From 7e218b758df02cfbc9529229687525e950951f9f Mon Sep 17 00:00:00 2001
From: Tyler Hicks <tyhicks@canonical.com>
Date: Wed, 25 Mar 2015 17:09:27 -0500
Subject: [PATCH] parser: Add aa_policy_cache function to replace all policies

This may be useful for something like an init daemon that simply wants
to load all cached binaries without worrying about any sort of policy
compilation.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
---
 parser/policy_cache.c | 61 +++++++++++++++++++++++++++++++++++++++++++
 parser/policy_cache.h |  3 +++
 2 files changed, 64 insertions(+)

diff --git a/parser/policy_cache.c b/parser/policy_cache.c
index 1b9d28225..ec73cc471 100644
--- a/parser/policy_cache.c
+++ b/parser/policy_cache.c
@@ -249,6 +249,34 @@ static int init_cache_features(aa_policy_cache *policy_cache,
 	return 0;
 }
 
+struct replace_all_cb_data {
+	aa_policy_cache *policy_cache;
+	aa_kernel_interface *kernel_interface;
+};
+
+static int replace_all_cb(DIR *dir unused, const char *name, struct stat *st,
+			 void *cb_data)
+{
+	int retval = 0;
+
+	if (!S_ISDIR(st->st_mode) && !is_blacklisted(name, NULL)) {
+		struct replace_all_cb_data *data;
+		autofree char *path = NULL;
+
+		data = (struct replace_all_cb_data *) cb_data;
+		if (asprintf(&path, "%s/%s",
+			     data->policy_cache->path, name) < 0) {
+			path = NULL;
+			errno = ENOMEM;
+			return -1;
+		}
+		retval = aa_kernel_interface_replace_policy_from_file(data->kernel_interface,
+								      path);
+	}
+
+	return retval;
+}
+
 /**
  * aa_policy_cache_new - create a new policy_cache from a path
  * @policy_cache: will point to the address of an allocated and initialized
@@ -368,3 +396,36 @@ int aa_policy_cache_remove(const char *path)
 {
 	return dirat_for_each(NULL, path, NULL, clear_cache_cb);
 }
+
+/**
+ * aa_policy_cache_replace_all - performs a kernel policy replacement of all cached policies
+ * @policy_cache: the policy_cache
+ * @kernel_interface: the kernel interface to use when doing the replacement
+ *
+ * Returns: 0 on success, -1 on error with errno set and features pointing to
+ *          NULL
+ */
+int aa_policy_cache_replace_all(aa_policy_cache *policy_cache,
+				aa_kernel_interface *kernel_interface)
+{
+	struct replace_all_cb_data cb_data;
+	int retval;
+
+	if (kernel_interface) {
+		aa_kernel_interface_ref(kernel_interface);
+	} else if (aa_kernel_interface_new(&kernel_interface,
+					   policy_cache->kernel_features,
+					   NULL) == -1) {
+		kernel_interface = NULL;
+		return -1;
+	}
+
+	cb_data.policy_cache = policy_cache;
+	cb_data.kernel_interface = kernel_interface;
+	retval = dirat_for_each(NULL, policy_cache->path, &cb_data,
+				replace_all_cb);
+
+	aa_kernel_interface_unref(kernel_interface);
+
+	return retval;
+}
diff --git a/parser/policy_cache.h b/parser/policy_cache.h
index 4267d9a14..6b222da19 100644
--- a/parser/policy_cache.h
+++ b/parser/policy_cache.h
@@ -57,5 +57,8 @@ void aa_policy_cache_unref(aa_policy_cache *policy_cache);
 bool aa_policy_cache_is_valid(aa_policy_cache *policy_cache);
 int aa_policy_cache_create(aa_policy_cache *policy_cache);
 int aa_policy_cache_remove(const char *path);
+int aa_policy_cache_replace_all(aa_policy_cache *policy_cache,
+				aa_kernel_interface *kernel_interface);
+
 
 #endif /* __AA_POLICY_CACHE_H */