Commit | Line | Data |
---|---|---|
f7433243 KT |
1 | /* |
2 | * security/tomoyo/tomoyo.h | |
3 | * | |
4 | * Implementation of the Domain-Based Mandatory Access Control. | |
5 | * | |
6 | * Copyright (C) 2005-2009 NTT DATA CORPORATION | |
7 | * | |
39826a1e | 8 | * Version: 2.2.0 2009/04/01 |
f7433243 KT |
9 | * |
10 | */ | |
11 | ||
12 | #ifndef _SECURITY_TOMOYO_TOMOYO_H | |
13 | #define _SECURITY_TOMOYO_TOMOYO_H | |
14 | ||
15 | struct tomoyo_path_info; | |
16 | struct path; | |
17 | struct inode; | |
18 | struct linux_binprm; | |
19 | struct pt_regs; | |
f7433243 KT |
20 | |
21 | int tomoyo_check_file_perm(struct tomoyo_domain_info *domain, | |
22 | const char *filename, const u8 perm); | |
23 | int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain, | |
bcb86975 | 24 | const struct tomoyo_path_info *filename); |
f7433243 KT |
25 | int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, |
26 | struct path *path, const int flag); | |
27 | int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain, | |
28 | const u8 operation, struct path *path); | |
29 | int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain, | |
30 | const u8 operation, struct path *path1, | |
31 | struct path *path2); | |
32 | int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain, | |
33 | struct file *filp); | |
56f8c9bc | 34 | int tomoyo_find_next_domain(struct linux_binprm *bprm); |
f7433243 KT |
35 | |
36 | /* Index numbers for Access Controls. */ | |
37 | ||
38 | #define TOMOYO_TYPE_SINGLE_PATH_ACL 0 | |
39 | #define TOMOYO_TYPE_DOUBLE_PATH_ACL 1 | |
40 | ||
41 | /* Index numbers for File Controls. */ | |
42 | ||
43 | /* | |
44 | * TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set | |
45 | * if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and | |
46 | * TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set. | |
47 | * TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or | |
48 | * TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are | |
49 | * automatically cleared if TYPE_READ_WRITE_ACL is cleared. | |
50 | */ | |
51 | ||
52 | #define TOMOYO_TYPE_READ_WRITE_ACL 0 | |
53 | #define TOMOYO_TYPE_EXECUTE_ACL 1 | |
54 | #define TOMOYO_TYPE_READ_ACL 2 | |
55 | #define TOMOYO_TYPE_WRITE_ACL 3 | |
56 | #define TOMOYO_TYPE_CREATE_ACL 4 | |
57 | #define TOMOYO_TYPE_UNLINK_ACL 5 | |
58 | #define TOMOYO_TYPE_MKDIR_ACL 6 | |
59 | #define TOMOYO_TYPE_RMDIR_ACL 7 | |
60 | #define TOMOYO_TYPE_MKFIFO_ACL 8 | |
61 | #define TOMOYO_TYPE_MKSOCK_ACL 9 | |
62 | #define TOMOYO_TYPE_MKBLOCK_ACL 10 | |
63 | #define TOMOYO_TYPE_MKCHAR_ACL 11 | |
64 | #define TOMOYO_TYPE_TRUNCATE_ACL 12 | |
65 | #define TOMOYO_TYPE_SYMLINK_ACL 13 | |
66 | #define TOMOYO_TYPE_REWRITE_ACL 14 | |
67 | #define TOMOYO_MAX_SINGLE_PATH_OPERATION 15 | |
68 | ||
69 | #define TOMOYO_TYPE_LINK_ACL 0 | |
70 | #define TOMOYO_TYPE_RENAME_ACL 1 | |
71 | #define TOMOYO_MAX_DOUBLE_PATH_OPERATION 2 | |
72 | ||
73 | #define TOMOYO_DOMAINPOLICY 0 | |
74 | #define TOMOYO_EXCEPTIONPOLICY 1 | |
75 | #define TOMOYO_DOMAIN_STATUS 2 | |
76 | #define TOMOYO_PROCESS_STATUS 3 | |
77 | #define TOMOYO_MEMINFO 4 | |
78 | #define TOMOYO_SELFDOMAIN 5 | |
79 | #define TOMOYO_VERSION 6 | |
80 | #define TOMOYO_PROFILE 7 | |
81 | #define TOMOYO_MANAGER 8 | |
82 | ||
83 | extern struct tomoyo_domain_info tomoyo_kernel_domain; | |
84 | ||
85 | static inline struct tomoyo_domain_info *tomoyo_domain(void) | |
86 | { | |
87 | return current_cred()->security; | |
88 | } | |
89 | ||
f7433243 KT |
90 | static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct |
91 | *task) | |
92 | { | |
fbeb4a9c | 93 | return task_cred_xxx(task, security); |
f7433243 KT |
94 | } |
95 | ||
96 | #endif /* !defined(_SECURITY_TOMOYO_TOMOYO_H) */ |