* Returns: kernel buffer containing copy of user buffer data or an
* ERR_PTR on failure.
*/
-static struct aa_loaddata *aa_simple_write_to_buffer(int op,
+static struct aa_loaddata *aa_simple_write_to_buffer(const char *op,
const char __user *userbuf,
size_t alloc_size,
size_t copy_size,
ssize_t error;
struct aa_loaddata *data;
struct aa_profile *profile = aa_current_profile();
- int op = binop == PROF_ADD ? OP_PROF_LOAD : OP_PROF_REPL;
+ const char *op = binop == PROF_ADD ? OP_PROF_LOAD : OP_PROF_REPL;
/* high level check about policy management - fine grained in
* below after unpack
*/
#include "include/policy.h"
#include "include/policy_ns.h"
-const char *const op_table[] = {
- "null",
-
- "sysctl",
- "capable",
-
- "unlink",
- "mkdir",
- "rmdir",
- "mknod",
- "truncate",
- "link",
- "symlink",
- "rename_src",
- "rename_dest",
- "chmod",
- "chown",
- "getattr",
- "open",
-
- "file_perm",
- "file_lock",
- "file_mmap",
- "file_mprotect",
-
- "create",
- "post_create",
- "bind",
- "connect",
- "listen",
- "accept",
- "sendmsg",
- "recvmsg",
- "getsockname",
- "getpeername",
- "getsockopt",
- "setsockopt",
- "socket_shutdown",
-
- "ptrace",
-
- "exec",
- "change_hat",
- "change_profile",
- "change_onexec",
-
- "setprocattr",
- "setrlimit",
-
- "profile_replace",
- "profile_load",
- "profile_remove"
-};
const char *const audit_mode_names[] = {
"normal",
if (sa->aad->op) {
audit_log_format(ab, " operation=");
- audit_log_string(ab, op_table[sa->aad->op]);
+ audit_log_string(ab, sa->aad->op);
}
if (sa->aad->info) {
struct aa_profile *profile, *target = NULL;
struct aa_ns *ns = NULL;
struct file_perms perms = {};
- const char *name = NULL, *info = NULL;
- int op, error = 0;
+ const char *name = NULL, *info = NULL, *op;
+ int error = 0;
u32 request;
if (!hname && !ns_name)
* Returns: %0 or error on failure
*/
int aa_audit_file(struct aa_profile *profile, struct file_perms *perms,
- gfp_t gfp, int op, u32 request, const char *name,
+ gfp_t gfp, const char *op, u32 request, const char *name,
const char *target, kuid_t ouid, const char *info, int error)
{
int type = AUDIT_APPARMOR_AUTO;
*
* Returns: %0 else error if access denied or other error
*/
-int aa_path_perm(int op, struct aa_profile *profile, const struct path *path,
- int flags, u32 request, struct path_cond *cond)
+int aa_path_perm(const char *op, struct aa_profile *profile,
+ const struct path *path, int flags, u32 request,
+ struct path_cond *cond)
{
char *buffer = NULL;
struct file_perms perms = {};
*
* Returns: %0 if access allowed else error
*/
-int aa_file_perm(int op, struct aa_profile *profile, struct file *file,
+int aa_file_perm(const char *op, struct aa_profile *profile, struct file *file,
u32 request)
{
struct path_cond cond = {
AUDIT_APPARMOR_AUTO
};
-extern const char *const op_table[];
-enum aa_ops {
- OP_NULL,
-
- OP_SYSCTL,
- OP_CAPABLE,
-
- OP_UNLINK,
- OP_MKDIR,
- OP_RMDIR,
- OP_MKNOD,
- OP_TRUNC,
- OP_LINK,
- OP_SYMLINK,
- OP_RENAME_SRC,
- OP_RENAME_DEST,
- OP_CHMOD,
- OP_CHOWN,
- OP_GETATTR,
- OP_OPEN,
-
- OP_FPERM,
- OP_FLOCK,
- OP_FMMAP,
- OP_FMPROT,
-
- OP_CREATE,
- OP_POST_CREATE,
- OP_BIND,
- OP_CONNECT,
- OP_LISTEN,
