1
2
3
4
5
6
7
8
9
10
11
12
13
14
15#ifndef __APPARMOR_H
16#define __APPARMOR_H
17
18#include <linux/slab.h>
19#include <linux/fs.h>
20
21#include "match.h"
22
23
24
25
26#define AA_CLASS_ENTRY 0
27#define AA_CLASS_UNKNOWN 1
28#define AA_CLASS_FILE 2
29#define AA_CLASS_CAP 3
30#define AA_CLASS_NET 4
31#define AA_CLASS_RLIMITS 5
32#define AA_CLASS_DOMAIN 6
33
34#define AA_CLASS_LAST AA_CLASS_DOMAIN
35
36
37extern enum audit_mode aa_g_audit;
38extern bool aa_g_audit_header;
39extern bool aa_g_debug;
40extern bool aa_g_lock_policy;
41extern bool aa_g_logsyscall;
42extern bool aa_g_paranoid_load;
43extern unsigned int aa_g_path_max;
44
45
46
47
48
49
50#define AA_DEBUG(fmt, args...) \
51 do { \
52 if (aa_g_debug && printk_ratelimit()) \
53 printk(KERN_DEBUG "AppArmor: " fmt, ##args); \
54 } while (0)
55
56#define AA_ERROR(fmt, args...) \
57 do { \
58 if (printk_ratelimit()) \
59 printk(KERN_ERR "AppArmor: " fmt, ##args); \
60 } while (0)
61
62
63extern int apparmor_initialized __initdata;
64
65
66char *aa_split_fqname(char *args, char **ns_name);
67void aa_info_message(const char *str);
68void *__aa_kvmalloc(size_t size, gfp_t flags);
69void kvfree(void *buffer);
70
71static inline void *kvmalloc(size_t size)
72{
73 return __aa_kvmalloc(size, 0);
74}
75
76static inline void *kvzalloc(size_t size)
77{
78 return __aa_kvmalloc(size, __GFP_ZERO);
79}
80
81
82
83
84
85
86
87
88
89static inline bool aa_strneq(const char *str, const char *sub, int len)
90{
91 return !strncmp(str, sub, len) && !str[len];
92}
93
94
95
96
97
98
99
100
101
102
103static inline unsigned int aa_dfa_null_transition(struct aa_dfa *dfa,
104 unsigned int start)
105{
106
107 return aa_dfa_next(dfa, start, 0);
108}
109
110static inline bool mediated_filesystem(struct inode *inode)
111{
112 return !(inode->i_sb->s_flags & MS_NOUSER);
113}
114
115#endif
116