~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/selinux/include/objsec.h

Version: ~ [ linux-5.6-rc7 ] ~ [ linux-5.5.11 ] ~ [ linux-5.4.27 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.112 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.174 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.217 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.217 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.82 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  *  NSA Security-Enhanced Linux (SELinux) security module
  3  *
  4  *  This file contains the SELinux security data structures for kernel objects.
  5  *
  6  *  Author(s):  Stephen Smalley, <sds@tycho.nsa.gov>
  7  *              Chris Vance, <cvance@nai.com>
  8  *              Wayne Salamon, <wsalamon@nai.com>
  9  *              James Morris <jmorris@redhat.com>
 10  *
 11  *  Copyright (C) 2001,2002 Networks Associates Technology, Inc.
 12  *  Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
 13  *  Copyright (C) 2016 Mellanox Technologies
 14  *
 15  *      This program is free software; you can redistribute it and/or modify
 16  *      it under the terms of the GNU General Public License version 2,
 17  *      as published by the Free Software Foundation.
 18  */
 19 #ifndef _SELINUX_OBJSEC_H_
 20 #define _SELINUX_OBJSEC_H_
 21 
 22 #include <linux/list.h>
 23 #include <linux/sched.h>
 24 #include <linux/fs.h>
 25 #include <linux/binfmts.h>
 26 #include <linux/in.h>
 27 #include <linux/spinlock.h>
 28 #include <net/net_namespace.h>
 29 #include "flask.h"
 30 #include "avc.h"
 31 
 32 struct task_security_struct {
 33         u32 osid;               /* SID prior to last execve */
 34         u32 sid;                /* current SID */
 35         u32 exec_sid;           /* exec SID */
 36         u32 create_sid;         /* fscreate SID */
 37         u32 keycreate_sid;      /* keycreate SID */
 38         u32 sockcreate_sid;     /* fscreate SID */
 39 };
 40 
 41 /*
 42  * get the subjective security ID of the current task
 43  */
 44 static inline u32 current_sid(void)
 45 {
 46         const struct task_security_struct *tsec = current_security();
 47 
 48         return tsec->sid;
 49 }
 50 
 51 enum label_initialized {
 52         LABEL_INVALID,          /* invalid or not initialized */
 53         LABEL_INITIALIZED,      /* initialized */
 54         LABEL_PENDING
 55 };
 56 
 57 struct inode_security_struct {
 58         struct inode *inode;    /* back pointer to inode object */
 59         union {
 60                 struct list_head list;  /* list of inode_security_struct */
 61                 struct rcu_head rcu;    /* for freeing the inode_security_struct */
 62         };
 63         u32 task_sid;           /* SID of creating task */
 64         u32 sid;                /* SID of this object */
 65         u16 sclass;             /* security class of this object */
 66         unsigned char initialized;      /* initialization flag */
 67         spinlock_t lock;
 68 };
 69 
 70 struct file_security_struct {
 71         u32 sid;                /* SID of open file description */
 72         u32 fown_sid;           /* SID of file owner (for SIGIO) */
 73         u32 isid;               /* SID of inode at the time of file open */
 74         u32 pseqno;             /* Policy seqno at the time of file open */
 75 };
 76 
 77 struct superblock_security_struct {
 78         struct super_block *sb;         /* back pointer to sb object */
 79         u32 sid;                        /* SID of file system superblock */
 80         u32 def_sid;                    /* default SID for labeling */
 81         u32 mntpoint_sid;               /* SECURITY_FS_USE_MNTPOINT context for files */
 82         unsigned short behavior;        /* labeling behavior */
 83         unsigned short flags;           /* which mount options were specified */
 84         struct mutex lock;
 85         struct list_head isec_head;
 86         spinlock_t isec_lock;
 87 };
 88 
 89 struct msg_security_struct {
 90         u32 sid;        /* SID of message */
 91 };
 92 
 93 struct ipc_security_struct {
 94         u16 sclass;     /* security class of this object */
 95         u32 sid;        /* SID of IPC resource */
 96 };
 97 
 98 struct netif_security_struct {
 99         struct net *ns;                 /* network namespace */
100         int ifindex;                    /* device index */
101         u32 sid;                        /* SID for this interface */
102 };
103 
104 struct netnode_security_struct {
105         union {
106                 __be32 ipv4;            /* IPv4 node address */
107                 struct in6_addr ipv6;   /* IPv6 node address */
108         } addr;
109         u32 sid;                        /* SID for this node */
110         u16 family;                     /* address family */
111 };
112 
113 struct netport_security_struct {
114         u32 sid;                        /* SID for this node */
115         u16 port;                       /* port number */
116         u8 protocol;                    /* transport protocol */
117 };
118 
119 struct sk_security_struct {
120 #ifdef CONFIG_NETLABEL
121         enum {                          /* NetLabel state */
122                 NLBL_UNSET = 0,
123                 NLBL_REQUIRE,
124                 NLBL_LABELED,
125                 NLBL_REQSKB,
126                 NLBL_CONNLABELED,
127         } nlbl_state;
128         struct netlbl_lsm_secattr *nlbl_secattr; /* NetLabel sec attributes */
129 #endif
130         u32 sid;                        /* SID of this object */
131         u32 peer_sid;                   /* SID of peer */
132         u16 sclass;                     /* sock security class */
133         enum {                          /* SCTP association state */
134                 SCTP_ASSOC_UNSET = 0,
135                 SCTP_ASSOC_SET,
136         } sctp_assoc_state;
137 };
138 
139 struct tun_security_struct {
140         u32 sid;                        /* SID for the tun device sockets */
141 };
142 
143 struct key_security_struct {
144         u32 sid;        /* SID of key */
145 };
146 
147 struct ib_security_struct {
148         u32 sid;        /* SID of the queue pair or MAD agent */
149 };
150 
151 struct pkey_security_struct {
152         u64     subnet_prefix; /* Port subnet prefix */
153         u16     pkey;   /* PKey number */
154         u32     sid;    /* SID of pkey */
155 };
156 
157 struct bpf_security_struct {
158         u32 sid;  /*SID of bpf obj creater*/
159 };
160 
161 #endif /* _SELINUX_OBJSEC_H_ */
162 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp