首页 发现 帮助
登录
GfA
/
linux_kernel
5
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
分支: master
分支列表 标签列表
linux_kernel
/
security
/
apparmor
/
include
/
task.h

task.h 2.4 KB
永久链接 文件历史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394 
  1. /*
    2. 

  2.  * AppArmor security module
    3. 

  3.  *
    4. 

  4.  * This file contains AppArmor task related definitions and mediation
    5. 

  5.  *
    6. 

  6.  * Copyright 2017 Canonical Ltd.
    7. 

  7.  *
    8. 

  8.  * This program is free software; you can redistribute it and/or
    9. 

  9.  * modify it under the terms of the GNU General Public License as
    10. 

  10.  * published by the Free Software Foundation, version 2 of the
    11. 

  11.  * License.
    12. 

  12.  */
    13. 

  13. 

  14. #ifndef __AA_TASK_H
    15. 

  15. #define __AA_TASK_H
    16. 

  16. 

  17. #define task_ctx(X) ((X)->security)
    18. 

  18. 

  19. /*
    20. 

  20.  * struct aa_task_ctx - information for current task label change
    21. 

  21.  * @nnp: snapshot of label at time of no_new_privs
    22. 

  22.  * @onexec: profile to transition to on next exec  (MAY BE NULL)
    23. 

  23.  * @previous: profile the task may return to     (MAY BE NULL)
    24. 

  24.  * @token: magic value the task must know for returning to @previous_profile
    25. 

  25.  */
    26. 

  26. struct aa_task_ctx {
    27. 

  27. 	struct aa_label *nnp;
    28. 

  28. 	struct aa_label *onexec;
    29. 

  29. 	struct aa_label *previous;
    30. 

  30. 	u64 token;
    31. 

  31. };
    32. 

  32. 

  33. int aa_replace_current_label(struct aa_label *label);
    34. 

  34. int aa_set_current_onexec(struct aa_label *label, bool stack);
    35. 

  35. int aa_set_current_hat(struct aa_label *label, u64 token);
    36. 

  36. int aa_restore_previous_label(u64 cookie);
    37. 

  37. struct aa_label *aa_get_task_label(struct task_struct *task);
    38. 

  38. 

  39. /**
    40. 

  40.  * aa_alloc_task_ctx - allocate a new task_ctx
    41. 

  41.  * @flags: gfp flags for allocation
    42. 

  42.  *
    43. 

  43.  * Returns: allocated buffer or NULL on failure
    44. 

  44.  */
    45. 

  45. static inline struct aa_task_ctx *aa_alloc_task_ctx(gfp_t flags)
    46. 

  46. {
    47. 

  47. 	return kzalloc(sizeof(struct aa_task_ctx), flags);
    48. 

  48. }
    49. 

  49. 

  50. /**
    51. 

  51.  * aa_free_task_ctx - free a task_ctx
    52. 

  52.  * @ctx: task_ctx to free (MAYBE NULL)
    53. 

  53.  */
    54. 

  54. static inline void aa_free_task_ctx(struct aa_task_ctx *ctx)
    55. 

  55. {
    56. 

  56. 	if (ctx) {
    57. 

  57. 		aa_put_label(ctx->nnp);
    58. 

  58. 		aa_put_label(ctx->previous);
    59. 

  59. 		aa_put_label(ctx->onexec);
    60. 

  60. 

  61. 		kzfree(ctx);
    62. 

  62. 	}
    63. 

  63. }
    64. 

  64. 

  65. /**
    66. 

  66.  * aa_dup_task_ctx - duplicate a task context, incrementing reference counts
    67. 

  67.  * @new: a blank task context      (NOT NULL)
    68. 

  68.  * @old: the task context to copy  (NOT NULL)
    69. 

  69.  */
    70. 

  70. static inline void aa_dup_task_ctx(struct aa_task_ctx *new,
    71. 

  71. 				   const struct aa_task_ctx *old)
    72. 

  72. {
    73. 

  73. 	*new = *old;
    74. 

  74. 	aa_get_label(new->nnp);
    75. 

  75. 	aa_get_label(new->previous);
    76. 

  76. 	aa_get_label(new->onexec);
    77. 

  77. }
    78. 

  78. 

  79. /**
    80. 

  80.  * aa_clear_task_ctx_trans - clear transition tracking info from the ctx
    81. 

  81.  * @ctx: task context to clear (NOT NULL)
    82. 

  82.  */
    83. 

  83. static inline void aa_clear_task_ctx_trans(struct aa_task_ctx *ctx)
    84. 

  84. {
    85. 

  85. 	AA_BUG(!ctx);
    86. 

  86. 

  87. 	aa_put_label(ctx->previous);
    88. 

  88. 	aa_put_label(ctx->onexec);
    89. 

  89. 	ctx->previous = NULL;
    90. 

  90. 	ctx->onexec = NULL;
    91. 

  91. 	ctx->token = 0;
    92. 

  92. }
    93. 

  93. 

  94. #endif /* __AA_TASK_H */
    95.