cred.h (1290B)
1/* SPDX-License-Identifier: GPL-2.0-only */ 2/* 3 * Landlock LSM - Credential hooks 4 * 5 * Copyright © 2019-2020 Mickaël Salaün <mic@digikod.net> 6 * Copyright © 2019-2020 ANSSI 7 */ 8 9#ifndef _SECURITY_LANDLOCK_CRED_H 10#define _SECURITY_LANDLOCK_CRED_H 11 12#include <linux/cred.h> 13#include <linux/init.h> 14#include <linux/rcupdate.h> 15 16#include "ruleset.h" 17#include "setup.h" 18 19struct landlock_cred_security { 20 struct landlock_ruleset *domain; 21}; 22 23static inline struct landlock_cred_security * 24landlock_cred(const struct cred *cred) 25{ 26 return cred->security + landlock_blob_sizes.lbs_cred; 27} 28 29static inline const struct landlock_ruleset *landlock_get_current_domain(void) 30{ 31 return landlock_cred(current_cred())->domain; 32} 33 34/* 35 * The call needs to come from an RCU read-side critical section. 36 */ 37static inline const struct landlock_ruleset * 38landlock_get_task_domain(const struct task_struct *const task) 39{ 40 return landlock_cred(__task_cred(task))->domain; 41} 42 43static inline bool landlocked(const struct task_struct *const task) 44{ 45 bool has_dom; 46 47 if (task == current) 48 return !!landlock_get_current_domain(); 49 50 rcu_read_lock(); 51 has_dom = !!landlock_get_task_domain(task); 52 rcu_read_unlock(); 53 return has_dom; 54} 55 56__init void landlock_add_cred_hooks(void); 57 58#endif /* _SECURITY_LANDLOCK_CRED_H */