Linux/security/landlock/fs.h

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

1 /* SPDX-License-Identifier: GPL-2.0-only */ 1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 2 /* 3 * Landlock LSM - Filesystem management and ho 3 * Landlock LSM - Filesystem management and hooks 4 * 4 * 5 * Copyright © 2017-2020 Mickaël Salaün <mi 5 * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net> 6 * Copyright © 2018-2020 ANSSI 6 * Copyright © 2018-2020 ANSSI 7 */ 7 */ 8 8 9 #ifndef _SECURITY_LANDLOCK_FS_H 9 #ifndef _SECURITY_LANDLOCK_FS_H 10 #define _SECURITY_LANDLOCK_FS_H 10 #define _SECURITY_LANDLOCK_FS_H 11 11 12 #include <linux/fs.h> 12 #include <linux/fs.h> 13 #include <linux/init.h> 13 #include <linux/init.h> 14 #include <linux/rcupdate.h> 14 #include <linux/rcupdate.h> 15 15 16 #include "ruleset.h" 16 #include "ruleset.h" 17 #include "setup.h" 17 #include "setup.h" 18 18 19 /** 19 /** 20 * struct landlock_inode_security - Inode secu 20 * struct landlock_inode_security - Inode security blob 21 * 21 * 22 * Enable to reference a &struct landlock_obje 22 * Enable to reference a &struct landlock_object tied to an inode (i.e. 23 * underlying object). 23 * underlying object). 24 */ 24 */ 25 struct landlock_inode_security { 25 struct landlock_inode_security { 26 /** 26 /** 27 * @object: Weak pointer to an allocat 27 * @object: Weak pointer to an allocated object. All assignments of a 28 * new object are protected by the und 28 * new object are protected by the underlying inode->i_lock. However, 29 * atomically disassociating @object f 29 * atomically disassociating @object from the inode is only protected 30 * by @object->lock, from the time @ob 30 * by @object->lock, from the time @object's usage refcount drops to 31 * zero to the time this pointer is nu 31 * zero to the time this pointer is nulled out (cf. release_inode() and 32 * hook_sb_delete()). Indeed, such di 32 * hook_sb_delete()). Indeed, such disassociation doesn't require 33 * inode->i_lock thanks to the careful 33 * inode->i_lock thanks to the careful rcu_access_pointer() check 34 * performed by get_inode_object(). 34 * performed by get_inode_object(). 35 */ 35 */ 36 struct landlock_object __rcu *object; 36 struct landlock_object __rcu *object; 37 }; 37 }; 38 38 39 /** 39 /** 40 * struct landlock_file_security - File securi 40 * struct landlock_file_security - File security blob 41 * 41 * 42 * This information is populated when opening 42 * This information is populated when opening a file in hook_file_open, and 43 * tracks the relevant Landlock access rights 43 * tracks the relevant Landlock access rights that were available at the time 44 * of opening the file. Other LSM hooks use th 44 * of opening the file. Other LSM hooks use these rights in order to authorize 45 * operations on already opened files. 45 * operations on already opened files. 46 */ 46 */ 47 struct landlock_file_security { 47 struct landlock_file_security { 48 /** 48 /** 49 * @allowed_access: Access rights that 49 * @allowed_access: Access rights that were available at the time of 50 * opening the file. This is not neces 50 * opening the file. This is not necessarily the full set of access 51 * rights available at that time, but 51 * rights available at that time, but it's the necessary subset as 52 * needed to authorize later operation 52 * needed to authorize later operations on the open file. 53 */ 53 */ 54 access_mask_t allowed_access; 54 access_mask_t allowed_access; 55 /** 55 /** 56 * @fown_domain: Domain of the task th 56 * @fown_domain: Domain of the task that set the PID that may receive a 57 * signal e.g., SIGURG when writing MS 57 * signal e.g., SIGURG when writing MSG_OOB to the related socket. 58 * This pointer is protected by the re 58 * This pointer is protected by the related file->f_owner->lock, as for 59 * fown_struct's members: pid, uid, an 59 * fown_struct's members: pid, uid, and euid. 60 */ 60 */ 61 struct landlock_ruleset *fown_domain; 61 struct landlock_ruleset *fown_domain; 62 }; 62 }; 63 63 64 /** 64 /** 65 * struct landlock_superblock_security - Super 65 * struct landlock_superblock_security - Superblock security blob 66 * 66 * 67 * Enable hook_sb_delete() to wait for concurr 67 * Enable hook_sb_delete() to wait for concurrent calls to release_inode(). 68 */ 68 */ 69 struct landlock_superblock_security { 69 struct landlock_superblock_security { 70 /** 70 /** 71 * @inode_refs: Number of pending inod 71 * @inode_refs: Number of pending inodes (from this superblock) that 72 * are being released by release_inode 72 * are being released by release_inode(). 73 * Cf. struct super_block->s_fsnotify_ 73 * Cf. struct super_block->s_fsnotify_inode_refs . 74 */ 74 */ 75 atomic_long_t inode_refs; 75 atomic_long_t inode_refs; 76 }; 76 }; 77 77 78 static inline struct landlock_file_security * 78 static inline struct landlock_file_security * 79 landlock_file(const struct file *const file) 79 landlock_file(const struct file *const file) 80 { 80 { 81 return file->f_security + landlock_blo 81 return file->f_security + landlock_blob_sizes.lbs_file; 82 } 82 } 83 83 84 static inline struct landlock_inode_security * 84 static inline struct landlock_inode_security * 85 landlock_inode(const struct inode *const inode 85 landlock_inode(const struct inode *const inode) 86 { 86 { 87 return inode->i_security + landlock_bl 87 return inode->i_security + landlock_blob_sizes.lbs_inode; 88 } 88 } 89 89 90 static inline struct landlock_superblock_secur 90 static inline struct landlock_superblock_security * 91 landlock_superblock(const struct super_block * 91 landlock_superblock(const struct super_block *const superblock) 92 { 92 { 93 return superblock->s_security + landlo 93 return superblock->s_security + landlock_blob_sizes.lbs_superblock; 94 } 94 } 95 95 96 __init void landlock_add_fs_hooks(void); 96 __init void landlock_add_fs_hooks(void); 97 97 98 int landlock_append_fs_rule(struct landlock_ru 98 int landlock_append_fs_rule(struct landlock_ruleset *const ruleset, 99 const struct path 99 const struct path *const path, 100 access_mask_t acce 100 access_mask_t access_hierarchy); 101 101 102 #endif /* _SECURITY_LANDLOCK_FS_H */ 102 #endif /* _SECURITY_LANDLOCK_FS_H */ 103 103

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference
Linux/security/landlock/fs.h

Diff markup

Differences between /security/landlock/fs.h (Architecture m68k) and /security/landlock/fs.h (Architecture sparc)

TOMOYO Linux Cross Reference Linux/security/landlock/fs.h

Diff markup

Differences between /security/landlock/fs.h (Architecture m68k) and /security/landlock/fs.h (Architecture sparc)

TOMOYO Linux Cross Reference
Linux/security/landlock/fs.h