diff options
Diffstat (limited to 'security/smack/smack.h')
-rw-r--r-- | security/smack/smack.h | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index 43ae747a5aa4..129c4eb8ffb1 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h | |||
@@ -51,11 +51,18 @@ struct socket_smack { | |||
51 | */ | 51 | */ |
52 | struct inode_smack { | 52 | struct inode_smack { |
53 | char *smk_inode; /* label of the fso */ | 53 | char *smk_inode; /* label of the fso */ |
54 | char *smk_task; /* label of the task */ | ||
54 | struct mutex smk_lock; /* initialization lock */ | 55 | struct mutex smk_lock; /* initialization lock */ |
55 | int smk_flags; /* smack inode flags */ | 56 | int smk_flags; /* smack inode flags */ |
56 | }; | 57 | }; |
57 | 58 | ||
59 | struct task_smack { | ||
60 | char *smk_task; /* label used for access control */ | ||
61 | char *smk_forked; /* label when forked */ | ||
62 | }; | ||
63 | |||
58 | #define SMK_INODE_INSTANT 0x01 /* inode is instantiated */ | 64 | #define SMK_INODE_INSTANT 0x01 /* inode is instantiated */ |
65 | #define SMK_INODE_TRANSMUTE 0x02 /* directory is transmuting */ | ||
59 | 66 | ||
60 | /* | 67 | /* |
61 | * A label access rule. | 68 | * A label access rule. |
@@ -161,6 +168,10 @@ struct smack_known { | |||
161 | #define SMACK_CIPSO_MAXCATNUM 239 /* CIPSO 2.2 standard */ | 168 | #define SMACK_CIPSO_MAXCATNUM 239 /* CIPSO 2.2 standard */ |
162 | 169 | ||
163 | /* | 170 | /* |
171 | * Flag for transmute access | ||
172 | */ | ||
173 | #define MAY_TRANSMUTE 64 | ||
174 | /* | ||
164 | * Just to make the common cases easier to deal with | 175 | * Just to make the common cases easier to deal with |
165 | */ | 176 | */ |
166 | #define MAY_ANY (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) | 177 | #define MAY_ANY (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) |
@@ -191,6 +202,7 @@ struct inode_smack *new_inode_smack(char *); | |||
191 | /* | 202 | /* |
192 | * These functions are in smack_access.c | 203 | * These functions are in smack_access.c |
193 | */ | 204 | */ |
205 | int smk_access_entry(char *, char *); | ||
194 | int smk_access(char *, char *, int, struct smk_audit_info *); | 206 | int smk_access(char *, char *, int, struct smk_audit_info *); |
195 | int smk_curacc(char *, u32, struct smk_audit_info *); | 207 | int smk_curacc(char *, u32, struct smk_audit_info *); |
196 | int smack_to_cipso(const char *, struct smack_cipso *); | 208 | int smack_to_cipso(const char *, struct smack_cipso *); |
@@ -234,6 +246,15 @@ static inline void smack_catset_bit(int cat, char *catsetp) | |||
234 | } | 246 | } |
235 | 247 | ||
236 | /* | 248 | /* |
249 | * Is the directory transmuting? | ||
250 | */ | ||
251 | static inline int smk_inode_transmutable(const struct inode *isp) | ||
252 | { | ||
253 | struct inode_smack *sip = isp->i_security; | ||
254 | return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0; | ||
255 | } | ||
256 | |||
257 | /* | ||
237 | * Present a pointer to the smack label in an inode blob. | 258 | * Present a pointer to the smack label in an inode blob. |
238 | */ | 259 | */ |
239 | static inline char *smk_of_inode(const struct inode *isp) | 260 | static inline char *smk_of_inode(const struct inode *isp) |
@@ -243,6 +264,30 @@ static inline char *smk_of_inode(const struct inode *isp) | |||
243 | } | 264 | } |
244 | 265 | ||
245 | /* | 266 | /* |
267 | * Present a pointer to the smack label in an task blob. | ||
268 | */ | ||
269 | static inline char *smk_of_task(const struct task_smack *tsp) | ||
270 | { | ||
271 | return tsp->smk_task; | ||
272 | } | ||
273 | |||
274 | /* | ||
275 | * Present a pointer to the forked smack label in an task blob. | ||
276 | */ | ||
277 | static inline char *smk_of_forked(const struct task_smack *tsp) | ||
278 | { | ||
279 | return tsp->smk_forked; | ||
280 | } | ||
281 | |||
282 | /* | ||
283 | * Present a pointer to the smack label in the current task blob. | ||
284 | */ | ||
285 | static inline char *smk_of_current(void) | ||
286 | { | ||
287 | return smk_of_task(current_security()); | ||
288 | } | ||
289 | |||
290 | /* | ||
246 | * logging functions | 291 | * logging functions |
247 | */ | 292 | */ |
248 | #define SMACK_AUDIT_DENIED 0x1 | 293 | #define SMACK_AUDIT_DENIED 0x1 |