~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/apparmor/include/apparmor.h

Version: ~ [ linux-5.12-rc7 ] ~ [ linux-5.11.13 ] ~ [ linux-5.10.29 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.111 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.186 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.230 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.266 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.266 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.18.140 ] ~ [ linux-3.16.85 ] ~ [ linux-3.14.79 ] ~ [ linux-3.12.74 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * AppArmor security module
  3  *
  4  * This file contains AppArmor basic global and lib definitions
  5  *
  6  * Copyright (C) 1998-2008 Novell/SUSE
  7  * Copyright 2009-2010 Canonical Ltd.
  8  *
  9  * This program is free software; you can redistribute it and/or
 10  * modify it under the terms of the GNU General Public License as
 11  * published by the Free Software Foundation, version 2 of the
 12  * License.
 13  */
 14 
 15 #ifndef __APPARMOR_H
 16 #define __APPARMOR_H
 17 
 18 #include <linux/slab.h>
 19 #include <linux/fs.h>
 20 
 21 #include "match.h"
 22 
 23 /*
 24  * Class of mediation types in the AppArmor policy db
 25  */
 26 #define AA_CLASS_ENTRY          0
 27 #define AA_CLASS_UNKNOWN        1
 28 #define AA_CLASS_FILE           2
 29 #define AA_CLASS_CAP            3
 30 #define AA_CLASS_NET            4
 31 #define AA_CLASS_RLIMITS        5
 32 #define AA_CLASS_DOMAIN         6
 33 
 34 #define AA_CLASS_LAST           AA_CLASS_DOMAIN
 35 
 36 /* Control parameters settable through module/boot flags */
 37 extern enum audit_mode aa_g_audit;
 38 extern bool aa_g_audit_header;
 39 extern bool aa_g_debug;
 40 extern bool aa_g_lock_policy;
 41 extern bool aa_g_logsyscall;
 42 extern bool aa_g_paranoid_load;
 43 extern unsigned int aa_g_path_max;
 44 
 45 /*
 46  * DEBUG remains global (no per profile flag) since it is mostly used in sysctl
 47  * which is not related to profile accesses.
 48  */
 49 
 50 #define AA_DEBUG(fmt, args...)                                          \
 51         do {                                                            \
 52                 if (aa_g_debug && printk_ratelimit())                   \
 53                         printk(KERN_DEBUG "AppArmor: " fmt, ##args);    \
 54         } while (0)
 55 
 56 #define AA_ERROR(fmt, args...)                                          \
 57         do {                                                            \
 58                 if (printk_ratelimit())                                 \
 59                         printk(KERN_ERR "AppArmor: " fmt, ##args);      \
 60         } while (0)
 61 
 62 /* Flag indicating whether initialization completed */
 63 extern int apparmor_initialized __initdata;
 64 
 65 /* fn's in lib */
 66 char *aa_split_fqname(char *args, char **ns_name);
 67 void aa_info_message(const char *str);
 68 void *__aa_kvmalloc(size_t size, gfp_t flags);
 69 
 70 static inline void *kvmalloc(size_t size)
 71 {
 72         return __aa_kvmalloc(size, 0);
 73 }
 74 
 75 static inline void *kvzalloc(size_t size)
 76 {
 77         return __aa_kvmalloc(size, __GFP_ZERO);
 78 }
 79 
 80 /* returns 0 if kref not incremented */
 81 static inline int kref_get_not0(struct kref *kref)
 82 {
 83         return atomic_inc_not_zero(&kref->refcount);
 84 }
 85 
 86 /**
 87  * aa_strneq - compare null terminated @str to a non null terminated substring
 88  * @str: a null terminated string
 89  * @sub: a substring, not necessarily null terminated
 90  * @len: length of @sub to compare
 91  *
 92  * The @str string must be full consumed for this to be considered a match
 93  */
 94 static inline bool aa_strneq(const char *str, const char *sub, int len)
 95 {
 96         return !strncmp(str, sub, len) && !str[len];
 97 }
 98 
 99 /**
100  * aa_dfa_null_transition - step to next state after null character
101  * @dfa: the dfa to match against
102  * @start: the state of the dfa to start matching in
103  *
104  * aa_dfa_null_transition transitions to the next state after a null
105  * character which is not used in standard matching and is only
106  * used to separate pairs.
107  */
108 static inline unsigned int aa_dfa_null_transition(struct aa_dfa *dfa,
109                                                   unsigned int start)
110 {
111         /* the null transition only needs the string's null terminator byte */
112         return aa_dfa_next(dfa, start, 0);
113 }
114 
115 static inline bool mediated_filesystem(struct dentry *dentry)
116 {
117         return !(dentry->d_sb->s_flags & MS_NOUSER);
118 }
119 
120 #endif /* __APPARMOR_H */
121 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp