net.h - OpenGrok cross reference for /linux/security/apparmor/include/net.h

Deleted Added

sdiffudifftextold (5cc619db..)new (56974a6f..)

net.h (5cc619db5c34146ee821acd08382b9d78579b52e)	net.h (56974a6fcfef69ee0825bd66ed13e92070ac5224)
1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor network mediation definitions. 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2017 Canonical Ltd. 8 * --- 39 unchanged lines hidden (view full) --- 48 AA_MAY_CHOWN \| AA_MAY_CHGRP \| AA_MAY_LOCK \| \ 49 AA_MAY_MPROT) 50 51#define NET_PEER_MASK (AA_MAY_SEND \| AA_MAY_RECEIVE \| AA_MAY_CONNECT \| \ 52 AA_MAY_ACCEPT) 53struct aa_sk_ctx { 54 struct aa_label label; 55 struct aa_label peer;	1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor network mediation definitions. 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2017 Canonical Ltd. 8 * --- 39 unchanged lines hidden (view full) --- 48 AA_MAY_CHOWN \| AA_MAY_CHGRP \| AA_MAY_LOCK \| \ 49 AA_MAY_MPROT) 50 51#define NET_PEER_MASK (AA_MAY_SEND \| AA_MAY_RECEIVE \| AA_MAY_CONNECT \| \ 52 AA_MAY_ACCEPT) 53struct aa_sk_ctx { 54 struct aa_label label; 55 struct aa_label peer;
56 struct path path;
57}; 58 59#define SK_CTX(X) ((X)->sk_security) 60#define SOCK_ctx(X) SOCK_INODE(X)->i_security 61#define DEFINE_AUDIT_NET(NAME, OP, SK, F, T, P) \ 62 struct lsm_network_audit NAME ## _net = { .sk = (SK), \ 63 .family = (F)}; \ 64 DEFINE_AUDIT_DATA(NAME, \ 65 ((SK) && (F) != AF_UNIX) ? LSM_AUDIT_DATA_NET : \ 66 LSM_AUDIT_DATA_NONE, \ 67 OP); \ 68 NAME.u.net = &(NAME ## _net); \ 69 aad(&NAME)->net.type = (T); \ 70 aad(&NAME)->net.protocol = (P) 71 72#define DEFINE_AUDIT_SK(NAME, OP, SK) \ 73 DEFINE_AUDIT_NET(NAME, OP, SK, (SK)->sk_family, (SK)->sk_type, \ 74 (SK)->sk_protocol) 75	56}; 57 58#define SK_CTX(X) ((X)->sk_security) 59#define SOCK_ctx(X) SOCK_INODE(X)->i_security 60#define DEFINE_AUDIT_NET(NAME, OP, SK, F, T, P) \ 61 struct lsm_network_audit NAME ## _net = { .sk = (SK), \ 62 .family = (F)}; \ 63 DEFINE_AUDIT_DATA(NAME, \ 64 ((SK) && (F) != AF_UNIX) ? LSM_AUDIT_DATA_NET : \ 65 LSM_AUDIT_DATA_NONE, \ 66 OP); \ 67 NAME.u.net = &(NAME ## _net); \ 68 aad(&NAME)->net.type = (T); \ 69 aad(&NAME)->net.protocol = (P) 70 71#define DEFINE_AUDIT_SK(NAME, OP, SK) \ 72 DEFINE_AUDIT_NET(NAME, OP, SK, (SK)->sk_family, (SK)->sk_type, \ 73 (SK)->sk_protocol) 74
76/* struct aa_net - network confinement data 77 * @allow: basic network families permissions 78 * @audit: which network permissions to force audit 79 * @quiet: which network permissions to quiet rejects 80 */ 81struct aa_net { 82 u16 allow[AF_MAX]; 83 u16 audit[AF_MAX]; 84 u16 quiet[AF_MAX]; 85};
86	75
	76#define af_select(FAMILY, FN, DEF_FN) \ 77({ \ 78 int __e; \ 79 switch ((FAMILY)) { \ 80 default: \ 81 __e = DEF_FN; \ 82 } \ 83 __e; \ 84})
87 88extern struct aa_sfs_entry aa_sfs_entry_network[]; 89 90void audit_net_cb(struct audit_buffer ab, void va); 91int aa_profile_af_perm(struct aa_profile profile, struct common_audit_data sa, 92 u32 request, u16 family, int type); 93int aa_af_perm(struct aa_label label, const char op, u32 request, u16 family, 94 int type, int protocol); --- 5 unchanged lines hidden (view full) --- 100 return aa_profile_af_perm(profile, sa, request, sk->sk_family, 101 sk->sk_type); 102} 103int aa_sk_perm(const char op, u32 request, struct sock sk); 104 105int aa_sock_file_perm(struct aa_label label, const char op, u32 request, 106 struct socket *sock); 107	85 86extern struct aa_sfs_entry aa_sfs_entry_network[]; 87 88void audit_net_cb(struct audit_buffer ab, void va); 89int aa_profile_af_perm(struct aa_profile profile, struct common_audit_data sa, 90 u32 request, u16 family, int type); 91int aa_af_perm(struct aa_label label, const char op, u32 request, u16 family, 92 int type, int protocol); --- 5 unchanged lines hidden (view full) --- 98 return aa_profile_af_perm(profile, sa, request, sk->sk_family, 99 sk->sk_type); 100} 101int aa_sk_perm(const char op, u32 request, struct sock sk); 102 103int aa_sock_file_perm(struct aa_label label, const char op, u32 request, 104 struct socket *sock); 105
108 109static inline void aa_free_net_rules(struct aa_net new) 110{ 111 / NOP */ 112} 113
114#endif /* __AA_NET_H */	106#endif /* __AA_NET_H */