Commit | Line | Data |
---|---|---|
f7433243 KT |
1 | /* |
2 | * security/tomoyo/tomoyo.h | |
3 | * | |
4 | * Implementation of the Domain-Based Mandatory Access Control. | |
5 | * | |
6 | * Copyright (C) 2005-2009 NTT DATA CORPORATION | |
7 | * | |
8 | * Version: 2.2.0-pre 2009/02/01 | |
9 | * | |
10 | */ | |
11 | ||
12 | #ifndef _SECURITY_TOMOYO_TOMOYO_H | |
13 | #define _SECURITY_TOMOYO_TOMOYO_H | |
14 | ||
15 | struct tomoyo_path_info; | |
16 | struct path; | |
17 | struct inode; | |
18 | struct linux_binprm; | |
19 | struct pt_regs; | |
20 | struct tomoyo_page_buffer; | |
21 | ||
22 | int tomoyo_check_file_perm(struct tomoyo_domain_info *domain, | |
23 | const char *filename, const u8 perm); | |
24 | int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain, | |
25 | const struct tomoyo_path_info *filename, | |
26 | struct tomoyo_page_buffer *buf); | |
27 | int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, | |
28 | struct path *path, const int flag); | |
29 | int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain, | |
30 | const u8 operation, struct path *path); | |
31 | int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain, | |
32 | const u8 operation, struct path *path1, | |
33 | struct path *path2); | |
34 | int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain, | |
35 | struct file *filp); | |
36 | int tomoyo_find_next_domain(struct linux_binprm *bprm, | |
37 | struct tomoyo_domain_info **next_domain); | |
38 | ||
39 | /* Index numbers for Access Controls. */ | |
40 | ||
41 | #define TOMOYO_TYPE_SINGLE_PATH_ACL 0 | |
42 | #define TOMOYO_TYPE_DOUBLE_PATH_ACL 1 | |
43 | ||
44 | /* Index numbers for File Controls. */ | |
45 | ||
46 | /* | |
47 | * TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set | |
48 | * if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and | |
49 | * TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set. | |
50 | * TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or | |
51 | * TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are | |
52 | * automatically cleared if TYPE_READ_WRITE_ACL is cleared. | |
53 | */ | |
54 | ||
55 | #define TOMOYO_TYPE_READ_WRITE_ACL 0 | |
56 | #define TOMOYO_TYPE_EXECUTE_ACL 1 | |
57 | #define TOMOYO_TYPE_READ_ACL 2 | |
58 | #define TOMOYO_TYPE_WRITE_ACL 3 | |
59 | #define TOMOYO_TYPE_CREATE_ACL 4 | |
60 | #define TOMOYO_TYPE_UNLINK_ACL 5 | |
61 | #define TOMOYO_TYPE_MKDIR_ACL 6 | |
62 | #define TOMOYO_TYPE_RMDIR_ACL 7 | |
63 | #define TOMOYO_TYPE_MKFIFO_ACL 8 | |
64 | #define TOMOYO_TYPE_MKSOCK_ACL 9 | |
65 | #define TOMOYO_TYPE_MKBLOCK_ACL 10 | |
66 | #define TOMOYO_TYPE_MKCHAR_ACL 11 | |
67 | #define TOMOYO_TYPE_TRUNCATE_ACL 12 | |
68 | #define TOMOYO_TYPE_SYMLINK_ACL 13 | |
69 | #define TOMOYO_TYPE_REWRITE_ACL 14 | |
70 | #define TOMOYO_MAX_SINGLE_PATH_OPERATION 15 | |
71 | ||
72 | #define TOMOYO_TYPE_LINK_ACL 0 | |
73 | #define TOMOYO_TYPE_RENAME_ACL 1 | |
74 | #define TOMOYO_MAX_DOUBLE_PATH_OPERATION 2 | |
75 | ||
76 | #define TOMOYO_DOMAINPOLICY 0 | |
77 | #define TOMOYO_EXCEPTIONPOLICY 1 | |
78 | #define TOMOYO_DOMAIN_STATUS 2 | |
79 | #define TOMOYO_PROCESS_STATUS 3 | |
80 | #define TOMOYO_MEMINFO 4 | |
81 | #define TOMOYO_SELFDOMAIN 5 | |
82 | #define TOMOYO_VERSION 6 | |
83 | #define TOMOYO_PROFILE 7 | |
84 | #define TOMOYO_MANAGER 8 | |
85 | ||
86 | extern struct tomoyo_domain_info tomoyo_kernel_domain; | |
87 | ||
88 | static inline struct tomoyo_domain_info *tomoyo_domain(void) | |
89 | { | |
90 | return current_cred()->security; | |
91 | } | |
92 | ||
93 | /* Caller holds tasklist_lock spinlock. */ | |
94 | static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct | |
95 | *task) | |
96 | { | |
97 | /***** CRITICAL SECTION START *****/ | |
98 | const struct cred *cred = get_task_cred(task); | |
99 | struct tomoyo_domain_info *domain = cred->security; | |
100 | ||
101 | put_cred(cred); | |
102 | return domain; | |
103 | /***** CRITICAL SECTION END *****/ | |
104 | } | |
105 | ||
106 | #endif /* !defined(_SECURITY_TOMOYO_TOMOYO_H) */ |