1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
|
diff --git a/libraries/libapparmor/configure.ac b/libraries/libapparmor/configure.ac
index 479ba6dd..afbb8e2d 100644
--- a/libraries/libapparmor/configure.ac
+++ b/libraries/libapparmor/configure.ac
@@ -81,7 +81,7 @@ AM_CONDITIONAL(HAVE_RUBY, test x$with_ruby = xyes)
AC_HEADER_STDC
AC_CHECK_HEADERS(unistd.h stdint.h syslog.h)
-AC_CHECK_FUNCS([asprintf __secure_getenv secure_getenv])
+AC_CHECK_FUNCS([asprintf __secure_getenv secure_getenv scandirat])
AM_PROG_CC_C_O
AC_C_CONST
diff --git a/libraries/libapparmor/src/Makefile.am b/libraries/libapparmor/src/Makefile.am
index 6002017d..a3ae0703 100644
--- a/libraries/libapparmor/src/Makefile.am
+++ b/libraries/libapparmor/src/Makefile.am
@@ -46,9 +46,9 @@ af_protos.h: /usr/include/netinet/in.h
LC_ALL=C sed -n -e "/IPPROTO_MAX/d" -e "s/^\#define[ \\t]\\+IPPROTO_\\([A-Z0-9_]\\+\\)\\(.*\\)$$/AA_GEN_PROTO_ENT(\\UIPPROTO_\\1, \"\\L\\1\")/p" $< > $@
lib_LTLIBRARIES = libapparmor.la
-noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h private.h
+noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h secure_getenv.h scandirat.h private.h
-libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel.c scanner.c private.c features.c kernel_interface.c policy_cache.c
+libapparmor_la_SOURCES = grammar.y libaalogparse.c kernel.c scanner.c secure_getenv.c scandirat.c private.c features.c kernel_interface.c policy_cache.c
libapparmor_la_LDFLAGS = -version-info $(AA_LIB_CURRENT):$(AA_LIB_REVISION):$(AA_LIB_AGE) -XCClinker -dynamic -pthread \
-Wl,--version-script=$(top_srcdir)/src/libapparmor.map
diff --git a/libraries/libapparmor/src/private.c b/libraries/libapparmor/src/private.c
index 9378e224..b1c48051 100644
--- a/libraries/libapparmor/src/private.c
+++ b/libraries/libapparmor/src/private.c
@@ -39,10 +39,14 @@
#ifdef HAVE___SECURE_GETENV
#define secure_getenv __secure_getenv
#else
- #error neither secure_getenv nor __secure_getenv is available
+ #include "secure_getenv.h"
#endif
#endif
+#ifndef HAVE_SCANDIRAT
+#include "scandirat.h"
+#endif
+
struct ignored_suffix_t {
const char * text;
int len;
diff --git a/libraries/libapparmor/src/scandirat.c b/libraries/libapparmor/src/scandirat.c
new file mode 100644
index 00000000..1576a35f
--- /dev/null
+++ b/libraries/libapparmor/src/scandirat.c
@@ -0,0 +1,63 @@
+#include <dirent.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <inttypes.h>
+#include <errno.h>
+
+#include "scandirat.h"
+
+#ifndef HAVE_SCANDIRAT
+
+int scandirat(int dir_fd, const char *dirp, struct dirent ***namelist,
+ int (*filter)(const struct dirent *),
+ int (*compar)(const struct dirent **, const struct dirent **))
+{
+ int fd;
+ DIR *d;
+ struct dirent *de, **names=0, **tmp;
+ size_t cnt=0, len=0;
+ int old_errno = errno;
+
+
+ fd = openat(dir_fd, dirp, O_RDONLY|O_CLOEXEC);
+ if (fd == -1) return -1;
+
+ d = fdopendir(fd);
+
+ if (!d) {
+ close(fd);
+ return -1;
+ }
+
+ while ((errno=0), (de = readdir(d))) {
+ if (filter && !filter(de)) continue;
+ if (cnt >= len) {
+ len = 2*len+1;
+ if (len > SIZE_MAX/sizeof *names) break;
+ tmp = realloc(names, len * sizeof *names);
+ if (!tmp) break;
+ names = tmp;
+ }
+ names[cnt] = malloc(de->d_reclen);
+ if (!names[cnt]) break;
+ memcpy(names[cnt++], de, de->d_reclen);
+ }
+
+ closedir(d);
+
+ if (errno) {
+ if (names) while (cnt-->0) free(names[cnt]);
+ free(names);
+ return -1;
+ }
+ errno = old_errno;
+
+ if (compar) qsort(names, cnt, sizeof *names, (int (*)(const void *, const void *))compar);
+ *namelist = names;
+ return cnt;
+}
+
+#endif
+
diff --git a/libraries/libapparmor/src/scandirat.h b/libraries/libapparmor/src/scandirat.h
new file mode 100644
index 00000000..6f4bf037
--- /dev/null
+++ b/libraries/libapparmor/src/scandirat.h
@@ -0,0 +1,13 @@
+#ifndef LIBAPPARMOR_SCANDIRAT_H
+#define LIBAPPARMOR_SCANDIRAT_H
+
+#include <dirent.h>
+
+#ifndef HAVE_SCANDIRAT
+int scandirat(int dir_fd, const char *dirp, struct dirent ***namelist,
+ int (*filter)(const struct dirent *),
+ int (*compar)(const struct dirent **, const struct dirent **));
+#endif
+
+#endif
+
diff --git a/libraries/libapparmor/src/secure_getenv.c b/libraries/libapparmor/src/secure_getenv.c
new file mode 100644
index 00000000..b5eb46e5
--- /dev/null
+++ b/libraries/libapparmor/src/secure_getenv.c
@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <sys/auxv.h>
+
+#include "secure_getenv.h"
+
+#ifndef HAVE_SECURE_GETENV
+char *secure_getenv(const char *name)
+{
+ if (!getauxval(AT_SECURE)) {
+ return getenv(name);
+ }
+ return NULL;
+}
+#endif
+
diff --git a/libraries/libapparmor/src/secure_getenv.h b/libraries/libapparmor/src/secure_getenv.h
new file mode 100644
index 00000000..b6269a8f
--- /dev/null
+++ b/libraries/libapparmor/src/secure_getenv.h
@@ -0,0 +1,8 @@
+#ifndef LIBAPPARMOR_SECURE_GETENV_H
+#define LIBAPPARMOR_SECURE_GETENV_H
+
+#ifndef HAVE_SECURE_GETENV
+char *secure_getenv(const char *name);
+#endif
+
+#endif
--
2.16.1
|