1 /* 2 * Linux Security Module interfaces 3 * 4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> 5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com> 6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> 7 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au> 8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group) 9 * Copyright (C) 2015 Intel Corporation. 10 * Copyright (C) 2015 Casey Schaufler <casey@schaufler-ca.com> 11 * Copyright (C) 2016 Mellanox Techonologies 12 * 13 * This program is free software; you can redistribute it and/or modify 14 * it under the terms of the GNU General Public License as published by 15 * the Free Software Foundation; either version 2 of the License, or 16 * (at your option) any later version. 17 * 18 * Due to this file being licensed under the GPL there is controversy over 19 * whether this permits you to write a module that #includes this file 20 * without placing your module under the GPL. Please consult a lawyer for 21 * advice before doing this. 22 * 23 */ 24 25 #ifndef __LINUX_LSM_HOOKS_H 26 #define __LINUX_LSM_HOOKS_H 27 28 #include <linux/security.h> 29 #include <linux/init.h> 30 #include <linux/rculist.h> 31 32 union security_list_options { 33 #define LSM_HOOK(RET, DEFAULT, NAME, ...) RET (*NAME)(__VA_ARGS__); 34 #include "lsm_hook_defs.h" 35 #undef LSM_HOOK 36 }; 37 38 struct security_hook_heads { 39 #define LSM_HOOK(RET, DEFAULT, NAME, ...) struct hlist_head NAME; 40 #include "lsm_hook_defs.h" 41 #undef LSM_HOOK 42 } __randomize_layout; 43 44 /* 45 * Security module hook list structure. 46 * For use with generic list macros for common operations. 47 */ 48 struct security_hook_list { 49 struct hlist_node list; 50 struct hlist_head *head; 51 union security_list_options hook; 52 const char *lsm; 53 } __randomize_layout; 54 55 /* 56 * Security blob size or offset data. 57 */ 58 struct lsm_blob_sizes { 59 int lbs_cred; 60 int lbs_file; 61 int lbs_inode; 62 int lbs_superblock; 63 int lbs_ipc; 64 int lbs_msg_msg; 65 int lbs_task; 66 }; 67 68 /* 69 * LSM_RET_VOID is used as the default value in LSM_HOOK definitions for void 70 * LSM hooks (in include/linux/lsm_hook_defs.h). 71 */ 72 #define LSM_RET_VOID ((void) 0) 73 74 /* 75 * Initializing a security_hook_list structure takes 76 * up a lot of space in a source file. This macro takes 77 * care of the common case and reduces the amount of 78 * text involved. 79 */ 80 #define LSM_HOOK_INIT(HEAD, HOOK) \ 81 { .head = &security_hook_heads.HEAD, .hook = { .HEAD = HOOK } } 82 83 extern struct security_hook_heads security_hook_heads; 84 extern char *lsm_names; 85 86 extern void security_add_hooks(struct security_hook_list *hooks, int count, 87 const char *lsm); 88 89 #define LSM_FLAG_LEGACY_MAJOR BIT(0) 90 #define LSM_FLAG_EXCLUSIVE BIT(1) 91 92 enum lsm_order { 93 LSM_ORDER_FIRST = -1, /* This is only for capabilities. */ 94 LSM_ORDER_MUTABLE = 0, 95 LSM_ORDER_LAST = 1, /* This is only for integrity. */ 96 }; 97 98 struct lsm_info { 99 const char *name; /* Required. */ 100 enum lsm_order order; /* Optional: default is LSM_ORDER_MUTABLE */ 101 unsigned long flags; /* Optional: flags describing LSM */ 102 int *enabled; /* Optional: controlled by CONFIG_LSM */ 103 int (*init)(void); /* Required. */ 104 struct lsm_blob_sizes *blobs; /* Optional: for blob sharing. */ 105 }; 106 107 extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; 108 extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[]; 109 110 #define DEFINE_LSM(lsm) \ 111 static struct lsm_info __lsm_##lsm \ 112 __used __section(".lsm_info.init") \ 113 __aligned(sizeof(unsigned long)) 114 115 #define DEFINE_EARLY_LSM(lsm) \ 116 static struct lsm_info __early_lsm_##lsm \ 117 __used __section(".early_lsm_info.init") \ 118 __aligned(sizeof(unsigned long)) 119 120 extern int lsm_inode_alloc(struct inode *inode); 121 122 #endif /* ! __LINUX_LSM_HOOKS_H */ 123