diff options
author | John Johansen <john.johansen@canonical.com> | 2017-05-29 12:19:39 -0700 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2017-06-10 17:11:30 -0700 |
commit | 2d679f3cb0eaa6afa0dc97fe6ad3b797e1c1899a (patch) | |
tree | ca5d91a2a68e4354e55115fec21c8dc952440e0e /security/apparmor/include | |
parent | aa9aeea8d4c3dfb9297723c4340671ef88e372d3 (diff) |
apparmor: switch from file_perms to aa_perms
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/include')
-rw-r--r-- | security/apparmor/include/file.h | 25 | ||||
-rw-r--r-- | security/apparmor/include/perms.h | 2 |
2 files changed, 5 insertions, 22 deletions
diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h index fb3642a94e3d..365ca7ead133 100644 --- a/security/apparmor/include/file.h +++ b/security/apparmor/include/file.h @@ -90,25 +90,6 @@ struct path_cond { umode_t mode; }; -/* struct file_perms - file permission - * @allow: mask of permissions that are allowed - * @audit: mask of permissions to force an audit message for - * @quiet: mask of permissions to quiet audit messages for - * @kill: mask of permissions that when matched will kill the task - * @xindex: exec transition index if @allow contains MAY_EXEC - * - * The @audit and @queit mask should be mutually exclusive. - */ -struct file_perms { - u32 allow; - u32 audit; - u32 quiet; - u32 kill; - u16 xindex; -}; - -extern struct file_perms nullperms; - #define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill) /* FIXME: split perms from dfa and match this to description @@ -159,7 +140,7 @@ static inline u16 dfa_map_xindex(u16 mask) #define dfa_other_xindex(dfa, state) \ dfa_map_xindex((ACCEPT_TABLE(dfa)[state] >> 14) & 0x3fff) -int aa_audit_file(struct aa_profile *profile, struct file_perms *perms, +int aa_audit_file(struct aa_profile *profile, struct aa_perms *perms, const char *op, u32 request, const char *name, const char *target, kuid_t ouid, const char *info, int error); @@ -182,9 +163,11 @@ struct aa_file_rules { /* TODO: add delegate table */ }; +struct aa_perms aa_compute_fperms(struct aa_dfa *dfa, unsigned int state, + struct path_cond *cond); unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start, const char *name, struct path_cond *cond, - struct file_perms *perms); + struct aa_perms *perms); int aa_path_perm(const char *op, struct aa_profile *profile, const struct path *path, int flags, u32 request, diff --git a/security/apparmor/include/perms.h b/security/apparmor/include/perms.h index 6ef23212bd66..82946fb81f91 100644 --- a/security/apparmor/include/perms.h +++ b/security/apparmor/include/perms.h @@ -88,7 +88,7 @@ struct aa_perms { }; #define ALL_PERMS_MASK 0xffffffff - +extern struct aa_perms nullperms; extern struct aa_perms allperms; struct aa_profile; |