- OP_ACCEPT,
- OP_SENDMSG,
- OP_RECVMSG,
- OP_GETSOCKNAME,
- OP_GETPEERNAME,
- OP_GETSOCKOPT,
- OP_SETSOCKOPT,
- OP_SOCK_SHUTDOWN,
-
- OP_PTRACE,
-
- OP_EXEC,
- OP_CHANGE_HAT,
- OP_CHANGE_PROFILE,
- OP_CHANGE_ONEXEC,
-
- OP_SETPROCATTR,
- OP_SETRLIMIT,
-
- OP_PROF_REPL,
- OP_PROF_LOAD,
- OP_PROF_RM,
-};
+#define OP_NULL NULL
+
+#define OP_SYSCTL "sysctl"
+#define OP_CAPABLE "capable"
+
+#define OP_UNLINK "unlink"
+#define OP_MKDIR "mkdir"
+#define OP_RMDIR "rmdir"
+#define OP_MKNOD "mknod"
+#define OP_TRUNC "truncate"
+#define OP_LINK "link"
+#define OP_SYMLINK "symlink"
+#define OP_RENAME_SRC "rename_src"
+#define OP_RENAME_DEST "rename_dest"
+#define OP_CHMOD "chmod"
+#define OP_CHOWN "chown"
+#define OP_GETATTR "getattr"
+#define OP_OPEN "open"
+
+#define OP_FPERM "file_perm"
+#define OP_FLOCK "file_lock"
+#define OP_FMMAP "file_mmap"
+#define OP_FMPROT "file_mprotect"
+
+#define OP_CREATE "create"
+#define OP_POST_CREATE "post_create"
+#define OP_BIND "bind"
+#define OP_CONNECT "connect"
+#define OP_LISTEN "listen"
+#define OP_ACCEPT "accept"
+#define OP_SENDMSG "sendmsg"
+#define OP_RECVMSG "recvmsg"
+#define OP_GETSOCKNAME "getsockname"
+#define OP_GETPEERNAME "getpeername"
+#define OP_GETSOCKOPT "getsockopt"
+#define OP_SETSOCKOPT "setsockopt"
+#define OP_SHUTDOWN "socket_shutdown"
+
+#define OP_PTRACE "ptrace"
+
+#define OP_EXEC "exec"
+
+#define OP_CHANGE_HAT "change_hat"
+#define OP_CHANGE_PROFILE "change_profile"
+#define OP_CHANGE_ONEXEC "change_onexec"
+
+#define OP_SETPROCATTR "setprocattr"
+#define OP_SETRLIMIT "setrlimit"
+
+#define OP_PROF_REPL "profile_replace"
+#define OP_PROF_LOAD "profile_load"
+#define OP_PROF_RM "profile_remove"
struct apparmor_audit_data {
int error;
- int op;
+ const char *op;
int type;
void *profile;
const char *name;
dfa_map_xindex((ACCEPT_TABLE(dfa)[state] >> 14) & 0x3fff)
int aa_audit_file(struct aa_profile *profile, struct file_perms *perms,
- gfp_t gfp, int op, u32 request, const char *name,
+ gfp_t gfp, const char *op, u32 request, const char *name,
const char *target, kuid_t ouid, const char *info, int error);
/**
const char *name, struct path_cond *cond,
struct file_perms *perms);
-int aa_path_perm(int op, struct aa_profile *profile, const struct path *path,
- int flags, u32 request, struct path_cond *cond);
+int aa_path_perm(const char *op, struct aa_profile *profile,
+ const struct path *path, int flags, u32 request,
+ struct path_cond *cond);
int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
const struct path *new_dir, struct dentry *new_dentry);
-int aa_file_perm(int op, struct aa_profile *profile, struct file *file,
+int aa_file_perm(const char *op, struct aa_profile *profile, struct file *file,
u32 request);
static inline void aa_free_file_rules(struct aa_file_rules *rules)
bool policy_view_capable(struct aa_ns *ns);
bool policy_admin_capable(struct aa_ns *ns);
-int aa_may_manage_policy(struct aa_profile *profile, struct aa_ns *ns, int op);
+int aa_may_manage_policy(struct aa_profile *profile, struct aa_ns *ns,
+ const char *op);
#endif /* __AA_POLICY_H */
*
* Returns: %0 else error code if error or permission denied
*/
