[apparmor] [PATCH 6/4] libapparmor: Don't apply special SWIG %exception to some functions

Tyler Hicks tyhicks at canonical.com
Tue Jun 16 18:31:36 UTC 2015 

Only use the special %exception directive for functions that return a
negative int and set errno upon error.

This prevents, for example, _aa_is_blacklisted() from raising an
exception when it returns -1. This is important because it doesn't set
errno so an exception based on the value of errno would be
unpredictable.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
 libraries/libapparmor/swig/SWIG/libapparmor.i | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i
index b06bdde..69b4cc2 100644
--- a/libraries/libapparmor/swig/SWIG/libapparmor.i
+++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
@@ -10,6 +10,23 @@
 %include "typemaps.i"
 %include <aalogparse.h>
 
+/**
+ * swig doesn't like the macro magic we do in apparmor.h and apparmor_private.h
+ * so the function prototypes must be manually inserted.
+ *
+ * Functions that return a negative int and set errno upon error use a special
+ * %exception directive and must be listed after the %exception below. All
+ * other functions go here.
+ */
+
+/* apparmor.h */
+
+extern char *aa_splitcon(char *con, char **mode);
+
+/* apparmor_private.h */
+
+extern int _aa_is_blacklisted(const char *name);
+
 #ifdef SWIGPYTHON
 %exception {
   $action
@@ -20,10 +37,7 @@
 }
 #endif
 
-/**
- * swig doesn't like the macro magic we do in apparmor.h and apparmor_private.h
- * so the fn prototypes are manually inserted here
- */
+/* Functions that return a negative int and set errno upon error go here. */
 
 /* apparmor.h */
 
@@ -34,7 +48,6 @@ extern int aa_change_profile(const char *profile);
 extern int aa_change_onexec(const char *profile);
 extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
 extern int aa_change_hat_vargs(unsigned long token, int count, ...);
-extern char *aa_splitcon(char *con, char **mode);
 extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
 			      char **mode);
 extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char **mode);
@@ -56,8 +69,4 @@ extern int aa_query_link_path_len(const char *label, size_t label_len,
 extern int aa_query_link_path(const char *label, const char *target,
 			      const char *link, int *allowed, int *audited);
 
-/* apparmor_private.h */
-
-extern int _aa_is_blacklisted(const char *name);
-
 %exception;
-- 
2.1.4

More information about the AppArmor mailing list