5ac8c355ae
Store loaded policy and allow introspecting it through apparmorfs. This has several uses from debugging, policy validation, and policy checkpoint and restore for containers. Signed-off-by: John Johansen <john.johansen@canonical.com>
65 lines
1.4 KiB
C
65 lines
1.4 KiB
C
/*
|
|
* AppArmor security module
|
|
*
|
|
* This file contains AppArmor policy loading interface function definitions.
|
|
*
|
|
* Copyright (C) 1998-2008 Novell/SUSE
|
|
* Copyright 2009-2010 Canonical Ltd.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License as
|
|
* published by the Free Software Foundation, version 2 of the
|
|
* License.
|
|
*/
|
|
|
|
#ifndef __POLICY_INTERFACE_H
|
|
#define __POLICY_INTERFACE_H
|
|
|
|
#include <linux/list.h>
|
|
#include <linux/kref.h>
|
|
|
|
struct aa_load_ent {
|
|
struct list_head list;
|
|
struct aa_profile *new;
|
|
struct aa_profile *old;
|
|
struct aa_profile *rename;
|
|
};
|
|
|
|
void aa_load_ent_free(struct aa_load_ent *ent);
|
|
struct aa_load_ent *aa_load_ent_alloc(void);
|
|
|
|
#define PACKED_FLAG_HAT 1
|
|
|
|
#define PACKED_MODE_ENFORCE 0
|
|
#define PACKED_MODE_COMPLAIN 1
|
|
#define PACKED_MODE_KILL 2
|
|
#define PACKED_MODE_UNCONFINED 3
|
|
|
|
/* struct aa_loaddata - buffer of policy load data set */
|
|
struct aa_loaddata {
|
|
struct kref count;
|
|
size_t size;
|
|
int abi;
|
|
unsigned char *hash;
|
|
char data[];
|
|
};
|
|
|
|
int aa_unpack(struct aa_loaddata *udata, struct list_head *lh, const char **ns);
|
|
|
|
static inline struct aa_loaddata *
|
|
aa_get_loaddata(struct aa_loaddata *data)
|
|
{
|
|
if (data)
|
|
kref_get(&(data->count));
|
|
return data;
|
|
}
|
|
|
|
void aa_loaddata_kref(struct kref *kref);
|
|
static inline void aa_put_loaddata(struct aa_loaddata *data)
|
|
{
|
|
if (data)
|
|
kref_put(&data->count, aa_loaddata_kref);
|
|
}
|
|
|
|
#endif /* __POLICY_INTERFACE_H */
|