From 668678185247303450e60df14569f94cf5775fea Mon Sep 17 00:00:00 2001
From: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Date: Tue, 11 Mar 2014 17:07:06 +0100
Subject: Smack: adds smackfs/ptrace interface

This allows to limit ptrace beyond the regular smack access rules.
It adds a smackfs/ptrace interface that allows smack to be configured
to require equal smack labels for PTRACE_MODE_ATTACH access.
See the changes in Documentation/security/Smack.txt below for details.

Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
---
 security/smack/smack.h | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'security/smack/smack.h')

diff --git a/security/smack/smack.h b/security/smack/smack.h
index b9dfc4e1d3e0..fade085b1128 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -176,6 +176,14 @@ struct smk_port_label {
  */
 #define SMACK_CIPSO_MAXCATNUM           184     /* 23 * 8 */
 
+/*
+ * Ptrace rules
+ */
+#define SMACK_PTRACE_DEFAULT	0
+#define SMACK_PTRACE_EXACT	1
+#define SMACK_PTRACE_DRACONIAN	2
+#define SMACK_PTRACE_MAX	SMACK_PTRACE_DRACONIAN
+
 /*
  * Flags for untraditional access modes.
  * It shouldn't be necessary to avoid conflicts with definitions
@@ -245,6 +253,7 @@ extern struct smack_known *smack_net_ambient;
 extern struct smack_known *smack_onlycap;
 extern struct smack_known *smack_syslog_label;
 extern const char *smack_cipso_option;
+extern int smack_ptrace_rule;
 
 extern struct smack_known smack_known_floor;
 extern struct smack_known smack_known_hat;
-- 
cgit v1.2.3