[GitHub/mt8127/android_kernel_alcatel_ttab.git] / include / linux / cred.h

/* Credentials management
 *
 * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public Licence
 * as published by the Free Software Foundation; either version
 * 2 of the Licence, or (at your option) any later version.
 */

#ifndef _LINUX_CRED_H
#define _LINUX_CRED_H

#include <linux/capability.h>
#include <linux/key.h>
#include <asm/atomic.h>

struct user_struct;
struct cred;

/*
 * COW Supplementary groups list
 */
#define NGROUPS_SMALL		32
#define NGROUPS_PER_BLOCK	((unsigned int)(PAGE_SIZE / sizeof(gid_t)))

struct group_info {
	atomic_t	usage;
	int		ngroups;
	int		nblocks;
	gid_t		small_block[NGROUPS_SMALL];
	gid_t		*blocks[0];
};

/**
 * get_group_info - Get a reference to a group info structure
 * @group_info: The group info to reference
 *
 * This must be called with the owning task locked (via task_lock()) when task
 * != current.  The reason being that the vast majority of callers are looking
 * at current->group_info, which can not be changed except by the current task.
 * Changing current->group_info requires the task lock, too.
 */
#define get_group_info(group_info)		\
do {						\
	atomic_inc(&(group_info)->usage);	\
} while (0)

/**
 * put_group_info - Release a reference to a group info structure
 * @group_info: The group info to release
 */
#define put_group_info(group_info)			\
do {							\
	if (atomic_dec_and_test(&(group_info)->usage))	\
		groups_free(group_info);		\
} while (0)

extern struct group_info *groups_alloc(int);
extern void groups_free(struct group_info *);
extern int set_current_groups(struct group_info *);
extern int set_groups(struct cred *, struct group_info *);
extern int groups_search(struct group_info *, gid_t);

/* access the groups "array" with this macro */
#define GROUP_AT(gi, i) \
	((gi)->blocks[(i) / NGROUPS_PER_BLOCK][(i) % NGROUPS_PER_BLOCK])

extern int in_group_p(gid_t);
extern int in_egroup_p(gid_t);

/*
 * The security context of a task
 *
 * The parts of the context break down into two categories:
 *
 *  (1) The objective context of a task.  These parts are used when some other
 *	task is attempting to affect this one.
 *
 *  (2) The subjective context.  These details are used when the task is acting
 *	upon another object, be that a file, a task, a key or whatever.
 *
 * Note that some members of this structure belong to both categories - the
 * LSM security pointer for instance.
 *
 * A task has two security pointers.  task->real_cred points to the objective
 * context that defines that task's actual details.  The objective part of this
 * context is used whenever that task is acted upon.
 *
 * task->cred points to the subjective context that defines the details of how
 * that task is going to act upon another object.  This may be overridden
 * temporarily to point to another security context, but normally points to the
 * same context as task->real_cred.
 */
struct cred {
	atomic_t	usage;
	uid_t		uid;		/* real UID of the task */
	gid_t		gid;		/* real GID of the task */
	uid_t		suid;		/* saved UID of the task */
	gid_t		sgid;		/* saved GID of the task */
	uid_t		euid;		/* effective UID of the task */
	gid_t		egid;		/* effective GID of the task */
	uid_t		fsuid;		/* UID for VFS ops */
	gid_t		fsgid;		/* GID for VFS ops */
	unsigned	securebits;	/* SUID-less security management */
	kernel_cap_t	cap_inheritable; /* caps our children can inherit */
	kernel_cap_t	cap_permitted;	/* caps we're permitted */
	kernel_cap_t	cap_effective;	/* caps we can actually use */
	kernel_cap_t	cap_bset;	/* capability bounding set */
#ifdef CONFIG_KEYS
	unsigned char	jit_keyring;	/* default keyring to attach requested
					 * keys to */
	struct key	*thread_keyring; /* keyring private to this thread */
	struct key	*request_key_auth; /* assumed request_key authority */
#endif
#ifdef CONFIG_SECURITY
	void		*security;	/* subjective LSM security */
#endif
	struct user_struct *user;	/* real user ID subscription */
	struct group_info *group_info;	/* supplementary groups for euid/fsgid */
	struct rcu_head	rcu;		/* RCU deletion hook */
	spinlock_t	lock;		/* lock for pointer changes */
};

#define get_current_user()	(get_uid(current->cred->user))

#define task_uid(task)		((task)->cred->uid)
#define task_gid(task)		((task)->cred->gid)
#define task_euid(task)		((task)->cred->euid)
#define task_egid(task)		((task)->cred->egid)

