LXR linux/security/tomoyo/tomoyo.h

   1/*
   2 * security/tomoyo/tomoyo.h
   3 *
   4 * Implementation of the Domain-Based Mandatory Access Control.
   5 *
   6 * Copyright (C) 2005-2009  NTT DATA CORPORATION
   7 *
   8 * Version: 2.2.0   2009/04/01
   9 *
  10 */
  11
  12#ifndef _SECURITY_TOMOYO_TOMOYO_H
  13#define _SECURITY_TOMOYO_TOMOYO_H
  14
  15struct tomoyo_path_info;
  16struct path;
  17struct inode;
  18struct linux_binprm;
  19struct pt_regs;
  20
  21int tomoyo_check_file_perm(struct tomoyo_domain_info *domain,
  22                           const char *filename, const u8 perm);
  23int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
  24                           const struct tomoyo_path_info *filename);
  25int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
  26                                 struct path *path, const int flag);
  27int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain,
  28                            const u8 operation, struct path *path);
  29int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain,
  30                            const u8 operation, struct path *path1,
  31                            struct path *path2);
  32int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain,
  33                                    struct file *filp);
  34int tomoyo_find_next_domain(struct linux_binprm *bprm);
  35
  36/* Index numbers for Access Controls. */
  37
  38#define TOMOYO_TYPE_SINGLE_PATH_ACL                 0
  39#define TOMOYO_TYPE_DOUBLE_PATH_ACL                 1
  40
  41/* Index numbers for File Controls. */
  42
  43/*
  44 * TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set
  45 * if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and
  46 * TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set.
  47 * TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or
  48 * TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are
  49 * automatically cleared if TYPE_READ_WRITE_ACL is cleared.
  50 */
  51
  52#define TOMOYO_TYPE_READ_WRITE_ACL    0
  53#define TOMOYO_TYPE_EXECUTE_ACL       1
  54#define TOMOYO_TYPE_READ_ACL          2
  55#define TOMOYO_TYPE_WRITE_ACL         3
  56#define TOMOYO_TYPE_CREATE_ACL        4
  57#define TOMOYO_TYPE_UNLINK_ACL        5
  58#define TOMOYO_TYPE_MKDIR_ACL         6
  59#define TOMOYO_TYPE_RMDIR_ACL         7
  60#define TOMOYO_TYPE_MKFIFO_ACL        8
  61#define TOMOYO_TYPE_MKSOCK_ACL        9
  62#define TOMOYO_TYPE_MKBLOCK_ACL      10
  63#define TOMOYO_TYPE_MKCHAR_ACL       11
  64#define TOMOYO_TYPE_TRUNCATE_ACL     12
  65#define TOMOYO_TYPE_SYMLINK_ACL      13
  66#define TOMOYO_TYPE_REWRITE_ACL      14
  67#define TOMOYO_MAX_SINGLE_PATH_OPERATION 15
  68
  69#define TOMOYO_TYPE_LINK_ACL         0
  70#define TOMOYO_TYPE_RENAME_ACL       1
  71#define TOMOYO_MAX_DOUBLE_PATH_OPERATION 2
  72
  73#define TOMOYO_DOMAINPOLICY          0
  74#define TOMOYO_EXCEPTIONPOLICY       1
  75#define TOMOYO_DOMAIN_STATUS         2
  76#define TOMOYO_PROCESS_STATUS        3
  77#define TOMOYO_MEMINFO               4
  78#define TOMOYO_SELFDOMAIN            5
  79#define TOMOYO_VERSION               6
  80#define TOMOYO_PROFILE               7
  81#define TOMOYO_MANAGER               8
  82
  83extern struct tomoyo_domain_info tomoyo_kernel_domain;
  84
  85static inline struct tomoyo_domain_info *tomoyo_domain(void)
  86{
  87        return current_cred()->security;
  88}
  89
  90static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
  91                                                            *task)
  92{
  93        return task_cred_xxx(task, security);
  94}
  95
  96#endif /* !defined(_SECURITY_TOMOYO_TOMOYO_H) */
  97