| 1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
|---|
| 2 | /* |
|---|
| 3 | * AppArmor security module |
|---|
| 4 | * |
|---|
| 5 | * This file contains AppArmor af_unix fine grained mediation |
|---|
| 6 | * |
|---|
| 7 | * Copyright 2023 Canonical Ltd. |
|---|
| 8 | * |
|---|
| 9 | * This program is free software; you can redistribute it and/or |
|---|
| 10 | * modify it under the terms of the GNU General Public License as |
|---|
| 11 | * published by the Free Software Foundation, version 2 of the |
|---|
| 12 | * License. |
|---|
| 13 | */ |
|---|
| 14 | #ifndef __AA_AF_UNIX_H |
|---|
| 15 | |
|---|
| 16 | #include <net/af_unix.h> |
|---|
| 17 | |
|---|
| 18 | #include "label.h" |
|---|
| 19 | |
|---|
| 20 | #define unix_addr(A) ((struct sockaddr_un *)(A)) |
|---|
| 21 | #define unix_addr_len(L) ((L) - sizeof(sa_family_t)) |
|---|
| 22 | #define unix_peer(sk) (unix_sk(sk)->peer) |
|---|
| 23 | #define is_unix_addr_abstract_name(B) ((B)[0] == 0) |
|---|
| 24 | #define is_unix_addr_anon(A, L) ((A) && unix_addr_len(L) <= 0) |
|---|
| 25 | #define is_unix_addr_fs(A, L) (!is_unix_addr_anon(A, L) && \ |
|---|
| 26 | !is_unix_addr_abstract_name(unix_addr(A)->sun_path)) |
|---|
| 27 | |
|---|
| 28 | #define is_unix_anonymous(U) (!unix_sk(U)->addr) |
|---|
| 29 | #define is_unix_fs(U) (!is_unix_anonymous(U) && \ |
|---|
| 30 | unix_sk(U)->addr->name->sun_path[0]) |
|---|
| 31 | #define is_unix_connected(S) ((S)->state == SS_CONNECTED) |
|---|
| 32 | |
|---|
| 33 | |
|---|
| 34 | struct sockaddr_un *aa_sunaddr(const struct unix_sock *u, int *addrlen); |
|---|
| 35 | int aa_unix_peer_perm(const struct cred *subj_cred, |
|---|
| 36 | struct aa_label *label, const char *op, u32 request, |
|---|
| 37 | struct sock *sk, struct sock *peer_sk, |
|---|
| 38 | struct aa_label *peer_label); |
|---|
| 39 | int aa_unix_sock_perm(const char *op, u32 request, struct socket *sock); |
|---|
| 40 | int aa_unix_create_perm(struct aa_label *label, int family, int type, |
|---|
| 41 | int protocol); |
|---|
| 42 | int aa_unix_bind_perm(struct socket *sock, struct sockaddr *address, |
|---|
| 43 | int addrlen); |
|---|
| 44 | int aa_unix_connect_perm(struct socket *sock, struct sockaddr *address, |
|---|
| 45 | int addrlen); |
|---|
| 46 | int aa_unix_listen_perm(struct socket *sock, int backlog); |
|---|
| 47 | int aa_unix_accept_perm(struct socket *sock, struct socket *newsock); |
|---|
| 48 | int aa_unix_msg_perm(const char *op, u32 request, struct socket *sock, |
|---|
| 49 | struct msghdr *msg, int size); |
|---|
| 50 | int aa_unix_opt_perm(const char *op, u32 request, struct socket *sock, int level, |
|---|
| 51 | int optname); |
|---|
| 52 | int aa_unix_file_perm(const struct cred *subj_cred, struct aa_label *label, |
|---|
| 53 | const char *op, u32 request, struct file *file); |
|---|
| 54 | |
|---|
| 55 | #endif /* __AA_AF_UNIX_H */ |
|---|
| 56 | |
|---|
