Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_htc_msm8960 / ab1363a8929f32cc163cd3f50ca72f20d901b00c / . / security / tomoyo / tomoyo.h
blob: 41c6ebafb9c561ad203cc52cef886378e01309e7 [file] [log] [blame]
Kentaro Takedaf7433242009-02-05 17:18:16 +0900[diff] [blame]1/*
2 * security/tomoyo/tomoyo.h
3 *
4 * Implementation of the Domain-Based Mandatory Access Control.
5 *
6 * Copyright (C) 2005-2009 NTT DATA CORPORATION
7 *
Tetsuo Handa39826a12009-04-08 22:31:28 +0900[diff] [blame]8 * Version: 2.2.0 2009/04/01
Kentaro Takedaf7433242009-02-05 17:18:16 +0900[diff] [blame]9 *
10 */
11
12#ifndef _SECURITY_TOMOYO_TOMOYO_H
13#define _SECURITY_TOMOYO_TOMOYO_H
14
15struct tomoyo_path_info;
16struct path;
17struct inode;
18struct linux_binprm;
19struct pt_regs;
20struct tomoyo_page_buffer;
21
22int tomoyo_check_file_perm(struct tomoyo_domain_info *domain,
23 const char *filename, const u8 perm);
24int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
25 const struct tomoyo_path_info *filename,
26 struct tomoyo_page_buffer *buf);
27int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
28 struct path *path, const int flag);
29int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain,
30 const u8 operation, struct path *path);
31int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain,
32 const u8 operation, struct path *path1,
33 struct path *path2);
34int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain,
35 struct file *filp);
36int tomoyo_find_next_domain(struct linux_binprm *bprm,
37 struct tomoyo_domain_info **next_domain);
38
39/* Index numbers for Access Controls. */
40
41#define TOMOYO_TYPE_SINGLE_PATH_ACL 0
42#define TOMOYO_TYPE_DOUBLE_PATH_ACL 1
43
44/* Index numbers for File Controls. */
45
46/*
47 * TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set
48 * if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and
49 * TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set.
50 * TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or
51 * TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are
52 * automatically cleared if TYPE_READ_WRITE_ACL is cleared.
53 */
54
55#define TOMOYO_TYPE_READ_WRITE_ACL 0
56#define TOMOYO_TYPE_EXECUTE_ACL 1
57#define TOMOYO_TYPE_READ_ACL 2
58#define TOMOYO_TYPE_WRITE_ACL 3
59#define TOMOYO_TYPE_CREATE_ACL 4
60#define TOMOYO_TYPE_UNLINK_ACL 5
61#define TOMOYO_TYPE_MKDIR_ACL 6
62#define TOMOYO_TYPE_RMDIR_ACL 7
63#define TOMOYO_TYPE_MKFIFO_ACL 8
64#define TOMOYO_TYPE_MKSOCK_ACL 9
65#define TOMOYO_TYPE_MKBLOCK_ACL 10
66#define TOMOYO_TYPE_MKCHAR_ACL 11
67#define TOMOYO_TYPE_TRUNCATE_ACL 12
68#define TOMOYO_TYPE_SYMLINK_ACL 13
69#define TOMOYO_TYPE_REWRITE_ACL 14
70#define TOMOYO_MAX_SINGLE_PATH_OPERATION 15
71
72#define TOMOYO_TYPE_LINK_ACL 0
73#define TOMOYO_TYPE_RENAME_ACL 1
74#define TOMOYO_MAX_DOUBLE_PATH_OPERATION 2
75
76#define TOMOYO_DOMAINPOLICY 0
77#define TOMOYO_EXCEPTIONPOLICY 1
78#define TOMOYO_DOMAIN_STATUS 2
79#define TOMOYO_PROCESS_STATUS 3
80#define TOMOYO_MEMINFO 4
81#define TOMOYO_SELFDOMAIN 5
82#define TOMOYO_VERSION 6
83#define TOMOYO_PROFILE 7
84#define TOMOYO_MANAGER 8
85
86extern struct tomoyo_domain_info tomoyo_kernel_domain;
87
88static inline struct tomoyo_domain_info *tomoyo_domain(void)
89{
90 return current_cred()->security;
91}
92
93/* Caller holds tasklist_lock spinlock. */
94static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
95 *task)
96{
97 /***** CRITICAL SECTION START *****/
98 const struct cred *cred = get_task_cred(task);
99 struct tomoyo_domain_info *domain = cred->security;
100
101 put_cred(cred);
102 return domain;
103 /***** CRITICAL SECTION END *****/
104}
105
106#endif /* !defined(_SECURITY_TOMOYO_TOMOYO_H) */