diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2011-06-26 16:19:28 +0200 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2011-06-29 01:31:20 +0200 |
commit | 32997144fd9925fc4d506a16990a0c405f766526 (patch) | |
tree | 52332d25e9317250a1af1b06008d7eae18717c70 /security/tomoyo/common.h | |
parent | TOMOYO: Add auditing interface. (diff) | |
download | linux-32997144fd9925fc4d506a16990a0c405f766526.tar.xz linux-32997144fd9925fc4d506a16990a0c405f766526.zip |
TOMOYO: Add ACL group support.
ACL group allows administrator to globally grant not only "file read"
permission but also other permissions.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/common.h')
-rw-r--r-- | security/tomoyo/common.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index f40ec1fcbc5d..4bc3975516cb 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -38,6 +38,9 @@ struct linux_binprm; /* Profile number is an integer between 0 and 255. */ #define TOMOYO_MAX_PROFILES 256 +/* Group number is an integer between 0 and 255. */ +#define TOMOYO_MAX_ACL_GROUPS 256 + /* Index numbers for operation mode. */ enum tomoyo_mode_index { TOMOYO_CONFIG_DISABLED, @@ -357,6 +360,7 @@ struct tomoyo_domain_info { /* Name of this domain. Never NULL. */ const struct tomoyo_path_info *domainname; u8 profile; /* Profile number to use. */ + u8 group; /* Group number to use. */ bool is_deleted; /* Delete flag. */ bool quota_warned; /* Quota warnning flag. */ bool transition_failed; /* Domain transition failed flag. */ @@ -446,6 +450,7 @@ struct tomoyo_io_buffer { int step; int query_index; u16 index; + u8 acl_group_index; u8 bit; u8 w_pos; bool eof; @@ -666,6 +671,8 @@ extern struct mutex tomoyo_policy_lock; /* Has /sbin/init started? */ extern bool tomoyo_policy_loaded; +extern struct list_head tomoyo_acl_group[TOMOYO_MAX_ACL_GROUPS]; + /* The kernel's domain. */ extern struct tomoyo_domain_info tomoyo_kernel_domain; |