apparmor/libraries/libapparmor/src/apparmor.h

/*
 * Copyright (c) 2003-2008 Novell, Inc. (All rights reserved)
 * Copyright 2009-2010 Canonical Ltd.
 *
 * The libapparmor library is licensed under the terms of the GNU
 * Lesser General Public License, version 2.1. Please see the file
 * COPYING.LGPL.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

#ifndef _SYS_APPARMOR_H
#define _SYS_APPARMOR_H	1

#include <stdint.h>
#include <sys/types.h>

__BEGIN_DECLS

/*
 * Class of mediation types in the AppArmor policy db
 */
#define AA_CLASS_COND		0
#define AA_CLASS_UNKNOWN	1
#define AA_CLASS_FILE		2
#define AA_CLASS_CAP		3
#define AA_CLASS_NET		4
#define AA_CLASS_RLIMITS	5
#define AA_CLASS_DOMAIN		6
#define AA_CLASS_MOUNT		7
#define AA_CLASS_NS_DOMAIN	8
#define AA_CLASS_PTRACE		9

#define AA_CLASS_ENV		16

#define AA_CLASS_DBUS		32
#define AA_CLASS_X		33


/* Permission Flags for Mediation classes */
#define AA_MAY_WRITE		(1 << 1)
#define AA_MAY_READ		(1 << 2)
#define AA_MAY_BIND		(1 << 6)

#define AA_DBUS_SEND		AA_MAY_WRITE
#define AA_DBUS_RECEIVE		AA_MAY_READ
#define AA_DBUS_EAVESDROP	(1 << 5)
#define AA_DBUS_BIND		AA_MAY_BIND


/* Prototypes for apparmor state queries */
extern int aa_is_enabled(void);
extern int aa_find_mountpoint(char **mnt);

/* Prototypes for self directed domain transitions
 * see <http://apparmor.net>
 * Please see the change_hat(2) manpage for information.
 */

#define change_hat(X, Y) aa_change_hat((X), (Y))
extern int (change_hat)(const char *subprofile, unsigned int magic_token);
extern int aa_change_hat(const char *subprofile, unsigned long magic_token);
extern int aa_change_profile(const char *profile);
extern int aa_change_onexec(const char *profile);

extern int aa_change_hatv(const char *subprofiles[], unsigned long token);
extern int (aa_change_hat_vargs)(unsigned long token, int count, ...);

/* Protypes for introspecting task confinement
 * Please see the aa_getcon(2) manpage for information
 */
extern int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
			      char **mode);
extern int aa_getprocattr(pid_t tid, const char *attr, char **con, char **mode);
extern int aa_gettaskcon(pid_t target, char **con, char **mode);
extern int aa_getcon(char **con, char **mode);
extern int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode);
extern int aa_getpeercon(int fd, char **con, char **mode);

/* A NUL character is used to separate the query command prefix string from the
 * rest of the query string. The query command sizes intentionally include the
 * NUL-terminator in their values.
 */
#define AA_QUERY_CMD_LABEL		"label"
#define AA_QUERY_CMD_LABEL_SIZE		sizeof(AA_QUERY_CMD_LABEL)

extern int aa_query_label(uint32_t mask, char *query, size_t size, int *allow,
			  int *audit);

#define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y)
#define __macroarg_count1(Y...) __macroarg_count2 (Y, 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0)
#define __macroarg_count2(_,x0,x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,x14,x15,n,Y...) n

/**
 * change_hat_vargs - a wrapper macro for change_hat_vargs
 * @T: the magic token
 * @X...: the parameter list of hats being passed
 *
 * The change_hat_vargs macro makes it so the caller doesn't have to
 * specify the number of hats passed as parameters to the change_hat_vargs
 * fn.
 *
 * eg.
 * change_hat_vargs(10, hat1, hat2, hat3, hat4);
 * expandes to
 * (change_hat_vargs)(10, 4, hat1, hat2, hat3, hat4);
 *
 * to call change_hat_vargs direction do
 * (change_hat_vargs)(token, nhats, hat1, hat2...)
 */
#define aa_change_hat_vargs(T, X...) \
	(aa_change_hat_vargs)(T, __macroarg_counter(X), X)

