From 6c87d8c124ce6175af0f99a0798734a792c57a21 Mon Sep 17 00:00:00 2001 From: Matus Jokay Date: Thu, 21 Oct 2021 20:26:05 +0200 Subject: [PATCH] chore!: move all include files into `/include/l[1-4]` For each kobject there are two layers: 1) In include/l1 is definition related to kernel l1 usage, 2) in include/l2 is definition of the kobject itself. The reason for separation is (future) possibility of using of modules in kernel building process. BREAKING CHANGE: move all include files info `include/l[1-4]` --- include/linux/medusa/l1/inode.h | 36 ---------- include/linux/medusa/l1/process_handlers.h | 36 ---------- include/linux/medusa/l2/kobject_process.h | 42 ----------- security/medusa/Makefile | 1 + security/medusa/include/l1/fuck.h | 15 ++++ .../medusa/include/l1/inode.h | 48 ++++++++++--- .../medusa/include}/l1/ipc.h | 7 +- .../medusa/include}/l1/socket.h | 42 +++++++++-- .../medusa/include}/l1/task.h | 34 +++++++-- .../medusa/include}/l2/kobject_file.h | 12 ++-- .../medusa/{ => include}/l2/kobject_fuck.h | 17 +---- .../medusa/{ => include}/l2/kobject_ipc.h | 18 ++--- .../medusa/{ => include}/l2/kobject_process.h | 9 ++- security/medusa/include/l2/kobject_socket.h | 30 ++++++++ .../medusa/include}/l3/arch.h | 4 +- .../medusa/include}/l3/arch_types.h | 0 .../medusa/include}/l3/config.h | 0 .../medusa/include}/l3/constants.h | 2 +- .../medusa/include}/l3/kobject.h | 6 +- .../medusa/include}/l3/med_model.h | 4 +- .../medusa/include}/l3/registry.h | 6 +- .../medusa/include}/l3/server.h | 4 +- .../medusa/include}/l3/vs_model.h | 2 +- .../medusa/include}/l4/comm.h | 2 +- .../{l4-constable => include/l4}/med_cache.h | 0 .../{l4-constable => include/l4}/teleport.h | 2 +- security/medusa/l1/medusa.c | 23 +++--- security/medusa/l2/acctype_afterexec.c | 8 +-- security/medusa/l2/acctype_capable.c | 8 +-- security/medusa/l2/acctype_create.c | 14 +--- security/medusa/l2/acctype_exec.c | 11 +-- security/medusa/l2/acctype_fork.c | 7 +- security/medusa/l2/acctype_init_process.c | 8 +-- security/medusa/l2/acctype_ipc_associate.c | 10 +-- security/medusa/l2/acctype_ipc_ctl.c | 10 +-- security/medusa/l2/acctype_ipc_msgrcv.c | 11 ++- security/medusa/l2/acctype_ipc_msgsnd.c | 11 ++- security/medusa/l2/acctype_ipc_permission.c | 10 +-- security/medusa/l2/acctype_ipc_semop.c | 10 +-- security/medusa/l2/acctype_ipc_shmat.c | 10 +-- security/medusa/l2/acctype_link.c | 12 +--- security/medusa/l2/acctype_lookup.c | 12 +--- security/medusa/l2/acctype_mkdir.c | 12 +--- security/medusa/l2/acctype_mknod.c | 12 +--- security/medusa/l2/acctype_notify_change.c | 12 +--- security/medusa/l2/acctype_permission.c | 16 +---- security/medusa/l2/acctype_ptrace.c | 7 +- security/medusa/l2/acctype_readlink.c | 12 +--- security/medusa/l2/acctype_readwrite.c | 14 +--- security/medusa/l2/acctype_rename.c | 12 +--- security/medusa/l2/acctype_rmdir.c | 13 +--- security/medusa/l2/acctype_sendsig.c | 12 +--- security/medusa/l2/acctype_setresuid.c | 7 +- security/medusa/l2/acctype_sexec.c | 17 ++--- security/medusa/l2/acctype_socket_accept.c | 6 +- security/medusa/l2/acctype_socket_bind.c | 10 ++- security/medusa/l2/acctype_socket_connect.c | 10 ++- security/medusa/l2/acctype_socket_create.c | 5 +- security/medusa/l2/acctype_socket_listen.c | 6 +- security/medusa/l2/acctype_socket_recvmsg.c | 10 ++- security/medusa/l2/acctype_socket_sendmsg.c | 10 ++- security/medusa/l2/acctype_symlink.c | 12 +--- security/medusa/l2/acctype_truncate.c | 12 +--- security/medusa/l2/acctype_unlink.c | 12 +--- security/medusa/l2/evtype_fuck.c | 5 +- security/medusa/l2/evtype_getfile.c | 15 ++-- security/medusa/l2/evtype_getipc.c | 7 +- security/medusa/l2/evtype_getprocess.c | 8 +-- security/medusa/l2/evtype_getsocket.c | 4 +- security/medusa/l2/kobject_cstrmem.c | 7 +- security/medusa/l2/kobject_file.c | 10 +-- security/medusa/l2/kobject_file.h | 72 ------------------- security/medusa/l2/kobject_fuck.c | 14 ++-- security/medusa/l2/kobject_ipc.c | 8 ++- security/medusa/l2/kobject_memory.c | 7 +- security/medusa/l2/kobject_printk.c | 6 +- security/medusa/l2/kobject_process.c | 13 +--- security/medusa/l2/kobject_socket.c | 9 ++- security/medusa/l2/kobject_socket.h | 71 ------------------ security/medusa/l2/medusa_l2_ksyms.c | 4 +- security/medusa/l3/comm.c | 10 +-- security/medusa/l3/l3_internals.h | 10 --- security/medusa/l3/med_l3_init.c | 4 +- security/medusa/l3/registry.c | 7 +- security/medusa/l4-constable/chardev.c | 26 +++---- security/medusa/l4-constable/teleport.c | 10 +-- security/medusa/testing/l3/med_model-tests.c | 4 +- security/medusa/testing/l3/vs_model-tests.c | 2 +- 88 files