apparmor: move permissions into their own file to be more easily shared

Signed-off-by: John Johansen <john.johansen@canonical.com>

diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h
index eba39cb25f0261264e1143d838007acad98016fa..a75e4872053a2690bd1cd4b2fa9625d15c9618f3 100644 (file)
--- a/security/apparmor/include/file.h
+++ b/security/apparmor/include/file.h
@@ -17,29 +17,11 @@
 
 #include "domain.h"
 #include "match.h"
+#include "perms.h"
 
 struct aa_profile;
 struct path;
 
-/*
- * We use MAY_EXEC, MAY_WRITE, MAY_READ, MAY_APPEND and the following flags
- * for profile permissions
- */
-#define AA_MAY_CREATE                  0x0010
-#define AA_MAY_DELETE                  0x0020
-#define AA_MAY_META_WRITE              0x0040
-#define AA_MAY_META_READ               0x0080
-
-#define AA_MAY_CHMOD                   0x0100
-#define AA_MAY_CHOWN                   0x0200
-#define AA_MAY_LOCK                    0x0400
-#define AA_EXEC_MMAP                   0x0800
-
-#define AA_MAY_LINK                    0x1000
-#define AA_LINK_SUBSET                 AA_MAY_LOCK     /* overlaid */
-#define AA_MAY_ONEXEC                  0x40000000      /* exec allows onexec */
-#define AA_MAY_CHANGE_PROFILE          0x80000000
-#define AA_MAY_CHANGEHAT               0x80000000      /* ctrl auditing only */
 
 #define AA_AUDIT_FILE_MASK     (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND |\
                                 AA_MAY_CREATE | AA_MAY_DELETE |        \

diff --git a/security/apparmor/include/perms.h b/security/apparmor/include/perms.h
new file mode 100644 (file)
index 0000000..4a65755
--- /dev/null
+++ b/security/apparmor/include/perms.h
@@ -0,0 +1,40 @@
+/*
+ * AppArmor security module
+ *
+ * This file contains AppArmor basic permission sets definitions.
+ *
+ * Copyright 2017 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+
+#ifndef __AA_PERM_H
+#define __AA_PERM_H
+
+#include <linux/fs.h>
+
+/*
+ * We use MAY_EXEC, MAY_WRITE, MAY_READ, MAY_APPEND and the following flags
+ * for profile permissions
+ */
+#define AA_MAY_CREATE                  0x0010
+#define AA_MAY_DELETE                  0x0020
+#define AA_MAY_META_WRITE              0x0040
+#define AA_MAY_META_READ               0x0080
+
+#define AA_MAY_CHMOD                   0x0100
+#define AA_MAY_CHOWN                   0x0200
+#define AA_MAY_LOCK                    0x0400
+#define AA_EXEC_MMAP                   0x0800
+
+#define AA_MAY_LINK                    0x1000
+#define AA_LINK_SUBSET                 AA_MAY_LOCK     /* overlaid */
+#define AA_MAY_ONEXEC                  0x40000000      /* exec allows onexec */
+#define AA_MAY_CHANGE_PROFILE          0x80000000
+#define AA_MAY_CHANGEHAT               0x80000000      /* ctrl auditing only */
+
+
+#endif /* __AA_PERM_H */

diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
index dffa01c018c80ed4bd06b545757e7e0c64440e5c..0f87f70287ad11a998f113420cc67b87e2c066c8 100644 (file)
--- a/security/apparmor/include/policy.h
+++ b/security/apparmor/include/policy.h
@@ -29,6 +29,7 @@
 #include "domain.h"
 #include "file.h"
 #include "lib.h"
+#include "perms.h"
 #include "resource.h"
 
 

diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index 864b2fa45852af596e8f73899283a1b2da8ccaf0..90eb14c9e0cfe435c0c07c5b8abcc5a2076746ed 100644 (file)
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -21,6 +21,7 @@
 #include "include/audit.h"
 #include "include/apparmor.h"
 #include "include/lib.h"
+#include "include/perms.h"
 #include "include/policy.h"
 
 /**