1*622e2f59SMickaël Salaün /* SPDX-License-Identifier: GPL-2.0-only */ 2*622e2f59SMickaël Salaün /* 3*622e2f59SMickaël Salaün * Landlock LSM - Access types and helpers 4*622e2f59SMickaël Salaün * 5*622e2f59SMickaël Salaün * Copyright © 2016-2020 Mickaël Salaün <mic@digikod.net> 6*622e2f59SMickaël Salaün * Copyright © 2018-2020 ANSSI 7*622e2f59SMickaël Salaün * Copyright © 2024-2025 Microsoft Corporation 8*622e2f59SMickaël Salaün */ 9*622e2f59SMickaël Salaün 10*622e2f59SMickaël Salaün #ifndef _SECURITY_LANDLOCK_ACCESS_H 11*622e2f59SMickaël Salaün #define _SECURITY_LANDLOCK_ACCESS_H 12*622e2f59SMickaël Salaün 13*622e2f59SMickaël Salaün #include <linux/bitops.h> 14*622e2f59SMickaël Salaün #include <linux/build_bug.h> 15*622e2f59SMickaël Salaün #include <linux/kernel.h> 16*622e2f59SMickaël Salaün #include <uapi/linux/landlock.h> 17*622e2f59SMickaël Salaün 18*622e2f59SMickaël Salaün #include "limits.h" 19*622e2f59SMickaël Salaün 20*622e2f59SMickaël Salaün /* 21*622e2f59SMickaël Salaün * All access rights that are denied by default whether they are handled or not 22*622e2f59SMickaël Salaün * by a ruleset/layer. This must be ORed with all ruleset->access_masks[] 23*622e2f59SMickaël Salaün * entries when we need to get the absolute handled access masks. 24*622e2f59SMickaël Salaün */ 25*622e2f59SMickaël Salaün /* clang-format off */ 26*622e2f59SMickaël Salaün #define _LANDLOCK_ACCESS_FS_INITIALLY_DENIED ( \ 27*622e2f59SMickaël Salaün LANDLOCK_ACCESS_FS_REFER) 28*622e2f59SMickaël Salaün /* clang-format on */ 29*622e2f59SMickaël Salaün 30*622e2f59SMickaël Salaün typedef u16 access_mask_t; 31*622e2f59SMickaël Salaün 32*622e2f59SMickaël Salaün /* Makes sure all filesystem access rights can be stored. */ 33*622e2f59SMickaël Salaün static_assert(BITS_PER_TYPE(access_mask_t) >= LANDLOCK_NUM_ACCESS_FS); 34*622e2f59SMickaël Salaün /* Makes sure all network access rights can be stored. */ 35*622e2f59SMickaël Salaün static_assert(BITS_PER_TYPE(access_mask_t) >= LANDLOCK_NUM_ACCESS_NET); 36*622e2f59SMickaël Salaün /* Makes sure all scoped rights can be stored. */ 37*622e2f59SMickaël Salaün static_assert(BITS_PER_TYPE(access_mask_t) >= LANDLOCK_NUM_SCOPE); 38*622e2f59SMickaël Salaün /* Makes sure for_each_set_bit() and for_each_clear_bit() calls are OK. */ 39*622e2f59SMickaël Salaün static_assert(sizeof(unsigned long) >= sizeof(access_mask_t)); 40*622e2f59SMickaël Salaün 41*622e2f59SMickaël Salaün /* Ruleset access masks. */ 42*622e2f59SMickaël Salaün struct access_masks { 43*622e2f59SMickaël Salaün access_mask_t fs : LANDLOCK_NUM_ACCESS_FS; 44*622e2f59SMickaël Salaün access_mask_t net : LANDLOCK_NUM_ACCESS_NET; 45*622e2f59SMickaël Salaün access_mask_t scope : LANDLOCK_NUM_SCOPE; 46*622e2f59SMickaël Salaün }; 47*622e2f59SMickaël Salaün 48*622e2f59SMickaël Salaün union access_masks_all { 49*622e2f59SMickaël Salaün struct access_masks masks; 50*622e2f59SMickaël Salaün u32 all; 51*622e2f59SMickaël Salaün }; 52*622e2f59SMickaël Salaün 53*622e2f59SMickaël Salaün /* Makes sure all fields are covered. */ 54*622e2f59SMickaël Salaün static_assert(sizeof(typeof_member(union access_masks_all, masks)) == 55*622e2f59SMickaël Salaün sizeof(typeof_member(union access_masks_all, all))); 56*622e2f59SMickaël Salaün 57*622e2f59SMickaël Salaün typedef u16 layer_mask_t; 58*622e2f59SMickaël Salaün 59*622e2f59SMickaël Salaün /* Makes sure all layers can be checked. */ 60*622e2f59SMickaël Salaün static_assert(BITS_PER_TYPE(layer_mask_t) >= LANDLOCK_MAX_NUM_LAYERS); 61*622e2f59SMickaël Salaün 62*622e2f59SMickaël Salaün #endif /* _SECURITY_LANDLOCK_ACCESS_H */ 63