^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) /* SPDX-License-Identifier: GPL-2.0-only */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * AppArmor security module
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * This file contains AppArmor task related definitions and mediation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * Copyright 2017 Canonical Ltd.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #ifndef __AA_TASK_H
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #define __AA_TASK_H
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) static inline struct aa_task_ctx *task_ctx(struct task_struct *task)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) return task->security + apparmor_blob_sizes.lbs_task;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) * struct aa_task_ctx - information for current task label change
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) * @nnp: snapshot of label at time of no_new_privs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) * @onexec: profile to transition to on next exec (MAY BE NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) * @previous: profile the task may return to (MAY BE NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) * @token: magic value the task must know for returning to @previous_profile
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) struct aa_task_ctx {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) struct aa_label *nnp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) struct aa_label *onexec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) struct aa_label *previous;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) u64 token;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) int aa_replace_current_label(struct aa_label *label);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) int aa_set_current_onexec(struct aa_label *label, bool stack);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) int aa_set_current_hat(struct aa_label *label, u64 token);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) int aa_restore_previous_label(u64 cookie);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) struct aa_label *aa_get_task_label(struct task_struct *task);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) * aa_free_task_ctx - free a task_ctx
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) * @ctx: task_ctx to free (MAYBE NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) static inline void aa_free_task_ctx(struct aa_task_ctx *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) if (ctx) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) aa_put_label(ctx->nnp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) aa_put_label(ctx->previous);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) aa_put_label(ctx->onexec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) * aa_dup_task_ctx - duplicate a task context, incrementing reference counts
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) * @new: a blank task context (NOT NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) * @old: the task context to copy (NOT NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) static inline void aa_dup_task_ctx(struct aa_task_ctx *new,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) const struct aa_task_ctx *old)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) *new = *old;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) aa_get_label(new->nnp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) aa_get_label(new->previous);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) aa_get_label(new->onexec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) * aa_clear_task_ctx_trans - clear transition tracking info from the ctx
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) * @ctx: task context to clear (NOT NULL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) static inline void aa_clear_task_ctx_trans(struct aa_task_ctx *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) AA_BUG(!ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) aa_put_label(ctx->previous);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) aa_put_label(ctx->onexec);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) ctx->previous = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) ctx->onexec = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) ctx->token = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) #endif /* __AA_TASK_H */
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags