[apparmor] [PATCH 6/6] libapparmor: Allow creating a kernel_interface with a NULL kernel_features
Tyler Hicks
tyhicks at canonical.com
Wed Mar 25 22:37:21 UTC 2015
The most common case when creating an aa_kernel_interface object will be
to do so while using the current kernel's feature set for the
kernel_features parameter. Rather than have callers instantiate their
own aa_features object in this situation, aa_kernel_interface_new()
should do it for them if they specify NULL for the kernel_features
parameter.
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
libraries/libapparmor/src/kernel_interface.c | 18 ++++++++++++++----
tests/regression/apparmor/aa_policy_cache.c | 9 +--------
2 files changed, 15 insertions(+), 12 deletions(-)
diff --git a/libraries/libapparmor/src/kernel_interface.c b/libraries/libapparmor/src/kernel_interface.c
index 6ab20ea..15b171f 100644
--- a/libraries/libapparmor/src/kernel_interface.c
+++ b/libraries/libapparmor/src/kernel_interface.c
@@ -198,7 +198,9 @@ static int write_policy_file_to_iface(aa_kernel_interface *kernel_interface,
* aa_kernel_interface_new - create a new kernel_interface from an optional path
* @kernel_interface: will point to the address of an allocated and initialized
* aa_kernel_interface object upon success
- * @kernel_features: features representing the currently running kernel
+ * @kernel_features: features representing the currently running kernel (can be
+ * NULL and the features of the currently running kernel will
+ * be used)
* @apparmorfs: path to the apparmor directory of the mounted securityfs (can
* be NULL and the path will be auto discovered)
*
@@ -223,9 +225,17 @@ int aa_kernel_interface_new(aa_kernel_interface **kernel_interface,
aa_kernel_interface_ref(ki);
ki->dirfd = -1;
- ki->supports_setload = kernel_features ?
- aa_features_supports(kernel_features, set_load) :
- false;
+ if (kernel_features) {
+ aa_features_ref(kernel_features);
+ } else if (aa_features_new_from_kernel(&kernel_features) == -1) {
+ int save = errno;
+
+ aa_kernel_interface_unref(ki);
+ errno = save;
+ return -1;
+ }
+ ki->supports_setload = aa_features_supports(kernel_features, set_load);
+ aa_features_unref(kernel_features);
if (!apparmorfs) {
if (find_iface_dir(&alloced_apparmorfs) == -1) {
diff --git a/tests/regression/apparmor/aa_policy_cache.c b/tests/regression/apparmor/aa_policy_cache.c
index 03f7b5b..b221c98 100644
--- a/tests/regression/apparmor/aa_policy_cache.c
+++ b/tests/regression/apparmor/aa_policy_cache.c
@@ -120,16 +120,10 @@ out:
static int test_remove_policy(const char *name)
{
- aa_features *features = NULL;
aa_kernel_interface *kernel_interface = NULL;
int rc = 1;
- if (aa_features_new_from_kernel(&features)) {
- perror("FAIL - aa_features_new_from_kernel");
- goto out;
- }
-
- if (aa_kernel_interface_new(&kernel_interface, features, NULL)) {
+ if (aa_kernel_interface_new(&kernel_interface, NULL, NULL)) {
perror("FAIL - aa_kernel_interface_new");
goto out;
}
@@ -142,7 +136,6 @@ static int test_remove_policy(const char *name)
rc = 0;
out:
aa_kernel_interface_unref(kernel_interface);
- aa_features_unref(features);
return rc;
}
--
2.1.4
More information about the AppArmor
mailing list