[mirror_ubuntu-focal-kernel.git] / security / apparmor / include / policy_unpack.h

/* SPDX-License-Identifier: GPL-2.0-only */
/*
 * AppArmor security module
 *
 * This file contains AppArmor policy loading interface function definitions.
 *
 * Copyright (C) 1998-2008 Novell/SUSE
 * Copyright 2009-2010 Canonical Ltd.
 */

#ifndef __POLICY_INTERFACE_H
#define __POLICY_INTERFACE_H

#include <linux/list.h>
#include <linux/kref.h>
#include <linux/dcache.h>
#include <linux/workqueue.h>

struct aa_load_ent {
	struct list_head list;
	struct aa_profile *new;
	struct aa_profile *old;
	struct aa_profile *rename;
	const char *ns_name;
};

void aa_load_ent_free(struct aa_load_ent *ent);
struct aa_load_ent *aa_load_ent_alloc(void);

#define PACKED_FLAG_HAT		1

#define PACKED_MODE_ENFORCE	0
#define PACKED_MODE_COMPLAIN	1
#define PACKED_MODE_KILL	2
#define PACKED_MODE_UNCONFINED	3

struct aa_ns;

enum {
	AAFS_LOADDATA_ABI = 0,
	AAFS_LOADDATA_REVISION,
	AAFS_LOADDATA_HASH,
	AAFS_LOADDATA_DATA,
	AAFS_LOADDATA_DIR,		/* must be last actual entry */
	AAFS_LOADDATA_NDENTS		/* count of entries */
};

/*
 * struct aa_loaddata - buffer of policy raw_data set
 *
 * there is no loaddata ref for being on ns list, nor a ref from
 * d_inode(@dentry) when grab a ref from these, @ns->lock must be held
 * && __aa_get_loaddata() needs to be used, and the return value
 * checked, if NULL the loaddata is already being reaped and should be
 * considered dead.
 */
struct aa_loaddata {
	struct kref count;
	struct list_head list;
	struct work_struct work;
	struct dentry *dents[AAFS_LOADDATA_NDENTS];
	struct aa_ns *ns;
	char *name;
	size_t size;
	long revision;			/* the ns policy revision this caused */
	int abi;
	unsigned char *hash;

	char *data;
};

int aa_unpack(struct aa_loaddata *udata, struct list_head *lh, const char **ns);

/**
 * __aa_get_loaddata - get a reference count to uncounted data reference
 * @data: reference to get a count on
 *
 * Returns: pointer to reference OR NULL if race is lost and reference is
 *          being repeated.
 * Requires: @data->ns->lock held, and the return code MUST be checked
 *
 * Use only from inode->i_private and @data->list found references
 */
static inline struct aa_loaddata *
__aa_get_loaddata(struct aa_loaddata *data)
{
	if (data && kref_get_unless_zero(&(data->count)))
		return data;

	return NULL;
}

/**
 * aa_get_loaddata - get a reference count from a counted data reference
 * @data: reference to get a count on
 *
 * Returns: point to reference
 * Requires: @data to have a valid reference count on it. It is a bug
 *           if the race to reap can be encountered when it is used.
 */
static inline struct aa_loaddata *
aa_get_loaddata(struct aa_loaddata *data)
{
	struct aa_loaddata *tmp = __aa_get_loaddata(data);

	AA_BUG(data && !tmp);

	return tmp;
}

void __aa_loaddata_update(struct aa_loaddata *data, long revision);
bool aa_rawdata_eq(struct aa_loaddata *l, struct aa_loaddata *r);
void aa_loaddata_kref(struct kref *kref);
struct aa_loaddata *aa_loaddata_alloc(size_t size);
static inline void aa_put_loaddata(struct aa_loaddata *data)
{
	if (data)
		kref_put(&data->count, aa_loaddata_kref);
}

