Commit | Line | Data |
---|---|---|
3c4ed7bd CS |
1 | /* |
2 | * Linux Security Module interfaces | |
3 | * | |
4 | * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> | |
5 | * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com> | |
6 | * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> | |
7 | * Copyright (C) 2001 James Morris <jmorris@intercode.com.au> | |
8 | * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group) | |
9 | * Copyright (C) 2015 Intel Corporation. | |
10 | * Copyright (C) 2015 Casey Schaufler <casey@schaufler-ca.com> | |
d291f1a6 | 11 | * Copyright (C) 2016 Mellanox Techonologies |
3c4ed7bd CS |
12 | * |
13 | * This program is free software; you can redistribute it and/or modify | |
14 | * it under the terms of the GNU General Public License as published by | |
15 | * the Free Software Foundation; either version 2 of the License, or | |
16 | * (at your option) any later version. | |
17 | * | |
18 | * Due to this file being licensed under the GPL there is controversy over | |
19 | * whether this permits you to write a module that #includes this file | |
20 | * without placing your module under the GPL. Please consult a lawyer for | |
21 | * advice before doing this. | |
22 | * | |
23 | */ | |
24 | ||
25 | #ifndef __LINUX_LSM_HOOKS_H | |
26 | #define __LINUX_LSM_HOOKS_H | |
27 | ||
28 | #include <linux/security.h> | |
b1d9e6b0 CS |
29 | #include <linux/init.h> |
30 | #include <linux/rculist.h> | |
3c4ed7bd | 31 | |
b1d9e6b0 | 32 | union security_list_options { |
98e828a0 KS |
33 | #define LSM_HOOK(RET, DEFAULT, NAME, ...) RET (*NAME)(__VA_ARGS__); |
34 | #include "lsm_hook_defs.h" | |
35 | #undef LSM_HOOK | |
3c4ed7bd CS |
36 | }; |
37 | ||
e20b043a | 38 | struct security_hook_heads { |
98e828a0 KS |
39 | #define LSM_HOOK(RET, DEFAULT, NAME, ...) struct hlist_head NAME; |
40 | #include "lsm_hook_defs.h" | |
41 | #undef LSM_HOOK | |
3859a271 | 42 | } __randomize_layout; |
e20b043a | 43 | |
b1d9e6b0 CS |
44 | /* |
45 | * Security module hook list structure. | |
46 | * For use with generic list macros for common operations. | |
47 | */ | |
48 | struct security_hook_list { | |
df0ce173 SD |
49 | struct hlist_node list; |
50 | struct hlist_head *head; | |
b1d9e6b0 | 51 | union security_list_options hook; |
1af0e4a0 | 52 | const char *lsm; |
3859a271 | 53 | } __randomize_layout; |
b1d9e6b0 | 54 | |
bbd3662a CS |
55 | /* |
56 | * Security blob size or offset data. | |
57 | */ | |
58 | struct lsm_blob_sizes { | |
59 | int lbs_cred; | |
33bf60ca | 60 | int lbs_file; |
afb1cbe3 | 61 | int lbs_inode; |
1aea7808 | 62 | int lbs_superblock; |
ecd5f82e CS |
63 | int lbs_ipc; |
64 | int lbs_msg_msg; | |
f4ad8f2c | 65 | int lbs_task; |
bbd3662a CS |
66 | }; |
67 | ||
98e828a0 KS |
68 | /* |
69 | * LSM_RET_VOID is used as the default value in LSM_HOOK definitions for void | |
70 | * LSM hooks (in include/linux/lsm_hook_defs.h). | |
71 | */ | |
72 | #define LSM_RET_VOID ((void) 0) | |
73 | ||
e20b043a CS |
74 | /* |
75 | * Initializing a security_hook_list structure takes | |
76 | * up a lot of space in a source file. This macro takes | |
77 | * care of the common case and reduces the amount of | |
78 | * text involved. | |
e20b043a | 79 | */ |
b1d9e6b0 CS |
80 | #define LSM_HOOK_INIT(HEAD, HOOK) \ |
81 | { .head = &security_hook_heads.HEAD, .hook = { .HEAD = HOOK } } | |
82 | ||
83 | extern struct security_hook_heads security_hook_heads; | |
d69dece5 | 84 | extern char *lsm_names; |
b1d9e6b0 | 85 | |
d69dece5 | 86 | extern void security_add_hooks(struct security_hook_list *hooks, int count, |
1af0e4a0 | 87 | const char *lsm); |
3c4ed7bd | 88 | |
47008e51 | 89 | #define LSM_FLAG_LEGACY_MAJOR BIT(0) |
14bd99c8 | 90 | #define LSM_FLAG_EXCLUSIVE BIT(1) |
47008e51 | 91 | |
e2bc445b KC |
92 | enum lsm_order { |
93 | LSM_ORDER_FIRST = -1, /* This is only for capabilities. */ | |
94 | LSM_ORDER_MUTABLE = 0, | |
42994ee3 | 95 | LSM_ORDER_LAST = 1, /* This is only for integrity. */ |
e2bc445b KC |
96 | }; |
97 | ||
5b89c1bd | 98 | struct lsm_info { |
07aed2f2 | 99 | const char *name; /* Required. */ |
e2bc445b | 100 | enum lsm_order order; /* Optional: default is LSM_ORDER_MUTABLE */ |
47008e51 | 101 | unsigned long flags; /* Optional: flags describing LSM */ |
a8027fb0 | 102 | int *enabled; /* Optional: controlled by CONFIG_LSM */ |
5b89c1bd | 103 | int (*init)(void); /* Required. */ |
bbd3662a | 104 | struct lsm_blob_sizes *blobs; /* Optional: for blob sharing. */ |
5b89c1bd KC |
105 | }; |
106 | ||
107 | extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; | |
e6b1db98 | 108 | extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[]; |
5b89c1bd | 109 | |
3d6e5f6d | 110 | #define DEFINE_LSM(lsm) \ |
5b89c1bd | 111 | static struct lsm_info __lsm_##lsm \ |
33def849 | 112 | __used __section(".lsm_info.init") \ |
3d6e5f6d | 113 | __aligned(sizeof(unsigned long)) |
5b89c1bd | 114 | |
e6b1db98 MG |
115 | #define DEFINE_EARLY_LSM(lsm) \ |
116 | static struct lsm_info __early_lsm_##lsm \ | |
33def849 | 117 | __used __section(".early_lsm_info.init") \ |
e6b1db98 MG |
118 | __aligned(sizeof(unsigned long)) |
119 | ||
afb1cbe3 CS |
120 | extern int lsm_inode_alloc(struct inode *inode); |
121 | ||
3c4ed7bd | 122 | #endif /* ! __LINUX_LSM_HOOKS_H */ |