chore!: move all include files into <medusa_root>/include/l[1-4]

For each kobject there are two layers:
1) In include/l1 is definition related to kernel l1 usage,
2) in include/l2 is definition of the kobject itself.

The reason for separation is (future) possibility of using
of modules in kernel building process.

BREAKING CHANGE: move all include files info `include/l[1-4]`

security/medusa/Makefile

@@ -3,6 +3,7 @@
 #
 #KBUILD_CFLAGS += -g -Wall
 KBUILD_CFLAGS += -Werror=deprecated-declarations
+LINUXINCLUDE    += -I$(srctree)/security/medusa/include
 
 subdir-$(CONFIG_SECURITY_MEDUSA)	+= l1
 subdir-$(CONFIG_SECURITY_MEDUSA)        += l2

security/medusa/include/l1/fuck.h

@@ -0,0 +1,15 @@
+/* medusa/l1/fuck.h, (C) 2002 Milan Pikula */
+#ifndef _MEDUSA_L1_FUCK_H
+#define _MEDUSA_L1_FUCK_H
+
+#include "l3/registry.h"
+#include "l1/inode.h"
+
+/* prototypes of L2 fuck related handlers called from L1 hooks */
+
+int validate_fuck_link(struct dentry *old_dentry);
+int validate_fuck(const struct path *fuck_path);
+int fuck_free(struct medusa_l1_inode_s* med);
+
+#endif
+

include/linux/medusa/l1/file_handlers.h → security/medusa/include/l1/inode.h

@@ -1,17 +1,24 @@
-/* 
- * medusa/l1/file_handlers.h
+/* medusa/l1/inode.h, (C) 2002 Milan Pikula
  *
- * prototypes of L2 file related handlers called from L1 hooks
+ * struct inode extension: this structure is appended to in-kernel data,
+ * and we define it separately just to make l1 code shorter.
  *
+ * for another data structure - kobject, describing inode for upper layers -
+ * see l2/kobject_file.[ch].
  */
 
-#ifndef _MEDUSA_L1_FILE_HANDLERS_H
-#define _MEDUSA_L1_FILE_HANDLERS_H
+#ifndef _MEDUSA_L1_INODE_H
+#define _MEDUSA_L1_INODE_H
 
-//#include <linux/config.h>
-#include <linux/fs.h>
-#include <linux/dcache.h>
-#include <linux/medusa/l3/constants.h>
+//#include <linux/types.h>
+//#include <linux/limits.h>
+#include <linux/capability.h>
+#include <linux/hashtable.h>
+#include <linux/lsm_hooks.h>
+#include "l3/med_model.h"
+#include "l3/constants.h"
+
+/* prototypes of L2 file related handlers called from L1 hooks */
 
 extern medusa_answer_t medusa_exec(struct dentry ** dentryp);
 extern medusa_answer_t medusa_create(struct dentry * dentry, int mode);
@@ -26,13 +33,13 @@ extern medusa_answer_t medusa_symlink(struct dentry *dentry,
 extern medusa_answer_t medusa_unlink(struct dentry *dentry);
 extern medusa_answer_t medusa_link(struct dentry *dentry, const char * newname);
 extern medusa_answer_t medusa_rename(struct dentry *dentry, const char * newname);
-
 extern medusa_answer_t medusa_readlink(struct dentry *dentry);
 
 /* the following routines are a support for many of access types,
  * and they're used both in L1 and L2 code. They're defined in
  * l2/evtype_getfile.c. Look there before using any of these routines.
  */
+
 extern int file_kobj_validate_dentry(struct dentry * dentry, struct vfsmount * mnt);
 extern void medusa_get_upper_and_parent(struct path * ndsource,
 		struct path * ndupperp, struct path * ndparentp);
@@ -43,5 +50,24 @@ extern medusa_answer_t medusa_notify_change(struct dentry *dentry, struct iattr
 extern medusa_answer_t medusa_read(struct file * file);
 extern medusa_answer_t medusa_write(struct file * file);
 
