~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/include/linux/lsm_hooks.h

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~ 
  1 /*
  2  * Linux Security Module interfaces
  3  *
  4  * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
  5  * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
  6  * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
  7  * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
  8  * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
  9  * Copyright (C) 2015 Intel Corporation.
 10  * Copyright (C) 2015 Casey Schaufler <casey@schaufler-ca.com>
 11  * Copyright (C) 2016 Mellanox Techonologies
 12  *
 13  *      This program is free software; you can redistribute it and/or modify
 14  *      it under the terms of the GNU General Public License as published by
 15  *      the Free Software Foundation; either version 2 of the License, or
 16  *      (at your option) any later version.
 17  *
 18  *      Due to this file being licensed under the GPL there is controversy over
 19  *      whether this permits you to write a module that #includes this file
 20  *      without placing your module under the GPL.  Please consult a lawyer for
 21  *      advice before doing this.
 22  *
 23  */
 24 
 25 #ifndef __LINUX_LSM_HOOKS_H
 26 #define __LINUX_LSM_HOOKS_H
 27 
 28 #include <uapi/linux/lsm.h>
 29 #include <linux/security.h>
 30 #include <linux/init.h>
 31 #include <linux/rculist.h>
 32 #include <linux/xattr.h>
 33 
 34 union security_list_options {
 35         #define LSM_HOOK(RET, DEFAULT, NAME, ...) RET (*NAME)(__VA_ARGS__);
 36         #include "lsm_hook_defs.h"
 37         #undef LSM_HOOK
 38 };
 39 
 40 struct security_hook_heads {
 41         #define LSM_HOOK(RET, DEFAULT, NAME, ...) struct hlist_head NAME;
 42         #include "lsm_hook_defs.h"
 43         #undef LSM_HOOK
 44 } __randomize_layout;
 45 
 46 /**
 47  * struct lsm_id - Identify a Linux Security Module.
 48  * @lsm: name of the LSM, must be approved by the LSM maintainers
 49  * @id: LSM ID number from uapi/linux/lsm.h
 50  *
 51  * Contains the information that identifies the LSM.
 52  */
 53 struct lsm_id {
 54         const char      *name;
 55         u64             id;
 56 };
 57 
 58 /*
 59  * Security module hook list structure.
 60  * For use with generic list macros for common operations.
 61  */
 62 struct security_hook_list {
 63         struct hlist_node               list;
 64         struct hlist_head               *head;
 65         union security_list_options     hook;
 66         const struct lsm_id             *lsmid;
 67 } __randomize_layout;
 68 
 69 /*
 70  * Security blob size or offset data.
 71  */
 72 struct lsm_blob_sizes {
 73         int     lbs_cred;
 74         int     lbs_file;
 75         int     lbs_inode;
 76         int     lbs_sock;
 77         int     lbs_superblock;
 78         int     lbs_ipc;
 79         int     lbs_msg_msg;
 80         int     lbs_task;
 81         int     lbs_xattr_count; /* number of xattr slots in new_xattrs array */
 82 };
 83 
 84 /**
 85  * lsm_get_xattr_slot - Return the next available slot and increment the index
 86  * @xattrs: array storing LSM-provided xattrs
 87  * @xattr_count: number of already stored xattrs (updated)
 88  *
 89  * Retrieve the first available slot in the @xattrs array to fill with an xattr,
 90  * and increment @xattr_count.
 91  *
 92  * Return: The slot to fill in @xattrs if non-NULL, NULL otherwise.
 93  */
 94 static inline struct xattr *lsm_get_xattr_slot(struct xattr *xattrs,
 95                                                int *xattr_count)
 96 {
 97         if (unlikely(!xattrs))
 98                 return NULL;
 99         return &xattrs[(*xattr_count)++];
100 }
101 
102 /*
103  * LSM_RET_VOID is used as the default value in LSM_HOOK definitions for void
104  * LSM hooks (in include/linux/lsm_hook_defs.h).
105  */
106 #define LSM_RET_VOID ((void) 0)
107 
108 /*
109  * Initializing a security_hook_list structure takes
110  * up a lot of space in a source file. This macro takes
111  * care of the common case and reduces the amount of
112  * text involved.
113  */
114 #define LSM_HOOK_INIT(HEAD, HOOK) \
115         { .head = &security_hook_heads.HEAD, .hook = { .HEAD = HOOK } }
116 
117 extern struct security_hook_heads security_hook_heads;
118 extern char *lsm_names;
119 
120 extern void security_add_hooks(struct security_hook_list *hooks, int count,
121                                const struct lsm_id *lsmid);
122 
123 #define LSM_FLAG_LEGACY_MAJOR   BIT(0)
124 #define LSM_FLAG_EXCLUSIVE      BIT(1)
125 
126 enum lsm_order {
127         LSM_ORDER_FIRST = -1,   /* This is only for capabilities. */
128         LSM_ORDER_MUTABLE = 0,
129         LSM_ORDER_LAST = 1,     /* This is only for integrity. */
130 };
131 
132 struct lsm_info {
133         const char *name;       /* Required. */
134         enum lsm_order order;   /* Optional: default is LSM_ORDER_MUTABLE */
135         unsigned long flags;    /* Optional: flags describing LSM */
136         int *enabled;           /* Optional: controlled by CONFIG_LSM */
137         int (*init)(void);      /* Required. */
138         struct lsm_blob_sizes *blobs; /* Optional: for blob sharing. */
139 };
140 
141 extern struct lsm_info __start_lsm_info[], __end_lsm_info[];
142 extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
143 
144 #define DEFINE_LSM(lsm)                                                 \
145         static struct lsm_info __lsm_##lsm                              \
146                 __used __section(".lsm_info.init")                      \
147                 __aligned(sizeof(unsigned long))
148 
149 #define DEFINE_EARLY_LSM(lsm)                                           \
150         static struct lsm_info __early_lsm_##lsm                        \
151                 __used __section(".early_lsm_info.init")                \
152                 __aligned(sizeof(unsigned long))
153 
154 extern int lsm_inode_alloc(struct inode *inode);
155 
156 #endif /* ! __LINUX_LSM_HOOKS_H */
157
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php