Kentaro Takeda | f743324 | 2009-02-05 17:18:16 +0900 | [diff] [blame] | 1 | /* |
| 2 | * security/tomoyo/tomoyo.h |
| 3 | * |
| 4 | * Implementation of the Domain-Based Mandatory Access Control. |
| 5 | * |
| 6 | * Copyright (C) 2005-2009 NTT DATA CORPORATION |
| 7 | * |
Tetsuo Handa | 39826a1 | 2009-04-08 22:31:28 +0900 | [diff] [blame] | 8 | * Version: 2.2.0 2009/04/01 |
Kentaro Takeda | f743324 | 2009-02-05 17:18:16 +0900 | [diff] [blame] | 9 | * |
| 10 | */ |
| 11 | |
| 12 | #ifndef _SECURITY_TOMOYO_TOMOYO_H |
| 13 | #define _SECURITY_TOMOYO_TOMOYO_H |
| 14 | |
| 15 | struct tomoyo_path_info; |
| 16 | struct path; |
| 17 | struct inode; |
| 18 | struct linux_binprm; |
| 19 | struct pt_regs; |
Kentaro Takeda | f743324 | 2009-02-05 17:18:16 +0900 | [diff] [blame] | 20 | |
| 21 | int tomoyo_check_file_perm(struct tomoyo_domain_info *domain, |
| 22 | const char *filename, const u8 perm); |
| 23 | int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain, |
Tetsuo Handa | bcb8697 | 2009-06-04 15:14:34 +0900 | [diff] [blame] | 24 | const struct tomoyo_path_info *filename); |
Kentaro Takeda | f743324 | 2009-02-05 17:18:16 +0900 | [diff] [blame] | 25 | int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, |
| 26 | struct path *path, const int flag); |
| 27 | int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain, |
| 28 | const u8 operation, struct path *path); |
| 29 | int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain, |
| 30 | const u8 operation, struct path *path1, |
| 31 | struct path *path2); |
| 32 | int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain, |
| 33 | struct file *filp); |
Tetsuo Handa | 56f8c9bc | 2009-06-19 14:13:27 +0900 | [diff] [blame] | 34 | int tomoyo_find_next_domain(struct linux_binprm *bprm); |
Kentaro Takeda | f743324 | 2009-02-05 17:18:16 +0900 | [diff] [blame] | 35 | |
| 36 | /* Index numbers for Access Controls. */ |
| 37 | |
| 38 | #define TOMOYO_TYPE_SINGLE_PATH_ACL 0 |
| 39 | #define TOMOYO_TYPE_DOUBLE_PATH_ACL 1 |
| 40 | |
| 41 | /* Index numbers for File Controls. */ |
| 42 | |
| 43 | /* |
| 44 | * TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set |
| 45 | * if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and |
| 46 | * TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set. |
| 47 | * TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or |
| 48 | * TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are |
| 49 | * automatically cleared if TYPE_READ_WRITE_ACL is cleared. |
| 50 | */ |
| 51 | |
| 52 | #define TOMOYO_TYPE_READ_WRITE_ACL 0 |
| 53 | #define TOMOYO_TYPE_EXECUTE_ACL 1 |
| 54 | #define TOMOYO_TYPE_READ_ACL 2 |
| 55 | #define TOMOYO_TYPE_WRITE_ACL 3 |
| 56 | #define TOMOYO_TYPE_CREATE_ACL 4 |
| 57 | #define TOMOYO_TYPE_UNLINK_ACL 5 |
| 58 | #define TOMOYO_TYPE_MKDIR_ACL 6 |
| 59 | #define TOMOYO_TYPE_RMDIR_ACL 7 |
| 60 | #define TOMOYO_TYPE_MKFIFO_ACL 8 |
| 61 | #define TOMOYO_TYPE_MKSOCK_ACL 9 |
| 62 | #define TOMOYO_TYPE_MKBLOCK_ACL 10 |
| 63 | #define TOMOYO_TYPE_MKCHAR_ACL 11 |
| 64 | #define TOMOYO_TYPE_TRUNCATE_ACL 12 |
| 65 | #define TOMOYO_TYPE_SYMLINK_ACL 13 |
| 66 | #define TOMOYO_TYPE_REWRITE_ACL 14 |
| 67 | #define TOMOYO_MAX_SINGLE_PATH_OPERATION 15 |
| 68 | |
| 69 | #define TOMOYO_TYPE_LINK_ACL 0 |
| 70 | #define TOMOYO_TYPE_RENAME_ACL 1 |
| 71 | #define TOMOYO_MAX_DOUBLE_PATH_OPERATION 2 |
| 72 | |
| 73 | #define TOMOYO_DOMAINPOLICY 0 |
| 74 | #define TOMOYO_EXCEPTIONPOLICY 1 |
| 75 | #define TOMOYO_DOMAIN_STATUS 2 |
| 76 | #define TOMOYO_PROCESS_STATUS 3 |
| 77 | #define TOMOYO_MEMINFO 4 |
| 78 | #define TOMOYO_SELFDOMAIN 5 |
| 79 | #define TOMOYO_VERSION 6 |
| 80 | #define TOMOYO_PROFILE 7 |
| 81 | #define TOMOYO_MANAGER 8 |
| 82 | |
| 83 | extern struct tomoyo_domain_info tomoyo_kernel_domain; |
| 84 | |
| 85 | static inline struct tomoyo_domain_info *tomoyo_domain(void) |
| 86 | { |
| 87 | return current_cred()->security; |
| 88 | } |
| 89 | |
Kentaro Takeda | f743324 | 2009-02-05 17:18:16 +0900 | [diff] [blame] | 90 | static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct |
| 91 | *task) |
| 92 | { |
Serge E. Hallyn | fbeb4a9 | 2009-06-01 22:47:19 -0500 | [diff] [blame] | 93 | return task_cred_xxx(task, security); |
Kentaro Takeda | f743324 | 2009-02-05 17:18:16 +0900 | [diff] [blame] | 94 | } |
| 95 | |
| 96 | #endif /* !defined(_SECURITY_TOMOYO_TOMOYO_H) */ |