On 2015-01-22 10:16:59, John Johansen wrote: > On 12/05/2014 04:22 PM, Tyler Hicks wrote: > > This patch creates a private API in libapparmor in which upstream > > provides no guarantees in regards to ABI stability. > > > > A new header file, <sys/apparmor_private.h>, is created. The "_aa" > > prefix will be used for symbols belonging to the private API. > > > > To kick things off, a library friendly version of is_blacklisted() is > > moved into libapparmor. > > > > The purpose of a private libapparmor API is to prevent duplicated code > > between the parser and libapparmor. This becomes an issue as we prepare > > to move chunks of the parser into libapparmor. > > > > Signed-off-by: Tyler Hicks <tyhi...@canonical.com> > Acked-by: John Johansen <john.johan...@canonical.com>
Thanks again! > > though I agree with Christian that we are going to want a public version > of the is_blacklisted() api. But that can come in another patch I do this in the second patch set where I move everything into libapparmor. It is exported as a "private" function named _aa_is_blacklisted(). See the "libapparmor: Create a private API" patch in the second patch set, if interested. Tyler > > > > --- > > libraries/libapparmor/include/sys/Makefile.am | 2 +- > > .../libapparmor/include/sys/apparmor_private.h | 26 +++++++++ > > libraries/libapparmor/src/Makefile.am | 2 +- > > libraries/libapparmor/src/libapparmor.map | 7 +++ > > libraries/libapparmor/src/private.c | 66 > > ++++++++++++++++++++++ > > parser/parser_misc.c | 50 ++-------------- > > 6 files changed, 107 insertions(+), 46 deletions(-) > > create mode 100644 libraries/libapparmor/include/sys/apparmor_private.h > > create mode 100644 libraries/libapparmor/src/private.c > > > > diff --git a/libraries/libapparmor/include/sys/Makefile.am > > b/libraries/libapparmor/include/sys/Makefile.am > > index 38efc3e..2c12780 100644 > > --- a/libraries/libapparmor/include/sys/Makefile.am > > +++ b/libraries/libapparmor/include/sys/Makefile.am > > @@ -1,3 +1,3 @@ > > > > apparmor_hdrdir = $(includedir)/sys > > -apparmor_hdr_HEADERS = apparmor.h > > +apparmor_hdr_HEADERS = apparmor.h apparmor_private.h > > diff --git a/libraries/libapparmor/include/sys/apparmor_private.h > > b/libraries/libapparmor/include/sys/apparmor_private.h > > new file mode 100644 > > index 0000000..6138b2c > > --- /dev/null > > +++ b/libraries/libapparmor/include/sys/apparmor_private.h > > @@ -0,0 +1,26 @@ > > +/* > > + * Copyright 2014 Canonical Ltd. > > + * > > + * The libapparmor library is licensed under the terms of the GNU > > + * Lesser General Public License, version 2.1. Please see the file > > + * COPYING.LGPL. > > + * > > + * This library is distributed in the hope that it will be useful, > > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > + * GNU Lesser General Public License for more details. > > + * > > + * You should have received a copy of the GNU Lesser General Public License > > + * along with this program. If not, see <http://www.gnu.org/licenses/>. > > + */ > > + > > +#ifndef _SYS_APPARMOR_PRIVATE_H > > +#define _SYS_APPARMOR_PRIVATE_H 1 > > + > > +__BEGIN_DECLS > > + > > +int _aa_is_blacklisted(const char *name, const char *path); > > + > > +__END_DECLS > > + > > +#endif /* sys/apparmor_private.h */ > > diff --git a/libraries/libapparmor/src/Makefile.am > > b/libraries/libapparmor/src/Makefile.am > > index a234264..2a7f600 100644 > > --- a/libraries/libapparmor/src/Makefile.am > > +++ b/libraries/libapparmor/src/Makefile.am > > @@ -48,7 +48,7 @@ af_protos.h: /usr/include/netinet/in.h > > lib_LTLIBRARIES = libapparmor.la > > noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h > > > > -libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c > > scanner.c > > +libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c > > scanner.c private.c > > libapparmor_la_LDFLAGS = -version-info > > $(AA_LIB_CURRENT):$(AA_LIB_REVISION):$(AA_LIB_AGE) -XCClinker -dynamic > > -pthread \ > > -Wl,--version-script=$(top_srcdir)/src/libapparmor.map > > > > diff --git a/libraries/libapparmor/src/libapparmor.map > > b/libraries/libapparmor/src/libapparmor.map > > index 67175d0..c7bc606 100644 > > --- a/libraries/libapparmor/src/libapparmor.map > > +++ b/libraries/libapparmor/src/libapparmor.map > > @@ -51,3 +51,10 @@ APPARMOR_2.9 { > > local: > > *; > > } APPARMOR_1.1; > > + > > +PRIVATE { > > + global: > > + _aa_is_blacklisted; > > + local: > > + *; > > +}; > > diff --git a/libraries/libapparmor/src/private.c > > b/libraries/libapparmor/src/private.c > > new file mode 100644 > > index 0000000..f6f40b5 > > --- /dev/null > > +++ b/libraries/libapparmor/src/private.c > > @@ -0,0 +1,66 @@ > > +/* > > + * Copyright 2014 Canonical Ltd. > > + * > > + * The libapparmor library is licensed under the terms of the GNU > > + * Lesser General Public License, version 2.1. Please see the file > > + * COPYING.LGPL. > > + * > > + * This library is distributed in the hope that it will be useful, > > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > > + * GNU Lesser General Public License for more details. > > + * > > + * You should have received a copy of the GNU Lesser General Public License > > + * along with this program. If not, see <http://www.gnu.org/licenses/>. > > + */ > > + > > +#include <string.h> > > + > > +struct ignored_suffix_t { > > + const char * text; > > + int len; > > + int silent; > > +}; > > + > > +static struct ignored_suffix_t ignored_suffixes[] = { > > + /* Debian packging files, which are in flux during install > > + should be silently ignored. */ > > + { ".dpkg-new", 9, 1 }, > > + { ".dpkg-old", 9, 1 }, > > + { ".dpkg-dist", 10, 1 }, > > + { ".dpkg-bak", 9, 1 }, > > + /* RPM packaging files have traditionally not been silently > > + ignored */ > > + { ".rpmnew", 7, 0 }, > > + { ".rpmsave", 8, 0 }, > > + /* patch file backups/conflicts */ > > + { ".orig", 5, 0 }, > > + { ".rej", 4, 0 }, > > + /* Backup files should be mentioned */ > > + { "~", 1, 0 }, > > + { NULL, 0, 0 } > > +}; > > + > > +int _aa_is_blacklisted(const char *name, const char *path) > > +{ > > + int name_len; > > + struct ignored_suffix_t *suffix; > > + > > + /* skip dot files and files with no name */ > > + if (*name == '.' || !strlen(name)) > > + return 1; > > + > > + name_len = strlen(name); > > + /* skip blacklisted suffixes */ > > + for (suffix = ignored_suffixes; suffix->text; suffix++) { > > + char *found; > > + if ( (found = strstr((char *) name, suffix->text)) && > > + found - name + suffix->len == name_len ) { > > + if (!suffix->silent) > > + return -1; > > + return 1; > > + } > > + } > > + > > + return 0; > > +} > > diff --git a/parser/parser_misc.c b/parser/parser_misc.c > > index 97a2103..cb46d84 100644 > > --- a/parser/parser_misc.c > > +++ b/parser/parser_misc.c > > @@ -32,6 +32,7 @@ > > #include <fcntl.h> > > #include <unistd.h> > > #include <sys/apparmor.h> > > +#include <sys/apparmor_private.h> > > > > #include "lib.h" > > #include "parser.h" > > @@ -50,53 +51,14 @@ > > #endif > > #define NPDEBUG(fmt, args...) /* Do nothing */ > > > > -struct ignored_suffix_t { > > - const char * text; > > - int len; > > - int silent; > > -}; > > - > > -static struct ignored_suffix_t ignored_suffixes[] = { > > - /* Debian packging files, which are in flux during install > > - should be silently ignored. */ > > - { ".dpkg-new", 9, 1 }, > > - { ".dpkg-old", 9, 1 }, > > - { ".dpkg-dist", 10, 1 }, > > - { ".dpkg-bak", 9, 1 }, > > - /* RPM packaging files have traditionally not been silently > > - ignored */ > > - { ".rpmnew", 7, 0 }, > > - { ".rpmsave", 8, 0 }, > > - /* patch file backups/conflicts */ > > - { ".orig", 5, 0 }, > > - { ".rej", 4, 0 }, > > - /* Backup files should be mentioned */ > > - { "~", 1, 0 }, > > - { NULL, 0, 0 } > > -}; > > - > > int is_blacklisted(const char *name, const char *path) > > { > > - int name_len; > > - struct ignored_suffix_t *suffix; > > - > > - /* skip dot files and files with no name */ > > - if (*name == '.' || !strlen(name)) > > - return 1; > > - > > - name_len = strlen(name); > > - /* skip blacklisted suffixes */ > > - for (suffix = ignored_suffixes; suffix->text; suffix++) { > > - char *found; > > - if ( (found = strstr((char *) name, suffix->text)) && > > - found - name + suffix->len == name_len ) { > > - if (!suffix->silent) > > - PERROR("Ignoring: '%s'\n", path ? path : name); > > - return 1; > > - } > > - } > > + int retval = _aa_is_blacklisted(name, path); > > + > > + if (retval == -1) > > + PERROR("Ignoring: '%s'\n", path ? path : name); > > > > - return 0; > > + return !retval ? 0 : 1; > > } > > > > struct keyword_table { > > > >
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor