162306a36Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0-only */
262306a36Sopenharmony_ci/*
362306a36Sopenharmony_ci * AppArmor security module
462306a36Sopenharmony_ci *
562306a36Sopenharmony_ci * This file contains AppArmor file mediation function definitions.
662306a36Sopenharmony_ci *
762306a36Sopenharmony_ci * Copyright 2017 Canonical Ltd.
862306a36Sopenharmony_ci */
962306a36Sopenharmony_ci
1062306a36Sopenharmony_ci#ifndef __AA_MOUNT_H
1162306a36Sopenharmony_ci#define __AA_MOUNT_H
1262306a36Sopenharmony_ci
1362306a36Sopenharmony_ci#include <linux/fs.h>
1462306a36Sopenharmony_ci#include <linux/path.h>
1562306a36Sopenharmony_ci
1662306a36Sopenharmony_ci#include "domain.h"
1762306a36Sopenharmony_ci#include "policy.h"
1862306a36Sopenharmony_ci
1962306a36Sopenharmony_ci/* mount perms */
2062306a36Sopenharmony_ci#define AA_MAY_PIVOTROOT	0x01
2162306a36Sopenharmony_ci#define AA_MAY_MOUNT		0x02
2262306a36Sopenharmony_ci#define AA_MAY_UMOUNT		0x04
2362306a36Sopenharmony_ci#define AA_AUDIT_DATA		0x40
2462306a36Sopenharmony_ci#define AA_MNT_CONT_MATCH	0x40
2562306a36Sopenharmony_ci
2662306a36Sopenharmony_ci#define AA_MS_IGNORE_MASK (MS_KERNMOUNT | MS_NOSEC | MS_ACTIVE | MS_BORN)
2762306a36Sopenharmony_ci
2862306a36Sopenharmony_ciint aa_remount(const struct cred *subj_cred,
2962306a36Sopenharmony_ci	       struct aa_label *label, const struct path *path,
3062306a36Sopenharmony_ci	       unsigned long flags, void *data);
3162306a36Sopenharmony_ci
3262306a36Sopenharmony_ciint aa_bind_mount(const struct cred *subj_cred,
3362306a36Sopenharmony_ci		  struct aa_label *label, const struct path *path,
3462306a36Sopenharmony_ci		  const char *old_name, unsigned long flags);
3562306a36Sopenharmony_ci
3662306a36Sopenharmony_ci
3762306a36Sopenharmony_ciint aa_mount_change_type(const struct cred *subj_cred,
3862306a36Sopenharmony_ci			 struct aa_label *label, const struct path *path,
3962306a36Sopenharmony_ci			 unsigned long flags);
4062306a36Sopenharmony_ci
4162306a36Sopenharmony_ciint aa_move_mount_old(const struct cred *subj_cred,
4262306a36Sopenharmony_ci		      struct aa_label *label, const struct path *path,
4362306a36Sopenharmony_ci		      const char *old_name);
4462306a36Sopenharmony_ciint aa_move_mount(const struct cred *subj_cred,
4562306a36Sopenharmony_ci		  struct aa_label *label, const struct path *from_path,
4662306a36Sopenharmony_ci		  const struct path *to_path);
4762306a36Sopenharmony_ci
4862306a36Sopenharmony_ciint aa_new_mount(const struct cred *subj_cred,
4962306a36Sopenharmony_ci		 struct aa_label *label, const char *dev_name,
5062306a36Sopenharmony_ci		 const struct path *path, const char *type, unsigned long flags,
5162306a36Sopenharmony_ci		 void *data);
5262306a36Sopenharmony_ci
5362306a36Sopenharmony_ciint aa_umount(const struct cred *subj_cred,
5462306a36Sopenharmony_ci	      struct aa_label *label, struct vfsmount *mnt, int flags);
5562306a36Sopenharmony_ci
5662306a36Sopenharmony_ciint aa_pivotroot(const struct cred *subj_cred,
5762306a36Sopenharmony_ci		 struct aa_label *label, const struct path *old_path,
5862306a36Sopenharmony_ci		 const struct path *new_path);
5962306a36Sopenharmony_ci
6062306a36Sopenharmony_ci#endif /* __AA_MOUNT_H */
61