security/landlock/audit.h

Source file repositories/reference/linux-study-clean/security/landlock/audit.h

File Facts

System
Linux kernel
Corpus path
security/landlock/audit.h
Extension
.h
Size
1914 bytes
Lines
77
Domain
Core OS
Bucket
Security And Isolation
Inferred role
Core OS: implementation source
Status
source implementation candidate

Why This File Exists

Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.

Dependency Surface

Detected Declarations

Annotated Snippet

struct landlock_request {
	/* Mandatory fields. */
	enum landlock_request_type type;
	struct common_audit_data audit;

	/**
	 * layer_plus_one: First layer level that denies the request + 1.  The
	 * extra one is useful to detect uninitialized field.
	 */
	size_t layer_plus_one;

	/* Required field for configurable access control. */
	access_mask_t access;

	/* Required fields for requests with layer masks. */
	const struct layer_masks *layer_masks;

	/* Required fields for requests with deny masks. */
	const access_mask_t all_existing_optional_access;
	deny_masks_t deny_masks;
	optional_access_t quiet_optional_accesses;
};

#ifdef CONFIG_AUDIT

void landlock_log_drop_domain(const struct landlock_hierarchy *const hierarchy);

void landlock_log_denial(const struct landlock_cred_security *const subject,
			 const struct landlock_request *const request);

#else /* CONFIG_AUDIT */

static inline void
landlock_log_drop_domain(const struct landlock_hierarchy *const hierarchy)
{
}

static inline void
landlock_log_denial(const struct landlock_cred_security *const subject,
		    const struct landlock_request *const request)
{
}

#endif /* CONFIG_AUDIT */

#endif /* _SECURITY_LANDLOCK_AUDIT_H */

Annotation

Implementation Notes