security/apparmor/include/policy.h

Source file repositories/reference/linux-study-clean/security/apparmor/include/policy.h

File Facts

System
Linux kernel
Corpus path
security/apparmor/include/policy.h
Extension
.h
Size
12792 bytes
Lines
451
Domain
Core OS
Bucket
Security And Isolation
Inferred role
Core OS: implementation source
Status
source implementation candidate

Why This File Exists

Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.

Dependency Surface

Detected Declarations

Annotated Snippet

struct aa_tags_header {
	u32 mask;	/* bit mask matching permissions */
	u32 count;	/* number of strings per entry */
	u32 size;	/* size of all strings covered by count */
	u32 tags;	/* index into string table */
};

struct aa_tags_struct {
	struct {
		u32 size;		/* number of entries in tagsets */
		u32 *table;		/* indexes into headers & strs */
	} sets;
	struct {
		u32 size;		/* number of headers == num of strs */
		struct aa_tags_header *table;
	} hdrs;
	struct aa_str_table strs;
};

/* struct aa_policydb - match engine for a policy
 * @count: refcount for the pdb
 * @dfa: dfa pattern match
 * @perms: table of permissions
 * @size: number of entries in @perms
 * @trans: table of strings, index by x
 * @tags: table of tags that perms->tag indexes
 * @start:_states to start in for each class
 * start: set of start states for the different classes of data
 */
struct aa_policydb {
	struct kref count;
	struct aa_dfa *dfa;
	struct {
		struct aa_perms *perms;
		u32 size;
	};
	struct aa_str_table trans;
	struct aa_tags_struct tags;
	aa_state_t start[AA_CLASS_LAST + 1];
};

extern struct aa_policydb *nullpdb;

void aa_destroy_tags(struct aa_tags_struct *tags);
struct aa_policydb *aa_alloc_pdb(gfp_t gfp);
void aa_pdb_free_kref(struct kref *kref);

/**
 * aa_get_pdb - increment refcount on @pdb
 * @pdb: policydb  (MAYBE NULL)
 *
 * Returns: pointer to @pdb if @pdb is NULL will return NULL
 * Requires: @pdb must be held with valid refcount when called
 */
static inline struct aa_policydb *aa_get_pdb(struct aa_policydb *pdb)
{
	if (pdb)
		kref_get(&(pdb->count));

	return pdb;
}

/**
 * aa_put_pdb - put a pdb refcount
 * @pdb: pdb to put refcount   (MAYBE NULL)
 *
 * Requires: if @pdb != NULL that a valid refcount be held
 */
static inline void aa_put_pdb(struct aa_policydb *pdb)
{
	if (pdb)
		kref_put(&pdb->count, aa_pdb_free_kref);
}

/* lookup perm that doesn't have and object conditional */
static inline struct aa_perms *aa_lookup_perms(struct aa_policydb *policy,
					       aa_state_t state)
{
	unsigned int index = ACCEPT_TABLE(policy->dfa)[state];

	if (!(policy->perms))
		return &default_perms;

	return &(policy->perms[index]);
}

/* struct aa_data - generic data structure
 * key: name for retrieving this data
 * size: size of data in bytes
 * data: binary data

Annotation

Implementation Notes