aa_getcon, aa_gettaskcon - get task confinement information
aa_getpeercon - get the confinement of a socket's other end (peer)
int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len, char **mode);
int aa_getprocattr(pid_t tid, const char *attr, char **label, char **mode);
int aa_gettaskcon(pid_t target, char **label, char **mode);
int aa_getcon(char **label, char **mode);
int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode);
int aa_getpeercon(int fd, char **label, char **mode);
Link with -lapparmor when compiling.
Some examples of possible returned *label strings are "unconfined", "/sbin/dhclient", and "Firefox". The string can consist of any non-NUL characters but it will be NUL-terminated. The *label string must be freed using free().
The possible *mode strings are "enforce" and "complain". Additionally, *mode may be NULL when *label is "unconfined". The *mode string must not be freed. The *label and *mode strings come from a single buffer allocation and are separated by a NUL character.
The aa_gettaskcon function is like the aa_getcon function except it will work for any arbitrary task in the system.
The aa_getpeercon function is similar to that of aa_gettaskcon except that it returns the confinement information for task on the other end of a socket connection.
The aa_getpeercon_raw function is the backend for the aa_getpeercon function and does not handle buffer allocation.
The aa_getprocattr function is the backend for the aa_getcon and aa_gettaskcon functions and handles the reading and parsing of the confinement data from different arbitrary attr files and returns the processed results in an allocated buffer.
The aa_getprocattr_raw() is the backend for the aa_getprocattr function and does not handle buffer allocation.
- The apparmor kernel module is not loaded or the communication via the /proc/*/attr/file did not conform to protocol.
- Insufficient kernel memory was available.
- Access to the specified file/task was denied.
- The specified file/task does not exist or is not visible.
- The confinement data is too large to fit in the supplied buffer.