[RFC PATCH 06/10] landlock/domain: Define landlock_domain
Tingmao Wang
m at maowtm.org
Wed May 21 19:32:02 UTC 2025
This will eventually take the role of landlock_ruleset (and maybe
landlock_hirearchy?), but for now it is just the inode rules hashtable.
Signed-off-by: Tingmao Wang <m at maowtm.org>
---
security/landlock/domain.c | 36 ++++++++++++++++++++++++++++++++++++
security/landlock/domain.h | 27 +++++++++++++++++++++++++++
2 files changed, 63 insertions(+)
diff --git a/security/landlock/domain.c b/security/landlock/domain.c
index a647b68e8d06..180ed75da9e2 100644
--- a/security/landlock/domain.c
+++ b/security/landlock/domain.c
@@ -5,6 +5,7 @@
* Copyright © 2016-2020 Mickaël Salaün <mic at digikod.net>
* Copyright © 2018-2020 ANSSI
* Copyright © 2024-2025 Microsoft Corporation
+ * Copyright © 2025 Tingmao Wang <m at maowtm.org>
*/
#include <kunit/test.h>
@@ -24,6 +25,41 @@
#include "domain.h"
#include "id.h"
+struct landlock_domain *landlock_alloc_domain(size_t num_inode_entries,
+ u16 num_layers)
+{
+ struct landlock_domain *new_domain =
+ kzalloc(sizeof(struct landlock_domain), GFP_KERNEL_ACCOUNT);
+
+ if (!new_domain)
+ return NULL;
+ refcount_set(&new_domain->usage, 1);
+ new_domain->num_layers = num_layers;
+ if (landlock_hash_init(num_inode_entries, &new_domain->inode_table)) {
+ kfree(new_domain);
+ return NULL;
+ }
+
+ return new_domain;
+}
+
+static void free_domain(struct landlock_domain *const domain)
+{
+ might_sleep();
+
+ landlock_hash_free(&domain->inode_table, LANDLOCK_KEY_INODE);
+ kfree(domain);
+}
+
+void landlock_put_domain(struct landlock_domain *const domain)
+{
+ might_sleep();
+
+ if (domain && refcount_dec_and_test(&domain->usage)) {
+ free_domain(domain);
+ }
+}
+
#ifdef CONFIG_AUDIT
/**
diff --git a/security/landlock/domain.h b/security/landlock/domain.h
index 7fb70b25f85a..ed685f8ad52e 100644
--- a/security/landlock/domain.h
+++ b/security/landlock/domain.h
@@ -5,6 +5,7 @@
* Copyright © 2016-2020 Mickaël Salaün <mic at digikod.net>
* Copyright © 2018-2020 ANSSI
* Copyright © 2024-2025 Microsoft Corporation
+ * Copyright © 2025 Tingmao Wang <m at maowtm.org>
*/
#ifndef _SECURITY_LANDLOCK_DOMAIN_H
@@ -20,6 +21,32 @@
#include "access.h"
#include "audit.h"
+#include "hash.h"
+
+struct landlock_domain {
+ struct landlock_hashtable inode_table;
+
+ /**
+ * @usage: Reference count for this struct.
+ */
+ refcount_t usage;
+
+ /**
+ * @num_layers: Number of layers in this domain.
+ */
+ u16 num_layers;
+};
+
+struct landlock_domain *landlock_alloc_domain(size_t num_inode_entries,
+ u16 num_layers);
+
+static inline void landlock_get_domain(struct landlock_domain *const domain)
+{
+ if (domain)
+ refcount_inc(&domain->usage);
+}
+
+void landlock_put_domain(struct landlock_domain *const domain);
enum landlock_log_status {
LANDLOCK_LOG_PENDING = 0,
--
2.49.0
More information about the Linux-security-module-archive
mailing list