Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
12557dcb
Commit
12557dcb
authored
Jan 16, 2017
by
John Johansen
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
apparmor: move lib definitions into separate lib include
Signed-off-by:
John Johansen
<
john.johansen@canonical.com
>
parent
8486adf0
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
99 additions
and
82 deletions
+99
-82
security/apparmor/include/apparmor.h
security/apparmor/include/apparmor.h
+2
-80
security/apparmor/include/lib.h
security/apparmor/include/lib.h
+94
-0
security/apparmor/include/policy.h
security/apparmor/include/policy.h
+1
-0
security/apparmor/lib.c
security/apparmor/lib.c
+1
-1
security/apparmor/match.c
security/apparmor/match.c
+1
-1
No files found.
security/apparmor/include/apparmor.h
View file @
12557dcb
/*
* AppArmor security module
*
* This file contains AppArmor basic global
and lib definitions
* This file contains AppArmor basic global
*
* Copyright (C) 1998-2008 Novell/SUSE
* Copyright 2009-2010 Canonical Ltd.
...
...
@@ -15,10 +15,7 @@
#ifndef __APPARMOR_H
#define __APPARMOR_H
#include <linux/slab.h>
#include <linux/fs.h>
#include "match.h"
#include <linux/types.h>
/*
* Class of mediation types in the AppArmor policy db
...
...
@@ -43,79 +40,4 @@ extern bool aa_g_logsyscall;
extern
bool
aa_g_paranoid_load
;
extern
unsigned
int
aa_g_path_max
;
/*
* DEBUG remains global (no per profile flag) since it is mostly used in sysctl
* which is not related to profile accesses.
*/
#define AA_DEBUG(fmt, args...) \
do { \
if (aa_g_debug && printk_ratelimit()) \
printk(KERN_DEBUG "AppArmor: " fmt, ##args); \
} while (0)
#define AA_ERROR(fmt, args...) \
do { \
if (printk_ratelimit()) \
printk(KERN_ERR "AppArmor: " fmt, ##args); \
} while (0)
/* Flag indicating whether initialization completed */
extern
int
apparmor_initialized
__initdata
;
/* fn's in lib */
char
*
aa_split_fqname
(
char
*
args
,
char
**
ns_name
);
void
aa_info_message
(
const
char
*
str
);
void
*
__aa_kvmalloc
(
size_t
size
,
gfp_t
flags
);
static
inline
void
*
kvmalloc
(
size_t
size
)
{
return
__aa_kvmalloc
(
size
,
0
);
}
static
inline
void
*
kvzalloc
(
size_t
size
)
{
return
__aa_kvmalloc
(
size
,
__GFP_ZERO
);
}
/* returns 0 if kref not incremented */
static
inline
int
kref_get_not0
(
struct
kref
*
kref
)
{
return
atomic_inc_not_zero
(
&
kref
->
refcount
);
}
/**
* aa_strneq - compare null terminated @str to a non null terminated substring
* @str: a null terminated string
* @sub: a substring, not necessarily null terminated
* @len: length of @sub to compare
*
* The @str string must be full consumed for this to be considered a match
*/
static
inline
bool
aa_strneq
(
const
char
*
str
,
const
char
*
sub
,
int
len
)
{
return
!
strncmp
(
str
,
sub
,
len
)
&&
!
str
[
len
];
}
/**
* aa_dfa_null_transition - step to next state after null character
* @dfa: the dfa to match against
* @start: the state of the dfa to start matching in
*
* aa_dfa_null_transition transitions to the next state after a null
* character which is not used in standard matching and is only
* used to separate pairs.
*/
static
inline
unsigned
int
aa_dfa_null_transition
(
struct
aa_dfa
*
dfa
,
unsigned
int
start
)
{
/* the null transition only needs the string's null terminator byte */
return
aa_dfa_next
(
dfa
,
start
,
0
);
}
static
inline
bool
mediated_filesystem
(
struct
dentry
*
dentry
)
{
return
!
