1b886d83cSThomas Gleixner /* SPDX-License-Identifier: GPL-2.0-only */
22ea3ffb7SJohn Johansen /*
32ea3ffb7SJohn Johansen  * AppArmor security module
42ea3ffb7SJohn Johansen  *
52ea3ffb7SJohn Johansen  * This file contains AppArmor file mediation function definitions.
62ea3ffb7SJohn Johansen  *
72ea3ffb7SJohn Johansen  * Copyright 2017 Canonical Ltd.
82ea3ffb7SJohn Johansen  */
92ea3ffb7SJohn Johansen 
102ea3ffb7SJohn Johansen #ifndef __AA_MOUNT_H
112ea3ffb7SJohn Johansen #define __AA_MOUNT_H
122ea3ffb7SJohn Johansen 
132ea3ffb7SJohn Johansen #include <linux/fs.h>
142ea3ffb7SJohn Johansen #include <linux/path.h>
152ea3ffb7SJohn Johansen 
162ea3ffb7SJohn Johansen #include "domain.h"
172ea3ffb7SJohn Johansen #include "policy.h"
182ea3ffb7SJohn Johansen 
192ea3ffb7SJohn Johansen /* mount perms */
202ea3ffb7SJohn Johansen #define AA_MAY_PIVOTROOT	0x01
212ea3ffb7SJohn Johansen #define AA_MAY_MOUNT		0x02
222ea3ffb7SJohn Johansen #define AA_MAY_UMOUNT		0x04
232ea3ffb7SJohn Johansen #define AA_AUDIT_DATA		0x40
242ea3ffb7SJohn Johansen #define AA_MNT_CONT_MATCH	0x40
252ea3ffb7SJohn Johansen 
262ea3ffb7SJohn Johansen #define AA_MS_IGNORE_MASK (MS_KERNMOUNT | MS_NOSEC | MS_ACTIVE | MS_BORN)
272ea3ffb7SJohn Johansen 
28690f33e1SJohn Johansen int aa_remount(const struct cred *subj_cred,
29690f33e1SJohn Johansen 	       struct aa_label *label, const struct path *path,
302ea3ffb7SJohn Johansen 	       unsigned long flags, void *data);
312ea3ffb7SJohn Johansen 
32690f33e1SJohn Johansen int aa_bind_mount(const struct cred *subj_cred,
33690f33e1SJohn Johansen 		  struct aa_label *label, const struct path *path,
342ea3ffb7SJohn Johansen 		  const char *old_name, unsigned long flags);
352ea3ffb7SJohn Johansen 
362ea3ffb7SJohn Johansen 
37690f33e1SJohn Johansen int aa_mount_change_type(const struct cred *subj_cred,
38690f33e1SJohn Johansen 			 struct aa_label *label, const struct path *path,
392ea3ffb7SJohn Johansen 			 unsigned long flags);
402ea3ffb7SJohn Johansen 
41*96af4515SJohn Johansen int aa_move_mount_old(const struct cred *subj_cred,
42690f33e1SJohn Johansen 		      struct aa_label *label, const struct path *path,
432ea3ffb7SJohn Johansen 		      const char *old_name);
44*96af4515SJohn Johansen int aa_move_mount(const struct cred *subj_cred,
45*96af4515SJohn Johansen 		  struct aa_label *label, const struct path *from_path,
46*96af4515SJohn Johansen 		  const struct path *to_path);
472ea3ffb7SJohn Johansen 
48690f33e1SJohn Johansen int aa_new_mount(const struct cred *subj_cred,
49690f33e1SJohn Johansen 		 struct aa_label *label, const char *dev_name,
502ea3ffb7SJohn Johansen 		 const struct path *path, const char *type, unsigned long flags,
512ea3ffb7SJohn Johansen 		 void *data);
522ea3ffb7SJohn Johansen 
53690f33e1SJohn Johansen int aa_umount(const struct cred *subj_cred,
54690f33e1SJohn Johansen 	      struct aa_label *label, struct vfsmount *mnt, int flags);
552ea3ffb7SJohn Johansen 
56690f33e1SJohn Johansen int aa_pivotroot(const struct cred *subj_cred,
57690f33e1SJohn Johansen 		 struct aa_label *label, const struct path *old_path,
582ea3ffb7SJohn Johansen 		 const struct path *new_path);
592ea3ffb7SJohn Johansen 
602ea3ffb7SJohn Johansen #endif /* __AA_MOUNT_H */
61