Blame view
security/smack/smack.h
13.2 KB
a10e763b8 treewide: Replace... |
1 |
/* SPDX-License-Identifier: GPL-2.0-only */ |
e114e4737 Smack: Simplified... |
2 3 4 |
/* * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com> * |
e114e4737 Smack: Simplified... |
5 6 |
* Author: * Casey Schaufler <casey@schaufler-ca.com> |
e114e4737 Smack: Simplified... |
7 8 9 10 11 12 13 |
*/ #ifndef _SECURITY_SMACK_H #define _SECURITY_SMACK_H #include <linux/capability.h> #include <linux/spinlock.h> |
3c4ed7bdf LSM: Split securi... |
14 |
#include <linux/lsm_hooks.h> |
6d3dc07cb smack: Add suppor... |
15 |
#include <linux/in.h> |
21abb1ec4 Smack: IPv6 host ... |
16 17 18 |
#if IS_ENABLED(CONFIG_IPV6) #include <linux/in6.h> #endif /* CONFIG_IPV6 */ |
e114e4737 Smack: Simplified... |
19 |
#include <net/netlabel.h> |
7198e2eeb smack: convert sm... |
20 21 |
#include <linux/list.h> #include <linux/rculist.h> |
ecfcc53fe smack: implement ... |
22 |
#include <linux/lsm_audit.h> |
019bcca46 Smack: Abstract u... |
23 |
#include <linux/msg.h> |
e114e4737 Smack: Simplified... |
24 25 |
/* |
21abb1ec4 Smack: IPv6 host ... |
26 27 28 29 30 31 32 33 34 35 36 37 |
* Use IPv6 port labeling if IPv6 is enabled and secmarks * are not being used. */ #if IS_ENABLED(CONFIG_IPV6) && !defined(CONFIG_SECURITY_SMACK_NETFILTER) #define SMACK_IPV6_PORT_LABELING 1 #endif #if IS_ENABLED(CONFIG_IPV6) && defined(CONFIG_SECURITY_SMACK_NETFILTER) #define SMACK_IPV6_SECMARK_LABELING 1 #endif /* |
f7112e6c9 Smack: allow for ... |
38 39 40 41 42 43 |
* Smack labels were limited to 23 characters for a long time. */ #define SMK_LABELLEN 24 #define SMK_LONGLABEL 256 /* |
2f823ff8b Smack: Improve ac... |
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
* This is the repository for labels seen so that it is * not necessary to keep allocating tiny chuncks of memory * and so that they can be shared. * * Labels are never modified in place. Anytime a label * is imported (e.g. xattrset on a file) the list is checked * for it and it is added if it doesn't exist. The address * is passed out in either case. Entries are added, but * never deleted. * * Since labels are hanging around anyway it doesn't * hurt to maintain a secid for those awkward situations * where kernel components that ought to use LSM independent * interfaces don't. The secid should go away when all of * these components have been repaired. * * The cipso value associated with the label gets stored here, too. * * Keep the access rules for this subject label here so that * the entire set of rules does not need to be examined every * time. */ struct smack_known { struct list_head list; |
4d7cf4a1f security: smack: ... |
68 |
struct hlist_node smk_hashed; |
2f823ff8b Smack: Improve ac... |
69 70 71 72 73 74 75 76 |
char *smk_known; u32 smk_secid; struct netlbl_lsm_secattr smk_netlabel; /* on wire labels */ struct list_head smk_rules; /* access rules */ struct mutex smk_rules_lock; /* lock for rules */ }; /* |
f7112e6c9 Smack: allow for ... |
77 |
* Maximum number of bytes for the levels in a CIPSO IP option. |
e114e4737 Smack: Simplified... |
78 79 80 81 82 |
