Warning: This file is not a C or C++ file. It does not have highlighting.
| 1 | /* |
|---|---|
| 2 | * Linux Security Module interfaces |
| 3 | * |
| 4 | * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> |
| 5 | * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com> |
| 6 | * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> |
| 7 | * Copyright (C) 2001 James Morris <jmorris@intercode.com.au> |
| 8 | * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group) |
| 9 | * Copyright (C) 2015 Intel Corporation. |
| 10 | * Copyright (C) 2015 Casey Schaufler <casey@schaufler-ca.com> |
| 11 | * Copyright (C) 2016 Mellanox Techonologies |
| 12 | * |
| 13 | * This program is free software; you can redistribute it and/or modify |
| 14 | * it under the terms of the GNU General Public License as published by |
| 15 | * the Free Software Foundation; either version 2 of the License, or |
| 16 | * (at your option) any later version. |
| 17 | * |
| 18 | * Due to this file being licensed under the GPL there is controversy over |
| 19 | * whether this permits you to write a module that #includes this file |
| 20 | * without placing your module under the GPL. Please consult a lawyer for |
| 21 | * advice before doing this. |
| 22 | * |
| 23 | */ |
| 24 | |
| 25 | #ifndef __LINUX_LSM_HOOKS_H |
| 26 | #define __LINUX_LSM_HOOKS_H |
| 27 | |
| 28 | #include <linux/security.h> |
| 29 | #include <linux/init.h> |
| 30 | #include <linux/rculist.h> |
| 31 | #include <linux/xattr.h> |
| 32 | |
| 33 | union security_list_options { |
| 34 | #define LSM_HOOK(RET, DEFAULT, NAME, ...) RET (*NAME)(__VA_ARGS__); |
| 35 | #include "lsm_hook_defs.h" |
| 36 | #undef LSM_HOOK |
| 37 | }; |
| 38 | |
| 39 | struct security_hook_heads { |
| 40 | #define LSM_HOOK(RET, DEFAULT, NAME, ...) struct hlist_head NAME; |
| 41 | #include "lsm_hook_defs.h" |
| 42 | #undef LSM_HOOK |
| 43 | } __randomize_layout; |
| 44 | |
| 45 | /* |
| 46 | * Security module hook list structure. |
| 47 | * For use with generic list macros for common operations. |
| 48 | */ |
| 49 | struct security_hook_list { |
| 50 | struct hlist_node list; |
| 51 | struct hlist_head *head; |
| 52 | union security_list_options hook; |
| 53 | const char *lsm; |
| 54 | } __randomize_layout; |
| 55 | |
| 56 | /* |
| 57 | * Security blob size or offset data. |
| 58 | */ |
| 59 | struct lsm_blob_sizes { |
| 60 | int lbs_cred; |
| 61 | int lbs_file; |
| 62 | int lbs_inode; |
| 63 | int lbs_superblock; |
| 64 | int lbs_ipc; |
| 65 | int lbs_msg_msg; |
| 66 | int lbs_task; |
| 67 | int lbs_xattr_count; /* number of xattr slots in new_xattrs array */ |
| 68 | }; |
| 69 | |
| 70 | /** |
| 71 | * lsm_get_xattr_slot - Return the next available slot and increment the index |
| 72 | * @xattrs: array storing LSM-provided xattrs |
| 73 | * @xattr_count: number of already stored xattrs (updated) |
| 74 | * |
| 75 | * Retrieve the first available slot in the @xattrs array to fill with an xattr, |
| 76 | * and increment @xattr_count. |
| 77 | * |
| 78 | * Return: The slot to fill in @xattrs if non-NULL, NULL otherwise. |
| 79 | */ |
| 80 | static inline struct xattr *lsm_get_xattr_slot(struct xattr *xattrs, |
| 81 | int *xattr_count) |
| 82 | { |
| 83 | if (unlikely(!xattrs)) |
| 84 | return NULL; |
| 85 | return &xattrs[(*xattr_count)++]; |
| 86 | } |
| 87 | |
| 88 | /* |
| 89 | * LSM_RET_VOID is used as the default value in LSM_HOOK definitions for void |
| 90 | * LSM hooks (in include/linux/lsm_hook_defs.h). |
| 91 | */ |
| 92 | #define LSM_RET_VOID ((void) 0) |
| 93 | |
| 94 | /* |
| 95 | * Initializing a security_hook_list structure takes |
| 96 | * up a lot of space in a source file. This macro takes |
| 97 | * care of the common case and reduces the amount of |
| 98 | * text involved. |
| 99 | */ |
| 100 | #define LSM_HOOK_INIT(HEAD, HOOK) \ |
| 101 | { .head = &security_hook_heads.HEAD, .hook = { .HEAD = HOOK } } |
| 102 | |
| 103 | extern struct security_hook_heads security_hook_heads; |
| 104 | extern char *lsm_names; |
| 105 | |
| 106 | extern void security_add_hooks(struct security_hook_list *hooks, int count, |
| 107 | const char *lsm); |
| 108 | |
| 109 | #define LSM_FLAG_LEGACY_MAJOR BIT(0) |
| 110 | #define LSM_FLAG_EXCLUSIVE BIT(1) |
| 111 | |
| 112 | enum lsm_order { |
| 113 | LSM_ORDER_FIRST = -1, /* This is only for capabilities. */ |
| 114 | LSM_ORDER_MUTABLE = 0, |
| 115 | LSM_ORDER_LAST = 1, /* This is only for integrity. */ |
| 116 | }; |
| 117 | |
| 118 | struct lsm_info { |
| 119 | const char *name; /* Required. */ |
| 120 | enum lsm_order order; /* Optional: default is LSM_ORDER_MUTABLE */ |
| 121 | unsigned long flags; /* Optional: flags describing LSM */ |
| 122 | int *enabled; /* Optional: controlled by CONFIG_LSM */ |
| 123 | int (*init)(void); /* Required. */ |
| 124 | struct lsm_blob_sizes *blobs; /* Optional: for blob sharing. */ |
| 125 | }; |
| 126 | |
| 127 | extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; |
| 128 | extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[]; |
| 129 | |
| 130 | #define DEFINE_LSM(lsm) \ |
| 131 | static struct lsm_info __lsm_##lsm \ |
| 132 | __used __section(".lsm_info.init") \ |
| 133 | __aligned(sizeof(unsigned long)) |
| 134 | |
| 135 | #define DEFINE_EARLY_LSM(lsm) \ |
| 136 | static struct lsm_info __early_lsm_##lsm \ |
| 137 | __used __section(".early_lsm_info.init") \ |
| 138 | __aligned(sizeof(unsigned long)) |
| 139 | |
| 140 | extern int lsm_inode_alloc(struct inode *inode); |
| 141 | |
| 142 | #endif /* ! __LINUX_LSM_HOOKS_H */ |
| 143 |
Warning: This file is not a C or C++ file. It does not have highlighting.