mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-02 07:15:18 +00:00
Code Issues Releases Wiki Activity

split routines for loading binary policy into its own file

Browse Source 
Signed-off-by: John Johansen <john.johansen@canonical.com>
[tyhicks: Handle inverted return from find_subdomainfs_mountpoint()]
[tyhicks: Link test progs to libapparmor to fix make check build fail]
[tyhicks: Migrate from opendir() to open() for opening apparmorfs]
[tyhicks: Make some of the split out functions static]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
This commit is contained in:
John Johansen
2015-03-25 17:09:26 -05:00
committed by Tyler Hicks
parent 076bc6be7a
commit 4e712f6c8d
7 changed files with 252 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
parser/parser_interface.c
View File

@@ -604,86 +604,3 @@ exit:
return error;
}
/* bleah the kernel should just loop and do multiple load, but to support
* older systems we need to do this
*/
#define PROFILE_HEADER_SIZE
static char header_version[] = "\x04\x08\x00version";
static char *next_profile_buffer(char *buffer, int size)
{
char *b = buffer;
for (; size - sizeof(header_version); b++, size--) {
if (memcmp(b, header_version, sizeof(header_version)) == 0) {
return b;
}
}
return NULL;
}
static int write_buffer(int fd, char *buffer, int size, bool set)
{
const char *err_str = set ? "profile set" : "profile";
int wsize = write(fd, buffer, size);
if (wsize < 0) {
PERROR(_("%s: Unable to write %s\n"), progname, err_str);
return -errno;
} else if (wsize < size) {
PERROR(_("%s: Unable to write %s\n"), progname, err_str);
return -EPROTO;
}
return 0;
}
int sd_load_buffer(int option, char *buffer, int size)
{
autoclose int fd = -1;
int error, bsize;
autofree char *filename = NULL;
/* TODO: push backup into caller */
if (!kernel_load)
return 0;
switch (option) {
case OPTION_ADD:
if (asprintf(&filename, "%s/.load", subdomainbase) == -1)
return -ENOMEM;
break;
case OPTION_REPLACE:
if (asprintf(&filename, "%s/.replace", subdomainbase) == -1)
return -ENOMEM;
break;
default:
return -EINVAL;
}
fd = open(filename, O_WRONLY);
if (fd < 0) {
PERROR(_("Unable to open %s - %s\n"), filename,
strerror(errno));
return -errno;
}
if (kernel_supports_setload) {
error = write_buffer(fd, buffer, size, true);
} else {
char *b, *next;
error = 0; /* in case there are no profiles */
for (b = buffer; b; b = next, size -= bsize) {
next = next_profile_buffer(b + sizeof(header_version),
size);
if (next)
bsize = next - b;
else
bsize = size;
error = write_buffer(fd, b, bsize, false);
if (error)
break;
}
}
return error;
}