On 23/03/2023 09:52, Konstantin Meskhidze wrote:
Add new key_type argument to the landlock_init_layer_masks() helper. Add a masks_array_size argument to the landlock_unmask_layers() helper. These modifications support implementing new rule types in the next Landlock versions. Signed-off-by: Mickaël Salaün <mic@xxxxxxxxxxx> Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx> --- Changes since v9: * Refactors commit message. Changes since v8: * None. Changes since v7: * Refactors commit message, adds a co-developer. * Minor fixes. Changes since v6: * Removes masks_size attribute from init_layer_masks(). * Refactors init_layer_masks() with new landlock_key_type. Changes since v5: * Splits commit. * Formats code with clang-format-14. Changes since v4: * Refactors init_layer_masks(), get_handled_accesses() and unmask_layers() functions to support multiple rule types. * Refactors landlock_get_fs_access_mask() function with LANDLOCK_MASK_ACCESS_FS mask. Changes since v3: * Splits commit. * Refactors landlock_unmask_layers functions. --- security/landlock/fs.c | 43 +++++++++++++++++-------------- security/landlock/ruleset.c | 50 +++++++++++++++++++++++++------------ security/landlock/ruleset.h | 17 +++++++------ 3 files changed, 67 insertions(+), 43 deletions(-)
[...]
@@ -629,7 +629,11 @@ bool landlock_unmask_layers( return false; } -/** +typedef access_mask_t +get_access_mask_t(const struct landlock_ruleset *const ruleset, + const u16 layer_level); + +/*
Please keep the "/**"
* landlock_init_layer_masks - Initialize layer masks from an access request * * Populates @layer_masks such that for each access right in @access_request,
