dconf needs to do a raw query, so refactor the query_dconf fn into a setup, query fns.
Signed-off-by: John Johansen <[email protected]> --- libraries/libapparmor/src/kernel.c | 69 ++++++++++++++++++++++++++++++++------ 1 file changed, 59 insertions(+), 10 deletions(-) diff --git a/libraries/libapparmor/src/kernel.c b/libraries/libapparmor/src/kernel.c index c504c9d..7aa665d 100644 --- a/libraries/libapparmor/src/kernel.c +++ b/libraries/libapparmor/src/kernel.c @@ -1099,6 +1099,60 @@ int aa_query_link_path(const char *label, const char *target, const char *link, } /** + * aa_query_dconf_setup - setup query access permissions for a dconf @path + * @label: apparmor label + * @label_len: length of @label (does not include any terminating nul byte) + * @path: file path to query permissions for + * @path_len: length of @path (does not include any terminating nul byte) + * + * Returns: size on success else -1 and sets errno. If -1 is returned and + * errno is ENOENT, the subject label in the query string is unknown + * to the kernel. + */ +static ssize_t query_dconf_setup(char **query, const char *label, size_t label_len, + const char *path, size_t path_len) +{ + /* + 1 for null separator, + 1 for AA_CLASS_DCONF */ + ssize_t size = AA_QUERY_CMD_LABEL_SIZE + label_len + 1 + 1 + path_len; + *query = malloc(size); + if (!*query) + return -1; + memcpy(*query + AA_QUERY_CMD_LABEL_SIZE, label, label_len); + /* null separator */ + *query[AA_QUERY_CMD_LABEL_SIZE + label_len] = 0; + *query[AA_QUERY_CMD_LABEL_SIZE + label_len + 1] = AA_CLASS_DCONF; + memcpy(*query + AA_QUERY_CMD_LABEL_SIZE + label_len + 2, path, path_len); + + return size; +} + +/** + * aa_query_dconf_raw - query access permissions for a dconf @path + * @label: apparmor label + * @label_len: length of @label (does not include any terminating nul byte) + * @path: file path to query permissions for + * @path_len: length of @path (does not include any terminating nul byte) + * @perms: Returns: perms for the query. + * + * Returns: 0 on success else -1 and sets errno. If -1 is returned and errno is + * ENOENT, the subject label in the query string is unknown to the + * kernel. + */ +static int aa_query_dconf_raw(const char *label, size_t label_len, + const char *path, size_t path_len, + aa_perms_t *perms) + +{ + autofree char *query = NULL; + ssize_t size; + size = query_dconf_setup(&query, label, label_len, path, path_len); + if (size == -1) + return -1; + + return query_label_raw(query, size, perms); +} + +/** * aa_query_dconf_len - query access permissions for a dconf @path * @mask: permission bits to query * @label: apparmor label @@ -1118,18 +1172,13 @@ int aa_query_dconf_len(uint32_t mask, const char *label, size_t label_len, int *audited) { autofree char *query = NULL; + ssize_t size; - /* + 1 for null separator, + 1 for AA_CLASS_DCONF */ - size_t size = AA_QUERY_CMD_LABEL_SIZE + label_len + 1 + 1 + path_len; - query = malloc(size); - if (!query) + size = query_dconf_setup(&query, label, label_len, path, path_len); + if (size == -1) return -1; - memcpy(query + AA_QUERY_CMD_LABEL_SIZE, label, label_len); - /* null separator */ - query[AA_QUERY_CMD_LABEL_SIZE + label_len] = 0; - query[AA_QUERY_CMD_LABEL_SIZE + label_len + 1] = AA_CLASS_DCONF; - memcpy(query + AA_QUERY_CMD_LABEL_SIZE + label_len + 2, path, path_len); - return aa_query_label(mask, query, size , allowed, audited); + + return aa_query_label(mask, query, size, allowed, audited); } /** -- 2.9.3 -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
