The functions that return the confinement information of a peer socket connection should parse and return the mode like the task-based functions.
Signed-off-by: Tyler Hicks <[email protected]> --- libraries/libapparmor/src/apparmor.h | 4 ++-- libraries/libapparmor/src/kernel_interface.c | 16 +++++++++++++--- libraries/libapparmor/swig/SWIG/libapparmor.i | 4 ++-- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/libraries/libapparmor/src/apparmor.h b/libraries/libapparmor/src/apparmor.h index c93bee8..142d1e1 100644 --- a/libraries/libapparmor/src/apparmor.h +++ b/libraries/libapparmor/src/apparmor.h @@ -48,8 +48,8 @@ extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len, extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char **mode); extern int aa_gettaskcon(pid_t target, char **con, char **mode); extern int aa_getcon(char **con, char **mode); -extern int aa_getpeercon_raw(int fd, char *buffer, int *size); -extern int aa_getpeercon(int fd, char **con); +extern int aa_getpeercon_raw(int fd, char *buffer, int *size, char **mode); +extern int aa_getpeercon(int fd, char **con, char **mode); #define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y) #define __macroarg_count1(Y...) __macroarg_count2 (Y, 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0) diff --git a/libraries/libapparmor/src/kernel_interface.c b/libraries/libapparmor/src/kernel_interface.c index afb51b5..0c02d15 100644 --- a/libraries/libapparmor/src/kernel_interface.c +++ b/libraries/libapparmor/src/kernel_interface.c @@ -563,13 +563,15 @@ int aa_getcon(char **con, char **mode) * @fd: socket to get peer confinement for * @con: pointer to buffer to store confinement string * @size: initially contains size of the buffer, returns size of data read + * @mode: if set will point to mode string within buffer if it is present * * Returns: length of confinement data including null termination or -1 on error * if errno == ERANGE then @size will hold the size needed */ -int aa_getpeercon_raw(int fd, char *buffer, int *size) +int aa_getpeercon_raw(int fd, char *buffer, int *size, char **mode) { socklen_t optlen = *size; + char *mode_str; int rc; if (optlen <= 0 || buffer == NULL) { @@ -591,9 +593,14 @@ int aa_getpeercon_raw(int fd, char *buffer, int *size) rc = -1; errno = ERANGE; optlen++; + goto out; } } + mode_str = parse_confinement_mode(buffer, optlen); + if (mode) + *mode = mode_str; + rc = optlen; out: *size = optlen; @@ -604,12 +611,13 @@ out: * aa_getpeercon - get the confinement of the socket's peer (other end) * @fd: socket to get peer confinement for * @con: pointer to allocated buffer with the confinement string + * @mode: if provided will point to the mode string in @con if present * * Returns: length of confinement data including null termination or -1 on error * * Caller is responsible for freeing the buffer returned. */ -int aa_getpeercon(int fd, char **con) +int aa_getpeercon(int fd, char **con, char **mode) { int rc, last_size, size = INITIAL_GUESS_SIZE; char *buffer = NULL; @@ -626,13 +634,15 @@ int aa_getpeercon(int fd, char **con) return -1; memset(buffer, 0, size); - rc = aa_getpeercon_raw(fd, buffer, &size); + rc = aa_getpeercon_raw(fd, buffer, &size, mode); /* size should contain actual size needed if errno == ERANGE */ } while (rc == -1 && errno == ERANGE && size > last_size); if (rc == -1) { free(buffer); *con = NULL; + if (mode) + *mode = NULL; size = -1; } else *con = buffer; diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i index f0ebf5a..13b86b8 100644 --- a/libraries/libapparmor/swig/SWIG/libapparmor.i +++ b/libraries/libapparmor/swig/SWIG/libapparmor.i @@ -25,5 +25,5 @@ extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len, extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char **mode); extern int aa_gettaskcon(pid_t target, char **con, char **mode); extern int aa_getcon(char **con, char **mode); -extern int aa_getpeercon_raw(int fd, char *buffer, int *size); -extern int aa_getpeercon(int fd, char **con); +extern int aa_getpeercon_raw(int fd, char *buffer, int *size, char **mode); +extern int aa_getpeercon(int fd, char **con, char **mode); -- 1.8.1.2 -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
