[apparmor] [PATCH v2 10/14] libapparmor: Migrate aa_kernel_interface API to openat() style

John Johansen john.johansen at canonical.com
Fri May 29 11:31:24 UTC 2015 

On 04/02/2015 08:17 AM, Tyler Hicks wrote:
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>

Acked-by: John Johansen <john.johansen at canonical.com>

> ---
>  libraries/libapparmor/include/sys/apparmor.h |  4 ++--
>  libraries/libapparmor/src/kernel_interface.c | 13 +++++++------
>  libraries/libapparmor/src/policy_cache.c     |  2 +-
>  parser/parser_main.c                         |  4 ++--
>  4 files changed, 12 insertions(+), 11 deletions(-)
> 
> diff --git a/libraries/libapparmor/include/sys/apparmor.h b/libraries/libapparmor/include/sys/apparmor.h
> index ba20071..8fc3bda 100644
> --- a/libraries/libapparmor/include/sys/apparmor.h
> +++ b/libraries/libapparmor/include/sys/apparmor.h
> @@ -127,13 +127,13 @@ void aa_kernel_interface_unref(aa_kernel_interface *kernel_interface);
>  int aa_kernel_interface_load_policy(aa_kernel_interface *kernel_interface,
>  				    const char *buffer, size_t size);
>  int aa_kernel_interface_load_policy_from_file(aa_kernel_interface *kernel_interface,
> -					      const char *path);
> +					      int dirfd, const char *path);
>  int aa_kernel_interface_load_policy_from_fd(aa_kernel_interface *kernel_interface,
>  					    int fd);
>  int aa_kernel_interface_replace_policy(aa_kernel_interface *kernel_interface,
>  				       const char *buffer, size_t size);
>  int aa_kernel_interface_replace_policy_from_file(aa_kernel_interface *kernel_interface,
> -						 const char *path);
> +						 int dirfd, const char *path);
>  int aa_kernel_interface_replace_policy_from_fd(aa_kernel_interface *kernel_interface,
>  					       int fd);
>  int aa_kernel_interface_remove_policy(aa_kernel_interface *kernel_interface,
> diff --git a/libraries/libapparmor/src/kernel_interface.c b/libraries/libapparmor/src/kernel_interface.c
> index 15b171f..293c93d 100644
> --- a/libraries/libapparmor/src/kernel_interface.c
> +++ b/libraries/libapparmor/src/kernel_interface.c
> @@ -183,11 +183,12 @@ static int write_policy_fd_to_iface(aa_kernel_interface *kernel_interface,
>  }
>  
>  static int write_policy_file_to_iface(aa_kernel_interface *kernel_interface,
> -				      const char *iface_file, const char *path)
> +				      const char *iface_file,
> +				      int dirfd, const char *path)
>  {
>  	autoclose int fd;
>  
> -	fd = open(path, O_RDONLY);
> +	fd = openat(dirfd, path, O_RDONLY);
>  	if (fd == -1)
>  		return -1;
>  
> @@ -312,10 +313,10 @@ int aa_kernel_interface_load_policy(aa_kernel_interface *kernel_interface,
>   * Returns: 0 on success, -1 on error with errno set
>   */
>  int aa_kernel_interface_load_policy_from_file(aa_kernel_interface *kernel_interface,
> -					      const char *path)
> +					      int dirfd, const char *path)
>  {
>  	return write_policy_file_to_iface(kernel_interface, AA_IFACE_FILE_LOAD,
> -					  path);
> +					  dirfd, path);
>  }
>  
>  /**
> @@ -356,10 +357,10 @@ int aa_kernel_interface_replace_policy(aa_kernel_interface *kernel_interface,
>   * Returns: 0 on success, -1 on error with errno set
>   */
>  int aa_kernel_interface_replace_policy_from_file(aa_kernel_interface *kernel_interface,
> -						 const char *path)
> +						 int dirfd, const char *path)
>  {
>  	return write_policy_file_to_iface(kernel_interface,
> -					  AA_IFACE_FILE_REPLACE, path);
> +					  AA_IFACE_FILE_REPLACE, dirfd, path);
>  }
>  
>  /**
> diff --git a/libraries/libapparmor/src/policy_cache.c b/libraries/libapparmor/src/policy_cache.c
> index e91388c..f59198a 100644
> --- a/libraries/libapparmor/src/policy_cache.c
> +++ b/libraries/libapparmor/src/policy_cache.c
> @@ -132,7 +132,7 @@ static int replace_all_cb(int dirfd unused, const char *name, struct stat *st,
>  			return -1;
>  		}
>  		retval = aa_kernel_interface_replace_policy_from_file(data->kernel_interface,
> -								      path);
> +								      -1, path);
>  	}
>  
>  	return retval;
> diff --git a/parser/parser_main.c b/parser/parser_main.c
> index 0ae5812..dda594c 100644
> --- a/parser/parser_main.c
> +++ b/parser/parser_main.c
> @@ -600,7 +600,7 @@ int process_binary(int option, aa_kernel_interface *kernel_interface,
>  	if (kernel_load) {
>  		if (option == OPTION_ADD) {
>  			retval = profilename ?
> -				 aa_kernel_interface_load_policy_from_file(kernel_interface, profilename) :
> +				 aa_kernel_interface_load_policy_from_file(kernel_interface, AT_FDCWD, profilename) :
>  				 aa_kernel_interface_load_policy_from_fd(kernel_interface, 0);
>  			if (retval == -1) {
>  				retval = errno;
> @@ -610,7 +610,7 @@ int process_binary(int option, aa_kernel_interface *kernel_interface,
>  			}
>  		} else if (option == OPTION_REPLACE) {
>  			retval = profilename ?
> -				 aa_kernel_interface_replace_policy_from_file(kernel_interface, profilename) :
> +				 aa_kernel_interface_replace_policy_from_file(kernel_interface, AT_FDCWD, profilename) :
>  				 aa_kernel_interface_replace_policy_from_fd(kernel_interface, 0);
>  			if (retval == -1) {
>  				retval = errno;
>

More information about the AppArmor mailing list