~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/safesetid/lsm.h

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /* SPDX-License-Identifier: GPL-2.0 */
  2 /*
  3  * SafeSetID Linux Security Module
  4  *
  5  * Author: Micah Morton <mortonm@chromium.org>
  6  *
  7  * Copyright (C) 2018 The Chromium OS Authors.
  8  *
  9  * This program is free software; you can redistribute it and/or modify
 10  * it under the terms of the GNU General Public License version 2, as
 11  * published by the Free Software Foundation.
 12  *
 13  */
 14 #ifndef _SAFESETID_H
 15 #define _SAFESETID_H
 16 
 17 #include <linux/types.h>
 18 #include <linux/uidgid.h>
 19 #include <linux/hashtable.h>
 20 
 21 /* Flag indicating whether initialization completed */
 22 extern int safesetid_initialized __initdata;
 23 
 24 enum sid_policy_type {
 25         SIDPOL_DEFAULT, /* source ID is unaffected by policy */
 26         SIDPOL_CONSTRAINED, /* source ID is affected by policy */
 27         SIDPOL_ALLOWED /* target ID explicitly allowed */
 28 };
 29 
 30 typedef union {
 31         kuid_t uid;
 32         kgid_t gid;
 33 } kid_t;
 34 
 35 enum setid_type {
 36         UID,
 37         GID
 38 };
 39 
 40 /*
 41  * Hash table entry to store safesetid policy signifying that 'src_id'
 42  * can set*id to 'dst_id'.
 43  */
 44 struct setid_rule {
 45         struct hlist_node next;
 46         kid_t src_id;
 47         kid_t dst_id;
 48 
 49         /* Flag to signal if rule is for UID's or GID's */
 50         enum setid_type type;
 51 };
 52 
 53 #define SETID_HASH_BITS 8 /* 256 buckets in hash table */
 54 
 55 /* Extension of INVALID_UID/INVALID_GID for kid_t type */
 56 #define INVALID_ID (kid_t){.uid = INVALID_UID}
 57 
 58 struct setid_ruleset {
 59         DECLARE_HASHTABLE(rules, SETID_HASH_BITS);
 60         char *policy_str;
 61         struct rcu_head rcu;
 62 
 63         //Flag to signal if ruleset is for UID's or GID's
 64         enum setid_type type;
 65 };
 66 
 67 enum sid_policy_type _setid_policy_lookup(struct setid_ruleset *policy,
 68                 kid_t src, kid_t dst);
 69 
 70 extern struct setid_ruleset __rcu *safesetid_setuid_rules;
 71 extern struct setid_ruleset __rcu *safesetid_setgid_rules;
 72 
 73 #endif /* _SAFESETID_H */
 74 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php