Re: [apparmor] [PATCH 4/7] libapparmor: Parse mode from confinement string in getpeercon functions

Seth Arnold Mon, 24 Jun 2013 14:31:11 -0700

On Sun, Jun 23, 2013 at 04:23:16PM -0700, Tyler Hicks wrote:
> The functions that return the confinement information of a peer socket
> connection should parse and return the mode like the task-based
> functions.
> 
> Signed-off-by: Tyler Hicks <tyhi...@canonical.com>


Acked-by: Seth Arnold <seth.arn...@canonical.com>

> ---
>  libraries/libapparmor/src/apparmor.h          |  4 ++--
>  libraries/libapparmor/src/kernel_interface.c  | 16 +++++++++++++---
>  libraries/libapparmor/swig/SWIG/libapparmor.i |  4 ++--
>  3 files changed, 17 insertions(+), 7 deletions(-)
> 
> diff --git a/libraries/libapparmor/src/apparmor.h 
> b/libraries/libapparmor/src/apparmor.h
> index c93bee8..142d1e1 100644
> --- a/libraries/libapparmor/src/apparmor.h
> +++ b/libraries/libapparmor/src/apparmor.h
> @@ -48,8 +48,8 @@ extern int aa_getprocattr_raw(pid_t tid, const char *attr, 
> char *buf, int len,
>  extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char 
> **mode);
>  extern int aa_gettaskcon(pid_t target, char **con, char **mode);
>  extern int aa_getcon(char **con, char **mode);
> -extern int aa_getpeercon_raw(int fd, char *buffer, int *size);
> -extern int aa_getpeercon(int fd, char **con);
> +extern int aa_getpeercon_raw(int fd, char *buffer, int *size, char **mode);
> +extern int aa_getpeercon(int fd, char **con, char **mode);
>  
>  #define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y)
>  #define __macroarg_count1(Y...) __macroarg_count2 (Y, 
> 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0)
> diff --git a/libraries/libapparmor/src/kernel_interface.c 
> b/libraries/libapparmor/src/kernel_interface.c
> index afb51b5..0c02d15 100644
> --- a/libraries/libapparmor/src/kernel_interface.c
> +++ b/libraries/libapparmor/src/kernel_interface.c
> @@ -563,13 +563,15 @@ int aa_getcon(char **con, char **mode)
>   * @fd: socket to get peer confinement for
>   * @con: pointer to buffer to store confinement string
>   * @size: initially contains size of the buffer, returns size of data read
> + * @mode: if set will point to mode string within buffer if it is present
>   *
>   * Returns: length of confinement data including null termination or -1 on 
> error
>   *          if errno == ERANGE then @size will hold the size needed
>   */
> -int aa_getpeercon_raw(int fd, char *buffer, int *size)
> +int aa_getpeercon_raw(int fd, char *buffer, int *size, char **mode)
>  {
>       socklen_t optlen = *size;
> +     char *mode_str;
>       int rc;
>  
>       if (optlen <= 0 || buffer == NULL) {
> @@ -591,9 +593,14 @@ int aa_getpeercon_raw(int fd, char *buffer, int *size)
>                       rc = -1;
>                       errno = ERANGE;
>                       optlen++;
> +                     goto out;
>               }
>       }
>  
> +     mode_str = parse_confinement_mode(buffer, optlen);
> +     if (mode)
> +             *mode = mode_str;
> +
>       rc = optlen;
>  out:
>       *size = optlen;
> @@ -604,12 +611,13 @@ out:
>   * aa_getpeercon - get the confinement of the socket's peer (other end)
>   * @fd: socket to get peer confinement for
>   * @con: pointer to allocated buffer with the confinement string
> + * @mode: if provided will point to the mode string in @con if present
>   *
>   * Returns: length of confinement data including null termination or -1 on 
> error
>   *
>   * Caller is responsible for freeing the buffer returned.
>   */
> -int aa_getpeercon(int fd, char **con)
> +int aa_getpeercon(int fd, char **con, char **mode)
>  {
>       int rc, last_size, size = INITIAL_GUESS_SIZE;
>       char *buffer = NULL;
> @@ -626,13 +634,15 @@ int aa_getpeercon(int fd, char **con)
>                       return -1;
>               memset(buffer, 0, size);
>  
> -             rc = aa_getpeercon_raw(fd, buffer, &size);
> +             rc = aa_getpeercon_raw(fd, buffer, &size, mode);
>               /* size should contain actual size needed if errno == ERANGE */
>       } while (rc == -1 && errno == ERANGE && size > last_size);
>  
>       if (rc == -1) {
>               free(buffer);
>               *con = NULL;
> +             if (mode)
> +                     *mode = NULL;
>               size = -1;
>       } else
>               *con = buffer;
> diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i 
> b/libraries/libapparmor/swig/SWIG/libapparmor.i
> index f0ebf5a..13b86b8 100644
> --- a/libraries/libapparmor/swig/SWIG/libapparmor.i
> +++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
> @@ -25,5 +25,5 @@ extern int aa_getprocattr_raw(pid_t tid, const char *attr, 
> char *buf, int len,
>  extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char 
> **mode);
>  extern int aa_gettaskcon(pid_t target, char **con, char **mode);
>  extern int aa_getcon(char **con, char **mode);
> -extern int aa_getpeercon_raw(int fd, char *buffer, int *size);
> -extern int aa_getpeercon(int fd, char **con);
> +extern int aa_getpeercon_raw(int fd, char *buffer, int *size, char **mode);
> +extern int aa_getpeercon(int fd, char **con, char **mode);
> -- 
> 1.8.1.2
> 
> 
> -- 
> AppArmor mailing list
> AppArmor@lists.ubuntu.com
> Modify settings or unsubscribe at: 
> https://lists.ubuntu.com/mailman/listinfo/apparmor
>

signature.asc
Description: Digital signature

-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Re: [apparmor] [PATCH 4/7] libapparmor: Parse mode from confinement string in getpeercon functions

Reply via email to