mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

libapparmor: Move the aa_features API

Browse source 
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Tyler Hicks 2015-03-25 17:09:27 -05:00
parent 1d60aca8a8
commit c8b93aed48
9 changed files with 293 additions and 280 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
libraries/libapparmor/include/sys/apparmor.h
View file

@ -18,6 +18,7 @@
#ifndef _SYS_APPARMOR_H
#define _SYS_APPARMOR_H 1
#include <stdbool.h>
#include <stdint.h>
#include <sys/types.h>
@ -103,6 +104,18 @@ extern int aa_query_label(uint32_t mask, char *query, size_t size, int *allow,
#define aa_change_hat_vargs(T, X...) \
(aa_change_hat_vargs)(T, __macroarg_counter(X), X)
typedef struct aa_features aa_features;
int aa_features_new(aa_features **features, const char *path);
int aa_features_new_from_string(aa_features **features,
const char *string, size_t size);
int aa_features_new_from_kernel(aa_features **features);
aa_features *aa_features_ref(aa_features *features);
void aa_features_unref(aa_features *features);
int aa_features_write_to_file(aa_features *features, const char *path);
bool aa_features_is_equal(aa_features *features1, aa_features *features2);
bool aa_features_supports(aa_features *features, const char *str);
__END_DECLS
#endif /* sys/apparmor.h */

8
libraries/libapparmor/src/Makefile.am
View file

@ -48,7 +48,7 @@ af_protos.h: /usr/include/netinet/in.h
lib_LTLIBRARIES = libapparmor.la
noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h private.h
libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c private.c
libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c private.c features.c
libapparmor_la_LDFLAGS = -version-info $(AA_LIB_CURRENT):$(AA_LIB_REVISION):$(AA_LIB_AGE) -XCClinker -dynamic -pthread \
-Wl,--version-script=$(top_srcdir)/src/libapparmor.map
@ -63,7 +63,11 @@ CLEANFILES = libapparmor.pc
tst_aalogmisc_SOURCES = tst_aalogmisc.c
tst_aalogmisc_LDADD = .libs/libapparmor.a
check_PROGRAMS = tst_aalogmisc
tst_features_SOURCES = tst_features.c
tst_features_LDADD = .libs/libapparmor.a
check_PROGRAMS = tst_aalogmisc tst_features
TESTS = $(check_PROGRAMS)
EXTRA_DIST = grammar.y scanner.l libapparmor.map libapparmor.pc