__END_DECLS

#endif	/* sys/apparmor.h */
as ACKed on IRC, drop the unused $Id$ tags everywhere 2010-12-20 12:29:10 -08:00			`/*`
Update licencing in libapparmor Signed-off-by: John Johansen <john.johansen@canonical.com> 2011-02-22 03:51:16 -08:00			`* Copyright (c) 2003-2008 Novell, Inc. (All rights reserved)`
			`* Copyright 2009-2010 Canonical Ltd.`
			`*`
			`* The libapparmor library is licensed under the terms of the GNU`
			`* Lesser General Public License, version 2.1. Please see the file`
			`* COPYING.LGPL.`
			`*`
libraries/libapparmor/: more license cleanups, adjust my email address in the AUTHORS file. 2011-02-23 14:02:45 -08:00			`* This library is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Lesser General Public License for more details.`
			`*`
Update licencing in libapparmor Signed-off-by: John Johansen <john.johansen@canonical.com> 2011-02-22 03:51:16 -08:00			`* You should have received a copy of the GNU Lesser General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`
- Merged the library previously known as "libaalogparse" with libapparmor. - Moved the old libapparmor library to libapparmor-deprecated. 2007-07-28 15:41:04 +00:00
libapparmor: Check correct macro to prevent multiple apparmor.h includes This typo allowed apparmor.h to be pulled in multiple times. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Steve Beattie <steve@nxnw.org> 2013-11-04 12:02:53 -08:00			`#ifndef _SYS_APPARMOR_H`
- Merged the library previously known as "libaalogparse" with libapparmor. - Moved the old libapparmor library to libapparmor-deprecated. 2007-07-28 15:41:04 +00:00			`#define _SYS_APPARMOR_H 1`

libapparmor: Export a label-based query interface Add an interface for trusted applications to use when they need to query AppArmor kernel policy to determine if an action should be allowed. This is a simplified interface that tries to make it as easy as possible for applications to use. They provide a permissions mask and query string and they get a pair of booleans back that let them know if the action should be allowed and/or audited. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 2013-07-31 09:22:40 -07:00			`#include <stdint.h>`
Fix missing pid_t dependency in apparmor.h The define for pid_t is missing in apparmor.h so that if it is included in programs that don't also include sys/types.h the compile will break. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees.cook@canonical.com> 2011-08-31 16:01:54 -07:00			`#include <sys/types.h>`

- Merged the library previously known as "libaalogparse" with libapparmor. - Moved the old libapparmor library to libapparmor-deprecated. 2007-07-28 15:41:04 +00:00			`__BEGIN_DECLS`

libapparmor: Export a label-based query interface Add an interface for trusted applications to use when they need to query AppArmor kernel policy to determine if an action should be allowed. This is a simplified interface that tries to make it as easy as possible for applications to use. They provide a permissions mask and query string and they get a pair of booleans back that let them know if the action should be allowed and/or audited. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 2013-07-31 09:22:40 -07:00			`/*`
			`* Class of mediation types in the AppArmor policy db`
			`*/`
			`#define AA_CLASS_COND 0`
			`#define AA_CLASS_UNKNOWN 1`
			`#define AA_CLASS_FILE 2`
			`#define AA_CLASS_CAP 3`
			`#define AA_CLASS_NET 4`
			`#define AA_CLASS_RLIMITS 5`
			`#define AA_CLASS_DOMAIN 6`
			`#define AA_CLASS_MOUNT 7`
			`#define AA_CLASS_NS_DOMAIN 8`
			`#define AA_CLASS_PTRACE 9`

			`#define AA_CLASS_ENV 16`

			`#define AA_CLASS_DBUS 32`
			`#define AA_CLASS_X 33`


			`/* Permission Flags for Mediation classes */`
			`#define AA_MAY_WRITE (1 << 1)`
			`#define AA_MAY_READ (1 << 2)`
			`#define AA_MAY_BIND (1 << 6)`

