void aa_find_mountpoint_wrapper (int *ret, char **mnt, bool *verbose) {
if(*verbose){
Rprintf("Finding mountpoint...\n");
}
*ret = aa_find_mountpoint (mnt);
if(*ret != 0){
*ret = errno;
}
}
/*
* Return TRUE on successful check, FALSE on OOM.
* Set *is_supported to whether AA has D-Bus features.
*/
static dbus_bool_t
_bus_apparmor_detect_aa_dbus_support (dbus_bool_t *is_supported)
{
int mask_file;
DBusString aa_dbus;
char *aa_securityfs = NULL;
dbus_bool_t retval = FALSE;
*is_supported = FALSE;
if (!_dbus_string_init (&aa_dbus))
return FALSE;
if (aa_find_mountpoint (&aa_securityfs) != 0)
goto out;
/*
* John Johansen has confirmed that the mainline kernel will not have
* the apparmorfs/features/dbus/mask file until the mainline kernel
* has AppArmor getpeersec support.
*/
if (!_dbus_string_append (&aa_dbus, aa_securityfs) ||
!_dbus_string_append (&aa_dbus, "/features/dbus/mask"))
goto out;
/* We need to open() the flag file, not just stat() it, because AppArmor
* does not mediate stat() in the apparmorfs. If you have a
* dbus-daemon inside an LXC container, with insufficiently broad
* AppArmor privileges to do its own AppArmor mediation, the desired
* result is that it behaves as if AppArmor was not present; but a stat()
* here would succeed, and result in it trying and failing to do full
* mediation. https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1238267 */
mask_file = open (_dbus_string_get_const_data (&aa_dbus),
O_RDONLY | O_CLOEXEC);
if (mask_file != -1)
{
*is_supported = TRUE;
close (mask_file);
}
retval = TRUE;
out:
free (aa_securityfs);
_dbus_string_free (&aa_dbus);
return retval;
}
