mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

libapparmor: Implement aa_stack_profile and aa_stack_onexec

Browse source 
Based on the existing implementations of aa_change_profile(2) and
aa_change_onexec(2).

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Tyler Hicks 2016-03-18 17:28:50 -05:00
parent 405f89610d
commit 97a064ba6c
4 changed files with 54 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
libraries/libapparmor/include/sys/apparmor.h
View file

@ -78,6 +78,8 @@ extern int aa_change_onexec(const char *profile);
extern int aa_change_hatv(const char *subprofiles[], unsigned long token); extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
extern int (aa_change_hat_vargs)(unsigned long token, int count, ...); extern int (aa_change_hat_vargs)(unsigned long token, int count, ...);
extern int aa_stack_profile(const char *profile);
extern int aa_stack_onexec(const char *profile);
extern char *aa_splitcon(char *con, char **mode); extern char *aa_splitcon(char *con, char **mode);
/* Protypes for introspecting task confinement /* Protypes for introspecting task confinement

42
libraries/libapparmor/src/kernel.c
View file

@ -594,6 +594,48 @@ int (aa_change_hat_vargs)(unsigned long token, int nhats, ...)
return aa_change_hatv(argv, token); return aa_change_hatv(argv, token);
} }
int aa_stack_profile(const char *profile)
{
char *buf = NULL;
int len;
int rc;
if (!profile) {
errno = EINVAL;
return -1;
}
len = asprintf(&buf, "stack %s", profile);
if (len < 0)
return -1;
rc = setprocattr(aa_gettid(), "current", buf, len);
free(buf);
return rc;
}
int aa_stack_onexec(const char *profile)
{
char *buf = NULL;
int len;
int rc;
if (!profile) {
errno = EINVAL;
return -1;
}
len = asprintf(&buf, "stack %s", profile);
if (len < 0)
return -1;
rc = setprocattr(aa_gettid(), "exec", buf, len);
free(buf);
return rc;
}
/** /**
* aa_gettaskcon - get the confinement context for task @target in an allocated buffer * aa_gettaskcon - get the confinement context for task @target in an allocated buffer
* @target: task to query * @target: task to query

8
libraries/libapparmor/src/libapparmor.map
View file

@ -87,6 +87,14 @@ APPARMOR_2.10 {
*; *;
} APPARMOR_2.9; } APPARMOR_2.9;
APPARMOR_2.11 {
global:
aa_stack_profile;
aa_stack_onexec;
local:
*;
} APPARMOR_2.10;
PRIVATE { PRIVATE {
global: global:
_aa_is_blacklisted; _aa_is_blacklisted;

2
libraries/libapparmor/swig/SWIG/libapparmor.i
View file

@ -48,6 +48,8 @@ extern int aa_change_profile(const char *profile);
extern int aa_change_onexec(const char *profile); extern int aa_change_onexec(const char *profile);
extern int aa_change_hatv(const char *subprofiles[], unsigned long token); extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
extern int aa_change_hat_vargs(unsigned long token, int count, ...); extern int aa_change_hat_vargs(unsigned long token, int count, ...);
extern int aa_stack_profile(const char *profile);
extern int aa_stack_onexec(const char *profile);
extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len, extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
char **mode); char **mode);
extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char **mode); extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char **mode);