aboutsummaryrefslogtreecommitdiffstats
path: root/security/smack/smack.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/smack/smack.h')
-rw-r--r--security/smack/smack.h45
1 files changed, 45 insertions, 0 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 43ae747a5aa4..129c4eb8ffb1 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -51,11 +51,18 @@ struct socket_smack {
51 */ 51 */
52struct inode_smack { 52struct inode_smack {
53 char *smk_inode; /* label of the fso */ 53 char *smk_inode; /* label of the fso */
54 char *smk_task; /* label of the task */
54 struct mutex smk_lock; /* initialization lock */ 55 struct mutex smk_lock; /* initialization lock */
55 int smk_flags; /* smack inode flags */ 56 int smk_flags; /* smack inode flags */
56}; 57};
57 58
59struct task_smack {
60 char *smk_task; /* label used for access control */
61 char *smk_forked; /* label when forked */
62};
63
58#define SMK_INODE_INSTANT 0x01 /* inode is instantiated */ 64#define SMK_INODE_INSTANT 0x01 /* inode is instantiated */
65#define SMK_INODE_TRANSMUTE 0x02 /* directory is transmuting */
59 66
60/* 67/*
61 * A label access rule. 68 * A label access rule.
@@ -161,6 +168,10 @@ struct smack_known {
161#define SMACK_CIPSO_MAXCATNUM 239 /* CIPSO 2.2 standard */ 168#define SMACK_CIPSO_MAXCATNUM 239 /* CIPSO 2.2 standard */
162 169
163/* 170/*
171 * Flag for transmute access
172 */
173#define MAY_TRANSMUTE 64
174/*
164 * Just to make the common cases easier to deal with 175 * Just to make the common cases easier to deal with
165 */ 176 */
166#define MAY_ANY (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) 177#define MAY_ANY (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
@@ -191,6 +202,7 @@ struct inode_smack *new_inode_smack(char *);
191/* 202/*
192 * These functions are in smack_access.c 203 * These functions are in smack_access.c
193 */ 204 */
205int smk_access_entry(char *, char *);
194int smk_access(char *, char *, int, struct smk_audit_info *); 206int smk_access(char *, char *, int, struct smk_audit_info *);
195int smk_curacc(char *, u32, struct smk_audit_info *); 207int smk_curacc(char *, u32, struct smk_audit_info *);
196int smack_to_cipso(const char *, struct smack_cipso *); 208int smack_to_cipso(const char *, struct smack_cipso *);
@@ -234,6 +246,15 @@ static inline void smack_catset_bit(int cat, char *catsetp)
234} 246}
235 247
236/* 248/*
249 * Is the directory transmuting?
250 */
251static inline int smk_inode_transmutable(const struct inode *isp)
252{
253 struct inode_smack *sip = isp->i_security;
254 return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0;
255}
256
257/*
237 * Present a pointer to the smack label in an inode blob. 258 * Present a pointer to the smack label in an inode blob.
238 */ 259 */
239static inline char *smk_of_inode(const struct inode *isp) 260static inline char *smk_of_inode(const struct inode *isp)
@@ -243,6 +264,30 @@ static inline char *smk_of_inode(const struct inode *isp)
243} 264}
244 265
245/* 266/*
267 * Present a pointer to the smack label in an task blob.
268 */
269static inline char *smk_of_task(const struct task_smack *tsp)
270{
271 return tsp->smk_task;
272}
273
274/*
275 * Present a pointer to the forked smack label in an task blob.
276 */
277static inline char *smk_of_forked(const struct task_smack *tsp)
278{
279 return tsp->smk_forked;
280}
281
282/*
283 * Present a pointer to the smack label in the current task blob.
284 */
285static inline char *smk_of_current(void)
286{
287 return smk_of_task(current_security());
288}
289
290/*
246 * logging functions 291 * logging functions
247 */ 292 */
248#define SMACK_AUDIT_DENIED 0x1 293#define SMACK_AUDIT_DENIED 0x1