241
parser/features.c → libraries/libapparmor/src/features.c
View file

@ -18,6 +18,7 @@
#include <errno.h>
#include <ctype.h>
#include <dirent.h>
#include <fcntl.h>
#include <stdio.h>
#include <string.h>
@ -26,12 +27,11 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <sys/apparmor.h>
#include "features.h"
#include "lib.h"
#include "parser.h"
#include "private.h"
#define FEATURES_FILE "/sys/kernel/security/" MODULE_NAME "/features"
#define FEATURES_FILE "/sys/kernel/security/apparmor/features"
#define STRING_SIZE 8192
@ -122,7 +122,7 @@ static int features_dir_cb(DIR *dir, const char *name, struct stat *st,
return -1;
}
} else if (S_ISDIR(st->st_mode)) {
if (dirat_for_each(dir, name, fst, features_dir_cb))
if (_aa_dirat_for_each(dir, name, fst, features_dir_cb))
return -1;
}
@ -137,7 +137,7 @@ static int handle_features_dir(const char *filename, char *buffer, int size,
{
struct features_struct fst = { buffer, size, pos };
if (dirat_for_each(NULL, filename, &fst, features_dir_cb)) {
if (_aa_dirat_for_each(NULL, filename, &fst, features_dir_cb)) {
PDEBUG("Failed evaluating %s\n", filename);
return -1;
}
@ -533,232 +533,3 @@ bool aa_features_supports(aa_features *features, const char *str)
return true;
}
#ifdef UNIT_TEST
#include "unit_test.h"
static int test_tokenize_path_components(void)
{
struct component components[32];
size_t max = sizeof(components) / sizeof(*components);
size_t num;
int rc = 0;
num = tokenize_path_components(NULL, components, max);
MY_TEST(num == 0, "basic NULL test");
num = tokenize_path_components("", components, max);
MY_TEST(num == 0, "basic empty string test");
num = tokenize_path_components("a", components, 0);
MY_TEST(num == 0, "basic empty array test");
num = tokenize_path_components("a", components, 1);
MY_TEST(num == 1, "one component full test (num)");
MY_TEST(!strncmp(components[0].str, "a", components[0].len),
"one component full test (components[0])");
num = tokenize_path_components("a/b", components, 2);
MY_TEST(num == 2, "two component full test (num)");
MY_TEST(!strncmp(components[0].str, "a", components[0].len),
"two component full test (components[0])");
MY_TEST(!strncmp(components[1].str, "b", components[0].len),
"two component full test (components[1])");
num = tokenize_path_components("a/b/c", components, 1);
MY_TEST(num == 1, "not enough components full test (num)");
MY_TEST(!strncmp(components[0].str, "a/b/c", components[0].len),
"not enough components full test (components[0])");
num = tokenize_path_components("/", components, max);
MY_TEST(num == 0, "no valid components #1 (num)");
num = tokenize_path_components("////////", components, max);
MY_TEST(num == 0, "no valid components #2 (num)");
num = tokenize_path_components("////////////foo////", components, max);
MY_TEST(num == 1, "many invalid components (num)");
MY_TEST(!strncmp(components[0].str, "foo", components[0].len),
"many invalid components (components[0])");
num = tokenize_path_components("file", components, max);
MY_TEST(num == 1, "file (num)");
MY_TEST(!strncmp(components[0].str, "file", components[0].len),
"file (components[0])");
num = tokenize_path_components("/policy///versions//v7/", components, max);
MY_TEST(num == 3, "v7 (num)");
MY_TEST(!strncmp(components[0].str, "policy", components[0].len),
"v7 (components[0])");
MY_TEST(!strncmp(components[1].str, "versions", components[1].len),
"v7 (components[1])");
MY_TEST(!strncmp(components[2].str, "v7", components[2].len),
"v7 (components[2])");
num = tokenize_path_components("dbus/mask/send", components, max);
MY_TEST(num == 3, "dbus send (num)");
MY_TEST(!strncmp(components[0].str, "dbus", components[0].len),
"dbus send (components[0])");
MY_TEST(!strncmp(components[1].str, "mask", components[1].len),
"dbus send (components[1])");
MY_TEST(!strncmp(components[2].str, "send", components[2].len),
"dbus send (components[2])");
return rc;
}
static int do_test_walk_one(const char **str, const struct component *component,
bool is_top_level, bool expect_walk, const char *e1,
const char *e2, const char *e3)