			`#define AA_DBUS_SEND AA_MAY_WRITE`
			`#define AA_DBUS_RECEIVE AA_MAY_READ`
parser: Add dbus eavesdrop permission support to apparmor_parser Allows for the policy writer to grant permission to eavesdrop on the specified bus. Some example rules for granting the eavesdrop permission are: # Grant send, receive, bind, and eavesdrop dbus, # Grant send, receive, bind, and eavesdrop on the session bus dbus bus=session, # Grant send and eavesdrop on the system bus dbus (send eavesdrop) bus=system, # Grant eavesdrop on any bus dbus eavesdrop, Eavesdropping rules can contain the bus conditional. Any other conditionals are not compatible with eavesdropping rules and the parser will return an error. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 2013-12-06 11:17:43 -08:00			`#define AA_DBUS_EAVESDROP (1 << 5)`
libapparmor: Export a label-based query interface Add an interface for trusted applications to use when they need to query AppArmor kernel policy to determine if an action should be allowed. This is a simplified interface that tries to make it as easy as possible for applications to use. They provide a permissions mask and query string and they get a pair of booleans back that let them know if the action should be allowed and/or audited. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 2013-07-31 09:22:40 -07:00			`#define AA_DBUS_BIND AA_MAY_BIND`


Library function to find the apparmorfs filesystem mount point Signed-off-by: John Johansen <john.johansen@canonical.com> 2011-08-09 06:48:17 -07:00			`/* Prototypes for apparmor state queries */`
Function to test if apparmor support is enabled. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees.cook@canonical.com> 2011-08-09 06:48:56 -07:00			`extern int aa_is_enabled(void);`
Library function to find the apparmorfs filesystem mount point Signed-off-by: John Johansen <john.johansen@canonical.com> 2011-08-09 06:48:17 -07:00			`extern int aa_find_mountpoint(char **mnt);`

Update licencing in libapparmor Signed-off-by: John Johansen <john.johansen@canonical.com> 2011-02-22 03:51:16 -08:00			`/* Prototypes for self directed domain transitions`
			`* see <http://apparmor.net>`
			`* Please see the change_hat(2) manpage for information.`
			`*/`
- Merged the library previously known as "libaalogparse" with libapparmor. - Moved the old libapparmor library to libapparmor-deprecated. 2007-07-28 15:41:04 +00:00
Add change_hatv and change_hat_vargs calls to libapparmor. These replacement routines allow an application to avoid the probing behavior of earlier version of change_hat. Allowing them to be faster and have better learning characteristics. 2010-02-11 15:38:24 -08:00			`#define change_hat(X, Y) aa_change_hat((X), (Y))`
Rename change_hat(2) to aa_change_hat(2) (a backwards compatibility macro is in place) and support 64 bit magic tokens. 2007-08-16 04:26:19 +00:00			`extern int (change_hat)(const char *subprofile, unsigned int magic_token);`
			`extern int aa_change_hat(const char *subprofile, unsigned long magic_token);`
Remove the magic token from the aa_change_profile() interface, as change_profile transitions ought to be uni-directional. If you want bi-directional transitions, use aa_change_hat() instead. 2007-09-15 05:41:44 +00:00			`extern int aa_change_profile(const char *profile);`
Add change_profile onexec to libapparmor 2010-02-11 15:37:25 -08:00			`extern int aa_change_onexec(const char *profile);`
Rename change_hat(2) to aa_change_hat(2) (a backwards compatibility macro is in place) and support 64 bit magic tokens. 2007-08-16 04:26:19 +00:00
Update change_hatv and change_hat_vargs prototypes to use long Signed-off-by: John Johansen <john.johansen@canonical.com> 2011-02-22 03:55:16 -08:00			`extern int aa_change_hatv(const char *subprofiles[], unsigned long token);`
			`extern int (aa_change_hat_vargs)(unsigned long token, int count, ...);`
Add change_hatv and change_hat_vargs calls to libapparmor. These replacement routines allow an application to avoid the probing behavior of earlier version of change_hat. Allowing them to be faster and have better learning characteristics. 2010-02-11 15:38:24 -08:00
Library interface for tasks introspecting confinement. Signed-off-by: John Johansen <john.johansen@canonical.com> 2011-08-09 06:47:40 -07:00			`/* Protypes for introspecting task confinement`
			`* Please see the aa_getcon(2) manpage for information`
			`*/`
Add the ability to read proc attr interfaces Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees.cook@canonical.com> 2011-08-09 06:45:51 -07:00			`extern int aa_getprocattr_raw(pid_t tid, const char attr, char buf, int len,`
			`char **mode);`
libapparmor: Clarify that mode strings are not to be freed The aa_getcon man page only implies that the mode strings returned by aa_getprocattr(), aa_gettaskcon(), aa_getcon(), and aa_getpeercon() should not be freed. A developer using the man page to build against libapparmor may miss that subtlety and end up hitting double free issues. This patch makes the man page more clear, makes the function comments more clear, and changes the aa_getprocattr() buf param to con. The use of buf should reserved for the aa_get_raw() functions that do not allocate a buffer for the confinement context and all documents now clearly mention that con must be freed. Additionally, this patch removes the line wrapping of the aa_getprocattr_raw() prototype in the aa_getcon man page source. The line wrapping caused incorrect formatting of the function prototype when viewing the man page. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 2013-09-04 15:48:43 -07:00			`extern int aa_getprocattr(pid_t tid, const char attr, char con, char *mode);`
Library interface for tasks introspecting confinement. Signed-off-by: John Johansen <john.johansen@canonical.com> 2011-08-09 06:47:40 -07:00			`extern int aa_gettaskcon(pid_t target, char con, char mode);`
			`extern int aa_getcon(char con, char mode);`
Subject: libapparmor: Make aa_getpeercon_raw() similar to aa_getprocattr_raw() The parameter names are slightly different in the two functions. Rename buffer to buf and rename size to len to make the two function prototypes look similar. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 2013-06-25 15:55:08 -07:00			`extern int aa_getpeercon_raw(int fd, char buf, int len, char **mode);`
Subject: libapparmor: Parse mode from confinement string in getpeercon functions The functions that return the confinement information of a peer socket connection should parse and return the mode like the task-based functions. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 2013-06-25 15:54:17 -07:00			`extern int aa_getpeercon(int fd, char con, char mode);`
Add the ability to read proc attr interfaces Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <kees.cook@canonical.com> 2011-08-09 06:45:51 -07:00
libapparmor: Export a label-based query interface Add an interface for trusted applications to use when they need to query AppArmor kernel policy to determine if an action should be allowed. This is a simplified interface that tries to make it as easy as possible for applications to use. They provide a permissions mask and query string and they get a pair of booleans back that let them know if the action should be allowed and/or audited. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com> 2013-07-31 09:22:40 -07:00			`/* A NUL character is used to separate the query command prefix string from the`
			`* rest of the query string. The query command sizes intentionally include the`
			`* NUL-terminator in their values.`
			`*/`
			`#define AA_QUERY_CMD_LABEL "label"`
			`#define AA_QUERY_CMD_LABEL_SIZE sizeof(AA_QUERY_CMD_LABEL)`

