apparmor: provide base for multiple profiles to be replaced at once

previously profiles had to be loaded one at a time, which could result in cases where a replacement of a set would partially succeed, and then fail resulting in inconsistent policy. Allow multiple profiles to replaced "atomically" so that the replacement either succeeds or fails for the entire set of profiles. Signed-off-by: John Johansen <john.johansen@canonical.com>
author: John Johansen <john.johansen@canonical.com> 2013-07-10 21:05:43 -0700
committer: John Johansen <john.johansen@canonical.com> 2013-08-14 11:42:06 -0700
commit: dd51c84857630e77c139afe4d9bba65fc051dc3f (patch)
tree: 2dbfb9435feadac6123600aef75004ee2197f6af /security/apparmor/include
parent: 9d910a3bc01008d432b3bb79a69e7e3cdb4821b2 (diff)
1 files changed, 13 insertions, 1 deletions
diff --git a/security/apparmor/include/policy_unpack.h b/security/apparmor/include/policy_unpack.h
index a2dcccac45aa..0d7ad722b8ff 100644
--- a/security/apparmor/include/policy_unpack.h
+++ b/security/apparmor/include/policy_unpack.h
@@ -15,6 +15,18 @@
 #ifndef __POLICY_INTERFACE_H
 #define __POLICY_INTERFACE_H
 
-struct aa_profile *aa_unpack(void *udata, size_t size, const char **ns);
+#include <linux/list.h>
+
+struct aa_load_ent {
+	struct list_head list;
+	struct aa_profile *new;
+	struct aa_profile *old;
+	struct aa_profile *rename;
+};
+
+void aa_load_ent_free(struct aa_load_ent *ent);
+struct aa_load_ent *aa_load_ent_alloc(void);
+
+int aa_unpack(void *udata, size_t size, struct list_head *lh, const char **ns);
 
 #endif /* __POLICY_INTERFACE_H */
author	John Johansen <john.johansen@canonical.com>	2013-07-10 21:05:43 -0700
committer	John Johansen <john.johansen@canonical.com>	2013-08-14 11:42:06 -0700
commit	dd51c84857630e77c139afe4d9bba65fc051dc3f (patch)
tree	2dbfb9435feadac6123600aef75004ee2197f6af /security/apparmor/include
parent	9d910a3bc01008d432b3bb79a69e7e3cdb4821b2 (diff)