Linux Audio

Check our new training course

Open Menu / security / apparmor / include / apparmor.h
Loading...
v5.4
 1/* SPDX-License-Identifier: GPL-2.0-only */
 2/*
 3 * AppArmor security module
 4 *
 5 * This file contains AppArmor basic global
 6 *
 7 * Copyright (C) 1998-2008 Novell/SUSE
 8 * Copyright 2009-2017 Canonical Ltd.
 
 
 
 
 
 9 */
10
11#ifndef __APPARMOR_H
12#define __APPARMOR_H
13
14#include <linux/types.h>
 
 
 
15
16/*
17 * Class of mediation types in the AppArmor policy db
18 */
19#define AA_CLASS_ENTRY		0
20#define AA_CLASS_UNKNOWN	1
21#define AA_CLASS_FILE		2
22#define AA_CLASS_CAP		3
23#define AA_CLASS_DEPRECATED	4
24#define AA_CLASS_RLIMITS	5
25#define AA_CLASS_DOMAIN		6
26#define AA_CLASS_MOUNT		7
27#define AA_CLASS_PTRACE		9
28#define AA_CLASS_SIGNAL		10
29#define AA_CLASS_NET		14
30#define AA_CLASS_LABEL		16
31
32#define AA_CLASS_LAST		AA_CLASS_LABEL
33
34/* Control parameters settable through module/boot flags */
35extern enum audit_mode aa_g_audit;
36extern bool aa_g_audit_header;
37extern bool aa_g_debug;
38extern bool aa_g_hash_policy;
39extern bool aa_g_lock_policy;
40extern bool aa_g_logsyscall;
41extern bool aa_g_paranoid_load;
42extern unsigned int aa_g_path_max;
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
43
44#endif /* __APPARMOR_H */
v3.15
 
  1/*
  2 * AppArmor security module
  3 *
  4 * This file contains AppArmor basic global and lib definitions
  5 *
  6 * Copyright (C) 1998-2008 Novell/SUSE
  7 * Copyright 2009-2010 Canonical Ltd.
  8 *
  9 * This program is free software; you can redistribute it and/or
 10 * modify it under the terms of the GNU General Public License as
 11 * published by the Free Software Foundation, version 2 of the
 12 * License.
 13 */
 14
 15#ifndef __APPARMOR_H
 16#define __APPARMOR_H
 17
 18#include <linux/slab.h>
 19#include <linux/fs.h>
 20
 21#include "match.h"
 22
 23/*
 24 * Class of mediation types in the AppArmor policy db
 25 */
 26#define AA_CLASS_ENTRY		0
 27#define AA_CLASS_UNKNOWN	1
 28#define AA_CLASS_FILE		2
 29#define AA_CLASS_CAP		3
 30#define AA_CLASS_NET		4
 31#define AA_CLASS_RLIMITS	5
 32#define AA_CLASS_DOMAIN		6
 
 
 
 
 
 33
 34#define AA_CLASS_LAST		AA_CLASS_DOMAIN
 35
 36/* Control parameters settable through module/boot flags */
 37extern enum audit_mode aa_g_audit;
 38extern bool aa_g_audit_header;
 39extern bool aa_g_debug;
 
 40extern bool aa_g_lock_policy;
 41extern bool aa_g_logsyscall;
 42extern bool aa_g_paranoid_load;
 43extern unsigned int aa_g_path_max;
 44
 45/*
 46 * DEBUG remains global (no per profile flag) since it is mostly used in sysctl
 47 * which is not related to profile accesses.
 48 */
 49
 50#define AA_DEBUG(fmt, args...)						\
 51	do {								\
 52		if (aa_g_debug && printk_ratelimit())			\
 53			printk(KERN_DEBUG "AppArmor: " fmt, ##args);	\
 54	} while (0)
 55
 56#define AA_ERROR(fmt, args...)						\
 57	do {								\
 58		if (printk_ratelimit())					\
 59			printk(KERN_ERR "AppArmor: " fmt, ##args);	\
 60	} while (0)
 61
 62/* Flag indicating whether initialization completed */
 63extern int apparmor_initialized __initdata;
 64
 65/* fn's in lib */
 66char *aa_split_fqname(char *args, char **ns_name);
 67void aa_info_message(const char *str);
 68void *__aa_kvmalloc(size_t size, gfp_t flags);
 69
 70static inline void *kvmalloc(size_t size)
 71{
 72	return __aa_kvmalloc(size, 0);
 73}
 74
 75static inline void *kvzalloc(size_t size)
 76{
 77	return __aa_kvmalloc(size, __GFP_ZERO);
 78}
 79
 80/* returns 0 if kref not incremented */
 81static inline int kref_get_not0(struct kref *kref)
 82{
 83	return atomic_inc_not_zero(&kref->refcount);
 84}
 85
 86/**
 87 * aa_strneq - compare null terminated @str to a non null terminated substring
 88 * @str: a null terminated string
 89 * @sub: a substring, not necessarily null terminated
 90 * @len: length of @sub to compare
 91 *
 92 * The @str string must be full consumed for this to be considered a match
 93 */
 94static inline bool aa_strneq(const char *str, const char *sub, int len)
 95{
 96	return !strncmp(str, sub, len) && !str[len];
 97}
 98
 99/**
100 * aa_dfa_null_transition - step to next state after null character
101 * @dfa: the dfa to match against
102 * @start: the state of the dfa to start matching in
103 *
104 * aa_dfa_null_transition transitions to the next state after a null
105 * character which is not used in standard matching and is only
106 * used to separate pairs.
107 */
108static inline unsigned int aa_dfa_null_transition(struct aa_dfa *dfa,
109						  unsigned int start)
110{
111	/* the null transition only needs the string's null terminator byte */
112	return aa_dfa_next(dfa, start, 0);
113}
114
115static inline bool mediated_filesystem(struct inode *inode)
116{
117	return !(inode->i_sb->s_flags & MS_NOUSER);
118}
119
120#endif /* __APPARMOR_H */