diff options
author | Mickaël Salaün <mic@digikod.net> | 2022-05-06 18:10:51 +0200 |
---|---|---|
committer | Mickaël Salaün <mic@digikod.net> | 2022-05-23 13:27:55 +0200 |
commit | 5f2ff33e10843ef51275c8611bdb7b49537aba5d (patch) | |
tree | 515413ac0099ceb292a7d9cc676ec9a76644d9b5 /security/landlock/ruleset.c | |
parent | selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (diff) | |
download | linux-5f2ff33e10843ef51275c8611bdb7b49537aba5d.tar.xz linux-5f2ff33e10843ef51275c8611bdb7b49537aba5d.zip |
landlock: Define access_mask_t to enforce a consistent access mask size
Create and use the access_mask_t typedef to enforce a consistent access
mask size and uniformly use a 16-bits type. This will helps transition
to a 32-bits value one day.
Add a build check to make sure all (filesystem) access rights fit in.
This will be extended with a following commit.
Reviewed-by: Paul Moore <paul@paul-moore.com>
Link: https://lore.kernel.org/r/20220506161102.525323-2-mic@digikod.net
Cc: stable@vger.kernel.org
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Diffstat (limited to 'security/landlock/ruleset.c')
-rw-r--r-- | security/landlock/ruleset.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/security/landlock/ruleset.c b/security/landlock/ruleset.c index 4d33359addbd..996484f98bfd 100644 --- a/security/landlock/ruleset.c +++ b/security/landlock/ruleset.c @@ -45,7 +45,8 @@ static struct landlock_ruleset *create_ruleset(const u32 num_layers) return new_ruleset; } -struct landlock_ruleset *landlock_create_ruleset(const u32 fs_access_mask) +struct landlock_ruleset * +landlock_create_ruleset(const access_mask_t fs_access_mask) { struct landlock_ruleset *new_ruleset; @@ -228,7 +229,8 @@ static void build_check_layer(void) /* @ruleset must be locked by the caller. */ int landlock_insert_rule(struct landlock_ruleset *const ruleset, - struct landlock_object *const object, const u32 access) + struct landlock_object *const object, + const access_mask_t access) { struct landlock_layer layers[] = { { .access = access, |