Provided by: libapparmor-dev_2.10.95-0ubuntu2.12_amd64 
NAME
aa_policy_cache - an opaque object representing an AppArmor policy cache
aa_policy_cache_new - create a new aa_policy_cache object from a path
aa_policy_cache_ref - increments the ref count of an aa_policy_cache object
aa_policy_cache_unref - decrements the ref count and frees the aa_policy_cache object when
0
aa_policy_cache_remove - removes all policy cache files under a path
aa_policy_cache_replace_all - performs a kernel policy replacement of all cached policies
SYNOPSIS
#include <sys/apparmor.h>
typedef struct aa_policy_cache aa_policy_cache;
int aa_policy_cache_new(aa_policy_cache **policy_cache, aa_features *kernel_features, int
dirfd, const char *path, uint16_t max_caches);
aa_policy_cache *aa_policy_cache_ref(aa_policy_cache *policy_cache);
void aa_policy_cache_unref(aa_policy_cache *policy_cache);
int aa_policy_cache_remove(int dirfd, const char *path);
int aa_policy_cache_replace_all(aa_policy_cache *policy_cache, aa_kernel_interface
*kernel_interface);
Link with -lapparmor when compiling.
DESCRIPTION
The aa_policy_cache object contains information about a set of AppArmor policy cache
files. The policy cache files are the binary representation of a human-readable AppArmor
profile. The binary representation is the form that is loaded into the kernel.
The aa_policy_cache_new() function creates an aa_policy_cache object based upon a
directory file descriptor and path. The path must point to a directory. See the openat(2)
man page for examples of dirfd and path. If kernel_features is NULL, then the features of
the current kernel are used. When specifying a valid kernel_features object, it must be
the compatible with the features of the kernel of interest. The value of max_caches should
be equal to the number of caches that should be allowed before old caches are
automatically reaped. The definition of what is considered to be an old cache is private
to libapparmor. Specifying 0 means that no new caches should be created and only existing,
valid caches may be used. Specifying UINT16_MAX means that a new cache may be created and
that the reaping of old caches is disabled. The allocated aa_policy_cache object must be
freed using aa_policy_cache_unref().
aa_policy_cache_ref() increments the reference count on the policy_cache object.
aa_policy_cache_unref() decrements the reference count on the policy_cache object and
releases all corresponding resources when the reference count reaches zero.
The aa_policy_cache_remove() function deletes all of the policy cache files based upon a
directory file descriptor and path. The path must point to a directory. See the openat(2)
man page for examples of dirfd and path.
The aa_policy_cache_replace_all() function can be used to perform a policy replacement of
all of the cache policies in the cache directory represented by the policy_cache object.
If kernel_interface is NULL, then the current kernel interface is used. When specifying a
valid kernel_interface object, it must be the interface of the currently running kernel.
RETURN VALUE
The aa_policy_cache_new() function returns 0 on success and *policy_cache will point to an
aa_policy_cache object that must be freed by aa_policy_cache_unref(). -1 is returned on
error, with errno set appropriately, and *policy_cache will be set to NULL.
aa_policy_cache_ref() returns the value of policy_cache.
aa_policy_cache_remove() and aa_policy_cache_replace_all() return 0 on success. -1 is
returned on error, with errno set appropriately.
ERRORS
The errno value will be set according to the underlying error in the aa_policy_cache
family of functions that return -1 on error.
NOTES
All aa_policy_cache functions described above are present in libapparmor version 2.10 and
newer.
BUGS
None known. If you find any, please report them at
<https://bugs.launchpad.net/apparmor/+filebug>.
SEE ALSO
aa_features(3), aa_kernel_interface(3), openat(2) and <http://wiki.apparmor.net>.