[apparmor] [PATCH 09/20] add helper fn to query file path permissions

Tyler Hicks tyhicks at canonical.com
Fri May 29 18:13:19 UTC 2015 

On 2015-05-29 01:39:15, John Johansen wrote:
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
>  libraries/libapparmor/doc/aa_query_label.pod  |  9 +++++++++
>  libraries/libapparmor/include/sys/apparmor.h  |  4 +++-
>  libraries/libapparmor/src/kernel.c            | 24 ++++++++++++++++++++++++
>  libraries/libapparmor/src/libapparmor.map     |  1 +
>  libraries/libapparmor/swig/SWIG/libapparmor.i |  2 ++
>  5 files changed, 39 insertions(+), 1 deletion(-)
> 
> diff --git a/libraries/libapparmor/doc/aa_query_label.pod b/libraries/libapparmor/doc/aa_query_label.pod
> index 9aa563a..db15fcc 100644
> --- a/libraries/libapparmor/doc/aa_query_label.pod
> +++ b/libraries/libapparmor/doc/aa_query_label.pod
> @@ -30,6 +30,8 @@ B<#include E<lt>sys/apparmor.hE<gt>>
>  
>  B<int aa_query_label((uint32_t mask, char *query, size_t size, int *allowed,
>  		int *audited);>
> +B<int aa_query_file((uint32_t mask, const char *label, const char *path,
> +		int *allowed, int *audited);>

Bah, I wish we would have already made the switch to C99 mode before I
implemented aa_query_label(). I wish allowed and audited were bools. Too
late now...

>  
>  Link with B<-lapparmor> when compiling.
>  
> @@ -52,6 +54,13 @@ of directly using I<aa_query_label>. If directly using the interface the
>  I<query> string is required to have a header of B<AA_QUERY_CMD_LABEL_SIZE>
>  that will be used by I<aa_query_label>.
>  
> +
> +The B<aa_query_file> function is a helper function that assembles a properly
> +formated path query for the B<aa_query_label> function. The I<label> is a valid

formatted

> +apparmor label as returned by I<aa_split_con> and the I<path> is any valid

I<aa_splitcon>

> +filesystem path to query permissions for.
> +
> +
>  =head1 RETURN VALUE
>  
>  On success 0 is returned, and the I<allowed> and I<audited> parameters
> diff --git a/libraries/libapparmor/include/sys/apparmor.h b/libraries/libapparmor/include/sys/apparmor.h
> index 99ce36b..a408741 100644
> --- a/libraries/libapparmor/include/sys/apparmor.h
> +++ b/libraries/libapparmor/include/sys/apparmor.h
> @@ -27,7 +27,7 @@ __BEGIN_DECLS
>  /*
>   * Class of public mediation types in the AppArmor policy db
>   */
> -
> +#define AA_CLASS_FILE		2
>  #define AA_CLASS_DBUS		32
>  
>  
> @@ -79,6 +79,8 @@ extern int aa_getpeercon(int fd, char **label, char **mode);
>  
>  extern int aa_query_label(uint32_t mask, char *query, size_t size, int *allow,
>  			  int *audit);
> +extern int aa_query_file(uint32_t mask, const char *label, const char *path,
> +			 int *allowed, int *audited);
>  
>  #define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y)
>  #define __macroarg_count1(Y...) __macroarg_count2 (Y, 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0)
> diff --git a/libraries/libapparmor/src/kernel.c b/libraries/libapparmor/src/kernel.c
> index 9d5f45d..d140f6b 100644
> --- a/libraries/libapparmor/src/kernel.c
> +++ b/libraries/libapparmor/src/kernel.c
> @@ -786,3 +786,27 @@ int query_label(uint32_t mask, char *query, size_t size, int *allowed,
>  extern typeof((query_label)) __aa_query_label __attribute__((alias ("query_label")));
>  symbol_version(__aa_query_label, aa_query_label, APPARMOR_1.1);
>  default_symbol_version(query_label, aa_query_label, APPARMOR_2.9);
> +
> +
> +int aa_query_file(uint32_t mask, const char *label, const char *path,
> +		  int *allowed, int *audited)

I prefer that we require 'size_t label_len' and 'size_t path_len'
parameters. The caller may already have the string lengths stored in
variables, eliminating unnecessary calls to strlen(). Also, it allows
for non-nul-terminated strings to be used.

> +{
> +	int rc;
> +	char *query;

Seems like a perfect opportunity to break out 'autofree'. Be sure to
initialize query to NULL if you decide to use it.

> +
> +	int lsize = strlen(label);
> +	int psize = strlen(path);
> +	/* + 1 for null separator */
> +	int size = AA_QUERY_CMD_LABEL_SIZE + lsize + 1 + psize;

change to size_t?

> +	query = malloc(size + 1);
> +	if (!query)
> +		return -1;
> +	/* we want the null terminator here */
> +	strcpy(query + AA_QUERY_CMD_LABEL_SIZE, label);
> +	query[AA_QUERY_CMD_LABEL_SIZE + lsize + 1] = AA_CLASS_FILE;
> +	memcpy(query + AA_QUERY_CMD_LABEL_SIZE + lsize + 2, path, psize);
> +	rc = aa_query_label(mask, query, size , allowed, audited);
> +	free(query);

This free() goes away if you switch to autofree.

Tyler

> +
> +	return rc;
> +}
> diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map
> index 3f43494..3514682 100644
> --- a/libraries/libapparmor/src/libapparmor.map
> +++ b/libraries/libapparmor/src/libapparmor.map
> @@ -54,6 +54,7 @@ APPARMOR_2.9 {
>  
>  APPARMOR_2.10 {
>    global:
> +        aa_query_file;
>          aa_features_new;
>          aa_features_new_from_string;
>          aa_features_new_from_kernel;
> diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i
> index 6bae3f6..0bf3b2a 100644
> --- a/libraries/libapparmor/swig/SWIG/libapparmor.i
> +++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
> @@ -39,5 +39,7 @@ extern int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode);
>  extern int aa_getpeercon(int fd, char **label, char **mode);
>  extern int aa_query_label(uint32_t mask, char *query, size_t size, int *allow,
>  			  int *audit);
> +extern int aa_query_file(uint32_t mask, const char *label, const char *path,
> +			 int *allowed, int *audited);
>  
>  %exception;
> -- 
> 2.1.4
> 
> 
> -- 
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150529/bc07e1ed/attachment.pgp>

More information about the AppArmor mailing list