[linux-2.6-block.git] / include / linux / fanotify.h

/* SPDX-License-Identifier: GPL-2.0 */
#ifndef _LINUX_FANOTIFY_H
#define _LINUX_FANOTIFY_H

#include <linux/sysctl.h>
#include <uapi/linux/fanotify.h>

#define FAN_GROUP_FLAG(group, flag) \
	((group)->fanotify_data.flags & (flag))

/*
 * Flags allowed to be passed from/to userspace.
 *
 * We intentionally do not add new bits to the old FAN_ALL_* constants, because
 * they are uapi exposed constants. If there are programs out there using
 * these constant, the programs may break if re-compiled with new uapi headers
 * and then run on an old kernel.
 */

/* Group classes where permission events are allowed */
#define FANOTIFY_PERM_CLASSES	(FAN_CLASS_CONTENT | \
				 FAN_CLASS_PRE_CONTENT)

#define FANOTIFY_CLASS_BITS	(FAN_CLASS_NOTIF | FANOTIFY_PERM_CLASSES)

#define FANOTIFY_FID_BITS	(FAN_REPORT_DFID_NAME_TARGET)

#define FANOTIFY_INFO_MODES	(FANOTIFY_FID_BITS | FAN_REPORT_PIDFD | FAN_REPORT_MNT)

/*
 * fanotify_init() flags that require CAP_SYS_ADMIN.
 * We do not allow unprivileged groups to request permission events.
 * We do not allow unprivileged groups to get other process pid in events.
 * We do not allow unprivileged groups to use unlimited resources.
 */
#define FANOTIFY_ADMIN_INIT_FLAGS	(FANOTIFY_PERM_CLASSES | \
					 FAN_REPORT_TID | \
					 FAN_REPORT_PIDFD | \
					 FAN_REPORT_FD_ERROR | \
					 FAN_UNLIMITED_QUEUE | \
					 FAN_UNLIMITED_MARKS)

/*
 * fanotify_init() flags that are allowed for user without CAP_SYS_ADMIN.
 * FAN_CLASS_NOTIF is the only class we allow for unprivileged group.
 * We do not allow unprivileged groups to get file descriptors in events,
 * so one of the flags for reporting file handles is required.
 */
#define FANOTIFY_USER_INIT_FLAGS	(FAN_CLASS_NOTIF | \
					 FANOTIFY_FID_BITS | FAN_REPORT_MNT | \
					 FAN_CLOEXEC | FAN_NONBLOCK)

#define FANOTIFY_INIT_FLAGS	(FANOTIFY_ADMIN_INIT_FLAGS | \
				 FANOTIFY_USER_INIT_FLAGS)

/* Internal group flags */
#define FANOTIFY_UNPRIV		0x80000000
#define FANOTIFY_INTERNAL_GROUP_FLAGS	(FANOTIFY_UNPRIV)

#define FANOTIFY_MARK_TYPE_BITS	(FAN_MARK_INODE | FAN_MARK_MOUNT | \
				 FAN_MARK_FILESYSTEM | FAN_MARK_MNTNS)

#define FANOTIFY_MARK_CMD_BITS	(FAN_MARK_ADD | FAN_MARK_REMOVE | \
				 FAN_MARK_FLUSH)

#define FANOTIFY_MARK_IGNORE_BITS (FAN_MARK_IGNORED_MASK | \
				   FAN_MARK_IGNORE)

#define FANOTIFY_MARK_FLAGS	(FANOTIFY_MARK_TYPE_BITS | \
				 FANOTIFY_MARK_CMD_BITS | \
				 FANOTIFY_MARK_IGNORE_BITS | \
				 FAN_MARK_DONT_FOLLOW | \
				 FAN_MARK_ONLYDIR | \
				 FAN_MARK_IGNORED_SURV_MODIFY | \
				 FAN_MARK_EVICTABLE)

/*
 * Events that can be reported with data type FSNOTIFY_EVENT_PATH.
 * Note that FAN_MODIFY can also be reported with data type
 * FSNOTIFY_EVENT_INODE.
 */
#define FANOTIFY_PATH_EVENTS	(FAN_ACCESS | FAN_MODIFY | \
				 FAN_CLOSE | FAN_OPEN | FAN_OPEN_EXEC)

/*
 * Directory entry modification events - reported only to directory
 * where entry is modified and not to a watching parent.
 */
#define FANOTIFY_DIRENT_EVENTS	(FAN_MOVE | FAN_CREATE | FAN_DELETE | \
				 FAN_RENAME)

