xref: /security/landlock/ruleset.c

145 static struct rb_root *get_root(struct landlock_ruleset *const ruleset,  in get_root()  argument
150 		return &ruleset->root_inode;  in get_root()
154 		return &ruleset->root_net_port;  in get_root()
176 	const struct landlock_ruleset ruleset = {  in build_check_ruleset()  local
181 	BUILD_BUG_ON(ruleset.num_rules < LANDLOCK_MAX_NUM_RULES);  in build_check_ruleset()
182 	BUILD_BUG_ON(ruleset.num_layers < LANDLOCK_MAX_NUM_LAYERS);  in build_check_ruleset()
203 static int insert_rule(struct landlock_ruleset *const ruleset,  in insert_rule()  argument
214 	lockdep_assert_held(&ruleset->lock);  in insert_rule()
221 	root = get_root(ruleset, id.type);  in insert_rule()
275 	if (ruleset->num_rules >= LANDLOCK_MAX_NUM_RULES)  in insert_rule()
282 	ruleset->num_rules++;  in insert_rule()
298 int landlock_insert_rule(struct landlock_ruleset *const ruleset,  in landlock_insert_rule()  argument
309 	return insert_rule(ruleset, id, &layers, ARRAY_SIZE(layers));  in landlock_insert_rule()
475 static void free_ruleset(struct landlock_ruleset *const ruleset)  in free_ruleset()  argument
480 	rbtree_postorder_for_each_entry_safe(freeme, next, &ruleset->root_inode,  in free_ruleset()
486 					     &ruleset->root_net_port, node)  in free_ruleset()
490 	landlock_put_hierarchy(ruleset->hierarchy);  in free_ruleset()
491 	kfree(ruleset);  in free_ruleset()
494 void landlock_put_ruleset(struct landlock_ruleset *const ruleset)  in landlock_put_ruleset()  argument
497 	if (ruleset && refcount_dec_and_test(&ruleset->usage))  in landlock_put_ruleset()
498 		free_ruleset(ruleset);  in landlock_put_ruleset()
503 	struct landlock_ruleset *ruleset;  in free_ruleset_work()  local
505 	ruleset = container_of(work, struct landlock_ruleset, work_free);  in free_ruleset_work()
506 	free_ruleset(ruleset);  in free_ruleset_work()
510 void landlock_put_ruleset_deferred(struct landlock_ruleset *const ruleset)  in landlock_put_ruleset_deferred()  argument
512 	if (ruleset && refcount_dec_and_test(&ruleset->usage)) {  in landlock_put_ruleset_deferred()
513 		INIT_WORK(&ruleset->work_free, free_ruleset_work);  in landlock_put_ruleset_deferred()
514 		schedule_work(&ruleset->work_free);  in landlock_put_ruleset_deferred()
532 		       struct landlock_ruleset *const ruleset)  in landlock_merge_ruleset()  argument
539 	if (WARN_ON_ONCE(!ruleset || parent == ruleset))  in landlock_merge_ruleset()
568 	err = merge_ruleset(new_dom, ruleset);  in landlock_merge_ruleset()
583 landlock_find_rule(const struct landlock_ruleset *const ruleset,  in landlock_find_rule()  argument
589 	root = get_root((struct landlock_ruleset *)ruleset, id.type);  in landlock_find_rule()
663 get_access_mask_t(const struct landlock_ruleset *const ruleset,

Last Index update Fri Aug 22 10:33:58 CST 2025