Library function to find the apparmorfs filesystem mount point

Signed-off-by: John Johansen <john.johansen@canonical.com>
2025-03-04 08:24:42 +01:00 · 2011-08-09 06:48:17 -07:00 · 2011-08-09 06:48:17 -07:00 · aae597bfde
commit aae597bfde
parent 8347fb69c2
5 changed files with 54 additions and 1 deletions
--- a/libraries/libapparmor/doc/Makefile.am
+++ b/libraries/libapparmor/doc/Makefile.am
@ -2,7 +2,7 @@

 POD2MAN = pod2man

-man_MANS = aa_change_hat.2 aa_change_profile.2 aa_getcon.2
+man_MANS = aa_change_hat.2 aa_change_profile.2 aa_getcon.2 aa_find_mountpoint.2

 PODS = $(subst .2,.pod,$(man_MANS))

--- a/libraries/libapparmor/src/apparmor.h
+++ b/libraries/libapparmor/src/apparmor.h
@ -20,6 +20,9 @@

 __BEGIN_DECLS

+/* Prototypes for apparmor state queries */
+extern int aa_find_mountpoint(char **mnt);
+
 /* Prototypes for self directed domain transitions
 * see <http://apparmor.net>
 * Please see the change_hat(2) manpage for information.
--- a/libraries/libapparmor/src/kernel_interface.c
+++ b/libraries/libapparmor/src/kernel_interface.c
@ -27,6 +27,7 @@
 #include <errno.h>
 #include <limits.h>
 #include <stdarg.h>
+#include <mntent.h>

 /* some non-Linux systems do not define a static value */
 #ifndef PATH_MAX
@ -38,6 +39,53 @@
 #define default_symbol_version(real, name, version) \
 		__asm__ (".symver " #real "," #name "@@" #version)

+/**
+ * aa_find_mountpoint - find where the apparmor interface filesystem is mounted
+ * @mnt: returns buffer with the mountpoint string
+ *
+ * Returns: 0 on success else -1 on error
+ *
+ * NOTE: this function only supports versions of apparmor using securityfs
+ */
+int aa_find_mountpoint(char **mnt)
+{
+	struct stat statbuf;
+	struct mntent *mntpt;
+	FILE *mntfile;
+	int rc = -1;
+
+	if (!mnt) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	mntfile = setmntent("/proc/mounts", "r");
+	if (!mntfile)
+		return -1;
+
+	while ((mntpt = getmntent(mntfile))) {
+		char *proposed = NULL;
+		if (strcmp(mntpt->mnt_type, "securityfs") != 0)
+			continue;
+
+		if (asprintf(&proposed, "%s/apparmor", mntpt->mnt_dir) < 0)
+			/* ENOMEM */
+			break;
+
+		if (stat(proposed, &statbuf) == 0) {
+			*mnt = proposed;
+			rc = 0;
+			break;
+		}
+		free(proposed);
+	}
+	endmntent(mntfile);
+	if (rc == -1)
+		errno = ENOENT;
+	return rc;
+}
+
+
 static inline pid_t aa_gettid(void)
 {
 #ifdef SYS_gettid
--- a/libraries/libapparmor/src/libapparmor.map
+++ b/libraries/libapparmor/src/libapparmor.map
@ -16,6 +16,7 @@ APPARMOR_1.0 {

 APPARMOR_1.1 {
  global:
+        aa_find_mountpoint;
        aa_change_hat;
        aa_change_hatv;
        aa_change_hat_vargs;
--- a/libraries/libapparmor/swig/SWIG/libapparmor.i
+++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
@ -13,6 +13,7 @@
 * are manually inserted here
 */

+extern int aa_find_mountpoint(char **mnt);
 extern int aa_change_hat(const char *subprofile, unsigned long magic_token);
 extern int aa_change_profile(const char *profile);
 extern int aa_change_onexec(const char *profile);