/* Content events can be used to inspect file content */
#define FANOTIFY_CONTENT_PERM_EVENTS (FAN_OPEN_PERM | FAN_OPEN_EXEC_PERM | \
				      FAN_ACCESS_PERM)
/* Pre-content events can be used to fill file content */
#define FANOTIFY_PRE_CONTENT_EVENTS  (FAN_PRE_ACCESS)

/* Events that require a permission response from user */
#define FANOTIFY_PERM_EVENTS	(FANOTIFY_CONTENT_PERM_EVENTS | \
				 FANOTIFY_PRE_CONTENT_EVENTS)

/* Events that can be reported with event->fd */
#define FANOTIFY_FD_EVENTS (FANOTIFY_PATH_EVENTS | FANOTIFY_PERM_EVENTS)

/* Events that can only be reported with data type FSNOTIFY_EVENT_INODE */
#define FANOTIFY_INODE_EVENTS	(FANOTIFY_DIRENT_EVENTS | \
				 FAN_ATTRIB | FAN_MOVE_SELF | FAN_DELETE_SELF)

/* Events that can only be reported with data type FSNOTIFY_EVENT_ERROR */
#define FANOTIFY_ERROR_EVENTS	(FAN_FS_ERROR)

#define FANOTIFY_MOUNT_EVENTS	(FAN_MNT_ATTACH | FAN_MNT_DETACH)

/* Events that user can request to be notified on */
#define FANOTIFY_EVENTS		(FANOTIFY_PATH_EVENTS | \
				 FANOTIFY_INODE_EVENTS | \
				 FANOTIFY_ERROR_EVENTS | \
				 FANOTIFY_MOUNT_EVENTS)

/* Extra flags that may be reported with event or control handling of events */
#define FANOTIFY_EVENT_FLAGS	(FAN_EVENT_ON_CHILD | FAN_ONDIR)

/* Events that may be reported to user */
#define FANOTIFY_OUTGOING_EVENTS	(FANOTIFY_EVENTS | \
					 FANOTIFY_PERM_EVENTS | \
					 FAN_Q_OVERFLOW | FAN_ONDIR)

/* Events and flags relevant only for directories */
#define FANOTIFY_DIRONLY_EVENT_BITS	(FANOTIFY_DIRENT_EVENTS | \
					 FAN_EVENT_ON_CHILD | FAN_ONDIR)

#define ALL_FANOTIFY_EVENT_BITS		(FANOTIFY_OUTGOING_EVENTS | \
					 FANOTIFY_EVENT_FLAGS)

/* These masks check for invalid bits in permission responses. */
#define FANOTIFY_RESPONSE_ACCESS (FAN_ALLOW | FAN_DENY)
#define FANOTIFY_RESPONSE_FLAGS (FAN_AUDIT | FAN_INFO)
#define FANOTIFY_RESPONSE_VALID_MASK \
	(FANOTIFY_RESPONSE_ACCESS | FANOTIFY_RESPONSE_FLAGS | \
	 (FAN_ERRNO_MASK << FAN_ERRNO_SHIFT))

/* Do not use these old uapi constants internally */
#undef FAN_ALL_CLASS_BITS
#undef FAN_ALL_INIT_FLAGS
#undef FAN_ALL_MARK_FLAGS
#undef FAN_ALL_EVENTS
#undef FAN_ALL_PERM_EVENTS
#undef FAN_ALL_OUTGOING_EVENTS

