Skip to content

Commit 930b47d

Browse files
DemiMarieDemiMarie
committed
Add visibility attributes and use -fvisibility=hidden
Avoids exporting unnecessary symbols from libqrexec.
1 parent b8f0031 commit 930b47d

File tree

2 files changed

+37
-5
lines changed

2 files changed

+37
-5
lines changed

libqrexec/Makefile

+1-1
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ override QUBES_CFLAGS := -I. -I../libqrexec -g -O2 -Wall -Wextra -Werror \
55
-D_FORTIFY_SOURCE=2 -fstack-protector-strong -fPIC -std=gnu11 -D_POSIX_C_SOURCE=200809L \
66
-D_GNU_SOURCE $(CFLAGS) \
77
-Wstrict-prototypes -Wold-style-definition -Wmissing-declarations \
8-
-fno-delete-null-pointer-checks
8+
-fno-delete-null-pointer-checks -fvisibility=hidden
99

1010
override LDFLAGS += -pie -Wl,-z,relro,-z,now -shared
1111

libqrexec/libqrexec-utils.h

+36-4
Original file line numberDiff line numberDiff line change
@@ -96,8 +96,10 @@ struct qrexec_parsed_command {
9696

9797
/* Parse a command, return NULL on failure. Uses cmd->cmdline
9898
(do not free until destroy is called) */
99+
__attribute__((visibility("default")))
99100
struct qrexec_parsed_command *parse_qubes_rpc_command(
100101
const char *cmdline, bool strip_username);
102+
__attribute__((visibility("default")))
101103
void destroy_qrexec_parsed_command(struct qrexec_parsed_command *cmd);
102104

103105
/* Load service configuration.
@@ -111,20 +113,32 @@ void destroy_qrexec_parsed_command(struct qrexec_parsed_command *cmd);
111113
*/
112114
int load_service_config(struct qrexec_parsed_command *cmd_name,
113115
int *wait_for_session, char **user)
114-
__attribute__((deprecated("use load_service_config_v2() instead")));
115-
int load_service_config_v2(struct qrexec_parsed_command *cmd);
116+
__attribute__((deprecated("use load_service_config_v2() instead"), visibility("default")));
117+
/* Load service configuration.
118+
*
119+
* Return:
120+
* 1 - config successfuly loaded
121+
* 0 - config not found
122+
* -1 - other error
123+
*/
124+
__attribute__((visibility("default")))
125+
int load_service_config_v2(struct qrexec_parsed_command *cmd_name);
116126

117127
typedef void (do_exec_t)(const char *cmdline, const char *user);
128+
__attribute__((visibility("default")))
118129
void register_exec_func(do_exec_t *func);
119130
/*
120131
* exec() qubes-rpc-multiplexer if *prog* starts with magic "QUBESRPC" keyword,
121132
* do not return in that case; pass *envp* to execve() as en environment
122133
* otherwise, return false without any action
123134
*/
135+
__attribute__((visibility("default")))
124136
void exec_qubes_rpc_if_requested(const char *prog, char *const envp[]);
125137

138+
__attribute__((visibility("default")))
126139
int exec_wait_for_session(const char *source_domain);
127140

141+
__attribute__((visibility("default")))
128142
void buffer_init(struct buffer *b);
129143
void buffer_free(struct buffer *b);
130144
void buffer_append(struct buffer *b, const char *data, int len);
@@ -150,6 +164,7 @@ int write_stdin(int fd, const char *data, int len, struct buffer *buffer);
150164
* @return 0 if it spawned (or might have spawned) an external process,
151165
* nonzero on failure.
152166
*/
167+
__attribute__((visibility("default")))
153168
int execute_parsed_qubes_rpc_command(
154169
struct qrexec_parsed_command *cmd, int *pid, int *stdin_fd,
155170
int *stdout_fd, int *stderr_fd, struct buffer *stdin_buffer);
@@ -165,8 +180,9 @@ int execute_parsed_qubes_rpc_command(
165180
* @return 0 if the implementation is found (and, for sockets, connected to)
166181
* successfully, -1 if not found, -2 if problem.
167182
*/
183+
__attribute__((visibility("default")))
168184
int find_qrexec_service(
169-
struct qrexec_parsed_command *cmd,
185+
const struct qrexec_parsed_command *cmd,
170186
int *socket_fd, struct buffer *stdin_buffer);
171187

