On Tue, Mar 05, 2013 at 10:44:35PM -0800, Tyler Hicks wrote: > I've got an initial libapparmor patch to complement the kernel query > interface patch that I recently sent out to the list. It is functional > but it is quite ugly so I'm looking for suggestions on how we want this > to look since there's not really a libapparmor precedence for an > interface like this. > > * I made this dead really as far as what information can be extracted > from the interface. The application using the interface will simply > know whether it should allow the action and whether it should audit > the action. My thoughts are that we can add a more complex interface > later when we need it. For D-Bus, I think this simple of an interface > is sufficient. > > * I reused JJ's design from the aa_has_perm() function where the > application needs to allocate a query buffer of AA_SOME_HEADER_SIZE + > query size and then the query needs to be offset by > AA_SOME_HEADER_SIZE bytes in the buffer. Then, the libapparmor > function fills in the header and doesn't have to do any extra > allocations or copies. Certainly good from an efficiency point of > view, but not extremely user friendly. Something to worry about or > not?
This is probably the only thing that's still a bit rough; it'd be nice to have some kind of tool to help prepare the query string. > * Setting two int return parameters to indicate allow and audit isn't a > final solution. I was thinking that I'd return a special return code > that will indicate error or allow and audit statuses. Then define some > simple macros (aa_query_profile_err(rc), aa_query_profile_allow(rc), > aa_query_profile_audit(rc)) in apparmor.h that can be used to > translate the return code. I'm open to other suggestions... > > * Feel free to comment on any other parts of the patch, as well. > > --- > > Description: Add profile-based libapparmor query interface > Wrap the apparmorfs profile query interface with a very simple libapparmor > interface. This function takes a permission mask and query string consisting > of a profile name and a DFA match string separated by a NUL char. It sets two > output parameters indicating whether the action should be allowed and if the > action should be audited. > . > The allowed and audited output parameters take into account deny and quiet > permission masks returned in the kernel query. Additionally, the audited > ouput parameter takes into account whether the action is to be allowed or > not. If not, audited is set to true as long as there was no specific quiet > rules for the queried permission. > . > The function requires a static char array to be allocated and initialized to > the path of the apparmorfs .access file the first time it is called. > Otherwise, aa_find_mountpoint() would need to be called for every query which > would be inefficient. pthread_once() is used to ensure that > aa_query_profile() > is thread-safe while the char array is being allocated and initialized. > Author: Tyler Hicks <[email protected]> Acked-by: Seth Arnold <[email protected]> Thanks Tyler! :)
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
