~ubuntu-branches/ubuntu/saucy/apparmor/saucy-proposed

Viewing changes to .pc/0067-libapparmor-mode-strings-are-not-to-be-freed.patch/libraries/libapparmor/src/apparmor.h

Committer: Package Import Robot
Author(s): Jamie Strandboge, Tyler Hicks, Jamie Strandboge
Date: 2013-09-10 12:06:06 UTC
Revision ID: package-import@ubuntu.com-20130910120606-cli33sg3o4tgayou

Tags: 2.8.0-0ubuntu28

https://launchpad.net/bugs/1220861

https://launchpad.net/bugs/1196880

[ Tyler Hicks ]
* Move the aa-exec man page out of apparmor-utils into apparmor, since
  aa-exec is now in apparmor
  - debian/control: adjust Breaks/Replaces to use apparmor-utils
    (<< 2.8.0-0ubuntu28)
  - debian/apparmor.manpages: install the aa-exec man page
  - debian/apparmor-utils.manpages: don't install the aa-exec man page
* debian/patches/0065-lp1220861.patch: Always NUL-terminate confinement
  context strings returned from libapparmor (LP: #1220861)
* debian/patches/0066-lp1196880.patch: Don't assign mode pointer in
  aa_getprocattr() if caller passed in NULL (LP: #1196880)
* debian/patches/0067-libapparmor-mode-strings-are-not-to-be-freed.patch:
  Update man page and code comments to make it clear that freeing the *con
  string returned from libapparmor's getcon functions also frees the *mode
  string
* debian/patches/0068-libapparmor-mention-dbus-method-in-getcon-man.patch:
  Document the D-Bus method, in the aa_getcon man page, that returns the
  AppArmor task confinement string of a D-Bus connection

[ Jamie Strandboge ]
* debian/patches/0069-p11kit-abstraction.patch: p11-kit needs access to
  /usr/share/p11-kit/modules

files added:
.pc/0065-lp1220861.patch

.pc/0065-lp1220861.patch/libraries

.pc/0065-lp1220861.patch/libraries/libapparmor

.pc/0065-lp1220861.patch/libraries/libapparmor/src

.pc/0065-lp1220861.patch/libraries/libapparmor/src/kernel_interface.c

.pc/0066-lp1196880.patch

.pc/0066-lp1196880.patch/libraries

.pc/0066-lp1196880.patch/libraries/libapparmor

.pc/0066-lp1196880.patch/libraries/libapparmor/src

.pc/0066-lp1196880.patch/libraries/libapparmor/src/kernel_interface.c

.pc/0067-libapparmor-mode-strings-are-not-to-be-freed.patch

.pc/0067-libapparmor-mode-strings-are-not-to-be-freed.patch/libraries

.pc/0067-libapparmor-mode-strings-are-not-to-be-freed.patch/libraries/libapparmor

.pc/0067-libapparmor-mode-strings-are-not-to-be-freed.patch/libraries/libapparmor/doc

.pc/0067-libapparmor-mode-strings-are-not-to-be-freed.patch/libraries/libapparmor/doc/aa_getcon.pod

.pc/0067-libapparmor-mode-strings-are-not-to-be-freed.patch/libraries/libapparmor/src

.pc/0067-libapparmor-mode-strings-are-not-to-be-freed.patch/libraries/libapparmor/src/apparmor.h

.pc/0067-libapparmor-mode-strings-are-not-to-be-freed.patch/libraries/libapparmor/src/kernel_interface.c

.pc/0068-libapparmor-mention-dbus-method-in-getcon-man.patch

.pc/0068-libapparmor-mention-dbus-method-in-getcon-man.patch/libraries

.pc/0068-libapparmor-mention-dbus-method-in-getcon-man.patch/libraries/libapparmor

.pc/0068-libapparmor-mention-dbus-method-in-getcon-man.patch/libraries/libapparmor/doc

.pc/0068-libapparmor-mention-dbus-method-in-getcon-man.patch/libraries/libapparmor/doc/aa_getcon.pod

.pc/0069-p11kit-abstraction.patch

.pc/0069-p11kit-abstraction.patch/profiles

.pc/0069-p11kit-abstraction.patch/profiles/apparmor.d

.pc/0069-p11kit-abstraction.patch/profiles/apparmor.d/abstractions

.pc/0069-p11kit-abstraction.patch/profiles/apparmor.d/abstractions/p11-kit

debian/patches/0065-lp1220861.patch

debian/patches/0066-lp1196880.patch

debian/patches/0067-libapparmor-mode-strings-are-not-to-be-freed.patch

debian/patches/0068-libapparmor-mention-dbus-method-in-getcon-man.patch

debian/patches/0069-p11kit-abstraction.patch

files modified:
.pc/applied-patches

debian/apparmor-utils.manpages

debian/apparmor.manpages

debian/changelog

debian/control

debian/patches/series

libraries/libapparmor/doc/aa_getcon.pod

libraries/libapparmor/src/apparmor.h

libraries/libapparmor/src/kernel_interface.c

profiles/apparmor.d/abstractions/p11-kit

Show diffs side-by-side

added added

removed removed

.pc/0067-libapparmor-mode-strings-are-not-to-be-freed.patch/libraries/libapparmor/src/apparmor.h

