1
2
3
4
5
6
7
8
9
10
11#ifndef __AA_NAMESPACE_H
12#define __AA_NAMESPACE_H
13
14#include <linux/kref.h>
15
16#include "apparmor.h"
17#include "apparmorfs.h"
18#include "label.h"
19#include "policy.h"
20
21
22
23
24
25
26
27
28struct aa_ns_acct {
29 int max_size;
30 int max_count;
31 int size;
32 int count;
33};
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58struct aa_ns {
59 struct aa_policy base;
60 struct aa_ns *parent;
61 struct mutex lock;
62 struct aa_ns_acct acct;
63 struct aa_profile *unconfined;
64 struct list_head sub_ns;
65 atomic_t uniq_null;
66 long uniq_id;
67 int level;
68 long revision;
69 wait_queue_head_t wait;
70
71 struct aa_labelset labels;
72 struct list_head rawdata_list;
73
74 struct dentry *dents[AAFS_NS_SIZEOF];
75};
76
77extern struct aa_ns *root_ns;
78
79extern const char *aa_hidden_ns_name;
80
81#define ns_unconfined(NS) (&(NS)->unconfined->label)
82
83bool aa_ns_visible(struct aa_ns *curr, struct aa_ns *view, bool subns);
84const char *aa_ns_name(struct aa_ns *parent, struct aa_ns *child, bool subns);
85void aa_free_ns(struct aa_ns *ns);
86int aa_alloc_root_ns(void);
87void aa_free_root_ns(void);
88void aa_free_ns_kref(struct kref *kref);
89
90struct aa_ns *aa_find_ns(struct aa_ns *root, const char *name);
91struct aa_ns *aa_findn_ns(struct aa_ns *root, const char *name, size_t n);
92struct aa_ns *__aa_lookupn_ns(struct aa_ns *view, const char *hname, size_t n);
93struct aa_ns *aa_lookupn_ns(struct aa_ns *view, const char *name, size_t n);
94struct aa_ns *__aa_find_or_create_ns(struct aa_ns *parent, const char *name,
95 struct dentry *dir);
96struct aa_ns *aa_prepare_ns(struct aa_ns *root, const char *name);
97void __aa_remove_ns(struct aa_ns *ns);
98
99static inline struct aa_profile *aa_deref_parent(struct aa_profile *p)
100{
101 return rcu_dereference_protected(p->parent,
102 mutex_is_locked(&p->ns->lock));
103}
104
105
106
107
108
109
110
111
112static inline struct aa_ns *aa_get_ns(struct aa_ns *ns)
113{
114 if (ns)
115 aa_get_profile(ns->unconfined);
116
117 return ns;
118}
119
120
121
122
123
124
125
126static inline void aa_put_ns(struct aa_ns *ns)
127{
128 if (ns)
129 aa_put_profile(ns->unconfined);
130}
131
132
133
134
135
136
137
138
139
140
141static inline struct aa_ns *__aa_findn_ns(struct list_head *head,
142 const char *name, size_t n)
143{
144 return (struct aa_ns *)__policy_strn_find(head, name, n);
145}
146
147static inline struct aa_ns *__aa_find_ns(struct list_head *head,
148 const char *name)
149{
150 return __aa_findn_ns(head, name, strlen(name));
151}
152
153static inline struct aa_ns *__aa_lookup_ns(struct aa_ns *base,
154 const char *hname)
155{
156 return __aa_lookupn_ns(base, hname, strlen(hname));
157}
158
159static inline struct aa_ns *aa_lookup_ns(struct aa_ns *view, const char *name)
160{
161 return aa_lookupn_ns(view, name, strlen(name));
162}
163
164#endif
165