mirror_ubuntu-kernels/security/apparmor/include/ipc.h

/* SPDX-License-Identifier: GPL-2.0-only */
/*
 * AppArmor security module
 *
 * This file contains AppArmor ipc mediation function definitions.
 *
 * Copyright (C) 1998-2008 Novell/SUSE
 * Copyright 2009-2017 Canonical Ltd.
 */

#ifndef __AA_IPC_H
#define __AA_IPC_H

#include <linux/msg.h>
#include <linux/sched.h>

#include "inode.h"
#include "perms.h"

#define SIGUNKNOWN 0
#define MAXMAPPED_SIG 35

struct aa_msg_sec {
	struct aa_label *label;
};

struct aa_ipc_sec {
	struct aa_label *label;
};

static inline struct aa_ipc_sec *apparmor_ipc(const struct kern_ipc_perm *ipc)
{
	return ipc->security + apparmor_blob_sizes.lbs_ipc;
}

static inline struct aa_msg_sec *apparmor_msg_msg(const struct msg_msg *msg_msg)
{
	return msg_msg->security + apparmor_blob_sizes.lbs_msg_msg;
}


static inline bool is_mqueue_sb(struct super_block *sb)
{
	if (!sb)
		pr_warn("mqueue sb == NULL\n");
	if (!sb && !sb->s_type->name)
		pr_warn("mqueue sb name == NULL\n");
	return sb && sb->s_type->name && strcmp(sb->s_type->name, "mqueue") == 0;
}

static inline bool is_mqueue_inode(struct inode *i)
{
	struct aa_inode_sec *isec;

	if (!i)
		return false;

	isec = apparmor_inode(i);
	return isec && isec->sclass == AA_CLASS_POSIX_MQUEUE;
}

int aa_may_signal(const struct cred *subj_cred, struct aa_label *sender,
		  const struct cred *target_cred, struct aa_label *target,
		  int sig);

#define AA_AUDIT_POSIX_MQUEUE_MASK (AA_MAY_WRITE | AA_MAY_READ |    \
				    AA_MAY_CREATE | AA_MAY_DELETE | \
				    AA_MAY_OPEN | AA_MAY_SETATTR |  \
				    AA_MAY_GETATTR)


int aa_profile_mqueue_perm(struct aa_profile *profile,
			   const struct path *path,
			   u32 request, char *buffer,
			   struct apparmor_audit_data *ad);

int aa_mqueue_perm(const char *op, const struct cred *subj_cred,
		   struct aa_label *label,
		   const struct path *path, u32 request);

#endif /* __AA_IPC_H */
lowlatency-hwe-6.8-next 2024-07-02 00:48:40 +03:00			`/* SPDX-License-Identifier: GPL-2.0-only */`
			`/*`
			`* AppArmor security module`
			`*`
			`* This file contains AppArmor ipc mediation function definitions.`
			`*`
			`* Copyright (C) 1998-2008 Novell/SUSE`
			`* Copyright 2009-2017 Canonical Ltd.`
			`*/`

			`#ifndef __AA_IPC_H`
			`#define __AA_IPC_H`

			`#include <linux/msg.h>`
			`#include <linux/sched.h>`

			`#include "inode.h"`
			`#include "perms.h"`

			`#define SIGUNKNOWN 0`
			`#define MAXMAPPED_SIG 35`

			`struct aa_msg_sec {`
			`struct aa_label *label;`
			`};`

			`struct aa_ipc_sec {`
			`struct aa_label *label;`
			`};`

			`static inline struct aa_ipc_sec apparmor_ipc(const struct kern_ipc_perm ipc)`
			`{`
			`return ipc->security + apparmor_blob_sizes.lbs_ipc;`
			`}`

			`static inline struct aa_msg_sec apparmor_msg_msg(const struct msg_msg msg_msg)`
			`{`
			`return msg_msg->security + apparmor_blob_sizes.lbs_msg_msg;`
			`}`


			`static inline bool is_mqueue_sb(struct super_block *sb)`
			`{`
			`if (!sb)`
			`pr_warn("mqueue sb == NULL\n");`
			`if (!sb && !sb->s_type->name)`
			`pr_warn("mqueue sb name == NULL\n");`
			`return sb && sb->s_type->name && strcmp(sb->s_type->name, "mqueue") == 0;`
			`}`

			`static inline bool is_mqueue_inode(struct inode *i)`
			`{`
			`struct aa_inode_sec *isec;`

			`if (!i)`
			`return false;`

			`isec = apparmor_inode(i);`
			`return isec && isec->sclass == AA_CLASS_POSIX_MQUEUE;`
			`}`

			`int aa_may_signal(const struct cred subj_cred, struct aa_label sender,`
			`const struct cred target_cred, struct aa_label target,`
			`int sig);`

			`#define AA_AUDIT_POSIX_MQUEUE_MASK (AA_MAY_WRITE \| AA_MAY_READ \| \`
			`AA_MAY_CREATE \| AA_MAY_DELETE \| \`
			`AA_MAY_OPEN \| AA_MAY_SETATTR \| \`
			`AA_MAY_GETATTR)`


			`int aa_profile_mqueue_perm(struct aa_profile *profile,`
			`const struct path *path,`
			`u32 request, char *buffer,`
			`struct apparmor_audit_data *ad);`

			`int aa_mqueue_perm(const char op, const struct cred subj_cred,`
			`struct aa_label *label,`
			`const struct path *path, u32 request);`

			`#endif /* __AA_IPC_H */`