Commit graph

2451 commits

Author SHA1 Message Date
Steve Beattie
f6af922088 po files: eliminate msgfmt missing language header warning
Current builds include many warnings when building translations message
files like so:

  msgfmt -c -o ja.mo ja.po
  ja.po:5: warning: header field 'Language' missing in header

According to what I read in the entry for Language in
http://www.gnu.org/software/gettext/manual/gettext.html#Header-Entry
the language entry should be (in our case) the same as the file name
minus the .po suffix. This patch adds the language field for those
po files that were missing it.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
2014-01-20 11:45:10 -08:00
Steve Beattie
5bae654061 parser: add additional language tests to get wider test coverage
This patch adds several assorted language tests, to exercise various
parts of the parser that were not being covered by the language tests
previously. Areas lacking were found using the coverage compilation
option; coverage from the language tests is still incomplete.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
2014-01-17 23:20:51 -08:00
Christian Boltz
68fbe714a4 allow dnsmasq read config created by recent NetworkManager
(see  http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d82669d3fdaa7ec70ef1b64941c101ac810c394b 
for details)

Patch by develop7 [at] develop7.info

Acked-by: Jamie Strandboge <jamie@canonical.com>
2014-01-17 20:58:21 +01:00
Steve Beattie
bae37248f5 parser+utils: adjust translation bugs reporting address
This patch updates the Report-Msgid-Bugs-To: to point to the apparmor
list instead of the old Novell forge address. It also makes the
Project-Id-Version: field consistent.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
2014-01-17 11:19:33 -08:00
Steve Beattie
cb7e717a7e utils: fix apparmor.vim rlimits support
The rlimits syntax checking support in apparmor.vim was broken in
various unhelpful ways:

  - lacked support for the 'infinity' keyword (aka RLIM_INFINITY)
  - lacked support for the 'ofile' rlimit, an alias for the nofile
    rlimit
  - lacked support for the 'cpu' rlimit (aka RLIMIT_CPU)
  - incorrect syntax for nofile|nproc|rtprio rlimits (didn't include
    required '<=' between the limit name and value)
  - incorrect syntax for specifying optional SI units for size based
    rlimits (e.g. 'MB' is required, but syntax only allowed incorrect
    'M'; that said, one could argue the parser is overly strict here,
    and the pattern should be '[KMG]B?')

(See the setrelimit(2) man page for more details on the specifics of the
rlimit definitions.)

This patch fixes the above issues.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
2014-01-17 11:14:27 -08:00
Steve Beattie
f9d1005b9d utils: remove unneeded imports from aa-easyprof and aa-sandbox
Found by running pyflakes on these scripts.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
2014-01-17 00:09:23 -08:00
Steve Beattie
62d636f125 parser: add rlimit language acceptance tests
The parser was lacking language tests for rlimits. This test adds
several, one for each rlimit type.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
2014-01-16 23:11:07 -08:00
Steve Beattie
49ec571bd0 parser: remove unneeded goto target in build_mnt_opts()
As noted by Seth Arnold, there's now only one failure case in the
function and thus does not warrant a goto target (especially since
there's no cleanup to occur).

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
2014-01-16 19:09:35 -08:00
Steve Beattie
aae194cc54 Merge the subsequent launchpad translations back into trunk. 2014-01-14 14:28:03 -08:00
Steve Beattie
a5a9e6c7a8 Merge initial launchpad translations import. 2014-01-14 14:23:44 -08:00
Steve Beattie
252829aee0 Merge in collected changes from trunk since branching off the
translations branch.
2014-01-14 10:36:36 -08:00
Tyler Hicks
58f96365d9 tests: Default to in-tree parser for regression tests
Change uservars.inc subdomain variable to use the in-tree parser by
default.

