summaryrefslogtreecommitdiff
path: root/security/tomoyo/common.h
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2011-06-26 23:19:28 +0900
committerJames Morris <jmorris@namei.org>2011-06-29 09:31:20 +1000
commit32997144fd9925fc4d506a16990a0c405f766526 (patch)
tree52332d25e9317250a1af1b06008d7eae18717c70 /security/tomoyo/common.h
parenteadd99cc85347b4f9eb10122ac90032eb4971b02 (diff)
TOMOYO: Add ACL group support.
ACL group allows administrator to globally grant not only "file read" permission but also other permissions. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/common.h')
-rw-r--r--security/tomoyo/common.h7
1 files changed, 7 insertions, 0 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index f40ec1fcbc5..4bc3975516c 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -38,6 +38,9 @@ struct linux_binprm;
/* Profile number is an integer between 0 and 255. */
#define TOMOYO_MAX_PROFILES 256
+/* Group number is an integer between 0 and 255. */
+#define TOMOYO_MAX_ACL_GROUPS 256
+
/* Index numbers for operation mode. */
enum tomoyo_mode_index {
TOMOYO_CONFIG_DISABLED,
@@ -357,6 +360,7 @@ struct tomoyo_domain_info {
/* Name of this domain. Never NULL. */
const struct tomoyo_path_info *domainname;
u8 profile; /* Profile number to use. */
+ u8 group; /* Group number to use. */
bool is_deleted; /* Delete flag. */
bool quota_warned; /* Quota warnning flag. */
bool transition_failed; /* Domain transition failed flag. */
@@ -446,6 +450,7 @@ struct tomoyo_io_buffer {
int step;
int query_index;
u16 index;
+ u8 acl_group_index;
u8 bit;
u8 w_pos;
bool eof;
@@ -666,6 +671,8 @@ extern struct mutex tomoyo_policy_lock;
/* Has /sbin/init started? */
extern bool tomoyo_policy_loaded;
+extern struct list_head tomoyo_acl_group[TOMOYO_MAX_ACL_GROUPS];
+
/* The kernel's domain. */
extern struct tomoyo_domain_info tomoyo_kernel_domain;