changed, 376 insertions(+), 750 deletions(-) delete mode 100644 include/linux/medusa/l1/inode.h delete mode 100644 include/linux/medusa/l1/process_handlers.h delete mode 100644 include/linux/medusa/l2/kobject_process.h create mode 100644 security/medusa/include/l1/fuck.h rename include/linux/medusa/l1/file_handlers.h => security/medusa/include/l1/inode.h (57%) rename {include/linux/medusa => security/medusa/include}/l1/ipc.h (94%) rename {include/linux/medusa => security/medusa/include}/l1/socket.h (61%) rename {include/linux/medusa => security/medusa/include}/l1/task.h (52%) rename {include/linux/medusa => security/medusa/include}/l2/kobject_file.h (91%) rename security/medusa/{ => include}/l2/kobject_fuck.h (50%) rename security/medusa/{ => include}/l2/kobject_ipc.h (80%) rename security/medusa/{ => include}/l2/kobject_process.h (84%) create mode 100644 security/medusa/include/l2/kobject_socket.h rename {include/linux/medusa => security/medusa/include}/l3/arch.h (97%) rename {include/linux/medusa => security/medusa/include}/l3/arch_types.h (100%) rename {include/linux/medusa => security/medusa/include}/l3/config.h (100%) rename {include/linux/medusa => security/medusa/include}/l3/constants.h (98%) rename {include/linux/medusa => security/medusa/include}/l3/kobject.h (99%) rename {include/linux/medusa => security/medusa/include}/l3/med_model.h (97%) rename {include/linux/medusa => security/medusa/include}/l3/registry.h (96%) rename {include/linux/medusa => security/medusa/include}/l3/server.h (94%) rename {include/linux/medusa => security/medusa/include}/l3/vs_model.h (96%) rename {include/linux/medusa => security/medusa/include}/l4/comm.h (98%) rename security/medusa/{l4-constable => include/l4}/med_cache.h (100%) rename security/medusa/{l4-constable => include/l4}/teleport.h (98%) delete mode 100644 security/medusa/l2/kobject_file.h delete mode 100644 security/medusa/l2/kobject_socket.h delete mode 100644 security/medusa/l3/l3_internals.h diff --git a/include/linux/medusa/l1/inode.h b/include/linux/medusa/l1/inode.h deleted file mode 100644 index dd01e251f327..000000000000 --- a/include/linux/medusa/l1/inode.h +++ /dev/null @@ -1,36 +0,0 @@ -/* medusa/l1/inode.h, (C) 2002 Milan Pikula - * - * struct inode extension: this structure is appended to in-kernel data, - * and we define it separately just to make l1 code shorter. - * - * for another data structure - kobject, describing inode for upper layers - - * see l2/kobject_file.[ch]. - */ - -#ifndef _MEDUSA_L1_INODE_H -#define _MEDUSA_L1_INODE_H - -#include -#include -#include -#include -#include -#include - -extern struct lsm_blob_sizes medusa_blob_sizes; -#define inode_security(inode) ((struct medusa_l1_inode_s*)(inode->i_security + medusa_blob_sizes.lbs_inode)) - -struct medusa_l1_inode_s { - struct medusa_object_s med_object; - __u32 user; -#ifdef CONFIG_MEDUSA_FILE_CAPABILITIES - kernel_cap_t icap, pcap, ecap; /* support for POSIX file capabilities */ -#endif /* CONFIG_MEDUSA_FILE_CAPABILITIES */ - - /* for kobject_file.c - don't touch! */ - struct inode * next_live; - int use_count; - DECLARE_HASHTABLE(fuck, 3); // enought for now; TODO add choice to menu config -}; - -#endif diff --git a/include/linux/medusa/l1/process_handlers.h b/include/linux/medusa/l1/process_handlers.h deleted file mode 100644 index 862948f29402..000000000000 --- a/include/linux/medusa/l1/process_handlers.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - * medusa/l1/process_handlers.h - * - * prototypes of L2 process related handlers called from L1 hooks - * - */ - -#ifndef _MEDUSA_L1_PROCESS_HANDLERS_H -#define _MEDUSA_L1_PROCESS_HANDLERS_H - -#include -//#include -#include -#include - -extern medusa_answer_t medusa_setresuid(uid_t ruid, uid_t euid, uid_t suid); -extern medusa_answer_t medusa_capable(int cap); -extern medusa_answer_t medusa_fork(unsigned long clone_flags); -extern medusa_answer_t medusa_init_process(struct task_struct *new); -extern medusa_answer_t medusa_sendsig(int sig, struct kernel_siginfo *info, - struct task_struct *p); -extern medusa_answer_t medusa_afterexec(char *filename, char **argv, - char **envp); -extern int medusa_monitored_pexec(void); -extern void medusa_monitor_pexec(int flag); -extern int medusa_monitored_afterexec(void); -extern void medusa_monitor_afterexec(int flag); -extern medusa_answer_t medusa_sexec(struct linux_binprm * bprm); -extern medusa_answer_t medusa_ptrace(struct task_struct * tracer, - struct task_struct * tracee); -extern void medusa_kernel_thread(int (*fn) (void *)); - -extern int process_kobj_validate_task(struct task_struct * ts); - -#endif /* _MEDUSA_L1_PROCESS_HANDLERS_H */ - diff --git a/include/linux/medusa/l2/kobject_process.h b/include/linux/medusa/l2/kobject_process.h deleted file mode 100644 index a187135bc888..000000000000 --- a/include/linux/medusa/l2/kobject_process.h +++ /dev/null @@ -1,42 +0,0 @@ -/* process_kobject.h, (C) 2002 Milan Pikula */ - -#ifndef _TASK_KOBJECT_H -#define _TASK_KOBJECT_H - -/* TASK kobject: this file defines the kobject structure for task, e.g. - * the data, which we want to pass to the authorization server. - * - * The structure contains some data from ordinary task_struct - * (such as pid etc.), and some data from medusa_l1_task_s, which is - * defined in medusa/l1/task.h. - */ - -#include -#include - -struct process_kobject { /* was: m_proc_inf */ - MEDUSA_KOBJECT_HEADER; - - pid_t pid, parent_pid, child_pid, sibling_pid; - pid_t pgrp; - uid_t uid, euid, suid, fsuid; - gid_t gid, egid, sgid, fsgid; - - uid_t luid; - kernel_cap_t ecap, icap, pcap; - struct medusa_object_s med_object; - struct medusa_subject_s med_subject; - __u32 user; -#ifdef CONFIG_MEDUSA_SYSCALL - /* FIXME: this is wrong on non-i386 architectures */ - - /* bitmap of syscalls, which are reported */ - unsigned char med_syscall[NR_syscalls / (sizeof(unsigned char) * 8)]; -#endif -}; -extern MED_DECLARE_KCLASSOF(process_kobject); - -int process_kobj2kern(struct process_kobject * tk, struct task_struct * ts); -int process_kern2kobj(struct process_kobject * tk, struct task_struct * ts); - -#endif diff --git a/security/medusa/Makefile b/security/medusa/Makefile index b52d11198443..1ae5148b3b6d 100644 --- a/security/medusa/Makefile +++ b/security/medusa/Makefile @@ -3,6 +3,7 @@ # #KBUILD_CFLAGS += -g -Wall KBUILD_CFLAGS += -Werror=deprecated-declarations +LINUXINCLUDE += -I$(srctree)/security/medusa/include subdir-$(CONFIG_SECURITY_MEDUSA) += l1 subdir-$(CONFIG_SECURITY_MEDUSA) += l2 diff --git a/security/medusa/include/l1/fuck.h b/security/medusa/include/l1/fuck.h new file mode 100644 index 000000000000..2435379efcb1 --- /dev/null +++ b/security/medusa/include/l1/fuck.h @@ -0,0 +1,15 @@ +/* medusa/l1/fuck.h, (C) 2002 Milan Pikula */ +#ifndef _MEDUSA_L1_FUCK_H +#define _MEDUSA_L1_FUCK_H + +#include "l3/registry.h" +#include "l1/inode.h" + +/* prototypes of L2 fuck related handlers called from L1 hooks */ + +int validate_fuck_link(struct dentry *old_dentry); +int validate_fuck(const struct path *fuck_path); +int fuck_free(struct medusa_l1_inode_s* med); + +#endif + diff --git a/include/linux/medusa/l1/file_handlers.h b/security/medusa/include/l1/inode.h similarity index 57% rename from include/linux/medusa/l1/file_handlers.h rename to security/medusa/include/l1/inode.h index 75987b54ebd8..5b6ad24f8bc0 100644 --- a/include/linux/medusa/l1/file_handlers.h +++ b/security/medusa/include/l1/inode.h @@ -1,17 +1,24 @@ -/* - * medusa/l1/file_handlers.h +/* medusa/l1/inode.h, (C) 2002 Milan Pikula * - * prototypes of L2 file related handlers called from L1 hooks + * struct inode extension: this structure is appended to in-kernel data, + * and we define it separately just to make l1 code shorter. * + * for another data structure - kobject, describing inode for upper layers - + * see l2/kobject_file.[ch]. */ -#ifndef _MEDUSA_L1_FILE_HANDLERS_H -#define _MEDUSA_L1_FILE_HANDLERS_H +#ifndef _MEDUSA_L1_INODE_H +#define _MEDUSA_L1_INODE_H -//#include -#include -#include -#include +//#include +//#include +#include +#include +#include +#include "l3/med_model.h" +#include "l3/constants.h" + +/* prototypes of L2 file related handlers called from L1 hooks */ extern medusa_answer_t medusa_exec(struct dentry ** dentryp); extern medusa_answer_t medusa_create(struct dentry * dentry, int mode); @@ -26,13 +33,13 @@ extern medusa_answer_t medusa_symlink(struct dentry *dentry, extern medusa_answer_t medusa_unlink(struct dentry *dentry); extern medusa_answer_t medusa_link(struct dentry *dentry, const char * newname); extern medusa_answer_t medusa_rename(struct dentry *dentry, const char * newname); - extern medusa_answer_t medusa_readlink(struct dentry *dentry); /* the following routines are a support for many of access types, * and they're used both in L1 and L2 code. They're defined in * l2/evtype_getfile.c. Look there before using any of these routines. */ + extern int file_kobj_validate_dentry(struct dentry * dentry, struct vfsmount * mnt); extern void medusa_get_upper_and_parent(struct path * ndsource, struct path * ndupperp, struct path * ndparentp); @@ -43,5 +50,24 @@ extern medusa_answer_t medusa_notify_change(struct dentry *dentry, struct iattr extern medusa_answer_t