tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * SafeSetID Linux Security Module
4 *
5 * Author: Micah Morton <mortonm@chromium.org>
6 *
7 * Copyright (C) 2018 The Chromium OS Authors.
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2, as
11 * published by the Free Software Foundation.
12 *
13 */
14#ifndef _SAFESETID_H
15#define _SAFESETID_H
16
17#include <linux/types.h>
18#include <linux/uidgid.h>
19#include <linux/hashtable.h>
20
21/* Flag indicating whether initialization completed */
22extern int safesetid_initialized;
23
24enum sid_policy_type {
25 SIDPOL_DEFAULT, /* source ID is unaffected by policy */
26 SIDPOL_CONSTRAINED, /* source ID is affected by policy */
27 SIDPOL_ALLOWED /* target ID explicitly allowed */
28};
29
30/*
31 * Hash table entry to store safesetid policy signifying that 'src_uid'
32 * can setuid to 'dst_uid'.
33 */
34struct setuid_rule {
35 struct hlist_node next;
36 kuid_t src_uid;
37 kuid_t dst_uid;
38};
39
40#define SETID_HASH_BITS 8 /* 256 buckets in hash table */
41
42struct setuid_ruleset {
43 DECLARE_HASHTABLE(rules, SETID_HASH_BITS);
44 char *policy_str;
45 struct rcu_head rcu;
46};
47
48enum sid_policy_type _setuid_policy_lookup(struct setuid_ruleset *policy,
49 kuid_t src, kuid_t dst);
50
51extern struct setuid_ruleset __rcu *safesetid_setuid_rules;
52
53#endif /* _SAFESETID_H */