libapparmor: Allow creating a policy_cache with a NULL kernel_features

The most common case when creating an aa_policy_cache object will be to do so while using the current kernel's feature set for the kernel_features parameter. Rather than have callers instantiate their own aa_features object in this situation, aa_policy_cache_new() should do it for them if they specify NULL for the kernel_features parameter. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org>
2025-08-28 21:07:56 +00:00 · 2015-06-15 15:11:51 -05:00 · 2015-06-15 15:11:51 -05:00 · 611e891631
commit 611e891631
parent 0c19c8d596
2 changed files with 16 additions and 19 deletions
--- a/libraries/libapparmor/src/policy_cache.c
+++ b/libraries/libapparmor/src/policy_cache.c
@ -142,7 +142,8 @@ static int replace_all_cb(DIR *dir unused, const char *name, struct stat *st,
 * aa_policy_cache_new - create a new policy_cache from a path
 * @policy_cache: will point to the address of an allocated and initialized
 *                aa_policy_cache_new object upon success
- * @kernel_features: features representing a kernel
+ * @kernel_features: features representing a kernel (may be NULL if you want to
 *                   use the features of the currently running kernel)
 * @path: path to the policy cache
 * @max_caches: The maximum number of policy caches, one for each unique set of
 *              kernel features, before older caches are auto-reaped. 0 means
@ -193,6 +194,17 @@ int aa_policy_cache_new(aa_policy_cache **policy_cache,
 		return -1;
 	}
 	if (kernel_features) {
 		aa_features_ref(kernel_features);
 	} else if (aa_features_new_from_kernel(&kernel_features) == -1) {
 		int save = errno;
 		aa_policy_cache_unref(pc);
 		errno = save;
 		return -1;
 	}
 	pc->kernel_features = kernel_features;
 	if (init_cache_features(pc, kernel_features, create)) {
 		int save = errno;
@ -201,7 +213,6 @@ int aa_policy_cache_new(aa_policy_cache **policy_cache,
 		return -1;
 	}
 	pc->kernel_features = aa_features_ref(kernel_features);
 	*policy_cache = pc;
 	return 0;
@ -226,8 +237,8 @@ aa_policy_cache *aa_policy_cache_ref(aa_policy_cache *policy_cache)
 void aa_policy_cache_unref(aa_policy_cache *policy_cache)
 {
 	if (policy_cache && atomic_dec_and_test(&policy_cache->ref_count)) {
 		aa_features_unref(policy_cache->kernel_features);
 		aa_features_unref(policy_cache->features);
 		aa_features_unref(policy_cache->kernel_features);
 		free(policy_cache->features_path);
 		free(policy_cache->path);
 		free(policy_cache);
--- a/tests/regression/apparmor/aa_policy_cache.c
+++ b/tests/regression/apparmor/aa_policy_cache.c
@ -44,23 +44,16 @@ static void usage(const char *prog)
 static int test_new(const char *path, uint16_t max_caches)
 {
 	aa_features *features = NULL;
 	aa_policy_cache *policy_cache = NULL;
 	int rc = 1;
-	if (aa_features_new_from_kernel(&features)) {
+	if (aa_policy_cache_new(&policy_cache, NULL, path, max_caches)) {
 		perror("FAIL - aa_features_new_from_kernel");
 		goto out;
 	}
 	if (aa_policy_cache_new(&policy_cache, features, path, max_caches)) {
 		perror("FAIL - aa_policy_cache_new");
 		goto out;
 	}
 	rc = 0;
 out:
 	aa_features_unref(features);
 	aa_policy_cache_unref(policy_cache);
 	return rc;
 }
@ -109,16 +102,10 @@ out:
 static int test_replace_all(const char *path, uint16_t max_caches)
 {
 	aa_features *features = NULL;
 	aa_policy_cache *policy_cache = NULL;
 	int rc = 1;
-	if (aa_features_new_from_kernel(&features)) {
+	if (aa_policy_cache_new(&policy_cache, NULL, path, max_caches)) {
 		perror("FAIL - aa_features_new_from_kernel");
 		goto out;
 	}
 	if (aa_policy_cache_new(&policy_cache, features, path, max_caches)) {
 		perror("FAIL - aa_policy_cache_new");
 		goto out;
 	}
@ -130,7 +117,6 @@ static int test_replace_all(const char *path, uint16_t max_caches)
 	rc = 0;
 out:
 	aa_features_unref(features);
 	aa_policy_cache_unref(policy_cache);
 	return rc;
 }