[apparmor] [PATCH 6/7] add query_dconf_raw, and split query_dconf to share base, setup
Seth Arnold
seth.arnold at canonical.com
Thu Feb 16 23:30:36 UTC 2017
On Fri, Feb 10, 2017 at 12:55:01PM -0800, John Johansen wrote:
> dconf needs to do a raw query, so refactor the query_dconf fn into
> a setup, query fns.
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Only cosmetic change to suggest:
> ---
> libraries/libapparmor/src/kernel.c | 69 ++++++++++++++++++++++++++++++++------
> 1 file changed, 59 insertions(+), 10 deletions(-)
>
> diff --git a/libraries/libapparmor/src/kernel.c b/libraries/libapparmor/src/kernel.c
> index c504c9d..7aa665d 100644
> --- a/libraries/libapparmor/src/kernel.c
> +++ b/libraries/libapparmor/src/kernel.c
> @@ -1099,6 +1099,60 @@ int aa_query_link_path(const char *label, const char *target, const char *link,
> }
>
> /**
> + * aa_query_dconf_setup - setup query access permissions for a dconf @path
The function is named query_dconf_setup, no leading aa_
> + * @label: apparmor label
> + * @label_len: length of @label (does not include any terminating nul byte)
> + * @path: file path to query permissions for
> + * @path_len: length of @path (does not include any terminating nul byte)
> + *
> + * Returns: size on success else -1 and sets errno. If -1 is returned and
> + * errno is ENOENT, the subject label in the query string is unknown
> + * to the kernel.
> + */
> +static ssize_t query_dconf_setup(char **query, const char *label, size_t label_len,
> + const char *path, size_t path_len)
> +{
> + /* + 1 for null separator, + 1 for AA_CLASS_DCONF */
> + ssize_t size = AA_QUERY_CMD_LABEL_SIZE + label_len + 1 + 1 + path_len;
> + *query = malloc(size);
> + if (!*query)
> + return -1;
> + memcpy(*query + AA_QUERY_CMD_LABEL_SIZE, label, label_len);
> + /* null separator */
> + *query[AA_QUERY_CMD_LABEL_SIZE + label_len] = 0;
> + *query[AA_QUERY_CMD_LABEL_SIZE + label_len + 1] = AA_CLASS_DCONF;
> + memcpy(*query + AA_QUERY_CMD_LABEL_SIZE + label_len + 2, path, path_len);
> +
> + return size;
> +}
> +
> +/**
> + * aa_query_dconf_raw - query access permissions for a dconf @path
> + * @label: apparmor label
> + * @label_len: length of @label (does not include any terminating nul byte)
> + * @path: file path to query permissions for
> + * @path_len: length of @path (does not include any terminating nul byte)
> + * @perms: Returns: perms for the query.
> + *
> + * Returns: 0 on success else -1 and sets errno. If -1 is returned and errno is
> + * ENOENT, the subject label in the query string is unknown to the
> + * kernel.
> + */
> +static int aa_query_dconf_raw(const char *label, size_t label_len,
> + const char *path, size_t path_len,
> + aa_perms_t *perms)
> +
> +{
> + autofree char *query = NULL;
> + ssize_t size;
> + size = query_dconf_setup(&query, label, label_len, path, path_len);
> + if (size == -1)
> + return -1;
> +
> + return query_label_raw(query, size, perms);
> +}
> +
> +/**
> * aa_query_dconf_len - query access permissions for a dconf @path
> * @mask: permission bits to query
> * @label: apparmor label
> @@ -1118,18 +1172,13 @@ int aa_query_dconf_len(uint32_t mask, const char *label, size_t label_len,
> int *audited)
> {
> autofree char *query = NULL;
> + ssize_t size;
>
> - /* + 1 for null separator, + 1 for AA_CLASS_DCONF */
> - size_t size = AA_QUERY_CMD_LABEL_SIZE + label_len + 1 + 1 + path_len;
> - query = malloc(size);
> - if (!query)
> + size = query_dconf_setup(&query, label, label_len, path, path_len);
> + if (size == -1)
> return -1;
> - memcpy(query + AA_QUERY_CMD_LABEL_SIZE, label, label_len);
> - /* null separator */
> - query[AA_QUERY_CMD_LABEL_SIZE + label_len] = 0;
> - query[AA_QUERY_CMD_LABEL_SIZE + label_len + 1] = AA_CLASS_DCONF;
> - memcpy(query + AA_QUERY_CMD_LABEL_SIZE + label_len + 2, path, path_len);
> - return aa_query_label(mask, query, size , allowed, audited);
> +
> + return aa_query_label(mask, query, size, allowed, audited);
> }
>
> /**
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170216/8217c257/attachment.pgp>
More information about the AppArmor
mailing list