Based on the existing implementations of aa_change_profile(2) and
aa_change_onexec(2).
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Only use the special %exception directive for functions that return a
negative int and set errno upon error.
This prevents, for example, _aa_is_blacklisted() from raising an
exception when it returns -1. This is important because it doesn't set
errno so an exception based on the value of errno would be
unpredictable.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
When is_blacklisted() was internal to the parser, it would print an
error message when encountering some file names. If the path parameter
was non-null, the error message would include the file path instead of
the file name.
Now that the function has been moved to libapparmor, callers are
expected to print the appropriate error message if _aa_is_blacklisted()
returns -1. Since the error message printing no longer occurs inside of
_aa_is_blacklisted(), the path parameter can be removed.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Adjust the libapparmor function prototypes, variable names, and comments
that incorrectly used the name "con" when referring to the label.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Current libapparmor python bindings are very "unpythonic". Also lack
ability to access "why" information in case of failure.
In python when something fail the normal behaviour is exception
to occur. In case of apparmor functions die silently and require
user to verify returned value.
And here comes second problem. In C api when return value is -1
(and the same value is returned in python API) we can access errno
to get information why this occured. Unfortunately in python there
is no way to access the same information. Pythonic way of accessing
errno is via exception (which is never raised in python bindings
currently).
So the patch adds exceptions on failures. First %exception creates
a wrapper that swig adds to each function listed below. Empty %exception
causes that the rest of code (beside listed functions) won't be wrapped.
How this works? Example on apparmor disabled system:
Before:
>>> LibAppArmor.aa_change_hat(hat, random.randint(1, sys.maxint))
-1
After:
>>> LibAppArmor.aa_change_hat(hat, random.randint(1, sys.maxint))
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
OSError: [Errno 22] Invalid argument
so pythonic way of accessing "why":
>>> try:
... LibAppArmor.aa_change_hat(hat, random.randint(1, sys.maxint))
... except OSError, e:
... print e.errno
...
22
Signed-off-by: Arkadiusz Miśkiewicz <arekm@maven.pl>
Acked-by: Steve Beattie <steve@nxnw.org>
This patch moves the apparmor.h and aalogparse.h headers
from the libapparmor/src/ directory to a new directory
libapparmor/include/. The apparmor.h header is stored in a sys/
directory within libapparmor/include/ to match its usual install
location in /usr/include/sys/, simplifying the #include statements of
source that wishes to include either the in-tree or system installed
version of the header (i.e. #include <sys/apparmor.h> can be used
everywhere).
The patch size is inflated by the movements of the header files, which
are unchanged except for their locations. Otherwise, the rest of the
changes are to modify the include search path or to stop looking in
$CWD for one of the headers.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
Add an interface for trusted applications to use when they need to query
AppArmor kernel policy to determine if an action should be allowed.
This is a simplified interface that tries to make it as easy as possible
for applications to use. They provide a permissions mask and query
string and they get a pair of booleans back that let them know if the
action should be allowed and/or audited.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
The parameter names are slightly different in the two functions. Rename
buffer to buf and rename size to len to make the two function prototypes
look similar.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
functions
The functions that return the confinement information of a peer socket
connection should parse and return the mode like the task-based
functions.
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