Also, clean up some commented out subdomain values that don't look to be
in use any longer and add one commented out value pointing to the system
parser.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
2014-01-12 22:39:07 -06:00
Tyler Hicks
9c1890fe13 parser: Make equality test output look like minimize test output
Subtle change to remove the "..." between the test description and
result and also to single-space the output. This brings the output in
line with what minimize.sh outputs, which is the test that runs just
before equality.sh.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-12 22:38:10 -06:00
Tyler Hicks
b9b1f7efe7 tests: Update README to reflect bash requirement
The regression test README examples use sh when showing how to run
individual tests but bash is needed, instead.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-12 22:37:39 -06:00
Tyler Hicks
f6f8232b6c parser: Add DFA minimization test that mimics D-Bus abstractions
This test ensures that the proper DFA minimization occurs when a
permissive D-Bus abstraction #include's the corresponding strict
abstraction.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-By: Christian Boltz <apparmor@cboltz.de>
2014-01-10 15:35:51 -06:00
Tyler Hicks
2559b9cfd8 profiles: Add strict accessibility bus abstraction
Create a new strict accessibility bus abstraction.

The strict abstraction only allows for calling the Hello, AddMatch,
RemoveMatch, GetNameOwner, NameHasOwner, and StartServiceByName methods
that are exported by the D-Bus daemon.

The permissive abstraction reuses the strict abstraction and then allows
all communications on the accessibility bus.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-10 15:35:30 -06:00
Tyler Hicks
46685a5637 profiles: Add strict session bus abstraction
Move some of the file rules from the existing permissive session bus
abstraction into a new strict session bus abstraction. Leave the
dbus-launch rule in the permissive profile since not all applications
will need it.

The strict abstraction only allows for calling the Hello, AddMatch,
RemoveMatch, GetNameOwner, NameHasOwner, and StartServiceByName methods
that are exported by the D-Bus daemon.

The permissive abstraction reuses the strict abstraction and then allows
all communications on the session bus.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-By: Jamie Strandboge <jamie@canonical.com>
2014-01-10 15:35:09 -06:00
Tyler Hicks
38aae1d1f0 profiles: Add strict system bus abstraction
Move the file rule from the existing permissive system bus abstraction
into a new strict system bus abstraction.

The strict abstraction only allows for calling the Hello, AddMatch,
RemoveMatch, GetNameOwner, NameHasOwner, and StartServiceByName methods
that are exported by the D-Bus daemon.

The permissive abstraction reuses the strict abstraction and then allows
all communications on the system bus.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-10 15:34:45 -06:00
Steve Beattie
9fcbd8af1c parser: fix compilation failure on 32 bit systems
std::max in C++ requires that both arguments be the same type. The
previous fix added std::max comparisons between unsigned long numeric
constants and size_t, this fix casts the numeric constants to size_t.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-10 11:02:59 -08:00
John Johansen
b6cb988ed7 Tests for DFA minimization
Tests should be added for other rule types but this is a good start at
testing DFA minimization.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-By: Christian Boltz <apparmor@cboltz.de>
2014-01-09 17:34:28 -08:00
John Johansen
92eae9d2d9 Fix dump output of expr tree
Make the accept information dump output be in hexidecimal like the
other dumps so its easier to reference between them.

Signed-off-by: John Johansen <john.johansen@canonical.com>
2014-01-09 17:30:00 -08:00
John Johansen
35f89fc3d6 Fix for the previous minimization patch
This was part of the original minimization patch, but got dropped when
applying to bzr. Again bzr status didn't show any files out of place
nor did the patching fail :(

Signed-off-by: John Johansen <john.johansen@canonical.com>
2014-01-09 17:27:47 -08:00
John Johansen
7ba571395e Fixes to that where dropped from the diff-encode patch
This diff is part of the diffencode patch but was dropped when it was
applied to bzr. I have no idea why and status showed a clean tree.

Signed-off-by: John Johansen <john.johansen@canonical.com>
2014-01-09 17:24:40 -08:00
John Johansen
3fb0689b84 Fix policy generation for small dfas
So there are multiple bugs in policy generation for small dfas.
- A bug where dfas reduced to only have a none accepting state
  drop the start state for accept tables in the chfa encoding

  eg. deny audit dbus,

  the accept and accept2 tables are resized to 1 but the cfha format
  requires at least 2. 1 for the none accepting state and 1 for the
  start state.
  the kernel check that the accept tables == other state table sizes
  caught this and rejected it.

- the next/check table needs to be padded to the largest base position
  used + 256 so no input can ever overflow the next/check table
  (next/check[base+c]).

  This is normally handled by inserting a transition which resizes
  the table. However in this case there where no transitions being
  inserted into the dfa. Resulting in a next/check table size of
  2, with a base pos of 0. Meaning the table needed to be padded
  to 256.

- there is an alignment bug for dfas within the container (see below)
  what follows is a hexdump of the generated policy. With the
  different parts broken out. There are 2 dfas (policy and older file) and
  it is the second dfa that is out of alignment.

  The aadfa blob wrapper should be making sure that the start of the actual
  dfa is in alignment but this is not happening. In this example


00000000  04 08 00 76 65 72 73 69  6f 6e 00 02 05 00 00 00  |...version......|
00000010  04 08 00 70 72 6f 66 69  6c 65 00 07 05 40 00 2f  |...profile...@./|
00000020  68 6f 6d 65 2f 75 62 75  6e 74 75 2f 62 7a 72 2f  |home/ubuntu/bzr/|
00000030  61 70 70 61 72 6d 6f 72  2f 74 65 73 74 73 2f 72  |apparmor/tests/r|
00000040  65 67 72 65 73 73 69 6f  6e 2f 61 70 70 61 72 6d  |egression/apparm|
00000050  6f 72 2f 71 75 65 72 79  5f 6c 61 62 65 6c 00 04  |or/query_label..|
00000060  06 00 66 6c 61 67 73 00  07 02 00 00 00 00 02 00  |..flags.........|
00000070  00 00 00 02 00 00 00 00  08 02 00 00 00 00 02 00  |................|
00000080  00 00 00 02 00 00 00 00  02 00 00 00 00 04 07 00  |................|
00000090  63 61 70 73 36 34 00 07  02 00 00 00 00 02 00 00  |caps64..........|
000000a0  00 00 02 00 00 00 00 02  00 00 00 00 08 04 09 00  |................|
000000b0  70 6f 6c 69 63 79 64 62  00 07

begin of policy dfa blob wrapper
000000b0                                 04 06 00 61 61 64  |policydb.....aad|
000000c0  66 61 00 06

size of the following blob (in little endian) so 0x80
000000c0              80 00 00 00  

begin of actual policy dfa, notice alignment on 8 byte boundry
000000c0                           1b 5e 78 3d 00 00 00 18  |fa.......^x=....|
000000d0  00 00 00 80 00 00 6e 6f  74 66 6c 65 78 00 00 00  |......notflex...|
000000e0  00 01 00 04 00 00 00 00  00 00 00 01 00 00 00 00  |................|
000000f0  00 07 00 04 00 00 00 00  00 00 00 01 00 00 00 00  |................|
00000100  00 02 00 04 00 00 00 00  00 00 00 02 00 00 00 00  |................|
00000110  00 00 00 00 00 00 00 00  00 04 00 02 00 00 00 00  |................|
00000120  00 00 00 02 00 00 00 00  00 08 00 02 00 00 00 00  |................|
00000130  00 00 00 02 00 00 00 00  00 03 00 02 00 00 00 00  |................|
00000140  00 00 00 02 00 00 00 00  08

dfa blob wrapper
00000140                              04 06 00 61 61 64 66  |............aadf|
00000150  61 00 06

size of the following blob (in little endian) so 0x4c8
00000150          c8 04 00 00

begin of file dfa, notice alignment. NOT on 8 byte boundry
                               1b  5e 78 3d 00 00 00 18 00  |a.......^x=.....|
00000160  00 04 c8 00 00 6e 6f 74  66 6c 65 78 00 00 00 00  |.....notflex....|
00000170  01 00 04 00 00 00 00 00  00 00 06 00 00 00 00 00  |................|
00000180  00 00 00 00 9f c2 7f 00  00 00 00 00 00 00 00 00  |................|
00000190  04 00 30 00 00 00 00 00  07 00 04 00 00 00 00 00  |..0.............|
000001a0  00 00 06 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
000001c0  02 00 04 00 00 00 00 00  00 00 06 00 00 00 00 00  |................|
000001d0  00 00 00 00 00 00 01 00  00 00 01 00 00 00 02 00  |................|
000001e0  00 00 00 00 00 00 00 00  04 00 02 00 00 00 00 00  |................|
000001f0  00 00 06 00 00 00 00 00  02 00 00 00 05 00 05 00  |................|
00000200  08 00 02 00 00 00 00 00  00 01 02 00 00 00 03 00  |................|
00000210  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000260  00 00 00 00 00 00 00 00  00 00 02 00 04 00 00 00  |................|
00000270  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000410  03 00 02 00 00 00 00 00  00 01 02 00 00 00 02 00  |................|
00000420  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000470  00 00 00 00 00 00 00 00  00 00 01 00 03 00 04 00  |................|
00000480  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000610  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00

end of container
00000610                                                08  |................|
00000620

