3 files changed, 119 insertions, 0 deletions
diff --git a/security/apparmor/include/capability.h b/security/apparmor/include/capability.h
new file mode 100644
index 000000000000..c24d2959ea02
--- /dev/null
+++ b/security/apparmor/include/capability.h
@@ -0,0 +1,45 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor capability mediation definitions.
+ *
+ * Copyright (C) 1998-2008 Novell/SUSE
+ * Copyright 2009-2010 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+#ifndef __AA_CAPABILITY_H
+#define __AA_CAPABILITY_H
+#include <linux/sched.h>
+struct aa_profile;
+/* aa_caps - confinement data for capabilities
+ * @allowed: capabilities mask
+ * @audit: caps that are to be audited
+ * @quiet: caps that should not be audited
+ * @kill: caps that when requested will result in the task being killed
+ * @extended: caps that are subject finer grained mediation
+ */
+struct aa_caps {
+        kernel_cap_t allow;
+        kernel_cap_t audit;
+        kernel_cap_t quiet;
+        kernel_cap_t kill;
+        kernel_cap_t extended;
+};
+int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap,
+               int audit);
+static inline void aa_free_cap_rules(struct aa_caps *caps)
+{
+        /* NOP */
+}
+#endif /* __AA_CAPBILITY_H */
diff --git a/security/apparmor/include/ipc.h b/security/apparmor/include/ipc.h
new file mode 100644
index 000000000000..aeda0fbc8b2f
--- /dev/null
+++ b/security/apparmor/include/ipc.h
@@ -0,0 +1,28 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor ipc mediation function definitions.
+ *
+ * Copyright (C) 1998-2008 Novell/SUSE
+ * Copyright 2009-2010 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+#ifndef __AA_IPC_H
+#define __AA_IPC_H
+#include <linux/sched.h>
+struct aa_profile;
+int aa_may_ptrace(struct task_struct *tracer_task, struct aa_profile *tracer,
+                  struct aa_profile *tracee, unsigned int mode);
+int aa_ptrace(struct task_struct *tracer, struct task_struct *tracee,
+              unsigned int mode);
+#endif /* __AA_IPC_H */
diff --git a/security/apparmor/include/resource.h b/security/apparmor/include/resource.h
new file mode 100644
index 000000000000..3c88be946494
--- /dev/null
+++ b/security/apparmor/include/resource.h
@@ -0,0 +1,46 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor resource limits function definitions.
+ *
+ * Copyright (C) 1998-2008 Novell/SUSE
+ * Copyright 2009-2010 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+#ifndef __AA_RESOURCE_H
+#define __AA_RESOURCE_H
+#include <linux/resource.h>
+#include <linux/sched.h>
+struct aa_profile;
+/* struct aa_rlimit - rlimit settings for the profile
+ * @mask: which hard limits to set
+ * @limits: rlimit values that override task limits
+ *
+ * AppArmor rlimits are used to set confined task rlimits.  Only the
+ * limits specified in @mask will be controlled by apparmor.
+ */
+struct aa_rlimit {
+        unsigned int mask;
+        struct rlimit limits[RLIM_NLIMITS];
+};
+int aa_map_resource(int resource);
+int aa_task_setrlimit(struct aa_profile *profile, unsigned int resource,
+                      struct rlimit *new_rlim);
+void __aa_transition_rlimits(struct aa_profile *old, struct aa_profile *new);
+static inline void aa_free_rlimit_rules(struct aa_rlimit *rlims)
+{
+        /* NOP */
+}
+#endif /* __AA_RESOURCE_H */