172188
/** Suggested buffer size for the path buffer of find_qrexec_service. */
@@ -189,25 +205,34 @@ int find_qrexec_service(
189205
* @return 0 if it spawned (or might have spawned) an external process,
190206
* nonzero on failure.
191207
*/
208+
__attribute__((visibility("default")))
192209
int execute_qubes_rpc_command(const char *cmdline, int *pid, int *stdin_fd,
193210
int *stdout_fd, int *stderr_fd,
194211
bool strip_username, struct buffer *buffer);
195212
/*
196213
* A version of ppoll() that also correctly handles vchan's event pending
197214
* flag. fds[0] is used internally and fds[0].fd must be equal to -1 on entry.
198215
*/
216+
__attribute__((visibility("default")))
199217
int ppoll_vchan(libvchan_t *ctrl, struct pollfd *fds, size_t nfds,
200218
struct timespec *timeout, const sigset_t *sigmask);
201219

220+
__attribute__((visibility("default")))
202221
int read_vchan_all(libvchan_t *vchan, void *data, size_t size);
222+
__attribute__((visibility("default")))
203223
int write_vchan_all(libvchan_t *vchan, const void *data, size_t size);
224+
__attribute__((visibility("default")))
204225
int read_all(int fd, void *buf, int size);
226+
__attribute__((visibility("default")))
205227
int write_all(int fd, const void *buf, int size);
228+
__attribute__((visibility("default")))
206229
void fix_fds(int fdin, int fdout, int fderr);
207230
void set_nonblock(int fd);
208231
void set_block(int fd);
209232

233+
__attribute__((visibility("default")))
210234
int get_server_socket(const char *);
235+
__attribute__((visibility("default")))
211236
int do_accept(int s);
212237

213238
void set_nonblock(int fd);
@@ -234,6 +259,7 @@ struct prefix_data {
234259
size_t len;
235260
};
236261

262+
__attribute__((visibility("default")))
237263
int send_exit_code(libvchan_t *vchan, int status);
238264

239265
/* Set of options for process_io(). */
@@ -277,6 +303,7 @@ struct process_io_request {
277303
*
278304
* Returns intended exit code (local or remote), but calls exit() on errors.
279305
*/
306+
__attribute__((visibility("default")))
280307
int process_io(const struct process_io_request *req);
281308

282309
// Logging
@@ -301,10 +328,11 @@ int process_io(const struct process_io_request *req);
301328

302329
#endif
303330

304-
331+
__attribute__((visibility("default")))
305332
void qrexec_log(int level, int errnoval, const char *file, int line,
306333
const char *func, const char *fmt, ...) __attribute__((format(printf, 6, 7)));
307334

335+
__attribute__((visibility("default")))
308336
void setup_logging(const char *program_name);
309337

310338
/**
@@ -317,6 +345,7 @@ void setup_logging(const char *program_name);
317345
* @param len The length of the data returned
318346
* @return The value on success. On failure returns NULL and sets errno.
319347
*/
348+
__attribute__((visibility("default")))
320349
char *qubesd_call(const char *dest, char *method, char *arg, size_t *len);
321350

322351
/**
@@ -331,13 +360,15 @@ char *qubesd_call(const char *dest, char *method, char *arg, size_t *len);
331360
* @param[out] len The number of bytes read.
332361
* @return A buffer to the number of bytes read. On failure returns NULL and sets errno.
333362
*/
363+
__attribute__((visibility("default")))
334364
void *qubes_read_all_to_malloc(int fd, size_t initial_buffer_size, size_t max_bytes, size_t *len);
335365

336366
/**
337367
* Send all data in the given msghdr. Short writes are retried as necessary.
338368
*
339369
* Returns true on success. Otherwise returns false setting errno.
340370
*/
371+
__attribute__((visibility("default")))
341372
bool qubes_sendmsg_all(struct msghdr *msg, int sock);
342373

343374
/**
@@ -349,6 +380,7 @@ bool qubes_sendmsg_all(struct msghdr *msg, int sock);
349380
* @param is_server Is this a server or a client vchan?
350381
* @param timeout The timeout to use.
351382
*/
383+
__attribute__((visibility("default")))
352384
int qubes_wait_for_vchan_connection_with_timeout(
353385
libvchan_t *conn, int wait_fd, bool is_server, time_t timeout);
354386
#endif /* LIBQREXEC_UTILS_H */

0 commit comments

Comments
 (0)