policy.h - OpenGrok cross reference for /linux/security/apparmor/include/policy.h

Deleted Added

sdiffudifftextold (95a0c7c2..)new (651e28c5..)

policy.h (95a0c7c2d6cfde3fb5fdb713428ed0df4d6bdd58)	policy.h (651e28c5537abb39076d3949fb7618536f1d242e)
1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor policy definitions. 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * --- 16 unchanged lines hidden (view full) --- 25 26#include "apparmor.h" 27#include "audit.h" 28#include "capability.h" 29#include "domain.h" 30#include "file.h" 31#include "lib.h" 32#include "label.h"	1/* 2 * AppArmor security module 3 * 4 * This file contains AppArmor policy definitions. 5 * 6 * Copyright (C) 1998-2008 Novell/SUSE 7 * Copyright 2009-2010 Canonical Ltd. 8 * --- 16 unchanged lines hidden (view full) --- 25 26#include "apparmor.h" 27#include "audit.h" 28#include "capability.h" 29#include "domain.h" 30#include "file.h" 31#include "lib.h" 32#include "label.h"
	33#include "net.h"
33#include "perms.h" 34#include "resource.h" 35 36 37struct aa_ns; 38 39extern int unprivileged_userns_apparmor_policy; 40 --- 65 unchanged lines hidden (view full) --- 106 * @audit: the auditing mode of the profile 107 * @mode: the enforcement mode of the profile 108 * @path_flags: flags controlling path generation behavior 109 * @disconnected: what to prepend if attach_disconnected is specified 110 * @size: the memory consumed by this profiles rules 111 * @policy: general match rules governing policy 112 * @file: The set of rules governing basic file access and domain transitions 113 * @caps: capabilities for the profile	34#include "perms.h" 35#include "resource.h" 36 37 38struct aa_ns; 39 40extern int unprivileged_userns_apparmor_policy; 41 --- 65 unchanged lines hidden (view full) --- 107 * @audit: the auditing mode of the profile 108 * @mode: the enforcement mode of the profile 109 * @path_flags: flags controlling path generation behavior 110 * @disconnected: what to prepend if attach_disconnected is specified 111 * @size: the memory consumed by this profiles rules 112 * @policy: general match rules governing policy 113 * @file: The set of rules governing basic file access and domain transitions 114 * @caps: capabilities for the profile
	115 * @net: network controls for the profile
114 * @rlimits: rlimits for the profile 115 * 116 * @dents: dentries for the profiles file entries in apparmorfs 117 * @dirname: name of the profile dir in apparmorfs 118 * @data: hashtable for free-form policy aa_data 119 * 120 * The AppArmor profile contains the basic confinement data. Each profile 121 * has a name, and exists in a namespace. The @name and @exec_match are --- 21 unchanged lines hidden (view full) --- 143 long mode; 144 u32 path_flags; 145 const char *disconnected; 146 int size; 147 148 struct aa_policydb policy; 149 struct aa_file_rules file; 150 struct aa_caps caps;	116 * @rlimits: rlimits for the profile 117 * 118 * @dents: dentries for the profiles file entries in apparmorfs 119 * @dirname: name of the profile dir in apparmorfs 120 * @data: hashtable for free-form policy aa_data 121 * 122 * The AppArmor profile contains the basic confinement data. Each profile 123 * has a name, and exists in a namespace. The @name and @exec_match are --- 21 unchanged lines hidden (view full) --- 145 long mode; 146 u32 path_flags; 147 const char *disconnected; 148 int size; 149 150 struct aa_policydb policy; 151 struct aa_file_rules file; 152 struct aa_caps caps;
	153 struct aa_net net;
151 struct aa_rlimit rlimits; 152 153 struct aa_loaddata rawdata; 154 unsigned char hash; 155 char dirname; 156 struct dentry dents[AAFS_PROF_SIZEOF]; 157 struct rhashtable data; 158 struct aa_label label; --- 56 unchanged lines hidden* (view full) --- 215 unsigned char class) 216{ 217 if (profile->policy.dfa) 218 return aa_dfa_match_len(profile->policy.dfa, 219 profile->policy.start[0], &class, 1); 220 return 0; 221} 222	154 struct aa_rlimit rlimits; 155 156 struct aa_loaddata rawdata; 157 unsigned char hash; 158 char dirname; 159 struct dentry dents[AAFS_PROF_SIZEOF]; 160 struct rhashtable data; 161 struct aa_label label; --- 56 unchanged lines hidden* (view full) --- 218 unsigned char class) 219{ 220 if (profile->policy.dfa) 221 return aa_dfa_match_len(profile->policy.dfa, 222 profile->policy.start[0], &class, 1); 223 return 0; 224} 225
	226static inline unsigned int PROFILE_MEDIATES_AF(struct aa_profile profile, 227 u16 AF) { 228 unsigned int state = PROFILE_MEDIATES(profile, AA_CLASS_NET); 229 u16 be_af = cpu_to_be16(AF); 230 231 if (!state) 232 return 0; 233 return aa_dfa_match_len(profile->policy.dfa, state, (char ) &be_af, 2); 234} 235
223/** 224 * aa_get_profile - increment refcount on profile @p 225 * @p: profile (MAYBE NULL) 226 * 227 * Returns: pointer to @p if @p is NULL will return NULL 228 * Requires: @p must be held with valid refcount when called 229 / 230static inline struct aa_profile aa_get_profile(struct aa_profile p) --- 66 unchanged lines hidden* ---	236/** 237 * aa_get_profile - increment refcount on profile @p 238 * @p: profile (MAYBE NULL) 239 * 240 * Returns: pointer to @p if @p is NULL will return NULL 241 * Requires: @p must be held with valid refcount when called 242 / 243static inline struct aa_profile aa_get_profile(struct aa_profile p) --- 66 unchanged lines hidden* ---