diff options
| author | Jonathan Herman <hermanjl@cs.unc.edu> | 2013-01-17 16:15:55 -0500 |
|---|---|---|
| committer | Jonathan Herman <hermanjl@cs.unc.edu> | 2013-01-17 16:15:55 -0500 |
| commit | 8dea78da5cee153b8af9c07a2745f6c55057fe12 (patch) | |
| tree | a8f4d49d63b1ecc92f2fddceba0655b2472c5bd9 /include/linux/securebits.h | |
| parent | 406089d01562f1e2bf9f089fd7637009ebaad589 (diff) | |
Patched in Tegra support.
Diffstat (limited to 'include/linux/securebits.h')
| -rw-r--r-- | include/linux/securebits.h | 51 |
1 files changed, 49 insertions, 2 deletions
diff --git a/include/linux/securebits.h b/include/linux/securebits.h index da1b33b33af..33406174cbe 100644 --- a/include/linux/securebits.h +++ b/include/linux/securebits.h | |||
| @@ -1,7 +1,54 @@ | |||
| 1 | #ifndef _LINUX_SECUREBITS_H | 1 | #ifndef _LINUX_SECUREBITS_H |
| 2 | #define _LINUX_SECUREBITS_H 1 | 2 | #define _LINUX_SECUREBITS_H 1 |
| 3 | 3 | ||
| 4 | #include <uapi/linux/securebits.h> | 4 | /* Each securesetting is implemented using two bits. One bit specifies |
| 5 | 5 | whether the setting is on or off. The other bit specify whether the | |
| 6 | setting is locked or not. A setting which is locked cannot be | ||
| 7 | changed from user-level. */ | ||
| 8 | #define issecure_mask(X) (1 << (X)) | ||
| 9 | #ifdef __KERNEL__ | ||
| 6 | #define issecure(X) (issecure_mask(X) & current_cred_xxx(securebits)) | 10 | #define issecure(X) (issecure_mask(X) & current_cred_xxx(securebits)) |
| 11 | #endif | ||
| 12 | |||
| 13 | #define SECUREBITS_DEFAULT 0x00000000 | ||
| 14 | |||
| 15 | /* When set UID 0 has no special privileges. When unset, we support | ||
| 16 | inheritance of root-permissions and suid-root executable under | ||
| 17 | compatibility mode. We raise the effective and inheritable bitmasks | ||
| 18 | *of the executable file* if the effective uid of the new process is | ||
| 19 | 0. If the real uid is 0, we raise the effective (legacy) bit of the | ||
| 20 | executable file. */ | ||
| 21 | #define SECURE_NOROOT 0 | ||
| 22 | #define SECURE_NOROOT_LOCKED 1 /* make bit-0 immutable */ | ||
| 23 | |||
| 24 | #define SECBIT_NOROOT (issecure_mask(SECURE_NOROOT)) | ||
| 25 | #define SECBIT_NOROOT_LOCKED (issecure_mask(SECURE_NOROOT_LOCKED)) | ||
| 26 | |||
| 27 | /* When set, setuid to/from uid 0 does not trigger capability-"fixup". | ||
| 28 | When unset, to provide compatiblility with old programs relying on | ||
| 29 | set*uid to gain/lose privilege, transitions to/from uid 0 cause | ||
| 30 | capabilities to be gained/lost. */ | ||
| 31 | #define SECURE_NO_SETUID_FIXUP 2 | ||
| 32 | #define SECURE_NO_SETUID_FIXUP_LOCKED 3 /* make bit-2 immutable */ | ||
| 33 | |||
| 34 | #define SECBIT_NO_SETUID_FIXUP (issecure_mask(SECURE_NO_SETUID_FIXUP)) | ||
| 35 | #define SECBIT_NO_SETUID_FIXUP_LOCKED \ | ||
| 36 | (issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED)) | ||
| 37 | |||
| 38 | /* When set, a process can retain its capabilities even after | ||
| 39 | transitioning to a non-root user (the set-uid fixup suppressed by | ||
| 40 | bit 2). Bit-4 is cleared when a process calls exec(); setting both | ||
| 41 | bit 4 and 5 will create a barrier through exec that no exec()'d | ||
| 42 | child can use this feature again. */ | ||
| 43 | #define SECURE_KEEP_CAPS 4 | ||
| 44 | #define SECURE_KEEP_CAPS_LOCKED 5 /* make bit-4 immutable */ | ||
| 45 | |||
| 46 | #define SECBIT_KEEP_CAPS (issecure_mask(SECURE_KEEP_CAPS)) | ||
| 47 | #define SECBIT_KEEP_CAPS_LOCKED (issecure_mask(SECURE_KEEP_CAPS_LOCKED)) | ||
| 48 | |||
| 49 | #define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \ | ||
| 50 | issecure_mask(SECURE_NO_SETUID_FIXUP) | \ | ||
| 51 | issecure_mask(SECURE_KEEP_CAPS)) | ||
| 52 | #define SECURE_ALL_LOCKS (SECURE_ALL_BITS << 1) | ||
| 53 | |||
| 7 | #endif /* !_LINUX_SECUREBITS_H */ | 54 | #endif /* !_LINUX_SECUREBITS_H */ |