Home Explore Help
Sign In
miti
/
graphene
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 7974db7720
Branches Tags
graphene
/
Pal
/
linux-3.14
/
graphene
/
graphene.h

graphene.h 4.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180 
  1. #ifndef _LINUX_GRAPHENE_H
    2. 

  2. #define _LINUX_GRAPHENE_H
    3. 

  3. 

  4. #include <linux/ioctl.h>
    5. 

  5. #include <linux/in.h>
    6. 

  6. #include <linux/in6.h>
    7. 

  7. 

  8. #define GRAPHENE_FILE   "/dev/graphene"
    9. 

  9. #define GRAPHENE_MINOR		239
    10. 

  10. 

  11. /* symbolic link this header file in include/linux */
    12. 

  12. 

  13. /* This header needs to be included in include/linux/sched.h */
    14. 

  14. 

  15. #ifndef __KERNEL__
    16. 

  16. # ifdef __user
    17. 

  17. #  undef __user
    18. 

  18. # endif
    19. 

  19. # define __user
    20. 

  20. #endif
    21. 

  21. 

  22. #define GRAPHENE_LIB_NAME	0x01
    23. 

  23. #define GRAPHENE_LIB_ADDR	0x02
    24. 

  24. #define GRAPHENE_UNIX_ROOT	0x03
    25. 

  25. #define GRAPHENE_UNIX_PREFIX	0x04
    26. 

  26. #define GRAPHENE_NET_RULE	0x05
    27. 

  27. #define GRAPHENE_FS_PATH	0x06
    28. 

  28. #define GRAPHENE_FS_RECURSIVE	0x07
    29. 

  29. #define GRAPHENE_FS_READ	0x10
    30. 

  30. #define GRAPHENE_FS_WRITE	0x20
    31. 

  31. 

  32. struct graphene_user_policy {
    33. 

  33. 	int			type;
    34. 

  34. 	const void __user *	value;
    35. 

  35. };
    36. 

  36. 

  37. struct graphene_net_addr {
    38. 

  38. 	union {
    39. 

  39. 		struct in_addr 		sin_addr;
    40. 

  40. 		struct in6_addr		sin6_addr;
    41. 

  41. 	} addr;
    42. 

  42. 	unsigned short		port_begin;
    43. 

  43. 	unsigned short		port_end;
    44. 

  44. };
    45. 

  45. 

  46. struct graphene_net_policy {
    47. 

  47. 	unsigned short			family;
    48. 

  48. 	struct graphene_net_addr	local, peer;
    49. 

  49. };
    50. 

  50. 

  51. #define GRAPHENE_SET_TASK	_IO('k', 16)
    52. 

  52. 

  53. struct graphene_policies {
    54. 

  54. 	int				npolicies;
    55. 

  55. 	struct graphene_user_policy	policies[];
    56. 

  56. };
    57. 

  57. 

  58. #ifdef __KERNEL__
    59. 

  59. 

  60. #include <linux/types.h>
    61. 

  61. #include <linux/sched.h>
    62. 

  62. #include <linux/net.h>
    63. 

  63. #include <linux/path.h>
    64. 

  64. #include <linux/list.h>
    65. 

  65. #include <linux/spinlock.h>
    66. 

  66. #include <linux/dcache.h>
    67. 

  67. #include <linux/rcupdate.h>
    68. 

  68. 

  69. struct task_struct;
    70. 

  70. struct path;
    71. 

  71. struct qstr;
    72. 

  72. 

  73. struct graphene_path {
    74. 

  74. 	struct list_head	list;
    75. 

  75. 	struct path		path;
    76. 

  76. 	int			type;
    77. 

  77. };
    78. 

  78. 

  79. #define LOCAL_ADDR_ANY		0x1
    80. 

  80. #define LOCAL_PORT_ANY		0x2
    81. 

  81. #define PEER_ADDR_ANY		0x4
    82. 

  82. #define PEER_PORT_ANY		0x8
    83. 

  83. 

  84. struct graphene_net {
    85. 

  85. 	struct list_head	list;
    86. 

  86. 	short			family;
    87. 

  87. 	unsigned char		flags;
    88. 

  88. 	struct graphene_net_addr	local, peer;
    89. 

  89. };
    90. 

  90. 

  91. struct graphene_unix {
    92. 

  92. 	atomic_t		count;
    93. 

  93. 	struct list_head	list;
    94. 

  94. 	struct path		root;
    95. 

  95. 	struct qstr		prefix;
    96. 

  96. };
    97. 

  97. 

  98. /*
    99. 

