Dlopen apparmor

Author: bjorn3

src/apparmor.rs

@@ -1,5 +1,5 @@
-use std::ffi::CString;
-use std::{fs, io};
+use std::ffi::{c_char, c_int, CStr, CString};
+use std::{fs, io, mem};
 
 use crate::cutils::cerr;
 
@@ -21,13 +21,43 @@ fn apparmor_is_enabled() -> io::Result<bool> {
     }
 }
 
-#[link(name = "apparmor")]
-extern "C" {
-    pub fn aa_change_onexec(profile: *const libc::c_char) -> libc::c_int;
-}
-
 /// Switch the apparmor profile to the given profile on the next exec call
 fn apparmor_prepare_exec(new_profile: &str) -> io::Result<()> {
+    // SAFETY: Always safe to call
+    unsafe { libc::dlerror() }; // Clear any existing error
+
+    // SAFETY: Loading a known safe dylib. LD_LIBRARY_PATH is ignored because we are setuid.
+    let handle = unsafe { libc::dlopen(c"libapparmor.so.1".as_ptr(), libc::RTLD_NOW) };
+    if handle.is_null() {
+        // SAFETY: In case of an error, dlerror returns a valid C string.
+        return Err(io::Error::new(io::ErrorKind::NotFound, unsafe {
+            CStr::from_ptr(libc::dlerror())
+                .to_string_lossy()
+                .into_owned()
+        }));
+    }
+
+    // SAFETY: dlsym will either return a function pointer of the right signature or NULL.
+    // Option<fn()> is guaranteed to represent a NULL value as None and any other value as Some.
+    let aa_change_onexec: Option<unsafe extern "C" fn(*const c_char) -> c_int> =
+        unsafe { mem::transmute(libc::dlsym(handle, c"aa_change_onexec".as_ptr())) };
+    let Some(aa_change_onexec) = aa_change_onexec else {
+        // SAFETY: Always safe to call
+        let err = unsafe { libc::dlerror() };
+        if err.is_null() {
+            // There was no error in dlsym, but the symbol itself was defined as NULL pointer.
+            // This is still an error for us, but dlerror will not return any error.
+            return Err(io::Error::new(
+                io::ErrorKind::Other,
+                "aa_change_onexec symbol is a NULL pointer",
+            ));
+        }
+        // SAFETY: In case of an error, dlerror returns a valid C string.
+        return Err(io::Error::new(io::ErrorKind::NotFound, unsafe {
+            CStr::from_ptr(err).to_string_lossy().into_owned()
+        }));
+    };
+
     let new_profile_cstr = CString::new(new_profile)?;
     // SAFETY: new_profile_cstr provided by CString ensures a valid ptr
     cerr(unsafe { aa_change_onexec(new_profile_cstr.as_ptr()) })?;

test-framework/sudo-test/src/ours.linux.Dockerfile

@@ -1,6 +1,6 @@
 FROM rust:1-slim-bookworm
 RUN apt-get update && \
-    apt-get install -y --no-install-recommends apparmor libpam0g-dev libapparmor-dev procps sshpass rsyslog ca-certificates tzdata
+    apt-get install -y --no-install-recommends apparmor libpam0g-dev libapparmor1 procps sshpass rsyslog ca-certificates tzdata
 # cache the crates.io index in the image for faster local testing
 RUN cargo search sudo
 WORKDIR /usr/src/sudo