Lines Matching +full:in +full:- +full:masks
1 /* SPDX-License-Identifier: GPL-2.0-only */
3 * Landlock LSM - Ruleset management
5 * Copyright © 2016-2020 Mickaël Salaün <mic@digikod.net>
6 * Copyright © 2018-2020 ANSSI
26 * by a ruleset/layer. This must be ORed with all ruleset->access_masks[]
27 * entries when we need to get the absolute handled access masks.
29 /* clang-format off */
32 /* clang-format on */
44 /* Ruleset access masks. */
52 struct access_masks masks; member
57 static_assert(sizeof(typeof_member(union access_masks_all, masks)) ==
65 * struct landlock_layer - Access rights for a given layer
69 * @level: Position of this layer in the layer stack.
80 * union landlock_key - Key of a ruleset's red-black tree
88 * @data: Raw data to identify an arbitrary 32-bit value
95 * enum landlock_key_type - Type of &union landlock_key
111 * struct landlock_id - Unique rule identifier for a ruleset
126 * struct landlock_rule - Access rights tied to an object
130 * @node: Node in the ruleset's red-black tree.
142 * @num_layers: Number of entries in @layers.
153 * struct landlock_hierarchy - Node in a ruleset hierarchy
169 * struct landlock_ruleset - Landlock ruleset
176 * @root_inode: Root of a red-black tree containing &struct
185 * @root_net_port: Root of a red-black tree containing &struct
219 * @num_rules: Number of non-overlapping (i.e. not for
220 * the same object) rules in this ruleset.
224 * @num_layers: Number of layers that are used in this
227 * non-merged ruleset (i.e. not a domain).
233 * A domain saves all layers of merged rulesets in a
237 * (i.e. future-proof), and to properly handle merged
270 refcount_inc(&ruleset->usage); in landlock_get_ruleset()
274 * landlock_union_access_masks - Return all access rights handled in the
279 * Returns: an access_masks result of the OR of all the domain's access masks.
287 for (layer_level = 0; layer_level < domain->num_layers; layer_level++) { in landlock_union_access_masks()
289 .masks = domain->access_masks[layer_level], in landlock_union_access_masks()
295 return matches.masks; in landlock_union_access_masks()
299 * landlock_get_applicable_domain - Return @domain if it applies to (handles)
301 * in @masks
304 * @masks: access masks
306 * Returns: @domain if any access rights specified in @masks is handled, or
311 const struct access_masks masks) in landlock_get_applicable_domain() argument
314 .masks = masks, in landlock_get_applicable_domain()
321 merge.masks = landlock_union_access_masks(domain); in landlock_get_applicable_domain()
335 /* Should already be checked in sys_landlock_create_ruleset(). */ in landlock_add_fs_access_mask()
337 ruleset->access_masks[layer_level].fs |= fs_mask; in landlock_add_fs_access_mask()
347 /* Should already be checked in sys_landlock_create_ruleset(). */ in landlock_add_net_access_mask()
349 ruleset->access_masks[layer_level].net |= net_mask; in landlock_add_net_access_mask()
358 /* Should already be checked in sys_landlock_create_ruleset(). */ in landlock_add_scope_mask()
360 ruleset->access_masks[layer_level].scope |= mask; in landlock_add_scope_mask()
368 return ruleset->access_masks[layer_level].fs | in landlock_get_fs_access_mask()
376 return ruleset->access_masks[layer_level].net; in landlock_get_net_access_mask()
383 return ruleset->access_masks[layer_level].scope; in landlock_get_scope_mask()