Linux Audio

Check our new training course

Open Menu / security / apparmor / include / policy_unpack.h
Loading...
v5.4
  1/* SPDX-License-Identifier: GPL-2.0-only */
  2/*
  3 * AppArmor security module
  4 *
  5 * This file contains AppArmor policy loading interface function definitions.
  6 *
  7 * Copyright (C) 1998-2008 Novell/SUSE
  8 * Copyright 2009-2010 Canonical Ltd.
 
 
 
 
 
  9 */
 10
 11#ifndef __POLICY_INTERFACE_H
 12#define __POLICY_INTERFACE_H
 13
 14#include <linux/list.h>
 15#include <linux/kref.h>
 16#include <linux/dcache.h>
 17#include <linux/workqueue.h>
 18
 19struct aa_load_ent {
 20	struct list_head list;
 21	struct aa_profile *new;
 22	struct aa_profile *old;
 23	struct aa_profile *rename;
 24	const char *ns_name;
 25};
 26
 27void aa_load_ent_free(struct aa_load_ent *ent);
 28struct aa_load_ent *aa_load_ent_alloc(void);
 29
 30#define PACKED_FLAG_HAT		1
 31
 32#define PACKED_MODE_ENFORCE	0
 33#define PACKED_MODE_COMPLAIN	1
 34#define PACKED_MODE_KILL	2
 35#define PACKED_MODE_UNCONFINED	3
 36
 37struct aa_ns;
 38
 39enum {
 40	AAFS_LOADDATA_ABI = 0,
 41	AAFS_LOADDATA_REVISION,
 42	AAFS_LOADDATA_HASH,
 43	AAFS_LOADDATA_DATA,
 44	AAFS_LOADDATA_DIR,		/* must be last actual entry */
 45	AAFS_LOADDATA_NDENTS		/* count of entries */
 46};
 47
 48/*
 49 * struct aa_loaddata - buffer of policy raw_data set
 50 *
 51 * there is no loaddata ref for being on ns list, nor a ref from
 52 * d_inode(@dentry) when grab a ref from these, @ns->lock must be held
 53 * && __aa_get_loaddata() needs to be used, and the return value
 54 * checked, if NULL the loaddata is already being reaped and should be
 55 * considered dead.
 56 */
 57struct aa_loaddata {
 58	struct kref count;
 59	struct list_head list;
 60	struct work_struct work;
 61	struct dentry *dents[AAFS_LOADDATA_NDENTS];
 62	struct aa_ns *ns;
 63	char *name;
 64	size_t size;
 65	long revision;			/* the ns policy revision this caused */
 66	int abi;
 67	unsigned char *hash;
 68
 69	char *data;
 70};
 71
 72int aa_unpack(struct aa_loaddata *udata, struct list_head *lh, const char **ns);
 73
 74/**
 75 * __aa_get_loaddata - get a reference count to uncounted data reference
 76 * @data: reference to get a count on
 77 *
 78 * Returns: pointer to reference OR NULL if race is lost and reference is
 79 *          being repeated.
 80 * Requires: @data->ns->lock held, and the return code MUST be checked
 81 *
 82 * Use only from inode->i_private and @data->list found references
 83 */
 84static inline struct aa_loaddata *
 85__aa_get_loaddata(struct aa_loaddata *data)
 86{
 87	if (data && kref_get_unless_zero(&(data->count)))
 88		return data;
 89
 90	return NULL;
 91}
 92
 93/**
 94 * aa_get_loaddata - get a reference count from a counted data reference
 95 * @data: reference to get a count on
 96 *
 97 * Returns: point to reference
 98 * Requires: @data to have a valid reference count on it. It is a bug
 99 *           if the race to reap can be encountered when it is used.
100 */
101static inline struct aa_loaddata *
102aa_get_loaddata(struct aa_loaddata *data)
103{
104	struct aa_loaddata *tmp = __aa_get_loaddata(data);
105
106	AA_BUG(data && !tmp);
107
108	return tmp;
109}
110
111void __aa_loaddata_update(struct aa_loaddata *data, long revision);
112bool aa_rawdata_eq(struct aa_loaddata *l, struct aa_loaddata *r);
113void aa_loaddata_kref(struct kref *kref);
114struct aa_loaddata *aa_loaddata_alloc(size_t size);
115static inline void aa_put_loaddata(struct aa_loaddata *data)
116{
117	if (data)
118		kref_put(&data->count, aa_loaddata_kref);
119}
120
121#endif /* __POLICY_INTERFACE_H */
v3.15
 
 1/*
 2 * AppArmor security module
 3 *
 4 * This file contains AppArmor policy loading interface function definitions.
 5 *
 6 * Copyright (C) 1998-2008 Novell/SUSE
 7 * Copyright 2009-2010 Canonical Ltd.
 8 *
 9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 */
14
15#ifndef __POLICY_INTERFACE_H
16#define __POLICY_INTERFACE_H
17
18#include <linux/list.h>
 
 
 
19
20struct aa_load_ent {
21	struct list_head list;
22	struct aa_profile *new;
23	struct aa_profile *old;
24	struct aa_profile *rename;
 
25};
26
27void aa_load_ent_free(struct aa_load_ent *ent);
28struct aa_load_ent *aa_load_ent_alloc(void);
29
30#define PACKED_FLAG_HAT		1
31
32#define PACKED_MODE_ENFORCE	0
33#define PACKED_MODE_COMPLAIN	1
34#define PACKED_MODE_KILL	2
35#define PACKED_MODE_UNCONFINED	3
36
37int aa_unpack(void *udata, size_t size, struct list_head *lh, const char **ns);
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
38
39#endif /* __POLICY_INTERFACE_H */