mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-31 06:16:03 +00:00
Code Issues Releases Wiki Activity

libapparmor: Simplify aa_policy_cache API

Browse Source 
This patch changes the aa_policy_cache_new() prototype and gets rid of
aa_policy_cache_is_valid() and aa_policy_cache_create().

The create bool of aa_policy_cache_new() is replaced with a 16 bit
unsigned int used to specify the maximum number of caches that should be
present in the specified cache directory. If the number is exceeded, the
old cache directories are reaped. The definition of "old" is private to
libapparmor and only 1 cache directory is currently supported. However,
that will change in the near future and multiple cache directories will
be supported.

If 0 is specified for the max_caches parameter, no new caches can be
created and only an existing, valid cache can be used. An error is
returned if no valid caches exist in that case.

If UINT16_MAX is specified, an unlimited amount of caches can be created
and reaping is disabled.

This means that 0 to (2^16)-2, or infinite, caches will be supported in
the future.

This change allows for the parser to continue to support the
--skip-bad-cache (by passing 0 for max_caches) and the --write-cache
option (by passing 1 or more for max_caches) without confusing
libapparmor users with the aa_policy_cache_{is_valid,create}()
functions.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Tyler Hicks
2015-06-15 15:11:50 -05:00
parent 5e0d6456e2
commit 5d6eb1a40f
6 changed files with 87 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
parser/parser_main.c
View File

@@ -899,6 +899,8 @@ int main(int argc, char *argv[])
if ((!skip_cache && (write_cache || !skip_read_cache)) ||
force_clear_cache) {
uint16_t max_caches = write_cache && cond_clear_cache ? 1 : 0;
if (!cacheloc && asprintf(&cacheloc, "%s/cache", basedir) == -1) {
PERROR(_("Memory allocation error."));
return 1;
@@ -918,7 +920,7 @@ int main(int argc, char *argv[])
pwarn(_("The --create-cache-dir option is deprecated. Please use --write-cache.\n"));
retval = aa_policy_cache_new(&policy_cache, features, cacheloc,
write_cache);
max_caches);
if (retval) {
if (errno != ENOENT) {
PERROR(_("Failed setting up policy cache (%s): %s\n"),
@@ -926,22 +928,16 @@ int main(int argc, char *argv[])
return 1;
}
write_cache = 0;
skip_read_cache = 0;
} else if (!aa_policy_cache_is_valid(policy_cache)) {
if (write_cache && cond_clear_cache &&
aa_policy_cache_create(policy_cache)) {
if (show_cache)
if (show_cache) {
if (max_caches > 0)
PERROR("Cache write disabled: Cannot create cache '%s': %m\n",
cacheloc);
write_cache = 0;
skip_read_cache = 1;
} else if (!write_cache || !cond_clear_cache) {
if (show_cache)
else
PERROR("Cache read/write disabled: Policy cache is invalid\n");
write_cache = 0;
skip_read_cache = 1;
}
write_cache = 0;
skip_read_cache = 1;
}
}