forked from Qortal/Brooklyn
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
58 lines
1.3 KiB
58 lines
1.3 KiB
/* SPDX-License-Identifier: GPL-2.0-only */ |
|
/* |
|
* Landlock LSM - Credential hooks |
|
* |
|
* Copyright © 2019-2020 Mickaël Salaün <[email protected]> |
|
* Copyright © 2019-2020 ANSSI |
|
*/ |
|
|
|
#ifndef _SECURITY_LANDLOCK_CRED_H |
|
#define _SECURITY_LANDLOCK_CRED_H |
|
|
|
#include <linux/cred.h> |
|
#include <linux/init.h> |
|
#include <linux/rcupdate.h> |
|
|
|
#include "ruleset.h" |
|
#include "setup.h" |
|
|
|
struct landlock_cred_security { |
|
struct landlock_ruleset *domain; |
|
}; |
|
|
|
static inline struct landlock_cred_security *landlock_cred( |
|
const struct cred *cred) |
|
{ |
|
return cred->security + landlock_blob_sizes.lbs_cred; |
|
} |
|
|
|
static inline const struct landlock_ruleset *landlock_get_current_domain(void) |
|
{ |
|
return landlock_cred(current_cred())->domain; |
|
} |
|
|
|
/* |
|
* The call needs to come from an RCU read-side critical section. |
|
*/ |
|
static inline const struct landlock_ruleset *landlock_get_task_domain( |
|
const struct task_struct *const task) |
|
{ |
|
return landlock_cred(__task_cred(task))->domain; |
|
} |
|
|
|
static inline bool landlocked(const struct task_struct *const task) |
|
{ |
|
bool has_dom; |
|
|
|
if (task == current) |
|
return !!landlock_get_current_domain(); |
|
|
|
rcu_read_lock(); |
|
has_dom = !!landlock_get_task_domain(task); |
|
rcu_read_unlock(); |
|
return has_dom; |
|
} |
|
|
|
__init void landlock_add_cred_hooks(void); |
|
|
|
#endif /* _SECURITY_LANDLOCK_CRED_H */
|
|
|