Back to home page

OSCL-LXR
 
 

     

0001 /* SPDX-License-Identifier: GPL-2.0 */
0002 /*
0003  * SafeSetID Linux Security Module
0004  *
0005  * Author: Micah Morton <mortonm@chromium.org>
0006  *
0007  * Copyright (C) 2018 The Chromium OS Authors.
0008  *
0009  * This program is free software; you can redistribute it and/or modify
0010  * it under the terms of the GNU General Public License version 2, as
0011  * published by the Free Software Foundation.
0012  *
0013  */
0014 #ifndef _SAFESETID_H
0015 #define _SAFESETID_H
0016 
0017 #include <linux/types.h>
0018 #include <linux/uidgid.h>
0019 #include <linux/hashtable.h>
0020 
0021 /* Flag indicating whether initialization completed */
0022 extern int safesetid_initialized __initdata;
0023 
0024 enum sid_policy_type {
0025     SIDPOL_DEFAULT, /* source ID is unaffected by policy */
0026     SIDPOL_CONSTRAINED, /* source ID is affected by policy */
0027     SIDPOL_ALLOWED /* target ID explicitly allowed */
0028 };
0029 
0030 typedef union {
0031     kuid_t uid;
0032     kgid_t gid;
0033 } kid_t;
0034 
0035 enum setid_type {
0036     UID,
0037     GID
0038 };
0039 
0040 /*
0041  * Hash table entry to store safesetid policy signifying that 'src_id'
0042  * can set*id to 'dst_id'.
0043  */
0044 struct setid_rule {
0045     struct hlist_node next;
0046     kid_t src_id;
0047     kid_t dst_id;
0048 
0049     /* Flag to signal if rule is for UID's or GID's */
0050     enum setid_type type;
0051 };
0052 
0053 #define SETID_HASH_BITS 8 /* 256 buckets in hash table */
0054 
0055 /* Extension of INVALID_UID/INVALID_GID for kid_t type */
0056 #define INVALID_ID (kid_t){.uid = INVALID_UID}
0057 
0058 struct setid_ruleset {
0059     DECLARE_HASHTABLE(rules, SETID_HASH_BITS);
0060     char *policy_str;
0061     struct rcu_head rcu;
0062 
0063     //Flag to signal if ruleset is for UID's or GID's
0064     enum setid_type type;
0065 };
0066 
0067 enum sid_policy_type _setid_policy_lookup(struct setid_ruleset *policy,
0068         kid_t src, kid_t dst);
0069 
0070 extern struct setid_ruleset __rcu *safesetid_setuid_rules;
0071 extern struct setid_ruleset __rcu *safesetid_setgid_rules;
0072 
0073 #endif /* _SAFESETID_H */
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!