diff --git a/security/apparmor/include/capability.h b/security/apparmor/include/capability.h new file mode 100644 index 000000000000..c24d2959ea02 --- /dev/null +++ b/security/apparmor/include/capability.h
@@ -0,0 +1,45 @@
	1	/*
	2	* AppArmor security module
	3	*
	4	* This file contains AppArmor capability mediation definitions.
	5	*
	6	* Copyright (C) 1998-2008 Novell/SUSE
	7	* Copyright 2009-2010 Canonical Ltd.
	8	*
	9	* This program is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU General Public License as
	11	* published by the Free Software Foundation, version 2 of the
	12	* License.
	13	*/
	14
	15	#ifndef __AA_CAPABILITY_H
	16	#define __AA_CAPABILITY_H
	17
	18	#include <linux/sched.h>
	19
	20	struct aa_profile;
	21
	22	/* aa_caps - confinement data for capabilities
	23	* @allowed: capabilities mask
	24	* @audit: caps that are to be audited
	25	* @quiet: caps that should not be audited
	26	* @kill: caps that when requested will result in the task being killed
	27	* @extended: caps that are subject finer grained mediation
	28	*/
	29	struct aa_caps {
	30	kernel_cap_t allow;
	31	kernel_cap_t audit;
	32	kernel_cap_t quiet;
	33	kernel_cap_t kill;
	34	kernel_cap_t extended;
	35	};
	36
	37	int aa_capable(struct task_struct task, struct aa_profile profile, int cap,
	38	int audit);
	39
	40	static inline void aa_free_cap_rules(struct aa_caps *caps)
	41	{
	42	/* NOP */
	43	}
	44
	45	#endif /* __AA_CAPBILITY_H */


diff --git a/security/apparmor/include/ipc.h b/security/apparmor/include/ipc.h new file mode 100644 index 000000000000..aeda0fbc8b2f --- /dev/null +++ b/security/apparmor/include/ipc.h
@@ -0,0 +1,28 @@
	1	/*
	2	* AppArmor security module
	3	*
	4	* This file contains AppArmor ipc mediation function definitions.
	5	*
	6	* Copyright (C) 1998-2008 Novell/SUSE
	7	* Copyright 2009-2010 Canonical Ltd.
	8	*
	9	* This program is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU General Public License as
	11	* published by the Free Software Foundation, version 2 of the
	12	* License.
	13	*/
	14
	15	#ifndef __AA_IPC_H
	16	#define __AA_IPC_H
	17
	18	#include <linux/sched.h>
	19
	20	struct aa_profile;
	21
	22	int aa_may_ptrace(struct task_struct tracer_task, struct aa_profile tracer,
	23	struct aa_profile *tracee, unsigned int mode);
	24
	25	int aa_ptrace(struct task_struct tracer, struct task_struct tracee,
	26	unsigned int mode);
	27
	28	#endif /* __AA_IPC_H */


diff --git a/security/apparmor/include/resource.h b/security/apparmor/include/resource.h new file mode 100644 index 000000000000..3c88be946494 --- /dev/null +++ b/security/apparmor/include/resource.h
@@ -0,0 +1,46 @@
	1	/*
	2	* AppArmor security module
	3	*
	4	* This file contains AppArmor resource limits function definitions.
	5	*
	6	* Copyright (C) 1998-2008 Novell/SUSE
	7	* Copyright 2009-2010 Canonical Ltd.
	8	*
	9	* This program is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU General Public License as
	11	* published by the Free Software Foundation, version 2 of the
	12	* License.
	13	*/
	14
	15	#ifndef __AA_RESOURCE_H
	16	#define __AA_RESOURCE_H
	17
	18	#include <linux/resource.h>
	19	#include <linux/sched.h>
	20
	21	struct aa_profile;
	22
	23	/* struct aa_rlimit - rlimit settings for the profile
	24	* @mask: which hard limits to set
	25	* @limits: rlimit values that override task limits
	26	*
	27	* AppArmor rlimits are used to set confined task rlimits. Only the
	28	* limits specified in @mask will be controlled by apparmor.
	29	*/
	30	struct aa_rlimit {
	31	unsigned int mask;
	32	struct rlimit limits[RLIM_NLIMITS];
	33	};
	34
	35	int aa_map_resource(int resource);
	36	int aa_task_setrlimit(struct aa_profile *profile, unsigned int resource,
	37	struct rlimit *new_rlim);
	38
	39	void __aa_transition_rlimits(struct aa_profile old, struct aa_profile new);
	40
	41	static inline void aa_free_rlimit_rules(struct aa_rlimit *rlims)
	42	{
	43	/* NOP */
	44	}
	45
	46	#endif /* __AA_RESOURCE_H */