
> + *          ENOENT, the subject label in the query string is unknown to the
> + *          kernel.
> + */
> +int aa_query_link_path(const char *label, const char *target, const char *link,
> +		       int *allowed, int *audited)
> +{
> +	return aa_query_link_path_len(label, strlen(label), target,
> +				      strlen(target), link, strlen(link),
> +				      allowed, audited);
> +}
> diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map
> index 8a3c60b..d93acf6 100644
> --- a/libraries/libapparmor/src/libapparmor.map
> +++ b/libraries/libapparmor/src/libapparmor.map
> @@ -56,6 +56,8 @@ APPARMOR_2.10 {
>    global:
>          aa_query_file_path;
>          aa_query_file_path_len;
> +        aa_query_link_path;
> +        aa_query_link_path_len;
>          aa_features_new;
>          aa_features_new_from_string;
>          aa_features_new_from_kernel;
> diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i
> index c98cca8..98f984f 100644
> --- a/libraries/libapparmor/swig/SWIG/libapparmor.i
> +++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
> @@ -44,5 +44,11 @@ extern int aa_query_file_path_len(uint32_t mask, const char *label,
>  				  size_t path_len, int *allowed, int *audited);
>  extern int aa_query_file_path(uint32_t mask, const char *label,
>  			      const char *path, int *allowed, int *audited);
> +extern int aa_query_link_path_len(const char *label, size_t label_len,
> +				  const char *target, size_t target_len,
> +				  const char *link, size_t link_len,
> +				  int *allowed, int *audited);
> +extern int aa_query_link_path(const char *label, const char *target,
> +			      const char *link, int *allowed, int *audited);
>  
>  %exception;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150605/f506bebe/attachment.pgp>


More information about the AppArmor mailing list