1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * Landlock - Limits for different components 4 * 5 * Copyright © 2016-2020 Mickaël Salaün <mic@digikod.net> 6 * Copyright © 2018-2020 ANSSI 7 * Copyright © 2021-2025 Microsoft Corporation 8 */ 9 10 #ifndef _SECURITY_LANDLOCK_LIMITS_H 11 #define _SECURITY_LANDLOCK_LIMITS_H 12 13 #include <linux/bitops.h> 14 #include <linux/limits.h> 15 #include <uapi/linux/landlock.h> 16 17 /* clang-format off */ 18 19 #define LANDLOCK_MAX_NUM_LAYERS 16 20 #define LANDLOCK_MAX_NUM_RULES U32_MAX 21 22 #define LANDLOCK_LAST_ACCESS_FS LANDLOCK_ACCESS_FS_IOCTL_DEV 23 #define LANDLOCK_MASK_ACCESS_FS ((LANDLOCK_LAST_ACCESS_FS << 1) - 1) 24 #define LANDLOCK_NUM_ACCESS_FS __const_hweight64(LANDLOCK_MASK_ACCESS_FS) 25 26 #define LANDLOCK_LAST_ACCESS_NET LANDLOCK_ACCESS_NET_CONNECT_TCP 27 #define LANDLOCK_MASK_ACCESS_NET ((LANDLOCK_LAST_ACCESS_NET << 1) - 1) 28 #define LANDLOCK_NUM_ACCESS_NET __const_hweight64(LANDLOCK_MASK_ACCESS_NET) 29 30 #define LANDLOCK_LAST_SCOPE LANDLOCK_SCOPE_SIGNAL 31 #define LANDLOCK_MASK_SCOPE ((LANDLOCK_LAST_SCOPE << 1) - 1) 32 #define LANDLOCK_NUM_SCOPE __const_hweight64(LANDLOCK_MASK_SCOPE) 33 34 #define LANDLOCK_LAST_RESTRICT_SELF LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF 35 #define LANDLOCK_MASK_RESTRICT_SELF ((LANDLOCK_LAST_RESTRICT_SELF << 1) - 1) 36 37 /* clang-format on */ 38 39 #endif /* _SECURITY_LANDLOCK_LIMITS_H */ 40