1
/* SPDX-License-Identifier: GPL-2.0-only */
2
/*
3
 * AppArmor security module
4
 *
5
 * This file contains AppArmor filesystem definitions.
6
 *
7
 * Copyright (C) 1998-2008 Novell/SUSE
8
 * Copyright 2009-2010 Canonical Ltd.
9
 */
10

11
#ifndef __AA_APPARMORFS_H
12
#define __AA_APPARMORFS_H
13

14
extern struct path aa_null;
15

16
enum aa_sfs_type {
17
	AA_SFS_TYPE_BOOLEAN,
18
	AA_SFS_TYPE_STRING,
19
	AA_SFS_TYPE_U64,
20
	AA_SFS_TYPE_FOPS,
21
	AA_SFS_TYPE_DIR,
22
};
23

24
struct aa_sfs_entry;
25

26
struct aa_sfs_entry {
27
	const char *name;
28
	struct dentry *dentry;
29
	umode_t mode;
30
	enum aa_sfs_type v_type;
31
	union {
32
		bool boolean;
33
		char *string;
34
		unsigned long u64;
35
		struct aa_sfs_entry *files;
36
	} v;
37
	const struct file_operations *file_ops;
38
};
39

40
extern const struct file_operations aa_sfs_seq_file_ops;
41

42
#define AA_SFS_FILE_BOOLEAN(_name, _value) \
43
	{ .name = (_name), .mode = 0444, \
44
	  .v_type = AA_SFS_TYPE_BOOLEAN, .v.boolean = (_value), \
45
	  .file_ops = &aa_sfs_seq_file_ops }
46
#define AA_SFS_FILE_STRING(_name, _value) \
47
	{ .name = (_name), .mode = 0444, \
48
	  .v_type = AA_SFS_TYPE_STRING, .v.string = (_value), \
49
	  .file_ops = &aa_sfs_seq_file_ops }
50
#define AA_SFS_FILE_U64(_name, _value) \
51
	{ .name = (_name), .mode = 0444, \
52
	  .v_type = AA_SFS_TYPE_U64, .v.u64 = (_value), \
53
	  .file_ops = &aa_sfs_seq_file_ops }
54
#define AA_SFS_FILE_FOPS(_name, _mode, _fops) \
55
	{ .name = (_name), .v_type = AA_SFS_TYPE_FOPS, \
56
	  .mode = (_mode), .file_ops = (_fops) }
57
#define AA_SFS_DIR(_name, _value) \
58
	{ .name = (_name), .v_type = AA_SFS_TYPE_DIR, .v.files = (_value) }
59

60
extern void __init aa_destroy_aafs(void);
61

62
struct aa_profile;
63
struct aa_ns;
64

65
enum aafs_ns_type {
66
	AAFS_NS_DIR,
67
	AAFS_NS_PROFS,
68
	AAFS_NS_NS,
69
	AAFS_NS_RAW_DATA,
70
	AAFS_NS_LOAD,
71
	AAFS_NS_REPLACE,
72
	AAFS_NS_REMOVE,
73
	AAFS_NS_REVISION,
74
	AAFS_NS_COUNT,
75
	AAFS_NS_MAX_COUNT,
76
	AAFS_NS_SIZE,
77
	AAFS_NS_MAX_SIZE,
78
	AAFS_NS_OWNER,
79
	AAFS_NS_SIZEOF,
80
};
81

82
enum aafs_prof_type {
83
	AAFS_PROF_DIR,
84
	AAFS_PROF_PROFS,
85
	AAFS_PROF_NAME,
86
	AAFS_PROF_MODE,
87
	AAFS_PROF_ATTACH,
88
	AAFS_PROF_HASH,
89
	AAFS_PROF_RAW_DATA,
90
	AAFS_PROF_RAW_HASH,
91
	AAFS_PROF_RAW_ABI,
92
	AAFS_PROF_SIZEOF,
93
};
94

95
#define ns_dir(X) ((X)->dents[AAFS_NS_DIR])
96
#define ns_subns_dir(X) ((X)->dents[AAFS_NS_NS])
97
#define ns_subprofs_dir(X) ((X)->dents[AAFS_NS_PROFS])
98
#define ns_subdata_dir(X) ((X)->dents[AAFS_NS_RAW_DATA])
99
#define ns_subload(X) ((X)->dents[AAFS_NS_LOAD])
100
#define ns_subreplace(X) ((X)->dents[AAFS_NS_REPLACE])
101
#define ns_subremove(X) ((X)->dents[AAFS_NS_REMOVE])
102
#define ns_subrevision(X) ((X)->dents[AAFS_NS_REVISION])
103

104
#define prof_dir(X) ((X)->dents[AAFS_PROF_DIR])
105
#define prof_child_dir(X) ((X)->dents[AAFS_PROF_PROFS])
106

107
void __aa_bump_ns_revision(struct aa_ns *ns);
108
void __aafs_profile_rmdir(struct aa_profile *profile);
109
void __aafs_profile_migrate_dents(struct aa_profile *old,
110
				   struct aa_profile *new);
111
int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent);
112
void __aafs_ns_rmdir(struct aa_ns *ns);
113
int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name,
114
		     struct dentry *dent);
115

116
struct aa_loaddata;
117

118
#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
119
void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata);
120
int __aa_fs_create_rawdata(struct aa_ns *ns, struct aa_loaddata *rawdata);
121
#else
122
static inline void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata)
123
{
124
	/* empty stub */
125
}
126

127
static inline int __aa_fs_create_rawdata(struct aa_ns *ns,
128
					 struct aa_loaddata *rawdata)
129
{
130
	return 0;
131
}
132
#endif /* CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
133

134
#endif /* __AA_APPARMORFS_H */
135

136