apparmor/libraries/libapparmor/src/apparmor.h

/*
 * Copyright (c) 2003-2008 Novell, Inc. (All rights reserved)
 * Copyright 2009-2010 Canonical Ltd.
 *
 * The libapparmor library is licensed under the terms of the GNU
 * Lesser General Public License, version 2.1. Please see the file
 * COPYING.LGPL.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

#ifndef _SYS_APPARMOR_H_
#define _SYS_APPARMOR_H	1

#include <sys/types.h>

__BEGIN_DECLS

/* Prototypes for apparmor state queries */
extern int aa_is_enabled(void);
extern int aa_find_mountpoint(char **mnt);

/* Prototypes for self directed domain transitions
 * see <http://apparmor.net>
 * Please see the change_hat(2) manpage for information.
 */

#define change_hat(X, Y) aa_change_hat((X), (Y))
extern int (change_hat)(const char *subprofile, unsigned int magic_token);
extern int aa_change_hat(const char *subprofile, unsigned long magic_token);
extern int aa_change_profile(const char *profile);
extern int aa_change_onexec(const char *profile);

extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
extern int (aa_change_hat_vargs)(unsigned long token, int count, ...);

/* Protypes for introspecting task confinement
 * Please see the aa_getcon(2) manpage for information
 */
extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
			      char **mode);
extern int aa_getprocattr(pid_t tid, const char *attr, char **buf, char **mode);
extern int aa_gettaskcon(pid_t target, char **con, char **mode);
extern int aa_getcon(char **con, char **mode);
extern int aa_getpeercon_raw(int fd, char *buffer, int *size);
extern int aa_getpeercon(int fd, char **con);

#define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y)
#define __macroarg_count1(Y...) __macroarg_count2 (Y, 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0)
#define __macroarg_count2(_,x0,x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,x14,x15,n,Y...) n

/**
 * change_hat_vargs - a wrapper macro for change_hat_vargs
 * @T: the magic token
 * @X...: the parameter list of hats being passed
 *
 * The change_hat_vargs macro makes it so the caller doesn't have to
 * specify the number of hats passed as parameters to the change_hat_vargs
 * fn.
 *
 * eg.
 * change_hat_vargs(10, hat1, hat2, hat3, hat4);
 * expandes to
 * (change_hat_vargs)(10, 4, hat1, hat2, hat3, hat4);
 *
 * to call change_hat_vargs direction do
 * (change_hat_vargs)(token, nhats, hat1, hat2...)
 */
#define aa_change_hat_vargs(T, X...) \
	(aa_change_hat_vargs)(T, __macroarg_counter(X), X)

__END_DECLS

#endif	/* sys/apparmor.h */
as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00			`/*`
Update licencing in libapparmor Signed-off-by: John Johansen <john.johansen@canonical.com> 2011-02-22 03:51:16 -08:00			`* Copyright (c) 2003-2008 Novell, Inc. (All rights reserved)`
			`* Copyright 2009-2010 Canonical Ltd.`
			`*`
			`* The libapparmor library is licensed under the terms of the GNU`
			`* Lesser General Public License, version 2.1. Please see the file`
			`* COPYING.LGPL.`
			`*`
libraries/libapparmor/: more license cleanups, adjust my email address in the AUTHORS file. 2011-02-23 14:02:45 -08:00			`* This library is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Lesser General Public License for more details.`
			`*`
Update licencing in libapparmor Signed-off-by: John Johansen <john.johansen@canonical.com> 2011-02-22 03:51:16 -08:00			`* You should have received a copy of the GNU Lesser General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`
- Merged the library previously known as "libaalogparse" with libapparmor. - Moved the old libapparmor library to libapparmor-deprecated. 2007-07-28 15:41:04 +00:00
			`#ifndef _SYS_APPARMOR_H_`
			`#define _SYS_APPARMOR_H 1`

Fix missing pid_t dependency in apparmor.h The define for pid_t is missing in apparmor.h so that if it is included in programs that don't also include sys/types.h the compile will break. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees.cook@canonical.com> 2011-08-31 16:01:54 -07:00			`#include <sys/types.h>`

- Merged the library previously known as "libaalogparse" with libapparmor. - Moved the old libapparmor library to libapparmor-deprecated. 2007-07-28 15:41:04 +00:00			`__BEGIN_DECLS`

Library function to find the apparmorfs filesystem mount point Signed-off-by: John Johansen <john.johansen@canonical.com> 2011-08-09 06:48:17 -07:00			`/* Prototypes for apparmor state queries */`
Function to test if apparmor support is enabled. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees.cook@canonical.com> 2011-08-09 06:48:56 -07:00			`extern int aa_is_enabled(void);`
Library function to find the apparmorfs filesystem mount point Signed-off-by: John Johansen <john.johansen@canonical.com> 2011-08-09 06:48:17 -07:00			`extern int aa_find_mountpoint(char **mnt);`

