1 /* 2 * Linux Security Module interfaces 3 * 4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> 5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com> 6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> 7 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au> 8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group) 9 * Copyright (C) 2015 Intel Corporation. 10 * Copyright (C) 2015 Casey Schaufler <casey@schaufler-ca.com> 11 * Copyright (C) 2016 Mellanox Techonologies 12 * 13 * This program is free software; you can redistribute it and/or modify 14 * it under the terms of the GNU General Public License as published by 15 * the Free Software Foundation; either version 2 of the License, or 16 * (at your option) any later version. 17 * 18 * Due to this file being licensed under the GPL there is controversy over 19 * whether this permits you to write a module that #includes this file 20 * without placing your module under the GPL. Please consult a lawyer for 21 * advice before doing this. 22 * 23 */ 24 25 #ifndef __LINUX_LSM_HOOKS_H 26 #define __LINUX_LSM_HOOKS_H 27 28 #include <linux/security.h> 29 #include <linux/init.h> 30 #include <linux/rculist.h> 31 #include <linux/xattr.h> 32 33 union security_list_options { 34 #define LSM_HOOK(RET, DEFAULT, NAME, ...) RET (*NAME)(__VA_ARGS__); 35 #include "lsm_hook_defs.h" 36 #undef LSM_HOOK 37 }; 38 39 struct security_hook_heads { 40 #define LSM_HOOK(RET, DEFAULT, NAME, ...) struct hlist_head NAME; 41 #include "lsm_hook_defs.h" 42 #undef LSM_HOOK 43 } __randomize_layout; 44 45 /* 46 * Security module hook list structure. 47 * For use with generic list macros for common operations. 48 */ 49 struct security_hook_list { 50 struct hlist_node list; 51 struct hlist_head *head; 52 union security_list_options hook; 53 const char *lsm; 54 } __randomize_layout; 55 56 /* 57 * Security blob size or offset data. 58 */ 59 struct lsm_blob_sizes { 60 int lbs_cred; 61 int lbs_file; 62 int lbs_inode; 63 int lbs_superblock; 64 int lbs_ipc; 65 int lbs_msg_msg; 66 int lbs_task; 67 int lbs_xattr_count; /* number of xattr slots in new_xattrs array */ 68 }; 69 70 /** 71 * lsm_get_xattr_slot - Return the next available slot and increment the index 72 * @xattrs: array storing LSM-provided xattrs 73 * @xattr_count: number of already stored xattrs (updated) 74 * 75 * Retrieve the first available slot in the @xattrs array to fill with an xattr, 76 * and increment @xattr_count. 77 * 78 * Return: The slot to fill in @xattrs if non-NULL, NULL otherwise. 79 */ 80 static inline struct xattr *lsm_get_xattr_slot(struct xattr *xattrs, 81 int *xattr_count) 82 { 83 if (unlikely(!xattrs)) 84 return NULL; 85 return &xattrs[(*xattr_count)++]; 86 } 87 88 /* 89 * LSM_RET_VOID is used as the default value in LSM_HOOK definitions for void 90 * LSM hooks (in include/linux/lsm_hook_defs.h). 91 */ 92 #define LSM_RET_VOID ((void) 0) 93 94 /* 95 * Initializing a security_hook_list structure takes 96 * up a lot of space in a source file. This macro takes 97 * care of the common case and reduces the amount of 98 * text involved. 99 */ 100 #define LSM_HOOK_INIT(HEAD, HOOK) \ 101 { .head = &security_hook_heads.HEAD, .hook = { .HEAD = HOOK } } 102 103 extern struct security_hook_heads security_hook_heads; 104 extern char *lsm_names; 105 106 extern void security_add_hooks(struct security_hook_list *hooks, int count, 107 const char *lsm); 108 109 #define LSM_FLAG_LEGACY_MAJOR BIT(0) 110 #define LSM_FLAG_EXCLUSIVE BIT(1) 111 112 enum lsm_order { 113 LSM_ORDER_FIRST = -1, /* This is only for capabilities. */ 114 LSM_ORDER_MUTABLE = 0, 115 LSM_ORDER_LAST = 1, /* This is only for integrity. */ 116 }; 117 118 struct lsm_info { 119 const char *name; /* Required. */ 120 enum lsm_order order; /* Optional: default is LSM_ORDER_MUTABLE */ 121 unsigned long flags; /* Optional: flags describing LSM */ 122 int *enabled; /* Optional: controlled by CONFIG_LSM */ 123 int (*init)(void); /* Required. */ 124 struct lsm_blob_sizes *blobs; /* Optional: for blob sharing. */ 125 }; 126 127 extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; 128 extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[]; 129 130 #define DEFINE_LSM(lsm) \ 131 static struct lsm_info __lsm_##lsm \ 132 __used __section(".lsm_info.init") \ 133 __aligned(sizeof(unsigned long)) 134 135 #define DEFINE_EARLY_LSM(lsm) \ 136 static struct lsm_info __early_lsm_##lsm \ 137 __used __section(".early_lsm_info.init") \ 138 __aligned(sizeof(unsigned long)) 139 140 extern int lsm_inode_alloc(struct inode *inode); 141 142 #endif /* ! __LINUX_LSM_HOOKS_H */ 143