medusa_read(struct file * file); extern medusa_answer_t medusa_write(struct file * file); -#endif /* _MEDUSA_L1_FILE_HANDLERS_H */ +/* Struct inode extension: this structure is appended to in-kernel data, + * and we define it separately just to make l1 code shorter. + */ + +extern struct lsm_blob_sizes medusa_blob_sizes; +#define inode_security(inode) ((struct medusa_l1_inode_s*)(inode->i_security + medusa_blob_sizes.lbs_inode)) + +struct medusa_l1_inode_s { + struct medusa_object_s med_object; + __u32 user; +#ifdef CONFIG_MEDUSA_FILE_CAPABILITIES + kernel_cap_t icap, pcap, ecap; /* support for POSIX file capabilities */ +#endif /* CONFIG_MEDUSA_FILE_CAPABILITIES */ + + /* for kobject_file.c - don't touch! */ + struct inode * next_live; + int use_count; + DECLARE_HASHTABLE(fuck, 3); // enought for now; TODO add choice to menu config +}; +#endif diff --git a/include/linux/medusa/l1/ipc.h b/security/medusa/include/l1/ipc.h similarity index 94% rename from include/linux/medusa/l1/ipc.h rename to security/medusa/include/l1/ipc.h index d7930d65053f..6fd98b1a6185 100644 --- a/include/linux/medusa/l1/ipc.h +++ b/security/medusa/include/l1/ipc.h @@ -10,11 +10,10 @@ #ifndef _MEDUSA_L1_IPC_H #define _MEDUSA_L1_IPC_H -#include -#include +#include #include -#include -#include +#include "l3/med_model.h" +#include "l3/constants.h" /** * types of System V IPC objects diff --git a/include/linux/medusa/l1/socket.h b/security/medusa/include/l1/socket.h similarity index 61% rename from include/linux/medusa/l1/socket.h rename to security/medusa/include/l1/socket.h index 0ec321e0f8e0..dfab60f83380 100644 --- a/include/linux/medusa/l1/socket.h +++ b/security/medusa/include/l1/socket.h @@ -3,17 +3,49 @@ * sock struct extension: this structure is appended to in-kernel data, * and we define it separately just to make l1 code shorter. * - * for another data structure - kobject, describing socket for upper layers - + * for another data structure - kobject, describing socket for upper layers - * see security/medusa/l2/kobject_socket.[ch]. */ #ifndef _MEDUSA_L1_SOCKET_H #define _MEDUSA_L1_SOCKET_H -#include -#include -#include "../../../../security/medusa/l2/kobject_socket.h" -#include +#include /* UNIX_PATH_MAX */ +#include "l3/med_model.h" +#include "l3/constants.h" + +#define sock_security(sk) ((struct medusa_l1_socket_s*)(sk->sk_security)) + +struct med_inet6_addr_i { + __be16 port; + __be32 addrdata[16]; +}; + +struct med_inet_addr_i { + __be16 port; + __be32 addrdata[4]; +}; + +struct med_unix_addr_i { + char addrdata[UNIX_PATH_MAX]; +}; + +union MED_ADDRESS { + struct med_inet6_addr_i inet6_i; + struct med_inet_addr_i inet_i; + struct med_unix_addr_i unix_i; +}; + +/** + * struct medusa_l1_socket_s - additional security struct for socket objects + * + * @struct medusa_object_s - members used in Medusa VS access evaluation process + */ +struct medusa_l1_socket_s { + struct medusa_object_s med_object; + int addrlen; + union MED_ADDRESS address; +}; extern medusa_answer_t medusa_socket_create(int family, int type, int protocol); extern medusa_answer_t medusa_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen); diff --git a/include/linux/medusa/l1/task.h b/security/medusa/include/l1/task.h similarity index 52% rename from include/linux/medusa/l1/task.h rename to security/medusa/include/l1/task.h index 5d0412ac6973..40ccac46ee15 100644 --- a/include/linux/medusa/l1/task.h +++ b/security/medusa/include/l1/task.h @@ -10,14 +10,34 @@ #ifndef _MEDUSA_L1_TASK_H #define _MEDUSA_L1_TASK_H -#include -#include -#include -#include -#include -#include #include -#include +#include "l3/med_model.h" +#include "l3/constants.h" + +/* prototypes of L2 process related handlers called from L1 hooks */ + +extern medusa_answer_t medusa_setresuid(uid_t ruid, uid_t euid, uid_t suid); +extern medusa_answer_t medusa_capable(int cap); +extern medusa_answer_t medusa_fork(unsigned long clone_flags); +extern medusa_answer_t medusa_init_process(struct task_struct *new); +extern medusa_answer_t medusa_sendsig(int sig, struct kernel_siginfo *info, + struct task_struct *p); +extern medusa_answer_t medusa_afterexec(char *filename, char **argv, + char **envp); +extern int medusa_monitored_pexec(void); +extern void medusa_monitor_pexec(int flag); +extern int medusa_monitored_afterexec(void); +extern void medusa_monitor_afterexec(int flag); +extern medusa_answer_t medusa_sexec(struct linux_binprm * bprm); +extern medusa_answer_t medusa_ptrace(struct task_struct * tracer, + struct task_struct * tracee); +extern void medusa_kernel_thread(int (*fn) (void *)); + +extern int