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
2014-01-09 17:09:54 -08:00
John Johansen
f0b154528d Fix dfa minimization
So DFA minimization has a bug and feature that keeps it from  minimizing
some dfas completely. This feature/bug did not result in incorrect dfas,
it just fails to result in full minimization.

The same mappings comparison is wrong. Or more correctly it is right when
transitions are not remapped to minimization partitions, but it may be
wrong when states are remapped. This means it will cause excess
partitioning (not removing all the states it should).

The trans hashing does a "guess" at partition splitting as a performance
enhancement. Basically it leverages the information that states that have
different transitions or transitions on different characters are not the
same. However this isn't always the case, because minimization can cause
some of those transitions to be altered. In previous testing this was
always a win, with only a few extra states being added some times. However
this changes with when the same mappings are fixed, as the hashing that was
done was based on the same flawed mapping as the broken same mappings.

If the same mappings are fixed and the hashing is not removed then there
is little to no change. However with both changes applied some dfas see
significant improvements. These improvements often result in performance
improvements despite minimization doing more work, because it means less
work to be done in the chfa comb compression

eg. test case that raised the issue (thanks tyler)
  /t { mount fstype=ext2, mount, }

  used to be minimized to
   {1} <== (allow/deny/audit/quiet)
   {6} (0x 2/0/0/0)

   {1} -> {2}: 0x7
   {2} -> {3}: 0x0
   {2} -> {2}: []
   {3} -> {4}: 0x0
   {3} -> {3}: []
   {4} -> {6}: 0x0
   {4} -> {7}: 0x65 e
   {4} -> {5}: []
   {5} -> {6}: 0x0
   {5} -> {5}: []
   {6}  (0x 2/0/0/0) -> {6}: [^\0x0]
   {7} -> {6}: 0x0
   {7} -> {8}: 0x78 x
   {7} -> {5}: []
   {8} -> {6}: 0x0
   {8} -> {5}: 0x74 t
   {8} -> {5}: []

  with the patch it is now properly minimized to
    {1} <== (allow/deny/audit/quiet)
    {6} (0x 2/0/0/0)

    {1} -> {2}: 0x7
    {2} -> {3}: 0x0
    {2} -> {2}: []
    {3} -> {4}: 0x0
    {3} -> {3}: []
    {4} -> {6}: 0x0
    {4} -> {4}: []
    {6}  (0x 2/0/0/0) -> {6}: [^\0x0]


The evince profile set sees some significant improvements picking a couple
example from its "minimized" dfas (it has 12) we see a reduction from 9720
states to 6232 states, and 6537 states to 3653 states. All told seeing the
performance/profile size going from
  2.8 parser: 4.607s 1007267 bytes
  dev head:   3.48s  1007267 bytes
  min fix:    2.68s  549603 bytes

of course evince is an extreme example so a few more

firefox
   2.066s   404549 bytes
 to
   1.336s   250585 bytes


cupsd
   0.365s   90834 bytes
 to
   0.293s   58855 bytes

dnsmasq
   0.118s   35689 bytes
 to
   0.112s   27992 bytes


smbd
   0.187s   40897 bytes
 to
   0.162s   33665 bytes


weather applet profile from ubuntu touch
   0.618s   105673 bytes
 to
   0.432s   89300 bytes


I have not seen a case where the parser regresses on performance but it is
possible. This patch will not cause a regression on generated policy size,
at worst it will result in policy that is the same size

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
2014-01-09 17:06:48 -08:00
John Johansen
22855508e8 Add Differential State Compression to the DFA
Differential state compression encodes a state's transitions as the
difference between the state and its default state (the state it is
relative too).

