From 77116b1422c270acfeeefae235fc5400ed620b60 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Fri, 26 May 2017 01:57:09 -0700
Subject: [PATCH 18/65] apparmor: move permissions into their own file to be
more easily shared
Git-commit: fc7e0b26b8d26e680bb2f252e9521385e0092e4c
Patch-mainline: v4.13-rc1
References: FATE#323500
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
---
security/apparmor/include/file.h | 20 +------------------
security/apparmor/include/perms.h | 40 ++++++++++++++++++++++++++++++++++++++
security/apparmor/include/policy.h | 1 +
security/apparmor/lib.c | 1 +
4 files changed, 43 insertions(+), 19 deletions(-)
create mode 100644 security/apparmor/include/perms.h
diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h
index eba39cb25f02..a75e4872053a 100644
--- a/security/apparmor/include/file.h
+++ b/security/apparmor/include/file.h
@@ -17,29 +17,11 @@
#include "domain.h"
#include "match.h"
+#include "perms.h"
struct aa_profile;
struct path;
-/*
- * We use MAY_EXEC, MAY_WRITE, MAY_READ, MAY_APPEND and the following flags
- * for profile permissions
- */
-#define AA_MAY_CREATE 0x0010
-#define AA_MAY_DELETE 0x0020
-#define AA_MAY_META_WRITE 0x0040
-#define AA_MAY_META_READ 0x0080
-
-#define AA_MAY_CHMOD 0x0100
-#define AA_MAY_CHOWN 0x0200
-#define AA_MAY_LOCK 0x0400
-#define AA_EXEC_MMAP 0x0800
-
-#define AA_MAY_LINK 0x1000
-#define AA_LINK_SUBSET AA_MAY_LOCK /* overlaid */
-#define AA_MAY_ONEXEC 0x40000000 /* exec allows onexec */
-#define AA_MAY_CHANGE_PROFILE 0x80000000
-#define AA_MAY_CHANGEHAT 0x80000000 /* ctrl auditing only */
#define AA_AUDIT_FILE_MASK (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND |\
AA_MAY_CREATE | AA_MAY_DELETE | \
diff --git a/security/apparmor/include/perms.h b/security/apparmor/include/perms.h
new file mode 100644
index 000000000000..4a65755a2dc0
--- /dev/null
+++ b/security/apparmor/include/perms.h
@@ -0,0 +1,40 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor basic permission sets definitions.
+ *
+ * Copyright 2017 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+
+#ifndef __AA_PERM_H
+#define __AA_PERM_H
+
+#include <linux/fs.h>
+
+/*
+ * We use MAY_EXEC, MAY_WRITE, MAY_READ, MAY_APPEND and the following flags
+ * for profile permissions
+ */
+#define AA_MAY_CREATE 0x0010
+#define AA_MAY_DELETE 0x0020
+#define AA_MAY_META_WRITE 0x0040
+#define AA_MAY_META_READ 0x0080
+
+#define AA_MAY_CHMOD 0x0100
+#define AA_MAY_CHOWN 0x0200
+#define AA_MAY_LOCK 0x0400
+#define AA_EXEC_MMAP 0x0800
+
+#define AA_MAY_LINK 0x1000
+#define AA_LINK_SUBSET AA_MAY_LOCK /* overlaid */
+#define AA_MAY_ONEXEC 0x40000000 /* exec allows onexec */
+#define AA_MAY_CHANGE_PROFILE 0x80000000
+#define AA_MAY_CHANGEHAT 0x80000000 /* ctrl auditing only */
+
+
+#endif /* __AA_PERM_H */
diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index dffa01c018c8..0f87f70287ad 100644
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -29,6 +29,7 @@
#include "domain.h"
#include "file.h"
#include "lib.h"
+#include "perms.h"
#include "resource.h"
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index 864b2fa45852..90eb14c9e0cf 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -21,6 +21,7 @@
#include "include/audit.h"
#include "include/apparmor.h"
#include "include/lib.h"
+#include "include/perms.h"
#include "include/policy.h"
/**
--
2.12.3