#endif /* _LINUX_FANOTIFY_H */
Commit	Line	Data
b2441318	1	/* SPDX-License-Identifier: GPL-2.0 */
ff0b16a9 EP	2	#ifndef _LINUX_FANOTIFY_H
	3	#define _LINUX_FANOTIFY_H
	4
5b8fea65	5	#include <linux/sysctl.h>
607ca46e	6	#include <uapi/linux/fanotify.h>
ff0b16a9	7
96a71f21 AG	8	#define FAN_GROUP_FLAG(group, flag) \
	9	((group)->fanotify_data.flags & (flag))
	10
23c9deeb AG	11	/*
	12	* Flags allowed to be passed from/to userspace.
	13	*
	14	* We intentionally do not add new bits to the old FAN_ALL_* constants, because
	15	* they are uapi exposed constants. If there are programs out there using
	16	* these constant, the programs may break if re-compiled with new uapi headers
	17	* and then run on an old kernel.
	18	*/
7cea2a3c AG	19
	20	/* Group classes where permission events are allowed */
	21	#define FANOTIFY_PERM_CLASSES (FAN_CLASS_CONTENT \| \
23c9deeb AG	22	FAN_CLASS_PRE_CONTENT)
23c9deeb AG	23
7cea2a3c AG	24	#define FANOTIFY_CLASS_BITS (FAN_CLASS_NOTIF \| FANOTIFY_PERM_CLASSES)
7cea2a3c AG	25
d61fd650	26	#define FANOTIFY_FID_BITS (FAN_REPORT_DFID_NAME_TARGET)
d809daf1	27
0f46d81f	28	#define FANOTIFY_INFO_MODES (FANOTIFY_FID_BITS \| FAN_REPORT_PIDFD \| FAN_REPORT_MNT)
0aca67bb	29
7cea2a3c AG	30	/*
	31	* fanotify_init() flags that require CAP_SYS_ADMIN.
	32	* We do not allow unprivileged groups to request permission events.
	33	* We do not allow unprivileged groups to get other process pid in events.
	34	* We do not allow unprivileged groups to use unlimited resources.
	35	*/
	36	#define FANOTIFY_ADMIN_INIT_FLAGS (FANOTIFY_PERM_CLASSES \| \
	37	FAN_REPORT_TID \| \
af579beb	38	FAN_REPORT_PIDFD \| \
522249f0	39	FAN_REPORT_FD_ERROR \| \
7cea2a3c	40	FAN_UNLIMITED_QUEUE \| \
58f5fbeb	41	FAN_UNLIMITED_MARKS)
7cea2a3c AG	42
	43	/*
	44	* fanotify_init() flags that are allowed for user without CAP_SYS_ADMIN.
	45	* FAN_CLASS_NOTIF is the only class we allow for unprivileged group.
	46	* We do not allow unprivileged groups to get file descriptors in events,
	47	* so one of the flags for reporting file handles is required.
	48	*/
	49	#define FANOTIFY_USER_INIT_FLAGS (FAN_CLASS_NOTIF \| \
58f5fbeb	50	FANOTIFY_FID_BITS \| FAN_REPORT_MNT \| \
7cea2a3c AG	51	FAN_CLOEXEC \| FAN_NONBLOCK)
	52
	53	#define FANOTIFY_INIT_FLAGS (FANOTIFY_ADMIN_INIT_FLAGS \| \
	54	FANOTIFY_USER_INIT_FLAGS)
23c9deeb	55
a8b98c80 AG	56	/* Internal group flags */
	57	#define FANOTIFY_UNPRIV 0x80000000
	58	#define FANOTIFY_INTERNAL_GROUP_FLAGS (FANOTIFY_UNPRIV)
	59
23c9deeb	60	#define FANOTIFY_MARK_TYPE_BITS (FAN_MARK_INODE \| FAN_MARK_MOUNT \| \
0f46d81f	61	FAN_MARK_FILESYSTEM \| FAN_MARK_MNTNS)
23c9deeb	62
8afd7215 AG	63	#define FANOTIFY_MARK_CMD_BITS (FAN_MARK_ADD \| FAN_MARK_REMOVE \| \
	64	FAN_MARK_FLUSH)
	65
e252f2ed AG	66	#define FANOTIFY_MARK_IGNORE_BITS (FAN_MARK_IGNORED_MASK \| \
	67	FAN_MARK_IGNORE)
	68
23c9deeb	69	#define FANOTIFY_MARK_FLAGS (FANOTIFY_MARK_TYPE_BITS \| \
8afd7215	70	FANOTIFY_MARK_CMD_BITS \| \
e252f2ed	71	FANOTIFY_MARK_IGNORE_BITS \| \
23c9deeb AG	72	FAN_MARK_DONT_FOLLOW \| \
23c9deeb AG	73	FAN_MARK_ONLYDIR \| \
23c9deeb	74	FAN_MARK_IGNORED_SURV_MODIFY \| \
8afd7215	75	FAN_MARK_EVICTABLE)
23c9deeb	76
235328d1 AG	77	/*
	78	* Events that can be reported with data type FSNOTIFY_EVENT_PATH.
