mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

parser: Add aa_policy_cache function to replace all policies

Browse Source 
This may be useful for something like an init daemon that simply wants
to load all cached binaries without worrying about any sort of policy
compilation.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Tyler Hicks 2015-03-25 17:09:27 -05:00
parent 9aa29f4117
commit 7e218b758d
2 changed files with 64 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
parser/policy_cache.c
View File

@ -249,6 +249,34 @@ static int init_cache_features(aa_policy_cache *policy_cache,
return 0; return 0;
} }
struct replace_all_cb_data {
aa_policy_cache *policy_cache;
aa_kernel_interface *kernel_interface;
};
static int replace_all_cb(DIR *dir unused, const char *name, struct stat *st,
void *cb_data)
{
int retval = 0;
if (!S_ISDIR(st->st_mode) && !is_blacklisted(name, NULL)) {
struct replace_all_cb_data *data;
autofree char *path = NULL;
data = (struct replace_all_cb_data *) cb_data;
if (asprintf(&path, "%s/%s",
data->policy_cache->path, name) < 0) {
path = NULL;
errno = ENOMEM;
return -1;
}
retval = aa_kernel_interface_replace_policy_from_file(data->kernel_interface,
path);
}
return retval;
}
/** /**
* aa_policy_cache_new - create a new policy_cache from a path * aa_policy_cache_new - create a new policy_cache from a path
* @policy_cache: will point to the address of an allocated and initialized * @policy_cache: will point to the address of an allocated and initialized
@ -368,3 +396,36 @@ int aa_policy_cache_remove(const char *path)
{ {
return dirat_for_each(NULL, path, NULL, clear_cache_cb); return dirat_for_each(NULL, path, NULL, clear_cache_cb);
} }
/**
* aa_policy_cache_replace_all - performs a kernel policy replacement of all cached policies
* @policy_cache: the policy_cache
* @kernel_interface: the kernel interface to use when doing the replacement
*
* Returns: 0 on success, -1 on error with errno set and features pointing to
* NULL
*/
int aa_policy_cache_replace_all(aa_policy_cache *policy_cache,
aa_kernel_interface *kernel_interface)
{
struct replace_all_cb_data cb_data;
int retval;
if (kernel_interface) {
aa_kernel_interface_ref(kernel_interface);
} else if (aa_kernel_interface_new(&kernel_interface,
policy_cache->kernel_features,
NULL) == -1) {
kernel_interface = NULL;
return -1;
}
cb_data.policy_cache = policy_cache;
cb_data.kernel_interface = kernel_interface;
retval = dirat_for_each(NULL, policy_cache->path, &cb_data,
replace_all_cb);
aa_kernel_interface_unref(kernel_interface);
return retval;
}

3
parser/policy_cache.h
View File

@ -57,5 +57,8 @@ void aa_policy_cache_unref(aa_policy_cache *policy_cache);
bool aa_policy_cache_is_valid(aa_policy_cache *policy_cache); bool aa_policy_cache_is_valid(aa_policy_cache *policy_cache);
int aa_policy_cache_create(aa_policy_cache *policy_cache); int aa_policy_cache_create(aa_policy_cache *policy_cache);
int aa_policy_cache_remove(const char *path); int aa_policy_cache_remove(const char *path);
int aa_policy_cache_replace_all(aa_policy_cache *policy_cache,
aa_kernel_interface *kernel_interface);
#endif /* __AA_POLICY_CACHE_H */ #endif /* __AA_POLICY_CACHE_H */