ruleset.c - OpenGrok cross reference for /linux/security/landlock/ruleset.c

Lines Matching defs:ruleset
29 #include "ruleset.h"
63 	/* Informs about useless ruleset. */
147 static struct rb_root *get_root(struct landlock_ruleset *const ruleset,
152 		return &ruleset->root_inode;
156 		return &ruleset->root_net_port;
178 	const struct landlock_ruleset ruleset = {
183 	BUILD_BUG_ON(ruleset.num_rules < LANDLOCK_MAX_NUM_RULES);
184 	BUILD_BUG_ON(ruleset.num_layers < LANDLOCK_MAX_NUM_LAYERS);
188  * insert_rule - Create and insert a rule in a ruleset
190  * @ruleset: The ruleset to be updated.
196  * When user space requests to add a new rule to a ruleset, @layers only
198  * case, the new rule will extend @ruleset, similarly to a boolean OR between
201  * When merging a ruleset in a domain, or copying a domain, @layers will be
202  * added to @ruleset as new constraints, similarly to a boolean AND between
207 static int insert_rule(struct landlock_ruleset *const ruleset,
218 	lockdep_assert_held(&ruleset->lock);
225 	root = get_root(ruleset, id.type);
251 			 * landlock_add_rule(2), i.e. @ruleset is not a domain.
266 		 * ruleset and a domain.
279 	if (ruleset->num_rules >= LANDLOCK_MAX_NUM_RULES)
286 	ruleset->num_rules++;
305 /* @ruleset must be locked by the caller. */
306 int landlock_insert_rule(struct landlock_ruleset *const ruleset,
312 		/* When @level is zero, insert_rule() extends @ruleset. */
317 	return insert_rule(ruleset, id, &layers, ARRAY_SIZE(layers));
483 static void free_ruleset(struct landlock_ruleset *const ruleset)
488 	rbtree_postorder_for_each_entry_safe(freeme, next, &ruleset->root_inode,
494 					     &ruleset->root_net_port, node)
498 	landlock_put_hierarchy(ruleset->hierarchy);
499 	kfree(ruleset);
502 void landlock_put_ruleset(struct landlock_ruleset *const ruleset)
505 	if (ruleset && refcount_dec_and_test(&ruleset->usage))
506 		free_ruleset(ruleset);
511 	struct landlock_ruleset *ruleset;
513 	ruleset = container_of(work, struct landlock_ruleset, work_free);
514 	free_ruleset(ruleset);
518 void landlock_put_ruleset_deferred(struct landlock_ruleset *const ruleset)
520 	if (ruleset && refcount_dec_and_test(&ruleset->usage)) {
521 		INIT_WORK(&ruleset->work_free, free_ruleset_work);
522 		schedule_work(&ruleset->work_free);
527  * landlock_merge_ruleset - Merge a ruleset with a domain
530  * @ruleset: New ruleset to be merged.
535  * Return: A new domain merging @parent and @ruleset on success, or ERR_PTR()
536  * on failure.  If @parent is NULL, the new domain duplicates @ruleset.
540 		       struct landlock_ruleset *const ruleset)
547 	if (WARN_ON_ONCE(!ruleset || parent == ruleset))
575 	/* ...and including @ruleset. */
576 	err = merge_ruleset(new_dom, ruleset);
588  * The returned access has the same lifetime as @ruleset.
591 landlock_find_rule(const struct landlock_ruleset *const ruleset,
597 	root = get_root((struct landlock_ruleset *)ruleset, id.type);
663 get_access_mask_t(const struct landlock_ruleset *const ruleset,