apparmor: move file context into file.h

Signed-off-by: John Johansen <john.johansen@canonical.com>

1 files changed, 32 insertions, 0 deletions

diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h
index 38f821bf49b6..eba39cb25f02 100644
--- a/security/apparmor/include/file.h
+++ b/security/apparmor/include/file.h
@@ -47,6 +47,38 @@ struct path;
 				 AA_MAY_CHMOD | AA_MAY_CHOWN | AA_MAY_LOCK | \
 				 AA_EXEC_MMAP | AA_MAY_LINK)
 
+/* struct aa_file_ctx - the AppArmor context the file was opened in
+ * @perms: the permission the file was opened with
+ *
+ * The file_ctx could currently be directly stored in file->f_security
+ * as the profile reference is now stored in the f_cred.  However the
+ * ctx struct will expand in the future so we keep the struct.
+ */
+struct aa_file_ctx {
+	u16 allow;
+};
+
+/**
+ * aa_alloc_file_context - allocate file_ctx
+ * @gfp: gfp flags for allocation
+ *
+ * Returns: file_ctx or NULL on failure
+ */
+static inline struct aa_file_ctx *aa_alloc_file_context(gfp_t gfp)
+{
+	return kzalloc(sizeof(struct aa_file_ctx), gfp);
+}
+
+/**
+ * aa_free_file_context - free a file_ctx
+ * @ctx: file_ctx to free  (MAYBE_NULL)
+ */
+static inline void aa_free_file_context(struct aa_file_ctx *ctx)
+{
+	if (ctx)
+		kzfree(ctx);
+}
+
 /*
  * The xindex is broken into 3 parts
  * - index - an index into either the exec name table or the variable table