parser: Create initial interface for policy cache

This API has the same look-and-feel of the previous aa_features API. The cache setup code was heavily dependent on globals set by CLI options. Options such as "skip the read cache", or "skip the write cache", or "don't clear the cache if it isn't valid", won't be useful for all aa_policy_cache API users so some of that logic was lifted out of the API. The constructor function still provides a bool parameter that specifies if the cache should be created or not. If the policy cache is invalid (currently meaning that the cache features file doesn't match the kernel features file), then a new aa_policy_cache object is still created but a call to aa_policy_cache_is_valid() will return false. The caller can then decide what to do (create a new valid cache, stop, etc.) Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: John Johansen <john.johansen@canonical.com>
2025-08-31 06:16:03 +00:00 · 2015-03-25 17:09:26 -05:00
parent d93d00cca9
commit f0fcf23231
3 changed files with 189 additions and 65 deletions
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -875,6 +875,7 @@ static void setup_flags(void)

 int main(int argc, char *argv[])
 {
+	aa_policy_cache *policy_cache;
 	int retval, last_error;
 	int i;
 	int optind;
@@ -907,29 +908,48 @@ int main(int argc, char *argv[])

 	setup_flags();

-	if (!cacheloc && asprintf(&cacheloc, "%s/cache", basedir) == -1) {
-		PERROR(_("Memory allocation error."));
-		return 1;
-	}
-
-	if (force_clear_cache) {
-		if (clear_cache_files(cacheloc)) {
-			PERROR(_("Failed to clear cache files (%s): %s\n"),
-			       cacheloc, strerror(errno));
+	if ((!skip_cache && (write_cache || !skip_read_cache)) ||
+	    force_clear_cache) {
+		if (!cacheloc && asprintf(&cacheloc, "%s/cache", basedir) == -1) {
+			PERROR(_("Memory allocation error."));
 			return 1;
 		}

-		return 0;
-	}
+		if (force_clear_cache) {
+			if (clear_cache_files(cacheloc)) {
+				PERROR(_("Failed to clear cache files (%s): %s\n"),
+				       cacheloc, strerror(errno));
+				return 1;
+			}

-	if (create_cache_dir)
-		pwarn(_("The --create-cache-dir option is deprecated. Please use --write-cache.\n"));
+			return 0;
+		}

-	retval = setup_cache(features, cacheloc);
-	if (retval) {
-		PERROR(_("Failed setting up policy cache (%s): %s\n"),
-		       cacheloc, strerror(errno));
-		return 1;
+		if (create_cache_dir)
+			pwarn(_("The --create-cache-dir option is deprecated. Please use --write-cache.\n"));
+
+		retval = aa_policy_cache_new(&policy_cache, features, cacheloc,
+					     write_cache);
+		if (retval) {
+			if (errno != ENOENT) {
+				PERROR(_("Failed setting up policy cache (%s): %s\n"),
+				       cacheloc, strerror(errno));
+				return 1;
+			}
+
+			write_cache = 0;
+			skip_read_cache = 0;
+		} else if (!aa_policy_cache_is_valid(policy_cache)) {
+			if (write_cache && cond_clear_cache &&
+			    aa_policy_cache_create(policy_cache)) {
+				skip_read_cache = 1;
+			} else if (!write_cache || !cond_clear_cache) {
+				if (show_cache)
+					PERROR("Cache read/write disabled: Policy cache is invalid\n");
+				write_cache = 0;
+				skip_read_cache = 1;
+			}
+		}
 	}

 	retval = last_error = 0;