[apparmor] [PATCH 6/7] add query_dconf_raw, and split query_dconf to share base, setup

Seth Arnold seth.arnold at canonical.com
Thu Feb 16 23:30:36 UTC 2017 

On Fri, Feb 10, 2017 at 12:55:01PM -0800, John Johansen wrote:
> dconf needs to do a raw query, so refactor the query_dconf fn into
> a setup, query fns.
> 
> Signed-off-by: John Johansen <john.johansen at canonical.com>

Acked-by: Seth Arnold <seth.arnold at canonical.com>

Only cosmetic change to suggest:

> ---
>  libraries/libapparmor/src/kernel.c | 69 ++++++++++++++++++++++++++++++++------
>  1 file changed, 59 insertions(+), 10 deletions(-)
> 
> diff --git a/libraries/libapparmor/src/kernel.c b/libraries/libapparmor/src/kernel.c
> index c504c9d..7aa665d 100644
> --- a/libraries/libapparmor/src/kernel.c
> +++ b/libraries/libapparmor/src/kernel.c
> @@ -1099,6 +1099,60 @@ int aa_query_link_path(const char *label, const char *target, const char *link,
>  }
>  
>  /**
> + * aa_query_dconf_setup - setup query access permissions for a dconf @path

The function is named query_dconf_setup, no leading aa_

> + * @label: apparmor label
> + * @label_len: length of @label (does not include any terminating nul byte)
> + * @path: file path to query permissions for
> + * @path_len: length of @path (does not include any terminating nul byte)
> + *
> + * Returns: size on success else -1 and sets errno. If -1 is returned and
> + *          errno is ENOENT, the subject label in the query string is unknown
> + *          to the kernel.
> + */
> +static ssize_t query_dconf_setup(char **query, const char *label, size_t label_len,
> +			     const char *path, size_t path_len)
> +{
> +	/* + 1 for null separator, + 1 for AA_CLASS_DCONF */
> +	ssize_t size = AA_QUERY_CMD_LABEL_SIZE + label_len + 1 + 1 + path_len;
> +	*query = malloc(size);
> +	if (!*query)
> +		return -1;
> +	memcpy(*query + AA_QUERY_CMD_LABEL_SIZE, label, label_len);
> +	/* null separator */
> +	*query[AA_QUERY_CMD_LABEL_SIZE + label_len] = 0;
> +	*query[AA_QUERY_CMD_LABEL_SIZE + label_len + 1] = AA_CLASS_DCONF;
> +	memcpy(*query + AA_QUERY_CMD_LABEL_SIZE + label_len + 2, path, path_len);
> +
> +	return size;
> +}
> +
> +/**
> + * aa_query_dconf_raw - query access permissions for a dconf @path
> + * @label: apparmor label
> + * @label_len: length of @label (does not include any terminating nul byte)
> + * @path: file path to query permissions for
> + * @path_len: length of @path (does not include any terminating nul byte)
> + * @perms: Returns: perms for the query.
> + *
> + * Returns: 0 on success else -1 and sets errno. If -1 is returned and errno is
> + *          ENOENT, the subject label in the query string is unknown to the
> + *          kernel.
> + */
> +static int aa_query_dconf_raw(const char *label, size_t label_len,
> +			      const char *path, size_t path_len,
> +			      aa_perms_t *perms)
> +
> +{
> +	autofree char *query = NULL;
> +	ssize_t size;
> +	size = query_dconf_setup(&query, label, label_len, path, path_len);
> +	if (size == -1)
> +		return -1;
> +
> +	return query_label_raw(query, size, perms);
> +}
> +
> +/**
>   * aa_query_dconf_len - query access permissions for a dconf @path
>   * @mask: permission bits to query
>   * @label: apparmor label
> @@ -1118,18 +1172,13 @@ int aa_query_dconf_len(uint32_t mask, const char *label, size_t label_len,
>  		       int *audited)
>  {
>  	autofree char *query = NULL;
> +	ssize_t size;
>  
> -	/* + 1 for null separator, + 1 for AA_CLASS_DCONF */
> -	size_t size = AA_QUERY_CMD_LABEL_SIZE + label_len + 1 + 1 + path_len;
> -	query = malloc(size);
> -	if (!query)
> +	size = query_dconf_setup(&query, label, label_len, path, path_len);
> +	if  (size == -1)
>  		return -1;
> -	memcpy(query + AA_QUERY_CMD_LABEL_SIZE, label, label_len);
> -	/* null separator */
> -	query[AA_QUERY_CMD_LABEL_SIZE + label_len] = 0;
> -	query[AA_QUERY_CMD_LABEL_SIZE + label_len + 1] = AA_CLASS_DCONF;
> -	memcpy(query + AA_QUERY_CMD_LABEL_SIZE + label_len + 2, path, path_len);
> -	return aa_query_label(mask, query, size , allowed, audited);
> +
> +	return aa_query_label(mask, query, size, allowed, audited);
>  }
>  
>  /**

Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170216/8217c257/attachment.pgp>

More information about the AppArmor mailing list