[apparmor] [PATCH 5/6] libapparmor: Migrate aa_kernel_interface API to openat() style

Tyler Hicks tyhicks at canonical.com
Thu Mar 26 21:48:01 UTC 2015 

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
 libraries/libapparmor/include/sys/apparmor.h |  4 ++--
 libraries/libapparmor/src/kernel_interface.c | 13 +++++++------
 libraries/libapparmor/src/policy_cache.c     |  2 +-
 parser/parser_main.c                         |  4 ++--
 4 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/libraries/libapparmor/include/sys/apparmor.h b/libraries/libapparmor/include/sys/apparmor.h
index 2643cde..435fb09 100644
--- a/libraries/libapparmor/include/sys/apparmor.h
+++ b/libraries/libapparmor/include/sys/apparmor.h
@@ -127,13 +127,13 @@ void aa_kernel_interface_unref(aa_kernel_interface *kernel_interface);
 int aa_kernel_interface_load_policy(aa_kernel_interface *kernel_interface,
 				    const char *buffer, size_t size);
 int aa_kernel_interface_load_policy_from_file(aa_kernel_interface *kernel_interface,
-					      const char *path);
+					      int dirfd, const char *path);
 int aa_kernel_interface_load_policy_from_fd(aa_kernel_interface *kernel_interface,
 					    int fd);
 int aa_kernel_interface_replace_policy(aa_kernel_interface *kernel_interface,
 				       const char *buffer, size_t size);
 int aa_kernel_interface_replace_policy_from_file(aa_kernel_interface *kernel_interface,
-						 const char *path);
+						 int dirfd, const char *path);
 int aa_kernel_interface_replace_policy_from_fd(aa_kernel_interface *kernel_interface,
 					       int fd);
 int aa_kernel_interface_remove_policy(aa_kernel_interface *kernel_interface,
diff --git a/libraries/libapparmor/src/kernel_interface.c b/libraries/libapparmor/src/kernel_interface.c
index 15b171f..293c93d 100644
--- a/libraries/libapparmor/src/kernel_interface.c
+++ b/libraries/libapparmor/src/kernel_interface.c
@@ -183,11 +183,12 @@ static int write_policy_fd_to_iface(aa_kernel_interface *kernel_interface,
 }
 
 static int write_policy_file_to_iface(aa_kernel_interface *kernel_interface,
-				      const char *iface_file, const char *path)
+				      const char *iface_file,
+				      int dirfd, const char *path)
 {
 	autoclose int fd;
 
-	fd = open(path, O_RDONLY);
+	fd = openat(dirfd, path, O_RDONLY);
 	if (fd == -1)
 		return -1;
 
@@ -312,10 +313,10 @@ int aa_kernel_interface_load_policy(aa_kernel_interface *kernel_interface,
  * Returns: 0 on success, -1 on error with errno set
  */
 int aa_kernel_interface_load_policy_from_file(aa_kernel_interface *kernel_interface,
-					      const char *path)
+					      int dirfd, const char *path)
 {
 	return write_policy_file_to_iface(kernel_interface, AA_IFACE_FILE_LOAD,
-					  path);
+					  dirfd, path);
 }
 
 /**
@@ -356,10 +357,10 @@ int aa_kernel_interface_replace_policy(aa_kernel_interface *kernel_interface,
  * Returns: 0 on success, -1 on error with errno set
  */
 int aa_kernel_interface_replace_policy_from_file(aa_kernel_interface *kernel_interface,
-						 const char *path)
+						 int dirfd, const char *path)
 {
 	return write_policy_file_to_iface(kernel_interface,
-					  AA_IFACE_FILE_REPLACE, path);
+					  AA_IFACE_FILE_REPLACE, dirfd, path);
 }
 
 /**
diff --git a/libraries/libapparmor/src/policy_cache.c b/libraries/libapparmor/src/policy_cache.c
index 515e2d0..a5eff24 100644
--- a/libraries/libapparmor/src/policy_cache.c
+++ b/libraries/libapparmor/src/policy_cache.c
@@ -119,7 +119,7 @@ static int replace_all_cb(int dirfd unused, const char *name, struct stat *st,
 			return -1;
 		}
 		retval = aa_kernel_interface_replace_policy_from_file(data->kernel_interface,
-								      path);
+								      -1, path);
 	}
 
 	return retval;
diff --git a/parser/parser_main.c b/parser/parser_main.c
index 428c3ea..555620d 100644
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -600,7 +600,7 @@ int process_binary(int option, aa_kernel_interface *kernel_interface,
 	if (kernel_load) {
 		if (option == OPTION_ADD) {
 			retval = profilename ?
-				 aa_kernel_interface_load_policy_from_file(kernel_interface, profilename) :
+				 aa_kernel_interface_load_policy_from_file(kernel_interface, AT_FDCWD, profilename) :
 				 aa_kernel_interface_load_policy_from_fd(kernel_interface, 0);
 			if (retval == -1) {
 				retval = errno;
@@ -610,7 +610,7 @@ int process_binary(int option, aa_kernel_interface *kernel_interface,
 			}
 		} else if (option == OPTION_REPLACE) {
 			retval = profilename ?
-				 aa_kernel_interface_replace_policy_from_file(kernel_interface, profilename) :
+				 aa_kernel_interface_replace_policy_from_file(kernel_interface, AT_FDCWD, profilename) :
 				 aa_kernel_interface_replace_policy_from_fd(kernel_interface, 0);
 			if (retval == -1) {
 				retval = errno;
-- 
2.1.4

More information about the AppArmor mailing list