This reduces the number of transitions that need to be stored in the
transition table, hence reducing the size of the dfa.  There is a
trade off in that a single input character may have to traverse more
than one state.  This is somewhat offset by reduced table sizes providing
better locality and caching properties.

With carefully encoding we can still make constant match time guarentees.
This patch guarentees that a state that is differentially encoded will do at
most 3m state traversal to match an input of length m (as opposed to a
non-differentially compressed dfa doing exactly m state traversals).
In practice the actually number of extra traversals is less than this becaus
we selectively choose which states are differentially encoded.

In addition to reducing the size of the dfa by reducing the number of
transitions that have to be stored.  Differential encoding reduces the
number of transitions that need to be considered by comb compression,
which can result in tighter packing, due to a reduction in sparseness, and
also reduces the time spent in comb compression which currently uses an
O(n^2) algorithm.

Differential encoding will always result in a DFA that is smaller or equal
in size to the encoded DFA, and will usually improve compilation times,
with the performance improvements increasing as the DFA gets larger.

Eg. Given a example DFA that created 8991 states after minimization.
* If only comb compression (current default) is used

 52057 transitions are packed into a table of 69591 entries. Achieving an
 efficiency of about 75% (an average of about 7.74 table entries per state).
 With a resulting compressed dfa16 size of 404238 bytes and a run time for
 the dfa compilation of
   real 0m9.037s
   user 0m8.893s
   sys  0m0.036s

* If differential encoding + comb compression is used, 8292 of the 8991
  states are differentially encoded, with 31557 trans removed.  Resulting in

  20500 transitions are packed into a table of 20675 entries.  Acheiving an
  efficiency of about 99.2% (an average of about 2.3 table entries per state
  With a resulting compressed dfa16 size of 207874 bytes (about 48.6%
  reduction) and a run time for the dfa compilation of
   real 0m5.416s (about 40% faster)
   user 0m5.280s
   sys  0m0.040s

Repeating with a larger DFA that has 17033 states after minimization.
* If only comb compression (current default) is used

 102992 transitions are packed into a table of 137987 entries.  Achieving
 an efficiency of about 75% (an average of about 8.10 entries per state).
 With a resultant compressed dfa16 size of 790410 bytes and a run time for d
 compilation of
  real  0m28.153s
  user  0m27.634s
  sys   0m0.120s

* with differential encoding
 39374 transition are packed into a table of 39594 entries. Achieving an
 efficiency of about 99.4% (an average of about 2.32 entries per state).
 With a resultant compressed dfa16 size of 396838 bytes (about 50% reduction
 and a run time for dfa compilation of
  real  0m11.804s (about 58% faster)
  user  0m11.657s
  sys   0m0.084s

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2014-01-09 16:55:55 -08:00
Steve Beattie
c6f1034177 Convert make errors finding libapparmor to only occur when building
By raising an error for being unable to find libapparmor any time
a make command is run, we break things like make clean and other
targets that don't strictly depend on libapparmor existing (note that
Tyler's implementation for the parser did not do this). This patch
fixes this for the regression tests, mod_apparmor and pam_apparmor
by making a separate libapparmor_check target that looks to see if
an error message should be generated.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2014-01-09 12:11:19 -08:00
Steve Beattie
598f7a0b5b mod_apparmor/pam_apparmor: fix libapparmor search path and add USE_SYSTEM support
This patch adds support for the USE_SYSTEM make flag and adjusts
search paths for mod_apparmor and pam_apparmor, as well as fixing up
a couple of the (probably ought to be deprecated) tomcat locations
where apparmor.h is included.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2014-01-09 11:57:13 -08:00
Launchpad Translations on behalf of apparmor-dev
11301681aa Launchpad automatic translations update. 2014-01-08 04:35:03 +00:00
Steve Beattie
c478f8f0e1 regression tests: build against in-tree libapparmor by default [v3]
This patch converts the regression tests to build against the in-tree
libapparmor, giving an error if libapparmor has not already been built.
It also maintains support for building against the system libapparmor
via passing

  USE_SYSTEM=1

on the make command line. An error is also given if the system
libapparmor cannot be found, indicating that development packages need
to be installed. The check to look for libapparmor is also updated
to make use of libapparmor pkg-config data if available.

