libapparmor: aa_features function that returns a features identifier

Add and export aa_features_id() which can be used to get a unique
identifier for an aa_features object. Internally, this is a djb2 hash of
the features string. The hash function used and even the makeup of the
features ID can be easily changed in the future since external consumers
must use this function to fetch the features ID.

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>

libraries/libapparmor/doc/aa_features.pod

@@ -40,6 +40,8 @@ aa_features_is_equal - equality test for two aa_features objects
 
 aa_features_supports - provides aa_features object support status
 
+aa_features_id - provides unique identifier for an aa_features object
+
 =head1 SYNOPSIS
 
 B<#include E<lt>sys/apparmor.hE<gt>>
@@ -62,6 +64,8 @@ B<bool aa_features_is_equal(aa_features *features1, aa_features *features2);>
 
 B<bool aa_features_supports(aa_features *features, const char *str);>
 
+B<char *aa_features_id(aa_features *features);>
+
 Link with B<-lapparmor> when compiling.
 
 =head1 DESCRIPTION
@@ -108,6 +112,12 @@ the path, relative to the "apparmor/features/" directory of securityfs, of the
 feature to query. For example, to test if policy version 6 is supported, I<str>
 would be "policy/versions/v6".
 
+The aa_features_id() function returns a string representation of an
+identifier that can be used to uniquely identify an I<aa_features> object.
+The mechanism for generating the string representation is internal to
+libapparmor and subject to change but an example implementation is
+applying a hash function to the features string.
+
 =head1 RETURN VALUE
 
 The aa_features_new() family of functions return 0 on success and I<*features>
@@ -126,15 +136,20 @@ and false if they are not equal.
 aa_features_supports() returns true if the feature represented by I<str> is
 supported and false if it is not supported.
 
+aa_features_id() returns a string identifying I<features> which must be
+freed by the caller. NULL is returned on error, with errno set
+appropriately.
+
 =head1 ERRORS
 
 The errno value will be set according to the underlying error in the
-I<aa_features> family of functions that return -1 on error.
+I<aa_features> family of functions that return -1 or NULL on error.
 
 =head1 NOTES
 
-All aa_features functions described above are present in libapparmor version
-2.10 and newer.
+All aa_features functions described above, except for aa_features_id(),
+are present in libapparmor version 2.10. The aa_features_id() function can be
+found in libapparmor version 2.12.
 
 aa_features_unref() saves the value of errno when called and restores errno
 before exiting in libapparmor version 2.12 and newer.

libraries/libapparmor/include/sys/apparmor.h

@@ -154,6 +154,7 @@ extern int aa_features_write_to_file(aa_features *features,
 extern bool aa_features_is_equal(aa_features *features1,
 				 aa_features *features2);
 extern bool aa_features_supports(aa_features *features, const char *str);
+extern char *aa_features_id(aa_features *features);
 
 typedef struct aa_kernel_interface aa_kernel_interface;
 extern int aa_kernel_interface_new(aa_kernel_interface **kernel_interface,

libraries/libapparmor/src/features.c

@@ -618,3 +618,21 @@ bool aa_features_supports(aa_features *features, const char *str)
 
 	return true;
 }
+
+/**
+ * aa_features_id - provides unique identifier for an aa_features object
+ * @features: the features
+ *
+ * Allocates and returns a string representation of an identifier that can
+ * be used to uniquely identify an aa_features object. The mechanism for
+ * generating the string representation is internal to libapparmor and
+ * subject to change but an example implementation is applying a hash
+ * function to the features string.
+ *
+ * Returns: a string identifying @features which must be freed by the
+ * caller or NULL, with errno set, upon error
+ */
+char *aa_features_id(aa_features *features)
+{
+	return strdup(features->hash);
+}

libraries/libapparmor/src/libapparmor.map

@@ -99,6 +99,7 @@ APPARMOR_2.12 {
   global:
         aa_policy_cache_dir_path;
         aa_policy_cache_dir_path_preview;
+        aa_features_id;
   local:
         *;
 } APPARMOR_2.11;