[apparmor] [PATCH 2/2] libapparmor: Make swig aware of the new public libapparmor functions

Tyler Hicks tyhicks at canonical.com
Mon Jun 15 15:47:16 UTC 2015 

On 2015-06-13 12:00:52, John Johansen wrote:
> On 06/13/2015 10:48 AM, Tyler Hicks wrote:
> > Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> Acked-by: John Johansen <john.johansen at canonical.com>

After giving it more thought, I'd like to withdraw this patch from
consideration for two reasons:

1) It breaks the Python wrapper build. Shame on me for not even build
   testing that before sending this patch.

   The build breaks because we have a snippet in libapparmor.i that
   injects some code into all wrapper functions to set an exception from
   the errno if 'result' is less than 0. That's a problem for some of
   the void return type functions that are exported with this change
   because their wrapper functions don't have the 'result' variable
   declared.

2) More thought should go into wrapping the aa_*_new() functions and
   aa_*_unref() functions. They should be considered as
   constructors/destructors in the languages that we provide bindings
   for instead of having, for example, Python code that explicitly calls
   those functions.

There is one valid hunk in this patch, though. It is the hunk that adds
aa_spitcon() to the libapparmor.i file. I plan on keeping John's ack and
reducing this patch to only include that one hunk and then pushing that
to trunk. Let me know if that's ok, John.

Tyler

> 
> > ---
> >  libraries/libapparmor/swig/SWIG/libapparmor.i | 49 +++++++++++++++++++++++++++
> >  1 file changed, 49 insertions(+)
> > 
> > diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i
> > index 98f984f..d306271 100644
> > --- a/libraries/libapparmor/swig/SWIG/libapparmor.i
> > +++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
> > @@ -30,6 +30,7 @@ extern int aa_change_profile(const char *profile);
> >  extern int aa_change_onexec(const char *profile);
> >  extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
> >  extern int aa_change_hat_vargs(unsigned long token, int count, ...);
> > +extern char *aa_splitcon(char *con, char **mode);
> >  extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
> >  			      char **mode);
> >  extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char **mode);
> > @@ -51,4 +52,52 @@ extern int aa_query_link_path_len(const char *label, size_t label_len,
> >  extern int aa_query_link_path(const char *label, const char *target,
> >  			      const char *link, int *allowed, int *audited);
> >  
> > +extern int aa_features_new(aa_features **features, int dirfd, const char *path);
> > +extern int aa_features_new_from_string(aa_features **features,
> > +				       const char *string, size_t size);
> > +extern int aa_features_new_from_kernel(aa_features **features);
> > +extern aa_features *aa_features_ref(aa_features *features);
> > +extern void aa_features_unref(aa_features *features);
> > +
> > +extern int aa_features_write_to_file(aa_features *features,
> > +				     int dirfd, const char *path);
> > +extern bool aa_features_is_equal(aa_features *features1,
> > +				 aa_features *features2);
> > +extern bool aa_features_supports(aa_features *features, const char *str);
> > +
> > +extern int aa_kernel_interface_new(aa_kernel_interface **kernel_interface,
> > +			    aa_features *kernel_features,
> > +			    const char *apparmorfs);
> > +extern aa_kernel_interface *aa_kernel_interface_ref(aa_kernel_interface *kernel_interface);
> > +extern void aa_kernel_interface_unref(aa_kernel_interface *kernel_interface);
> > +
> > +extern int aa_kernel_interface_load_policy(aa_kernel_interface *kernel_interface,
> > +					   const char *buffer, size_t size);
> > +extern int aa_kernel_interface_load_policy_from_file(aa_kernel_interface *kernel_interface,
> > +						     int dirfd,
> > +						     const char *path);
> > +extern int aa_kernel_interface_load_policy_from_fd(aa_kernel_interface *kernel_interface,
> > +						   int fd);
> > +extern int aa_kernel_interface_replace_policy(aa_kernel_interface *kernel_interface,
> > +					      const char *buffer, size_t size);
> > +extern int aa_kernel_interface_replace_policy_from_file(aa_kernel_interface *kernel_interface,
> > +							int dirfd,
> > +							const char *path);
> > +extern int aa_kernel_interface_replace_policy_from_fd(aa_kernel_interface *kernel_interface,
> > +						      int fd);
> > +extern int aa_kernel_interface_remove_policy(aa_kernel_interface *kernel_interface,
> > +					     const char *fqname);
> > +extern int aa_kernel_interface_write_policy(int fd, const char *buffer,
> > +					    size_t size);
> > +
> > +extern int aa_policy_cache_new(aa_policy_cache **policy_cache,
> > +			       aa_features *kernel_features,
> > +			       int dirfd, const char *path,
> > +			       uint16_t max_caches);
> > +extern aa_policy_cache *aa_policy_cache_ref(aa_policy_cache *policy_cache);
> > +extern void aa_policy_cache_unref(aa_policy_cache *policy_cache);
> > +
> > +extern int aa_policy_cache_remove(int dirfd, const char *path);
> > +extern int aa_policy_cache_replace_all(aa_policy_cache *policy_cache,
> > +				       aa_kernel_interface *kernel_interface);
> >  %exception;
> > 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150615/f11630ea/attachment.pgp>

More information about the AppArmor mailing list