* Why 23? CIPSO is constrained to 30, so a 32 byte buffer is * bigger than can be used, and 24 is the next lower multiple * of 8, and there are too many issues if there isn't space set * aside for the terminating null byte. */ |
f7112e6c9 Smack: allow for ... |
83 |
#define SMK_CIPSOLEN 24 |
e114e4737 Smack: Simplified... |
84 |
|
e114e4737 Smack: Simplified... |
85 |
struct superblock_smack { |
21c7eae21 Make Smack operat... |
86 87 88 89 |
struct smack_known *smk_root; struct smack_known *smk_floor; struct smack_known *smk_hat; struct smack_known *smk_default; |
9f50eda2a Smack: Add suppor... |
90 |
int smk_flags; |
e114e4737 Smack: Simplified... |
91 |
}; |
9f50eda2a Smack: Add suppor... |
92 93 94 95 96 |
/* * Superblock flags */ #define SMK_SB_INITIALIZED 0x01 #define SMK_SB_UNTRUSTED 0x02 |
e114e4737 Smack: Simplified... |
97 |
struct socket_smack { |
2f823ff8b Smack: Improve ac... |
98 |
struct smack_known *smk_out; /* outbound label */ |
54e70ec5e Smack: bidirectio... |
99 100 |
struct smack_known *smk_in; /* inbound label */ struct smack_known *smk_packet; /* TCP peer label */ |
a2af03188 Smack: Set socket... |
101 |
int smk_state; /* netlabel socket states */ |
e114e4737 Smack: Simplified... |
102 |
}; |
a2af03188 Smack: Set socket... |
103 104 105 106 |
#define SMK_NETLBL_UNSET 0 #define SMK_NETLBL_UNLABELED 1 #define SMK_NETLBL_LABELED 2 #define SMK_NETLBL_REQSKB 3 |
e114e4737 Smack: Simplified... |
107 108 109 110 111 |
/* * Inode smack data */ struct inode_smack { |
21c7eae21 Make Smack operat... |
112 |
struct smack_known *smk_inode; /* label of the fso */ |
2f823ff8b Smack: Improve ac... |
113 114 |
struct smack_known *smk_task; /* label of the task */ struct smack_known *smk_mmap; /* label of the mmap domain */ |
2f823ff8b Smack: Improve ac... |
115 |
int smk_flags; /* smack inode flags */ |
e114e4737 Smack: Simplified... |
116 |
}; |
676dac4b1 This patch adds a... |
117 |
struct task_smack { |
2f823ff8b Smack: Improve ac... |
118 119 |
struct smack_known *smk_task; /* label for access control */ struct smack_known *smk_forked; /* label when forked */ |
7898e1f8e Subject: [PATCH] ... |
120 121 |
struct list_head smk_rules; /* per task access rules */ struct mutex smk_rules_lock; /* lock for the rules */ |
38416e539 Smack: limited ca... |
122 |
struct list_head smk_relabel; /* transit allowed labels */ |
676dac4b1 This patch adds a... |
123 |
}; |
e114e4737 Smack: Simplified... |
124 |
#define SMK_INODE_INSTANT 0x01 /* inode is instantiated */ |
5c6d1125f Smack: Transmute ... |
125 |
#define SMK_INODE_TRANSMUTE 0x02 /* directory is transmuting */ |
2267b13a7 Smack: recursive ... |
126 |
#define SMK_INODE_CHANGED 0x04 /* smack was transmuted */ |
bf4b2fee9 Smack: Allow an u... |
127 |
#define SMK_INODE_IMPURE 0x08 /* involved in an impure transaction */ |
e114e4737 Smack: Simplified... |
128 129 130 131 132 |
/* * A label access rule. */ struct smack_rule { |
7198e2eeb smack: convert sm... |
133 |
struct list_head list; |
2f823ff8b Smack: Improve ac... |
134 |
struct smack_known *smk_subject; |
21c7eae21 Make Smack operat... |
135 |
struct smack_known *smk_object; |
7198e2eeb smack: convert sm... |
136 |
int smk_access; |
e114e4737 Smack: Simplified... |
137 138 139 |
