Move public mediation class types and perms to apparmor.h

Now that the parser links against libapparmor, it makes sense to move all public permission types and flags to libapparmor's apparmor.h. This prevents duplication across header files for the parser and libapparmor. Additionally, this patch breaks the connection between AA_DBUS_{SEND,RECEIVE,BIND} and AA_MAY_{WRITE,READ,BIND} by using raw values when defining the AA_DBUS_{SEND,RECEIVE,BIND} macros. This makes sense because the two sets of permission flags are from two distinctly different mediation types (AA_CLASS_DBUS and AA_CLASS_FILE). While it is nice that they share some of the same values, the macros don't need to be linked together. In other words, when you're creating a D-Bus rule, it would be incorrect to use permission flags from the AA_CLASS_FILE type. The change mentioned above allows the AA_MAY_{WRITE,READ,BIND} macros to be removed from public-facing apparmor.h header. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2025-03-04 08:24:42 +01:00 · 2013-12-06 11:20:06 -08:00 · 2013-12-06 11:20:06 -08:00 · de13aa5126
commit de13aa5126
parent b83810af84
7 changed files with 14 additions and 19 deletions
--- a/libraries/libapparmor/src/apparmor.h
+++ b/libraries/libapparmor/src/apparmor.h
@ -43,15 +43,13 @@ __BEGIN_DECLS
 #define AA_CLASS_X		33


-/* Permission Flags for Mediation classes */
-#define AA_MAY_WRITE		(1 << 1)
-#define AA_MAY_READ		(1 << 2)
-#define AA_MAY_BIND		(1 << 6)
-
-#define AA_DBUS_SEND		AA_MAY_WRITE
-#define AA_DBUS_RECEIVE		AA_MAY_READ
-#define AA_DBUS_EAVESDROP	(1 << 5)
-#define AA_DBUS_BIND		AA_MAY_BIND
+/* Permission flags for the AA_CLASS_DBUS mediation class */
+#define AA_DBUS_SEND			(1 << 1)
+#define AA_DBUS_RECEIVE		 	(1 << 2)
+#define AA_DBUS_EAVESDROP		(1 << 5)
+#define AA_DBUS_BIND			(1 << 6)
+#define AA_VALID_DBUS_PERMS		(AA_DBUS_SEND | AA_DBUS_RECEIVE | \
+					 AA_DBUS_BIND | AA_DBUS_EAVESDROP)


 /* Prototypes for apparmor state queries */
--- a/parser/dbus.c
+++ b/parser/dbus.c
@ -18,6 +18,7 @@

 #include <stdlib.h>
 #include <string.h>
+#include <apparmor.h>

 #include "parser.h"
 #include "profile.h"
--- a/parser/immunix.h
+++ b/parser/immunix.h
@ -40,14 +40,6 @@
 #define AA_EXEC_MOD_2			(1 << 12)
 #define AA_EXEC_MOD_3			(1 << 13)

-#define AA_DBUS_SEND			AA_MAY_WRITE
-#define AA_DBUS_RECEIVE			AA_MAY_READ
-#define AA_DBUS_EAVESDROP		(1 << 5)
-#define AA_DBUS_BIND			(1 << 6)
-
-#define AA_VALID_DBUS_PERMS		(AA_DBUS_SEND | AA_DBUS_RECEIVE | \
-					 AA_DBUS_BIND | AA_DBUS_EAVESDROP)
-
 #define AA_BASE_PERMS			(AA_MAY_EXEC | AA_MAY_WRITE | \
 					 AA_MAY_READ | AA_MAY_APPEND | \
 					 AA_MAY_LINK | AA_MAY_LOCK | \
--- a/parser/parser_misc.c
+++ b/parser/parser_misc.c
@ -37,6 +37,7 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <unistd.h>
+#include <apparmor.h>

 #include "parser.h"
 #include "profile.h"
--- a/parser/parser_regex.c
+++ b/parser/parser_regex.c
@ -21,6 +21,7 @@
 #include <string.h>
 #include <libintl.h>
 #include <linux/limits.h>
+#include <apparmor.h>
 #define _(s) gettext(s)

 /* #define DEBUG */
--- a/parser/parser_yacc.y
+++ b/parser/parser_yacc.y
@ -27,6 +27,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <libintl.h>
+#include <apparmor.h>
 #define _(s) gettext(s)

 /* #define DEBUG */
--- a/parser/policydb.h
+++ b/parser/policydb.h
@ -17,7 +17,9 @@
 #define __AA_POLICYDB_H

 /*
- * Class of mediation types in the AppArmor policy db
+ * Class of private mediation types in the AppArmor policy db
+ *
+ * See libapparmor's apparmor.h for public mediation types
 */
 #define AA_CLASS_COND		0
 #define AA_CLASS_UNKNOWN	1
@ -32,7 +34,6 @@

 #define AA_CLASS_ENV		16

-#define AA_CLASS_DBUS		32
 #define AA_CLASS_X		33

 #endif /* __AA_POLICYDB_H */