1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
2 | /* |
3 | * Landlock LSM - Filesystem management and hooks |
4 | * |
5 | * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net> |
6 | * Copyright © 2018-2020 ANSSI |
7 | */ |
8 | |
9 | #ifndef _SECURITY_LANDLOCK_FS_H |
10 | #define _SECURITY_LANDLOCK_FS_H |
11 | |
12 | #include <linux/fs.h> |
13 | #include <linux/init.h> |
14 | #include <linux/rcupdate.h> |
15 | |
16 | #include "ruleset.h" |
17 | #include "setup.h" |
18 | |
19 | /** |
20 | * struct landlock_inode_security - Inode security blob |
21 | * |
22 | * Enable to reference a &struct landlock_object tied to an inode (i.e. |
23 | * underlying object). |
24 | */ |
25 | struct landlock_inode_security { |
26 | /** |
27 | * @object: Weak pointer to an allocated object. All assignments of a |
28 | * new object are protected by the underlying inode->i_lock. However, |
29 | * atomically disassociating @object from the inode is only protected |
30 | * by @object->lock, from the time @object's usage refcount drops to |
31 | * zero to the time this pointer is nulled out (cf. release_inode() and |
32 | * hook_sb_delete()). Indeed, such disassociation doesn't require |
33 | * inode->i_lock thanks to the careful rcu_access_pointer() check |
34 | * performed by get_inode_object(). |
35 | */ |
36 | struct landlock_object __rcu *object; |
37 | }; |
38 | |
39 | /** |
40 | * struct landlock_file_security - File security blob |
41 | * |
42 | * This information is populated when opening a file in hook_file_open, and |
43 | * tracks the relevant Landlock access rights that were available at the time |
44 | * of opening the file. Other LSM hooks use these rights in order to authorize |
45 | * operations on already opened files. |
46 | */ |
47 | struct landlock_file_security { |
48 | /** |
49 | * @allowed_access: Access rights that were available at the time of |
50 | * opening the file. This is not necessarily the full set of access |
51 | * rights available at that time, but it's the necessary subset as |
52 | * needed to authorize later operations on the open file. |
53 | */ |
54 | access_mask_t allowed_access; |
55 | }; |
56 | |
57 | /** |
58 | * struct landlock_superblock_security - Superblock security blob |
59 | * |
60 | * Enable hook_sb_delete() to wait for concurrent calls to release_inode(). |
61 | */ |
62 | struct landlock_superblock_security { |
63 | /** |
64 | * @inode_refs: Number of pending inodes (from this superblock) that |
65 | * are being released by release_inode(). |
66 | * Cf. struct super_block->s_fsnotify_inode_refs . |
67 | */ |
68 | atomic_long_t inode_refs; |
69 | }; |
70 | |
71 | static inline struct landlock_file_security * |
72 | landlock_file(const struct file *const file) |
73 | { |
74 | return file->f_security + landlock_blob_sizes.lbs_file; |
75 | } |
76 | |
77 | static inline struct landlock_inode_security * |
78 | landlock_inode(const struct inode *const inode) |
79 | { |
80 | return inode->i_security + landlock_blob_sizes.lbs_inode; |
81 | } |
82 | |
83 | static inline struct landlock_superblock_security * |
84 | landlock_superblock(const struct super_block *const superblock) |
85 | { |
86 | return superblock->s_security + landlock_blob_sizes.lbs_superblock; |
87 | } |
88 | |
89 | __init void landlock_add_fs_hooks(void); |
90 | |
91 | int landlock_append_fs_rule(struct landlock_ruleset *const ruleset, |
92 | const struct path *const path, |
93 | access_mask_t access_hierarchy); |
94 | |
95 | #endif /* _SECURITY_LANDLOCK_FS_H */ |
96 | |