cred.h 1.3 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758
  1. /* SPDX-License-Identifier: GPL-2.0-only */
  2. /*
  3. * Landlock LSM - Credential hooks
  4. *
  5. * Copyright © 2019-2020 Mickaël Salaün <[email protected]>
  6. * Copyright © 2019-2020 ANSSI
  7. */
  8. #ifndef _SECURITY_LANDLOCK_CRED_H
  9. #define _SECURITY_LANDLOCK_CRED_H
  10. #include <linux/cred.h>
  11. #include <linux/init.h>
  12. #include <linux/rcupdate.h>
  13. #include "ruleset.h"
  14. #include "setup.h"
  15. struct landlock_cred_security {
  16. struct landlock_ruleset *domain;
  17. };
  18. static inline struct landlock_cred_security *
  19. landlock_cred(const struct cred *cred)
  20. {
  21. return cred->security + landlock_blob_sizes.lbs_cred;
  22. }
  23. static inline const struct landlock_ruleset *landlock_get_current_domain(void)
  24. {
  25. return landlock_cred(current_cred())->domain;
  26. }
  27. /*
  28. * The call needs to come from an RCU read-side critical section.
  29. */
  30. static inline const struct landlock_ruleset *
  31. landlock_get_task_domain(const struct task_struct *const task)
  32. {
  33. return landlock_cred(__task_cred(task))->domain;
  34. }
  35. static inline bool landlocked(const struct task_struct *const task)
  36. {
  37. bool has_dom;
  38. if (task == current)
  39. return !!landlock_get_current_domain();
  40. rcu_read_lock();
  41. has_dom = !!landlock_get_task_domain(task);
  42. rcu_read_unlock();
  43. return has_dom;
  44. }
  45. __init void landlock_add_cred_hooks(void);
  46. #endif /* _SECURITY_LANDLOCK_CRED_H */