linux/security/apparmor/include/path.h

/*
 * AppArmor security module
 *
 * This file contains AppArmor basic path manipulation function definitions.
 *
 * Copyright (C) 1998-2008 Novell/SUSE
 * Copyright 2009-2010 Canonical Ltd.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation, version 2 of the
 * License.
 */

#ifndef __AA_PATH_H
#define __AA_PATH_H


enum path_flags {
	PATH_IS_DIR = 0x1,		/* path is a directory */
	PATH_CONNECT_PATH = 0x4,	/* connect disconnected paths to / */
	PATH_CHROOT_REL = 0x8,		/* do path lookup relative to chroot */
	PATH_CHROOT_NSCONNECT = 0x10,	/* connect paths that are at ns root */

	PATH_DELEGATE_DELETED = 0x08000, /* delegate deleted files */
	PATH_MEDIATE_DELETED = 0x10000,	 /* mediate deleted paths */
};

int aa_path_name(const struct path *path, int flags, char *buffer,
		 const char **name, const char **info,
		 const char *disconnected);

#define MAX_PATH_BUFFERS 2

/* Per cpu buffers used during mediation */
/* preallocated buffers to use during path lookups */
struct aa_buffers {
	char *buf[MAX_PATH_BUFFERS];
};

#include <linux/percpu.h>
#include <linux/preempt.h>

DECLARE_PER_CPU(struct aa_buffers, aa_buffers);

#define COUNT_ARGS(X...) COUNT_ARGS_HELPER(, ##X, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0)
#define COUNT_ARGS_HELPER(_0, _1, _2, _3, _4, _5, _6, _7, _8, _9, n, X...) n
#define CONCAT(X, Y) X ## Y
#define CONCAT_AFTER(X, Y) CONCAT(X, Y)

#define ASSIGN(FN, X, N) ((X) = FN(N))
#define EVAL1(FN, X) ASSIGN(FN, X, 0) /*X = FN(0)*/
#define EVAL2(FN, X, Y...) do { ASSIGN(FN, X, 1);  EVAL1(FN, Y); } while (0)
#define EVAL(FN, X...) CONCAT_AFTER(EVAL, COUNT_ARGS(X))(FN, X)

#define for_each_cpu_buffer(I) for ((I) = 0; (I) < MAX_PATH_BUFFERS; (I)++)

#ifdef CONFIG_DEBUG_PREEMPT
#define AA_BUG_PREEMPT_ENABLED(X) AA_BUG(preempt_count() <= 0, X)
#else
#define AA_BUG_PREEMPT_ENABLED(X) /* nop */
#endif

#define __get_buffer(N) ({					\
	struct aa_buffers *__cpu_var; \
	AA_BUG_PREEMPT_ENABLED("__get_buffer without preempt disabled");  \
	__cpu_var = this_cpu_ptr(&aa_buffers);			\
	__cpu_var->buf[(N)]; })

#define __get_buffers(X...)    EVAL(__get_buffer, X)

#define __put_buffers(X, Y...) ((void)&(X))

#define get_buffers(X...)	\
do {				\
	preempt_disable();	\
	__get_buffers(X);	\
} while (0)

#define put_buffers(X, Y...)	\
do {				\
	__put_buffers(X, Y);	\
	preempt_enable();	\
} while (0)

#endif /* __AA_PATH_H */
AppArmor: misc. base functions and defines Miscellaneous functions and defines needed by AppArmor, including the base path resolution routines. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org> 2010-07-29 14:47:57 -07:00			`/*`
			`* AppArmor security module`
			`*`
			`* This file contains AppArmor basic path manipulation function definitions.`
			`*`
			`* Copyright (C) 1998-2008 Novell/SUSE`
			`* Copyright 2009-2010 Canonical Ltd.`
			`*`
			`* This program is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU General Public License as`
			`* published by the Free Software Foundation, version 2 of the`
			`* License.`
			`*/`

			`#ifndef __AA_PATH_H`
			`#define __AA_PATH_H`


			`enum path_flags {`
			`PATH_IS_DIR = 0x1, /* path is a directory */`
			`PATH_CONNECT_PATH = 0x4, /* connect disconnected paths to / */`
			`PATH_CHROOT_REL = 0x8, /* do path lookup relative to chroot */`
			`PATH_CHROOT_NSCONNECT = 0x10, /* connect paths that are at ns root */`

