On Fri, Feb 10, 2017 at 12:55:01PM -0800, John Johansen wrote: > dconf needs to do a raw query, so refactor the query_dconf fn into > a setup, query fns. > > Signed-off-by: John Johansen <[email protected]>
Acked-by: Seth Arnold <[email protected]> Only cosmetic change to suggest: > --- > libraries/libapparmor/src/kernel.c | 69 > ++++++++++++++++++++++++++++++++------ > 1 file changed, 59 insertions(+), 10 deletions(-) > > diff --git a/libraries/libapparmor/src/kernel.c > b/libraries/libapparmor/src/kernel.c > index c504c9d..7aa665d 100644 > --- a/libraries/libapparmor/src/kernel.c > +++ b/libraries/libapparmor/src/kernel.c > @@ -1099,6 +1099,60 @@ int aa_query_link_path(const char *label, const char > *target, const char *link, > } > > /** > + * aa_query_dconf_setup - setup query access permissions for a dconf @path The function is named query_dconf_setup, no leading aa_ > + * @label: apparmor label > + * @label_len: length of @label (does not include any terminating nul byte) > + * @path: file path to query permissions for > + * @path_len: length of @path (does not include any terminating nul byte) > + * > + * Returns: size on success else -1 and sets errno. If -1 is returned and > + * errno is ENOENT, the subject label in the query string is unknown > + * to the kernel. > + */ > +static ssize_t query_dconf_setup(char **query, const char *label, size_t > label_len, > + const char *path, size_t path_len) > +{ > + /* + 1 for null separator, + 1 for AA_CLASS_DCONF */ > + ssize_t size = AA_QUERY_CMD_LABEL_SIZE + label_len + 1 + 1 + path_len; > + *query = malloc(size); > + if (!*query) > + return -1; > + memcpy(*query + AA_QUERY_CMD_LABEL_SIZE, label, label_len); > + /* null separator */ > + *query[AA_QUERY_CMD_LABEL_SIZE + label_len] = 0; > + *query[AA_QUERY_CMD_LABEL_SIZE + label_len + 1] = AA_CLASS_DCONF; > + memcpy(*query + AA_QUERY_CMD_LABEL_SIZE + label_len + 2, path, > path_len); > + > + return size; > +} > + > +/** > + * aa_query_dconf_raw - query access permissions for a dconf @path > + * @label: apparmor label > + * @label_len: length of @label (does not include any terminating nul byte) > + * @path: file path to query permissions for > + * @path_len: length of @path (does not include any terminating nul byte) > + * @perms: Returns: perms for the query. > + * > + * Returns: 0 on success else -1 and sets errno. If -1 is returned and errno > is > + * ENOENT, the subject label in the query string is unknown to the > + * kernel. > + */ > +static int aa_query_dconf_raw(const char *label, size_t label_len, > + const char *path, size_t path_len, > + aa_perms_t *perms) > + > +{ > + autofree char *query = NULL; > + ssize_t size; > + size = query_dconf_setup(&query, label, label_len, path, path_len); > + if (size == -1) > + return -1; > + > + return query_label_raw(query, size, perms); > +} > + > +/** > * aa_query_dconf_len - query access permissions for a dconf @path > * @mask: permission bits to query > * @label: apparmor label > @@ -1118,18 +1172,13 @@ int aa_query_dconf_len(uint32_t mask, const char > *label, size_t label_len, > int *audited) > { > autofree char *query = NULL; > + ssize_t size; > > - /* + 1 for null separator, + 1 for AA_CLASS_DCONF */ > - size_t size = AA_QUERY_CMD_LABEL_SIZE + label_len + 1 + 1 + path_len; > - query = malloc(size); > - if (!query) > + size = query_dconf_setup(&query, label, label_len, path, path_len); > + if (size == -1) > return -1; > - memcpy(query + AA_QUERY_CMD_LABEL_SIZE, label, label_len); > - /* null separator */ > - query[AA_QUERY_CMD_LABEL_SIZE + label_len] = 0; > - query[AA_QUERY_CMD_LABEL_SIZE + label_len + 1] = AA_CLASS_DCONF; > - memcpy(query + AA_QUERY_CMD_LABEL_SIZE + label_len + 2, path, path_len); > - return aa_query_label(mask, query, size , allowed, audited); > + > + return aa_query_label(mask, query, size, allowed, audited); > } > > /** Thanks
signature.asc
Description: PGP signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