Patch history:
  v1: initial submission
  v2: convert from including the apparmor.h on the command line to
      specifying an in-tree libapparmor header include path, now
      that their location has been adjusted to make it safe to do
      so. Remove work around related to defining _GNU_SOURCE.
  v3: fix LDLIBS to use output of pkg-config et al tests instead of
      hardcoding -lapparmor in the USE_SYSTEM case.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
2014-01-06 14:58:15 -08:00
Steve Beattie
260d73f752 parser: Add make variable to build against local or system libapparmor [v3]
By default, statically link against the in-tree libapparmor. If the
in-tree libapparmor is not yet built, print a helpful error message. To
build against the system libapparmor, the USE_SYSTEM make
variable can be set on the command line like so:

  $ make USE_SYSTEM=1

This patch also fixes issues around the inclusion of the apparmor.h
header. Previously, the in-tree apparmor.h was always being included
even if the parser was being linked against the system libapparmor.
It modifies the apparmor.h include path based on the previous patch
separating them out in the libapparmor source. This was needed because
header file name collisions were already occurring.

For source files needing to include apparmor.h, the make targets were
also updated to depend on the local apparmor.h when building against
the in-tree libapparmor.  When building against the system libapparmor,
the variable used in the dependency list is empty. Likewise, a
libapparmor.a dependency is added to the apparmor_parser target when
building against the in-tree apparmor.

Patch history:
  v1: from Tyler Hicks <tyhicks@canonical.com>
      - initial version
  v2: revert to altering the include search path rather than including
      the apparmor.h header directly via cpp arguments, alter the
      include statements to <sys/apparmor.h> which will work against
      either in-tree or (default) system paths.
  v3: convert controlling variable to USE_SYSTEM from SYSTEM_LIBAPPARMOR
      to unify between the parser and the regression tests.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Steve Beattie <steve@nxnw.org>
2014-01-06 14:46:10 -08:00
Steve Beattie
a72f0693f3 libapparmor: move public headers to separate directory
This patch moves the apparmor.h and aalogparse.h headers
from the libapparmor/src/ directory to a new directory
libapparmor/include/. The apparmor.h header is stored in a sys/
directory within libapparmor/include/ to match its usual install
location in /usr/include/sys/, simplifying the #include statements of
source that wishes to include either the in-tree or system installed
version of the header (i.e. #include <sys/apparmor.h> can be used
everywhere).

The patch size is inflated by the movements of the header files, which
are unchanged except for their locations. Otherwise, the rest of the
changes are to modify the include search path or to stop looking in
$CWD for one of the headers.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
2014-01-06 14:08:55 -08:00
Steve Beattie
6552d192a6 libapparmor: require libtoolize instead of libtool
libtoolize is the standard mechanism for incorporating libtool support
into a library; however, libapparmor's autogen.sh script specifically
looks for the existence of the libtool binary rather than libtoolize.
The libtoolize tool automatically generates a libtool script and does
not require the existence of the libtool binary, so we no longer need
to check for it.

The autogen.sh script aborting because it can't find the libtool
binary causes a spurious build failure in Ubuntu 14.04, due to the
libtool binary being separated out into its own package, and which
is not a strict dependency for libtool.

(I also added setting the package variable so that the error message
emitted will indicate that the failure is in building libapparmor.)

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
2014-01-03 15:13:26 -08:00
Christian Boltz
c37643e8a0 add FIPS support to abstractions/openssl
References: https://bugzilla.novell.com/show_bug.cgi?id=857122#c2

Acked-by: Steve Beattie <steve@nxnw.org>
2014-01-03 20:43:43 +01:00
Christian Boltz
aa6b86a1c3 samba (nmbd and smbd) need to create /var/run/samba and /var/cache/samba
at startup (at least on systems where /var/run is on a tmpfs)

References: https://bugzilla.novell.com/show_bug.cgi?id=856651

Acked-by: Steve Beattie <steve@nxnw.org> for trunk and 2.8. Thanks!
2013-12-23 22:15:47 +01:00
Tyler Hicks
d64797e4c3 profiles: rw file perms are now needed on AF_UNIX socket files
The AppArmor kernel now checks for both read and write permissions when
a process calls connect() on a UNIX domain socket.

