| Nicholas Flintham | 1e3d311 | 2013-04-10 10:48:38 +0100 | [diff] [blame^] | 1 | #ifndef _LINUX_SECUREBITS_H |
| 2 | #define _LINUX_SECUREBITS_H 1 |
| 3 | |
| 4 | #define issecure_mask(X) (1 << (X)) |
| 5 | #ifdef __KERNEL__ |
| 6 | #define issecure(X) (issecure_mask(X) & current_cred_xxx(securebits)) |
| 7 | #endif |
| 8 | |
| 9 | #define SECUREBITS_DEFAULT 0x00000000 |
| 10 | |
| 11 | #define SECURE_NOROOT 0 |
| 12 | #define SECURE_NOROOT_LOCKED 1 |
| 13 | |
| 14 | #define SECBIT_NOROOT (issecure_mask(SECURE_NOROOT)) |
| 15 | #define SECBIT_NOROOT_LOCKED (issecure_mask(SECURE_NOROOT_LOCKED)) |
| 16 | |
| 17 | #define SECURE_NO_SETUID_FIXUP 2 |
| 18 | #define SECURE_NO_SETUID_FIXUP_LOCKED 3 |
| 19 | |
| 20 | #define SECBIT_NO_SETUID_FIXUP (issecure_mask(SECURE_NO_SETUID_FIXUP)) |
| 21 | #define SECBIT_NO_SETUID_FIXUP_LOCKED \ |
| 22 | (issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED)) |
| 23 | |
| 24 | #define SECURE_KEEP_CAPS 4 |
| 25 | #define SECURE_KEEP_CAPS_LOCKED 5 |
| 26 | |
| 27 | #define SECBIT_KEEP_CAPS (issecure_mask(SECURE_KEEP_CAPS)) |
| 28 | #define SECBIT_KEEP_CAPS_LOCKED (issecure_mask(SECURE_KEEP_CAPS_LOCKED)) |
| 29 | |
| 30 | #define SECURE_ALL_BITS (issecure_mask(SECURE_NOROOT) | \ |
| 31 | issecure_mask(SECURE_NO_SETUID_FIXUP) | \ |
| 32 | issecure_mask(SECURE_KEEP_CAPS)) |
| 33 | #define SECURE_ALL_LOCKS (SECURE_ALL_BITS << 1) |
| 34 | |
| 35 | #endif |