-#endif /* _MEDUSA_L1_FILE_HANDLERS_H */
+/* Struct inode extension: this structure is appended to in-kernel data,
+ * and we define it separately just to make l1 code shorter.
+ */
+
+extern struct lsm_blob_sizes medusa_blob_sizes;
+#define inode_security(inode) ((struct medusa_l1_inode_s*)(inode->i_security + medusa_blob_sizes.lbs_inode))
+
+struct medusa_l1_inode_s {
+	struct medusa_object_s med_object;
+	__u32 user;
+#ifdef CONFIG_MEDUSA_FILE_CAPABILITIES
+	kernel_cap_t icap, pcap, ecap;  /* support for POSIX file capabilities */
+#endif /* CONFIG_MEDUSA_FILE_CAPABILITIES */
+
+	/* for kobject_file.c - don't touch! */
+	struct inode * next_live;
+	int use_count;
+	DECLARE_HASHTABLE(fuck, 3); // enought for now; TODO add choice to menu config
+};
 
+#endif

include/linux/medusa/l1/ipc.h → security/medusa/include/l1/ipc.h

@@ -10,11 +10,10 @@
 #ifndef _MEDUSA_L1_IPC_H
 #define _MEDUSA_L1_IPC_H
 
-#include <linux/mutex.h>
-#include <linux/msg.h>
+#include <linux/ipc.h>
 #include <linux/lsm_hooks.h>
-#include <linux/medusa/l3/med_model.h>
-#include <linux/medusa/l3/constants.h>
+#include "l3/med_model.h"
+#include "l3/constants.h"
 
 /**
  * types of System V IPC objects

include/linux/medusa/l1/socket.h → security/medusa/include/l1/socket.h

@@ -3,17 +3,49 @@
  * sock struct extension: this structure is appended to in-kernel data,
  * and we define it separately just to make l1 code shorter.
  *
- * for another data structure - kobject, describing socket for upper layers - 
+ * for another data structure - kobject, describing socket for upper layers -
  * see security/medusa/l2/kobject_socket.[ch].
  */
 
 #ifndef _MEDUSA_L1_SOCKET_H
 #define _MEDUSA_L1_SOCKET_H
 
-#include <linux/medusa/l3/med_model.h>
-#include <linux/medusa/l3/constants.h>
-#include "../../../../security/medusa/l2/kobject_socket.h"
-#include <linux/types.h>
+#include <uapi/linux/un.h> /* UNIX_PATH_MAX */
+#include "l3/med_model.h"
+#include "l3/constants.h"
+
+#define sock_security(sk) ((struct medusa_l1_socket_s*)(sk->sk_security))
+
+struct med_inet6_addr_i {
+	__be16 port;
+	__be32 addrdata[16];
+};
+
+struct med_inet_addr_i {
+	__be16 port;
+	__be32 addrdata[4];
+};
+
+struct med_unix_addr_i {
+	char addrdata[UNIX_PATH_MAX];
+};
+
+union MED_ADDRESS {
+	struct med_inet6_addr_i inet6_i;
+	struct med_inet_addr_i inet_i;
+	struct med_unix_addr_i unix_i;
+};
+
+/**
+ * struct medusa_l1_socket_s - additional security struct for socket objects
+ *
+ * @struct medusa_object_s - members used in Medusa VS access evaluation process
+ */
+struct medusa_l1_socket_s {
+	struct medusa_object_s med_object;
+	int addrlen;
+	union MED_ADDRESS address;
+};
 
 extern medusa_answer_t medusa_socket_create(int family, int type, int protocol);
 extern medusa_answer_t medusa_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen);

