1622e2f59SMickaël Salaün /* SPDX-License-Identifier: GPL-2.0-only */ 2622e2f59SMickaël Salaün /* 3622e2f59SMickaël Salaün * Landlock LSM - Access types and helpers 4622e2f59SMickaël Salaün * 5622e2f59SMickaël Salaün * Copyright © 2016-2020 Mickaël Salaün <mic@digikod.net> 6622e2f59SMickaël Salaün * Copyright © 2018-2020 ANSSI 7622e2f59SMickaël Salaün * Copyright © 2024-2025 Microsoft Corporation 8622e2f59SMickaël Salaün */ 9622e2f59SMickaël Salaün 10622e2f59SMickaël Salaün #ifndef _SECURITY_LANDLOCK_ACCESS_H 11622e2f59SMickaël Salaün #define _SECURITY_LANDLOCK_ACCESS_H 12622e2f59SMickaël Salaün 13622e2f59SMickaël Salaün #include <linux/bitops.h> 14622e2f59SMickaël Salaün #include <linux/build_bug.h> 15622e2f59SMickaël Salaün #include <linux/kernel.h> 16622e2f59SMickaël Salaün #include <uapi/linux/landlock.h> 17622e2f59SMickaël Salaün 18622e2f59SMickaël Salaün #include "limits.h" 19622e2f59SMickaël Salaün 20622e2f59SMickaël Salaün /* 21622e2f59SMickaël Salaün * All access rights that are denied by default whether they are handled or not 22622e2f59SMickaël Salaün * by a ruleset/layer. This must be ORed with all ruleset->access_masks[] 23*d6c7cf84SMickaël Salaün * entries when we need to get the absolute handled access masks, see 24*d6c7cf84SMickaël Salaün * landlock_upgrade_handled_access_masks(). 25622e2f59SMickaël Salaün */ 26622e2f59SMickaël Salaün /* clang-format off */ 27622e2f59SMickaël Salaün #define _LANDLOCK_ACCESS_FS_INITIALLY_DENIED ( \ 28622e2f59SMickaël Salaün LANDLOCK_ACCESS_FS_REFER) 29622e2f59SMickaël Salaün /* clang-format on */ 30622e2f59SMickaël Salaün 31622e2f59SMickaël Salaün typedef u16 access_mask_t; 32622e2f59SMickaël Salaün 33622e2f59SMickaël Salaün /* Makes sure all filesystem access rights can be stored. */ 34622e2f59SMickaël Salaün static_assert(BITS_PER_TYPE(access_mask_t) >= LANDLOCK_NUM_ACCESS_FS); 35622e2f59SMickaël Salaün /* Makes sure all network access rights can be stored. */ 36622e2f59SMickaël Salaün static_assert(BITS_PER_TYPE(access_mask_t) >= LANDLOCK_NUM_ACCESS_NET); 37622e2f59SMickaël Salaün /* Makes sure all scoped rights can be stored. */ 38622e2f59SMickaël Salaün static_assert(BITS_PER_TYPE(access_mask_t) >= LANDLOCK_NUM_SCOPE); 39622e2f59SMickaël Salaün /* Makes sure for_each_set_bit() and for_each_clear_bit() calls are OK. */ 40622e2f59SMickaël Salaün static_assert(sizeof(unsigned long) >= sizeof(access_mask_t)); 41622e2f59SMickaël Salaün 42622e2f59SMickaël Salaün /* Ruleset access masks. */ 43622e2f59SMickaël Salaün struct access_masks { 44622e2f59SMickaël Salaün access_mask_t fs : LANDLOCK_NUM_ACCESS_FS; 45622e2f59SMickaël Salaün access_mask_t net : LANDLOCK_NUM_ACCESS_NET; 46622e2f59SMickaël Salaün access_mask_t scope : LANDLOCK_NUM_SCOPE; 47622e2f59SMickaël Salaün }; 48622e2f59SMickaël Salaün 49622e2f59SMickaël Salaün union access_masks_all { 50622e2f59SMickaël Salaün struct access_masks masks; 51622e2f59SMickaël Salaün u32 all; 52622e2f59SMickaël Salaün }; 53622e2f59SMickaël Salaün 54622e2f59SMickaël Salaün /* Makes sure all fields are covered. */ 55622e2f59SMickaël Salaün static_assert(sizeof(typeof_member(union access_masks_all, masks)) == 56622e2f59SMickaël Salaün sizeof(typeof_member(union access_masks_all, all))); 57622e2f59SMickaël Salaün 58622e2f59SMickaël Salaün typedef u16 layer_mask_t; 59622e2f59SMickaël Salaün 60622e2f59SMickaël Salaün /* Makes sure all layers can be checked. */ 61622e2f59SMickaël Salaün static_assert(BITS_PER_TYPE(layer_mask_t) >= LANDLOCK_MAX_NUM_LAYERS); 62622e2f59SMickaël Salaün 63*d6c7cf84SMickaël Salaün /* Upgrades with all initially denied by default access rights. */ 64*d6c7cf84SMickaël Salaün static inline struct access_masks landlock_upgrade_handled_access_masks(struct access_masks access_masks)65*d6c7cf84SMickaël Salaünlandlock_upgrade_handled_access_masks(struct access_masks access_masks) 66*d6c7cf84SMickaël Salaün { 67*d6c7cf84SMickaël Salaün /* 68*d6c7cf84SMickaël Salaün * All access rights that are denied by default whether they are 69*d6c7cf84SMickaël Salaün * explicitly handled or not. 70*d6c7cf84SMickaël Salaün */ 71*d6c7cf84SMickaël Salaün if (access_masks.fs) 72*d6c7cf84SMickaël Salaün access_masks.fs |= _LANDLOCK_ACCESS_FS_INITIALLY_DENIED; 73*d6c7cf84SMickaël Salaün 74*d6c7cf84SMickaël Salaün return access_masks; 75*d6c7cf84SMickaël Salaün } 76*d6c7cf84SMickaël Salaün 77622e2f59SMickaël Salaün #endif /* _SECURITY_LANDLOCK_ACCESS_H */ 78