* The libapparmor library is licensed under the terms of the GNU

* Lesser General Public License, version 2.1. Please see the file

* COPYING.LGPL.

* This library is distributed in the hope that it will be useful,

* but WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

* GNU Lesser General Public License for more details.

* You should have received a copy of the GNU Lesser General Public License

* along with this program. If not, see <http://www.gnu.org/licenses/>.

#ifndef _SYS_APPARMOR_H_

#define _SYS_APPARMOR_H 1

#include <stdint.h>

#include <sys/types.h>

__BEGIN_DECLS

* Class of mediation types in the AppArmor policy db

#define AA_CLASS_COND 0

#define AA_CLASS_UNKNOWN 1

#define AA_CLASS_FILE 2

#define AA_CLASS_CAP 3

#define AA_CLASS_NET 4

#define AA_CLASS_RLIMITS 5

#define AA_CLASS_DOMAIN 6

#define AA_CLASS_MOUNT 7

#define AA_CLASS_NS_DOMAIN 8

#define AA_CLASS_PTRACE 9

#define AA_CLASS_ENV 16

#define AA_CLASS_DBUS 32

#define AA_CLASS_X 33

/* Permission Flags for Mediation classes */

#define AA_MAY_WRITE (1 << 1)

#define AA_MAY_READ (1 << 2)

#define AA_MAY_BIND (1 << 6)

#define AA_DBUS_SEND AA_MAY_WRITE

#define AA_DBUS_RECEIVE AA_MAY_READ

#define AA_DBUS_BIND AA_MAY_BIND

/* Prototypes for apparmor state queries */

extern int aa_is_enabled(void);

extern int aa_find_mountpoint(char **mnt);

/* Prototypes for self directed domain transitions

* see <http://apparmor.net>

* Please see the change_hat(2) manpage for information.

#define change_hat(X, Y) aa_change_hat((X), (Y))

extern int (change_hat)(const char *subprofile, unsigned int magic_token);

extern int aa_change_hat(const char *subprofile, unsigned long magic_token);

extern int aa_change_profile(const char *profile);

extern int aa_change_onexec(const char *profile);

extern int aa_change_hatv(const char *subprofiles[], unsigned long token);

extern int (aa_change_hat_vargs)(unsigned long token, int count, ...);

/* Protypes for introspecting task confinement

* Please see the aa_getcon(2) manpage for information

extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,

char **mode);

extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char **mode);

extern int aa_gettaskcon(pid_t target, char **con, char **mode);

extern int aa_getcon(char **con, char **mode);

extern int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode);

extern int aa_getpeercon(int fd, char **con, char **mode);

/* A NUL character is used to separate the query command prefix string from the

* rest of the query string. The query command sizes intentionally include the

* NUL-terminator in their values.

#define AA_QUERY_CMD_LABEL "label"

#define AA_QUERY_CMD_LABEL_SIZE sizeof(AA_QUERY_CMD_LABEL)

extern int aa_query_label(uint32_t mask, char *query, size_t size, int *allow,

int *audit);

#define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y)

#define __macroarg_count1(Y...) __macroarg_count2 (Y, 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0)

#define __macroarg_count2(_,x0,x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,x14,x15,n,Y...) n

/**

100

* change_hat_vargs - a wrapper macro for change_hat_vargs

101

* @T: the magic token

102

* @X...: the parameter list of hats being passed

103

104

* The change_hat_vargs macro makes it so the caller doesn't have to

105

* specify the number of hats passed as parameters to the change_hat_vargs

106

* fn.

107

108

* eg.

109

* change_hat_vargs(10, hat1, hat2, hat3, hat4);

110

* expandes to

111

* (change_hat_vargs)(10, 4, hat1, hat2, hat3, hat4);

112

113

* to call change_hat_vargs direction do

114

* (change_hat_vargs)(token, nhats, hat1, hat2...)

115

116

#define aa_change_hat_vargs(T, X...) \

117

(aa_change_hat_vargs)(T, __macroarg_counter(X), X)

118

119

__END_DECLS

120

121

#endif /* sys/apparmor.h */

Older »