libapparmor: Create a private API

This patch creates a private API in libapparmor in which upstream provides no guarantees in regards to ABI stability. A new header file, <sys/apparmor_private.h>, is created. The "_aa" prefix will be used for symbols belonging to the private API. To kick things off, a library friendly version of is_blacklisted() is moved into libapparmor. The purpose of a private libapparmor API is to prevent duplicated code between the parser and libapparmor. This becomes an issue as we prepare to move chunks of the parser into libapparmor. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com>
2025-08-30 22:05:27 +00:00 · 2015-03-25 17:09:27 -05:00
parent 7e218b758d
commit 2879cf217a
6 changed files with 106 additions and 45 deletions
--- a/parser/parser_misc.c
+++ b/parser/parser_misc.c
@@ -32,6 +32,7 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <sys/apparmor.h>
+#include <sys/apparmor_private.h>

 #include "lib.h"
 #include "parser.h"
@@ -50,53 +51,14 @@
 #endif
 #define NPDEBUG(fmt, args...)	/* Do nothing */

-struct ignored_suffix_t {
-	const char * text;
-	int len;
-	int silent;
-};
-
-static struct ignored_suffix_t ignored_suffixes[] = {
-	/* Debian packging files, which are in flux during install
-           should be silently ignored. */
-	{ ".dpkg-new", 9, 1 },
-	{ ".dpkg-old", 9, 1 },
-	{ ".dpkg-dist", 10, 1 },
-	{ ".dpkg-bak", 9, 1 },
-	/* RPM packaging files have traditionally not been silently
-           ignored */
-	{ ".rpmnew", 7, 0 },
-	{ ".rpmsave", 8, 0 },
-	/* patch file backups/conflicts */
-	{ ".orig", 5, 0 },
-	{ ".rej", 4, 0 },
-	/* Backup files should be mentioned */
-	{ "~", 1, 0 },
-	{ NULL, 0, 0 }
-};
-
 int is_blacklisted(const char *name, const char *path)
 {
-	int name_len;
-	struct ignored_suffix_t *suffix;
+	int retval = _aa_is_blacklisted(name, path);

-	/* skip dot files and files with no name */
-	if (*name == '.' || !strlen(name))
-		return 1;
+	if (retval == -1)
+		PERROR("Ignoring: '%s'\n", path ? path : name);

-	name_len = strlen(name);
-	/* skip blacklisted suffixes */
-	for (suffix = ignored_suffixes; suffix->text; suffix++) {
-		char *found;
-		if ( (found = strstr((char *) name, suffix->text)) &&
-		     found - name + suffix->len == name_len ) {
-			if (!suffix->silent)
-				PERROR("Ignoring: '%s'\n", path ? path : name);
-			return 1;
-		}
-	}
-
-	return 0;
+	return !retval ? 0 : 1;
 }

 struct keyword_table {