.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "aa_kernel_interface 3" .TH aa_kernel_interface 3 "2019-03-30" "AppArmor 2.13.2" "AppArmor" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" aa_kernel_interface \- an opaque object representing the AppArmor kernel interface for policy loading, replacing, and removing .PP aa_kernel_interface_new \- create a new aa_kernel_interface object from an optional path .PP aa_kernel_interface_ref \- increments the ref count of an aa_kernel_interface object .PP aa_kernel_interface_unref \- decrements the ref count and frees the aa_kernel_interface object when 0 .PP aa_kernel_interface_load_policy \- load a policy from a buffer into the kernel .PP aa_kernel_interface_load_policy_from_file \- load a policy from a file into the kernel .PP aa_kernel_interface_load_policy_from_fd \- load a policy from a file descriptor into the kernel .PP aa_kernel_interface_replace_policy \- replace a policy in the kernel with a policy from a buffer .PP aa_kernel_interface_replace_policy_from_file \- replace a policy in the kernel with a policy from a file .PP aa_kernel_interface_replace_policy_from_fd \- replace a policy in the kernel with a policy from a file descriptor .PP aa_kernel_interface_remove_policy \- remove a policy from the kernel .PP aa_kernel_interface_write_policy \- write a policy to a file descriptor .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fB#include \fR .PP \&\fBtypedef struct aa_kernel_interface aa_kernel_interface;\fR .PP \&\fBint aa_kernel_interface_new(aa_kernel_interface **kernel_interface, aa_features *kernel_features, const char *apparmorfs);\fR .PP \&\fBaa_kernel_interface *aa_kernel_interface_ref(aa_kernel_interface *kernel_interface);\fR .PP \&\fBvoid aa_kernel_interface_unref(aa_kernel_interface *kernel_interface);\fR .PP \&\fBint aa_kernel_interface_load_policy(aa_kernel_interface *kernel_interface, const char *buffer, size_t size);\fR .PP \&\fBint aa_kernel_interface_load_policy_from_file(aa_kernel_interface *kernel_interface, int dirfd, const char *path);\fR .PP \&\fBint aa_kernel_interface_load_policy_from_fd(aa_kernel_interface *kernel_interface, int fd);\fR .PP \&\fBint aa_kernel_interface_replace_policy(aa_kernel_interface *kernel_interface, const char *buffer, size_t size);\fR .PP \&\fBint aa_kernel_interface_replace_policy_from_file(aa_kernel_interface *kernel_interface, int dirfd, const char *path);\fR .PP \&\fBint aa_kernel_interface_replace_policy_from_fd(aa_kernel_interface *kernel_interface, int fd);\fR .PP \&\fBint aa_kernel_interface_remove_policy(aa_kernel_interface *kernel_interface, const char *fqname);\fR .PP \&\fBint aa_kernel_interface_write_policy(int fd, const char *buffer, size_t size);\fR .PP Link with \fB\-lapparmor\fR when compiling. .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fIaa_kernel_interface\fR object contains information about the AppArmor kernel interface for policy loading, replacing, and removing. .PP The \fBaa_kernel_interface_new()\fR function creates an \fIaa_kernel_interface\fR object based on an optional \fIaa_features\fR object and an optional path to the apparmor directory of securityfs, which is typically found at \&\*(L"/sys/kernel/security/apparmor/\*(R". If \fIkernel_features\fR is \s-1NULL,\s0 then the features of the current kernel are used. When specifying a valid \&\fIkernel_features\fR object, it must be compatible with the features of the currently running kernel. If \fIapparmorfs\fR is \s-1NULL,\s0 then the default location is used. The allocated \fIkernel_interface\fR object must be freed using \&\fBaa_kernel_interface_unref()\fR. .PP \&\fBaa_kernel_interface_ref()\fR increments the reference count on the \&\fIkernel_interface\fR object. .PP \&\fBaa_kernel_interface_unref()\fR decrements the reference count on the \&\fIkernel_interface\fR object and releases all corresponding resources when the reference count reaches zero. .PP The \fBaa_kernel_interface_load()\fR family of functions load a policy into the kernel. The operation will fail if a policy of the same name is already loaded. Use the \fBaa_kernel_interface_replace()\fR family of functions if you wish to replace a previously loaded policy with a new policy of the same name. The \&\fBaa_kernel_interface_replace()\fR functions can also be used to load a policy that does not correspond to a previously loaded policy. .PP When loading or replacing from a buffer, the \fIbuffer\fR will contain binary data. The \fIsize\fR argument must specify the size of the \fIbuffer\fR argument. .PP When loading or replacing from a file, the \fIdirfd\fR and \fIpath\fR combination are used to specify the location of the file. See the \fBopenat\fR\|(2) man page for examples of \fIdirfd\fR and \fIpath\fR. .PP It is also possible to load or replace from a file descriptor specified by the \&\fIfd\fR argument. The file must be open for reading and the file offset must be set appropriately. .PP The \fBaa_kernel_interface_remove_policy()\fR function can be used to unload a previously loaded policy. The fully qualified policy name must be specified with the \fIfqname\fR argument. The operation will fail if a policy matching \&\fIfqname\fR is not found. .PP The \fBaa_kernel_interface_write_policy()\fR function allows for a policy, which is stored in \fIbuffer\fR and consists of \fIsize\fR bytes, to be written to a file descriptor. The \fIfd\fR must be open for writing and the file offset must be set appropriately. .SH "RETURN VALUE" .IX Header "RETURN VALUE" The \fBaa_kernel_interface_new()\fR function returns 0 on success and \&\fI*kernel_interface\fR will point to an \fIaa_kernel_interface\fR object that must be freed by \fBaa_kernel_interface_unref()\fR. \-1 is returned on error, with errno set appropriately, and \fI*kernel_interface\fR will be set to \s-1NULL.\s0 .PP \&\fBaa_kernel_interface_ref()\fR returns the value of \fIkernel_interface\fR. .PP The \fBaa_kernel_interface_load()\fR family of functions, the \&\fBaa_kernel_interface_replace()\fR family of functions, \&\fBaa_kernel_interface_remove()\fR, and \fBaa_kernel_interface_write_policy()\fR return 0 on success. \-1 is returned on error, with errno set appropriately. .SH "ERRORS" .IX Header "ERRORS" The errno value will be set according to the underlying error in the \&\fIaa_kernel_interface\fR family of functions that return \-1 on error. .SH "NOTES" .IX Header "NOTES" All aa_kernel_interface functions described above are present in libapparmor version 2.10 and newer. .PP \&\fBaa_kernel_interface_unref()\fR saves the value of errno when called and restores errno before exiting in libapparmor version 2.12 and newer. .SH "BUGS" .IX Header "BUGS" None known. If you find any, please report them at . .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBaa_features\fR\|(3), \fBopenat\fR\|(2) and .