From 6b200b6f0852565e02989a8d0796bc293c4e5886 Mon Sep 17 00:00:00 2001
From: Tyler Hicks <tyhicks@canonical.com>
Date: Wed, 25 Mar 2015 17:09:27 -0500
Subject: [PATCH] libapparmor: Add basic logging functionality

This patch adds equivalents of the parser's PDEBUG() and PERROR()
functions to libapparmor.

It does not add gettext(3) support to libapparmor since these are
messages that only developers will see (debug builds with
LIBAPPARMOR_DEBUG=1) or messages that go to the syslog.

PDEBUG() does nothing unless libapparmor is built with --enable-debug.
It prints to stderr if libapparmor is built with --enable-debug and the
LIBAPPARMOR_DEBUG environment variable is set.

PERROR() uses syslog(LOG_ERR, ...) by default. The message is sent to
the syslog and to stderr if libapparmor is built with --enable-debug and
the LIBAPPARMOR_DEBUG environment variable is set.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
---
 libraries/libapparmor/configure.ac  | 10 +++++++-
 libraries/libapparmor/src/private.c | 34 ++++++++++++++++++++++++++
 libraries/libapparmor/src/private.h | 37 +++++++++++++++++++++++++++++
 3 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 libraries/libapparmor/src/private.h

diff --git a/libraries/libapparmor/configure.ac b/libraries/libapparmor/configure.ac
index 4da65c120..fe6971cc1 100644
--- a/libraries/libapparmor/configure.ac
+++ b/libraries/libapparmor/configure.ac
@@ -14,6 +14,14 @@ PKG_PROG_PKG_CONFIG
 
 AC_PATH_PROG([SWIG], [swig])
 
+AC_MSG_CHECKING([whether the libapparmor debug output should be enabled])
+AC_ARG_ENABLE([debug_output],
+[AS_HELP_STRING([--enable-debug-output], [generate the libapparmor debug output [[default=no]]])],
+[AC_MSG_RESULT([$enableval])],
+[enable_debug_output=no]
+[AC_MSG_RESULT([$enable_debug_output])])
+AS_IF([test "$enable_debug_output" = "yes"], [AC_DEFINE([ENABLE_DEBUG_OUTPUT], [1], [debug output])])
+
 AC_MSG_CHECKING([whether the libapparmor man pages should be generated])
 AC_ARG_ENABLE(man_pages,
 [AS_HELP_STRING([--enable-man-pages], [generate the libapparmor man pages [[default=yes]]])],
@@ -71,7 +79,7 @@ AM_CONDITIONAL(HAVE_PERL, test x$with_perl = xyes)
 AM_CONDITIONAL(HAVE_RUBY, test x$with_ruby = xyes)
 
 AC_HEADER_STDC
-AC_CHECK_HEADERS(unistd.h stdint.h)
+AC_CHECK_HEADERS(unistd.h stdint.h syslog.h)
 
 AC_CHECK_FUNCS(asprintf)
 
diff --git a/libraries/libapparmor/src/private.c b/libraries/libapparmor/src/private.c
index f6f40b52e..eb3c0f8f0 100644
--- a/libraries/libapparmor/src/private.c
+++ b/libraries/libapparmor/src/private.c
@@ -14,7 +14,12 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
+#include <syslog.h>
 
 struct ignored_suffix_t {
 	const char * text;
@@ -41,6 +46,35 @@ static struct ignored_suffix_t ignored_suffixes[] = {
 	{ NULL, 0, 0 }
 };
 
+#define DEBUG_ENV_VAR	"LIBAPPARMOR_DEBUG"
+
+void print_error(bool honor_env_var, const char *ident, const char *fmt, ...)
+{
+	va_list args;
+	int openlog_options = 0;
+
+	if (honor_env_var && secure_getenv(DEBUG_ENV_VAR))
+		openlog_options |= LOG_PERROR;
+
+	openlog(ident, openlog_options, LOG_ERR);
+	va_start(args, fmt);
+	vsyslog(LOG_ERR, fmt, args);
+	va_end(args);
+	closelog();
+}
+
+void print_debug(const char *fmt, ...)
+{
+	va_list args;
+
+	if (!secure_getenv(DEBUG_ENV_VAR))
+		return;
+
+	va_start(args, fmt);
+	vfprintf(stderr, fmt, args);
+	va_end(args);
+}
+
 int _aa_is_blacklisted(const char *name, const char *path)
 {
 	int name_len;
diff --git a/libraries/libapparmor/src/private.h b/libraries/libapparmor/src/private.h
new file mode 100644
index 000000000..a3c582df6
--- /dev/null
+++ b/libraries/libapparmor/src/private.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2014 Canonical Ltd.
+ *
+ * The libapparmor library is licensed under the terms of the GNU
+ * Lesser General Public License, version 2.1. Please see the file
+ * COPYING.LGPL.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _AA_PRIVATE_H
+#define _AA_PRIVATE_H 1
+
+#include <stdbool.h>
+
+#if ENABLE_DEBUG_OUTPUT
+
+#define PERROR(fmt, args...)	print_error(true, "libapparmor", fmt, ## args)
+#define PDEBUG(fmt, args...)	print_debug("libapparmor: " fmt, ## args)
+
+#else /* ENABLE_DEBUG_OUTPUT */
+
+#define PERROR(fmt, args...)	print_error(false, "libapparmor", fmt, ## args)
+#define PDEBUG(fmt, args...)	/* do nothing */
+
+#endif /* ENABLE_DEBUG_OUTPUT */
+
+void print_error(bool honor_env_var, const char *ident, const char *fmt, ...);
+void print_debug(const char *fmt, ...);
+
+#endif /* _AA_PRIVATE_H */