diff options
| author | Glenn Elliott <gelliott@cs.unc.edu> | 2012-03-04 19:47:13 -0500 |
|---|---|---|
| committer | Glenn Elliott <gelliott@cs.unc.edu> | 2012-03-04 19:47:13 -0500 |
| commit | c71c03bda1e86c9d5198c5d83f712e695c4f2a1e (patch) | |
| tree | ecb166cb3e2b7e2adb3b5e292245fefd23381ac8 /security/smack/smack.h | |
| parent | ea53c912f8a86a8567697115b6a0d8152beee5c8 (diff) | |
| parent | 6a00f206debf8a5c8899055726ad127dbeeed098 (diff) | |
Merge branch 'mpi-master' into wip-k-fmlpwip-k-fmlp
Conflicts:
litmus/sched_cedf.c
Diffstat (limited to 'security/smack/smack.h')
| -rw-r--r-- | security/smack/smack.h | 67 |
1 files changed, 51 insertions, 16 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index 43ae747a5aa4..2b6c6a516123 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h | |||
| @@ -51,11 +51,21 @@ struct socket_smack { | |||
| 51 | */ | 51 | */ |
| 52 | struct inode_smack { | 52 | struct inode_smack { |
| 53 | char *smk_inode; /* label of the fso */ | 53 | char *smk_inode; /* label of the fso */ |
| 54 | char *smk_task; /* label of the task */ | ||
| 55 | char *smk_mmap; /* label of the mmap domain */ | ||
| 54 | struct mutex smk_lock; /* initialization lock */ | 56 | struct mutex smk_lock; /* initialization lock */ |
| 55 | int smk_flags; /* smack inode flags */ | 57 | int smk_flags; /* smack inode flags */ |
| 56 | }; | 58 | }; |
| 57 | 59 | ||
| 60 | struct task_smack { | ||
| 61 | char *smk_task; /* label for access control */ | ||
| 62 | char *smk_forked; /* label when forked */ | ||
| 63 | struct list_head smk_rules; /* per task access rules */ | ||
| 64 | struct mutex smk_rules_lock; /* lock for the rules */ | ||
| 65 | }; | ||
| 66 | |||
| 58 | #define SMK_INODE_INSTANT 0x01 /* inode is instantiated */ | 67 | #define SMK_INODE_INSTANT 0x01 /* inode is instantiated */ |
| 68 | #define SMK_INODE_TRANSMUTE 0x02 /* directory is transmuting */ | ||
| 59 | 69 | ||
| 60 | /* | 70 | /* |
| 61 | * A label access rule. | 71 | * A label access rule. |
| @@ -145,12 +155,6 @@ struct smack_known { | |||
| 145 | #define SMACK_MAGIC 0x43415d53 /* "SMAC" */ | 155 | #define SMACK_MAGIC 0x43415d53 /* "SMAC" */ |
| 146 | 156 | ||
| 147 | /* | 157 | /* |
| 148 | * A limit on the number of entries in the lists | ||
| 149 | * makes some of the list administration easier. | ||
| 150 | */ | ||
| 151 | #define SMACK_LIST_MAX 10000 | ||
| 152 | |||
| 153 | /* | ||
| 154 | * CIPSO defaults. | 158 | * CIPSO defaults. |
| 155 | */ | 159 | */ |
| 156 | #define SMACK_CIPSO_DOI_DEFAULT 3 /* Historical */ | 160 | #define SMACK_CIPSO_DOI_DEFAULT 3 /* Historical */ |
| @@ -161,11 +165,13 @@ struct smack_known { | |||
| 161 | #define SMACK_CIPSO_MAXCATNUM 239 /* CIPSO 2.2 standard */ | 165 | #define SMACK_CIPSO_MAXCATNUM 239 /* CIPSO 2.2 standard */ |
| 162 | 166 | ||
| 163 | /* | 167 | /* |
| 168 | * Flag for transmute access | ||
| 169 | */ | ||
| 170 | #define MAY_TRANSMUTE 64 | ||
| 171 | /* | ||
| 164 | * Just to make the common cases easier to deal with | 172 | * Just to make the common cases easier to deal with |
| 165 | */ | 173 | */ |
| 166 | #define MAY_ANY (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) | ||
| 167 | #define MAY_ANYREAD (MAY_READ | MAY_EXEC) | 174 | #define MAY_ANYREAD (MAY_READ | MAY_EXEC) |
| 168 | #define MAY_ANYWRITE (MAY_WRITE | MAY_APPEND) | ||
| 169 | #define MAY_READWRITE (MAY_READ | MAY_WRITE) | 175 | #define MAY_READWRITE (MAY_READ | MAY_WRITE) |
| 170 | #define MAY_NOT 0 | 176 | #define MAY_NOT 0 |
| 171 | 177 | ||
| @@ -191,6 +197,7 @@ struct inode_smack *new_inode_smack(char *); | |||
| 191 | /* | 197 | /* |
| 192 | * These functions are in smack_access.c | 198 | * These functions are in smack_access.c |
