LSM: SafeSetID: Add GID security policy handling

[linux-2.6-microblaze.git] / security / safesetid / lsm.h

diff --git a/security/safesetid/lsm.h b/security/safesetid/lsm.h
index db6d16e..bde8c43 100644 (file)
--- a/security/safesetid/lsm.h
+++ b/security/safesetid/lsm.h
@@ -27,27 +27,47 @@ enum sid_policy_type {
        SIDPOL_ALLOWED /* target ID explicitly allowed */
 };
 
+typedef union {
+       kuid_t uid;
+       kgid_t gid;
+} kid_t;
+
+enum setid_type {
+       UID,
+       GID
+};
+
 /*
- * Hash table entry to store safesetid policy signifying that 'src_uid'
- * can setuid to 'dst_uid'.
+ * Hash table entry to store safesetid policy signifying that 'src_id'
+ * can set*id to 'dst_id'.
  */
-struct setuid_rule {
+struct setid_rule {
        struct hlist_node next;
-       kuid_t src_uid;
-       kuid_t dst_uid;
+       kid_t src_id;
+       kid_t dst_id;
+
+       /* Flag to signal if rule is for UID's or GID's */
+       enum setid_type type;
 };
 
 #define SETID_HASH_BITS 8 /* 256 buckets in hash table */
 
-struct setuid_ruleset {
+/* Extension of INVALID_UID/INVALID_GID for kid_t type */
+#define INVALID_ID (kid_t){.uid = INVALID_UID}
+
+struct setid_ruleset {
        DECLARE_HASHTABLE(rules, SETID_HASH_BITS);
        char *policy_str;
        struct rcu_head rcu;
+
+       //Flag to signal if ruleset is for UID's or GID's
+       enum setid_type type;
 };
 
-enum sid_policy_type _setuid_policy_lookup(struct setuid_ruleset *policy,
-               kuid_t src, kuid_t dst);
+enum sid_policy_type _setid_policy_lookup(struct setid_ruleset *policy,
+               kid_t src, kid_t dst);
 
-extern struct setuid_ruleset __rcu *safesetid_setuid_rules;
+extern struct setid_ruleset __rcu *safesetid_setuid_rules;
+extern struct setid_ruleset __rcu *safesetid_setgid_rules;
 
 #endif /* _SAFESETID_H */