(
dentry
->
d_sb
->
s_flags
&
MS_NOUSER
);
}
#endif
/* __APPARMOR_H */
security/apparmor/include/lib.h
0 → 100644
View file @
12557dcb
/*
* AppArmor security module
*
* This file contains AppArmor lib definitions
*
* 2017 Canonical Ltd.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation, version 2 of the
* License.
*/
#ifndef __AA_LIB_H
#define __AA_LIB_H
#include <linux/slab.h>
#include <linux/fs.h>
#include "match.h"
/*
* DEBUG remains global (no per profile flag) since it is mostly used in sysctl
* which is not related to profile accesses.
*/
#define AA_DEBUG(fmt, args...) \
do { \
if (aa_g_debug) \
pr_debug_ratelimited("AppArmor: " fmt, ##args); \
} while (0)
#define AA_ERROR(fmt, args...) \
pr_err_ratelimited("AppArmor: " fmt, ##args)
/* Flag indicating whether initialization completed */
extern
int
apparmor_initialized
__initdata
;
/* fn's in lib */
char
*
aa_split_fqname
(
char
*
args
,
char
**
ns_name
);
void
aa_info_message
(
const
char
*
str
);
void
*
__aa_kvmalloc
(
size_t
size
,
gfp_t
flags
);
static
inline
void
*
kvmalloc
(
size_t
size
)
{
return
__aa_kvmalloc
(
size
,
0
);
}
static
inline
void
*
kvzalloc
(
size_t
size
)
{
return
__aa_kvmalloc
(
size
,
__GFP_ZERO
);
}
/* returns 0 if kref not incremented */
static
inline
int
kref_get_not0
(
struct
kref
*
kref
)
{
return
atomic_inc_not_zero
(
&
kref
->
refcount
);
}
/**
* aa_strneq - compare null terminated @str to a non null terminated substring
* @str: a null terminated string
* @sub: a substring, not necessarily null terminated
* @len: length of @sub to compare
*
* The @str string must be full consumed for this to be considered a match
*/
static
inline
bool
aa_strneq
(
const
char
*
str
,
const
char
*
sub
,
int
len
)
{
return
!
strncmp
(
str
,
sub
,
len
)
&&
!
str
[
len
];
}
/**
* aa_dfa_null_transition - step to next state after null character
* @dfa: the dfa to match against
* @start: the state of the dfa to start matching in
*
* aa_dfa_null_transition transitions to the next state after a null
* character which is not used in standard matching and is only
* used to separate pairs.
*/
static
inline
unsigned
int
aa_dfa_null_transition
(
struct
aa_dfa
*
dfa
,
unsigned
int
start
)
{
/* the null transition only needs the string's null terminator byte */
return
aa_dfa_next
(
dfa
,
start
,
0
);
}
static
inline
bool
mediated_filesystem
(
struct
dentry
*
dentry
)
{
return
!
(
dentry
->
d_sb
->
s_flags
&
MS_NOUSER
);
}
#endif
/* AA_LIB_H */
security/apparmor/include/policy.h
View file @
12557dcb
...
...
@@ -27,6 +27,7 @@
#include "capability.h"
#include "domain.h"
#include "file.h"
#include "lib.h"
#include "resource.h"
extern
const
char
*
const
aa_profile_mode_names
[];
...
...
security/apparmor/lib.c
View file @
12557dcb
...
...
@@ -19,7 +19,7 @@
#include "include/audit.h"
#include "include/apparmor.h"
#include "include/lib.h"
/**
* aa_split_fqname - split a fqname into a profile and namespace name
...
...
security/apparmor/match.c
View file @
12557dcb
...
...
@@ -20,7 +20,7 @@
#include <linux/err.h>
#include <linux/kref.h>
#include "include/
apparmor
.h"
#include "include/
lib
.h"
#include "include/match.h"
#define base_idx(X) ((X) & 0xffffff)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment