blob: cd6ba0bf7069a98128bdac2d562c9746decdcc6f [file] [log] [blame]
Kentaro Takedaf7433242009-02-05 17:18:16 +09001/*
2 * security/tomoyo/tomoyo.h
3 *
4 * Implementation of the Domain-Based Mandatory Access Control.
5 *
6 * Copyright (C) 2005-2009 NTT DATA CORPORATION
7 *
Tetsuo Handa39826a12009-04-08 22:31:28 +09008 * Version: 2.2.0 2009/04/01
Kentaro Takedaf7433242009-02-05 17:18:16 +09009 *
10 */
11
12#ifndef _SECURITY_TOMOYO_TOMOYO_H
13#define _SECURITY_TOMOYO_TOMOYO_H
14
15struct tomoyo_path_info;
16struct path;
17struct inode;
18struct linux_binprm;
19struct pt_regs;
Kentaro Takedaf7433242009-02-05 17:18:16 +090020
21int tomoyo_check_file_perm(struct tomoyo_domain_info *domain,
22 const char *filename, const u8 perm);
23int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
Tetsuo Handabcb86972009-06-04 15:14:34 +090024 const struct tomoyo_path_info *filename);
Kentaro Takedaf7433242009-02-05 17:18:16 +090025int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
26 struct path *path, const int flag);
27int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain,
28 const u8 operation, struct path *path);
29int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain,
30 const u8 operation, struct path *path1,
31 struct path *path2);
32int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain,
33 struct file *filp);
Tetsuo Handa56f8c9bc2009-06-19 14:13:27 +090034int tomoyo_find_next_domain(struct linux_binprm *bprm);
Kentaro Takedaf7433242009-02-05 17:18:16 +090035
36/* Index numbers for Access Controls. */
37
38#define TOMOYO_TYPE_SINGLE_PATH_ACL 0
39#define TOMOYO_TYPE_DOUBLE_PATH_ACL 1
40
41/* Index numbers for File Controls. */
42
43/*
44 * TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set
45 * if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and
46 * TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set.
47 * TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or
48 * TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are
49 * automatically cleared if TYPE_READ_WRITE_ACL is cleared.
50 */
51
52#define TOMOYO_TYPE_READ_WRITE_ACL 0
53#define TOMOYO_TYPE_EXECUTE_ACL 1
54#define TOMOYO_TYPE_READ_ACL 2
55#define TOMOYO_TYPE_WRITE_ACL 3
56#define TOMOYO_TYPE_CREATE_ACL 4
57#define TOMOYO_TYPE_UNLINK_ACL 5
58#define TOMOYO_TYPE_MKDIR_ACL 6
59#define TOMOYO_TYPE_RMDIR_ACL 7
60#define TOMOYO_TYPE_MKFIFO_ACL 8
61#define TOMOYO_TYPE_MKSOCK_ACL 9
62#define TOMOYO_TYPE_MKBLOCK_ACL 10
63#define TOMOYO_TYPE_MKCHAR_ACL 11
64#define TOMOYO_TYPE_TRUNCATE_ACL 12
65#define TOMOYO_TYPE_SYMLINK_ACL 13
66#define TOMOYO_TYPE_REWRITE_ACL 14
67#define TOMOYO_MAX_SINGLE_PATH_OPERATION 15
68
69#define TOMOYO_TYPE_LINK_ACL 0
70#define TOMOYO_TYPE_RENAME_ACL 1
71#define TOMOYO_MAX_DOUBLE_PATH_OPERATION 2
72
73#define TOMOYO_DOMAINPOLICY 0
74#define TOMOYO_EXCEPTIONPOLICY 1
75#define TOMOYO_DOMAIN_STATUS 2
76#define TOMOYO_PROCESS_STATUS 3
77#define TOMOYO_MEMINFO 4
78#define TOMOYO_SELFDOMAIN 5
79#define TOMOYO_VERSION 6
80#define TOMOYO_PROFILE 7
81#define TOMOYO_MANAGER 8
82
83extern struct tomoyo_domain_info tomoyo_kernel_domain;
84
85static inline struct tomoyo_domain_info *tomoyo_domain(void)
86{
87 return current_cred()->security;
88}
89
Kentaro Takedaf7433242009-02-05 17:18:16 +090090static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
91 *task)
92{
Serge E. Hallynfbeb4a92009-06-01 22:47:19 -050093 return task_cred_xxx(task, security);
Kentaro Takedaf7433242009-02-05 17:18:16 +090094}
95
96#endif /* !defined(_SECURITY_TOMOYO_TOMOYO_H) */