include/linux/medusa/l1/task.h → security/medusa/include/l1/task.h

@@ -10,14 +10,34 @@
 #ifndef _MEDUSA_L1_TASK_H
 #define _MEDUSA_L1_TASK_H
 
-#include <linux/capability.h>
-#include <linux/cred.h>
-#include <linux/sched/task.h>
-#include <linux/kernel.h>
-#include <asm/syscall.h>
-#include <linux/sys.h>
 #include <linux/lsm_hooks.h>
-#include <linux/medusa/l3/med_model.h>
+#include "l3/med_model.h"
+#include "l3/constants.h"
+
+/* prototypes of L2 process related handlers called from L1 hooks */
+
+extern medusa_answer_t medusa_setresuid(uid_t ruid, uid_t euid, uid_t suid);
+extern medusa_answer_t medusa_capable(int cap);
+extern medusa_answer_t medusa_fork(unsigned long clone_flags);
+extern medusa_answer_t medusa_init_process(struct task_struct *new);
+extern medusa_answer_t medusa_sendsig(int sig, struct kernel_siginfo *info,
+		struct task_struct *p);
+extern medusa_answer_t medusa_afterexec(char *filename, char **argv,
+		char **envp);
+extern int medusa_monitored_pexec(void);
+extern void medusa_monitor_pexec(int flag);
+extern int medusa_monitored_afterexec(void);
+extern void medusa_monitor_afterexec(int flag);
+extern medusa_answer_t medusa_sexec(struct linux_binprm * bprm);
+extern medusa_answer_t medusa_ptrace(struct task_struct * tracer,
+		struct task_struct * tracee);
+extern void medusa_kernel_thread(int (*fn) (void *));
+
+extern int process_kobj_validate_task(struct task_struct * ts);
+
+/* Struct task extension: this structure is appended to in-kernel data,
+ * and we define it separately just to make l1 code shorter.
+ */
 
 extern struct lsm_blob_sizes medusa_blob_sizes;
 #define task_security(task) ((struct medusa_l1_task_s *)(task->security + medusa_blob_sizes.lbs_task))

include/linux/medusa/l2/kobject_file.h → security/medusa/include/l2/kobject_file.h

@@ -14,11 +14,11 @@
 #ifndef _INODE_KOBJECT_H
 #define _INODE_KOBJECT_H
 
-#include <linux/fs.h>
-#include <linux/medusa/l3/kobject.h>
+#include <linux/capability.h>
+#include "l3/kobject.h"
+#include "l1/inode.h"
 
 struct file_kobject { /* was: m_inode_inf */
-	MEDUSA_KOBJECT_HEADER;
 /*
  * As a preparation for the total deletion of device numbers,
  * we introduce a type unsigned long to hold them. No information about
@@ -31,15 +31,15 @@ struct file_kobject { /* was: m_inode_inf */
 
 	umode_t mode;
 	nlink_t nlink;
-	uid_t uid;
-	gid_t gid;
+	kuid_t uid;
+	kgid_t gid;
 	unsigned long rdev;
 
 	struct medusa_object_s med_object;
 
 	__u32 user;
 #ifdef CONFIG_MEDUSA_FILE_CAPABILITIES
-	kernel_cap_t icap;
+	kernel_cap_t icap;	/* support for Linux capabilities */
 	kernel_cap_t pcap;
 	kernel_cap_t ecap;
 #endif /* CONFIG_MEDUSA_FILE_CAPABILITIES */

security/medusa/l2/kobject_fuck.h → security/medusa/include/l2/kobject_fuck.h

@@ -1,19 +1,8 @@
 /* kobject_fuck.c, (C) 2002 Milan Pikula */
 
-#include <linux/module.h>
-#include <linux/init.h>
-#include <linux/namei.h>
-#include <linux/fs.h>
-#include <linux/path.h>
-#include <linux/kernel.h>
-#include <linux/errno.h>
-#include <linux/medusa/l3/registry.h>
-#include <linux/medusa/l1/inode.h>
-#include "kobject_file.h"
-
-int validate_fuck_link(struct dentry *old_dentry);
-int validate_fuck(const struct path *fuck_path);
-int fuck_free(struct medusa_l1_inode_s* med);
+#include "l3/kobject.h"
+#include "l1/inode.h"
+#include "l1/fuck.h"
 
 struct fuck_kobject {
 	char path[PATH_MAX];    /* primary key in 'fetch' operation */