Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
apparmor.h
Go to the documentation of this file.
1 /*
2  * AppArmor security module
3  *
4  * This file contains AppArmor basic global and lib definitions
5  *
6  * Copyright (C) 1998-2008 Novell/SUSE
7  * Copyright 2009-2010 Canonical Ltd.
8  *
9  * This program is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU General Public License as
11  * published by the Free Software Foundation, version 2 of the
12  * License.
13  */
14 
15 #ifndef __APPARMOR_H
16 #define __APPARMOR_H
17 
18 #include <linux/fs.h>
19 
20 #include "match.h"
21 
22 /*
23  * Class of mediation types in the AppArmor policy db
24  */
25 #define AA_CLASS_ENTRY 0
26 #define AA_CLASS_UNKNOWN 1
27 #define AA_CLASS_FILE 2
28 #define AA_CLASS_CAP 3
29 #define AA_CLASS_NET 4
30 #define AA_CLASS_RLIMITS 5
31 #define AA_CLASS_DOMAIN 6
32 
33 #define AA_CLASS_LAST AA_CLASS_DOMAIN
34 
35 /* Control parameters settable through module/boot flags */
36 extern enum audit_mode aa_g_audit;
37 extern bool aa_g_audit_header;
38 extern bool aa_g_debug;
39 extern bool aa_g_lock_policy;
40 extern bool aa_g_logsyscall;
41 extern bool aa_g_paranoid_load;
42 extern unsigned int aa_g_path_max;
43 
44 /*
45  * DEBUG remains global (no per profile flag) since it is mostly used in sysctl
46  * which is not related to profile accesses.
47  */
48 
49 #define AA_DEBUG(fmt, args...) \
50  do { \
51  if (aa_g_debug && printk_ratelimit()) \
52  printk(KERN_DEBUG "AppArmor: " fmt, ##args); \
53  } while (0)
54 
55 #define AA_ERROR(fmt, args...) \
56  do { \
57  if (printk_ratelimit()) \
58  printk(KERN_ERR "AppArmor: " fmt, ##args); \
59  } while (0)
60 
61 /* Flag indicating whether initialization completed */
62 extern int apparmor_initialized __initdata;
63 
64 /* fn's in lib */
65 char *aa_split_fqname(char *args, char **ns_name);
66 void aa_info_message(const char *str);
67 void *kvmalloc(size_t size);
68 void kvfree(void *buffer);
69 
70 
79 static inline bool aa_strneq(const char *str, const char *sub, int len)
80 {
81  return !strncmp(str, sub, len) && !str[len];
82 }
83 
93 static inline unsigned int aa_dfa_null_transition(struct aa_dfa *dfa,
94  unsigned int start)
95 {
96  /* the null transition only needs the string's null terminator byte */
97  return aa_dfa_next(dfa, start, 0);
98 }
99 
100 static inline bool mediated_filesystem(struct inode *inode)
101 {
102  return !(inode->i_sb->s_flags & MS_NOUSER);
103 }
104 
105 #endif /* __APPARMOR_H */
Generated on Thu Jan 10 2013 15:03:05 for Linux Kernel by   doxygen 1.8.2