1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
2 | /* |
3 | * AppArmor security module |
4 | * |
5 | * This file contains AppArmor filesystem definitions. |
6 | * |
7 | * Copyright (C) 1998-2008 Novell/SUSE |
8 | * Copyright 2009-2010 Canonical Ltd. |
9 | */ |
10 | |
11 | #ifndef __AA_APPARMORFS_H |
12 | #define __AA_APPARMORFS_H |
13 | |
14 | extern struct path aa_null; |
15 | |
16 | enum aa_sfs_type { |
17 | AA_SFS_TYPE_BOOLEAN, |
18 | AA_SFS_TYPE_STRING, |
19 | AA_SFS_TYPE_U64, |
20 | AA_SFS_TYPE_FOPS, |
21 | AA_SFS_TYPE_DIR, |
22 | }; |
23 | |
24 | struct aa_sfs_entry; |
25 | |
26 | struct aa_sfs_entry { |
27 | const char *name; |
28 | struct dentry *dentry; |
29 | umode_t mode; |
30 | enum aa_sfs_type v_type; |
31 | union { |
32 | bool boolean; |
33 | char *string; |
34 | unsigned long u64; |
35 | struct aa_sfs_entry *files; |
36 | } v; |
37 | const struct file_operations *file_ops; |
38 | }; |
39 | |
40 | extern const struct file_operations aa_sfs_seq_file_ops; |
41 | |
42 | #define AA_SFS_FILE_BOOLEAN(_name, _value) \ |
43 | { .name = (_name), .mode = 0444, \ |
44 | .v_type = AA_SFS_TYPE_BOOLEAN, .v.boolean = (_value), \ |
45 | .file_ops = &aa_sfs_seq_file_ops } |
46 | #define AA_SFS_FILE_STRING(_name, _value) \ |
47 | { .name = (_name), .mode = 0444, \ |
48 | .v_type = AA_SFS_TYPE_STRING, .v.string = (_value), \ |
49 | .file_ops = &aa_sfs_seq_file_ops } |
50 | #define AA_SFS_FILE_U64(_name, _value) \ |
51 | { .name = (_name), .mode = 0444, \ |
52 | .v_type = AA_SFS_TYPE_U64, .v.u64 = (_value), \ |
53 | .file_ops = &aa_sfs_seq_file_ops } |
54 | #define AA_SFS_FILE_FOPS(_name, _mode, _fops) \ |
55 | { .name = (_name), .v_type = AA_SFS_TYPE_FOPS, \ |
56 | .mode = (_mode), .file_ops = (_fops) } |
57 | #define AA_SFS_DIR(_name, _value) \ |
58 | { .name = (_name), .v_type = AA_SFS_TYPE_DIR, .v.files = (_value) } |
59 | |
60 | extern void __init aa_destroy_aafs(void); |
61 | |
62 | struct aa_profile; |
63 | struct aa_ns; |
64 | |
65 | enum aafs_ns_type { |
66 | AAFS_NS_DIR, |
67 | AAFS_NS_PROFS, |
68 | AAFS_NS_NS, |
69 | AAFS_NS_RAW_DATA, |
70 | AAFS_NS_LOAD, |
71 | AAFS_NS_REPLACE, |
72 | AAFS_NS_REMOVE, |
73 | AAFS_NS_REVISION, |
74 | AAFS_NS_COUNT, |
75 | AAFS_NS_MAX_COUNT, |
76 | AAFS_NS_SIZE, |
77 | AAFS_NS_MAX_SIZE, |
78 | AAFS_NS_OWNER, |
79 | AAFS_NS_SIZEOF, |
80 | }; |
81 | |
82 | enum aafs_prof_type { |
83 | AAFS_PROF_DIR, |
84 | AAFS_PROF_PROFS, |
85 | AAFS_PROF_NAME, |
86 | AAFS_PROF_MODE, |
87 | AAFS_PROF_ATTACH, |
88 | AAFS_PROF_HASH, |
89 | AAFS_PROF_RAW_DATA, |
90 | AAFS_PROF_RAW_HASH, |
91 | AAFS_PROF_RAW_ABI, |
92 | AAFS_PROF_SIZEOF, |
93 | }; |
94 | |
95 | #define ns_dir(X) ((X)->dents[AAFS_NS_DIR]) |
96 | #define ns_subns_dir(X) ((X)->dents[AAFS_NS_NS]) |
97 | #define ns_subprofs_dir(X) ((X)->dents[AAFS_NS_PROFS]) |
98 | #define ns_subdata_dir(X) ((X)->dents[AAFS_NS_RAW_DATA]) |
99 | #define ns_subload(X) ((X)->dents[AAFS_NS_LOAD]) |
100 | #define ns_subreplace(X) ((X)->dents[AAFS_NS_REPLACE]) |
101 | #define ns_subremove(X) ((X)->dents[AAFS_NS_REMOVE]) |
102 | #define ns_subrevision(X) ((X)->dents[AAFS_NS_REVISION]) |
103 | |
104 | #define prof_dir(X) ((X)->dents[AAFS_PROF_DIR]) |
105 | #define prof_child_dir(X) ((X)->dents[AAFS_PROF_PROFS]) |
106 | |
107 | void __aa_bump_ns_revision(struct aa_ns *ns); |
108 | void __aafs_profile_rmdir(struct aa_profile *profile); |
109 | void __aafs_profile_migrate_dents(struct aa_profile *old, |
110 | struct aa_profile *new); |
111 | int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent); |
112 | void __aafs_ns_rmdir(struct aa_ns *ns); |
113 | int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name, |
114 | struct dentry *dent); |
115 | |
116 | struct aa_loaddata; |
117 | |
118 | #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY |
119 | void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata); |
120 | int __aa_fs_create_rawdata(struct aa_ns *ns, struct aa_loaddata *rawdata); |
121 | #else |
122 | static inline void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata) |
123 | { |
124 | /* empty stub */ |
125 | } |
126 | |
127 | static inline int __aa_fs_create_rawdata(struct aa_ns *ns, |
128 | struct aa_loaddata *rawdata) |
129 | { |
130 | return 0; |
131 | } |
132 | #endif /* CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */ |
133 | |
134 | #endif /* __AA_APPARMORFS_H */ |
135 | |