security/apparmor/include/policy_compat.h

   1 /* SPDX-License-Identifier: GPL-2.0-only */
   2 /*
   3  * AppArmor security module
   4  *
   5  * Code to provide backwards compatibility with older policy versions,
   6  * by converting/mapping older policy formats into the newer internal
   7  * formats.
   8  *
   9  * Copyright 2022 Canonical Ltd.
  10  */
  11
  12 #ifndef __POLICY_COMPAT_H
  13 #define __POLICY_COMPAT_H
  14
  15 #include "policy.h"
  16
  17 #define K_ABI_MASK 0x3ff
  18 #define FORCE_COMPLAIN_FLAG 0x800
  19 #define VERSION_LT(X, Y) (((X) & K_ABI_MASK) < ((Y) & K_ABI_MASK))
  20 #define VERSION_LE(X, Y) (((X) & K_ABI_MASK) <= ((Y) & K_ABI_MASK))
  21 #define VERSION_GT(X, Y) (((X) & K_ABI_MASK) > ((Y) & K_ABI_MASK))
  22
  23 #define v5      5       /* base version */
  24 #define v6      6       /* per entry policydb mediation check */
  25 #define v7      7
  26 #define v8      8       /* full network masking */
  27 #define v9      9       /* xbits are used as permission bits in policydb */
  28
  29 int aa_compat_map_xmatch(struct aa_policydb *policy);
  30 int aa_compat_map_policy(struct aa_policydb *policy, u32 version);
  31 int aa_compat_map_file(struct aa_policydb *policy);
  32
  33 #endif /* __POLICY_COMPAT_H */