			`extern int aa_query_label(uint32_t mask, char query, size_t size, int allow,`
			`int *audit);`

Add change_hatv and change_hat_vargs calls to libapparmor. These replacement routines allow an application to avoid the probing behavior of earlier version of change_hat. Allowing them to be faster and have better learning characteristics. 2010-02-11 15:38:24 -08:00			`#define __macroarg_counter(Y...) __macroarg_count1 ( , ##Y)`
			`#define __macroarg_count1(Y...) __macroarg_count2 (Y, 16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0)`
			`#define __macroarg_count2(_,x0,x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,x14,x15,n,Y...) n`

			`/**`
			`* change_hat_vargs - a wrapper macro for change_hat_vargs`
			`* @T: the magic token`
			`* @X...: the parameter list of hats being passed`
			`*`
			`* The change_hat_vargs macro makes it so the caller doesn't have to`
			`* specify the number of hats passed as parameters to the change_hat_vargs`
			`* fn.`
			`*`
			`* eg.`
			`* change_hat_vargs(10, hat1, hat2, hat3, hat4);`
			`* expandes to`
			`* (change_hat_vargs)(10, 4, hat1, hat2, hat3, hat4);`
			`*`
			`* to call change_hat_vargs direction do`
			`* (change_hat_vargs)(token, nhats, hat1, hat2...)`
			`*/`
			`#define aa_change_hat_vargs(T, X...) \`
			`(aa_change_hat_vargs)(T, __macroarg_counter(X), X)`
- Merged the library previously known as "libaalogparse" with libapparmor. - Moved the old libapparmor library to libapparmor-deprecated. 2007-07-28 15:41:04 +00:00
			`__END_DECLS`

			`#endif /* sys/apparmor.h */`