]>
Commit | Line | Data |
---|---|---|
b886d83c | 1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
736ec752 JJ |
2 | /* |
3 | * AppArmor security module | |
4 | * | |
5 | * This file contains AppArmor policy loading interface function definitions. | |
6 | * | |
7 | * Copyright (C) 1998-2008 Novell/SUSE | |
8 | * Copyright 2009-2010 Canonical Ltd. | |
736ec752 JJ |
9 | */ |
10 | ||
11 | #ifndef __POLICY_INTERFACE_H | |
12 | #define __POLICY_INTERFACE_H | |
13 | ||
dd51c848 | 14 | #include <linux/list.h> |
5ac8c355 | 15 | #include <linux/kref.h> |
5d5182ca JJ |
16 | #include <linux/dcache.h> |
17 | #include <linux/workqueue.h> | |
dd51c848 JJ |
18 | |
19 | struct aa_load_ent { | |
20 | struct list_head list; | |
21 | struct aa_profile *new; | |
22 | struct aa_profile *old; | |
23 | struct aa_profile *rename; | |
04dc715e | 24 | const char *ns_name; |
dd51c848 JJ |
25 | }; |
26 | ||
27 | void aa_load_ent_free(struct aa_load_ent *ent); | |
28 | struct aa_load_ent *aa_load_ent_alloc(void); | |
29 | ||
03816507 JJ |
30 | #define PACKED_FLAG_HAT 1 |
31 | ||
32 | #define PACKED_MODE_ENFORCE 0 | |
33 | #define PACKED_MODE_COMPLAIN 1 | |
34 | #define PACKED_MODE_KILL 2 | |
35 | #define PACKED_MODE_UNCONFINED 3 | |
36 | ||
5d5182ca JJ |
37 | struct aa_ns; |
38 | ||
39 | enum { | |
40 | AAFS_LOADDATA_ABI = 0, | |
41 | AAFS_LOADDATA_REVISION, | |
42 | AAFS_LOADDATA_HASH, | |
43 | AAFS_LOADDATA_DATA, | |
44 | AAFS_LOADDATA_DIR, /* must be last actual entry */ | |
45 | AAFS_LOADDATA_NDENTS /* count of entries */ | |
46 | }; | |
47 | ||
48 | /* | |
49 | * struct aa_loaddata - buffer of policy raw_data set | |
50 | * | |
51 | * there is no loaddata ref for being on ns list, nor a ref from | |
52 | * d_inode(@dentry) when grab a ref from these, @ns->lock must be held | |
53 | * && __aa_get_loaddata() needs to be used, and the return value | |
54 | * checked, if NULL the loaddata is already being reaped and should be | |
55 | * considered dead. | |
56 | */ | |
5ac8c355 JJ |
57 | struct aa_loaddata { |
58 | struct kref count; | |
5d5182ca JJ |
59 | struct list_head list; |
60 | struct work_struct work; | |
61 | struct dentry *dents[AAFS_LOADDATA_NDENTS]; | |
62 | struct aa_ns *ns; | |
63 | char *name; | |
5ac8c355 | 64 | size_t size; |
5d5182ca | 65 | long revision; /* the ns policy revision this caused */ |
5ac8c355 JJ |
66 | int abi; |
67 | unsigned char *hash; | |
5d5182ca | 68 | |
a6a52579 | 69 | char *data; |
5ac8c355 JJ |
70 | }; |
71 | ||
72 | int aa_unpack(struct aa_loaddata *udata, struct list_head *lh, const char **ns); | |
73 | ||
5d5182ca JJ |
74 | /** |
75 | * __aa_get_loaddata - get a reference count to uncounted data reference | |
76 | * @data: reference to get a count on | |
77 | * | |
78 | * Returns: pointer to reference OR NULL if race is lost and reference is | |
79 | * being repeated. | |
80 | * Requires: @data->ns->lock held, and the return code MUST be checked | |
81 | * | |
82 | * Use only from inode->i_private and @data->list found references | |
83 | */ | |
84 | static inline struct aa_loaddata * | |
85 | __aa_get_loaddata(struct aa_loaddata *data) | |
86 | { | |
87 | if (data && kref_get_unless_zero(&(data->count))) | |
88 | return data; | |
89 | ||
90 | return NULL; | |
91 | } | |
92 | ||
93 | /** | |
94 | * aa_get_loaddata - get a reference count from a counted data reference | |
95 | * @data: reference to get a count on | |
96 | * | |
97 | * Returns: point to reference | |
98 | * Requires: @data to have a valid reference count on it. It is a bug | |
99 | * if the race to reap can be encountered when it is used. | |
100 | */ | |
5ac8c355 JJ |
101 | static inline struct aa_loaddata * |
102 | aa_get_loaddata(struct aa_loaddata *data) | |
103 | { | |
5d5182ca JJ |
104 | struct aa_loaddata *tmp = __aa_get_loaddata(data); |
105 | ||
106 | AA_BUG(data && !tmp); | |
107 | ||
108 | return tmp; | |
5ac8c355 JJ |
109 | } |
110 | ||
5d5182ca JJ |
111 | void __aa_loaddata_update(struct aa_loaddata *data, long revision); |
112 | bool aa_rawdata_eq(struct aa_loaddata *l, struct aa_loaddata *r); | |
5ac8c355 | 113 | void aa_loaddata_kref(struct kref *kref); |
5d5182ca | 114 | struct aa_loaddata *aa_loaddata_alloc(size_t size); |
5ac8c355 JJ |
115 | static inline void aa_put_loaddata(struct aa_loaddata *data) |
116 | { | |
117 | if (data) | |
118 | kref_put(&data->count, aa_loaddata_kref); | |
119 | } | |
736ec752 JJ |
120 | |
121 | #endif /* __POLICY_INTERFACE_H */ |