#define current_uid()		(current->cred->uid)
#define current_gid()		(current->cred->gid)
#define current_euid()		(current->cred->euid)
#define current_egid()		(current->cred->egid)
#define current_suid()		(current->cred->suid)
#define current_sgid()		(current->cred->sgid)
#define current_fsuid()		(current->cred->fsuid)
#define current_fsgid()		(current->cred->fsgid)
#define current_cap()		(current->cred->cap_effective)

#define current_uid_gid(_uid, _gid)		\
do {						\
	*(_uid) = current->cred->uid;		\
	*(_gid) = current->cred->gid;		\
} while(0)

#define current_euid_egid(_uid, _gid)		\
do {						\
	*(_uid) = current->cred->euid;		\
	*(_gid) = current->cred->egid;		\
} while(0)

#define current_fsuid_fsgid(_uid, _gid)		\
do {						\
	*(_uid) = current->cred->fsuid;		\
	*(_gid) = current->cred->fsgid;		\
} while(0)

extern void __put_cred(struct cred *);
extern int copy_creds(struct task_struct *, unsigned long);

/**
 * get_cred - Get a reference on a set of credentials
 * @cred: The credentials to reference
 *
 * Get a reference on the specified set of credentials.  The caller must
 * release the reference.
 */
static inline struct cred *get_cred(struct cred *cred)
{
	atomic_inc(&cred->usage);
	return cred;
}

/**
 * put_cred - Release a reference to a set of credentials
 * @cred: The credentials to release
 *
 * Release a reference to a set of credentials, deleting them when the last ref
 * is released.
 */
static inline void put_cred(struct cred *cred)
{
	if (atomic_dec_and_test(&(cred)->usage))
		__put_cred(cred);
}

