Commit | Line | Data |
---|---|---|
aeca4e2c MM |
1 | /* SPDX-License-Identifier: GPL-2.0 */ |
2 | /* | |
3 | * SafeSetID Linux Security Module | |
4 | * | |
5 | * Author: Micah Morton <mortonm@chromium.org> | |
6 | * | |
7 | * Copyright (C) 2018 The Chromium OS Authors. | |
8 | * | |
9 | * This program is free software; you can redistribute it and/or modify | |
10 | * it under the terms of the GNU General Public License version 2, as | |
11 | * published by the Free Software Foundation. | |
12 | * | |
13 | */ | |
14 | #ifndef _SAFESETID_H | |
15 | #define _SAFESETID_H | |
16 | ||
17 | #include <linux/types.h> | |
1cd02a27 JH |
18 | #include <linux/uidgid.h> |
19 | #include <linux/hashtable.h> | |
aeca4e2c MM |
20 | |
21 | /* Flag indicating whether initialization completed */ | |
1b8b7192 | 22 | extern int safesetid_initialized __initdata; |
aeca4e2c | 23 | |
1cd02a27 JH |
24 | enum sid_policy_type { |
25 | SIDPOL_DEFAULT, /* source ID is unaffected by policy */ | |
26 | SIDPOL_CONSTRAINED, /* source ID is affected by policy */ | |
27 | SIDPOL_ALLOWED /* target ID explicitly allowed */ | |
28 | }; | |
29 | ||
5294bac9 TC |
30 | typedef union { |
31 | kuid_t uid; | |
32 | kgid_t gid; | |
33 | } kid_t; | |
34 | ||
35 | enum setid_type { | |
36 | UID, | |
37 | GID | |
38 | }; | |
39 | ||
1cd02a27 | 40 | /* |
5294bac9 TC |
41 | * Hash table entry to store safesetid policy signifying that 'src_id' |
42 | * can set*id to 'dst_id'. | |
1cd02a27 | 43 | */ |
5294bac9 | 44 | struct setid_rule { |
1cd02a27 | 45 | struct hlist_node next; |
5294bac9 TC |
46 | kid_t src_id; |
47 | kid_t dst_id; | |
48 | ||
49 | /* Flag to signal if rule is for UID's or GID's */ | |
50 | enum setid_type type; | |
1cd02a27 JH |
51 | }; |
52 | ||
03638e62 JH |
53 | #define SETID_HASH_BITS 8 /* 256 buckets in hash table */ |
54 | ||
5294bac9 TC |
55 | /* Extension of INVALID_UID/INVALID_GID for kid_t type */ |
56 | #define INVALID_ID (kid_t){.uid = INVALID_UID} | |
57 | ||
58 | struct setid_ruleset { | |
03638e62 | 59 | DECLARE_HASHTABLE(rules, SETID_HASH_BITS); |
fbd9acb2 | 60 | char *policy_str; |
03638e62 | 61 | struct rcu_head rcu; |
5294bac9 TC |
62 | |
63 | //Flag to signal if ruleset is for UID's or GID's | |
64 | enum setid_type type; | |
03638e62 JH |
65 | }; |
66 | ||
5294bac9 TC |
67 | enum sid_policy_type _setid_policy_lookup(struct setid_ruleset *policy, |
68 | kid_t src, kid_t dst); | |
aeca4e2c | 69 | |
5294bac9 TC |
70 | extern struct setid_ruleset __rcu *safesetid_setuid_rules; |
71 | extern struct setid_ruleset __rcu *safesetid_setgid_rules; | |
aeca4e2c MM |
72 | |
73 | #endif /* _SAFESETID_H */ |