libapparmor: Create a private API

This patch creates a private API in libapparmor in which upstream
provides no guarantees in regards to ABI stability.

A new header file, <sys/apparmor_private.h>, is created. The "_aa"
prefix will be used for symbols belonging to the private API.

To kick things off, a library friendly version of is_blacklisted() is
moved into libapparmor.

The purpose of a private libapparmor API is to prevent duplicated code
between the parser and libapparmor. This becomes an issue as we prepare
to move chunks of the parser into libapparmor.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>

libraries/libapparmor/include/sys/Makefile.am

@@ -1,3 +1,3 @@
 
 apparmor_hdrdir = $(includedir)/sys
-apparmor_hdr_HEADERS = apparmor.h
+apparmor_hdr_HEADERS = apparmor.h apparmor_private.h

libraries/libapparmor/include/sys/apparmor_private.h

@@ -0,0 +1,26 @@
+/*
+ * Copyright 2014 Canonical Ltd.
+ *
+ * The libapparmor library is licensed under the terms of the GNU
+ * Lesser General Public License, version 2.1. Please see the file
+ * COPYING.LGPL.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _SYS_APPARMOR_PRIVATE_H
+#define _SYS_APPARMOR_PRIVATE_H	1
+
+__BEGIN_DECLS
+
+int _aa_is_blacklisted(const char *name, const char *path);
+
+__END_DECLS
+
+#endif	/* sys/apparmor_private.h */

libraries/libapparmor/src/Makefile.am

@@ -48,7 +48,7 @@ af_protos.h: /usr/include/netinet/in.h
 lib_LTLIBRARIES = libapparmor.la
 noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h
 
-libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c
+libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel_interface.c scanner.c private.c
 libapparmor_la_LDFLAGS = -version-info $(AA_LIB_CURRENT):$(AA_LIB_REVISION):$(AA_LIB_AGE) -XCClinker -dynamic -pthread \
 	-Wl,--version-script=$(top_srcdir)/src/libapparmor.map
 

libraries/libapparmor/src/libapparmor.map

@@ -51,3 +51,10 @@ APPARMOR_2.9 {
   local:
 	*;
 } APPARMOR_1.1;
+
+PRIVATE {
+	global:
+		_aa_is_blacklisted;
+	local:
+		*;
+};

libraries/libapparmor/src/private.c

@@ -0,0 +1,66 @@
+/*
+ * Copyright 2014 Canonical Ltd.
+ *
+ * The libapparmor library is licensed under the terms of the GNU
+ * Lesser General Public License, version 2.1. Please see the file
+ * COPYING.LGPL.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <string.h>
+
+struct ignored_suffix_t {
+	const char * text;
+	int len;
+	int silent;
+};
+
+static struct ignored_suffix_t ignored_suffixes[] = {
+	/* Debian packging files, which are in flux during install
+           should be silently ignored. */
+	{ ".dpkg-new", 9, 1 },
+	{ ".dpkg-old", 9, 1 },
+	{ ".dpkg-dist", 10, 1 },
+	{ ".dpkg-bak", 9, 1 },
+	/* RPM packaging files have traditionally not been silently
+           ignored */
+	{ ".rpmnew", 7, 0 },
+	{ ".rpmsave", 8, 0 },
+	/* patch file backups/conflicts */
+	{ ".orig", 5, 0 },
+	{ ".rej", 4, 0 },
+	/* Backup files should be mentioned */
+	{ "~", 1, 0 },
+	{ NULL, 0, 0 }
+};
+
+int _aa_is_blacklisted(const char *name, const char *path)
+{
+	int name_len;
+	struct ignored_suffix_t *suffix;
+
+	/* skip dot files and files with no name */
+	if (*name == '.' || !strlen(name))
+		return 1;
+
+	name_len = strlen(name);
+	/* skip blacklisted suffixes */
+	for (suffix = ignored_suffixes; suffix->text; suffix++) {
+		char *found;
+		if ( (found = strstr((char *) name, suffix->text)) &&
+		     found - name + suffix->len == name_len ) {
+			if (!suffix->silent)
+				return -1;
+			return 1;
+		}
+	}
+
+	return 0;
+}

parser/parser_misc.c

@@ -32,6 +32,7 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <sys/apparmor.h>
+#include <sys/apparmor_private.h>
 
 #include "lib.h"
 #include "parser.h"
@@ -50,53 +51,14 @@
 #endif
 #define NPDEBUG(fmt, args...)	/* Do nothing */
 
-struct ignored_suffix_t {
-	const char * text;
-	int len;
-	int silent;
-};
-
-static struct ignored_suffix_t ignored_suffixes[] = {
-	/* Debian packging files, which are in flux during install
-           should be silently ignored. */
-	{ ".dpkg-new", 9, 1 },
-	{ ".dpkg-old", 9, 1 },
-	{ ".dpkg-dist", 10, 1 },
-	{ ".dpkg-bak", 9, 1 },
-	/* RPM packaging files have traditionally not been silently
-           ignored */
-	{ ".rpmnew", 7, 0 },
-	{ ".rpmsave", 8, 0 },
-	/* patch file backups/conflicts */
-	{ ".orig", 5, 0 },
-	{ ".rej", 4, 0 },
-	/* Backup files should be mentioned */
-	{ "~", 1, 0 },
-	{ NULL, 0, 0 }
-};
-
 int is_blacklisted(const char *name, const char *path)
 {
-	int name_len;
+	int retval = _aa_is_blacklisted(name, path);
-	struct ignored_suffix_t *suffix;
 
-	/* skip dot files and files with no name */
+	if (retval == -1)
-	if (*name == '.' || !strlen(name))
-		return 1;
-
-	name_len = strlen(name);
-	/* skip blacklisted suffixes */
-	for (suffix = ignored_suffixes; suffix->text; suffix++) {
-		char *found;
-		if ( (found = strstr((char *) name, suffix->text)) &&
-		     found - name + suffix->len == name_len ) {
-			if (!suffix->silent)
 		PERROR("Ignoring: '%s'\n", path ? path : name);
-			return 1;
-		}
-	}
 
-	return 0;
+	return !retval ? 0 : 1;
 }
 
 struct keyword_table {