1
/* SPDX-License-Identifier: GPL-2.0-only */
2
/*
3
 * AppArmor security module
4
 *
5
 * This file contains AppArmor file mediation function definitions.
6
 *
7
 * Copyright 2017 Canonical Ltd.
8
 */
9

10
#ifndef __AA_MOUNT_H
11
#define __AA_MOUNT_H
12

13
#include <linux/fs.h>
14
#include <linux/path.h>
15

16
#include "domain.h"
17
#include "policy.h"
18

19
/* mount perms */
20
#define AA_MAY_PIVOTROOT	0x01
21
#define AA_MAY_MOUNT		0x02
22
#define AA_MAY_UMOUNT		0x04
23
#define AA_AUDIT_DATA		0x40
24
#define AA_MNT_CONT_MATCH	0x40
25

26
#define AA_MS_IGNORE_MASK (MS_KERNMOUNT | MS_NOSEC | MS_ACTIVE | MS_BORN)
27

28
int aa_remount(const struct cred *subj_cred,
29
	       struct aa_label *label, const struct path *path,
30
	       unsigned long flags, void *data);
31

32
int aa_bind_mount(const struct cred *subj_cred,
33
		  struct aa_label *label, const struct path *path,
34
		  const char *old_name, unsigned long flags);
35

36

37
int aa_mount_change_type(const struct cred *subj_cred,
38
			 struct aa_label *label, const struct path *path,
39
			 unsigned long flags);
40

41
int aa_move_mount_old(const struct cred *subj_cred,
42
		      struct aa_label *label, const struct path *path,
43
		      const char *old_name);
44
int aa_move_mount(const struct cred *subj_cred,
45
		  struct aa_label *label, const struct path *from_path,
46
		  const struct path *to_path);
47

48
int aa_new_mount(const struct cred *subj_cred,
49
		 struct aa_label *label, const char *dev_name,
50
		 const struct path *path, const char *type, unsigned long flags,
51
		 void *data);
52

53
int aa_umount(const struct cred *subj_cred,
54
	      struct aa_label *label, struct vfsmount *mnt, int flags);
55

56
int aa_pivotroot(const struct cred *subj_cred,
57
		 struct aa_label *label, const struct path *old_path,
58
		 const struct path *new_path);
59

60
#endif /* __AA_MOUNT_H */
61

62