{
const char *save = str ? *str : NULL;
bool walked = walk_one(str, component, is_top_level);
int rc = 0;
/* Check if the result of the walk matches the expected result*/
MY_TEST(expect_walk == walked, e1);
if (save) {
/**
* If a walk was expected, @*str should have changed. It
* shouldn't change if a walk was unexpected.
*/
if (expect_walk) {
MY_TEST(*str != save, e2);
} else {
MY_TEST(*str == save, e3);
}
}
return rc;
}
#define MY_WALK_TEST(str, component, is_top_level, expect_walk, error) \
if (do_test_walk_one(str, component, is_top_level, \
expect_walk, \
error " (walk check)", \
error " (str didn't change)", \
error " (str changed)")) { \
rc = 1; \
}
#define MY_GOOD_WALK_TEST(str, component, is_top_level, error) \
MY_WALK_TEST(str, component, is_top_level, true, error)
#define MY_BAD_WALK_TEST(str, component, is_top_level, error) \
MY_WALK_TEST(str, component, is_top_level, false, error)
static int test_walk_one(void)
{
struct component c;
const char *str;
int rc = 0;
MY_BAD_WALK_TEST(NULL, &c, true, "basic NULL str test");
str = NULL;
MY_BAD_WALK_TEST(&str, &c, true, "basic NULL *str test");
str = "test { a b }";
MY_BAD_WALK_TEST(&str, NULL, true, "basic NULL component test");
str = "test { a b }";
c = { NULL, 8 };
MY_BAD_WALK_TEST(&str, &c, true, "basic NULL c.str test");
str = "test { a b }";
c = { "", 0 };
MY_BAD_WALK_TEST(&str, &c, true, "basic empty c.str test");
str = "test";
c = { "test", 4 };
MY_GOOD_WALK_TEST(&str, &c, true, "single component");
str = "testX";
c = { "test", 4 };
MY_BAD_WALK_TEST(&str, &c, true, "single component bad str");
str = "test";
c = { "testX", 5 };
MY_BAD_WALK_TEST(&str, &c, true, "single component bad c.str");
str = "test { }";
c = { "test", 4 };
MY_GOOD_WALK_TEST(&str, &c, true, "single component empty braces #1");
str = "test {\n\t}";
c = { "test", 4 };
MY_GOOD_WALK_TEST(&str, &c, true, "single component empty braces #2");
str = "test{}";
c = { "test", 4 };
MY_GOOD_WALK_TEST(&str, &c, true, "single component empty braces #3");
str = "test\t{}\n ";
c = { "test", 4 };
MY_GOOD_WALK_TEST(&str, &c, true, "single component empty braces #4");
str = "test {}";
c = { "test", 4 };
MY_BAD_WALK_TEST(&str, &c, false, "single component bad is_top_level");
str = "front{back";
c = { "frontback", 9};
MY_BAD_WALK_TEST(&str, &c, true, "brace in the middle #1");
MY_BAD_WALK_TEST(&str, &c, false, "brace in the middle #2");
str = "ardvark { bear cat { deer } }";
c = { "ardvark", 7 };
MY_GOOD_WALK_TEST(&str, &c, true, "animal walk good ardvark");
c = { "deer", 4 };
MY_BAD_WALK_TEST(&str, &c, false, "animal walk bad deer");
MY_BAD_WALK_TEST(&str, &c, true, "animal walk bad top-level deer");
c = { "bear", 4 };
MY_BAD_WALK_TEST(&str, &c, true, "animal walk bad bear");
c = { "cat", 3 };
MY_GOOD_WALK_TEST(&str, &c, false, "animal walk good cat");
c = { "ardvark", 7 };
MY_BAD_WALK_TEST(&str, &c, true, "animal walk bad ardvark");
c = { "deer", 4 };
MY_GOOD_WALK_TEST(&str, &c, false, "animal walk good deer");
str = "dbus {mask {acquire send receive\n}\n}\nsignal {mask {hup int\n}\n}";
c = { "hup", 3 };
MY_BAD_WALK_TEST(&str, &c, true, "dbus/signal bad hup #1");
MY_BAD_WALK_TEST(&str, &c, false, "dbus/signal bad hup #2");
c = { "signal", 6 };
MY_BAD_WALK_TEST(&str, &c, false, "dbus/signal bad signal");
MY_GOOD_WALK_TEST(&str, &c, true, "dbus/signal good signal");
c = { "mask", 4 };
MY_BAD_WALK_TEST(&str, &c, true, "dbus/signal bad mask");
MY_GOOD_WALK_TEST(&str, &c, false, "dbus/signal good mask");
c = { "hup", 3 };
MY_GOOD_WALK_TEST(&str, &c, false, "dbus/signal good hup");
str = "policy {set_load {yes\n}\nversions {v7 {yes\n}\nv6 {yes\n}";
c = { "policy", 6 };
MY_GOOD_WALK_TEST(&str, &c, true, "policy good");
c = { "versions", 8 };
MY_GOOD_WALK_TEST(&str, &c, false, "versions good");
c = { "v7", 2 };
MY_GOOD_WALK_TEST(&str, &c, false, "v7 good");
return rc;
}
int main(void)
{
int retval, rc = 0;
retval = test_tokenize_path_components();
if (retval)
rc = retval;
retval = test_walk_one();
if (retval)
rc = retval;
return rc;
}
#endif

14
libraries/libapparmor/src/libapparmor.map
View file

@ -52,6 +52,20 @@ APPARMOR_2.9 {
*;
} APPARMOR_1.1;
APPARMOR_2.10 {
global:
aa_features_new;
aa_features_new_from_string;
aa_features_new_from_kernel;
aa_features_ref;
aa_features_unref;
aa_features_write_to_file;
aa_features_is_equal;
aa_features_supports;
local:
*;
} APPARMOR_2.9;
PRIVATE {
global:
_aa_is_blacklisted;

1
libraries/libapparmor/src/private.h
View file

@ -18,6 +18,7 @@
#define _AA_PRIVATE_H 1
#include <stdbool.h>
#include <sys/apparmor_private.h>
#define autofree __attribute((cleanup(_aa_autofree)))
#define autoclose __attribute((cleanup(_aa_autoclose)))

247
libraries/libapparmor/src/tst_features.c Normal file
View file

@ -0,0 +1,247 @@
/*
* Copyright (c) 2015
* Canonical, Ltd. (All rights reserved)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of version 2 of the GNU General Public
* License published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, contact Novell, Inc. or Canonical
* Ltd.
*/
#include <stdio.h>
#include <string.h>
#include "private.h"
#include "features.c"
static int test_tokenize_path_components(void)
{
struct component components[32];
size_t max = sizeof(components) / sizeof(*components);
size_t num;
int rc = 0;
num = tokenize_path_components(NULL, components, max);
MY_TEST(num == 0, "basic NULL test");
num = tokenize_path_components("", components, max);
MY_TEST(num == 0, "basic empty string test");
num = tokenize_path_components("a", components, 0);
MY_TEST(num == 0, "basic empty array test");
num = tokenize_path_components("a", components, 1);
MY_TEST(num == 1, "one component full test (num)");
MY_TEST(!strncmp(components[0].str, "a", components[0].len),
"one component full test (components[0])");
num = tokenize_path_components("a/b", components, 2);
MY_TEST(num == 2, "two component full test (num)");
MY_TEST(!strncmp(components[0].str, "a", components[0].len),
"two component full test (components[0])");
MY_TEST(!strncmp(components[1].str, "b", components[0].len),
"two component full test (components[1])");
num = tokenize_path_components("a/b/c", components, 1);
MY_TEST(num == 1, "not enough components full test (num)");
MY_TEST(!strncmp(components[0].str, "a/b/c", components[0].len),
"not enough components full test (components[0])");
num = tokenize_path_components("/", components, max);
MY_TEST(num == 0, "no valid components #1 (num)");
num = tokenize_path_components("////////", components, max);
MY_TEST(num == 0, "no valid components #2 (num)");
num = tokenize_path_components("////////////foo////", components, max);
MY_TEST(num == 1, "many invalid components (num)");
MY_TEST(!strncmp(components[0].str, "foo", components[0].len),
"many invalid components (components[0])");
num = tokenize_path_components("file", components, max);
MY_TEST(num == 1, "file (num)");
MY_TEST(!strncmp(components[0].str, "file", components[0].len),
"file (components[0])");
num = tokenize_path_components("/policy///versions//v7/", components, max);
MY_TEST(num == 3, "v7 (num)");
MY_TEST(!strncmp(components[0].str, "policy", components[0].len),
"v7 (components[0])");
MY_TEST(!strncmp(components[1].str, "versions", components[1].len),
"v7 (components[1])");
MY_TEST(!strncmp(components[2].str, "v7", components[2].len),
"v7 (components[2])");
num = tokenize_path_components("dbus/mask/send", components, max);
MY_TEST(num == 3, "dbus send (num)");
MY_TEST(!strncmp(components[0].str, "dbus", components[0].len),
"dbus send (components[0])");
MY_TEST(!strncmp(components[1].str, "mask", components[1].len),
"dbus send (components[1])");
MY_TEST(!strncmp(components[2].str, "send", components[2].len),
"dbus send (components[2])");
return rc;
}
static int do_test_walk_one(const char **str, const struct component *component,
bool is_top_level, bool expect_walk, const char *e1,
const char *e2, const char *e3)
{
const char *save = str ? *str : NULL;
bool walked = walk_one(str, component, is_top_level);
int rc = 0;
/* Check if the result of the walk matches the expected result*/
MY_TEST(expect_walk == walked, e1);
if (save) {
/**
* If a walk was expected, @*str should have changed. It
* shouldn't change if a walk was unexpected.
