SAFE public projects git trees. - safe/jmp/linux-2.6/blob - security/tomoyo/tomoyo.h

   1 /*
   2  * security/tomoyo/tomoyo.h
   3  *
   4  * Implementation of the Domain-Based Mandatory Access Control.
   5  *
   6  * Copyright (C) 2005-2009  NTT DATA CORPORATION
   7  *
   8  * Version: 2.2.0   2009/04/01
   9  *
  10  */
  11
  12 #ifndef _SECURITY_TOMOYO_TOMOYO_H
  13 #define _SECURITY_TOMOYO_TOMOYO_H
  14
  15 struct tomoyo_path_info;
  16 struct path;
  17 struct inode;
  18 struct linux_binprm;
  19 struct pt_regs;
  20
  21 int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
  22                            const struct tomoyo_path_info *filename);
  23 int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
  24                                  struct path *path, const int flag);
  25 int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain,
  26                             const u8 operation, struct path *path);
  27 int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain,
  28                             const u8 operation, struct path *path1,
  29                             struct path *path2);
  30 int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain,
  31                                     struct file *filp);
  32 int tomoyo_find_next_domain(struct linux_binprm *bprm);
  33
  34 /* Index numbers for Access Controls. */
  35
  36 #define TOMOYO_TYPE_SINGLE_PATH_ACL                 0
  37 #define TOMOYO_TYPE_DOUBLE_PATH_ACL                 1
  38
  39 /* Index numbers for File Controls. */
  40
  41 /*
  42  * TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set
  43  * if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and
  44  * TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set.
  45  * TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or
  46  * TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are
  47  * automatically cleared if TYPE_READ_WRITE_ACL is cleared.
  48  */
  49
  50 #define TOMOYO_TYPE_READ_WRITE_ACL    0
  51 #define TOMOYO_TYPE_EXECUTE_ACL       1
  52 #define TOMOYO_TYPE_READ_ACL          2
  53 #define TOMOYO_TYPE_WRITE_ACL         3
  54 #define TOMOYO_TYPE_CREATE_ACL        4
  55 #define TOMOYO_TYPE_UNLINK_ACL        5
  56 #define TOMOYO_TYPE_MKDIR_ACL         6
  57 #define TOMOYO_TYPE_RMDIR_ACL         7
  58 #define TOMOYO_TYPE_MKFIFO_ACL        8
  59 #define TOMOYO_TYPE_MKSOCK_ACL        9
  60 #define TOMOYO_TYPE_MKBLOCK_ACL      10
  61 #define TOMOYO_TYPE_MKCHAR_ACL       11
  62 #define TOMOYO_TYPE_TRUNCATE_ACL     12
  63 #define TOMOYO_TYPE_SYMLINK_ACL      13
  64 #define TOMOYO_TYPE_REWRITE_ACL      14
  65 #define TOMOYO_MAX_SINGLE_PATH_OPERATION 15
  66
  67 #define TOMOYO_TYPE_LINK_ACL         0
  68 #define TOMOYO_TYPE_RENAME_ACL       1
  69 #define TOMOYO_MAX_DOUBLE_PATH_OPERATION 2
  70
  71 #define TOMOYO_DOMAINPOLICY          0
  72 #define TOMOYO_EXCEPTIONPOLICY       1
  73 #define TOMOYO_DOMAIN_STATUS         2
  74 #define TOMOYO_PROCESS_STATUS        3
  75 #define TOMOYO_MEMINFO               4
  76 #define TOMOYO_SELFDOMAIN            5
  77 #define TOMOYO_VERSION               6
  78 #define TOMOYO_PROFILE               7
  79 #define TOMOYO_MANAGER               8
  80
  81 extern struct tomoyo_domain_info tomoyo_kernel_domain;
  82
  83 static inline struct tomoyo_domain_info *tomoyo_domain(void)
  84 {
  85         return current_cred()->security;
  86 }
  87
  88 static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
  89                                                             *task)
  90 {
  91         return task_cred_xxx(task, security);
  92 }
  93
  94 #endif /* !defined(_SECURITY_TOMOYO_TOMOYO_H) */