[apparmor] [PATCH 6/4] libapparmor: Don't apply special SWIG %exception to some functions

Tue Jun 16 20:50:26 UTC 2015

On 06/16/2015 11:31 AM, Tyler Hicks wrote:
> Only use the special %exception directive for functions that return a
> negative int and set errno upon error.
> 
> This prevents, for example, _aa_is_blacklisted() from raising an
> exception when it returns -1. This is important because it doesn't set
> errno so an exception based on the value of errno would be
> unpredictable.
> 
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>

gah, /me hates swig. Never the less it looks good

Acked-by: John Johansen <john.johansen at canonical.com>

> ---
>  libraries/libapparmor/swig/SWIG/libapparmor.i | 27 ++++++++++++++++++---------
>  1 file changed, 18 insertions(+), 9 deletions(-)
> 
> diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i
> index b06bdde..69b4cc2 100644
> --- a/libraries/libapparmor/swig/SWIG/libapparmor.i
> +++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
> @@ -10,6 +10,23 @@
>  %include "typemaps.i"
>  %include <aalogparse.h>
>  
> +/**
> + * swig doesn't like the macro magic we do in apparmor.h and apparmor_private.h
> + * so the function prototypes must be manually inserted.
> + *
> + * Functions that return a negative int and set errno upon error use a special
> + * %exception directive and must be listed after the %exception below. All
> + * other functions go here.
> + */
> +
> +/* apparmor.h */
> +
> +extern char *aa_splitcon(char *con, char **mode);
> +
> +/* apparmor_private.h */
> +
> +extern int _aa_is_blacklisted(const char *name);
> +
>  #ifdef SWIGPYTHON
>  %exception {
>    $action
> @@ -20,10 +37,7 @@
>  }
>  #endif
>  
> -/**
> - * swig doesn't like the macro magic we do in apparmor.h and apparmor_private.h
> - * so the fn prototypes are manually inserted here
> - */
> +/* Functions that return a negative int and set errno upon error go here. */
>  
>  /* apparmor.h */
>  
> @@ -34,7 +48,6 @@ extern int aa_change_profile(const char *profile);
>  extern int aa_change_onexec(const char *profile);
>  extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
>  extern int aa_change_hat_vargs(unsigned long token, int count, ...);
> -extern char *aa_splitcon(char *con, char **mode);
>  extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
>  			      char **mode);
>  extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char **mode);
> @@ -56,8 +69,4 @@ extern int aa_query_link_path_len(const char *label, size_t label_len,
>  extern int aa_query_link_path(const char *label, const char *target,
>  			      const char *link, int *allowed, int *audited);
>  
> -/* apparmor_private.h */
> -
> -extern int _aa_is_blacklisted(const char *name);
> -
>  %exception;
> 