| commit 6c9b2880419a82fdeee0c8f66f9c861524891a82 |
| Author: Eric Caruso <ejcaruso@chromium.org> |
| Date: Wed Dec 7 16:18:15 2016 -0800 |
| Subject: [PATCH] CHROMIUM: kernel device_jail |
| |
| Interface to device_jail subsystem found in security/chromiumos. |
| |
| BUG=chromium:644338 |
| |
| Signed-off-by: Eric Caruso <ejcaruso@chromium.org> |
| --- |
| |
| --- a/include/uapi/linux/Kbuild |
| +++ b/include/uapi/linux/Kbuild |
| @@ -95,6 +95,7 @@ header-y += cyclades.h |
| header-y += cycx_cfm.h |
| header-y += dcbnl.h |
| header-y += dccp.h |
| +header-y += device_jail.h |
| header-y += dlmconstants.h |
| header-y += dlm_device.h |
| header-y += dlm.h |
| --- /dev/null |
| +++ b/include/uapi/linux/device_jail.h |
| @@ -0,0 +1,36 @@ |
| +/* |
| + * Device jail user interface. |
| + * |
| + * Copyright (C) 2016 Google, Inc. |
| + * |
| + * This program is free software; you can redistribute it and/or modify |
| + * it under the terms of the GNU General Public License version 2 as |
| + * published by the Free Software Foundation. |
| + */ |
| + |
| +#ifndef _UAPI_LINUX_DEVICE_JAIL_H |
| +#define _UAPI_LINUX_DEVICE_JAIL_H |
| + |
| +#include <linux/types.h> |
| +#include <linux/magic.h> |
| + |
| +/* Control device ioctls */ |
| + |
| +struct jail_control_add_dev { |
| + const char __user *path; /* input */ |
| + __u32 devnum; /* output */ |
| +}; |
| + |
| +#define JAIL_CONTROL_ADD_DEVICE _IOWR('C', 0, struct jail_control_add_dev) |
| +#define JAIL_CONTROL_REMOVE_DEVICE _IOW('C', 1, __u32) |
| + |
| +/* Request device responses */ |
| + |
| +enum jail_request_result { |
| + JAIL_REQUEST_ALLOW, |
| + JAIL_REQUEST_ALLOW_WITH_LOCKDOWN, |
| + JAIL_REQUEST_ALLOW_WITH_DETACH, |
| + JAIL_REQUEST_DENY, |
| +}; |
| + |
| +#endif /* _UAPI_LINUX_DEVICE_JAIL_H */ |