From 2bd1884654d0cce13c076b39d2a2a506139798ec Mon Sep 17 00:00:00 2001 From: Ryan Lee Date: Fri, 20 Sep 2024 16:08:32 -0700 Subject: [PATCH 1/2] Remove SWIG aa_change_hat_vargs, aa_get_procattr_raw, aa_get_peercon_raw It doesn't make sense to expose the *_raw functions or the varg version of aa_change_hatv to higher-level languages. While technically a breaking change, the generated bindings for these functions never actually worked anyways: - aa_change_hat_vargs uses C varargs, which SWIG passes in NULL for by default. It does not attempt to process the passed-in arguments at all (and in fact caused an unused-argument compiler warning when compiling the generated bindings). - aa_getprocattr_raw and aa_getpeercon_raw both place output into a char **mode pointer. SWIG by default generates these as opaque pointer object arguments, rendering them unusable for getting output. Future patches would be needed to fix char** arguments for the other functions that use them. Moreover, these functions expect their caller to handle memory allocation, which is also not possible from a higher-level language point of view. Signed-off-by: Ryan Lee --- libraries/libapparmor/swig/SWIG/libapparmor.i | 4 ---- 1 file changed, 4 deletions(-) diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i index 542449aec..22af889e1 100644 --- a/libraries/libapparmor/swig/SWIG/libapparmor.i +++ b/libraries/libapparmor/swig/SWIG/libapparmor.i @@ -95,15 +95,11 @@ extern int aa_change_hat(const char *subprofile, unsigned long magic_token); extern int aa_change_profile(const char *profile); extern int aa_change_onexec(const char *profile); extern int aa_change_hatv(const char *subprofiles[], unsigned long token); -extern int aa_change_hat_vargs(unsigned long token, int count, ...); extern int aa_stack_profile(const char *profile); extern int aa_stack_onexec(const char *profile); -extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len, - char **mode); extern int aa_getprocattr(pid_t tid, const char *attr, char **label, char **mode); extern int aa_gettaskcon(pid_t target, char **label, char **mode); extern int aa_getcon(char **label, char **mode); -extern int aa_getpeercon_raw(int fd, char *buf, socklen_t *len, char **mode); extern int aa_getpeercon(int fd, char **label, char **mode); extern int aa_query_label(uint32_t mask, char *query, size_t size, int *allowed, int *audited); From bdc8889cc00110ebd6005a21eb6bac29832bb365 Mon Sep 17 00:00:00 2001 From: Ryan Lee Date: Mon, 23 Sep 2024 12:07:53 -0700 Subject: [PATCH 2/2] Remove private _aa_is_blacklisted from SWIG bindings Signed-off-by: Ryan Lee --- libraries/libapparmor/swig/SWIG/libapparmor.i | 4 ---- 1 file changed, 4 deletions(-) diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i index 22af889e1..62507741e 100644 --- a/libraries/libapparmor/swig/SWIG/libapparmor.i +++ b/libraries/libapparmor/swig/SWIG/libapparmor.i @@ -70,10 +70,6 @@ warnings.warn("free_record is now a no-op as the record's memory is handled auto extern char *aa_splitcon(char *con, char **mode); -/* apparmor_private.h */ - -extern int _aa_is_blacklisted(const char *name); - #ifdef SWIGPYTHON %exception { $action