#endif /* _LINUX_CRED_H */
Commit	Line	Data
9e2b2dc4 DH	1	/* Credentials management
	2	*
	3	* Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
	4	* Written by David Howells (dhowells@redhat.com)
	5	*
	6	* This program is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU General Public Licence
	8	* as published by the Free Software Foundation; either version
	9	* 2 of the Licence, or (at your option) any later version.
	10	*/
	11
	12	#ifndef _LINUX_CRED_H
	13	#define _LINUX_CRED_H
	14
b6dff3ec DH	15	#include <linux/capability.h>
	16	#include <linux/key.h>
	17	#include <asm/atomic.h>
	18
	19	struct user_struct;
	20	struct cred;
	21
	22	/*
	23	* COW Supplementary groups list
	24	*/
	25	#define NGROUPS_SMALL 32
	26	#define NGROUPS_PER_BLOCK ((unsigned int)(PAGE_SIZE / sizeof(gid_t)))
	27
	28	struct group_info {
	29	atomic_t usage;
	30	int ngroups;
	31	int nblocks;
	32	gid_t small_block[NGROUPS_SMALL];
	33	gid_t *blocks[0];
	34	};
	35
	36	/**
	37	* get_group_info - Get a reference to a group info structure
	38	* @group_info: The group info to reference
	39	*
	40	* This must be called with the owning task locked (via task_lock()) when task
	41	* != current. The reason being that the vast majority of callers are looking
	42	* at current->group_info, which can not be changed except by the current task.
	43	* Changing current->group_info requires the task lock, too.
	44	*/
	45	#define get_group_info(group_info) \
	46	do { \
	47	atomic_inc(&(group_info)->usage); \
	48	} while (0)
	49
	50	/**
	51	* put_group_info - Release a reference to a group info structure
	52	* @group_info: The group info to release
	53	*/
	54	#define put_group_info(group_info) \
	55	do { \
	56	if (atomic_dec_and_test(&(group_info)->usage)) \
	57	groups_free(group_info); \
	58	} while (0)
	59
	60	extern struct group_info *groups_alloc(int);
	61	extern void groups_free(struct group_info *);
	62	extern int set_current_groups(struct group_info *);
	63	extern int set_groups(struct cred , struct group_info );
	64	extern int groups_search(struct group_info *, gid_t);
	65
	66	/* access the groups "array" with this macro */
	67	#define GROUP_AT(gi, i) \
	68	((gi)->blocks[(i) / NGROUPS_PER_BLOCK][(i) % NGROUPS_PER_BLOCK])
	69
	70	extern int in_group_p(gid_t);
	71	extern int in_egroup_p(gid_t);
	72
	73	/*
	74	* The security context of a task
	75	*
	76	* The parts of the context break down into two categories:
	77	*
	78	* (1) The objective context of a task. These parts are used when some other
79	* task is attempting to affect this one.
80	*
81	* (2) The subjective context. These details are used when the task is acting
82	* upon another object, be that a file, a task, a key or whatever.
83	*
84	* Note that some members of this structure belong to both categories - the
85	* LSM security pointer for instance.
86	*
87	* A task has two security pointers. task->real_cred points to the objective
88	* context that defines that task's actual details. The objective part of this
89	* context is used whenever that task is acted upon.
90	*
91	* task->cred points to the subjective context that defines the details of how
92	* that task is going to act upon another object. This may be overridden
93	* temporarily to point to another security context, but normally points to the
94	* same context as task->real_cred.
95	*/
96	struct cred {
97	atomic_t usage;
98	uid_t uid; /* real UID of the task */
99	gid_t gid; /* real GID of the task */
100	uid_t suid; /* saved UID of the task */
101	gid_t sgid; /* saved GID of the task */
102	uid_t euid; /* effective UID of the task */
103	gid_t egid; /* effective GID of the task */
104	uid_t fsuid; /* UID for VFS ops */
105	gid_t fsgid; /* GID for VFS ops */
106	unsigned securebits; /* SUID-less security management */
107	kernel_cap_t cap_inheritable; /* caps our children can inherit */
108	kernel_cap_t cap_permitted; /* caps we're permitted */
109	kernel_cap_t cap_effective; /* caps we can actually use */
110	kernel_cap_t cap_bset; /* capability bounding set */
111	#ifdef CONFIG_KEYS
112	unsigned char jit_keyring; /* default keyring to attach requested
113	* keys to */
114	struct key thread_keyring; / keyring private to this thread */
115	struct key request_key_auth; / assumed request_key authority */
116	#endif
117	#ifdef CONFIG_SECURITY
118	void security; / subjective LSM security */
119	#endif
120	struct user_struct user; / real user ID subscription */
121	struct group_info group_info; / supplementary groups for euid/fsgid */
122	struct rcu_head rcu; /* RCU deletion hook */
123	spinlock_t lock; /* lock for pointer changes */
124	};
125
126	#define get_current_user() (get_uid(current->cred->user))
127
128	#define task_uid(task) ((task)->cred->uid)
129	#define task_gid(task) ((task)->cred->gid)
130	#define task_euid(task) ((task)->cred->euid)
131	#define task_egid(task) ((task)->cred->egid)
132
133	#define current_uid() (current->cred->uid)
134	#define current_gid() (current->cred->gid)
135	#define current_euid() (current->cred->euid)
136	#define current_egid() (current->cred->egid)
137	#define current_suid() (current->cred->suid)
138	#define current_sgid() (current->cred->sgid)
139	#define current_fsuid() (current->cred->fsuid)
140	#define current_fsgid() (current->cred->fsgid)
141	#define current_cap() (current->cred->cap_effective)
9e2b2dc4 DH	142
	143	#define current_uid_gid(_uid, _gid) \
	144	do { \
b6dff3ec DH	145	*(_uid) = current->cred->uid; \
b6dff3ec DH	146	*(_gid) = current->cred->gid; \
9e2b2dc4 DH	147	} while(0)
	148
	149	#define current_euid_egid(_uid, _gid) \
	150	do { \
b6dff3ec DH	151	*(_uid) = current->cred->euid; \
b6dff3ec DH	152	*(_gid) = current->cred->egid; \
9e2b2dc4 DH	153	} while(0)
	154
	155	#define current_fsuid_fsgid(_uid, _gid) \
	156	do { \
b6dff3ec DH	157	*(_uid) = current->cred->fsuid; \
b6dff3ec DH	158	*(_gid) = current->cred->fsgid; \
9e2b2dc4 DH	159	} while(0)
9e2b2dc4 DH	160
f1752eec DH	161	extern void __put_cred(struct cred *);
	162	extern int copy_creds(struct task_struct *, unsigned long);
	163
	164	/**
	165	* get_cred - Get a reference on a set of credentials
	166	* @cred: The credentials to reference
	167	*
	168	* Get a reference on the specified set of credentials. The caller must
	169	* release the reference.
	170	*/
	171	static inline struct cred get_cred(struct cred cred)
	172	{
	173	atomic_inc(&cred->usage);
	174	return cred;
	175	}
	176
	177	/**
	178	* put_cred - Release a reference to a set of credentials
	179	* @cred: The credentials to release
	180	*
	181	* Release a reference to a set of credentials, deleting them when the last ref
	182	* is released.
	183	*/
	184	static inline void put_cred(struct cred *cred)
	185	{
	186	if (atomic_dec_and_test(&(cred)->usage))
	187	__put_cred(cred);
	188	}
	189
9e2b2dc4	190	#endif /* _LINUX_CRED_H */