*/
if (expect_walk) {
MY_TEST(*str != save, e2);
} else {
MY_TEST(*str == save, e3);
}
}
return rc;
}
#define MY_WALK_TEST(str, component, is_top_level, expect_walk, error) \
if (do_test_walk_one(str, component, is_top_level, \
expect_walk, \
error " (walk check)", \
error " (str didn't change)", \
error " (str changed)")) { \
rc = 1; \
}
#define MY_GOOD_WALK_TEST(str, component, is_top_level, error) \
MY_WALK_TEST(str, component, is_top_level, true, error)
#define MY_BAD_WALK_TEST(str, component, is_top_level, error) \
MY_WALK_TEST(str, component, is_top_level, false, error)
static int test_walk_one(void)
{
struct component c;
const char *str;
int rc = 0;
MY_BAD_WALK_TEST(NULL, &c, true, "basic NULL str test");
str = NULL;
MY_BAD_WALK_TEST(&str, &c, true, "basic NULL *str test");
str = "test { a b }";
MY_BAD_WALK_TEST(&str, NULL, true, "basic NULL component test");
str = "test { a b }";
c = (struct component) { NULL, 8 };
MY_BAD_WALK_TEST(&str, &c, true, "basic NULL c.str test");
str = "test { a b }";
c = (struct component) { "", 0 };
MY_BAD_WALK_TEST(&str, &c, true, "basic empty c.str test");
str = "test";
c = (struct component) { "test", 4 };
MY_GOOD_WALK_TEST(&str, &c, true, "single component");
str = "testX";
c = (struct component) { "test", 4 };
MY_BAD_WALK_TEST(&str, &c, true, "single component bad str");
str = "test";
c = (struct component) { "testX", 5 };
MY_BAD_WALK_TEST(&str, &c, true, "single component bad c.str");
str = "test { }";
c = (struct component) { "test", 4 };
MY_GOOD_WALK_TEST(&str, &c, true, "single component empty braces #1");
str = "test {\n\t}";
c = (struct component) { "test", 4 };
MY_GOOD_WALK_TEST(&str, &c, true, "single component empty braces #2");
str = "test{}";
c = (struct component) { "test", 4 };
MY_GOOD_WALK_TEST(&str, &c, true, "single component empty braces #3");
str = "test\t{}\n ";
c = (struct component) { "test", 4 };
MY_GOOD_WALK_TEST(&str, &c, true, "single component empty braces #4");
str = "test {}";
c = (struct component) { "test", 4 };
MY_BAD_WALK_TEST(&str, &c, false, "single component bad is_top_level");
str = "front{back";
c = (struct component) { "frontback", 9};
MY_BAD_WALK_TEST(&str, &c, true, "brace in the middle #1");
MY_BAD_WALK_TEST(&str, &c, false, "brace in the middle #2");
str = "ardvark { bear cat { deer } }";
c = (struct component) { "ardvark", 7 };
MY_GOOD_WALK_TEST(&str, &c, true, "animal walk good ardvark");
c = (struct component) { "deer", 4 };
MY_BAD_WALK_TEST(&str, &c, false, "animal walk bad deer");
MY_BAD_WALK_TEST(&str, &c, true, "animal walk bad top-level deer");
c = (struct component) { "bear", 4 };
MY_BAD_WALK_TEST(&str, &c, true, "animal walk bad bear");
c = (struct component) { "cat", 3 };
MY_GOOD_WALK_TEST(&str, &c, false, "animal walk good cat");
c = (struct component) { "ardvark", 7 };
MY_BAD_WALK_TEST(&str, &c, true, "animal walk bad ardvark");
c = (struct component) { "deer", 4 };
MY_GOOD_WALK_TEST(&str, &c, false, "animal walk good deer");
str = "dbus {mask {acquire send receive\n}\n}\nsignal {mask {hup int\n}\n}";
c = (struct component) { "hup", 3 };
MY_BAD_WALK_TEST(&str, &c, true, "dbus/signal bad hup #1");
MY_BAD_WALK_TEST(&str, &c, false, "dbus/signal bad hup #2");
c = (struct component) { "signal", 6 };
MY_BAD_WALK_TEST(&str, &c, false, "dbus/signal bad signal");
MY_GOOD_WALK_TEST(&str, &c, true, "dbus/signal good signal");
c = (struct component) { "mask", 4 };
MY_BAD_WALK_TEST(&str, &c, true, "dbus/signal bad mask");
MY_GOOD_WALK_TEST(&str, &c, false, "dbus/signal good mask");
c = (struct component) { "hup", 3 };
MY_GOOD_WALK_TEST(&str, &c, false, "dbus/signal good hup");
str = "policy {set_load {yes\n}\nversions {v7 {yes\n}\nv6 {yes\n}";
c = (struct component) { "policy", 6 };
MY_GOOD_WALK_TEST(&str, &c, true, "policy good");
c = (struct component) { "versions", 8 };
MY_GOOD_WALK_TEST(&str, &c, false, "versions good");
c = (struct component) { "v7", 2 };
MY_GOOD_WALK_TEST(&str, &c, false, "v7 good");
return rc;
}
int main(void)
{
int retval, rc = 0;
retval = test_tokenize_path_components();
if (retval)
rc = retval;
retval = test_walk_one();
if (retval)
rc = retval;
return rc;
}

