xref: /linux/security/landlock/limits.h (revision c532de5a67a70f8533d495f8f2aaa9a0491c3ad0)
1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3  * Landlock LSM - Limits for different components
4  *
5  * Copyright © 2016-2020 Mickaël Salaün <mic@digikod.net>
6  * Copyright © 2018-2020 ANSSI
7  */
8 
9 #ifndef _SECURITY_LANDLOCK_LIMITS_H
10 #define _SECURITY_LANDLOCK_LIMITS_H
11 
12 #include <linux/bitops.h>
13 #include <linux/limits.h>
14 #include <uapi/linux/landlock.h>
15 
16 /* clang-format off */
17 
18 #define LANDLOCK_MAX_NUM_LAYERS		16
19 #define LANDLOCK_MAX_NUM_RULES		U32_MAX
20 
21 #define LANDLOCK_LAST_ACCESS_FS		LANDLOCK_ACCESS_FS_IOCTL_DEV
22 #define LANDLOCK_MASK_ACCESS_FS		((LANDLOCK_LAST_ACCESS_FS << 1) - 1)
23 #define LANDLOCK_NUM_ACCESS_FS		__const_hweight64(LANDLOCK_MASK_ACCESS_FS)
24 
25 #define LANDLOCK_LAST_ACCESS_NET	LANDLOCK_ACCESS_NET_CONNECT_TCP
26 #define LANDLOCK_MASK_ACCESS_NET	((LANDLOCK_LAST_ACCESS_NET << 1) - 1)
27 #define LANDLOCK_NUM_ACCESS_NET		__const_hweight64(LANDLOCK_MASK_ACCESS_NET)
28 
29 #define LANDLOCK_LAST_SCOPE		LANDLOCK_SCOPE_SIGNAL
30 #define LANDLOCK_MASK_SCOPE		((LANDLOCK_LAST_SCOPE << 1) - 1)
31 #define LANDLOCK_NUM_SCOPE		__const_hweight64(LANDLOCK_MASK_SCOPE)
32 /* clang-format on */
33 
34 #endif /* _SECURITY_LANDLOCK_LIMITS_H */
35