1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0-only */ 2*4882a593Smuzhiyun /* 3*4882a593Smuzhiyun * AppArmor security module 4*4882a593Smuzhiyun * 5*4882a593Smuzhiyun * This file contains AppArmor filesystem definitions. 6*4882a593Smuzhiyun * 7*4882a593Smuzhiyun * Copyright (C) 1998-2008 Novell/SUSE 8*4882a593Smuzhiyun * Copyright 2009-2010 Canonical Ltd. 9*4882a593Smuzhiyun */ 10*4882a593Smuzhiyun 11*4882a593Smuzhiyun #ifndef __AA_APPARMORFS_H 12*4882a593Smuzhiyun #define __AA_APPARMORFS_H 13*4882a593Smuzhiyun 14*4882a593Smuzhiyun extern struct path aa_null; 15*4882a593Smuzhiyun 16*4882a593Smuzhiyun enum aa_sfs_type { 17*4882a593Smuzhiyun AA_SFS_TYPE_BOOLEAN, 18*4882a593Smuzhiyun AA_SFS_TYPE_STRING, 19*4882a593Smuzhiyun AA_SFS_TYPE_U64, 20*4882a593Smuzhiyun AA_SFS_TYPE_FOPS, 21*4882a593Smuzhiyun AA_SFS_TYPE_DIR, 22*4882a593Smuzhiyun }; 23*4882a593Smuzhiyun 24*4882a593Smuzhiyun struct aa_sfs_entry; 25*4882a593Smuzhiyun 26*4882a593Smuzhiyun struct aa_sfs_entry { 27*4882a593Smuzhiyun const char *name; 28*4882a593Smuzhiyun struct dentry *dentry; 29*4882a593Smuzhiyun umode_t mode; 30*4882a593Smuzhiyun enum aa_sfs_type v_type; 31*4882a593Smuzhiyun union { 32*4882a593Smuzhiyun bool boolean; 33*4882a593Smuzhiyun char *string; 34*4882a593Smuzhiyun unsigned long u64; 35*4882a593Smuzhiyun struct aa_sfs_entry *files; 36*4882a593Smuzhiyun } v; 37*4882a593Smuzhiyun const struct file_operations *file_ops; 38*4882a593Smuzhiyun }; 39*4882a593Smuzhiyun 40*4882a593Smuzhiyun extern const struct file_operations aa_sfs_seq_file_ops; 41*4882a593Smuzhiyun 42*4882a593Smuzhiyun #define AA_SFS_FILE_BOOLEAN(_name, _value) \ 43*4882a593Smuzhiyun { .name = (_name), .mode = 0444, \ 44*4882a593Smuzhiyun .v_type = AA_SFS_TYPE_BOOLEAN, .v.boolean = (_value), \ 45*4882a593Smuzhiyun .file_ops = &aa_sfs_seq_file_ops } 46*4882a593Smuzhiyun #define AA_SFS_FILE_STRING(_name, _value) \ 47*4882a593Smuzhiyun { .name = (_name), .mode = 0444, \ 48*4882a593Smuzhiyun .v_type = AA_SFS_TYPE_STRING, .v.string = (_value), \ 49*4882a593Smuzhiyun .file_ops = &aa_sfs_seq_file_ops } 50*4882a593Smuzhiyun #define AA_SFS_FILE_U64(_name, _value) \ 51*4882a593Smuzhiyun { .name = (_name), .mode = 0444, \ 52*4882a593Smuzhiyun .v_type = AA_SFS_TYPE_U64, .v.u64 = (_value), \ 53*4882a593Smuzhiyun .file_ops = &aa_sfs_seq_file_ops } 54*4882a593Smuzhiyun #define AA_SFS_FILE_FOPS(_name, _mode, _fops) \ 55*4882a593Smuzhiyun { .name = (_name), .v_type = AA_SFS_TYPE_FOPS, \ 56*4882a593Smuzhiyun .mode = (_mode), .file_ops = (_fops) } 57*4882a593Smuzhiyun #define AA_SFS_DIR(_name, _value) \ 58*4882a593Smuzhiyun { .name = (_name), .v_type = AA_SFS_TYPE_DIR, .v.files = (_value) } 59*4882a593Smuzhiyun 60*4882a593Smuzhiyun extern void __init aa_destroy_aafs(void); 61*4882a593Smuzhiyun 62*4882a593Smuzhiyun