security/apparmor/include/mount.h

   1 /*
   2  * AppArmor security module
   3  *
   4  * This file contains AppArmor file mediation function definitions.
   5  *
   6  * Copyright 2017 Canonical Ltd.
   7  *
   8  * This program is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU General Public License as
  10  * published by the Free Software Foundation, version 2 of the
  11  * License.
  12  */
  13
  14 #ifndef __AA_MOUNT_H
  15 #define __AA_MOUNT_H
  16
  17 #include <linux/fs.h>
  18 #include <linux/path.h>
  19
  20 #include "domain.h"
  21 #include "policy.h"
  22
  23 /* mount perms */
  24 #define AA_MAY_PIVOTROOT        0x01
  25 #define AA_MAY_MOUNT            0x02
  26 #define AA_MAY_UMOUNT           0x04
  27 #define AA_AUDIT_DATA           0x40
  28 #define AA_MNT_CONT_MATCH       0x40
  29
  30 #define AA_MS_IGNORE_MASK (MS_KERNMOUNT | MS_NOSEC | MS_ACTIVE | MS_BORN)
  31
  32 int aa_remount(struct aa_label *label, const struct path *path,
  33                unsigned long flags, void *data);
  34
  35 int aa_bind_mount(struct aa_label *label, const struct path *path,
  36                   const char *old_name, unsigned long flags);
  37
  38
  39 int aa_mount_change_type(struct aa_label *label, const struct path *path,
  40                          unsigned long flags);
  41
  42 int aa_move_mount(struct aa_label *label, const struct path *path,
  43                   const char *old_name);
  44
  45 int aa_new_mount(struct aa_label *label, const char *dev_name,
  46                  const struct path *path, const char *type, unsigned long flags,
  47                  void *data);
  48
  49 int aa_umount(struct aa_label *label, struct vfsmount *mnt, int flags);
  50
  51 int aa_pivotroot(struct aa_label *label, const struct path *old_path,
  52                  const struct path *new_path);
  53
  54 #endif /* __AA_MOUNT_H */