}; /* |
21abb1ec4 Smack: IPv6 host ... |
140 |
* An entry in the table identifying IPv4 hosts. |
6d3dc07cb smack: Add suppor... |
141 |
*/ |
21abb1ec4 Smack: IPv6 host ... |
142 |
struct smk_net4addr { |
7198e2eeb smack: convert sm... |
143 |
struct list_head list; |
21abb1ec4 Smack: IPv6 host ... |
144 |
struct in_addr smk_host; /* network address */ |
6d3dc07cb smack: Add suppor... |
145 |
struct in_addr smk_mask; /* network mask */ |
21abb1ec4 Smack: IPv6 host ... |
146 147 148 |
int smk_masks; /* mask size */ struct smack_known *smk_label; /* label */ }; |
21abb1ec4 Smack: IPv6 host ... |
149 150 151 152 153 154 155 156 |
/* * An entry in the table identifying IPv6 hosts. */ struct smk_net6addr { struct list_head list; struct in6_addr smk_host; /* network address */ struct in6_addr smk_mask; /* network mask */ int smk_masks; /* mask size */ |
21c7eae21 Make Smack operat... |
157 |
struct smack_known *smk_label; /* label */ |
6d3dc07cb smack: Add suppor... |
158 159 160 |
}; /* |
c67394434 Smack: Local IPv6... |
161 162 163 164 165 166 |
* An entry in the table identifying ports. */ struct smk_port_label { struct list_head list; struct sock *smk_sock; /* socket initialized on */ unsigned short smk_port; /* the port number */ |
54e70ec5e Smack: bidirectio... |
167 |
struct smack_known *smk_in; /* inbound label */ |
2f823ff8b Smack: Improve ac... |
168 |
struct smack_known *smk_out; /* outgoing label */ |
9d44c9738 Smack: Fix the is... |
169 |
short smk_sock_type; /* Socket type */ |
0c96d1f53 Smack: Fix the is... |
170 |
short smk_can_reuse; |
e114e4737 Smack: Simplified... |
171 |
}; |
38416e539 Smack: limited ca... |
172 |
struct smack_known_list_elem { |
c0d77c884 Smack: allow mult... |
173 174 175 |
struct list_head list; struct smack_known *smk_label; }; |
3bf2789ca smack: allow moun... |
176 177 178 179 180 181 182 183 184 185 186 |
/* Super block security struct flags for mount options */ #define FSDEFAULT_MNT 0x01 #define FSFLOOR_MNT 0x02 #define FSHAT_MNT 0x04 #define FSROOT_MNT 0x08 #define FSTRANS_MNT 0x10 #define NUM_SMK_MNT_OPTS 5 enum { Opt_error = -1, |
2febd254a smack: Implement ... |
187 188 189 190 191 |
Opt_fsdefault = 0, Opt_fsfloor = 1, Opt_fshat = 2, Opt_fsroot = 3, Opt_fstransmute = 4, |
3bf2789ca smack: allow moun... |
192 |
}; |
21abb1ec4 Smack: IPv6 host ... |
193 |
#define SMACK_DELETE_OPTION "-DELETE" |
4303154e8 smack: Add a new ... |
194 |
#define SMACK_CIPSO_OPTION "-CIPSO" |
e114e4737 Smack: Simplified... |
195 |
/* |
e114e4737 Smack: Simplified... |
196 197 198 |
* CIPSO defaults. */ #define SMACK_CIPSO_DOI_DEFAULT 3 /* Historical */ |
6d3dc07cb smack: Add suppor... |
199 |
#define SMACK_CIPSO_DOI_INVALID -1 /* Not a DOI */ |
e114e4737 Smack: Simplified... |
200 |
#define SMACK_CIPSO_DIRECT_DEFAULT 250 /* Arbitrary */ |
f7112e6c9 Smack: allow for ... |
201 |
#define SMACK_CIPSO_MAPPED_DEFAULT 251 /* Also arbitrary */ |
e114e4737 Smack: Simplified... |
202 |
#define SMACK_CIPSO_MAXLEVEL 255 /* CIPSO 2.2 standard */ |
677264e8f Smack: network la... |
203 204 205 206 207 208 |
/* * CIPSO 2.2 standard is 239, but Smack wants to use the * categories in a structured way that limits the value to * the bits in 23 bytes, hence the unusual number. */ #define SMACK_CIPSO_MAXCATNUM 184 /* 23 * 8 */ |
