~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/safesetid/lsm.h

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/safesetid/lsm.h (Version linux-6.12-rc7) and /security/safesetid/lsm.h (Version linux-6.2.16)

  1 /* SPDX-License-Identifier: GPL-2.0 */              1 /* SPDX-License-Identifier: GPL-2.0 */
  2 /*                                                  2 /*
  3  * SafeSetID Linux Security Module                  3  * SafeSetID Linux Security Module
  4  *                                                  4  *
  5  * Author: Micah Morton <mortonm@chromium.org>      5  * Author: Micah Morton <mortonm@chromium.org>
  6  *                                                  6  *
  7  * Copyright (C) 2018 The Chromium OS Authors.      7  * Copyright (C) 2018 The Chromium OS Authors.
  8  *                                                  8  *
  9  * This program is free software; you can redi      9  * This program is free software; you can redistribute it and/or modify
 10  * it under the terms of the GNU General Publi     10  * it under the terms of the GNU General Public License version 2, as
 11  * published by the Free Software Foundation.      11  * published by the Free Software Foundation.
 12  *                                                 12  *
 13  */                                                13  */
 14 #ifndef _SAFESETID_H                               14 #ifndef _SAFESETID_H
 15 #define _SAFESETID_H                               15 #define _SAFESETID_H
 16                                                    16 
 17 #include <linux/types.h>                           17 #include <linux/types.h>
 18 #include <linux/uidgid.h>                          18 #include <linux/uidgid.h>
 19 #include <linux/hashtable.h>                       19 #include <linux/hashtable.h>
 20                                                    20 
 21 /* Flag indicating whether initialization comp     21 /* Flag indicating whether initialization completed */
 22 extern int safesetid_initialized __initdata;       22 extern int safesetid_initialized __initdata;
 23                                                    23 
 24 enum sid_policy_type {                             24 enum sid_policy_type {
 25         SIDPOL_DEFAULT, /* source ID is unaffe     25         SIDPOL_DEFAULT, /* source ID is unaffected by policy */
 26         SIDPOL_CONSTRAINED, /* source ID is af     26         SIDPOL_CONSTRAINED, /* source ID is affected by policy */
 27         SIDPOL_ALLOWED /* target ID explicitly     27         SIDPOL_ALLOWED /* target ID explicitly allowed */
 28 };                                                 28 };
 29                                                    29 
 30 typedef union {                                    30 typedef union {
 31         kuid_t uid;                                31         kuid_t uid;
 32         kgid_t gid;                                32         kgid_t gid;
 33 } kid_t;                                           33 } kid_t;
 34                                                    34 
 35 enum setid_type {                                  35 enum setid_type {
 36         UID,                                       36         UID,
 37         GID                                        37         GID
 38 };                                                 38 };
 39                                                    39 
 40 /*                                                 40 /*
 41  * Hash table entry to store safesetid policy      41  * Hash table entry to store safesetid policy signifying that 'src_id'
 42  * can set*id to 'dst_id'.                         42  * can set*id to 'dst_id'.
 43  */                                                43  */
 44 struct setid_rule {                                44 struct setid_rule {
 45         struct hlist_node next;                    45         struct hlist_node next;
 46         kid_t src_id;                              46         kid_t src_id;
 47         kid_t dst_id;                              47         kid_t dst_id;
 48                                                    48 
 49         /* Flag to signal if rule is for UID's     49         /* Flag to signal if rule is for UID's or GID's */
 50         enum setid_type type;                      50         enum setid_type type;
 51 };                                                 51 };
 52                                                    52 
 53 #define SETID_HASH_BITS 8 /* 256 buckets in ha     53 #define SETID_HASH_BITS 8 /* 256 buckets in hash table */
 54                                                    54 
 55 /* Extension of INVALID_UID/INVALID_GID for ki     55 /* Extension of INVALID_UID/INVALID_GID for kid_t type */
 56 #define INVALID_ID (kid_t){.uid = INVALID_UID}     56 #define INVALID_ID (kid_t){.uid = INVALID_UID}
 57                                                    57 
 58 struct setid_ruleset {                             58 struct setid_ruleset {
 59         DECLARE_HASHTABLE(rules, SETID_HASH_BI     59         DECLARE_HASHTABLE(rules, SETID_HASH_BITS);
 60         char *policy_str;                          60         char *policy_str;
 61         struct rcu_head rcu;                       61         struct rcu_head rcu;
 62                                                    62 
 63         //Flag to signal if ruleset is for UID     63         //Flag to signal if ruleset is for UID's or GID's
 64         enum setid_type type;                      64         enum setid_type type;
 65 };                                                 65 };
 66                                                    66 
 67 enum sid_policy_type _setid_policy_lookup(stru     67 enum sid_policy_type _setid_policy_lookup(struct setid_ruleset *policy,
 68                 kid_t src, kid_t dst);             68                 kid_t src, kid_t dst);
 69                                                    69 
 70 extern struct setid_ruleset __rcu *safesetid_s     70 extern struct setid_ruleset __rcu *safesetid_setuid_rules;
 71 extern struct setid_ruleset __rcu *safesetid_s     71 extern struct setid_ruleset __rcu *safesetid_setgid_rules;
 72                                                    72 
 73 #endif /* _SAFESETID_H */                          73 #endif /* _SAFESETID_H */
 74                                                    74
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php