projects
/
linux-2.6-microblaze.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
LSM: SafeSetID: Add GID security policy handling
[linux-2.6-microblaze.git]
/
security
/
safesetid
/
lsm.h
diff --git
a/security/safesetid/lsm.h
b/security/safesetid/lsm.h
index
db6d16e
..
bde8c43
100644
(file)
--- a/
security/safesetid/lsm.h
+++ b/
security/safesetid/lsm.h
@@
-27,27
+27,47
@@
enum sid_policy_type {
SIDPOL_ALLOWED /* target ID explicitly allowed */
};
SIDPOL_ALLOWED /* target ID explicitly allowed */
};
+typedef union {
+ kuid_t uid;
+ kgid_t gid;
+} kid_t;
+
+enum setid_type {
+ UID,
+ GID
+};
+
/*
/*
- * Hash table entry to store safesetid policy signifying that 'src_
u
id'
- * can set
uid to 'dst_u
id'.
+ * Hash table entry to store safesetid policy signifying that 'src_id'
+ * can set
*id to 'dst_
id'.
*/
*/
-struct set
u
id_rule {
+struct setid_rule {
struct hlist_node next;
struct hlist_node next;
- kuid_t src_uid;
- kuid_t dst_uid;
+ kid_t src_id;
+ kid_t dst_id;
+
+ /* Flag to signal if rule is for UID's or GID's */
+ enum setid_type type;
};
#define SETID_HASH_BITS 8 /* 256 buckets in hash table */
};
#define SETID_HASH_BITS 8 /* 256 buckets in hash table */
-struct setuid_ruleset {
+/* Extension of INVALID_UID/INVALID_GID for kid_t type */
+#define INVALID_ID (kid_t){.uid = INVALID_UID}
+
+struct setid_ruleset {
DECLARE_HASHTABLE(rules, SETID_HASH_BITS);
char *policy_str;
struct rcu_head rcu;
DECLARE_HASHTABLE(rules, SETID_HASH_BITS);
char *policy_str;
struct rcu_head rcu;
+
+ //Flag to signal if ruleset is for UID's or GID's
+ enum setid_type type;
};
};
-enum sid_policy_type _set
uid_policy_lookup(struct setu
id_ruleset *policy,
- k
uid_t src, ku
id_t dst);
+enum sid_policy_type _set
id_policy_lookup(struct set
id_ruleset *policy,
+ k
id_t src, k
id_t dst);
-extern struct setuid_ruleset __rcu *safesetid_setuid_rules;
+extern struct setid_ruleset __rcu *safesetid_setuid_rules;
+extern struct setid_ruleset __rcu *safesetid_setgid_rules;
#endif /* _SAFESETID_H */
#endif /* _SAFESETID_H */