process_kobj_validate_task(struct task_struct * ts); + +/* Struct task extension: this structure is appended to in-kernel data, + * and we define it separately just to make l1 code shorter. + */ extern struct lsm_blob_sizes medusa_blob_sizes; #define task_security(task) ((struct medusa_l1_task_s *)(task->security + medusa_blob_sizes.lbs_task)) diff --git a/include/linux/medusa/l2/kobject_file.h b/security/medusa/include/l2/kobject_file.h similarity index 91% rename from include/linux/medusa/l2/kobject_file.h rename to security/medusa/include/l2/kobject_file.h index 04d0d9eec69f..6bfa6da996b5 100644 --- a/include/linux/medusa/l2/kobject_file.h +++ b/security/medusa/include/l2/kobject_file.h @@ -14,11 +14,11 @@ #ifndef _INODE_KOBJECT_H #define _INODE_KOBJECT_H -#include -#include +#include +#include "l3/kobject.h" +#include "l1/inode.h" struct file_kobject { /* was: m_inode_inf */ - MEDUSA_KOBJECT_HEADER; /* * As a preparation for the total deletion of device numbers, * we introduce a type unsigned long to hold them. No information about @@ -31,15 +31,15 @@ struct file_kobject { /* was: m_inode_inf */ umode_t mode; nlink_t nlink; - uid_t uid; - gid_t gid; + kuid_t uid; + kgid_t gid; unsigned long rdev; struct medusa_object_s med_object; __u32 user; #ifdef CONFIG_MEDUSA_FILE_CAPABILITIES - kernel_cap_t icap; + kernel_cap_t icap; /* support for Linux capabilities */ kernel_cap_t pcap; kernel_cap_t ecap; #endif /* CONFIG_MEDUSA_FILE_CAPABILITIES */ diff --git a/security/medusa/l2/kobject_fuck.h b/security/medusa/include/l2/kobject_fuck.h similarity index 50% rename from security/medusa/l2/kobject_fuck.h rename to security/medusa/include/l2/kobject_fuck.h index b294412c8d11..ccfb7422152a 100644 --- a/security/medusa/l2/kobject_fuck.h +++ b/security/medusa/include/l2/kobject_fuck.h @@ -1,19 +1,8 @@ /* kobject_fuck.c, (C) 2002 Milan Pikula */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "kobject_file.h" - -int validate_fuck_link(struct dentry *old_dentry); -int validate_fuck(const struct path *fuck_path); -int fuck_free(struct medusa_l1_inode_s* med); +#include "l3/kobject.h" +#include "l1/inode.h" +#include "l1/fuck.h" struct fuck_kobject { char path[PATH_MAX]; /* primary key in 'fetch' operation */ diff --git a/security/medusa/l2/kobject_ipc.h b/security/medusa/include/l2/kobject_ipc.h similarity index 80% rename from security/medusa/l2/kobject_ipc.h rename to security/medusa/include/l2/kobject_ipc.h index 8f62f9404e09..e34367961109 100644 --- a/security/medusa/l2/kobject_ipc.h +++ b/security/medusa/include/l2/kobject_ipc.h @@ -1,12 +1,10 @@ -#include -#include -#include -#include <../../../ipc/util.h> // FIXME FIXME FIXME TODO -#include -#include -#include -#include -#include +// SPDX-License-Identifier: GPL-2.0 + +#ifndef _IPC_KOBJECT_H +#define _IPC_KOBJECT_H + +#include "l3/kobject.h" +#include "l1/ipc.h" /* * medusa_ipc_perm - struct holding relevant entries from 'kern_ipc_perm' (see linux/ipc.h) @@ -43,3 +41,5 @@ medusa_answer_t ipc_update(struct medusa_kobject_s * kobj); struct ipc_kobject * ipc_kern2kobj(struct ipc_kobject *, struct kern_ipc_perm *, bool); int ipc_getref(struct kern_ipc_perm *ipcp, bool unlock); int ipc_putref(struct kern_ipc_perm *ipcp, bool lock); + +#endif diff --git a/security/medusa/l2/kobject_process.h b/security/medusa/include/l2/kobject_process.h similarity index 84% rename from security/medusa/l2/kobject_process.h rename to security/medusa/include/l2/kobject_process.h index ea554fba0165..f39e51c2f56a 100644 --- a/security/medusa/l2/kobject_process.h +++ b/security/medusa/include/l2/kobject_process.h @@ -9,13 +9,12 @@ * * The structure contains some data from ordinary task_struct * (such as pid etc.), and some data from medusa_l1_task_s, which is - * defined in medusa/l1/task.h. + * defined in medusa/include/l1/task.h. */ -#include /* contains all includes we need ;) */ -#include -#include -#include +#include +#include "l3/kobject.h" +#include "l1/task.h" struct process_kobject { int pid, pgrp, tgid, session; diff --git a/security/medusa/include/l2/kobject_socket.h b/security/medusa/include/l2/kobject_socket.h new file mode 100644 index 000000000000..73583910127a --- /dev/null +++ b/security/medusa/include/l2/kobject_socket.h @@ -0,0 +1,30 @@ +#ifndef _SOCKET_KOBJECT_H +#define _SOCKET_KOBJECT_H + +//#include +#include +#include "l3/kobject.h" +#include "l1/socket.h" + +struct socket_kobject { + dev_t dev; + unsigned long ino; + + int type; + int family; + int addrlen; + union MED_ADDRESS address; + kuid_t uid; + + struct medusa_object_s med_object; +}; +extern MED_DECLARE_KCLASSOF(socket_kobject); + +/* the