objsec.h 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137
  1. /*
  2. * NSA Security-Enhanced Linux (SELinux) security module
  3. *
  4. * This file contains the SELinux security data structures for kernel objects.
  5. *
  6. * Author(s): Stephen Smalley, <sds@epoch.ncsc.mil>
  7. * Chris Vance, <cvance@nai.com>
  8. * Wayne Salamon, <wsalamon@nai.com>
  9. * James Morris <jmorris@redhat.com>
  10. *
  11. * Copyright (C) 2001,2002 Networks Associates Technology, Inc.
  12. * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
  13. *
  14. * This program is free software; you can redistribute it and/or modify
  15. * it under the terms of the GNU General Public License version 2,
  16. * as published by the Free Software Foundation.
  17. */
  18. #ifndef _SELINUX_OBJSEC_H_
  19. #define _SELINUX_OBJSEC_H_
  20. #include <linux/list.h>
  21. #include <linux/sched.h>
  22. #include <linux/fs.h>
  23. #include <linux/binfmts.h>
  24. #include <linux/in.h>
  25. #include <linux/spinlock.h>
  26. #include <net/net_namespace.h>
  27. #include "security.h"
  28. struct task_security_struct {
  29. u32 osid; /* SID prior to last execve */
  30. u32 sid; /* current SID */
  31. u32 exec_sid; /* exec SID */
  32. u32 create_sid; /* fscreate SID */
  33. u32 keycreate_sid; /* keycreate SID */
  34. u32 sockcreate_sid; /* fscreate SID */
  35. };
  36. enum label_initialized {
  37. LABEL_INVALID, /* invalid or not initialized */
  38. LABEL_INITIALIZED /* initialized */
  39. };
  40. struct inode_security_struct {
  41. struct inode *inode; /* back pointer to inode object */
  42. union {
  43. struct list_head list; /* list of inode_security_struct */
  44. struct rcu_head rcu; /* for freeing the inode_security_struct */
  45. };
  46. u32 task_sid; /* SID of creating task */
  47. u32 sid; /* SID of this object */
  48. u16 sclass; /* security class of this object */
  49. unsigned char initialized; /* initialization flag */
  50. void *pfk_data; /* Per-File-Key data from ecryptfs */
  51. struct mutex lock;
  52. };
  53. struct file_security_struct {
  54. u32 sid; /* SID of open file description */
  55. u32 fown_sid; /* SID of file owner (for SIGIO) */
  56. u32 isid; /* SID of inode at the time of file open */
  57. u32 pseqno; /* Policy seqno at the time of file open */
  58. };
  59. struct superblock_security_struct {
  60. struct super_block *sb; /* back pointer to sb object */
  61. u32 sid; /* SID of file system superblock */
  62. u32 def_sid; /* default SID for labeling */
  63. u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */
  64. unsigned short behavior; /* labeling behavior */
  65. unsigned short flags; /* which mount options were specified */
  66. struct mutex lock;
  67. struct list_head isec_head;
  68. spinlock_t isec_lock;
  69. };
  70. struct msg_security_struct {
  71. u32 sid; /* SID of message */
  72. };
  73. struct ipc_security_struct {
  74. u16 sclass; /* security class of this object */
  75. u32 sid; /* SID of IPC resource */
  76. };
  77. struct netif_security_struct {
  78. struct net *ns; /* network namespace */
  79. int ifindex; /* device index */
  80. u32 sid; /* SID for this interface */
  81. };
  82. struct netnode_security_struct {
  83. union {
  84. __be32 ipv4; /* IPv4 node address */
  85. struct in6_addr ipv6; /* IPv6 node address */
  86. } addr;
  87. u32 sid; /* SID for this node */
  88. u16 family; /* address family */
  89. };
  90. struct netport_security_struct {
  91. u32 sid; /* SID for this node */
  92. u16 port; /* port number */
  93. u8 protocol; /* transport protocol */
  94. };
  95. struct sk_security_struct {
  96. #ifdef CONFIG_NETLABEL
  97. enum { /* NetLabel state */
  98. NLBL_UNSET = 0,
  99. NLBL_REQUIRE,
  100. NLBL_LABELED,
  101. NLBL_REQSKB,
  102. NLBL_CONNLABELED,
  103. } nlbl_state;
  104. struct netlbl_lsm_secattr *nlbl_secattr; /* NetLabel sec attributes */
  105. #endif
  106. u32 sid; /* SID of this object */
  107. u32 peer_sid; /* SID of peer */
  108. u16 sclass; /* sock security class */
  109. };
  110. struct tun_security_struct {
  111. u32 sid; /* SID for the tun device sockets */
  112. };
  113. struct key_security_struct {
  114. u32 sid; /* SID of key */
  115. };
  116. struct bpf_security_struct {
  117. u32 sid; /*SID of bpf obj creater*/
  118. };
  119. extern unsigned int selinux_checkreqprot;
  120. #endif /* _SELINUX_OBJSEC_H_ */