[apparmor] [PATCH v2 30/42] libapparmor: Create a private API

Tyler Hicks tyhicks at canonical.com
Fri Mar 6 21:48:46 UTC 2015 

This patch creates a private API in libapparmor in which upstream
provides no guarantees in regards to ABI stability.

A new header file, <sys/apparmor_private.h>, is created. The "_aa"
prefix will be used for symbols belonging to the private API.

To kick things off, a library friendly version of is_blacklisted() is
moved into libapparmor.

The purpose of a private libapparmor API is to prevent duplicated code
between the parser and libapparmor. This becomes an issue as we prepare
to move chunks of the parser into libapparmor.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: John Johansen <john.johansen at canonical.com>
---
 libraries/libapparmor/include/sys/Makefile.am      |  2 +-
 .../libapparmor/include/sys/apparmor_private.h     | 26 +++++++++
 libraries/libapparmor/src/Makefile.am              |  2 +-
 libraries/libapparmor/src/libapparmor.map          |  7 +++
 libraries/libapparmor/src/private.c                | 66 ++++++++++++++++++++++
 parser/parser_misc.c                               | 50 ++--------------
 6 files changed, 107 insertions(+), 46 deletions(-)
 create mode 100644 libraries/libapparmor/include/sys/apparmor_private.h
 create mode 100644 libraries/libapparmor/src/private.c

diff --git a/libraries/libapparmor/include/sys/Makefile.am b/libraries/libapparmor/include/sys/Makefile.am
index 38efc3e..2c12780 100644
--- a/libraries/libapparmor/include/sys/Makefile.am
+++ b/libraries/libapparmor/include/sys/Makefile.am
@@ -1,3 +1,3 @@
 
 apparmor_hdrdir = $(includedir)/sys
-apparmor_hdr_HEADERS = apparmor.h
+apparmor_hdr_HEADERS = apparmor.h apparmor_private.h
diff --git a/libraries/libapparmor/include/sys/apparmor_private.h b/libraries/libapparmor/include/sys/apparmor_private.h
new file mode 100644
index 0000000..6138b2c
--- /dev/null
+++ b/libraries/libapparmor/include/sys/apparmor_private.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2014 Canonical Ltd.
+ *
+ * The libapparmor library is licensed under the terms of the GNU
+ * Lesser General Public License, version 2.1. Please see the file
+ * COPYING.LGPL.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _SYS_APPARMOR_PRIVATE_H
+#define _SYS_APPARMOR_PRIVATE_H	1
+
+__BEGIN_DECLS
+
+int _aa_is_blacklisted(const char *name, const char *path);
+
+__END_DECLS
+
+#endif	/* sys/apparmor_private.h */
diff --git a/libraries/libapparmor/src/Makefile.am b/libraries/libapparmor/src/Makefile.am
index 9221607..e1d1fac 100644
--- a/libraries/libapparmor/src/Makefile.am
+++ b/libraries/libapparmor/src/Makefile.am
@@ -48,7 +48,7 @@ af_protos.h: /usr/include/netinet/in.h
 lib_LTLIBRARIES = libapparmor.la
 noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h
 
-libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c
+libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c private.c
 libapparmor_la_LDFLAGS = -version-info $(AA_LIB_CURRENT):$(AA_LIB_REVISION):$(AA_LIB_AGE) -XCClinker -dynamic -pthread \
 	-Wl,--version-script=$(top_srcdir)/src/libapparmor.map
 
diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map
index 67175d0..c7bc606 100644
--- a/libraries/libapparmor/src/libapparmor.map
+++ b/libraries/libapparmor/src/libapparmor.map
@@ -51,3 +51,10 @@ APPARMOR_2.9 {
   local:
 	*;
 } APPARMOR_1.1;
+
+PRIVATE {
+	global:
+		_aa_is_blacklisted;
+	local:
+		*;
+};
diff --git a/libraries/libapparmor/src/private.c b/libraries/libapparmor/src/private.c
new file mode 100644
index 0000000..f6f40b5
--- /dev/null
+++ b/libraries/libapparmor/src/private.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2014 Canonical Ltd.
+ *
+ * The libapparmor library is licensed under the terms of the GNU
+ * Lesser General Public License, version 2.1. Please see the file
+ * COPYING.LGPL.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <string.h>
+
+struct ignored_suffix_t {
+	const char * text;
+	int len;
+	int silent;
+};
+
+static struct ignored_suffix_t ignored_suffixes[] = {
+	/* Debian packging files, which are in flux during install
+           should be silently ignored. */
+	{ ".dpkg-new", 9, 1 },
+	{ ".dpkg-old", 9, 1 },
+	{ ".dpkg-dist", 10, 1 },
+	{ ".dpkg-bak", 9, 1 },
+	/* RPM packaging files have traditionally not been silently
+           ignored */
+	{ ".rpmnew", 7, 0 },
+	{ ".rpmsave", 8, 0 },
+	/* patch file backups/conflicts */
+	{ ".orig", 5, 0 },
+	{ ".rej", 4, 0 },
+	/* Backup files should be mentioned */
+	{ "~", 1, 0 },
+	{ NULL, 0, 0 }
+};
+
+int _aa_is_blacklisted(const char *name, const char *path)
+{
+	int name_len;
+	struct ignored_suffix_t *suffix;
+
+	/* skip dot files and files with no name */
+	if (*name == '.' || !strlen(name))
+		return 1;
+
+	name_len = strlen(name);
+	/* skip blacklisted suffixes */
+	for (suffix = ignored_suffixes; suffix->text; suffix++) {
+		char *found;
+		if ( (found = strstr((char *) name, suffix->text)) &&
+		     found - name + suffix->len == name_len ) {
+			if (!suffix->silent)
+				return -1;
+			return 1;
+		}
+	}
+
+	return 0;
+}
diff --git a/parser/parser_misc.c b/parser/parser_misc.c
index fcee5ef..6c0beb9 100644
--- a/parser/parser_misc.c
+++ b/parser/parser_misc.c
@@ -32,6 +32,7 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <sys/apparmor.h>
+#include <sys/apparmor_private.h>
 
 #include "lib.h"
 #include "parser.h"
@@ -50,53 +51,14 @@
 #endif
 #define NPDEBUG(fmt, args...)	/* Do nothing */
 
-struct ignored_suffix_t {
-	const char * text;
-	int len;
-	int silent;
-};
-
-static struct ignored_suffix_t ignored_suffixes[] = {
-	/* Debian packging files, which are in flux during install
-           should be silently ignored. */
-	{ ".dpkg-new", 9, 1 },
-	{ ".dpkg-old", 9, 1 },
-	{ ".dpkg-dist", 10, 1 },
-	{ ".dpkg-bak", 9, 1 },
-	/* RPM packaging files have traditionally not been silently
-           ignored */
-	{ ".rpmnew", 7, 0 },
-	{ ".rpmsave", 8, 0 },
-	/* patch file backups/conflicts */
-	{ ".orig", 5, 0 },
-	{ ".rej", 4, 0 },
-	/* Backup files should be mentioned */
-	{ "~", 1, 0 },
-	{ NULL, 0, 0 }
-};
-
 int is_blacklisted(const char *name, const char *path)
 {
-	int name_len;
-	struct ignored_suffix_t *suffix;
-
-	/* skip dot files and files with no name */
-	if (*name == '.' || !strlen(name))
-		return 1;
-
-	name_len = strlen(name);
-	/* skip blacklisted suffixes */
-	for (suffix = ignored_suffixes; suffix->text; suffix++) {
-		char *found;
-		if ( (found = strstr((char *) name, suffix->text)) &&
-		     found - name + suffix->len == name_len ) {
-			if (!suffix->silent)
-				PERROR("Ignoring: '%s'\n", path ? path : name);
-			return 1;
-		}
-	}
+	int retval = _aa_is_blacklisted(name, path);
+
+	if (retval == -1)
+		PERROR("Ignoring: '%s'\n", path ? path : name);
 
-	return 0;
+	return !retval ? 0 : 1;
 }
 
 struct keyword_table {
-- 
2.1.4

More information about the AppArmor mailing list