linux-sg2042/security/apparmor/include/policy_unpack.h

/*
 * AppArmor security module
 *
 * This file contains AppArmor policy loading interface function definitions.
 *
 * Copyright (C) 1998-2008 Novell/SUSE
 * Copyright 2009-2010 Canonical Ltd.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation, version 2 of the
 * License.
 */

#ifndef __POLICY_INTERFACE_H
#define __POLICY_INTERFACE_H

#include <linux/list.h>

struct aa_load_ent {
	struct list_head list;
	struct aa_profile *new;
	struct aa_profile *old;
	struct aa_profile *rename;
};

void aa_load_ent_free(struct aa_load_ent *ent);
struct aa_load_ent *aa_load_ent_alloc(void);

#define PACKED_FLAG_HAT		1

#define PACKED_MODE_ENFORCE	0
#define PACKED_MODE_COMPLAIN	1
#define PACKED_MODE_KILL	2
#define PACKED_MODE_UNCONFINED	3

int aa_unpack(void *udata, size_t size, struct list_head *lh, const char **ns);

#endif /* __POLICY_INTERFACE_H */
AppArmor: policy routines for loading and unpacking policy AppArmor policy is loaded in a platform independent flattened binary stream. Verify and unpack the data converting it to the internal format needed for enforcement. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org> 2010-07-30 05:48:02 +08:00			`/*`
			`* AppArmor security module`
			`*`
			`* This file contains AppArmor policy loading interface function definitions.`
			`*`
			`* Copyright (C) 1998-2008 Novell/SUSE`
			`* Copyright 2009-2010 Canonical Ltd.`
			`*`
			`* This program is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU General Public License as`
			`* published by the Free Software Foundation, version 2 of the`
			`* License.`
			`*/`

			`#ifndef __POLICY_INTERFACE_H`
			`#define __POLICY_INTERFACE_H`

apparmor: provide base for multiple profiles to be replaced at once previously profiles had to be loaded one at a time, which could result in cases where a replacement of a set would partially succeed, and then fail resulting in inconsistent policy. Allow multiple profiles to replaced "atomically" so that the replacement either succeeds or fails for the entire set of profiles. Signed-off-by: John Johansen <john.johansen@canonical.com> 2013-07-11 12:05:43 +08:00			`#include <linux/list.h>`

			`struct aa_load_ent {`
			`struct list_head list;`
			`struct aa_profile *new;`
			`struct aa_profile *old;`
			`struct aa_profile *rename;`
			`};`

			`void aa_load_ent_free(struct aa_load_ent *ent);`
			`struct aa_load_ent *aa_load_ent_alloc(void);`

apparmor: allow setting any profile into the unconfined state Allow emulating the default profile behavior from boot, by allowing loading of a profile in the unconfined state into a new NS. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 2013-07-11 12:12:43 +08:00			`#define PACKED_FLAG_HAT 1`

			`#define PACKED_MODE_ENFORCE 0`
			`#define PACKED_MODE_COMPLAIN 1`
			`#define PACKED_MODE_KILL 2`
			`#define PACKED_MODE_UNCONFINED 3`

apparmor: provide base for multiple profiles to be replaced at once previously profiles had to be loaded one at a time, which could result in cases where a replacement of a set would partially succeed, and then fail resulting in inconsistent policy. Allow multiple profiles to replaced "atomically" so that the replacement either succeeds or fails for the entire set of profiles. Signed-off-by: John Johansen <john.johansen@canonical.com> 2013-07-11 12:05:43 +08:00			`int aa_unpack(void udata, size_t size, struct list_head lh, const char **ns);`
AppArmor: policy routines for loading and unpacking policy AppArmor policy is loaded in a platform independent flattened binary stream. Verify and unpack the data converting it to the internal format needed for enforcement. Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org> 2010-07-30 05:48:02 +08:00
			`#endif /* __POLICY_INTERFACE_H */`