1
2
3
4
5
6
7
8
9
10
11
12#ifndef _SECURITY_TOMOYO_TOMOYO_H
13#define _SECURITY_TOMOYO_TOMOYO_H
14
15struct tomoyo_path_info;
16struct path;
17struct inode;
18struct linux_binprm;
19struct pt_regs;
20
21int tomoyo_check_file_perm(struct tomoyo_domain_info *domain,
22 const char *filename, const u8 perm);
23int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
24 const struct tomoyo_path_info *filename);
25int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
26 struct path *path, const int flag);
27int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain,
28 const u8 operation, struct path *path);
29int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain,
30 const u8 operation, struct path *path1,
31 struct path *path2);
32int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain,
33 struct file *filp);
34int tomoyo_find_next_domain(struct linux_binprm *bprm);
35
36
37
38#define TOMOYO_TYPE_SINGLE_PATH_ACL 0
39#define TOMOYO_TYPE_DOUBLE_PATH_ACL 1
40
41
42
43
44
45
46
47
48
49
50
51
52#define TOMOYO_TYPE_READ_WRITE_ACL 0
53#define TOMOYO_TYPE_EXECUTE_ACL 1
54#define TOMOYO_TYPE_READ_ACL 2
55#define TOMOYO_TYPE_WRITE_ACL 3
56#define TOMOYO_TYPE_CREATE_ACL 4
57#define TOMOYO_TYPE_UNLINK_ACL 5
58#define TOMOYO_TYPE_MKDIR_ACL 6
59#define TOMOYO_TYPE_RMDIR_ACL 7
60#define TOMOYO_TYPE_MKFIFO_ACL 8
61#define TOMOYO_TYPE_MKSOCK_ACL 9
62#define TOMOYO_TYPE_MKBLOCK_ACL 10
63#define TOMOYO_TYPE_MKCHAR_ACL 11
64#define TOMOYO_TYPE_TRUNCATE_ACL 12
65#define TOMOYO_TYPE_SYMLINK_ACL 13
66#define TOMOYO_TYPE_REWRITE_ACL 14
67#define TOMOYO_MAX_SINGLE_PATH_OPERATION 15
68
69#define TOMOYO_TYPE_LINK_ACL 0
70#define TOMOYO_TYPE_RENAME_ACL 1
71#define TOMOYO_MAX_DOUBLE_PATH_OPERATION 2
72
73#define TOMOYO_DOMAINPOLICY 0
74#define TOMOYO_EXCEPTIONPOLICY 1
75#define TOMOYO_DOMAIN_STATUS 2
76#define TOMOYO_PROCESS_STATUS 3
77#define TOMOYO_MEMINFO 4
78#define TOMOYO_SELFDOMAIN 5
79#define TOMOYO_VERSION 6
80#define TOMOYO_PROFILE 7
81#define TOMOYO_MANAGER 8
82
83extern struct tomoyo_domain_info tomoyo_kernel_domain;
84
85static inline struct tomoyo_domain_info *tomoyo_domain(void)
86{
87 return current_cred()->security;
88}
89
90static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
91 *task)
92{
93 return task_cred_xxx(task, security);
94}
95
96#endif
97