32
32
#define AA_MAY_LINK (1 << 4)
33
33
#define AA_MAY_LOCK (1 << 5)
34
34
#define AA_EXEC_MMAP (1 << 6)
36
#define AA_CHANGE_PROFILE (1 << 26)
37
#define AA_EXEC_INHERIT (1 << 27)
38
#define AA_EXEC_UNCONFINED (1 << 28)
39
#define AA_EXEC_PROFILE (1 << 29)
40
#define AA_EXEC_UNSAFE (1 << 30)
41
#define AA_EXEC_MODIFIERS (AA_EXEC_INHERIT | \
42
AA_EXEC_UNCONFINED | \
46
/* Network subdomain extensions. */
47
#define AA_TCP_CONNECT (1 << 16)
48
#define AA_TCP_ACCEPT (1 << 17)
49
#define AA_TCP_CONNECTED (1 << 18)
50
#define AA_TCP_ACCEPTED (1 << 19)
51
#define AA_UDP_SEND (1 << 20)
52
#define AA_UDP_RECEIVE (1 << 21)
55
#define AA_LOGTCP_SEND (1 << 22)
56
#define AA_LOGTCP_RECEIVE (1 << 23)
35
#define AA_EXEC_UNSAFE (1 << 7)
36
#define AA_EXEC_MOD_0 (1 << 8)
37
#define AA_EXEC_MOD_1 (1 << 9)
39
#define AA_BASE_PERMS (AA_MAY_EXEC | AA_MAY_WRITE | \
40
AA_MAY_READ | AA_MAY_APPEND | \
41
AA_MAY_LINK | AA_MAY_LOCK | \
42
AA_EXEC_MMAP | AA_EXEC_UNSAFE | \
43
AA_EXEC_MOD_0 | AA_EXEC_MOD_1)
44
#define AA_USER_SHIFT 0
45
#define AA_OTHER_SHIFT 10
47
#define AA_USER_PERMS (AA_BASE_PERMS << AA_USER_SHIFT)
48
#define AA_OTHER_PERMS (AA_BASE_PERMS << AA_OTHER_SHIFT)
50
#define AA_FILE_PERMS (AA_USER_PERMS | AA_OTHER_PERMS )
52
#define AA_CHANGE_PROFILE (1 << 30)
53
#define AA_ERROR_BIT (1 << 31)
54
#define AA_SHARED_PERMS (AA_CHANGE_PROFILE | AA_ERROR_BIT)
57
#define AA_EXEC_MODIFIERS (AA_EXEC_MOD_0 | AA_EXEC_MOD_1)
58
#define AA_EXEC_TYPE (AA_MAY_EXEC | AA_EXEC_UNSAFE | \
61
#define AA_EXEC_UNCONFINED 0
62
#define AA_EXEC_INHERIT (AA_EXEC_MOD_0)
63
#define AA_EXEC_PROFILE (AA_EXEC_MOD_1)
64
#define AA_EXEC_PROFILE_OR_INHERIT (AA_EXEC_MOD_0 | AA_EXEC_MOD_1)
66
#define AA_VALID_PERMS (AA_FILE_PERMS | AA_CHANGE_PROFILE)
68
#define AA_EXEC_BITS ((AA_MAY_EXEC << AA_USER_SHIFT) | \
69
(AA_MAY_EXEC << AA_OTHER_SHIFT))
71
#define ALL_AA_EXEC_UNSAFE ((AA_EXEC_UNSAFE << AA_USER_SHIFT) | \
72
(AA_EXEC_UNSAFE << AA_OTHER_SHIFT))
74
#define AA_USER_EXEC_TYPE (AA_EXEC_TYPE << AA_USER_SHIFT)
75
#define AA_OTHER_EXEC_TYPE (AA_EXEC_TYPE << AA_OTHER_SHIFT)
77
#define AA_LINK_BITS ((AA_MAY_LINK << AA_USER_SHIFT) | \
78
(AA_MAY_LINK << AA_OTHER_SHIFT))
80
#define SHIFT_MODE(MODE, SHIFT) ((((MODE) & AA_BASE_PERMS) << (SHIFT))\
81
| ((MODE) & ~AA_FILE_PERMS))
82
#define SHIFT_TO_BASE(MODE, SHIFT) ((((MODE) & AA_FILE_PERMS) >> (SHIFT))\
83
| ((MODE) & ~AA_FILE_PERMS))
86
#define AA_LINK_SUBSET_TEST (AA_MAY_LINK << 1)
87
#define LINK_SUBSET_BITS ((AA_LINK_SUBSET_TEST << AA_USER_SHIFT) | \
88
(AA_LINK_SUBSET_TEST << AA_OTHER_SHIFT))
89
#define LINK_TO_LINK_SUBSET(X) (((X) << 1) & AA_LINK_SUBSET_TEST)
58
91
#define AA_HAT_SIZE 975 /* Maximum size of a subdomain
79
112
#define HAS_MAY_LINK(mode) ((mode) & AA_MAY_LINK)
80
113
#define HAS_MAY_LOCK(mode) ((mode) & AA_MAY_LOCK)
81
114
#define HAS_EXEC_MMAP(mode) ((mode) & AA_EXEC_MMAP)
82
#define HAS_EXEC_INHERIT(mode) ((mode) & AA_EXEC_INHERIT)
83
#define HAS_EXEC_PROFILE(mode) ((mode) & AA_EXEC_PROFILE)
84
#define HAS_EXEC_UNCONFINED(mode) ((mode) & AA_EXEC_UNCONFINED)
115
#define HAS_EXEC_INHERIT(mode) (((mode) & AA_EXEC_MODIFIERS) == \
117
#define HAS_EXEC_PROFILE(mode) (((mode) & AA_EXEC_MODIFIERS) == \
119
#define HAS_EXEC_UNCONFINED(mode) (((mode) & AA_EXEC_MODIFIERS) == \
121
#define HAS_EXEC_PROFILE_OR_INHERIT(mode) (((mode) & AA_EXEC_MODIFIERS) == \
122
AA_EXEC_PROFILE_OR_INHERIT)
85
123
#define HAS_EXEC_UNSAFE(mode) ((mode) & AA_EXEC_UNSAFE)
86
124
#define HAS_CHANGE_PROFILE(mode) ((mode) & AA_CHANGE_PROFILE)
88
#define SINGLE_BIT_SET(X) (!((X) & ((X) - 1)))
89
#define AA_EXEC_SINGLE_MODIFIER_SET(X) SINGLE_BIT_SET(((X) & AA_EXEC_MODIFIERS))
126
static inline int is_merged_x_consistent(int a, int b)
128
if ((a & AA_USER_EXEC_TYPE) && (b & AA_USER_EXEC_TYPE) &&
129
((a & AA_USER_EXEC_TYPE) != (b & AA_USER_EXEC_TYPE)))
131
if ((a & AA_OTHER_EXEC_TYPE) && (b & AA_OTHER_EXEC_TYPE) &&
132
((a & AA_OTHER_EXEC_TYPE) != (b & AA_OTHER_EXEC_TYPE)))
90
138
#endif /* ! _IMMUNIX_H */