	79	* Note that FAN_MODIFY can also be reported with data type
	80	* FSNOTIFY_EVENT_INODE.
	81	*/
	82	#define FANOTIFY_PATH_EVENTS (FAN_ACCESS \| FAN_MODIFY \| \
9b076f1c	83	FAN_CLOSE \| FAN_OPEN \| FAN_OPEN_EXEC)
23c9deeb	84
235328d1 AG	85	/*
	86	* Directory entry modification events - reported only to directory
	87	* where entry is modified and not to a watching parent.
	88	*/
8cc3b1cc AG	89	#define FANOTIFY_DIRENT_EVENTS (FAN_MOVE \| FAN_CREATE \| FAN_DELETE \| \
8cc3b1cc AG	90	FAN_RENAME)
235328d1	91
4f8afa33 AG	92	/* Content events can be used to inspect file content */
	93	#define FANOTIFY_CONTENT_PERM_EVENTS (FAN_OPEN_PERM \| FAN_OPEN_EXEC_PERM \| \
	94	FAN_ACCESS_PERM)
	95	/* Pre-content events can be used to fill file content */
	96	#define FANOTIFY_PRE_CONTENT_EVENTS (FAN_PRE_ACCESS)
	97
	98	/* Events that require a permission response from user */
	99	#define FANOTIFY_PERM_EVENTS (FANOTIFY_CONTENT_PERM_EVENTS \| \
	100	FANOTIFY_PRE_CONTENT_EVENTS)
	101
4fe595cf GKB	102	/* Events that can be reported with event->fd */
	103	#define FANOTIFY_FD_EVENTS (FANOTIFY_PATH_EVENTS \| FANOTIFY_PERM_EVENTS)
	104
235328d1 AG	105	/* Events that can only be reported with data type FSNOTIFY_EVENT_INODE */
	106	#define FANOTIFY_INODE_EVENTS (FANOTIFY_DIRENT_EVENTS \| \
	107	FAN_ATTRIB \| FAN_MOVE_SELF \| FAN_DELETE_SELF)
	108
9709bd54 GKB	109	/* Events that can only be reported with data type FSNOTIFY_EVENT_ERROR */
	110	#define FANOTIFY_ERROR_EVENTS (FAN_FS_ERROR)
	111
0f46d81f MS	112	#define FANOTIFY_MOUNT_EVENTS (FAN_MNT_ATTACH \| FAN_MNT_DETACH)
0f46d81f MS	113
235328d1 AG	114	/* Events that user can request to be notified on */
235328d1 AG	115	#define FANOTIFY_EVENTS (FANOTIFY_PATH_EVENTS \| \
9709bd54	116	FANOTIFY_INODE_EVENTS \| \
0f46d81f MS	117	FANOTIFY_ERROR_EVENTS \| \
0f46d81f MS	118	FANOTIFY_MOUNT_EVENTS)
235328d1	119
bdd5a46f AG	120	/* Extra flags that may be reported with event or control handling of events */
	121	#define FANOTIFY_EVENT_FLAGS (FAN_EVENT_ON_CHILD \| FAN_ONDIR)
	122
23c9deeb AG	123	/* Events that may be reported to user */
	124	#define FANOTIFY_OUTGOING_EVENTS (FANOTIFY_EVENTS \| \
	125	FANOTIFY_PERM_EVENTS \| \
e7fce6d9	126	FAN_Q_OVERFLOW \| FAN_ONDIR)
23c9deeb	127
8698e3ba AG	128	/* Events and flags relevant only for directories */
	129	#define FANOTIFY_DIRONLY_EVENT_BITS (FANOTIFY_DIRENT_EVENTS \| \
	130	FAN_EVENT_ON_CHILD \| FAN_ONDIR)
	131
bdd5a46f AG	132	#define ALL_FANOTIFY_EVENT_BITS (FANOTIFY_OUTGOING_EVENTS \| \
	133	FANOTIFY_EVENT_FLAGS)
	134
70529a19 RGB	135	/* These masks check for invalid bits in permission responses. */
	136	#define FANOTIFY_RESPONSE_ACCESS (FAN_ALLOW \| FAN_DENY)
	137	#define FANOTIFY_RESPONSE_FLAGS (FAN_AUDIT \| FAN_INFO)
b4b2ff4f AG	138	#define FANOTIFY_RESPONSE_VALID_MASK \
	139	(FANOTIFY_RESPONSE_ACCESS \| FANOTIFY_RESPONSE_FLAGS \| \
	140	(FAN_ERRNO_MASK << FAN_ERRNO_SHIFT))
70529a19	141
23c9deeb AG	142	/* Do not use these old uapi constants internally */
	143	#undef FAN_ALL_CLASS_BITS
	144	#undef FAN_ALL_INIT_FLAGS
	145	#undef FAN_ALL_MARK_FLAGS
	146	#undef FAN_ALL_EVENTS
	147	#undef FAN_ALL_PERM_EVENTS
	148	#undef FAN_ALL_OUTGOING_EVENTS
	149
ff0b16a9	150	#endif /* _LINUX_FANOTIFY_H */