/apparmor/functions

http://github.com/brinkman83/bashrc · Shell · 82 lines · 48 code · 11 blank · 23 comment · 7 complexity · bf1e4af791814a179a468687cb43b3f2 MD5 · raw file 

    

  1. #!/bin/sh
    2. 

  2. # ----------------------------------------------------------------------
    3. 

  3. #    Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
    4. 

  4. #     NOVELL (All rights reserved)
    5. 

  5. #    Copyright (c) 2008-2010 Canonical, Ltd.
    6. 

  6. #
    7. 

  7. #    This program is free software; you can redistribute it and/or
    8. 

  8. #    modify it under the terms of version 2 of the GNU General Public
    9. 

  9. #    License published by the Free Software Foundation.
    10. 

  10. #
    11. 

  11. #    This program is distributed in the hope that it will be useful,
    12. 

  12. #    but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13. #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14. #    GNU General Public License for more details.
    15. 

  15. #
    16. 

  16. #    You should have received a copy of the GNU General Public License
    17. 

  17. #    along with this program; if not, contact Novell, Inc.
    18. 

  18. # ----------------------------------------------------------------------
    19. 

  19. # Authors:
    20. 

  20. #  Kees Cook <kees@ubuntu.com>
    21. 

  21. #
    22. 

  22. # /etc/apparmor/functions
    23. 

  23. 

  24. PROFILES="/etc/apparmor.d"
    25. 

  25. PARSER="/sbin/apparmor_parser"
    26. 

  26. SECURITYFS="/sys/kernel/security"
    27. 

  27. export AA_SFS="$SECURITYFS/apparmor"
    28. 

  28. 

  29. # Suppress warnings when booting in quiet mode
    30. 

  30. quiet_arg=""
    31. 

  31. [ "${QUIET:-no}" = yes ] && quiet_arg="-q"
    32. 

  32. [ "${quiet:-n}" = y ] && quiet_arg="-q"
    33. 

  33. 

  34. foreach_configured_profile() {
    35. 

  35. 	(ls -1 "$PROFILES" | egrep -v '(\.dpkg-(new|old|dist|bak)|~)$' | \
    36. 

  36. 	while read profile; do
    37. 

  37. 		if [ -f "$PROFILES"/"$profile" ]; then
    38. 

  38. 			echo "$PROFILES"/"$profile"
    39. 

  39. 		fi
    40. 

  40. 	done) | \
    41. 

  41. 	xargs -n1 "$PARSER" "$@" --
    42. 

  42. }
    43. 

  43. 

  44. load_configured_profiles() {
    45. 

  45. 	clear_cache_if_outdated
    46. 

  46. 	foreach_configured_profile $quiet_arg --write-cache --replace
    47. 

  47. }
    48. 

  48. 

  49. load_configured_profiles_without_caching() {
    50. 

  50. 	foreach_configured_profile $quiet_arg --replace
    51. 

  51. }
    52. 

  52. 

  53. recache_profiles() {
    54. 

  54. 	clear_cache
    55. 

  55. 	foreach_configured_profile $quiet_arg --write-cache --skip-kernel-load
    56. 

  56. }
    57. 

  57. 

  58. configured_profile_names() {
    59. 

  59. 	foreach_configured_profile $quiet_arg -N 2>/dev/null | sort | grep -v '\^'
    60. 

  60. }
    61. 

  61. 

  62. running_profile_names() {
    63. 

  63. 	cat "$AA_SFS"/profiles | sed -e "s/ (\(enforce\|complain\))$//" | sort
    64. 

  64. }
    65. 

  65. 

  66. unload_profile() {
    67. 

  67. 	echo -n "$1" > "$AA_SFS"/.remove
    68. 

  68. }
    69. 

  69. 

  70. clear_cache() {
    71. 

  71. 	find "$PROFILES"/cache -maxdepth 1 -type f -print0 | xargs -0 rm -f --
    72. 

  72. }
    73. 

  73. 

  74. clear_cache_if_outdated() {
    75. 

  75. 	if [ -r "$PROFILES"/cache/.features ]; then
    76. 

  76. 		read CACHE_FEATURES < "$PROFILES"/cache/.features
    77. 

  77. 		read KERN_FEATURES < "$AA_SFS"/features
    78. 

  78. 		if [ "$KERN_FEATURES" != "$CACHE_FEATURES" ]; then
    79. 

  79. 			clear_cache
    80. 

  80. 		fi
    81. 

  81. 	fi
    82. 

  82. }
    83.