  99.  * add the following line to struct task_struct (include/linux/sched.h):
    100. 

  100.  * 	struct graphene_struct *graphene;
    101. 

  101.  */
    102. 

  102. struct graphene_info {
    103. 

  103. 	atomic_t		gi_count;
    104. 

  104. 	struct path		gi_libexec;
    105. 

  105. 	u64			gi_libaddr;
    106. 

  106. 	struct path		gi_console[3];
    107. 

  107. 	struct graphene_unix *	gi_unix;
    108. 

  108. 	struct list_head	gi_paths;
    109. 

  109. 	struct list_head	gi_rpaths;
    110. 

  110. 	struct list_head	gi_net;
    111. 

  111. 	u32			gi_gipc_session;
    112. 

  112. };
    113. 

  113. 

  114. struct graphene_struct {
    115. 

  115. 	atomic_t g_count;
    116. 

  116. 	struct graphene_info __rcu *g_info;
    117. 

  117. 	spinlock_t g_lock ____cacheline_aligned_in_smp;
    118. 

  118. };
    119. 

  119. 

  120. #define GRAPHENE_ENABLED()	(current->graphene != NULL)
    121. 

  121. 

  122. /* use this function in __put_task_struct (kernel/fork.c) */
    123. 

  123. int dup_graphene_struct(struct task_struct *task);
    124. 

  124. 

  125. /* use this function in dup_task_struct (kernel/fork.c) */
    126. 

  126. void put_graphene_struct(struct task_struct *task);
    127. 

  127. 

  128. /* add the following lines to common_perm (security/apparmor/lsm.c):
    129. 

  129.  * (when current->in_execve is true)
    130. 

  130.  * if (GRAPHNEE_ENABLED() && (error = graphene_execve_open(file))
    131. 

  131.  * 	return error;
    132. 

  132.  */
    133. 

  133. int graphene_execve_open(struct file *file);
    134. 

  134. 

  135. /*
    136. 

  136.  * add the following lines to common_perm (security/apparmor/lsm.c):
    137. 

  137.  * if (GRAPHENE_ENABLED() &&
    138. 

  138.  *     (error = graphene_common_perm(op, path, mask)))
    139. 

  139.  * 	return error;
    140. 

  140.  *
    141. 

  141.  * add the following lines to apparmor_dentry_open (security/apparmor/lsm.c):
    142. 

  142.  * if (GRAPHENE_ENABLED() &&
    143. 

  143.  *     (error = graphene_common_perm(OP_OPEN, &file->path, mask)))
    144. 

  144.  * 	return error;
    145. 

  145.  */
    146. 

  146. int graphene_common_perm(int op, struct path *path, u32 mask);
    147. 

  147. 

  148. /*
    149. 

  149.  * add the following lines to the initializer of apparmor_ops
    150. 

  150.  * (security/apparmor/lsm.c):
    151. 

  151.  * 	task_kill =			graphene_task_kill,
    152. 

  152.  */
    153. 

  153. int graphene_task_kill(struct task_struct *task, struct siginfo *info,
    154. 

  154. 		       int sig, u32 secid);
    155. 

  155. 

  156. /*
    157. 

  157.  * add the following lines to the initializer of apparmor_ops
    158. 

  158.  * (security/apparmor/lsm.c):
    159. 

  159.  * 	socket_bind =			graphene_socket_bind,
    160. 

  160.  * 	socket_listen =			graphene_socket_listen,
    161. 

  161.  * 	socket_connect =		graphene_socket_connect,
    162. 

  162.  * 	socket_sendmsg =		graphene_socket_sendmsg,
    163. 

  163.  * 	socket_recvmsg =		grapheen_socket_recvmsg,
    164. 

  164.  */
    165. 

  165. int graphene_socket_bind(struct socket *sock,
    166. 

  166. 			 struct sockaddr *address, int addrlen);
    167. 

  167. 

  168. int graphene_socket_listen(struct socket *sock, int backlog);
    169. 

  169. int graphene_socket_connect(struct socket *sock,
    170. 

  170. 			    struct sockaddr *address, int addrlen);
    171. 

  171. int graphene_socket_sendmsg(struct socket *sock,
    172. 

  172. 			    struct msghdr *msg, int size);
    173. 

  173. int graphene_socket_recvmsg(struct socket *sock,
    174. 

  174. 			    struct msghdr *msg, int size, int flags);
    175. 

  175. 

  176. u32 gipc_get_session(struct task_struct *tsk);
    177. 

  177. 

  178. #endif /* __KERNEL__ */
    179. 

  179. 

  180. #endif
    181.