xref: /openbmc/linux/security/apparmor/include/policy_compat.h (revision 7bd571b274fd15e0e7dc3d79d104f32928010eff)
1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3  * AppArmor security module
4  *
5  * Code to provide backwards compatibility with older policy versions,
6  * by converting/mapping older policy formats into the newer internal
7  * formats.
8  *
9  * Copyright 2022 Canonical Ltd.
10  */
11 
12 #ifndef __POLICY_COMPAT_H
13 #define __POLICY_COMPAT_H
14 
15 #include "policy.h"
16 
17 #define K_ABI_MASK 0x3ff
18 #define FORCE_COMPLAIN_FLAG 0x800
19 #define VERSION_LT(X, Y) (((X) & K_ABI_MASK) < ((Y) & K_ABI_MASK))
20 #define VERSION_LE(X, Y) (((X) & K_ABI_MASK) <= ((Y) & K_ABI_MASK))
21 #define VERSION_GT(X, Y) (((X) & K_ABI_MASK) > ((Y) & K_ABI_MASK))
22 
23 #define v5	5	/* base version */
24 #define v6	6	/* per entry policydb mediation check */
25 #define v7	7
26 #define v8	8	/* full network masking */
27 #define v9	9	/* xbits are used as permission bits in policydb */
28 
29 int aa_compat_map_xmatch(struct aa_policydb *policy);
30 int aa_compat_map_policy(struct aa_policydb *policy, u32 version);
31 int aa_compat_map_file(struct aa_policydb *policy);
32 
33 #endif /* __POLICY_COMPAT_H */
34