/* SPDX-License-Identifier: GPL-2.0 */1/*2* SafeSetID Linux Security Module3*4* Author: Micah Morton <[email protected]>5*6* Copyright (C) 2018 The Chromium OS Authors.7*8* This program is free software; you can redistribute it and/or modify9* it under the terms of the GNU General Public License version 2, as10* published by the Free Software Foundation.11*12*/13#ifndef _SAFESETID_H14#define _SAFESETID_H1516#include <linux/types.h>17#include <linux/uidgid.h>18#include <linux/hashtable.h>1920/* Flag indicating whether initialization completed */21extern int safesetid_initialized __initdata;2223enum sid_policy_type {24SIDPOL_DEFAULT, /* source ID is unaffected by policy */25SIDPOL_CONSTRAINED, /* source ID is affected by policy */26SIDPOL_ALLOWED /* target ID explicitly allowed */27};2829typedef union {30kuid_t uid;31kgid_t gid;32} kid_t;3334enum setid_type {35UID,36GID37};3839/*40* Hash table entry to store safesetid policy signifying that 'src_id'41* can set*id to 'dst_id'.42*/43struct setid_rule {44struct hlist_node next;45kid_t src_id;46kid_t dst_id;4748/* Flag to signal if rule is for UID's or GID's */49enum setid_type type;50};5152#define SETID_HASH_BITS 8 /* 256 buckets in hash table */5354/* Extension of INVALID_UID/INVALID_GID for kid_t type */55#define INVALID_ID (kid_t){.uid = INVALID_UID}5657struct setid_ruleset {58DECLARE_HASHTABLE(rules, SETID_HASH_BITS);59char *policy_str;60struct rcu_head rcu;6162//Flag to signal if ruleset is for UID's or GID's63enum setid_type type;64};6566enum sid_policy_type _setid_policy_lookup(struct setid_ruleset *policy,67kid_t src, kid_t dst);6869extern struct setid_ruleset __rcu *safesetid_setuid_rules;70extern struct setid_ruleset __rcu *safesetid_setgid_rules;7172#endif /* _SAFESETID_H */737475