Update licencing in libapparmor Signed-off-by: John Johansen <john.johansen@canonical.com> 2011-02-22 03:51:16 -08:00			`/* Prototypes for self directed domain transitions`
			`* see <http://apparmor.net>`
			`* Please see the change_hat(2) manpage for information.`
			`*/`
- Merged the library previously known as "libaalogparse" with libapparmor. - Moved the old libapparmor library to libapparmor-deprecated. 2007-07-28 15:41:04 +00:00
Add change_hatv and change_hat_vargs calls to libapparmor. These replacement routines allow an application to avoid the probing behavior of earlier version of change_hat. Allowing them to be faster and have better learning characteristics. 2010-02-11 15:38:24 -08:00			`#define change_hat(X, Y) aa_change_hat((X), (Y))`
Rename change_hat(2) to aa_change_hat(2) (a backwards compatibility macro is in place) and support 64 bit magic tokens. 2007-08-16 04:26:19 +00:00			`extern int (change_hat)(const char *subprofile, unsigned int magic_token);`
			`extern int aa_change_hat(const char *subprofile, unsigned long magic_token);`
Remove the magic token from the aa_change_profile() interface, as change_profile transitions ought to be uni-directional. If you want bi-directional transitions, use aa_change_hat() instead. 2007-09-15 05:41:44 +00:00			`extern int aa_change_profile(const char *profile);`
Add change_profile onexec to libapparmor 2010-02-11 15:37:25 -08:00			`extern int aa_change_onexec(const char *profile);`
Rename change_hat(2) to aa_change_hat(2) (a backwards compatibility macro is in place) and support 64 bit magic tokens. 2007-08-16 04:26:19 +00:00
Update change_hatv and change_hat_vargs prototypes to use long Signed-off-by: John Johansen <john.johansen@canonical.com> 2011-02-22 03:55:16 -08:00			`extern int aa_change_hatv(const char *subprofiles[], unsigned long token);`
			`extern int (aa_change_hat_vargs)(unsigned long token, int count, ...);`
Add change_hatv and change_hat_vargs calls to libapparmor. These replacement routines allow an application to avoid the probing behavior of earlier version of change_hat. Allowing them to be faster and have better learning characteristics. 2010-02-11 15:38:24 -08:00
Library interface for tasks introspecting confinement. Signed-off-by: John Johansen <john.johansen@canonical.com> 2011-08-09 06:47:40 -07:00			`/* Protypes for introspecting task confinement`
			`* Please see the aa_getcon(2) manpage for information`
			`*/`
Add the ability to read proc attr interfaces Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees.cook@canonical.com> 2011-08-09 06:45:51 -07:00			`extern int aa_getprocattr_raw(pid_t tid, const char attr, char buf, int len,`
			`char **mode);`
			`extern int aa_getprocattr(pid_t tid, const char attr, char buf, char *mode);`
Library interface for tasks introspecting confinement. Signed-off-by: John Johansen <john.johansen@canonical.com> 2011-08-09 06:47:40 -07:00			`extern int aa_gettaskcon(pid_t target, char con, char mode);`
			`extern int aa_getcon(char con, char mode);`
			`extern int aa_getpeercon_raw(int fd, char buffer, int size);`
			`extern int aa_getpeercon(int fd, char **con);`
Add the ability to read proc attr interfaces Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees.cook@canonical.com> 2011-08-09 06:45:51 -07:00
Add change_hatv and change_hat_vargs calls to libapparmor. These replacement routines allow an application to avoid the probing behavior of earlier version of change_hat. Allowing them to be faster and have better learning characteristics. 2010-02-11 15:38:24 -08:00			`#define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y)`
			`#define __macroarg_count1(Y...) __macroarg_count2 (Y, 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0)`
			`#define __macroarg_count2(_,x0,x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,x14,x15,n,Y...) n`

			`/**`
			`* change_hat_vargs - a wrapper macro for change_hat_vargs`
			`* @T: the magic token`
			`* @X...: the parameter list of hats being passed`
			`*`
			`* The change_hat_vargs macro makes it so the caller doesn't have to`
			`* specify the number of hats passed as parameters to the change_hat_vargs`
			`* fn.`
			`*`
			`* eg.`
			`* change_hat_vargs(10, hat1, hat2, hat3, hat4);`
			`* expandes to`
			`* (change_hat_vargs)(10, 4, hat1, hat2, hat3, hat4);`
			`*`
			`* to call change_hat_vargs direction do`
			`* (change_hat_vargs)(token, nhats, hat1, hat2...)`
			`*/`
			`#define aa_change_hat_vargs(T, X...) \`
			`(aa_change_hat_vargs)(T, __macroarg_counter(X), X)`
- Merged the library previously known as "libaalogparse" with libapparmor. - Moved the old libapparmor library to libapparmor-deprecated. 2007-07-28 15:41:04 +00:00
			`__END_DECLS`

			`#endif /* sys/apparmor.h */`