13
parser/Makefile
View file

@ -75,10 +75,10 @@ SRCS = parser_common.c parser_include.c parser_interface.c parser_lex.c \
parser_yacc.c parser_regex.c parser_variable.c parser_policy.c \
parser_alias.c common_optarg.c lib.c network.c \
mount.cc dbus.cc profile.cc rule.cc signal.cc ptrace.cc \
af_rule.cc af_unix.cc features.c policy_cache.c kernel_interface.c
af_rule.cc af_unix.cc policy_cache.c kernel_interface.c
HDRS = parser.h parser_include.h immunix.h mount.h dbus.h lib.h profile.h \
rule.h common_optarg.h signal.h ptrace.h network.h af_rule.h af_unix.h \
features.h policy_cache.h kernel_interface.h
policy_cache.h kernel_interface.h
TOOLS = apparmor_parser
OBJECTS = $(patsubst %.cc, %.o, $(SRCS:.c=.o))
@ -109,7 +109,7 @@ EXTRA_CFLAGS += $(INCLUDE_APPARMOR)
LEX_C_FILES = parser_lex.c
YACC_C_FILES = parser_yacc.c parser_yacc.h
TESTS = tst_regex tst_misc tst_symtab tst_variable tst_lib tst_features
TESTS = tst_regex tst_misc tst_symtab tst_variable tst_lib
TEST_CFLAGS = $(EXTRA_CFLAGS) -DUNIT_TEST -Wno-unused-result
TEST_OBJECTS = $(filter-out \
parser_lex.o \
@ -237,10 +237,7 @@ mount.o: mount.cc mount.h parser.h immunix.h rule.h
common_optarg.o: common_optarg.c common_optarg.h parser.h libapparmor_re/apparmor_re.h
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
features.o: features.c features.h parser.h libapparmor_re/apparmor_re.h
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
policy_cache.o: policy_cache.c policy_cache.h parser.h lib.h features.h
policy_cache.o: policy_cache.c policy_cache.h parser.h lib.h
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
kernel_interface.o: kernel_interface.c kernel_interface.h
@ -294,8 +291,6 @@ tst_lib: lib.c parser.h $(filter-out lib.o, ${TEST_OBJECTS})
$(CXX) $(TEST_CFLAGS) -o $@ $< $(filter-out $(<:.c=.o), ${TEST_OBJECTS}) $(TEST_LDFLAGS) $(TEST_LDLIBS)
tst_%: parser_%.c parser.h $(filter-out parser_%.o, ${TEST_OBJECTS})
$(CXX) $(TEST_CFLAGS) -o $@ $< $(filter-out $(<:.c=.o), ${TEST_OBJECTS}) $(TEST_LDFLAGS) $(TEST_LDLIBS)
tst_features: features.c features.h parser.h
$(CXX) $(TEST_CFLAGS) -o $@ $< $(filter-out $(<:.c=.o), ${TEST_OBJECTS}) $(TEST_LDFLAGS) $(TEST_LDLIBS)
.SILENT: check
.PHONY: check

34
parser/features.h
View file

@ -1,34 +0,0 @@
/*
* Copyright (c) 2014
* Canonical, Ltd. (All rights reserved)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of version 2 of the GNU General Public
* License published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, contact Novell, Inc. or Canonical
* Ltd.
*/
#ifndef __AA_FEATURES_H
#define __AA_FEATURES_H
typedef struct aa_features aa_features;
int aa_features_new(aa_features **features, const char *path);
int aa_features_new_from_string(aa_features **features,
const char *string, size_t size);
int aa_features_new_from_kernel(aa_features **features);
aa_features *aa_features_ref(aa_features *features);
void aa_features_unref(aa_features *features);
int aa_features_write_to_file(aa_features *features, const char *path);
bool aa_features_is_equal(aa_features *features1, aa_features *features2);
bool aa_features_supports(aa_features *features, const char *str);
#endif /* __AA_FEATURES_H */

2
parser/kernel_interface.h
View file

@ -19,6 +19,8 @@
#ifndef __AA_KERNEL_INTERFACE_H
#define __AA_KERNEL_INTERFACE_H
#include <sys/apparmor.h>
#include "features.h"
typedef struct aa_kernel_interface aa_kernel_interface;