security/apparmor/include/lib.h
Source file repositories/reference/linux-study-clean/security/apparmor/include/lib.h
File Facts
- System
- Linux kernel
- Corpus path
security/apparmor/include/lib.h- Extension
.h- Size
- 9551 bytes
- Lines
- 361
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Uses kernel synchronization; read lock ordering, sleepability, and interrupt context assumptions before translating.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/slab.hlinux/fs.hlinux/lsm_hooks.hmatch.h
Detected Declarations
struct aa_common_refstruct aa_str_table_entstruct aa_str_tablestruct counted_strstruct aa_policyenum reftypefunction aa_strneqfunction aa_dfa_null_transitionfunction path_mediated_fsfunction aa_put_strfunction list_for_each_entry_rcufunction list_for_each_entry_rcufunction label_for_each
Annotated Snippet
struct aa_common_ref {
struct kref count;
enum reftype reftype;
};
/**
* aa_strneq - compare null terminated @str to a non null terminated substring
* @str: a null terminated string
* @sub: a substring, not necessarily null terminated
* @len: length of @sub to compare
*
* The @str string must be full consumed for this to be considered a match
*/
static inline bool aa_strneq(const char *str, const char *sub, int len)
{
return !strncmp(str, sub, len) && !str[len];
}
/**
* aa_dfa_null_transition - step to next state after null character
* @dfa: the dfa to match against
* @start: the state of the dfa to start matching in
*
* aa_dfa_null_transition transitions to the next state after a null
* character which is not used in standard matching and is only
* used to separate pairs.
*/
static inline aa_state_t aa_dfa_null_transition(struct aa_dfa *dfa,
aa_state_t start)
{
/* the null transition only needs the string's null terminator byte */
return aa_dfa_next(dfa, start, 0);
}
static inline bool path_mediated_fs(struct dentry *dentry)
{
return !(dentry->d_sb->s_flags & SB_NOUSER);
}
struct aa_str_table_ent {
int count;
int size;
char *strs;
};
struct aa_str_table {
int size;
struct aa_str_table_ent *table;
};
bool aa_resize_str_table(struct aa_str_table *t, int newsize, gfp_t gfp);
void aa_destroy_str_table(struct aa_str_table *table);
struct counted_str {
struct kref count;
char name[];
};
#define str_to_counted(str) \
((struct counted_str *)(str - offsetof(struct counted_str, name)))
#define __counted /* atm just a notation */
void aa_str_kref(struct kref *kref);
char *aa_str_alloc(int size, gfp_t gfp);
static inline __counted char *aa_get_str(__counted char *str)
{
if (str)
kref_get(&(str_to_counted(str)->count));
return str;
}
static inline void aa_put_str(__counted char *str)
{
if (str)
kref_put(&str_to_counted(str)->count, aa_str_kref);
}
/* struct aa_policy - common part of both namespaces and profiles
* @name: name of the object
* @hname - The hierarchical name
* @list: list policy object is on
* @profiles: head of the profiles list contained in the object
*/
struct aa_policy {
const char *name;
Annotation
- Immediate include surface: `linux/slab.h`, `linux/fs.h`, `linux/lsm_hooks.h`, `match.h`.
- Detected declarations: `struct aa_common_ref`, `struct aa_str_table_ent`, `struct aa_str_table`, `struct counted_str`, `struct aa_policy`, `enum reftype`, `function aa_strneq`, `function aa_dfa_null_transition`, `function path_mediated_fs`, `function aa_put_str`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: source implementation candidate.
- Synchronization appears in or near this file; preserve lock ordering, sleepability, and interrupt-context constraints.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.