policy_compat.h 1018 B

123456789101112131415161718192021222324252627282930313233
  1. /* SPDX-License-Identifier: GPL-2.0-only */
  2. /*
  3. * AppArmor security module
  4. *
  5. * Code to provide backwards compatibility with older policy versions,
  6. * by converting/mapping older policy formats into the newer internal
  7. * formats.
  8. *
  9. * Copyright 2022 Canonical Ltd.
  10. */
  11. #ifndef __POLICY_COMPAT_H
  12. #define __POLICY_COMPAT_H
  13. #include "policy.h"
  14. #define K_ABI_MASK 0x3ff
  15. #define FORCE_COMPLAIN_FLAG 0x800
  16. #define VERSION_LT(X, Y) (((X) & K_ABI_MASK) < ((Y) & K_ABI_MASK))
  17. #define VERSION_LE(X, Y) (((X) & K_ABI_MASK) <= ((Y) & K_ABI_MASK))
  18. #define VERSION_GT(X, Y) (((X) & K_ABI_MASK) > ((Y) & K_ABI_MASK))
  19. #define v5 5 /* base version */
  20. #define v6 6 /* per entry policydb mediation check */
  21. #define v7 7
  22. #define v8 8 /* full network masking */
  23. #define v9 9 /* xbits are used as permission bits in policydb */
  24. int aa_compat_map_xmatch(struct aa_policydb *policy);
  25. int aa_compat_map_policy(struct aa_policydb *policy, u32 version);
  26. int aa_compat_map_file(struct aa_policydb *policy);
  27. #endif /* __POLICY_COMPAT_H */