diff options
author | John Johansen <john.johansen@canonical.com> | 2017-05-29 21:19:39 +0200 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2017-06-11 02:11:30 +0200 |
commit | 2d679f3cb0eaa6afa0dc97fe6ad3b797e1c1899a (patch) | |
tree | ca5d91a2a68e4354e55115fec21c8dc952440e0e /security/apparmor/include/file.h | |
parent | apparmor: add gerneric permissions struct and support fns (diff) | |
download | linux-2d679f3cb0eaa6afa0dc97fe6ad3b797e1c1899a.tar.xz linux-2d679f3cb0eaa6afa0dc97fe6ad3b797e1c1899a.zip |
apparmor: switch from file_perms to aa_perms
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/include/file.h')
-rw-r--r-- | security/apparmor/include/file.h | 25 |
1 files changed, 4 insertions, 21 deletions
diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h index fb3642a94e3d..365ca7ead133 100644 --- a/security/apparmor/include/file.h +++ b/security/apparmor/include/file.h @@ -90,25 +90,6 @@ struct path_cond { umode_t mode; }; -/* struct file_perms - file permission - * @allow: mask of permissions that are allowed - * @audit: mask of permissions to force an audit message for - * @quiet: mask of permissions to quiet audit messages for - * @kill: mask of permissions that when matched will kill the task - * @xindex: exec transition index if @allow contains MAY_EXEC - * - * The @audit and @queit mask should be mutually exclusive. - */ -struct file_perms { - u32 allow; - u32 audit; - u32 quiet; - u32 kill; - u16 xindex; -}; - -extern struct file_perms nullperms; - #define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill) /* FIXME: split perms from dfa and match this to description @@ -159,7 +140,7 @@ static inline u16 dfa_map_xindex(u16 mask) #define dfa_other_xindex(dfa, state) \ dfa_map_xindex((ACCEPT_TABLE(dfa)[state] >> 14) & 0x3fff) -int aa_audit_file(struct aa_profile *profile, struct file_perms *perms, +int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms, const char *op, u32 request, const char *name, const char *target, kuid_t ouid, const char *info, int error); @@ -182,9 +163,11 @@ struct aa_file_rules { /* TODO: add delegate table */ }; +struct aa_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state, + struct path_cond *cond); unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start, const char *name, struct path_cond *cond, - struct file_perms *perms); + struct aa_perms *perms); int aa_path_perm(const char *op, struct aa_profile *profile, const struct path *path, int flags, u32 request, |