The patch updates four abstractions that were found to be needing
changes after the change in AF_UNIX kernel mediation.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-12-19 23:19:40 -08:00
Tyler Hicks
9b82f1286f profiles: Create D-Bus abstraction for the accessibility bus
The accessibility bus uses an abstract socket, so there hasn't been a
need for an accessibility bus abstraction in the past. Now that D-Bus
mediation is supported, an abstraction becomes a useful place to put
accessibility bus D-Bus rules.

This patch follows the lead of the dbus and dbus-session abstraction by
granting full access to the accessibility bus.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-12-19 23:18:27 -08:00
Tyler Hicks
28964ebe24 profiles: Allow full D-Bus access in system and session abstractions
Before D-Bus mediation support was added to AppArmor, the dbus and
dbus-session abstractions granted full access to the system and session
buses, respectively.

In order to continue granting full access to those buses, bus-specific
D-Bus mediation rules need to be added to the abstractions.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-12-19 23:17:10 -08:00
Steve Beattie
4146495b05 parser: remove now unused clone_and_chain functions
With the previous patch to switch to using alternations for variable
expansion, the clone_and_chain set of functions are no longer needed
and no longer need to be passed around. This patch removes them.
(I kept this patch separate to keep the previous patch smaller and more
easily reviewed.)

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-12-16 01:30:13 -08:00
Steve Beattie
68a9f24fb5 parser: convert var expansion to use alternations
This patch converts the parser's variable expansion from adding new
entries for each additional variable value to incorporating an
alternation that includes all the values for the variable; e.g. given:

  @{BINS}=/bin /usr/bin /sbin /usr/sbin
  @{BINS}/binary ix,

rather than expanding to exntries for

  /bin/binary
  /usr/bin/binary
  /sbin/binary
  /usr/sbin/binary

one entry would remain that looks like:

  {/bin,/usr/bin,/sbin,/usr/sbin}/binary

One complication with this patch is that we try to prevent mistakes for
our users with variable expansion around '/'s; it's common for people to
write profiles that contain things like:

 @{BAR}=/bingo/*/ /bango/
 /foo/@{BAR}/baz

We already have a post-processing step that walks entries looking
for multiple sequences of '/'s and filters them into single
'/' which worked when creating new entries for each variable
expansion. Converting to alternation expansion breaks this filtering,
so code is added that removes leading and trailing slashes in variable
values in the expansion if the character immediately preceding or
following the variable is also a slash.

The intent behind this is to reduce the amount of memory allocations
and structure walking that needed to occur in when converting from the
entry strings to the back end nodes. Examples with real world profiles
showed performance improvements ranging from 2.5% to 10%. However,
because the back end operations are sensitive to the front end inputs,
it is possible for worse results to occur; for example, it takes the
simple_tests/vars/vars_stress_0[123].sd tests significantly longer to
complete after this patch is applied (vars_stress_03.sd in particular
takes ~23 times longer). An initial analysis of profiling output in
this negative case looks like it causes the tree simplification in
the back end to do more work for unknown reasons.

On the other hand, the test simple_tests/vars/vars_dbus_9.sd
(introduced in "[patch 09/12] parser: more dbus variable testcases")
takes ~1 sec to complete on my laptop before this patch, and roughly
0.01s with this patch applied.

(One option would be to keep the "expand entries" approach as an
alternative, but I couldn't come up with a good heuristic for when
to use it instead.)

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-12-16 01:28:38 -08:00
Steve Beattie
513d507423 parser: convert process_mnt_entry's typebuf to std::string
This patch addresses the FIXMEs from the last patch by converting
process_mnt_entry's typebuf from a char[] to std::string. As a side
effect, the code in build_list_val_expr() is greatly simplified.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-12-16 01:17:21 -08:00
Steve Beattie
cc1a6f0e55 parser: remove length restriction in convert_aaregex_to_pcre usage
This patch removes the string length limit in convert_aaregex_to_pcre()
usage. One of the benefits to moving to C++ is the ability to use
std::strings, which dynamically resize themselves. While it's a large
patch, a non-trivial amount is due to needing to get a char * string
back out via the c_str() method.