conversion routines */ +int socket_kobj2kern(struct socket_kobject * sock_kobj, struct socket * sock); +int socket_kern2kobj(struct socket_kobject * sock_kobj, struct socket * sock); + +struct medusa_kobject_s *socket_fetch(struct medusa_kobject_s *kobj); +medusa_answer_t socket_update(struct medusa_kobject_s *kobj); + +#endif diff --git a/include/linux/medusa/l3/arch.h b/security/medusa/include/l3/arch.h similarity index 97% rename from include/linux/medusa/l3/arch.h rename to security/medusa/include/l3/arch.h index cc89bdef8ef1..3babfd0b9a42 100644 --- a/include/linux/medusa/l3/arch.h +++ b/security/medusa/include/l3/arch.h @@ -1,7 +1,7 @@ #ifndef _MEDUSA_ARCH_H #define _MEDUSA_ARCH_H #include -#include +#include "l3/config.h" /* data locks */ #define MED_DECLARE_LOCK_DATA(name) extern rwlock_t name @@ -52,7 +52,7 @@ #endif /* u_intX_t */ -#include +#include "l3/arch_types.h" /* memcpy */ diff --git a/include/linux/medusa/l3/arch_types.h b/security/medusa/include/l3/arch_types.h similarity index 100% rename from include/linux/medusa/l3/arch_types.h rename to security/medusa/include/l3/arch_types.h diff --git a/include/linux/medusa/l3/config.h b/security/medusa/include/l3/config.h similarity index 100% rename from include/linux/medusa/l3/config.h rename to security/medusa/include/l3/config.h diff --git a/include/linux/medusa/l3/constants.h b/security/medusa/include/l3/constants.h similarity index 98% rename from include/linux/medusa/l3/constants.h rename to security/medusa/include/l3/constants.h index fc1cee805504..ff22b2548057 100644 --- a/include/linux/medusa/l3/constants.h +++ b/security/medusa/include/l3/constants.h @@ -1,7 +1,7 @@ #ifndef _MEDUSA_CONSTANTS_H #define _MEDUSA_CONSTANTS_H -#include +#include "l4/comm.h" /* these constants may be used by both internal kernel data structures, * and a communication protocol. if you alter them, you'll break the diff --git a/include/linux/medusa/l3/kobject.h b/security/medusa/include/l3/kobject.h similarity index 99% rename from include/linux/medusa/l3/kobject.h rename to security/medusa/include/l3/kobject.h index 3121f910a82a..c7b8cc00e910 100644 --- a/include/linux/medusa/l3/kobject.h +++ b/security/medusa/include/l3/kobject.h @@ -20,10 +20,10 @@ * While you are not looking, this source is in Pascal. */ -#include -#include -#include #include +#include "l3/arch.h" +#include "l3/constants.h" +#include "l3/med_model.h" struct medusa_attribute_s; struct medusa_kclass_s; diff --git a/include/linux/medusa/l3/med_model.h b/security/medusa/include/l3/med_model.h similarity index 97% rename from include/linux/medusa/l3/med_model.h rename to security/medusa/include/l3/med_model.h index 7b4be8d3a67a..c6513bca1810 100644 --- a/include/linux/medusa/l3/med_model.h +++ b/security/medusa/include/l3/med_model.h @@ -1,8 +1,8 @@ #ifndef _MEDUSA_MODEL_H #define _MEDUSA_MODEL_H -#include -#include +#include "l3/config.h" +#include "l3/vs_model.h" extern int medusa_authserver_magic; diff --git a/include/linux/medusa/l3/registry.h b/security/medusa/include/l3/registry.h similarity index 96% rename from include/linux/medusa/l3/registry.h rename to security/medusa/include/l3/registry.h index 87b26bcef437..8c41956775e0 100644 --- a/include/linux/medusa/l3/registry.h +++ b/security/medusa/include/l3/registry.h @@ -10,9 +10,9 @@ #ifndef _MEDUSA_REGISTRY_H #define _MEDUSA_REGISTRY_H -#include -#include -#include +#include "l3/arch.h" +#include "l3/kobject.h" +#include "l3/server.h" extern int authserver_magic; /* to be checked against magic in objects */ diff --git a/include/linux/medusa/l3/server.h b/security/medusa/include/l3/server.h similarity index 94% rename from include/linux/medusa/l3/server.h rename to security/medusa/include/l3/server.h index ecdc673ab23b..70394f7486eb 100644 --- a/include/linux/medusa/l3/server.h +++ b/security/medusa/include/l3/server.h @@ -8,8 +8,8 @@ * and constants, and API for the auth. server. */ -#include -#include +#include "l3/constants.h" +#include "l3/kobject.h" struct medusa_authserver_s { char name[MEDUSA_SERVERNAME_MAX]; diff --git a/include/linux/medusa/l3/vs_model.h b/security/medusa/include/l3/vs_model.h similarity index 96% rename from include/linux/medusa/l3/vs_model.h rename to security/medusa/include/l3/vs_model.h index b767b09a010c..c9eb344e9713 100644 --- a/include/linux/medusa/l3/vs_model.h +++ b/security/medusa/include/l3/vs_model.h @@ -1,8 +1,8 @@ #ifndef _VSMODEL_H #define _VSMODEL_H -#include #include +#include "l3/config.h" #define _VS(X) ((X)->vs) #define _VSR(X) ((X)->vsr) diff --git a/include/linux/medusa/l4/comm.h