Commit | Line | Data |
---|---|---|
aeca4e2c MM |
1 | /* SPDX-License-Identifier: GPL-2.0 */ |
2 | /* | |
3 | * SafeSetID Linux Security Module | |
4 | * | |
5 | * Author: Micah Morton <mortonm@chromium.org> | |
6 | * | |
7 | * Copyright (C) 2018 The Chromium OS Authors. | |
8 | * | |
9 | * This program is free software; you can redistribute it and/or modify | |
10 | * it under the terms of the GNU General Public License version 2, as | |
11 | * published by the Free Software Foundation. | |
12 | * | |
13 | */ | |
14 | #ifndef _SAFESETID_H | |
15 | #define _SAFESETID_H | |
16 | ||
17 | #include <linux/types.h> | |
1cd02a27 JH |
18 | #include <linux/uidgid.h> |
19 | #include <linux/hashtable.h> | |
aeca4e2c MM |
20 | |
21 | /* Flag indicating whether initialization completed */ | |
22 | extern int safesetid_initialized; | |
23 | ||
1cd02a27 JH |
24 | enum sid_policy_type { |
25 | SIDPOL_DEFAULT, /* source ID is unaffected by policy */ | |
26 | SIDPOL_CONSTRAINED, /* source ID is affected by policy */ | |
27 | SIDPOL_ALLOWED /* target ID explicitly allowed */ | |
28 | }; | |
29 | ||
30 | /* | |
31 | * Hash table entry to store safesetid policy signifying that 'src_uid' | |
03638e62 | 32 | * can setuid to 'dst_uid'. |
1cd02a27 | 33 | */ |
03638e62 | 34 | struct setuid_rule { |
1cd02a27 | 35 | struct hlist_node next; |
1cd02a27 JH |
36 | kuid_t src_uid; |
37 | kuid_t dst_uid; | |
38 | }; | |
39 | ||
03638e62 JH |
40 | #define SETID_HASH_BITS 8 /* 256 buckets in hash table */ |
41 | ||
42 | struct setuid_ruleset { | |
43 | DECLARE_HASHTABLE(rules, SETID_HASH_BITS); | |
fbd9acb2 | 44 | char *policy_str; |
03638e62 JH |
45 | struct rcu_head rcu; |
46 | }; | |
47 | ||
48 | enum sid_policy_type _setuid_policy_lookup(struct setuid_ruleset *policy, | |
49 | kuid_t src, kuid_t dst); | |
aeca4e2c | 50 | |
03638e62 | 51 | extern struct setuid_ruleset __rcu *safesetid_setuid_rules; |
aeca4e2c MM |
52 | |
53 | #endif /* _SAFESETID_H */ |