Sākums Izpētīt Palīdzība
Pierakstīties
samsung-sm8650
/
android_kernel_samsung_sm8650_ksu
2
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Koks: 5c86c450e2
Atzari Tagi
android_kernel_...
/
security
/
landlock
/
fs.h

fs.h 2.1 KB
Vēsture Neapstrādāts

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. /* SPDX-License-Identifier: GPL-2.0-only */
    2. 

  2. /*
    3. 

  3.  * Landlock LSM - Filesystem management and hooks
    4. 

  4.  *
    5. 

  5.  * Copyright © 2017-2020 Mickaël Salaün <[email protected]>
    6. 

  6.  * Copyright © 2018-2020 ANSSI
    7. 

  7.  */
    8. 

  8. 

  9. #ifndef _SECURITY_LANDLOCK_FS_H
    10. 

  10. #define _SECURITY_LANDLOCK_FS_H
    11. 

  11. 

  12. #include <linux/fs.h>
    13. 

  13. #include <linux/init.h>
    14. 

  14. #include <linux/rcupdate.h>
    15. 

  15. 

  16. #include "ruleset.h"
    17. 

  17. #include "setup.h"
    18. 

  18. 

  19. /**
    20. 

  20.  * struct landlock_inode_security - Inode security blob
    21. 

  21.  *
    22. 

  22.  * Enable to reference a &struct landlock_object tied to an inode (i.e.
    23. 

  23.  * underlying object).
    24. 

  24.  */
    25. 

  25. struct landlock_inode_security {
    26. 

  26. 	/**
    27. 

  27. 	 * @object: Weak pointer to an allocated object.  All assignments of a
    28. 

  28. 	 * new object are protected by the underlying inode->i_lock.  However,
    29. 

  29. 	 * atomically disassociating @object from the inode is only protected
    30. 

  30. 	 * by @object->lock, from the time @object's usage refcount drops to
    31. 

  31. 	 * zero to the time this pointer is nulled out (cf. release_inode() and
    32. 

  32. 	 * hook_sb_delete()).  Indeed, such disassociation doesn't require
    33. 

  33. 	 * inode->i_lock thanks to the careful rcu_access_pointer() check
    34. 

  34. 	 * performed by get_inode_object().
    35. 

  35. 	 */
    36. 

  36. 	struct landlock_object __rcu *object;
    37. 

  37. };
    38. 

  38. 

  39. /**
    40. 

  40.  * struct landlock_superblock_security - Superblock security blob
    41. 

  41.  *
    42. 

  42.  * Enable hook_sb_delete() to wait for concurrent calls to release_inode().
    43. 

  43.  */
    44. 

  44. struct landlock_superblock_security {
    45. 

  45. 	/**
    46. 

  46. 	 * @inode_refs: Number of pending inodes (from this superblock) that
    47. 

  47. 	 * are being released by release_inode().
    48. 

  48. 	 * Cf. struct super_block->s_fsnotify_inode_refs .
    49. 

  49. 	 */
    50. 

  50. 	atomic_long_t inode_refs;
    51. 

  51. };
    52. 

  52. 

  53. static inline struct landlock_inode_security *
    54. 

  54. landlock_inode(const struct inode *const inode)
    55. 

  55. {
    56. 

  56. 	return inode->i_security + landlock_blob_sizes.lbs_inode;
    57. 

  57. }
    58. 

  58. 

  59. static inline struct landlock_superblock_security *
    60. 

  60. landlock_superblock(const struct super_block *const superblock)
    61. 

  61. {
    62. 

  62. 	return superblock->s_security + landlock_blob_sizes.lbs_superblock;
    63. 

  63. }
    64. 

  64. 

  65. __init void landlock_add_fs_hooks(void);
    66. 

  66. 

  67. int landlock_append_fs_rule(struct landlock_ruleset *const ruleset,
    68. 

  68. 			    const struct path *const path,
    69. 

  69. 			    access_mask_t access_hierarchy);
    70. 

  70. 

  71. #endif /* _SECURITY_LANDLOCK_FS_H */
    72.