Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
torvalds
GitHub Repository: torvalds/linux
 Path: blob/master/security/landlock/access.h
29265 views
1
/* SPDX-License-Identifier: GPL-2.0-only */

2
/*

3
 * Landlock - Access types and helpers

4
 *

5
 * Copyright © 2016-2020 Mickaël Salaün <[email protected]>

6
 * Copyright © 2018-2020 ANSSI

7
 * Copyright © 2024-2025 Microsoft Corporation

8
 */

9


10
#ifndef _SECURITY_LANDLOCK_ACCESS_H

11
#define _SECURITY_LANDLOCK_ACCESS_H

12


13
#include <linux/bitops.h>

14
#include <linux/build_bug.h>

15
#include <linux/kernel.h>

16
#include <uapi/linux/landlock.h>

17


18
#include "limits.h"

19


20
/*

21
 * All access rights that are denied by default whether they are handled or not

22
 * by a ruleset/layer.  This must be ORed with all ruleset->access_masks[]

23
 * entries when we need to get the absolute handled access masks, see

24
 * landlock_upgrade_handled_access_masks().

25
 */

26
/* clang-format off */

27
#define _LANDLOCK_ACCESS_FS_INITIALLY_DENIED ( \

28
	LANDLOCK_ACCESS_FS_REFER)

29
/* clang-format on */

30


31
/* clang-format off */

32
#define _LANDLOCK_ACCESS_FS_OPTIONAL ( \

33
	LANDLOCK_ACCESS_FS_TRUNCATE | \

34
	LANDLOCK_ACCESS_FS_IOCTL_DEV)

35
/* clang-format on */

36


37
typedef u16 access_mask_t;

38


39
/* Makes sure all filesystem access rights can be stored. */

40
static_assert(BITS_PER_TYPE(access_mask_t) >= LANDLOCK_NUM_ACCESS_FS);

41
/* Makes sure all network access rights can be stored. */

42
static_assert(BITS_PER_TYPE(access_mask_t) >= LANDLOCK_NUM_ACCESS_NET);

43
/* Makes sure all scoped rights can be stored. */

44
static_assert(BITS_PER_TYPE(access_mask_t) >= LANDLOCK_NUM_SCOPE);

45
/* Makes sure for_each_set_bit() and for_each_clear_bit() calls are OK. */

46
static_assert(sizeof(unsigned long) >= sizeof(access_mask_t));

47


48
/* Ruleset access masks. */

49
struct access_masks {

50
	access_mask_t fs : LANDLOCK_NUM_ACCESS_FS;

51
	access_mask_t net : LANDLOCK_NUM_ACCESS_NET;

52
	access_mask_t scope : LANDLOCK_NUM_SCOPE;

53
};

54


55
union access_masks_all {

56
	struct access_masks masks;

57
	u32 all;

58
};

59


60
/* Makes sure all fields are covered. */

61
static_assert(sizeof(typeof_member(union access_masks_all, masks)) ==

62
	      sizeof(typeof_member(union access_masks_all, all)));

63


64
typedef u16 layer_mask_t;

65


66
/* Makes sure all layers can be checked. */

67
static_assert(BITS_PER_TYPE(layer_mask_t) >= LANDLOCK_MAX_NUM_LAYERS);

68


69
/*

70
 * Tracks domains responsible of a denied access.  This is required to avoid

71
 * storing in each object the full layer_masks[] required by update_request().

72
 */

73
typedef u8 deny_masks_t;

74


75
/*

76
 * Makes sure all optional access rights can be tied to a layer index (cf.

77
 * get_deny_mask).

78
 */

79
static_assert(BITS_PER_TYPE(deny_masks_t) >=

80
	      (HWEIGHT(LANDLOCK_MAX_NUM_LAYERS - 1) *

81
	       HWEIGHT(_LANDLOCK_ACCESS_FS_OPTIONAL)));

82


83
/* LANDLOCK_MAX_NUM_LAYERS must be a power of two (cf. deny_masks_t assert). */

84
static_assert(HWEIGHT(LANDLOCK_MAX_NUM_LAYERS) == 1);

85


86
/* Upgrades with all initially denied by default access rights. */

87
static inline struct access_masks

88
landlock_upgrade_handled_access_masks(struct access_masks access_masks)

89
{

90
	/*

91
	 * All access rights that are denied by default whether they are

92
	 * explicitly handled or not.

93
	 */

94
	if (access_masks.fs)

95
		access_masks.fs |= _LANDLOCK_ACCESS_FS_INITIALLY_DENIED;

96


97
	return access_masks;

98
}

99


100
#endif /* _SECURITY_LANDLOCK_ACCESS_H */

101


102