From fc7e0b26b8d26e680bb2f252e9521385e0092e4c Mon Sep 17 00:00:00 2001 From: John Johansen Date: Fri, 26 May 2017 01:57:09 -0700 Subject: [PATCH] apparmor: move permissions into their own file to be more easily shared Signed-off-by: John Johansen --- security/apparmor/include/file.h | 20 +-------------- security/apparmor/include/perms.h | 40 ++++++++++++++++++++++++++++++ security/apparmor/include/policy.h | 1 + security/apparmor/lib.c | 1 + 4 files changed, 43 insertions(+), 19 deletions(-) create mode 100644 security/apparmor/include/perms.h diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h index eba39cb25f02..a75e4872053a 100644 --- a/security/apparmor/include/file.h +++ b/security/apparmor/include/file.h @@ -17,29 +17,11 @@ #include "domain.h" #include "match.h" +#include "perms.h" struct aa_profile; struct path; -/* - * We use MAY_EXEC, MAY_WRITE, MAY_READ, MAY_APPEND and the following flags - * for profile permissions - */ -#define AA_MAY_CREATE 0x0010 -#define AA_MAY_DELETE 0x0020 -#define AA_MAY_META_WRITE 0x0040 -#define AA_MAY_META_READ 0x0080 - -#define AA_MAY_CHMOD 0x0100 -#define AA_MAY_CHOWN 0x0200 -#define AA_MAY_LOCK 0x0400 -#define AA_EXEC_MMAP 0x0800 - -#define AA_MAY_LINK 0x1000 -#define AA_LINK_SUBSET AA_MAY_LOCK /* overlaid */ -#define AA_MAY_ONEXEC 0x40000000 /* exec allows onexec */ -#define AA_MAY_CHANGE_PROFILE 0x80000000 -#define AA_MAY_CHANGEHAT 0x80000000 /* ctrl auditing only */ #define AA_AUDIT_FILE_MASK (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND |\ AA_MAY_CREATE | AA_MAY_DELETE | \ diff --git a/security/apparmor/include/perms.h b/security/apparmor/include/perms.h new file mode 100644 index 000000000000..4a65755a2dc0 --- /dev/null +++ b/security/apparmor/include/perms.h @@ -0,0 +1,40 @@ +/* + * AppArmor security module + * + * This file contains AppArmor basic permission sets definitions. + * + * Copyright 2017 Canonical Ltd. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, version 2 of the + * License. + */ + +#ifndef __AA_PERM_H +#define __AA_PERM_H + +#include + +/* + * We use MAY_EXEC, MAY_WRITE, MAY_READ, MAY_APPEND and the following flags + * for profile permissions + */ +#define AA_MAY_CREATE 0x0010 +#define AA_MAY_DELETE 0x0020 +#define AA_MAY_META_WRITE 0x0040 +#define AA_MAY_META_READ 0x0080 + +#define AA_MAY_CHMOD 0x0100 +#define AA_MAY_CHOWN 0x0200 +#define AA_MAY_LOCK 0x0400 +#define AA_EXEC_MMAP 0x0800 + +#define AA_MAY_LINK 0x1000 +#define AA_LINK_SUBSET AA_MAY_LOCK /* overlaid */ +#define AA_MAY_ONEXEC 0x40000000 /* exec allows onexec */ +#define AA_MAY_CHANGE_PROFILE 0x80000000 +#define AA_MAY_CHANGEHAT 0x80000000 /* ctrl auditing only */ + + +#endif /* __AA_PERM_H */ diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h index dffa01c018c8..0f87f70287ad 100644 --- a/security/apparmor/include/policy.h +++ b/security/apparmor/include/policy.h @@ -29,6 +29,7 @@ #include "domain.h" #include "file.h" #include "lib.h" +#include "perms.h" #include "resource.h" diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c index 864b2fa45852..90eb14c9e0cf 100644 --- a/security/apparmor/lib.c +++ b/security/apparmor/lib.c @@ -21,6 +21,7 @@ #include "include/audit.h" #include "include/apparmor.h" #include "include/lib.h" +#include "include/perms.h" #include "include/policy.h" /**