| 193 | */ | 199 | */ |
| 200 | int smk_access_entry(char *, char *, struct list_head *); | ||
| 194 | int smk_access(char *, char *, int, struct smk_audit_info *); | 201 | int smk_access(char *, char *, int, struct smk_audit_info *); |
| 195 | int smk_curacc(char *, u32, struct smk_audit_info *); | 202 | int smk_curacc(char *, u32, struct smk_audit_info *); |
| 196 | int smack_to_cipso(const char *, struct smack_cipso *); | 203 | int smack_to_cipso(const char *, struct smack_cipso *); |
| @@ -234,6 +241,15 @@ static inline void smack_catset_bit(int cat, char *catsetp) | |||
| 234 | } | 241 | } |
| 235 | 242 | ||
| 236 | /* | 243 | /* |
| 244 | * Is the directory transmuting? | ||
| 245 | */ | ||
| 246 | static inline int smk_inode_transmutable(const struct inode *isp) | ||
| 247 | { | ||
| 248 | struct inode_smack *sip = isp->i_security; | ||
| 249 | return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0; | ||
| 250 | } | ||
| 251 | |||
| 252 | /* | ||
| 237 | * Present a pointer to the smack label in an inode blob. | 253 | * Present a pointer to the smack label in an inode blob. |
| 238 | */ | 254 | */ |
| 239 | static inline char *smk_of_inode(const struct inode *isp) | 255 | static inline char *smk_of_inode(const struct inode *isp) |
| @@ -243,6 +259,30 @@ static inline char *smk_of_inode(const struct inode *isp) | |||
| 243 | } | 259 | } |
| 244 | 260 | ||
| 245 | /* | 261 | /* |
| 262 | * Present a pointer to the smack label in an task blob. | ||
| 263 | */ | ||
| 264 | static inline char *smk_of_task(const struct task_smack *tsp) | ||
| 265 | { | ||
| 266 | return tsp->smk_task; | ||
| 267 | } | ||
| 268 | |||
| 269 | /* | ||
| 270 | * Present a pointer to the forked smack label in an task blob. | ||
| 271 | */ | ||
| 272 | static inline char *smk_of_forked(const struct task_smack *tsp) | ||
| 273 | { | ||
| 274 | return tsp->smk_forked; | ||
| 275 | } | ||
| 276 | |||
| 277 | /* | ||
| 278 | * Present a pointer to the smack label in the current task blob. | ||
| 279 | */ | ||
| 280 | static inline char *smk_of_current(void) | ||
| 281 | { | ||
| 282 | return smk_of_task(current_security()); | ||
| 283 | } | ||
| 284 | |||
| 285 | /* | ||
| 246 | * logging functions | 286 | * logging functions |
| 247 | */ | 287 | */ |
| 248 | #define SMACK_AUDIT_DENIED 0x1 | 288 | #define SMACK_AUDIT_DENIED 0x1 |
| @@ -276,22 +316,17 @@ static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, | |||
| 276 | static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, | 316 | static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, |
| 277 | struct dentry *d) | 317 | struct dentry *d) |
| 278 | { | 318 | { |
| 279 | a->a.u.fs.path.dentry = d; | 319 | a->a.u.dentry = d; |
| 280 | } | ||
| 281 | static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a, | ||
| 282 | struct vfsmount *m) | ||
| 283 | { | ||
| 284 | a->a.u.fs.path.mnt = m; | ||
| 285 | } | 320 | } |
| 286 | static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, | 321 | static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, |
| 287 | struct inode *i) | 322 | struct inode *i) |
| 288 | { | 323 | { |
| 289 | a->a.u.fs.inode = i; | 324 | a->a.u.inode = i; |
| 290 | } | 325 | } |
| 291 | static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, | 326 | static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, |
| 292 | struct path p) | 327 | struct path p) |
| 293 | { | 328 | { |
| 294 | a->a.u.fs.path = p; | 329 | a->a.u.path = p; |
| 295 | } | 330 | } |
| 296 | static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, | 331 | static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, |
| 297 | struct sock *sk) | 332 | struct sock *sk) |