apparmor/include/policy_unpack.h

0001 /* SPDX-License-Identifier: GPL-2.0-only */
0002 /*
0003  * AppArmor security module
0004  *
0005  * This file contains AppArmor policy loading interface function definitions.
0006  *
0007  * Copyright (C) 1998-2008 Novell/SUSE
0008  * Copyright 2009-2010 Canonical Ltd.
0009  */
0010
0011 #ifndef __POLICY_INTERFACE_H
0012 #define __POLICY_INTERFACE_H
0013
0014 #include <linux/list.h>
0015 #include <linux/kref.h>
0016 #include <linux/dcache.h>
0017 #include <linux/workqueue.h>
0018
0019 struct aa_load_ent {
0020     struct list_head list;
0021     struct aa_profile *new;
0022     struct aa_profile *old;
0023     struct aa_profile *rename;
0024     const char *ns_name;
0025 };
0026
0027 void aa_load_ent_free(struct aa_load_ent *ent);
0028 struct aa_load_ent *aa_load_ent_alloc(void);
0029
0030 #define PACKED_FLAG_HAT     1
0031 #define PACKED_FLAG_DEBUG1  2
0032 #define PACKED_FLAG_DEBUG2  4
0033
0034 #define PACKED_MODE_ENFORCE 0
0035 #define PACKED_MODE_COMPLAIN    1
0036 #define PACKED_MODE_KILL    2
0037 #define PACKED_MODE_UNCONFINED  3
0038
0039 struct aa_ns;
0040
0041 enum {
0042     AAFS_LOADDATA_ABI = 0,
0043     AAFS_LOADDATA_REVISION,
0044     AAFS_LOADDATA_HASH,
0045     AAFS_LOADDATA_DATA,
0046     AAFS_LOADDATA_COMPRESSED_SIZE,
0047     AAFS_LOADDATA_DIR,      /* must be last actual entry */
0048     AAFS_LOADDATA_NDENTS        /* count of entries */
0049 };
0050
0051 /*
0052  * struct aa_loaddata - buffer of policy raw_data set
0053  *
0054  * there is no loaddata ref for being on ns list, nor a ref from
0055  * d_inode(@dentry) when grab a ref from these, @ns->lock must be held
0056  * && __aa_get_loaddata() needs to be used, and the return value
0057  * checked, if NULL the loaddata is already being reaped and should be
0058  * considered dead.
0059  */
0060 struct aa_loaddata {
0061     struct kref count;
0062     struct list_head list;
0063     struct work_struct work;
0064     struct dentry *dents[AAFS_LOADDATA_NDENTS];
0065     struct aa_ns *ns;
0066     char *name;
0067     size_t size;            /* the original size of the payload */
0068     size_t compressed_size;     /* the compressed size of the payload */
0069     long revision;          /* the ns policy revision this caused */
0070     int abi;
0071     unsigned char *hash;
0072
0073     /* Pointer to payload. If @compressed_size > 0, then this is the
0074      * compressed version of the payload, else it is the uncompressed
0075      * version (with the size indicated by @size).
0076      */
0077     char *data;
0078 };
0079
0080 int aa_unpack(struct aa_loaddata *udata, struct list_head *lh, const char **ns);
0081
0082 /**
0083  * __aa_get_loaddata - get a reference count to uncounted data reference
0084  * @data: reference to get a count on
0085  *
0086  * Returns: pointer to reference OR NULL if race is lost and reference is
0087  *          being repeated.
0088  * Requires: @data->ns->lock held, and the return code MUST be checked
0089  *
0090  * Use only from inode->i_private and @data->list found references
0091  */
0092 static inline struct aa_loaddata *
0093 __aa_get_loaddata(struct aa_loaddata *data)
0094 {
0095     if (data && kref_get_unless_zero(&(data->count)))
0096         return data;
0097
0098     return NULL;
0099 }
0100
0101 /**
0102  * aa_get_loaddata - get a reference count from a counted data reference
0103  * @data: reference to get a count on
0104  *
0105  * Returns: point to reference
0106  * Requires: @data to have a valid reference count on it. It is a bug
0107  *           if the race to reap can be encountered when it is used.
0108  */
0109 static inline struct aa_loaddata *
0110 aa_get_loaddata(struct aa_loaddata *data)
0111 {
0112     struct aa_loaddata *tmp = __aa_get_loaddata(data);
0113
0114     AA_BUG(data && !tmp);
0115
0116     return tmp;
0117 }
0118
0119 void __aa_loaddata_update(struct aa_loaddata *data, long revision);
0120 bool aa_rawdata_eq(struct aa_loaddata *l, struct aa_loaddata *r);
0121 void aa_loaddata_kref(struct kref *kref);
0122 struct aa_loaddata *aa_loaddata_alloc(size_t size);
0123 static inline void aa_put_loaddata(struct aa_loaddata *data)
0124 {
0125     if (data)
0126         kref_put(&data->count, aa_loaddata_kref);
0127 }
0128
0129 #endif /* __POLICY_INTERFACE_H */