			`PATH_DELEGATE_DELETED = 0x08000, /* delegate deleted files */`
apparmor: Move path lookup to using preallocated buffers Dynamically allocating buffers is problematic and is an extra layer that is a potntial point of failure and can slow down mediation. Change path lookup to use the preallocated per cpu buffers. Signed-off-by: John Johansen <john.johansen@canonical.com> 2017-05-23 03:25:14 -07:00			`PATH_MEDIATE_DELETED = 0x10000, /* mediate deleted paths */`
AppArmor: misc. base functions and defines Miscellaneous functions and defines needed by AppArmor, including the base path resolution routines. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org> 2010-07-29 14:47:57 -07:00			`};`

apparmor: Move path lookup to using preallocated buffers Dynamically allocating buffers is problematic and is an extra layer that is a potntial point of failure and can slow down mediation. Change path lookup to use the preallocated per cpu buffers. Signed-off-by: John Johansen <john.johansen@canonical.com> 2017-05-23 03:25:14 -07:00			`int aa_path_name(const struct path path, int flags, char buffer,`
apparmor: allow profiles to provide info to disconnected paths Signed-off-by: John Johansen <john.johansen@canonical.com> 2017-05-22 03:06:52 -07:00			`const char name, const char info,`
			`const char *disconnected);`
AppArmor: misc. base functions and defines Miscellaneous functions and defines needed by AppArmor, including the base path resolution routines. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org> 2010-07-29 14:47:57 -07:00
apparmor: add per cpu work buffers to avoid allocating buffers at every hook Signed-off-by: John Johansen <john.johansen@canonical.com> 2017-01-16 00:43:10 -08:00			`#define MAX_PATH_BUFFERS 2`

			`/* Per cpu buffers used during mediation */`
			`/* preallocated buffers to use during path lookups */`
			`struct aa_buffers {`
			`char *buf[MAX_PATH_BUFFERS];`
			`};`

			`#include <linux/percpu.h>`
			`#include <linux/preempt.h>`

			`DECLARE_PER_CPU(struct aa_buffers, aa_buffers);`

			`#define COUNT_ARGS(X...) COUNT_ARGS_HELPER(, ##X, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0)`
			`#define COUNT_ARGS_HELPER(_0, _1, _2, _3, _4, _5, _6, _7, _8, _9, n, X...) n`
			`#define CONCAT(X, Y) X ## Y`
			`#define CONCAT_AFTER(X, Y) CONCAT(X, Y)`

			`#define ASSIGN(FN, X, N) ((X) = FN(N))`
			`#define EVAL1(FN, X) ASSIGN(FN, X, 0) /X = FN(0)/`
			`#define EVAL2(FN, X, Y...) do { ASSIGN(FN, X, 1); EVAL1(FN, Y); } while (0)`
			`#define EVAL(FN, X...) CONCAT_AFTER(EVAL, COUNT_ARGS(X))(FN, X)`

			`#define for_each_cpu_buffer(I) for ((I) = 0; (I) < MAX_PATH_BUFFERS; (I)++)`

			`#ifdef CONFIG_DEBUG_PREEMPT`
			`#define AA_BUG_PREEMPT_ENABLED(X) AA_BUG(preempt_count() <= 0, X)`
			`#else`
			`#define AA_BUG_PREEMPT_ENABLED(X) /* nop */`
			`#endif`

			`#define __get_buffer(N) ({ \`
			`struct aa_buffers *__cpu_var; \`
			`AA_BUG_PREEMPT_ENABLED("__get_buffer without preempt disabled"); \`
			`__cpu_var = this_cpu_ptr(&aa_buffers); \`
			`__cpu_var->buf[(N)]; })`

			`#define __get_buffers(X...) EVAL(__get_buffer, X)`

			`#define __put_buffers(X, Y...) ((void)&(X))`

			`#define get_buffers(X...) \`
			`do { \`
			`preempt_disable(); \`
			`__get_buffers(X); \`
			`} while (0)`

			`#define put_buffers(X, Y...) \`
			`do { \`
			`__put_buffers(X, Y); \`
			`preempt_enable(); \`
			`} while (0)`

AppArmor: misc. base functions and defines Miscellaneous functions and defines needed by AppArmor, including the base path resolution routines. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org> 2010-07-29 14:47:57 -07:00			`#endif /* __AA_PATH_H */`