#include <net/sock.h>
#include <linux/path.h>
+#include <linux/lsm_hooks.h>
#include "apparmorfs.h"
#include "label.h"
struct path path;
};
-#define SK_CTX(X) ((X)->sk_security)
+extern struct lsm_blob_sizes apparmor_blob_sizes;
+static inline struct aa_sk_ctx *apparmor_sock(const struct sock *sk)
+{
+#ifdef CONFIG_SECURITY_STACKING
+ return sk->sk_security + apparmor_blob_sizes.lbs_sock;
+#else
+ return sk->sk_security;
+#endif
+}
+#define SK_CTX(X) apparmor_sock(X)
#define SOCK_ctx(X) SOCK_INODE(X)->i_security
#define DEFINE_AUDIT_NET(NAME, OP, SK, F, T, P) \
struct lsm_network_audit NAME ## _net = { .sk = (SK), \
void audit_net_cb(struct audit_buffer *ab, void *va);
int aa_profile_af_perm(struct aa_profile *profile, struct common_audit_data *sa,
u32 request, u16 family, int type);
-int aa_af_perm(struct aa_label *label, const char *op, u32 request, u16 family,
- int type, int protocol);
static inline int aa_profile_af_sk_perm(struct aa_profile *profile,
struct common_audit_data *sa,
u32 request,
return aa_profile_af_perm(profile, sa, request, sk->sk_family,
sk->sk_type);
}
-int aa_sk_perm(const char *op, u32 request, struct sock *sk);
+int aa_sock_perm(const char *op, u32 request, struct socket *sock);
+int aa_sock_create_perm(struct aa_label *label, int family, int type,
+ int protocol);
+int aa_sock_bind_perm(struct socket *sock, struct sockaddr *address,
+ int addrlen);
+int aa_sock_connect_perm(struct socket *sock, struct sockaddr *address,
+ int addrlen);
+int aa_sock_listen_perm(struct socket *sock, int backlog);
+int aa_sock_accept_perm(struct socket *sock, struct socket *newsock);
+int aa_sock_msg_perm(const char *op, u32 request, struct socket *sock,
+ struct msghdr *msg, int size);
+int aa_sock_opt_perm(const char *op, u32 request, struct socket *sock, int level,
+ int optname);
int aa_sock_file_perm(struct aa_label *label, const char *op, u32 request,
struct socket *sock);