/* SPDX-License-Identifier: GPL-2.0-only */ /* * AppArmor security module * * This file contains AppArmor network mediation definitions. * * Copyright (C) 1998-2008 Novell/SUSE * Copyright 2009-2017 Canonical Ltd. */ #ifndef __AA_NET_H #define __AA_NET_H #include <net/sock.h> #include <linux/path.h> #include "apparmorfs.h" #include "label.h" #include "perms.h" #include "policy.h" #define AA_MAY_SEND … #define AA_MAY_RECEIVE … #define AA_MAY_SHUTDOWN … #define AA_MAY_CONNECT … #define AA_MAY_ACCEPT … #define AA_MAY_BIND … #define AA_MAY_LISTEN … #define AA_MAY_SETOPT … #define AA_MAY_GETOPT … #define NET_PERMS_MASK … #define NET_FS_PERMS … #define NET_PEER_MASK … struct aa_sk_ctx { … }; static inline struct aa_sk_ctx *aa_sock(const struct sock *sk) { … } #define DEFINE_AUDIT_NET(NAME, OP, SK, F, T, P) … #define DEFINE_AUDIT_SK(NAME, OP, SK) … #define af_select(FAMILY, FN, DEF_FN) … struct aa_secmark { … }; extern struct aa_sfs_entry aa_sfs_entry_network[]; void audit_net_cb(struct audit_buffer *ab, void *va); int aa_profile_af_perm(struct aa_profile *profile, struct apparmor_audit_data *ad, u32 request, u16 family, int type); int aa_af_perm(const struct cred *subj_cred, struct aa_label *label, const char *op, u32 request, u16 family, int type, int protocol); static inline int aa_profile_af_sk_perm(struct aa_profile *profile, struct apparmor_audit_data *ad, u32 request, struct sock *sk) { … } int aa_sk_perm(const char *op, u32 request, struct sock *sk); int aa_sock_file_perm(const struct cred *subj_cred, struct aa_label *label, const char *op, u32 request, struct socket *sock); int apparmor_secmark_check(struct aa_label *label, char *op, u32 request, u32 secid, const struct sock *sk); #endif /* __AA_NET_H */
Codebase Browser
linux