--- /dev/null
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * Landlock - Domain management
+ *
+ * Copyright © 2016-2020 Mickaël Salaün <mic@digikod.net>
+ * Copyright © 2018-2020 ANSSI
+ */
+
+#ifndef _SECURITY_LANDLOCK_DOMAIN_H
+#define _SECURITY_LANDLOCK_DOMAIN_H
+
+#include <linux/mm.h>
+#include <linux/refcount.h>
+
+/**
+ * struct landlock_hierarchy - Node in a domain hierarchy
+ */
+struct landlock_hierarchy {
+ /**
+ * @parent: Pointer to the parent node, or NULL if it is a root
+ * Landlock domain.
+ */
+ struct landlock_hierarchy *parent;
+ /**
+ * @usage: Number of potential children domains plus their parent
+ * domain.
+ */
+ refcount_t usage;
+};
+
+static inline void
+landlock_get_hierarchy(struct landlock_hierarchy *const hierarchy)
+{
+ if (hierarchy)
+ refcount_inc(&hierarchy->usage);
+}
+
+static inline void landlock_put_hierarchy(struct landlock_hierarchy *hierarchy)
+{
+ while (hierarchy && refcount_dec_and_test(&hierarchy->usage)) {
+ const struct landlock_hierarchy *const freeme = hierarchy;
+
+ hierarchy = hierarchy->parent;
+ kfree(freeme);
+ }
+}
+
+#endif /* _SECURITY_LANDLOCK_DOMAIN_H */
#include <linux/workqueue.h>
#include "access.h"
+#include "domain.h"
#include "limits.h"
#include "object.h"
#include "ruleset.h"
return insert_rule(ruleset, id, &layers, ARRAY_SIZE(layers));
}
-static void get_hierarchy(struct landlock_hierarchy *const hierarchy)
-{
- if (hierarchy)
- refcount_inc(&hierarchy->usage);
-}
-
-static void put_hierarchy(struct landlock_hierarchy *hierarchy)
-{
- while (hierarchy && refcount_dec_and_test(&hierarchy->usage)) {
- const struct landlock_hierarchy *const freeme = hierarchy;
-
- hierarchy = hierarchy->parent;
- kfree(freeme);
- }
-}
-
static int merge_tree(struct landlock_ruleset *const dst,
struct landlock_ruleset *const src,
const enum landlock_key_type key_type)
err = -EINVAL;
goto out_unlock;
}
- get_hierarchy(parent->hierarchy);
+ landlock_get_hierarchy(parent->hierarchy);
child->hierarchy->parent = parent->hierarchy;
out_unlock:
free_rule(freeme, LANDLOCK_KEY_NET_PORT);
#endif /* IS_ENABLED(CONFIG_INET) */
- put_hierarchy(ruleset->hierarchy);
+ landlock_put_hierarchy(ruleset->hierarchy);
kfree(ruleset);
}
#include <linux/workqueue.h>
#include "access.h"
+#include "domain.h"
#include "limits.h"
#include "object.h"
struct landlock_layer layers[] __counted_by(num_layers);
};
-/**
- * struct landlock_hierarchy - Node in a ruleset hierarchy
- */
-struct landlock_hierarchy {
- /**
- * @parent: Pointer to the parent node, or NULL if it is a root
- * Landlock domain.
- */
- struct landlock_hierarchy *parent;
- /**
- * @usage: Number of potential children domains plus their parent
- * domain.
- */
- refcount_t usage;
-};
-
/**
* struct landlock_ruleset - Landlock ruleset
*
#include "common.h"
#include "cred.h"
+#include "domain.h"
#include "fs.h"
#include "ruleset.h"
#include "setup.h"
projects / users / jedix / linux-maple.git / commitdiff