summaryrefslogtreecommitdiffstats
path: root/security/apparmor/include/file.h
diff options
context:
space:
mode:
authorJohn Johansen <john.johansen@canonical.com>2017-05-29 21:19:39 +0200
committerJohn Johansen <john.johansen@canonical.com>2017-06-11 02:11:30 +0200
commit2d679f3cb0eaa6afa0dc97fe6ad3b797e1c1899a (patch)
treeca5d91a2a68e4354e55115fec21c8dc952440e0e /security/apparmor/include/file.h
parentapparmor: add gerneric permissions struct and support fns (diff)
downloadlinux-2d679f3cb0eaa6afa0dc97fe6ad3b797e1c1899a.tar.xz
linux-2d679f3cb0eaa6afa0dc97fe6ad3b797e1c1899a.zip
apparmor: switch from file_perms to aa_perms
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/include/file.h')
-rw-r--r--security/apparmor/include/file.h25
1 files changed, 4 insertions, 21 deletions
diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h
index fb3642a94e3d..365ca7ead133 100644
--- a/security/apparmor/include/file.h
+++ b/security/apparmor/include/file.h
@@ -90,25 +90,6 @@ struct path_cond {
umode_t mode;
};
-/* struct file_perms - file permission
- * @allow: mask of permissions that are allowed
- * @audit: mask of permissions to force an audit message for
- * @quiet: mask of permissions to quiet audit messages for
- * @kill: mask of permissions that when matched will kill the task
- * @xindex: exec transition index if @allow contains MAY_EXEC
- *
- * The @audit and @queit mask should be mutually exclusive.
- */
-struct file_perms {
- u32 allow;
- u32 audit;
- u32 quiet;
- u32 kill;
- u16 xindex;
-};
-
-extern struct file_perms nullperms;
-
#define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill)
/* FIXME: split perms from dfa and match this to description
@@ -159,7 +140,7 @@ static inline u16 dfa_map_xindex(u16 mask)
#define dfa_other_xindex(dfa, state) \
dfa_map_xindex((ACCEPT_TABLE(dfa)[state] >> 14) & 0x3fff)
-int aa_audit_file(struct aa_profile *profile, struct file_perms *perms,
+int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms,
const char *op, u32 request, const char *name,
const char *target, kuid_t ouid, const char *info, int error);
@@ -182,9 +163,11 @@ struct aa_file_rules {
/* TODO: add delegate table */
};
+struct aa_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state,
+ struct path_cond *cond);
unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start,
const char *name, struct path_cond *cond,
- struct file_perms *perms);
+ struct aa_perms *perms);
int aa_path_perm(const char *op, struct aa_profile *profile,
const struct path *path, int flags, u32 request,