e114e4737 Smack: Simplified... |
209 210 |
/* |
668678185 Smack: adds smack... |
211 212 213 214 215 216 217 218 |
* Ptrace rules */ #define SMACK_PTRACE_DEFAULT 0 #define SMACK_PTRACE_EXACT 1 #define SMACK_PTRACE_DRACONIAN 2 #define SMACK_PTRACE_MAX SMACK_PTRACE_DRACONIAN /* |
c0ab6e56d Smack: Implement ... |
219 220 221 |
* Flags for untraditional access modes. * It shouldn't be necessary to avoid conflicts with definitions * in fs.h, but do so anyway. |
5c6d1125f Smack: Transmute ... |
222 |
*/ |
c0ab6e56d Smack: Implement ... |
223 224 |
#define MAY_TRANSMUTE 0x00001000 /* Controls directory labeling */ #define MAY_LOCK 0x00002000 /* Locks should be writes, but ... */ |
d166c8024 Smack: Bring-up a... |
225 |
#define MAY_BRINGUP 0x00004000 /* Report use of this rule */ |
c0ab6e56d Smack: Implement ... |
226 |
|
c60b90667 Smack: Signal del... |
227 228 229 230 231 232 233 234 235 |
/* * The policy for delivering signals is configurable. * It is usually "write", but can be "append". */ #ifdef CONFIG_SECURITY_SMACK_APPEND_SIGNALS #define MAY_DELIVER MAY_APPEND /* Signal delivery requires append */ #else #define MAY_DELIVER MAY_WRITE /* Signal delivery requires write */ #endif |
bf4b2fee9 Smack: Allow an u... |
236 237 238 |
#define SMACK_BRINGUP_ALLOW 1 /* Allow bringup mode */ #define SMACK_UNCONFINED_SUBJECT 2 /* Allow unconfined label */ #define SMACK_UNCONFINED_OBJECT 3 /* Allow unconfined label */ |
5c6d1125f Smack: Transmute ... |
239 |
/* |
e114e4737 Smack: Simplified... |
240 241 |
* Just to make the common cases easier to deal with */ |
e114e4737 Smack: Simplified... |
242 |
#define MAY_ANYREAD (MAY_READ | MAY_EXEC) |
e114e4737 Smack: Simplified... |
243 244 245 246 |
#define MAY_READWRITE (MAY_READ | MAY_WRITE) #define MAY_NOT 0 /* |
d166c8024 Smack: Bring-up a... |
247 |
* Number of access types used by Smack (rwxatlb) |
ecfcc53fe smack: implement ... |
248 |
*/ |
d166c8024 Smack: Bring-up a... |
249 |
#define SMK_NUM_ACCESS_TYPE 7 |
ecfcc53fe smack: implement ... |
250 |
|
3b3b0e4fc LSM: shrink sizeo... |
251 252 253 254 255 256 257 258 |
/* SMACK data */ struct smack_audit_data { const char *function; char *subject; char *object; char *request; int result; }; |
ecfcc53fe smack: implement ... |
259 260 261 262 263 264 265 |
/* * Smack audit data; is empty if CONFIG_AUDIT not set * to save some stack */ struct smk_audit_info { #ifdef CONFIG_AUDIT struct common_audit_data a; |
3b3b0e4fc LSM: shrink sizeo... |
266 |
struct smack_audit_data sad; |
ecfcc53fe smack: implement ... |
267 268 |
#endif }; |
e114e4737 Smack: Simplified... |
269 270 271 272 |
/* * These functions are in smack_access.c */ |
7898e1f8e Subject: [PATCH] ... |
273 |
int smk_access_entry(char *, char *, struct list_head *); |
21c7eae21 Make Smack operat... |
274 275 276 277 278 |
int smk_access(struct smack_known *, struct smack_known *, int, struct smk_audit_info *); int smk_tskacc(struct task_smack *, struct smack_known *, u32, struct smk_audit_info *); int smk_curacc(struct smack_known *, u32, struct smk_audit_info *); |
2f823ff8b Smack: Improve ac... |
