From 9823c25b3ea894315f3c9c8802166f3d311511a5 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 16 Feb 2015 15:29:03 +0000 Subject: [PATCH 12/31] fix: bus_apparmor_pre_init: distinguish between OOM and AppArmor not enabled --- bus/apparmor.c | 22 +++++++++++++++++++--- bus/main.c | 2 +- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/bus/apparmor.c b/bus/apparmor.c index d171833..1f09b6c 100644 --- a/bus/apparmor.c +++ b/bus/apparmor.c @@ -83,14 +83,20 @@ bus_apparmor_audit_init (void) #endif /* HAVE_LIBAUDIT */ } +/* + * Return TRUE on successful check, FALSE on OOM. + * Set *is_supported to whether AA has D-Bus features. + */ static dbus_bool_t -_bus_apparmor_aa_supports_dbus (void) +_bus_apparmor_detect_aa_dbus_support (dbus_bool_t *is_supported) { int mask_file; DBusString aa_dbus; char *aa_securityfs = NULL; dbus_bool_t retval = FALSE; + *is_supported = FALSE; + if (!_dbus_string_init (&aa_dbus)) return FALSE; @@ -110,10 +116,12 @@ _bus_apparmor_aa_supports_dbus (void) O_RDONLY | O_CLOEXEC); if (mask_file != -1) { - retval = TRUE; + *is_supported = TRUE; close (mask_file); } + retval = TRUE; + out: free (aa_securityfs); _dbus_string_free (&aa_dbus); @@ -124,12 +132,20 @@ out: /** * Do early initialization; determine whether AppArmor is enabled. + * Return TRUE on successful check (whether AppArmor is actually + * enabled or not) or FALSE on OOM. */ dbus_bool_t bus_apparmor_pre_init (void) { #ifdef HAVE_APPARMOR - apparmor_enabled = (aa_is_enabled () && _bus_apparmor_aa_supports_dbus ()); + apparmor_enabled = FALSE; + + if (!aa_is_enabled ()) + return TRUE; + + if (!_bus_apparmor_detect_aa_dbus_support (&apparmor_enabled)) + return FALSE; #endif return TRUE; diff --git a/bus/main.c b/bus/main.c index 1575195..b48f03f 100644 --- a/bus/main.c +++ b/bus/main.c @@ -617,7 +617,7 @@ main (int argc, char **argv) if (!bus_apparmor_pre_init ()) { - _dbus_warn ("AppArmor pre-initialization failed\n"); + _dbus_warn ("AppArmor pre-initialization failed: out of memory\n"); exit (1); } -- 2.1.4