]>
Commit | Line | Data |
---|---|---|
cb2c7d1a MS |
1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
2 | /* | |
3 | * Landlock LSM - Filesystem management and hooks | |
4 | * | |
5 | * Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net> | |
6 | * Copyright © 2018-2020 ANSSI | |
7 | */ | |
8 | ||
9 | #ifndef _SECURITY_LANDLOCK_FS_H | |
10 | #define _SECURITY_LANDLOCK_FS_H | |
11 | ||
12 | #include <linux/fs.h> | |
13 | #include <linux/init.h> | |
14 | #include <linux/rcupdate.h> | |
15 | ||
16 | #include "ruleset.h" | |
17 | #include "setup.h" | |
18 | ||
19 | /** | |
20 | * struct landlock_inode_security - Inode security blob | |
21 | * | |
22 | * Enable to reference a &struct landlock_object tied to an inode (i.e. | |
23 | * underlying object). | |
24 | */ | |
25 | struct landlock_inode_security { | |
26 | /** | |
27 | * @object: Weak pointer to an allocated object. All assignments of a | |
28 | * new object are protected by the underlying inode->i_lock. However, | |
29 | * atomically disassociating @object from the inode is only protected | |
30 | * by @object->lock, from the time @object's usage refcount drops to | |
31 | * zero to the time this pointer is nulled out (cf. release_inode() and | |
32 | * hook_sb_delete()). Indeed, such disassociation doesn't require | |
33 | * inode->i_lock thanks to the careful rcu_access_pointer() check | |
34 | * performed by get_inode_object(). | |
35 | */ | |
36 | struct landlock_object __rcu *object; | |
37 | }; | |
38 | ||
39 | /** | |
40 | * struct landlock_superblock_security - Superblock security blob | |
41 | * | |
42 | * Enable hook_sb_delete() to wait for concurrent calls to release_inode(). | |
43 | */ | |
44 | struct landlock_superblock_security { | |
45 | /** | |
46 | * @inode_refs: Number of pending inodes (from this superblock) that | |
47 | * are being released by release_inode(). | |
48 | * Cf. struct super_block->s_fsnotify_inode_refs . | |
49 | */ | |
50 | atomic_long_t inode_refs; | |
51 | }; | |
52 | ||
53 | static inline struct landlock_inode_security *landlock_inode( | |
54 | const struct inode *const inode) | |
55 | { | |
56 | return inode->i_security + landlock_blob_sizes.lbs_inode; | |
57 | } | |
58 | ||
59 | static inline struct landlock_superblock_security *landlock_superblock( | |
60 | const struct super_block *const superblock) | |
61 | { | |
62 | return superblock->s_security + landlock_blob_sizes.lbs_superblock; | |
63 | } | |
64 | ||
65 | __init void landlock_add_fs_hooks(void); | |
66 | ||
67 | int landlock_append_fs_rule(struct landlock_ruleset *const ruleset, | |
68 | const struct path *const path, u32 access_hierarchy); | |
69 | ||
70 | #endif /* _SECURITY_LANDLOCK_FS_H */ |