| #ifndef _LINUX_SECUREBITS_H |
| #define _LINUX_SECUREBITS_H 1 |
| |
| #define issecure_mask(X) (1 << (X)) |
| #ifdef __KERNEL__ |
| #define issecure(X) (issecure_mask(X) & current_cred_xxx(securebits)) |
| #endif |
| |
| #define SECUREBITS_DEFAULT 0x00000000 |
| |
| #define SECURE_NOROOT 0 |
| #define SECURE_NOROOT_LOCKED 1 |
| |
| #define SECBIT_NOROOT (issecure_mask(SECURE_NOROOT)) |
| #define SECBIT_NOROOT_LOCKED (issecure_mask(SECURE_NOROOT_LOCKED)) |
| |
| #define SECURE_NO_SETUID_FIXUP 2 |
| #define SECURE_NO_SETUID_FIXUP_LOCKED 3 |
| |
| #define SECBIT_NO_SETUID_FIXUP (issecure_mask(SECURE_NO_SETUID_FIXUP)) |
| #define SECBIT_NO_SETUID_FIXUP_LOCKED \ |
| (issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED)) |
| |
| #define SECURE_KEEP_CAPS 4 |
| #define SECURE_KEEP_CAPS_LOCKED 5 |
| |
| #define SECBIT_KEEP_CAPS (issecure_mask(SECURE_KEEP_CAPS)) |
| #define SECBIT_KEEP_CAPS_LOCKED (issecure_mask(SECURE_KEEP_CAPS_LOCKED)) |
| |
| #define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \ |
| issecure_mask(SECURE_NO_SETUID_FIXUP) | \ |
| issecure_mask(SECURE_KEEP_CAPS)) |
| #define SECURE_ALL_LOCKS (SECURE_ALL_BITS << 1) |
| |
| #endif |