Commit | Line | Data |
---|---|---|
385975dc MS |
1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
2 | /* | |
3 | * Landlock LSM - Credential hooks | |
4 | * | |
5 | * Copyright © 2019-2020 Mickaël Salaün <mic@digikod.net> | |
6 | * Copyright © 2019-2020 ANSSI | |
7 | */ | |
8 | ||
9 | #ifndef _SECURITY_LANDLOCK_CRED_H | |
10 | #define _SECURITY_LANDLOCK_CRED_H | |
11 | ||
12 | #include <linux/cred.h> | |
13 | #include <linux/init.h> | |
14 | #include <linux/rcupdate.h> | |
15 | ||
16 | #include "ruleset.h" | |
17 | #include "setup.h" | |
18 | ||
19 | struct landlock_cred_security { | |
20 | struct landlock_ruleset *domain; | |
21 | }; | |
22 | ||
23 | static inline struct landlock_cred_security *landlock_cred( | |
24 | const struct cred *cred) | |
25 | { | |
26 | return cred->security + landlock_blob_sizes.lbs_cred; | |
27 | } | |
28 | ||
29 | static inline const struct landlock_ruleset *landlock_get_current_domain(void) | |
30 | { | |
31 | return landlock_cred(current_cred())->domain; | |
32 | } | |
33 | ||
34 | /* | |
35 | * The call needs to come from an RCU read-side critical section. | |
36 | */ | |
37 | static inline const struct landlock_ruleset *landlock_get_task_domain( | |
38 | const struct task_struct *const task) | |
39 | { | |
40 | return landlock_cred(__task_cred(task))->domain; | |
41 | } | |
42 | ||
43 | static inline bool landlocked(const struct task_struct *const task) | |
44 | { | |
45 | bool has_dom; | |
46 | ||
47 | if (task == current) | |
48 | return !!landlock_get_current_domain(); | |
49 | ||
50 | rcu_read_lock(); | |
51 | has_dom = !!landlock_get_task_domain(task); | |
52 | rcu_read_unlock(); | |
53 | return has_dom; | |
54 | } | |
55 | ||
56 | __init void landlock_add_cred_hooks(void); | |
57 | ||
58 | #endif /* _SECURITY_LANDLOCK_CRED_H */ |