1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3 * AppArmor security module
4 *
5 * This file contains AppArmor filesystem definitions.
6 *
7 * Copyright (C) 1998-2008 Novell/SUSE
8 * Copyright 2009-2010 Canonical Ltd.
9 */
10
11 #ifndef __AA_APPARMORFS_H
12 #define __AA_APPARMORFS_H
13
14 extern struct path aa_null;
15
16 enum aa_sfs_type {
17 AA_SFS_TYPE_BOOLEAN,
18 AA_SFS_TYPE_STRING,
19 AA_SFS_TYPE_U64,
20 AA_SFS_TYPE_FOPS,
21 AA_SFS_TYPE_DIR,
22 };
23
24 struct aa_sfs_entry;
25
26 struct aa_sfs_entry {
27 const char *name;
28 struct dentry *dentry;
29 umode_t mode;
30 enum aa_sfs_type v_type;
31 union {
32 bool boolean;
33 char *string;
34 unsigned long u64;
35 struct aa_sfs_entry *files;
36 } v;
37 const struct file_operations *file_ops;
38 };
39
40 extern const struct file_operations aa_sfs_seq_file_ops;
41
42 #define AA_SFS_FILE_BOOLEAN(_name, _value) \
43 { .name = (_name), .mode = 0444, \
44 .v_type = AA_SFS_TYPE_BOOLEAN, .v.boolean = (_value), \
45 .file_ops = &aa_sfs_seq_file_ops }
46 #define AA_SFS_FILE_STRING(_name, _value) \
47 { .name = (_name), .mode = 0444, \
48 .v_type = AA_SFS_TYPE_STRING, .v.string = (_value), \
49 .file_ops = &aa_sfs_seq_file_ops }
50 #define AA_SFS_FILE_U64(_name, _value) \
51 { .name = (_name), .mode = 0444, \
52 .v_type = AA_SFS_TYPE_U64, .v.u64 = (_value), \
53 .file_ops = &aa_sfs_seq_file_ops }
54 #define AA_SFS_FILE_FOPS(_name, _mode, _fops) \
55 { .name = (_name), .v_type = AA_SFS_TYPE_FOPS, \
56 .mode = (_mode), .file_ops = (_fops) }
57 #define AA_SFS_DIR(_name, _value) \
58 { .name = (_name), .v_type = AA_SFS_TYPE_DIR, .v.files = (_value) }
59
60 extern void __init aa_destroy_aafs(void);
61
62 struct aa_profile;
63 struct aa_ns;
64
65 enum aafs_ns_type {
66 AAFS_NS_DIR,
67 AAFS_NS_PROFS,
68 AAFS_NS_NS,
69 AAFS_NS_RAW_DATA,
70 AAFS_NS_LOAD,
71 AAFS_NS_REPLACE,
72 AAFS_NS_REMOVE,
73 AAFS_NS_REVISION,
74 AAFS_NS_COUNT,
75 AAFS_NS_MAX_COUNT,
76 AAFS_NS_SIZE,
77 AAFS_NS_MAX_SIZE,
78 AAFS_NS_OWNER,
79 AAFS_NS_SIZEOF,
80 };
81
82 enum aafs_prof_type {
83 AAFS_PROF_DIR,
84 AAFS_PROF_PROFS,
85 AAFS_PROF_NAME,
86 AAFS_PROF_MODE,
87 AAFS_PROF_ATTACH,
88 AAFS_PROF_HASH,
89 AAFS_PROF_RAW_DATA,
90 AAFS_PROF_RAW_HASH,
91 AAFS_PROF_RAW_ABI,
92 AAFS_PROF_SIZEOF,
93 };
94
95 #define ns_dir(X) ((X)->dents[AAFS_NS_DIR])
96 #define ns_subns_dir(X) ((X)->dents[AAFS_NS_NS])
97 #define ns_subprofs_dir(X) ((X)->dents[AAFS_NS_PROFS])
98 #define ns_subdata_dir(X) ((X)->dents[AAFS_NS_RAW_DATA])
99 #define ns_subload(X) ((X)->dents[AAFS_NS_LOAD])
100 #define ns_subreplace(X) ((X)->dents[AAFS_NS_REPLACE])
101 #define ns_subremove(X) ((X)->dents[AAFS_NS_REMOVE])
102 #define ns_subrevision(X) ((X)->dents[AAFS_NS_REVISION])
103
104 #define prof_dir(X) ((X)->dents[AAFS_PROF_DIR])
105 #define prof_child_dir(X) ((X)->dents[AAFS_PROF_PROFS])
106
107 void __aa_bump_ns_revision(struct aa_ns *ns);
108 void __aafs_profile_rmdir(struct aa_profile *profile);
109 void __aafs_profile_migrate_dents(struct aa_profile *old,
110 struct aa_profile *new);
111 int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent);
112 void __aafs_ns_rmdir(struct aa_ns *ns);
113 int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,
114 struct dentry *dent);
115
116 struct aa_loaddata;
117
118 #ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
119 void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata);
120 int __aa_fs_create_rawdata(struct aa_ns *ns, struct aa_loaddata *rawdata);
121 #else
122 static inline void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata)
123 {
124 /* empty stub */
125 }
126
127 static inline int __aa_fs_create_rawdata(struct aa_ns *ns,
128 struct aa_loaddata *rawdata)
129 {
130 return 0;
131 }
132 #endif /* CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
133
134 #endif /* __AA_APPARMORFS_H */
135
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.