279 |
struct smack_known *smack_from_secid(const u32); |
f7112e6c9 Smack: allow for ... |
280 281 |
char *smk_parse_smack(const char *string, int len); int smk_netlbl_mls(int, char *, struct netlbl_lsm_secattr *, int); |
e114e4737 Smack: Simplified... |
282 |
struct smack_known *smk_import_entry(const char *, int); |
4d7cf4a1f security: smack: ... |
283 |
void smk_insert_entry(struct smack_known *skp); |
272cd7a8c Smack: Rule list ... |
284 |
struct smack_known *smk_find_entry(const char *); |
f28e783ff Smack: Use cap_ca... |
285 |
bool smack_privileged(int cap); |
d19dfe58b Smack: Privilege ... |
286 |
bool smack_privileged_cred(int cap, const struct cred *cred); |
38416e539 Smack: limited ca... |
287 |
void smk_destroy_label_list(struct list_head *list); |
322dd63c7 Smack: Use the ne... |
288 |
int smack_populate_secattr(struct smack_known *skp); |
e114e4737 Smack: Simplified... |
289 290 291 292 |
/* * Shared data. */ |
69f287ae6 Smack: secmark su... |
293 |
extern int smack_enabled; |
e114e4737 Smack: Simplified... |
294 |
extern int smack_cipso_direct; |
f7112e6c9 Smack: allow for ... |
295 |
extern int smack_cipso_mapped; |
2f823ff8b Smack: Improve ac... |
296 |
extern struct smack_known *smack_net_ambient; |
00f84f3f2 Smack: Make the s... |
297 |
extern struct smack_known *smack_syslog_label; |
bf4b2fee9 Smack: Allow an u... |
298 299 300 |
#ifdef CONFIG_SECURITY_SMACK_BRINGUP extern struct smack_known *smack_unconfined; #endif |
668678185 Smack: adds smack... |
301 |
extern int smack_ptrace_rule; |
bbd3662a8 Infrastructure ma... |
302 |
extern struct lsm_blob_sizes smack_blob_sizes; |
e114e4737 Smack: Simplified... |
303 |
|
e114e4737 Smack: Simplified... |
304 305 306 |
extern struct smack_known smack_known_floor; extern struct smack_known smack_known_hat; extern struct smack_known smack_known_huh; |
e114e4737 Smack: Simplified... |
307 |
extern struct smack_known smack_known_star; |
6d3dc07cb smack: Add suppor... |
308 |
extern struct smack_known smack_known_web; |
e114e4737 Smack: Simplified... |
309 |
|
f7112e6c9 Smack: allow for ... |
310 |
extern struct mutex smack_known_lock; |
7198e2eeb smack: convert sm... |
311 |
extern struct list_head smack_known_list; |
21abb1ec4 Smack: IPv6 host ... |
312 |
extern struct list_head smk_net4addr_list; |
21abb1ec4 Smack: IPv6 host ... |
313 |
extern struct list_head smk_net6addr_list; |
7198e2eeb smack: convert sm... |
314 |
|
c0d77c884 Smack: allow mult... |
315 316 |
extern struct mutex smack_onlycap_lock; extern struct list_head smack_onlycap_list; |
4d7cf4a1f security: smack: ... |
317 318 |
#define SMACK_HASH_SLOTS 16 extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS]; |
4e328b088 Smack: Create sma... |
319 |
extern struct kmem_cache *smack_rule_cache; |
4d7cf4a1f security: smack: ... |
320 |
|
b17103a8b Smack: Abstract u... |
321 322 |
static inline struct task_smack *smack_cred(const struct cred *cred) { |
bbd3662a8 Infrastructure ma... |
323 |
return cred->security + smack_blob_sizes.lbs_cred; |
b17103a8b Smack: Abstract u... |
324 |
} |
f28952ac9 Smack: Abstract u... |
325 326 |
static inline struct smack_known **smack_file(const struct file *file) { |
