README.md
Rendering markdown...
#ifndef KERNEL_H_
#define KERNEL_H_
typedef int (*fnPrintk)(char*,...);
#define _LINUX_CAPABILITY_U32S_3 2
#define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_3
extern int file_caps_enabled;
typedef struct kernel_cap_struct {
__u32 cap[_KERNEL_CAPABILITY_U32S];
} kernel_cap_t;
typedef struct tmycred {
int usage;
uid_t uid; /* real UID of the task */
gid_t gid; /* real GID of the task */
uid_t suid; /* saved UID of the task */
gid_t sgid; /* saved GID of the task */
uid_t euid; /* effective UID of the task */
gid_t egid; /* effective GID of the task */
uid_t fsuid; /* UID for VFS ops */
gid_t fsgid; /* GID for VFS ops */
unsigned securebits; /* SUID-less security management */
kernel_cap_t cap_inheritable; /* caps our children can inherit */
kernel_cap_t cap_permitted; /* caps we're permitted */
kernel_cap_t cap_effective; /* caps we can actually use */
kernel_cap_t cap_bset; /* capability bounding set */
void *security; /* subjective LSM security */
}mycred;
struct task_security_struct {
int osid; /* SID prior to last execve */
int sid; /* current SID */
int exec_sid; /* exec SID */
int create_sid; /* fscreate SID */
int keycreate_sid; /* keycreate SID */
int sockcreate_sid; /* fscreate SID */
};
#define SECURITY_NAME_MAX 10
struct security_operations {
char name[SECURITY_NAME_MAX + 1];
int (*binder_set_context_mgr);
int (*binder_transaction);
int (*binder_transfer_binder);
int (*binder_transfer_file);
int (*ptrace_access_check) ;
int (*ptrace_traceme) ;
int (*capget) ;
int (*capset);
int (*capable);
int (*quotactl) ;
int (*quota_on) ;
int (*syslog);
int (*settime) ;
int (*vm_enough_memory) ;
int (*bprm_set_creds);
int (*bprm_check_security);
int (*bprm_secureexec) ;
void (*bprm_committing_creds);
void (*bprm_committed_creds) ;
int (*sb_alloc_security) ;
void (*sb_free_security);
int (*sb_copy_data);
int (*sb_remount);
int (*sb_kern_mount) ;
int (*sb_show_options) ;
int (*sb_statfs) ;
int (*sb_mount);
int (*sb_umount) ;
int (*sb_pivotroot);
int (*sb_set_mnt_opts) ;
void (*sb_clone_mnt_opts);
int (*sb_parse_opts_str) ;
#ifdef CONFIG_SECURITY_PATH
int (*path_unlink) (struct path *dir, struct dentry *dentry);
int (*path_mkdir) (struct path *dir, struct dentry *dentry, umode_t mode);
int (*path_rmdir) (struct path *dir, struct dentry *dentry);
int (*path_mknod) (struct path *dir, struct dentry *dentry, umode_t mode,
unsigned int dev);
int (*path_truncate) (struct path *path);
int (*path_symlink) (struct path *dir, struct dentry *dentry,
const char *old_name);
int (*path_link) (struct dentry *old_dentry, struct path *new_dir,
struct dentry *new_dentry);
int (*path_rename) (struct path *old_dir, struct dentry *old_dentry,
struct path *new_dir, struct dentry *new_dentry);
int (*path_chmod) (struct path *path, umode_t mode);
int (*path_chown) (struct path *path, uid_t uid, gid_t gid);
int (*path_chroot) (struct path *path);
#endif
int (*inode_alloc_security);
void (*inode_free_security) ;
int (*inode_init_security);
int (*inode_create) ;
int (*inode_link) ;
int (*inode_unlink);
int (*inode_symlink);
int (*inode_mkdir) ;
int (*inode_rmdir);
int (*inode_mknod);
int (*inode_rename);
int (*inode_readlink) ;
int (*inode_follow_link);
int (*inode_permission);
int (*inode_setattr) ;
int (*inode_getattr);
int (*inode_setxattr);
void (*inode_post_setxattr);
int (*inode_getxattr) ;
int (*inode_listxattr) ;
int (*inode_removexattr);
int (*inode_need_killpriv);
int (*inode_killpriv) ;
int (*inode_getsecurity) ;
int (*inode_setsecurity) ;
int (*inode_listsecurity);
void (*inode_getsecid);
int (*file_permission) ;
int (*file_alloc_security);