The unit tests are modified to include checks to ensure that
convert_aaregex_to_pcre only appends to the passed pcre string,
it never resets it.

As the test case with overlong alternations added in the previous
patch now passes, the TODO status is removed from it.

(Note: there's a couple of FIXME comments related to converting typebuf
to std::string that are added by this patch that are addressed in the
next patch. I kept that conversion separate to try to reduce the size
of this patch a little.)

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-12-16 01:15:17 -08:00
Steve Beattie
62c13f66b0 parser: add large number of alternations test case
This patch adds a test case with an extremely large set of alternations.
It is marked TODO, because it fails with the current parser due to
strings used in convert_aaregex_to_pcre() being limited to (roughly)
PATH_MAX.

While contrived, it is possible to have alternations that are longer
than PATH_MAX that always  match paths that are shorter than PATH_MAX.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-12-16 00:33:08 -08:00
Christian Boltz
d60f1a19da can ?not fix apparmor.pod
At least that's how this patch started ;-)

The updated (and much bigger) patch
- removes the note about can ?not mknod
- also removes mount and umount from the can ?not list which are covered
  by mount rules now
- updates the example audit.log lines to the current log format
- updates the description of the log format

Acked-By: Seth Arnold <seth.arnold@canonical.com> (on IRC)

Seth also promised a follow-up patch with the remaining changes.
2013-12-12 03:07:37 +01:00
Steve Beattie
f0cfec62cd parser: add some developer documentation
Patch history:
  v1: initial version
  v2: based on feedback from cboltz and sarnold:
      - fix bad grammar when mentioning *.gcno and *.gcda files
      - mention that distros generally don't need other options besides
        verbose builds
      - fix 'the valgrind' grammar messup.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-12-10 14:15:02 -08:00
Steve Beattie
b62f6d3982 parser: more dbus variable testcases (v2)
This patch adds more testcases around variables used in dbus rules.
In particular, it

  - attempts to verify that variable expansion and alternation
    expansion results in identical DFA blobs,
  - tests that variables can be expanded within alternations,
  - tests that alternations can occur in variable definitions, and
  - that having alternations inside variable declarations that are
    used inside alternations results in parsing success

Note that vars/vars_dbus_9.sd veers into stress test land, as the
combinatoric expansion results in over 1000 dbus rule entries being
generated, which means that DFA reduction on all the fields takes
noticeable amounts of time (around 1s on my i5 ivy-core laptop).

Patch history:
  v1: initial version
  v2: based on feedback:
      - add more alternation tests for cases where only part of the
        alternation is defined within a variable
      - mark test with nested alternations as being successful now that
        the patch that implements it was accepted
  v3: based on feedback from cboltz:
      - tst/simple_tests/vars/vars_dbus_9.sd: reference all variables
        declared, including a variable that references another variable

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-12-10 14:00:32 -08:00
Steve Beattie
d3bc4e43a5 parser: fix rlimit missing initializer warning
When compiling the parser, g++ currently emits warnings like so:

  profile.h: In constructor ‘Profile::Profile()’:
  profile.h:177:11: warning: missing initializer for member ‘aa_rlimits::limits’ [-Wmissing-field-initializers]
     rlimits = { 0 };
             ^

This patch fixes the issue.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-12-10 12:42:50 -08:00
Steve Beattie
690f35f61c parser: fix /proc version file read
The parser was not checking for an error when reading from
/proc/sys/kernel/osrelease. Additionally, valgrind was complaining
because of the uninitialized space in the buffer in between where
the read(2) had deposited its data and where the parser was writing
a trailing NUL to close the string. This patch fixes the above by
writing the NUL byte at the position at the end of the read characters
and checks for a negative result from the read() call.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-12-10 12:41:25 -08:00
Steve Beattie
2e8f7fff7c parser: fix alternation expansions that occur inside character classes
The parser was converting alternation characters ('{', '}', and ',')
to their pcre versions ('(', ')', and '|', respectively) that occurred
inside of character class patterns (i.e. inside '[ ]'). This patch
fixes the issue and adds a few unit tests around character classes.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2013-12-10 12:22:32 -08:00
Launchpad Translations on behalf of apparmor-dev
d50169fc06 Launchpad automatic translations update. 2013-12-08 05:18:38 +00:00