24 Mar
2021
24 Mar
'21
7:34 p.m.
On 24/03/2021 20:15, Mickaël Salaün wrote: [...]
diff --git a/security/landlock/object.h b/security/landlock/object.h new file mode 100644 index 000000000000..3e5d5b6941c3 --- /dev/null +++ b/security/landlock/object.h @@ -0,0 +1,91 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/*
- Landlock LSM - Object management
- Copyright © 2016-2020 Mickaël Salaün mic@digikod.net
- Copyright © 2018-2020 ANSSI
- */
+#ifndef _SECURITY_LANDLOCK_OBJECT_H +#define _SECURITY_LANDLOCK_OBJECT_H
+#include <linux/compiler_types.h> +#include <linux/refcount.h> +#include <linux/spinlock.h>
+struct landlock_object;
+/**
- struct landlock_object_underops - Operations on an underlying object
- */
+struct landlock_object_underops {
- /**
* @release: Releases the underlying object (e.g. iput() for an inode).*/- void (*release)(struct landlock_object *const object)
__releases(object->lock);+};
+/**
- struct landlock_object - Security blob tied to a kernel object
- The goal of this structure is to enable to tie a set of ephemeral access
- rights (pertaining to different domains) to a kernel object (e.g an inode)
- in a safe way. This implies to handle concurrent use and modification.
- The lifetime of a &struct landlock_object depends of the rules referring to
You should read "depends on"…