void (*file_free_security);
int (*file_ioctl);
int (*file_mmap) ;
int (*file_mprotect) ;
int (*file_lock);
int (*file_fcntl) ;
int (*file_set_fowner);
int (*file_send_sigiotask) ;
int (*file_receive);
int (*dentry_open) ;
int (*task_create);
void (*task_free) ;
int (*cred_alloc_blank);
void (*cred_free) ;
int (*cred_prepare);
void (*cred_transfer);
int (*kernel_act_as);
int (*kernel_create_files_as);
int (*kernel_module_request);
int (*task_fix_setuid) ;
int (*task_setpgid);
int (*task_getpgid);
int (*task_getsid) ;
void (*task_getsecid);
int (*task_setnice) ;
int (*task_setioprio);
int (*task_getioprio);
int (*task_setrlimit);
int (*task_setscheduler);
int (*task_getscheduler);
int (*task_movememory);
int (*task_kill);
int (*task_wait);
int (*task_prctl);
void (*task_to_inode);
int (*ipc_permission);
void (*ipc_getsecid);
int (*msg_msg_alloc_security) ;
void (*msg_msg_free_security);
int (*msg_queue_alloc_security) ;
void (*msg_queue_free_security);
int (*msg_queue_associate) ;
int (*msg_queue_msgctl);
int (*msg_queue_msgsnd);
int (*msg_queue_msgrcv) ;
int (*shm_alloc_security) ;
void (*shm_free_security);
int (*shm_associate) ;
int (*shm_shmctl);
int (*shm_shmat) ;
int (*sem_alloc_security);
void (*sem_free_security);
int (*sem_associate);
int (*sem_semctlpolicydb) ;
int (*sem_semop) ;
int (*netlink_send) ;
void (*d_instantiate) ;
int (*getprocattr) ;
int (*setprocattr) ;
int (*secid_to_secctx) ;
int (*secctx_to_secid);
void (*release_secctx) ;
int (*inode_notifysecctx);
int (*inode_setsecctx);
int (*inode_getsecctx);
#define CONFIG_SECURITY_NETWORK
#ifdef CONFIG_SECURITY_NETWORK
int (*unix_stream_connect) ;
int (*unix_may_send);
int (*socket_create);
int (*socket_post_create) ;
int (*socket_bind);
int (*socket_connect);
int (*socket_listen) ;
int (*socket_accept) ;
int (*socket_sendmsg);
int (*socket_recvmsg);
int (*socket_getsockname);
int (*socket_getpeername);
int (*socket_getsockopt);
int (*socket_setsockopt) ;
int (*socket_shutdown);
int (*socket_sock_rcv_skb);
int (*socket_getpeersec_stream) ;
int (*socket_getpeersec_dgram);
int (*sk_alloc_security) ;
void (*sk_free_security) ;
void (*sk_clone_security) ;
void (*sk_getsecid);
void (*sock_graft) ;
int (*inet_conn_request);
void (*inet_csk_clone) ;
void (*inet_conn_established) ;
int (*secmark_relabel_packet) ;
void (*secmark_refcount_inc) ;
void (*secmark_refcount_dec);
void (*req_classify_flow) ;
int (*tun_dev_create);
void (*tun_dev_post_create);
int (*tun_dev_attach);
#endif /* CONFIG_SECURITY_NETWORK */
#ifdef CONFIG_SECURITY_NETWORK_XFRM
int (*xfrm_policy_alloc_security) (struct xfrm_sec_ctx **ctxp,
struct xfrm_user_sec_ctx *sec_ctx);
int (*xfrm_policy_clone_security) (struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctx);
void (*xfrm_policy_free_security) (struct xfrm_sec_ctx *ctx);
int (*xfrm_policy_delete_security) (struct xfrm_sec_ctx *ctx);
int (*xfrm_state_alloc_security) (struct xfrm_state *x,
struct xfrm_user_sec_ctx *sec_ctx,
u32 secid);
void (*xfrm_state_free_security) (struct xfrm_state *x);
int (*xfrm_state_delete_security) (struct xfrm_state *x);
int (*xfrm_policy_lookup) (struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
int (*xfrm_state_pol_flow_match) (struct xfrm_state *x,
struct xfrm_policy *xp,
const struct flowi *fl);
int (*xfrm_decode_session) (struct sk_buff *skb, u32 *secid, int ckall);
#endif /* CONFIG_SECURITY_NETWORK_XFRM */
/* key management security hooks */
#ifdef CONFIG_KEYS
int (*key_alloc) (struct key *key, const struct cred *cred, unsigned long flags);
void (*key_free) (struct key *key);
int (*key_permission) (key_ref_t key_ref,
const struct cred *cred,
key_perm_t perm);