struct aa_profile; 63*4882a593Smuzhiyun struct aa_ns; 64*4882a593Smuzhiyun 65*4882a593Smuzhiyun enum aafs_ns_type { 66*4882a593Smuzhiyun AAFS_NS_DIR, 67*4882a593Smuzhiyun AAFS_NS_PROFS, 68*4882a593Smuzhiyun AAFS_NS_NS, 69*4882a593Smuzhiyun AAFS_NS_RAW_DATA, 70*4882a593Smuzhiyun AAFS_NS_LOAD, 71*4882a593Smuzhiyun AAFS_NS_REPLACE, 72*4882a593Smuzhiyun AAFS_NS_REMOVE, 73*4882a593Smuzhiyun AAFS_NS_REVISION, 74*4882a593Smuzhiyun AAFS_NS_COUNT, 75*4882a593Smuzhiyun AAFS_NS_MAX_COUNT, 76*4882a593Smuzhiyun AAFS_NS_SIZE, 77*4882a593Smuzhiyun AAFS_NS_MAX_SIZE, 78*4882a593Smuzhiyun AAFS_NS_OWNER, 79*4882a593Smuzhiyun AAFS_NS_SIZEOF, 80*4882a593Smuzhiyun }; 81*4882a593Smuzhiyun 82*4882a593Smuzhiyun enum aafs_prof_type { 83*4882a593Smuzhiyun AAFS_PROF_DIR, 84*4882a593Smuzhiyun AAFS_PROF_PROFS, 85*4882a593Smuzhiyun AAFS_PROF_NAME, 86*4882a593Smuzhiyun AAFS_PROF_MODE, 87*4882a593Smuzhiyun AAFS_PROF_ATTACH, 88*4882a593Smuzhiyun AAFS_PROF_HASH, 89*4882a593Smuzhiyun AAFS_PROF_RAW_DATA, 90*4882a593Smuzhiyun AAFS_PROF_RAW_HASH, 91*4882a593Smuzhiyun AAFS_PROF_RAW_ABI, 92*4882a593Smuzhiyun AAFS_PROF_SIZEOF, 93*4882a593Smuzhiyun }; 94*4882a593Smuzhiyun 95*4882a593Smuzhiyun #define ns_dir(X) ((X)->dents[AAFS_NS_DIR]) 96*4882a593Smuzhiyun #define ns_subns_dir(X) ((X)->dents[AAFS_NS_NS]) 97*4882a593Smuzhiyun #define ns_subprofs_dir(X) ((X)->dents[AAFS_NS_PROFS]) 98*4882a593Smuzhiyun #define ns_subdata_dir(X) ((X)->dents[AAFS_NS_RAW_DATA]) 99*4882a593Smuzhiyun #define ns_subload(X) ((X)->dents[AAFS_NS_LOAD]) 100*4882a593Smuzhiyun #define ns_subreplace(X) ((X)->dents[AAFS_NS_REPLACE]) 101*4882a593Smuzhiyun #define ns_subremove(X) ((X)->dents[AAFS_NS_REMOVE]) 102*4882a593Smuzhiyun #define ns_subrevision(X) ((X)->dents[AAFS_NS_REVISION]) 103*4882a593Smuzhiyun 104*4882a593Smuzhiyun #define prof_dir(X) ((X)->dents[AAFS_PROF_DIR]) 105*4882a593Smuzhiyun #define prof_child_dir(X) ((X)->dents[AAFS_PROF_PROFS]) 106*4882a593Smuzhiyun 107*4882a593Smuzhiyun void __aa_bump_ns_revision(struct aa_ns *ns); 108*4882a593Smuzhiyun void __aafs_profile_rmdir(struct aa_profile *profile); 109*4882a593Smuzhiyun void __aafs_profile_migrate_dents(struct aa_profile *old, 110*4882a593Smuzhiyun struct aa_profile *new); 111*4882a593Smuzhiyun int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent); 112*4882a593Smuzhiyun void __aafs_ns_rmdir(struct aa_ns *ns); 113*4882a593Smuzhiyun int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name, 114*4882a593Smuzhiyun struct dentry *dent); 115*4882a593Smuzhiyun 116*4882a593Smuzhiyun struct aa_loaddata; 117*4882a593Smuzhiyun void __aa_fs_remove_rawdata(struct aa_loaddata *rawdata); 118*4882a593Smuzhiyun int __aa_fs_create_rawdata(struct aa_ns *ns, struct aa_loaddata *rawdata); 119*4882a593Smuzhiyun 120*4882a593Smuzhiyun #endif /* __AA_APPARMORFS_H */ 121