This patch creates a private API in libapparmor in which upstream provides no guarantees in regards to ABI stability.
A new header file, <sys/apparmor_private.h>, is created. The "_aa" prefix will be used for symbols belonging to the private API. To kick things off, a library friendly version of is_blacklisted() is moved into libapparmor. The purpose of a private libapparmor API is to prevent duplicated code between the parser and libapparmor. This becomes an issue as we prepare to move chunks of the parser into libapparmor. Signed-off-by: Tyler Hicks <[email protected]> Acked-by: John Johansen <[email protected]> --- libraries/libapparmor/include/sys/Makefile.am | 2 +- .../libapparmor/include/sys/apparmor_private.h | 26 +++++++++ libraries/libapparmor/src/Makefile.am | 2 +- libraries/libapparmor/src/libapparmor.map | 7 +++ libraries/libapparmor/src/private.c | 66 ++++++++++++++++++++++ parser/parser_misc.c | 50 ++-------------- 6 files changed, 107 insertions(+), 46 deletions(-) create mode 100644 libraries/libapparmor/include/sys/apparmor_private.h create mode 100644 libraries/libapparmor/src/private.c diff --git a/libraries/libapparmor/include/sys/Makefile.am b/libraries/libapparmor/include/sys/Makefile.am index 38efc3e..2c12780 100644 --- a/libraries/libapparmor/include/sys/Makefile.am +++ b/libraries/libapparmor/include/sys/Makefile.am @@ -1,3 +1,3 @@ apparmor_hdrdir = $(includedir)/sys -apparmor_hdr_HEADERS = apparmor.h +apparmor_hdr_HEADERS = apparmor.h apparmor_private.h diff --git a/libraries/libapparmor/include/sys/apparmor_private.h b/libraries/libapparmor/include/sys/apparmor_private.h new file mode 100644 index 0000000..6138b2c --- /dev/null +++ b/libraries/libapparmor/include/sys/apparmor_private.h @@ -0,0 +1,26 @@ +/* + * Copyright 2014 Canonical Ltd. + * + * The libapparmor library is licensed under the terms of the GNU + * Lesser General Public License, version 2.1. Please see the file + * COPYING.LGPL. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#ifndef _SYS_APPARMOR_PRIVATE_H +#define _SYS_APPARMOR_PRIVATE_H 1 + +__BEGIN_DECLS + +int _aa_is_blacklisted(const char *name, const char *path); + +__END_DECLS + +#endif /* sys/apparmor_private.h */ diff --git a/libraries/libapparmor/src/Makefile.am b/libraries/libapparmor/src/Makefile.am index 9221607..e1d1fac 100644 --- a/libraries/libapparmor/src/Makefile.am +++ b/libraries/libapparmor/src/Makefile.am @@ -48,7 +48,7 @@ af_protos.h: /usr/include/netinet/in.h lib_LTLIBRARIES = libapparmor.la noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h -libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c +libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c private.c libapparmor_la_LDFLAGS = -version-info $(AA_LIB_CURRENT):$(AA_LIB_REVISION):$(AA_LIB_AGE) -XCClinker -dynamic -pthread \ -Wl,--version-script=$(top_srcdir)/src/libapparmor.map diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map index 67175d0..c7bc606 100644 --- a/libraries/libapparmor/src/libapparmor.map +++ b/libraries/libapparmor/src/libapparmor.map @@ -51,3 +51,10 @@ APPARMOR_2.9 { local: *; } APPARMOR_1.1; + +PRIVATE { + global: + _aa_is_blacklisted; + local: + *; +}; diff --git a/libraries/libapparmor/src/private.c b/libraries/libapparmor/src/private.c new file mode 100644 index 0000000..f6f40b5 --- /dev/null +++ b/libraries/libapparmor/src/private.c @@ -0,0 +1,66 @@ +/* + * Copyright 2014 Canonical Ltd. + * + * The libapparmor library is licensed under the terms of the GNU + * Lesser General Public License, version 2.1. Please see the file + * COPYING.LGPL. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#include <string.h> + +struct ignored_suffix_t { + const char * text; + int len; + int silent; +}; + +static struct ignored_suffix_t ignored_suffixes[] = { + /* Debian packging files, which are in flux during install + should be silently ignored. */ + { ".dpkg-new", 9, 1 }, + { ".dpkg-old", 9, 1 }, + { ".dpkg-dist", 10, 1 }, + { ".dpkg-bak", 9, 1 }, + /* RPM packaging files have traditionally not been silently + ignored */ + { ".rpmnew", 7, 0 }, + { ".rpmsave", 8, 0 }, + /* patch file backups/conflicts */ + { ".orig", 5, 0 }, + { ".rej", 4, 0 }, + /* Backup files should be mentioned */ + { "~", 1, 0 }, + { NULL, 0, 0 } +}; + +int _aa_is_blacklisted(const char *name, const char *path) +{ + int name_len; + struct ignored_suffix_t *suffix; + + /* skip dot files and files with no name */ + if (*name == '.' || !strlen(name)) + return 1; + + name_len = strlen(name); + /* skip blacklisted suffixes */ + for (suffix = ignored_suffixes; suffix->text; suffix++) { + char *found; + if ( (found = strstr((char *) name, suffix->text)) && + found - name + suffix->len == name_len ) { + if (!suffix->silent) + return -1; + return 1; + } + } + + return 0; +} diff --git a/parser/parser_misc.c b/parser/parser_misc.c index fcee5ef..6c0beb9 100644 --- a/parser/parser_misc.c +++ b/parser/parser_misc.c @@ -32,6 +32,7 @@ #include <fcntl.h> #include <unistd.h> #include <sys/apparmor.h> +#include <sys/apparmor_private.h> #include "lib.h" #include "parser.h" @@ -50,53 +51,14 @@ #endif #define NPDEBUG(fmt, args...) /* Do nothing */ -struct ignored_suffix_t { - const char * text; - int len; - int silent; -}; - -static struct ignored_suffix_t ignored_suffixes[] = { - /* Debian packging files, which are in flux during install - should be silently ignored. */ - { ".dpkg-new", 9, 1 }, - { ".dpkg-old", 9, 1 }, - { ".dpkg-dist", 10, 1 }, - { ".dpkg-bak", 9, 1 }, - /* RPM packaging files have traditionally not been silently - ignored */ - { ".rpmnew", 7, 0 }, - { ".rpmsave", 8, 0 }, - /* patch file backups/conflicts */ - { ".orig", 5, 0 }, - { ".rej", 4, 0 }, - /* Backup files should be mentioned */ - { "~", 1, 0 }, - { NULL, 0, 0 } -}; - int is_blacklisted(const char *name, const char *path) { - int name_len; - struct ignored_suffix_t *suffix; - - /* skip dot files and files with no name */ - if (*name == '.' || !strlen(name)) - return 1; - - name_len = strlen(name); - /* skip blacklisted suffixes */ - for (suffix = ignored_suffixes; suffix->text; suffix++) { - char *found; - if ( (found = strstr((char *) name, suffix->text)) && - found - name + suffix->len == name_len ) { - if (!suffix->silent) - PERROR("Ignoring: '%s'\n", path ? path : name); - return 1; - } - } + int retval = _aa_is_blacklisted(name, path); + + if (retval == -1) + PERROR("Ignoring: '%s'\n", path ? path : name); - return 0; + return !retval ? 0 : 1; } struct keyword_table { -- 2.1.4 -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
