~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/landlock/fs.h

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/landlock/fs.h (Version linux-6.12-rc7) and /security/landlock/fs.h (Version linux-5.17.15)

  1 /* SPDX-License-Identifier: GPL-2.0-only */         1 /* SPDX-License-Identifier: GPL-2.0-only */
  2 /*                                                  2 /*
  3  * Landlock LSM - Filesystem management and ho      3  * Landlock LSM - Filesystem management and hooks
  4  *                                                  4  *
  5  * Copyright © 2017-2020 Mickaël Salaün <mi      5  * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net>
  6  * Copyright © 2018-2020 ANSSI                     6  * Copyright © 2018-2020 ANSSI
  7  */                                                 7  */
  8                                                     8 
  9 #ifndef _SECURITY_LANDLOCK_FS_H                     9 #ifndef _SECURITY_LANDLOCK_FS_H
 10 #define _SECURITY_LANDLOCK_FS_H                    10 #define _SECURITY_LANDLOCK_FS_H
 11                                                    11 
 12 #include <linux/fs.h>                              12 #include <linux/fs.h>
 13 #include <linux/init.h>                            13 #include <linux/init.h>
 14 #include <linux/rcupdate.h>                        14 #include <linux/rcupdate.h>
 15                                                    15 
 16 #include "ruleset.h"                               16 #include "ruleset.h"
 17 #include "setup.h"                                 17 #include "setup.h"
 18                                                    18 
 19 /**                                                19 /**
 20  * struct landlock_inode_security - Inode secu     20  * struct landlock_inode_security - Inode security blob
 21  *                                                 21  *
 22  * Enable to reference a &struct landlock_obje     22  * Enable to reference a &struct landlock_object tied to an inode (i.e.
 23  * underlying object).                             23  * underlying object).
 24  */                                                24  */
 25 struct landlock_inode_security {                   25 struct landlock_inode_security {
 26         /**                                        26         /**
 27          * @object: Weak pointer to an allocat     27          * @object: Weak pointer to an allocated object.  All assignments of a
 28          * new object are protected by the und     28          * new object are protected by the underlying inode->i_lock.  However,
 29          * atomically disassociating @object f     29          * atomically disassociating @object from the inode is only protected
 30          * by @object->lock, from the time @ob     30          * by @object->lock, from the time @object's usage refcount drops to
 31          * zero to the time this pointer is nu     31          * zero to the time this pointer is nulled out (cf. release_inode() and
 32          * hook_sb_delete()).  Indeed, such di     32          * hook_sb_delete()).  Indeed, such disassociation doesn't require
 33          * inode->i_lock thanks to the careful     33          * inode->i_lock thanks to the careful rcu_access_pointer() check
 34          * performed by get_inode_object().        34          * performed by get_inode_object().
 35          */                                        35          */
 36         struct landlock_object __rcu *object;      36         struct landlock_object __rcu *object;
 37 };                                                 37 };
 38                                                    38 
 39 /**                                                39 /**
 40  * struct landlock_file_security - File securi << 
 41  *                                             << 
 42  * This information is populated when opening  << 
 43  * tracks the relevant Landlock access rights  << 
 44  * of opening the file. Other LSM hooks use th << 
 45  * operations on already opened files.         << 
 46  */                                            << 
 47 struct landlock_file_security {                << 
 48         /**                                    << 
 49          * @allowed_access: Access rights that << 
 50          * opening the file. This is not neces << 
 51          * rights available at that time, but  << 
 52          * needed to authorize later operation << 
 53          */                                    << 
 54         access_mask_t allowed_access;          << 
 55         /**                                    << 
 56          * @fown_domain: Domain of the task th << 
 57          * signal e.g., SIGURG when writing MS << 
 58          * This pointer is protected by the re << 
 59          * fown_struct's members: pid, uid, an << 
 60          */                                    << 
 61         struct landlock_ruleset *fown_domain;  << 
 62 };                                             << 
 63                                                << 
 64 /**                                            << 
 65  * struct landlock_superblock_security - Super     40  * struct landlock_superblock_security - Superblock security blob
 66  *                                                 41  *
 67  * Enable hook_sb_delete() to wait for concurr     42  * Enable hook_sb_delete() to wait for concurrent calls to release_inode().
 68  */                                                43  */
 69 struct landlock_superblock_security {              44 struct landlock_superblock_security {
 70         /**                                        45         /**
 71          * @inode_refs: Number of pending inod     46          * @inode_refs: Number of pending inodes (from this superblock) that
 72          * are being released by release_inode     47          * are being released by release_inode().
 73          * Cf. struct super_block->s_fsnotify_     48          * Cf. struct super_block->s_fsnotify_inode_refs .
 74          */                                        49          */
 75         atomic_long_t inode_refs;                  50         atomic_long_t inode_refs;
 76 };                                                 51 };
 77                                                << 
 78 static inline struct landlock_file_security *  << 
 79 landlock_file(const struct file *const file)   << 
 80 {                                              << 
 81         return file->f_security + landlock_blo << 
 82 }                                              << 
 83                                                    52 
 84 static inline struct landlock_inode_security *     53 static inline struct landlock_inode_security *
 85 landlock_inode(const struct inode *const inode     54 landlock_inode(const struct inode *const inode)
 86 {                                                  55 {
 87         return inode->i_security + landlock_bl     56         return inode->i_security + landlock_blob_sizes.lbs_inode;
 88 }                                                  57 }
 89                                                    58 
 90 static inline struct landlock_superblock_secur     59 static inline struct landlock_superblock_security *
 91 landlock_superblock(const struct super_block *     60 landlock_superblock(const struct super_block *const superblock)
 92 {                                                  61 {
 93         return superblock->s_security + landlo     62         return superblock->s_security + landlock_blob_sizes.lbs_superblock;
 94 }                                                  63 }
 95                                                    64 
 96 __init void landlock_add_fs_hooks(void);           65 __init void landlock_add_fs_hooks(void);
 97                                                    66 
 98 int landlock_append_fs_rule(struct landlock_ru     67 int landlock_append_fs_rule(struct landlock_ruleset *const ruleset,
 99                             const struct path      68                             const struct path *const path,
100                             access_mask_t acce     69                             access_mask_t access_hierarchy);
101                                                    70 
102 #endif /* _SECURITY_LANDLOCK_FS_H */               71 #endif /* _SECURITY_LANDLOCK_FS_H */
103                                                    72
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php