yoake/internal/apparmor/api.go

66 lines
1.2 KiB
Go
Raw Normal View History

2022-11-11 22:58:05 -06:00
package apparmor
import (
// #cgo LDFLAGS: -lapparmor
// #include "./apparmor.h"
"C"
)
import (
"runtime"
"syscall"
"unsafe"
)
func ChangeHat(subprofile string, magicToken uint64) error {
var ret uintptr
if subprofile != "" {
subProfileC := C.CString(subprofile)
defer C.free(unsafe.Pointer(subProfileC))
ret = uintptr(C.go_aa_change_hat(subProfileC, C.ulong(magicToken)))
} else {
ret = uintptr(C.go_aa_change_hat(nil, C.ulong(magicToken)))
}
if ret != 0 {
return syscall.Errno(ret)
}
return nil
}
func ExecuteInHat(subprofile string, fn func(), lockThread bool) error {
if subprofile == "" {
fn()
return nil
}
if lockThread {
runtime.LockOSThread()
defer runtime.UnlockOSThread()
}
token, err := GetMagicToken()
if err != nil {
return err
}
if err := ChangeHat(subprofile, token); err != nil {
return err
}
fn()
return ChangeHat("", token)
}
func ChangeProfile(subprofile string) error {
var ret uintptr
if subprofile != "" {
subProfileC := C.CString(subprofile)
defer C.free(unsafe.Pointer(subProfileC))
ret = uintptr(C.go_aa_change_profile(subProfileC))
} else {
ret = uintptr(C.go_aa_change_profile(nil))
}
if ret != 0 {
return syscall.Errno(ret)
}
return nil
}