~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/safesetid/lsm.h

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/safesetid/lsm.h (Version linux-6.12-rc7) and /security/safesetid/lsm.h (Version linux-5.9.16)

  1 /* SPDX-License-Identifier: GPL-2.0 */              1 /* SPDX-License-Identifier: GPL-2.0 */
  2 /*                                                  2 /*
  3  * SafeSetID Linux Security Module                  3  * SafeSetID Linux Security Module
  4  *                                                  4  *
  5  * Author: Micah Morton <mortonm@chromium.org>      5  * Author: Micah Morton <mortonm@chromium.org>
  6  *                                                  6  *
  7  * Copyright (C) 2018 The Chromium OS Authors.      7  * Copyright (C) 2018 The Chromium OS Authors.
  8  *                                                  8  *
  9  * This program is free software; you can redi      9  * This program is free software; you can redistribute it and/or modify
 10  * it under the terms of the GNU General Publi     10  * it under the terms of the GNU General Public License version 2, as
 11  * published by the Free Software Foundation.      11  * published by the Free Software Foundation.
 12  *                                                 12  *
 13  */                                                13  */
 14 #ifndef _SAFESETID_H                               14 #ifndef _SAFESETID_H
 15 #define _SAFESETID_H                               15 #define _SAFESETID_H
 16                                                    16 
 17 #include <linux/types.h>                           17 #include <linux/types.h>
 18 #include <linux/uidgid.h>                          18 #include <linux/uidgid.h>
 19 #include <linux/hashtable.h>                       19 #include <linux/hashtable.h>
 20                                                    20 
 21 /* Flag indicating whether initialization comp     21 /* Flag indicating whether initialization completed */
 22 extern int safesetid_initialized __initdata;   !!  22 extern int safesetid_initialized;
 23                                                    23 
 24 enum sid_policy_type {                             24 enum sid_policy_type {
 25         SIDPOL_DEFAULT, /* source ID is unaffe     25         SIDPOL_DEFAULT, /* source ID is unaffected by policy */
 26         SIDPOL_CONSTRAINED, /* source ID is af     26         SIDPOL_CONSTRAINED, /* source ID is affected by policy */
 27         SIDPOL_ALLOWED /* target ID explicitly     27         SIDPOL_ALLOWED /* target ID explicitly allowed */
 28 };                                                 28 };
 29                                                    29 
 30 typedef union {                                << 
 31         kuid_t uid;                            << 
 32         kgid_t gid;                            << 
 33 } kid_t;                                       << 
 34                                                << 
 35 enum setid_type {                              << 
 36         UID,                                   << 
 37         GID                                    << 
 38 };                                             << 
 39                                                << 
 40 /*                                                 30 /*
 41  * Hash table entry to store safesetid policy  !!  31  * Hash table entry to store safesetid policy signifying that 'src_uid'
 42  * can set*id to 'dst_id'.                     !!  32  * can setuid to 'dst_uid'.
 43  */                                                33  */
 44 struct setid_rule {                            !!  34 struct setuid_rule {
 45         struct hlist_node next;                    35         struct hlist_node next;
 46         kid_t src_id;                          !!  36         kuid_t src_uid;
 47         kid_t dst_id;                          !!  37         kuid_t dst_uid;
 48                                                << 
 49         /* Flag to signal if rule is for UID's << 
 50         enum setid_type type;                  << 
 51 };                                                 38 };
 52                                                    39 
 53 #define SETID_HASH_BITS 8 /* 256 buckets in ha     40 #define SETID_HASH_BITS 8 /* 256 buckets in hash table */
 54                                                    41 
 55 /* Extension of INVALID_UID/INVALID_GID for ki !!  42 struct setuid_ruleset {
 56 #define INVALID_ID (kid_t){.uid = INVALID_UID} << 
 57                                                << 
 58 struct setid_ruleset {                         << 
 59         DECLARE_HASHTABLE(rules, SETID_HASH_BI     43         DECLARE_HASHTABLE(rules, SETID_HASH_BITS);
 60         char *policy_str;                          44         char *policy_str;
 61         struct rcu_head rcu;                       45         struct rcu_head rcu;
 62                                                << 
 63         //Flag to signal if ruleset is for UID << 
 64         enum setid_type type;                  << 
 65 };                                                 46 };
 66                                                    47 
 67 enum sid_policy_type _setid_policy_lookup(stru !!  48 enum sid_policy_type _setuid_policy_lookup(struct setuid_ruleset *policy,
 68                 kid_t src, kid_t dst);         !!  49                 kuid_t src, kuid_t dst);
 69                                                    50 
 70 extern struct setid_ruleset __rcu *safesetid_s !!  51 extern struct setuid_ruleset __rcu *safesetid_setuid_rules;
 71 extern struct setid_ruleset __rcu *safesetid_s << 
 72                                                    52 
 73 #endif /* _SAFESETID_H */                          53 #endif /* _SAFESETID_H */
 74                                                    54
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php