1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
---|---|
2 | /* |
3 | * Landlock LSM - Credential hooks |
4 | * |
5 | * Copyright © 2019-2020 Mickaël Salaün <mic@digikod.net> |
6 | * Copyright © 2019-2020 ANSSI |
7 | */ |
8 | |
9 | #ifndef _SECURITY_LANDLOCK_CRED_H |
10 | #define _SECURITY_LANDLOCK_CRED_H |
11 | |
12 | #include <linux/cred.h> |
13 | #include <linux/init.h> |
14 | #include <linux/rcupdate.h> |
15 | |
16 | #include "ruleset.h" |
17 | #include "setup.h" |
18 | |
19 | struct landlock_cred_security { |
20 | struct landlock_ruleset *domain; |
21 | }; |
22 | |
23 | static inline struct landlock_cred_security * |
24 | landlock_cred(const struct cred *cred) |
25 | { |
26 | return cred->security + landlock_blob_sizes.lbs_cred; |
27 | } |
28 | |
29 | static inline const struct landlock_ruleset *landlock_get_current_domain(void) |
30 | { |
31 | return landlock_cred(current_cred())->domain; |
32 | } |
33 | |
34 | /* |
35 | * The call needs to come from an RCU read-side critical section. |
36 | */ |
37 | static inline const struct landlock_ruleset * |
38 | landlock_get_task_domain(const struct task_struct *const task) |
39 | { |
40 | return landlock_cred(__task_cred(task))->domain; |
41 | } |
42 | |
43 | static inline bool landlocked(const struct task_struct *const task) |
44 | { |
45 | bool has_dom; |
46 | |
47 | if (task == current) |
48 | return !!landlock_get_current_domain(); |
49 | |
50 | rcu_read_lock(); |
51 | has_dom = !!landlock_get_task_domain(task); |
52 | rcu_read_unlock(); |
53 | return has_dom; |
54 | } |
55 | |
56 | __init void landlock_add_cred_hooks(void); |
57 | |
58 | #endif /* _SECURITY_LANDLOCK_CRED_H */ |
59 |