linux/security/landlock/fs.h
<<
>>
Prefs 
   1/* SPDX-License-Identifier: GPL-2.0-only */
   2/*
   3 * Landlock LSM - Filesystem management and hooks
   4 *
   5 * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net>
   6 * Copyright © 2018-2020 ANSSI
   7 */
   8
   9#ifndef _SECURITY_LANDLOCK_FS_H
  10#define _SECURITY_LANDLOCK_FS_H
  11
  12#include <linux/fs.h>
  13#include <linux/init.h>
  14#include <linux/rcupdate.h>
  15
  16#include "ruleset.h"
  17#include "setup.h"
  18
  19/**
  20 * struct landlock_inode_security - Inode security blob
  21 *
  22 * Enable to reference a &struct landlock_object tied to an inode (i.e.
  23 * underlying object).
  24 */
  25struct landlock_inode_security {
  26        /**
  27         * @object: Weak pointer to an allocated object.  All assignments of a
  28         * new object are protected by the underlying inode->i_lock.  However,
  29         * atomically disassociating @object from the inode is only protected
  30         * by @object->lock, from the time @object's usage refcount drops to
  31         * zero to the time this pointer is nulled out (cf. release_inode() and
  32         * hook_sb_delete()).  Indeed, such disassociation doesn't require
  33         * inode->i_lock thanks to the careful rcu_access_pointer() check
  34         * performed by get_inode_object().
  35         */
  36        struct landlock_object __rcu *object;
  37};
  38
  39/**
  40 * struct landlock_superblock_security - Superblock security blob
  41 *
  42 * Enable hook_sb_delete() to wait for concurrent calls to release_inode().
  43 */
  44struct landlock_superblock_security {
  45        /**
  46         * @inode_refs: Number of pending inodes (from this superblock) that
  47         * are being released by release_inode().
  48         * Cf. struct super_block->s_fsnotify_inode_refs .
  49         */
  50        atomic_long_t inode_refs;
  51};
  52
  53static inline struct landlock_inode_security *landlock_inode(
  54                const struct inode *const inode)
  55{
  56        return inode->i_security + landlock_blob_sizes.lbs_inode;
  57}
  58
  59static inline struct landlock_superblock_security *landlock_superblock(
  60                const struct super_block *const superblock)
  61{
  62        return superblock->s_security + landlock_blob_sizes.lbs_superblock;
  63}
  64
  65__init void landlock_add_fs_hooks(void);
  66
  67int landlock_append_fs_rule(struct landlock_ruleset *const ruleset,
  68                const struct path *const path, u32 access_hierarchy);
  69
  70#endif /* _SECURITY_LANDLOCK_FS_H */
  71
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.