#endif /* __POLICY_INTERFACE_H */
Commit	Line	Data
b886d83c	1	/* SPDX-License-Identifier: GPL-2.0-only */
736ec752 JJ	2	/*
	3	* AppArmor security module
	4	*
	5	* This file contains AppArmor policy loading interface function definitions.
	6	*
	7	* Copyright (C) 1998-2008 Novell/SUSE
	8	* Copyright 2009-2010 Canonical Ltd.
736ec752 JJ	9	*/
	10
	11	#ifndef __POLICY_INTERFACE_H
	12	#define __POLICY_INTERFACE_H
	13
dd51c848	14	#include <linux/list.h>
5ac8c355	15	#include <linux/kref.h>
5d5182ca JJ	16	#include <linux/dcache.h>
5d5182ca JJ	17	#include <linux/workqueue.h>
dd51c848 JJ	18
	19	struct aa_load_ent {
	20	struct list_head list;
	21	struct aa_profile *new;
	22	struct aa_profile *old;
	23	struct aa_profile *rename;
04dc715e	24	const char *ns_name;
dd51c848 JJ	25	};
	26
	27	void aa_load_ent_free(struct aa_load_ent *ent);
	28	struct aa_load_ent *aa_load_ent_alloc(void);
	29
03816507 JJ	30	#define PACKED_FLAG_HAT 1
	31
	32	#define PACKED_MODE_ENFORCE 0
	33	#define PACKED_MODE_COMPLAIN 1
	34	#define PACKED_MODE_KILL 2
	35	#define PACKED_MODE_UNCONFINED 3
	36
5d5182ca JJ	37	struct aa_ns;
	38
	39	enum {
	40	AAFS_LOADDATA_ABI = 0,
	41	AAFS_LOADDATA_REVISION,
	42	AAFS_LOADDATA_HASH,
	43	AAFS_LOADDATA_DATA,
	44	AAFS_LOADDATA_DIR, /* must be last actual entry */
	45	AAFS_LOADDATA_NDENTS /* count of entries */
	46	};
	47
	48	/*
	49	* struct aa_loaddata - buffer of policy raw_data set
	50	*
	51	* there is no loaddata ref for being on ns list, nor a ref from
	52	* d_inode(@dentry) when grab a ref from these, @ns->lock must be held
	53	* && __aa_get_loaddata() needs to be used, and the return value
	54	* checked, if NULL the loaddata is already being reaped and should be
	55	* considered dead.
	56	*/
5ac8c355 JJ	57	struct aa_loaddata {
5ac8c355 JJ	58	struct kref count;
5d5182ca JJ	59	struct list_head list;
	60	struct work_struct work;
	61	struct dentry *dents[AAFS_LOADDATA_NDENTS];
	62	struct aa_ns *ns;
	63	char *name;
5ac8c355	64	size_t size;
5d5182ca	65	long revision; /* the ns policy revision this caused */
5ac8c355 JJ	66	int abi;
5ac8c355 JJ	67	unsigned char *hash;
5d5182ca	68
a6a52579	69	char *data;
5ac8c355 JJ	70	};
	71
	72	int aa_unpack(struct aa_loaddata udata, struct list_head lh, const char **ns);
	73
5d5182ca JJ	74	/**
	75	* __aa_get_loaddata - get a reference count to uncounted data reference
	76	* @data: reference to get a count on
	77	*
	78	* Returns: pointer to reference OR NULL if race is lost and reference is
	79	* being repeated.
	80	* Requires: @data->ns->lock held, and the return code MUST be checked
	81	*
	82	* Use only from inode->i_private and @data->list found references
	83	*/
	84	static inline struct aa_loaddata *
	85	__aa_get_loaddata(struct aa_loaddata *data)
	86	{
	87	if (data && kref_get_unless_zero(&(data->count)))
	88	return data;
	89
	90	return NULL;
	91	}
	92
	93	/**
	94	* aa_get_loaddata - get a reference count from a counted data reference
	95	* @data: reference to get a count on
	96	*
	97	* Returns: point to reference
	98	* Requires: @data to have a valid reference count on it. It is a bug
	99	* if the race to reap can be encountered when it is used.
	100	*/
5ac8c355 JJ	101	static inline struct aa_loaddata *
	102	aa_get_loaddata(struct aa_loaddata *data)
	103	{
5d5182ca JJ	104	struct aa_loaddata *tmp = __aa_get_loaddata(data);
	105
	106	AA_BUG(data && !tmp);
	107
	108	return tmp;
5ac8c355 JJ	109	}
5ac8c355 JJ	110
5d5182ca JJ	111	void __aa_loaddata_update(struct aa_loaddata *data, long revision);
5d5182ca JJ	112	bool aa_rawdata_eq(struct aa_loaddata l, struct aa_loaddata r);
5ac8c355	113	void aa_loaddata_kref(struct kref *kref);
5d5182ca	114	struct aa_loaddata *aa_loaddata_alloc(size_t size);
5ac8c355 JJ	115	static inline void aa_put_loaddata(struct aa_loaddata *data)
	116	{
	117	if (data)
	118	kref_put(&data->count, aa_loaddata_kref);
	119	}
736ec752 JJ	120
736ec752 JJ	121	#endif /* __POLICY_INTERFACE_H */