parser: Add option to print the cache directory

The --print-cache-dir option can be used to have the parser print the value of the cache directory that is specific to the features used (from the current kernel, the --match-string option, or the --features-file option). After printing the path, apparmor_parser will exit. This is helpful because the final component in the path will become unpredictable because it will be based on arbitrary hash function output. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com>
2025-09-01 23:05:11 +00:00 · 2017-11-02 18:21:40 +00:00
parent b950c76d66
commit e9d9395f91
2 changed files with 33 additions and 1 deletions
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -101,6 +101,7 @@ struct timespec cache_tstamp, mru_policy_tstamp;

 static char *apparmorfs = NULL;
 static char *cacheloc = NULL;
+static bool print_cache_dir = false;

 static aa_features *features = NULL;

@@ -149,6 +150,7 @@ struct option long_options[] = {
 	{"debug-cache",		0, 0, 135},	/* no short option */
 	{"jobs",		1, 0, 'j'},
 	{"max-jobs",		1, 0, 136},	/* no short option */
+	{"print-cache-dir",	0, 0, 137},	/* no short option */
 	{NULL, 0, 0, 0},
 };

@@ -188,6 +190,7 @@ static void display_usage(const char *command)
 	       "    --skip-bad-cache	Don't clear cache if out of sync\n"
 	       "    --purge-cache	Clear cache regardless of its state\n"
 	       "    --debug-cache       Debug cache file checks\n"
+	       "    --print-cache_dir	Print the cache directory path\n"
 	       "-L, --cache-loc n	Set the location of the profile cache\n"
 	       "-q, --quiet		Don't emit warnings\n"
 	       "-v, --verbose		Show profile names as they load\n"
@@ -535,6 +538,10 @@ static int process_arg(int c, char *optarg)
 	case 136:
 		jobs_max = process_jobs_arg("max-jobs", optarg);
 		break;
+	case 137:
+		kernel_load = 0;
+		print_cache_dir = true;
+		break;
 	default:
 		/* 'unrecognized option' error message gets printed by getopt_long() */
 		exit(1);
@@ -654,6 +661,20 @@ static void set_supported_features(void)
 		dfaflags &= ~DFA_CONTROL_DIFF_ENCODE;
 }

+static bool do_print_cache_dir(aa_features *features, int dirfd, const char *path)
+{
+	autofree char *cache_dir = NULL;
+
+	cache_dir = aa_policy_cache_dir_path_preview(features, dirfd, path);
+	if (!cache_dir) {
+		PERROR(_("Unable to print the cache directory: %m\n"));
+		return false;
+	}
+
+	printf("%s\n", cache_dir);
+	return true;
+}
+
 int process_binary(int option, aa_kernel_interface *kernel_interface,
 		   const char *profilename)
 {
@@ -1097,7 +1118,7 @@ int main(int argc, char *argv[])
 	}

 	if ((!skip_cache && (write_cache || !skip_read_cache)) ||
-	    force_clear_cache) {
+	    print_cache_dir || force_clear_cache) {
 		uint16_t max_caches = write_cache && cond_clear_cache ? 1 : 0;

 		if (!cacheloc && asprintf(&cacheloc, "%s/cache", basedir) == -1) {
@@ -1105,6 +1126,10 @@ int main(int argc, char *argv[])
 			return 1;
 		}

+		if (print_cache_dir)
+			return do_print_cache_dir(features, AT_FDCWD,
+						  cacheloc) ? 0 : 1;
+
 		if (force_clear_cache) {
 			if (aa_policy_cache_remove(AT_FDCWD, cacheloc)) {
 				PERROR(_("Failed to clear cache files (%s): %s\n"),