b/security/medusa/include/l4/comm.h similarity index 98% rename from include/linux/medusa/l4/comm.h rename to security/medusa/include/l4/comm.h index 4b1a551e4595..7ab04156f059 100644 --- a/include/linux/medusa/l4/comm.h +++ b/security/medusa/include/l4/comm.h @@ -1,7 +1,7 @@ #ifndef _MEDUSA_COMM_H #define _MEDUSA_COMM_H -#include +#include "l3/arch_types.h" /* * the following constants and structures cover the standard diff --git a/security/medusa/l4-constable/med_cache.h b/security/medusa/include/l4/med_cache.h similarity index 100% rename from security/medusa/l4-constable/med_cache.h rename to security/medusa/include/l4/med_cache.h diff --git a/security/medusa/l4-constable/teleport.h b/security/medusa/include/l4/teleport.h similarity index 98% rename from security/medusa/l4-constable/teleport.h rename to security/medusa/include/l4/teleport.h index 1c167c2838d2..89edebe30939 100644 --- a/security/medusa/l4-constable/teleport.h +++ b/security/medusa/include/l4/teleport.h @@ -1,7 +1,7 @@ #ifndef _MEDUSA_TELEPORT_H #define _MEDUSA_TELEPORT_H -#include +#include "l4/comm.h" typedef enum { tp_NOP, /* do nothing */ diff --git a/security/medusa/l1/medusa.c b/security/medusa/l1/medusa.c index 2ff0e556cc04..3d5e442fd22c 100644 --- a/security/medusa/l1/medusa.c +++ b/security/medusa/l1/medusa.c @@ -55,20 +55,15 @@ #include #include #include -#include -#include -#include -#include -#include -#include -#include -#include -#include "../l2/kobject_process.h" -#include "../l2/kobject_file.h" -#include "../l2/kobject_fuck.h" -#include "../l2/kobject_socket.h" -#include "../../../ipc/util.h" -#include + +#include "l4/comm.h" +#include "l3/registry.h" +#include "l3/arch.h" +#include "l1/inode.h" +#include "l1/task.h" +#include "l1/ipc.h" +#include "l1/socket.h" +#include "l1/fuck.h" int medusa_l1_inode_alloc_security(struct inode *inode); diff --git a/security/medusa/l2/acctype_afterexec.c b/security/medusa/l2/acctype_afterexec.c index 4a4ab261a72f..b87aec345694 100644 --- a/security/medusa/l2/acctype_afterexec.c +++ b/security/medusa/l2/acctype_afterexec.c @@ -1,9 +1,5 @@ -#include -#include -#include -#include - -#include "kobject_process.h" +#include "l3/registry.h" +#include "l2/kobject_process.h" /* let's define the 'exec' access type, with subj=task and obj=inode */ diff --git a/security/medusa/l2/acctype_capable.c b/security/medusa/l2/acctype_capable.c index 5cf6ca4f60a4..55b38dc30668 100644 --- a/security/medusa/l2/acctype_capable.c +++ b/security/medusa/l2/acctype_capable.c @@ -3,12 +3,8 @@ * This file defines the 'capable' call. */ -#include -#include -#include -#include - -#include "kobject_process.h" +#include "l3/registry.h" +#include "l2/kobject_process.h" struct capable_access { MEDUSA_ACCESS_HEADER; diff --git a/security/medusa/l2/acctype_create.c b/security/medusa/l2/acctype_create.c index 2c45eb2ea77a..36cb8da43c88 100644 --- a/security/medusa/l2/acctype_create.c +++ b/security/medusa/l2/acctype_create.c @@ -1,14 +1,6 @@ -#include -#include -#include -#include -#include -#include -#include - -#include "kobject_process.h" -#include "kobject_file.h" -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_file.h" /* let's define the 'create' access type, with subj=task and obj=inode */ diff --git a/security/medusa/l2/acctype_exec.c b/security/medusa/l2/acctype_exec.c index 816070be9a01..c6ced4d21dfd 100644 --- a/security/medusa/l2/acctype_exec.c +++ b/security/medusa/l2/acctype_exec.c @@ -1,11 +1,6 @@ -#include -#include -#include -#include - -#include "kobject_process.h" -#include "kobject_file.h" -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_file.h" /* let's define the 'exec' access type, with subj=task and obj=inode */ diff --git a/security/medusa/l2/acctype_fork.c b/security/medusa/l2/acctype_fork.c index 4a1d3372c416..7d7a5c981bca 100644 --- a/security/medusa/l2/acctype_fork.c +++ b/security/medusa/l2/acctype_fork.c @@ -1,8 +1,5 @@ -#include -#include "kobject_process.h" -#include -#include -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" /* let's define the 'fork' access type, with object=task and subject=task. */ diff --git a/security/medusa/l2/acctype_init_process.c b/security/medusa/l2/acctype_init_process.c index de44fd6f621b..a04c87f210c6 100644 --- a/security/medusa/l2/acctype_init_process.c +++ b/security/medusa/l2/acctype_init_process.c @@ -1,8 +1,6 @@ -#include -#include "kobject_process.h" -#include -#include -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_file.h" struct init_process { MEDUSA_ACCESS_HEADER; diff --git a/security/medusa/l2/acctype_ipc_associate.c