33bf60cab LSM: Infrastructu... |
327 328 |
return (struct smack_known **)(file->f_security + smack_blob_sizes.lbs_file); |
f28952ac9 Smack: Abstract u... |
329 |
} |
fb4021b6f Smack: Abstract u... |
330 331 |
static inline struct inode_smack *smack_inode(const struct inode *inode) { |
afb1cbe37 LSM: Infrastructu... |
332 |
return inode->i_security + smack_blob_sizes.lbs_inode; |
fb4021b6f Smack: Abstract u... |
333 |
} |
019bcca46 Smack: Abstract u... |
334 335 |
static inline struct smack_known **smack_msg_msg(const struct msg_msg *msg) { |
ecd5f82e0 LSM: Infrastructu... |
336 |
return msg->security + smack_blob_sizes.lbs_msg_msg; |
019bcca46 Smack: Abstract u... |
337 338 339 340 |
} static inline struct smack_known **smack_ipc(const struct kern_ipc_perm *ipc) { |
ecd5f82e0 LSM: Infrastructu... |
341 |
return ipc->security + smack_blob_sizes.lbs_ipc; |
019bcca46 Smack: Abstract u... |
342 |
} |
e114e4737 Smack: Simplified... |
343 |
/* |
5c6d1125f Smack: Transmute ... |
344 345 346 347 |
* Is the directory transmuting? */ static inline int smk_inode_transmutable(const struct inode *isp) { |
fb4021b6f Smack: Abstract u... |
348 |
struct inode_smack *sip = smack_inode(isp); |
5c6d1125f Smack: Transmute ... |
349 350 351 352 |
return (sip->smk_flags & SMK_INODE_TRANSMUTE) != 0; } /* |
21c7eae21 Make Smack operat... |
353 |
* Present a pointer to the smack label entry in an inode blob. |
e114e4737 Smack: Simplified... |
354 |
*/ |
21c7eae21 Make Smack operat... |
355 |
static inline struct smack_known *smk_of_inode(const struct inode *isp) |
e114e4737 Smack: Simplified... |
356 |
{ |
fb4021b6f Smack: Abstract u... |
357 |
struct inode_smack *sip = smack_inode(isp); |
e114e4737 Smack: Simplified... |
358 359 |
return sip->smk_inode; } |
ecfcc53fe smack: implement ... |
360 |
/* |
2f823ff8b Smack: Improve ac... |
361 |
* Present a pointer to the smack label entry in an task blob. |
676dac4b1 This patch adds a... |
362 |
*/ |
2f823ff8b Smack: Improve ac... |
363 |
static inline struct smack_known *smk_of_task(const struct task_smack *tsp) |
676dac4b1 This patch adds a... |
364 365 366 |
{ return tsp->smk_task; } |
b17103a8b Smack: Abstract u... |
367 368 |
static inline struct smack_known *smk_of_task_struct( const struct task_struct *t) |
6d1cff2a8 smack: fix possib... |
369 370 |
{ struct smack_known *skp; |
b17103a8b Smack: Abstract u... |
371 |
const struct cred *cred; |
6d1cff2a8 smack: fix possib... |
372 373 |
rcu_read_lock(); |
b17103a8b Smack: Abstract u... |
374 375 376 |
cred = __task_cred(t); skp = smk_of_task(smack_cred(cred)); |
6d1cff2a8 smack: fix possib... |
377 |
rcu_read_unlock(); |
b17103a8b Smack: Abstract u... |
378 |
|
6d1cff2a8 smack: fix possib... |
379 380 |
return skp; } |
676dac4b1 This patch adds a... |
381 |
/* |
2f823ff8b Smack: Improve ac... |
382 |
* Present a pointer to the forked smack label entry in an task blob. |
676dac4b1 This patch adds a... |
383 |
*/ |
2f823ff8b Smack: Improve ac... |
384 |
static inline struct smack_known *smk_of_forked(const struct task_smack *tsp) |
676dac4b1 This patch adds a... |
385 386 387 388 389 |
{ return tsp->smk_forked; } /* |
5c6d1125f Smack: Transmute ... |
