Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
awilliam
GitHub Repository: awilliam/linux-vfio
 Path: blob/master/security/apparmor/include/apparmor.h
10817 views
1
/*

2
 * AppArmor security module

3
 *

4
 * This file contains AppArmor basic global and lib definitions

5
 *

6
 * Copyright (C) 1998-2008 Novell/SUSE

7
 * Copyright 2009-2010 Canonical Ltd.

8
 *

9
 * This program is free software; you can redistribute it and/or

10
 * modify it under the terms of the GNU General Public License as

11
 * published by the Free Software Foundation, version 2 of the

12
 * License.

13
 */

14


15
#ifndef __APPARMOR_H

16
#define __APPARMOR_H

17


18
#include <linux/fs.h>

19


20
#include "match.h"

21


22
/* Control parameters settable through module/boot flags */

23
extern enum audit_mode aa_g_audit;

24
extern int aa_g_audit_header;

25
extern int aa_g_debug;

26
extern int aa_g_lock_policy;

27
extern int aa_g_logsyscall;

28
extern int aa_g_paranoid_load;

29
extern unsigned int aa_g_path_max;

30


31
/*

32
 * DEBUG remains global (no per profile flag) since it is mostly used in sysctl

33
 * which is not related to profile accesses.

34
 */

35


36
#define AA_DEBUG(fmt, args...)						\

37
	do {								\

38
		if (aa_g_debug && printk_ratelimit())			\

39
			printk(KERN_DEBUG "AppArmor: " fmt, ##args);	\

40
	} while (0)

41


42
#define AA_ERROR(fmt, args...)						\

43
	do {								\

44
		if (printk_ratelimit())					\

45
			printk(KERN_ERR "AppArmor: " fmt, ##args);	\

46
	} while (0)

47


48
/* Flag indicating whether initialization completed */

49
extern int apparmor_initialized __initdata;

50


51
/* fn's in lib */

52
char *aa_split_fqname(char *args, char **ns_name);

53
void aa_info_message(const char *str);

54
void *kvmalloc(size_t size);

55
void kvfree(void *buffer);

56


57


58
/**

59
 * aa_strneq - compare null terminated @str to a non null terminated substring

60
 * @str: a null terminated string

61
 * @sub: a substring, not necessarily null terminated

62
 * @len: length of @sub to compare

63
 *

64
 * The @str string must be full consumed for this to be considered a match

65
 */

66
static inline bool aa_strneq(const char *str, const char *sub, int len)

67
{

68
	return !strncmp(str, sub, len) && !str[len];

69
}

70


71
/**

72
 * aa_dfa_null_transition - step to next state after null character

73
 * @dfa: the dfa to match against

74
 * @start: the state of the dfa to start matching in

75
 *

76
 * aa_dfa_null_transition transitions to the next state after a null

77
 * character which is not used in standard matching and is only

78
 * used to separate pairs.

79
 */

80
static inline unsigned int aa_dfa_null_transition(struct aa_dfa *dfa,

81
						  unsigned int start)

82
{

83
	/* the null transition only needs the string's null terminator byte */

84
	return aa_dfa_match_len(dfa, start, "", 1);

85
}

86


87
static inline bool mediated_filesystem(struct inode *inode)

88
{

89
	return !(inode->i_sb->s_flags & MS_NOUSER);

90
}

91


92
#endif /* __APPARMOR_H */

93


94