diff options
| author | John Johansen <john.johansen@canonical.com> | 2017-05-29 21:16:04 +0200 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2017-06-11 02:11:30 +0200 |
| commit | aa9aeea8d4c3dfb9297723c4340671ef88e372d3 (patch) | |
| tree | 5e12bad66f4a0f98043c97b21e866e2edb7d18b3 /security/apparmor/include | |
| parent | apparmor: add fn to test if profile supports a given mediation class (diff) | |
| download | linux-aa9aeea8d4c3dfb9297723c4340671ef88e372d3.tar.xz linux-aa9aeea8d4c3dfb9297723c4340671ef88e372d3.zip | |
apparmor: add gerneric permissions struct and support fns
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/include')
| -rw-r--r-- | security/apparmor/include/audit.h | 4 | ||||
| -rw-r--r-- | security/apparmor/include/perms.h | 34 |
2 files changed, 36 insertions, 2 deletions
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index fdc4774318ba..1aeb8550fb82 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h @@ -107,14 +107,14 @@ struct apparmor_audit_data { void *profile; const char *name; const char *info; + u32 request; + u32 denied; union { /* these entries require a custom callback fn */ struct { struct aa_profile *peer; struct { const char *target; - u32 request; - u32 denied; kuid_t ouid; } fs; }; diff --git a/security/apparmor/include/perms.h b/security/apparmor/include/perms.h index 35e365e7aa75..6ef23212bd66 100644 --- a/security/apparmor/include/perms.h +++ b/security/apparmor/include/perms.h @@ -66,6 +66,40 @@ extern const char aa_file_perm_chrs[]; extern const char *aa_file_perm_names[]; +struct aa_perms { + u32 allow; + u32 audit; /* set only when allow is set */ + + u32 deny; /* explicit deny, or conflict if allow also set */ + u32 quiet; /* set only when ~allow | deny */ + u32 kill; /* set only when ~allow | deny */ + u32 stop; /* set only when ~allow | deny */ + + u32 complain; /* accumulates only used when ~allow & ~deny */ + u32 cond; /* set only when ~allow and ~deny */ + + u32 hide; /* set only when ~allow | deny */ + u32 prompt; /* accumulates only used when ~allow & ~deny */ + + /* Reserved: + * u32 subtree; / * set only when allow is set * / + */ + u16 xindex; +}; + +#define ALL_PERMS_MASK 0xffffffff + +extern struct aa_perms allperms; + +struct aa_profile; + void aa_perm_mask_to_str(char *str, const char *chrs, u32 mask); +void aa_audit_perm_names(struct audit_buffer *ab, const char **names, u32 mask); +void aa_audit_perm_mask(struct audit_buffer *ab, u32 mask, const char *chrs, + u32 chrsmask, const char **names, u32 namesmask); +void aa_apply_modes_to_perms(struct aa_profile *profile, + struct aa_perms *perms); +void aa_compute_perms(struct aa_dfa *dfa, unsigned int state, + struct aa_perms *perms); #endif /* __AA_PERM_H */ |