390 |
* Present a pointer to the smack label in the current task blob. |
676dac4b1 This patch adds a... |
391 |
*/ |
2f823ff8b Smack: Improve ac... |
392 |
static inline struct smack_known *smk_of_current(void) |
676dac4b1 This patch adds a... |
393 |
{ |
b17103a8b Smack: Abstract u... |
394 |
return smk_of_task(smack_cred(current_cred())); |
676dac4b1 This patch adds a... |
395 396 397 |
} /* |
ecfcc53fe smack: implement ... |
398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 |
* logging functions */ #define SMACK_AUDIT_DENIED 0x1 #define SMACK_AUDIT_ACCEPT 0x2 extern int log_policy; void smack_log(char *subject_label, char *object_label, int request, int result, struct smk_audit_info *auditdata); #ifdef CONFIG_AUDIT /* * some inline functions to set up audit data * they do nothing if CONFIG_AUDIT is not set * */ static inline void smk_ad_init(struct smk_audit_info *a, const char *func, char type) { |
50c205f5e LSM: do not initi... |
418 |
memset(&a->sad, 0, sizeof(a->sad)); |
ecfcc53fe smack: implement ... |
419 |
a->a.type = type; |
3b3b0e4fc LSM: shrink sizeo... |
420 421 |
a->a.smack_audit_data = &a->sad; a->a.smack_audit_data->function = func; |
ecfcc53fe smack: implement ... |
422 |
} |
48c62af68 LSM: shrink the c... |
423 424 425 426 427 428 429 |
static inline void smk_ad_init_net(struct smk_audit_info *a, const char *func, char type, struct lsm_network_audit *net) { smk_ad_init(a, func, type); memset(net, 0, sizeof(*net)); a->a.u.net = net; } |
ecfcc53fe smack: implement ... |
430 431 432 433 434 435 436 437 |
static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, struct task_struct *t) { a->a.u.tsk = t; } static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, struct dentry *d) { |
a269434d2 LSM: separate LSM... |
438 |
a->a.u.dentry = d; |
ecfcc53fe smack: implement ... |
439 440 441 442 |
} static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, struct inode *i) { |
f48b73998 LSM: split LSM_AU... |
443 |
a->a.u.inode = i; |
ecfcc53fe smack: implement ... |
444 445 446 447 |
} static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, struct path p) { |
f48b73998 LSM: split LSM_AU... |
448 |
a->a.u.path = p; |
ecfcc53fe smack: implement ... |
449 450 451 452 |
} static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, struct sock *sk) { |
48c62af68 LSM: shrink the c... |
453 |
a->a.u.net->sk = sk; |
ecfcc53fe smack: implement ... |
454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 |
} #else /* no AUDIT */ static inline void smk_ad_init(struct smk_audit_info *a, const char *func, char type) { } static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, struct task_struct *t) { } static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, struct dentry *d) { } |
ecfcc53fe smack: implement ... |
470 471 472 473 474 475 476 477 478 479 480 481 482 |
static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, struct inode *i) { } static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, struct path p) { } static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, struct sock *sk) { } #endif |
e114e4737 Smack: Simplified... |
483 |
#endif /* _SECURITY_SMACK_H */ |