diff options
Diffstat (limited to 'security/tomoyo/tomoyo.h')
-rw-r--r-- | security/tomoyo/tomoyo.h | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h new file mode 100644 index 000000000000..a0c8f6e0bea4 --- /dev/null +++ b/security/tomoyo/tomoyo.h | |||
@@ -0,0 +1,106 @@ | |||
1 | /* | ||
2 | * security/tomoyo/tomoyo.h | ||
3 | * | ||
4 | * Implementation of the Domain-Based Mandatory Access Control. | ||
5 | * | ||
6 | * Copyright (C) 2005-2009 NTT DATA CORPORATION | ||
7 | * | ||
8 | * Version: 2.2.0-pre 2009/02/01 | ||
9 | * | ||
10 | */ | ||
11 | |||
12 | #ifndef _SECURITY_TOMOYO_TOMOYO_H | ||
13 | #define _SECURITY_TOMOYO_TOMOYO_H | ||
14 | |||
15 | struct tomoyo_path_info; | ||
16 | struct path; | ||
17 | struct inode; | ||
18 | struct linux_binprm; | ||
19 | struct pt_regs; | ||
20 | struct tomoyo_page_buffer; | ||
21 | |||
22 | int tomoyo_check_file_perm(struct tomoyo_domain_info *domain, | ||
23 | const char *filename, const u8 perm); | ||
24 | int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain, | ||
25 | const struct tomoyo_path_info *filename, | ||
26 | struct tomoyo_page_buffer *buf); | ||
27 | int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, | ||
28 | struct path *path, const int flag); | ||
29 | int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain, | ||
30 | const u8 operation, struct path *path); | ||
31 | int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain, | ||
32 | const u8 operation, struct path *path1, | ||
33 | struct path *path2); | ||
34 | int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain, | ||
35 | struct file *filp); | ||
36 | int tomoyo_find_next_domain(struct linux_binprm *bprm, | ||
37 | struct tomoyo_domain_info **next_domain); | ||
38 | |||
39 | /* Index numbers for Access Controls. */ | ||
40 | |||
41 | #define TOMOYO_TYPE_SINGLE_PATH_ACL 0 | ||
42 | #define TOMOYO_TYPE_DOUBLE_PATH_ACL 1 | ||
43 | |||
44 | /* Index numbers for File Controls. */ | ||
45 | |||
46 | /* | ||
47 | * TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set | ||
48 | * if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and | ||
49 | * TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set. | ||
50 | * TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or | ||
51 | * TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are | ||
52 | * automatically cleared if TYPE_READ_WRITE_ACL is cleared. | ||
53 | */ | ||
54 | |||
55 | #define TOMOYO_TYPE_READ_WRITE_ACL 0 | ||
56 | #define TOMOYO_TYPE_EXECUTE_ACL 1 | ||
57 | #define TOMOYO_TYPE_READ_ACL 2 | ||
58 | #define TOMOYO_TYPE_WRITE_ACL 3 | ||
59 | #define TOMOYO_TYPE_CREATE_ACL 4 | ||
60 | #define TOMOYO_TYPE_UNLINK_ACL 5 | ||
61 | #define TOMOYO_TYPE_MKDIR_ACL 6 | ||
62 | #define TOMOYO_TYPE_RMDIR_ACL 7 | ||
63 | #define TOMOYO_TYPE_MKFIFO_ACL 8 | ||
64 | #define TOMOYO_TYPE_MKSOCK_ACL 9 | ||
65 | #define TOMOYO_TYPE_MKBLOCK_ACL 10 | ||
66 | #define TOMOYO_TYPE_MKCHAR_ACL 11 | ||
67 | #define TOMOYO_TYPE_TRUNCATE_ACL 12 | ||
68 | #define TOMOYO_TYPE_SYMLINK_ACL 13 | ||
69 | #define TOMOYO_TYPE_REWRITE_ACL 14 | ||
70 | #define TOMOYO_MAX_SINGLE_PATH_OPERATION 15 | ||
71 | |||
72 | #define TOMOYO_TYPE_LINK_ACL 0 | ||
73 | #define TOMOYO_TYPE_RENAME_ACL 1 | ||
74 | #define TOMOYO_MAX_DOUBLE_PATH_OPERATION 2 | ||
75 | |||
76 | #define TOMOYO_DOMAINPOLICY 0 | ||
77 | #define TOMOYO_EXCEPTIONPOLICY 1 | ||
78 | #define TOMOYO_DOMAIN_STATUS 2 | ||
79 | #define TOMOYO_PROCESS_STATUS 3 | ||
80 | #define TOMOYO_MEMINFO 4 | ||
81 | #define TOMOYO_SELFDOMAIN 5 | ||
82 | #define TOMOYO_VERSION 6 | ||
83 | #define TOMOYO_PROFILE 7 | ||
84 | #define TOMOYO_MANAGER 8 | ||
85 | |||
86 | extern struct tomoyo_domain_info tomoyo_kernel_domain; | ||
87 | |||
88 | static inline struct tomoyo_domain_info *tomoyo_domain(void) | ||
89 | { | ||
90 | return current_cred()->security; | ||
91 | } | ||
92 | |||
93 | /* Caller holds tasklist_lock spinlock. */ | ||
94 | static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct | ||
95 | *task) | ||
96 | { | ||
97 | /***** CRITICAL SECTION START *****/ | ||
98 | const struct cred *cred = get_task_cred(task); | ||
99 | struct tomoyo_domain_info *domain = cred->security; | ||
100 | |||
101 | put_cred(cred); | ||
102 | return domain; | ||
103 | /***** CRITICAL SECTION END *****/ | ||
104 | } | ||
105 | |||
106 | #endif /* !defined(_SECURITY_TOMOYO_TOMOYO_H) */ | ||