-static int common_perm(int op, const struct path *path, u32 mask,
+static int common_perm(const char *op, const struct path *path, u32 mask,
struct path_cond *cond)
{
struct aa_profile *profile;
*
* Returns: %0 else error code if error or permission denied
*/
-static int common_perm_dir_dentry(int op, const struct path *dir,
+static int common_perm_dir_dentry(const char *op, const struct path *dir,
struct dentry *dentry, u32 mask,
struct path_cond *cond)
{
*
* Returns: %0 else error code if error or permission denied
*/
-static inline int common_perm_path(int op, const struct path *path, u32 mask)
+static inline int common_perm_path(const char *op, const struct path *path,
+ u32 mask)
{
struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
d_backing_inode(path->dentry)->i_mode
*
* Returns: %0 else error code if error or permission denied
*/
-static int common_perm_rm(int op, const struct path *dir,
+static int common_perm_rm(const char *op, const struct path *dir,
struct dentry *dentry, u32 mask)
{
struct inode *inode = d_backing_inode(dentry);
*
* Returns: %0 else error code if error or permission denied
*/
-static int common_perm_create(int op, const struct path *dir,
+static int common_perm_create(const char *op, const struct path *dir,
struct dentry *dentry, u32 mask, umode_t mode)
{
struct path_cond cond = { current_fsuid(), mode };
aa_free_file_context(ctx);
}
-static int common_file_perm(int op, struct file *file, u32 mask)
+static int common_file_perm(const char *op, struct file *file, u32 mask)
{
struct aa_file_ctx *fctx = file->f_security;
struct aa_profile *profile, *fprofile = aa_cred_profile(file->f_cred);
return common_file_perm(OP_FLOCK, file, mask);
}
-static int common_mmap(int op, struct file *file, unsigned long prot,
+static int common_mmap(const char *op, struct file *file, unsigned long prot,
unsigned long flags)
{
int mask = 0;
*
* Returns: the error to be returned after audit is done
*/
-static int audit_policy(struct aa_profile *profile, int op, gfp_t gfp,
+static int audit_policy(struct aa_profile *profile, const char *op, gfp_t gfp,
const char *nsname, const char *name,
const char *info, int error)
{
*
* Returns: 0 if the task is allowed to manipulate policy else error
*/
-int aa_may_manage_policy(struct aa_profile *profile, struct aa_ns *ns, int op)
+int aa_may_manage_policy(struct aa_profile *profile, struct aa_ns *ns,
+ const char *op)
{
/* check if loading policy is locked out */
if (aa_g_lock_policy)
const char *ns_name, *info = NULL;
struct aa_ns *ns = NULL;
struct aa_load_ent *ent, *tmp;
- int op = OP_PROF_REPL;
+ const char *op = OP_PROF_REPL;
ssize_t count, error;
LIST_HEAD(lh);
*
* Returns: start position of name after token else NULL on failure
*/
-static char *split_token_from_name(int op, char *args, u64 * token)
+static char *split_token_from_name(const char *op, char *args, u64 *token)
{
char *name;
*token = simple_strtoull(args, &name, 16);
if ((name == args) || *name != '^') {
- AA_ERROR("%s: Invalid input '%s'", op_table[op], args);
+ AA_ERROR("%s: Invalid input '%s'", op, args);
return ERR_PTR(-EINVAL);
}
git.samba.org / sfrench / cifs-2.6.git / commitdiff