mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

libapparmor: Allow creating a kernel_interface with a NULL kernel_features

Browse source 
The most common case when creating an aa_kernel_interface object will be
to do so while using the current kernel's feature set for the
kernel_features parameter. Rather than have callers instantiate their
own aa_features object in this situation, aa_kernel_interface_new()
should do it for them if they specify NULL for the kernel_features
parameter.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
This commit is contained in:
Tyler Hicks 2015-06-15 15:11:51 -05:00
parent 611e891631
commit 014e079261
2 changed files with 15 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
libraries/libapparmor/src/kernel_interface.c
View file

@ -198,7 +198,9 @@ static int write_policy_file_to_iface(aa_kernel_interface *kernel_interface,
* aa_kernel_interface_new - create a new kernel_interface from an optional path * aa_kernel_interface_new - create a new kernel_interface from an optional path
* @kernel_interface: will point to the address of an allocated and initialized * @kernel_interface: will point to the address of an allocated and initialized
* aa_kernel_interface object upon success * aa_kernel_interface object upon success
* @kernel_features: features representing the currently running kernel * @kernel_features: features representing the currently running kernel (can be
* NULL and the features of the currently running kernel will
* be used)
* @apparmorfs: path to the apparmor directory of the mounted securityfs (can * @apparmorfs: path to the apparmor directory of the mounted securityfs (can
* be NULL and the path will be auto discovered) * be NULL and the path will be auto discovered)
* *
@ -223,9 +225,17 @@ int aa_kernel_interface_new(aa_kernel_interface **kernel_interface,
aa_kernel_interface_ref(ki); aa_kernel_interface_ref(ki);
ki->dirfd = -1; ki->dirfd = -1;
ki->supports_setload = kernel_features ? if (kernel_features) {
aa_features_supports(kernel_features, set_load) : aa_features_ref(kernel_features);
false; } else if (aa_features_new_from_kernel(&kernel_features) == -1) {
int save = errno;
aa_kernel_interface_unref(ki);
errno = save;
return -1;
}
ki->supports_setload = aa_features_supports(kernel_features, set_load);
aa_features_unref(kernel_features);
if (!apparmorfs) { if (!apparmorfs) {
if (find_iface_dir(&alloced_apparmorfs) == -1) { if (find_iface_dir(&alloced_apparmorfs) == -1) {

9
tests/regression/apparmor/aa_policy_cache.c
View file

@ -74,16 +74,10 @@ out:
static int test_remove_policy(const char *name) static int test_remove_policy(const char *name)
{ {
aa_features *features = NULL;
aa_kernel_interface *kernel_interface = NULL; aa_kernel_interface *kernel_interface = NULL;
int rc = 1; int rc = 1;
if (aa_features_new_from_kernel(&features)) { if (aa_kernel_interface_new(&kernel_interface, NULL, NULL)) {
perror("FAIL - aa_features_new_from_kernel");
goto out;
}
if (aa_kernel_interface_new(&kernel_interface, features, NULL)) {
perror("FAIL - aa_kernel_interface_new"); perror("FAIL - aa_kernel_interface_new");
goto out; goto out;
} }
@ -96,7 +90,6 @@ static int test_remove_policy(const char *name)
rc = 0; rc = 0;
out: out:
aa_kernel_interface_unref(kernel_interface); aa_kernel_interface_unref(kernel_interface);
aa_features_unref(features);
return rc; return rc;
} }