ruleset.h - OpenGrok cross reference for /linux/security/landlock/ruleset.h

Lines Matching +full:protection +full:- +full:domain
1 /* SPDX-License-Identifier: GPL-2.0-only */
3  * Landlock LSM - Ruleset management
5  * Copyright © 2016-2020 Mickaël Salaün <mic@digikod.net>
6  * Copyright © 2018-2020 ANSSI
24  * struct landlock_layer - Access rights for a given layer
39  * union landlock_key - Key of a ruleset's red-black tree
47 	 * @data: Raw data to identify an arbitrary 32-bit value
54  * enum landlock_key_type - Type of &union landlock_key
70  * struct landlock_id - Unique rule identifier for a ruleset
85  * struct landlock_rule - Access rights tied to an object
89 	 * @node: Node in the ruleset's red-black tree.
112  * struct landlock_hierarchy - Node in a ruleset hierarchy
117 	 * Landlock domain.
122 	 * domain.
128  * struct landlock_ruleset - Landlock ruleset
135 	 * @root_inode: Root of a red-black tree containing &struct
137 	 * process (i.e. as a domain), this tree is immutable until @usage
144 	 * @root_net_port: Root of a red-black tree containing &struct
146 	 * process (i.e. as a domain), this tree is immutable until @usage
154 	 * domain vanishes.  This is needed for the ptrace protection.
178 			 * @num_rules: Number of non-overlapping (i.e. not for
186 			 * non-merged ruleset (i.e. not a domain).
192 			 * A domain saves all layers of merged rulesets in a
196 			 * (i.e. future-proof), and to properly handle merged
232 		refcount_inc(&ruleset->usage);  in landlock_get_ruleset()
236  * landlock_union_access_masks - Return all access rights handled in the
237  *				 domain
239  * @domain: Landlock ruleset (used as a domain)
241  * Returns: an access_masks result of the OR of all the domain's access masks.
244 landlock_union_access_masks(const struct landlock_ruleset *const domain)  in landlock_union_access_masks()  argument
249 	for (layer_level = 0; layer_level < domain->num_layers; layer_level++) {  in landlock_union_access_masks()
251 			.masks = domain->access_masks[layer_level],  in landlock_union_access_masks()
261  * landlock_get_applicable_domain - Return @domain if it applies to (handles)
265  * @domain: Landlock ruleset (used as a domain)
268  * Returns: @domain if any access rights specified in @masks is handled, or
272 landlock_get_applicable_domain(const struct landlock_ruleset *const domain,  in landlock_get_applicable_domain()  argument
280 	if (!domain)  in landlock_get_applicable_domain()
283 	merge.masks = landlock_union_access_masks(domain);  in landlock_get_applicable_domain()
285 		return domain;  in landlock_get_applicable_domain()
299 	ruleset->access_masks[layer_level].fs |= fs_mask;  in landlock_add_fs_access_mask()
311 	ruleset->access_masks[layer_level].net |= net_mask;  in landlock_add_net_access_mask()
322 	ruleset->access_masks[layer_level].scope |= mask;  in landlock_add_scope_mask()
330 	return ruleset->access_masks[layer_level].fs |  in landlock_get_fs_access_mask()
338 	return ruleset->access_masks[layer_level].net;  in landlock_get_net_access_mask()
345 	return ruleset->access_masks[layer_level].scope;  in landlock_get_scope_mask()
354 landlock_init_layer_masks(const struct landlock_ruleset *const domain,
In current file

In project "undefined"

On Google
