summaryrefslogtreecommitdiffstats
path: root/security/landlock/ruleset.c
diff options
context:
space:
mode:
authorMickaël Salaün <mic@digikod.net>2022-05-06 18:10:51 +0200
committerMickaël Salaün <mic@digikod.net>2022-05-23 13:27:55 +0200
commit5f2ff33e10843ef51275c8611bdb7b49537aba5d (patch)
tree515413ac0099ceb292a7d9cc676ec9a76644d9b5 /security/landlock/ruleset.c
parentselftests/landlock: Test landlock_create_ruleset(2) argument check ordering (diff)
downloadlinux-5f2ff33e10843ef51275c8611bdb7b49537aba5d.tar.xz
linux-5f2ff33e10843ef51275c8611bdb7b49537aba5d.zip
landlock: Define access_mask_t to enforce a consistent access mask size
Create and use the access_mask_t typedef to enforce a consistent access mask size and uniformly use a 16-bits type. This will helps transition to a 32-bits value one day. Add a build check to make sure all (filesystem) access rights fit in. This will be extended with a following commit. Reviewed-by: Paul Moore <paul@paul-moore.com> Link: https://lore.kernel.org/r/20220506161102.525323-2-mic@digikod.net Cc: stable@vger.kernel.org Signed-off-by: Mickaël Salaün <mic@digikod.net>
Diffstat (limited to 'security/landlock/ruleset.c')
-rw-r--r--security/landlock/ruleset.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/security/landlock/ruleset.c b/security/landlock/ruleset.c
index 4d33359addbd..996484f98bfd 100644
--- a/security/landlock/ruleset.c
+++ b/security/landlock/ruleset.c
@@ -45,7 +45,8 @@ static struct landlock_ruleset *create_ruleset(const u32 num_layers)
return new_ruleset;
}
-struct landlock_ruleset *landlock_create_ruleset(const u32 fs_access_mask)
+struct landlock_ruleset *
+landlock_create_ruleset(const access_mask_t fs_access_mask)
{
struct landlock_ruleset *new_ruleset;
@@ -228,7 +229,8 @@ static void build_check_layer(void)
/* @ruleset must be locked by the caller. */
int landlock_insert_rule(struct landlock_ruleset *const ruleset,
- struct landlock_object *const object, const u32 access)
+ struct landlock_object *const object,
+ const access_mask_t access)
{
struct landlock_layer layers[] = { {
.access = access,