diff --git a/libraries/libapparmor/doc/Makefile.am b/libraries/libapparmor/doc/Makefile.am index 39d741d66..b102137a9 100644 --- a/libraries/libapparmor/doc/Makefile.am +++ b/libraries/libapparmor/doc/Makefile.am @@ -5,9 +5,9 @@ PODCHECKER = podchecker if ENABLE_MAN_PAGES -man_MANS = aa_change_hat.2 aa_change_profile.2 aa_getcon.2 aa_find_mountpoint.2 +man_MANS = aa_change_hat.2 aa_change_profile.2 aa_getcon.2 aa_find_mountpoint.2 aa_splitcon.3 -PODS = $(subst .2,.pod,$(man_MANS)) +PODS = $(subst .2,.pod,$(man_MANS)) $(subst .3,.pod,$(man_MANS)) EXTRA_DIST = $(man_MANS) $(PODS) @@ -23,4 +23,13 @@ CLEANFILES = $(man_MANS) --stderr \ $< > $@ +%.3: %.pod + $(PODCHECKER) -warnings -warnings $< + $(POD2MAN) \ + --section=3 \ + --release="AppArmor $(VERSION)" \ + --center="AppArmor" \ + --stderr \ + $< > $@ + endif diff --git a/libraries/libapparmor/doc/aa_getcon.pod b/libraries/libapparmor/doc/aa_getcon.pod index d944fecee..32ef61fc8 100644 --- a/libraries/libapparmor/doc/aa_getcon.pod +++ b/libraries/libapparmor/doc/aa_getcon.pod @@ -131,7 +131,7 @@ L. =head1 SEE ALSO -apparmor(7), apparmor.d(5), apparmor_parser(8), aa_change_profile(2) and -L. +apparmor(7), apparmor.d(5), apparmor_parser(8), aa_change_profile(2), +aa_splitcon(3) and L. =cut diff --git a/libraries/libapparmor/doc/aa_splitcon.pod b/libraries/libapparmor/doc/aa_splitcon.pod new file mode 100644 index 000000000..a85b61902 --- /dev/null +++ b/libraries/libapparmor/doc/aa_splitcon.pod @@ -0,0 +1,65 @@ +# This publication is intellectual property of Canonical Ltd. Its contents +# can be duplicated, either in part or in whole, provided that a copyright +# label is visibly located on each copy. +# +# All information found in this book has been compiled with utmost +# attention to detail. However, this does not guarantee complete accuracy. +# Neither Canonical Ltd, the authors, nor the translators shall be held +# liable for possible errors or the consequences thereof. +# +# Many of the software and hardware descriptions cited in this book +# are registered trademarks. All trade names are subject to copyright +# restrictions and may be registered trade marks. Canonical Ltd. +# essentially adhere to the manufacturer's spelling. +# +# Names of products and trademarks appearing in this book (with or without +# specific notation) are likewise subject to trademark and trade protection +# laws and may thus fall under copyright restrictions. +# + + +=pod + +=head1 NAME + +aa_splitcon - split the confinement context into a label and mode + +=head1 SYNOPSIS + +B<#include Esys/apparmor.hE> + +B + +Link with B<-lapparmor> when compiling. + +=head1 DESCRIPTION + +The aa_splitcon() function splits a confinement context into separate label +and mode strings. The @con string is modified so that the label portion is NUL +terminated. The enforcement mode is also NUL terminated and the parenthesis +surrounding the mode are removed. If @mode is non-NULL, it will point to the +first character in the enforcement mode string on success. + +=head1 RETURN VALUE + +Returns a pointer to the first character in the label string. NULL is returned +on error. + +=head1 EXAMPLE + + Context Label Mode + ----------------------------- ------------------ ------- + unconfined unconfined NULL + /bin/ping (enforce) /bin/ping enforce + /usr/sbin/rsyslogd (complain) /usr/sbin/rsyslogd complain + +=head1 BUGS + +None known. If you find any, please report them at +L. + +=head1 SEE ALSO + +aa_getcon(2) and L. + +=cut diff --git a/libraries/libapparmor/include/sys/apparmor.h b/libraries/libapparmor/include/sys/apparmor.h index 99ce36b96..a7f90985e 100644 --- a/libraries/libapparmor/include/sys/apparmor.h +++ b/libraries/libapparmor/include/sys/apparmor.h @@ -58,6 +58,7 @@ extern int aa_change_onexec(const char *profile); extern int aa_change_hatv(const char *subprofiles[], unsigned long token); extern int (aa_change_hat_vargs)(unsigned long token, int count, ...); +extern char *aa_splitcon(char *con, char **mode); /* Protypes for introspecting task confinement * Please see the aa_getcon(2) manpage for information */ diff --git a/libraries/libapparmor/src/kernel.c b/libraries/libapparmor/src/kernel.c index b792ac2fc..5f2d83521 100644 --- a/libraries/libapparmor/src/kernel.c +++ b/libraries/libapparmor/src/kernel.c @@ -208,6 +208,23 @@ out: return label; } +/** + * aa_splitcon - split the confinement context into a label and mode + * @con: the confinement context + * @mode: if non-NULL and a mode is present, will point to mode string in @con + * on success + * + * Modifies the @con string to split it into separate label and mode strings. + * The @mode argument is optional. If @mode is NULL, @con will still be split + * between the label and mode (if present) but @mode will not be set. + * + * Returns: a pointer to the label string or NULL on error + */ +char *aa_splitcon(char *con, char **mode) +{ + return splitcon(con, strlen(con), mode); +} + /** * aa_getprocattr_raw - get the contents of @attr for @tid into @buf * @tid: tid of task to query diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map index 3f434941f..28f245f37 100644 --- a/libraries/libapparmor/src/libapparmor.map +++ b/libraries/libapparmor/src/libapparmor.map @@ -80,6 +80,7 @@ APPARMOR_2.10 { aa_policy_cache_create; aa_policy_cache_remove; aa_policy_cache_replace_all; + aa_splitcon; local: *; } APPARMOR_2.9;