root/security/apparmor/include/policy_unpack.h

INCLUDED FROM

DEFINITIONS

1. __aa_get_loaddata
2. aa_get_loaddata
3. aa_put_loaddata

   1 /* SPDX-License-Identifier: GPL-2.0-only */
   2 /*
   3  * AppArmor security module
   4  *
   5  * This file contains AppArmor policy loading interface function definitions.
   6  *
   7  * Copyright (C) 1998-2008 Novell/SUSE
   8  * Copyright 2009-2010 Canonical Ltd.
   9  */
  10 
  11 #ifndef __POLICY_INTERFACE_H
  12 #define __POLICY_INTERFACE_H
  13 
  14 #include <linux/list.h>
  15 #include <linux/kref.h>
  16 #include <linux/dcache.h>
  17 #include <linux/workqueue.h>
  18 
  19 struct aa_load_ent {
  20         struct list_head list;
  21         struct aa_profile *new;
  22         struct aa_profile *old;
  23         struct aa_profile *rename;
  24         const char *ns_name;
  25 };
  26 
  27 void aa_load_ent_free(struct aa_load_ent *ent);
  28 struct aa_load_ent *aa_load_ent_alloc(void);
  29 
  30 #define PACKED_FLAG_HAT         1
  31 
  32 #define PACKED_MODE_ENFORCE     0
  33 #define PACKED_MODE_COMPLAIN    1
  34 #define PACKED_MODE_KILL        2
  35 #define PACKED_MODE_UNCONFINED  3
  36 
  37 struct aa_ns;
  38 
  39 enum {
  40         AAFS_LOADDATA_ABI = 0,
  41         AAFS_LOADDATA_REVISION,
  42         AAFS_LOADDATA_HASH,
  43         AAFS_LOADDATA_DATA,
  44         AAFS_LOADDATA_DIR,              /* must be last actual entry */
  45         AAFS_LOADDATA_NDENTS            /* count of entries */
  46 };
  47 
  48 /*
  49  * struct aa_loaddata - buffer of policy raw_data set
  50  *
  51  * there is no loaddata ref for being on ns list, nor a ref from
  52  * d_inode(@dentry) when grab a ref from these, @ns->lock must be held
  53  * && __aa_get_loaddata() needs to be used, and the return value
  54  * checked, if NULL the loaddata is already being reaped and should be
  55  * considered dead.
  56  */
  57 struct aa_loaddata {
  58         struct kref count;
  59         struct list_head list;
  60         struct work_struct work;
  61         struct dentry *dents[AAFS_LOADDATA_NDENTS];
  62         struct aa_ns *ns;
  63         char *name;
  64         size_t size;
  65         long revision;                  /* the ns policy revision this caused */
  66         int abi;
  67         unsigned char *hash;
  68 
  69         char *data;
  70 };
  71 
  72 int aa_unpack(struct aa_loaddata *udata, struct list_head *lh, const char **ns);
  73 
  74 /**
  75  * __aa_get_loaddata - get a reference count to uncounted data reference
  76  * @data: reference to get a count on
  77  *
  78  * Returns: pointer to reference OR NULL if race is lost and reference is
  79  *          being repeated.
  80  * Requires: @data->ns->lock held, and the return code MUST be checked
  81  *
  82  * Use only from inode->i_private and @data->list found references
  83  */
  84 static inline struct aa_loaddata *
  85 __aa_get_loaddata(struct aa_loaddata *data)
  86 {
  87         if (data && kref_get_unless_zero(&(data->count)))
  88                 return data;
  89 
  90         return NULL;
  91 }
  92 
  93 /**
  94  * aa_get_loaddata - get a reference count from a counted data reference
  95  * @data: reference to get a count on
  96  *
  97  * Returns: point to reference
  98  * Requires: @data to have a valid reference count on it. It is a bug
  99  *           if the race to reap can be encountered when it is used.
 100  */
 101 static inline struct aa_loaddata *
 102 aa_get_loaddata(struct aa_loaddata *data)
 103 {
 104         struct aa_loaddata *tmp = __aa_get_loaddata(data);
 105 
 106         AA_BUG(data && !tmp);
 107 
 108         return tmp;
 109 }
 110 
 111 void __aa_loaddata_update(struct aa_loaddata *data, long revision);
 112 bool aa_rawdata_eq(struct aa_loaddata *l, struct aa_loaddata *r);
 113 void aa_loaddata_kref(struct kref *kref);
 114 struct aa_loaddata *aa_loaddata_alloc(size_t size);
 115 static inline void aa_put_loaddata(struct aa_loaddata *data)
 116 {
 117         if (data)
 118                 kref_put(&data->count, aa_loaddata_kref);
 119 }
 120 
 121 #endif /* __POLICY_INTERFACE_H */