int (*key_getsecurity)(struct key *key, char **_buffer);
#endif /* CONFIG_KEYS */
#ifdef CONFIG_AUDIT
int (*audit_rule_init) (u32 field, u32 op, char *rulestr, void **lsmrule);
int (*audit_rule_known) (struct audit_krule *krule);
int (*audit_rule_match) (u32 secid, u32 field, u32 op, void *lsmrule,
struct audit_context *actx);
void (*audit_rule_free) (void *lsmrule);
#endif /* CONFIG_AUDIT */
};
#define PF_KTHREAD 0x00200000
/* symbol table array indices */
#define SYM_COMMONS 0
#define SYM_CLASSES 1
#define SYM_ROLES 2
#define SYM_TYPES 3
#define SYM_USERS 4
#define SYM_BOOLS 5
#define SYM_LEVELS 6
#define SYM_CATS 7
#define SYM_NUM 8
/* object context array indices */
#define OCON_ISID 0 /* initial SIDs */
#define OCON_FS 1 /* unlabeled file systems */
#define OCON_PORT 2 /* TCP and UDP port numbers */
#define OCON_NETIF 3 /* network interfaces */
#define OCON_NODE 4 /* nodes */
#define OCON_FSUSE 5 /* fs_use */
#define OCON_NODE6 6 /* IPv6 nodes */
#define OCON_NUM 7
struct symtab {
int *table; /* hash table (keyed on a string) */
int nprim; /* number of primary names in table */
};
struct avtab {
int *htable;
int nel; /* number of elements */
int nslot; /* number of hash slots */
short mask; /* mask to compute hash func */
};
struct ebitmap {
int *node; /* first node in the bitmap */
int highbit; /* highest position in the total bitmap */
};
struct policydb {
int mls_enabled;
/* symbol tables */
struct symtab symtab[SYM_NUM];
#define p_commons symtab[SYM_COMMONS]
#define p_classes symtab[SYM_CLASSES]
#define p_roles symtab[SYM_ROLES]
#define p_types symtab[SYM_TYPES]
#define p_users symtab[SYM_USERS]
#define p_bools symtab[SYM_BOOLS]
#define p_levels symtab[SYM_LEVELS]
#define p_cats symtab[SYM_CATS]
/* symbol names indexed by (value - 1) */
int *sym_val_to_name[SYM_NUM];
/* class, role, and user attributes indexed by (value - 1) */
int*class_val_to_struct;
int*role_val_to_struct;
int*user_val_to_struct;
int *type_val_to_struct_array;
/* type enforcement access vectors and transitions */
struct avtab te_avtab;
/* role transitions */
int *role_tr;
/* file transitions with the last path component */
/* quickly exclude lookups when parent ttype has no rules */
struct ebitmap filename_trans_ttypes;
/* actual set of filename_trans rules */
int *filename_trans;
/* bools indexed by (value - 1) */
int *bool_val_to_struct;
/* type enforcement conditional access vectors and transitions */
struct avtab te_cond_avtab;
/* linked list indexing te_cond_avtab by conditional */
int *cond_list;
/* role allows */
int *role_allow;
/* security contexts of initial SIDs, unlabeled file systems,
TCP or UDP port numbers, network interfaces and nodes */
int *ocontexts[OCON_NUM];
/* security contexts for files in filesystems that cannot support
a persistent label mapping or use another
fixed labeling behavior. */
int *genfs;
/* range transitions table (range_trans_key -> mls_range) */
int *range_tr;
/* type -> attribute reverse mapping */
int *type_attr_map_array;
struct ebitmap policycaps;
struct ebitmap permissive_map;
/* length of this policy when it was loaded */
size_t len;
unsigned int policyvers;
unsigned int reject_unknown : 1;
unsigned int allow_unknown : 1;
short process_class;
int process_trans_perms;
};
struct mls_level {
int sens; /* sensitivity */
struct ebitmap cat; /* category set */
};
struct mls_range {
struct mls_level level[2]; /* low == level[0], high == level[1] */
};
struct context {
int user;
int role;
int type;
int len; /* length of string in bytes */
struct mls_range range;
char *str; /* string representation if context cannot be mapped. */
};
#endif /* NAKE_H_ */