| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame] | 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
| 2 | /* |
| 3 | * SafeSetID Linux Security Module |
| 4 | * |
| 5 | * Author: Micah Morton <mortonm@chromium.org> |
| 6 | * |
| 7 | * Copyright (C) 2018 The Chromium OS Authors. |
| 8 | * |
| 9 | * This program is free software; you can redistribute it and/or modify |
| 10 | * it under the terms of the GNU General Public License version 2, as |
| 11 | * published by the Free Software Foundation. |
| 12 | * |
| 13 | */ |
| 14 | #ifndef _SAFESETID_H |
| 15 | #define _SAFESETID_H |
| 16 | |
| 17 | #include <linux/types.h> |
| 18 | #include <linux/uidgid.h> |
| 19 | #include <linux/hashtable.h> |
| 20 | |
| 21 | /* Flag indicating whether initialization completed */ |
| 22 | extern int safesetid_initialized; |
| 23 | |
| 24 | enum sid_policy_type { |
| 25 | SIDPOL_DEFAULT, /* source ID is unaffected by policy */ |
| 26 | SIDPOL_CONSTRAINED, /* source ID is affected by policy */ |
| 27 | SIDPOL_ALLOWED /* target ID explicitly allowed */ |
| 28 | }; |
| 29 | |
| 30 | /* |
| 31 | * Hash table entry to store safesetid policy signifying that 'src_uid' |
| 32 | * can setuid to 'dst_uid'. |
| 33 | */ |
| 34 | struct setuid_rule { |
| 35 | struct hlist_node next; |
| 36 | kuid_t src_uid; |
| 37 | kuid_t dst_uid; |
| 38 | }; |
| 39 | |
| 40 | #define SETID_HASH_BITS 8 /* 256 buckets in hash table */ |
| 41 | |
| 42 | struct setuid_ruleset { |
| 43 | DECLARE_HASHTABLE(rules, SETID_HASH_BITS); |
| 44 | char *policy_str; |
| 45 | struct rcu_head rcu; |
| 46 | }; |
| 47 | |
| 48 | enum sid_policy_type _setuid_policy_lookup(struct setuid_ruleset *policy, |
| 49 | kuid_t src, kuid_t dst); |
| 50 | |
| 51 | extern struct setuid_ruleset __rcu *safesetid_setuid_rules; |
| 52 | |
| 53 | #endif /* _SAFESETID_H */ |