b/security/medusa/l2/acctype_ipc_associate.c index 6b7d12693898..8851fce8fa53 100644 --- a/security/medusa/l2/acctype_ipc_associate.c +++ b/security/medusa/l2/acctype_ipc_associate.c @@ -8,13 +8,9 @@ * Copyright (C) 2018-2020 Matus Jokay */ -#include -#include -#include -#include -#include -#include "kobject_process.h" -#include "kobject_ipc.h" +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_ipc.h" struct ipc_associate_access { MEDUSA_ACCESS_HEADER; diff --git a/security/medusa/l2/acctype_ipc_ctl.c b/security/medusa/l2/acctype_ipc_ctl.c index db428e9cb787..0809b52affea 100644 --- a/security/medusa/l2/acctype_ipc_ctl.c +++ b/security/medusa/l2/acctype_ipc_ctl.c @@ -8,13 +8,9 @@ * Copyright (C) 2018-2020 Matus Jokay */ -#include -#include -#include -#include -#include -#include "kobject_process.h" -#include "kobject_ipc.h" +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_ipc.h" struct ipc_ctl_access { MEDUSA_ACCESS_HEADER; diff --git a/security/medusa/l2/acctype_ipc_msgrcv.c b/security/medusa/l2/acctype_ipc_msgrcv.c index cd36b5a44540..8c4df639ff88 100644 --- a/security/medusa/l2/acctype_ipc_msgrcv.c +++ b/security/medusa/l2/acctype_ipc_msgrcv.c @@ -8,13 +8,10 @@ * Copyright (C) 2018-2020 Matus Jokay */ -#include -#include -#include -#include -#include -#include "kobject_process.h" -#include "kobject_ipc.h" +#include +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_ipc.h" struct ipc_msgrcv_access { MEDUSA_ACCESS_HEADER; diff --git a/security/medusa/l2/acctype_ipc_msgsnd.c b/security/medusa/l2/acctype_ipc_msgsnd.c index 178266ddbe8e..7811dcb7f860 100644 --- a/security/medusa/l2/acctype_ipc_msgsnd.c +++ b/security/medusa/l2/acctype_ipc_msgsnd.c @@ -8,13 +8,10 @@ * Copyright (C) 2018-2020 Matus Jokay */ -#include -#include -#include -#include -#include -#include "kobject_process.h" -#include "kobject_ipc.h" +#include +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_ipc.h" /* * struct @ipc_msgsnd_access is derived from 'struct msg_msg' in include/linux/msg.h diff --git a/security/medusa/l2/acctype_ipc_permission.c b/security/medusa/l2/acctype_ipc_permission.c index 5cc78aaeda83..57e906284e4f 100644 --- a/security/medusa/l2/acctype_ipc_permission.c +++ b/security/medusa/l2/acctype_ipc_permission.c @@ -8,13 +8,9 @@ * Copyright (C) 2018-2020 Matus Jokay */ -#include -#include -#include -#include -#include -#include "kobject_process.h" -#include "kobject_ipc.h" +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_ipc.h" struct ipc_perm_access { MEDUSA_ACCESS_HEADER; diff --git a/security/medusa/l2/acctype_ipc_semop.c b/security/medusa/l2/acctype_ipc_semop.c index de051648e65c..eca24404072a 100644 --- a/security/medusa/l2/acctype_ipc_semop.c +++ b/security/medusa/l2/acctype_ipc_semop.c @@ -8,13 +8,9 @@ * Copyright (C) 2018-2020 Matus Jokay */ -#include -#include -#include -#include -#include -#include "kobject_process.h" -#include "kobject_ipc.h" +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_ipc.h" struct ipc_semop_access { MEDUSA_ACCESS_HEADER; diff --git a/security/medusa/l2/acctype_ipc_shmat.c b/security/medusa/l2/acctype_ipc_shmat.c index f51d563ad525..d412ddd12b28 100644 --- a/security/medusa/l2/acctype_ipc_shmat.c +++ b/security/medusa/l2/acctype_ipc_shmat.c @@ -8,13 +8,9 @@ * Copyright (C) 2018-2020 Matus Jokay */ -#include -#include -#include -#include -#include -#include "kobject_process.h" -#include "kobject_ipc.h" +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_ipc.h" struct ipc_shmat_access { MEDUSA_ACCESS_HEADER; diff --git a/security/medusa/l2/acctype_link.c b/security/medusa/l2/acctype_link.c index 155904502f86..1f3754278ecb 100644 --- a/security/medusa/l2/acctype_link.c +++ b/security/medusa/l2/acctype_link.c @@ -1,12 +1,6 @@ -#include -#include -#include -#include -#include - -#include "kobject_process.h" -#include "kobject_file.h" -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_file.h" /* let's define the 'link' access type, with subj=task and obj=inode */ diff --git a/security/medusa/l2/acctype_lookup.c b/security/medusa/l2/acctype_lookup.c index cf3f7ec05fcf..533d9ac33107 100644 --- a/security/medusa/l2/acctype_lookup.c +++ b/security/medusa/l2/acctype_lookup.c @@ -1,12 +1,6 @@ -#include -#include -#include -#include -#include - -#include "kobject_process.h" -#include "kobject_file.h" -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_file.h" /* let's define the 'lookup' access type, with subj=task and obj=inode */ diff --git a/security/medusa/l2/acctype_mkdir.c b/security/medusa/l2/acctype_mkdir.c index 73f6ec31c6ba..183c2e0829f3 100644 --- a/security/medusa/l2/acctype_mkdir.c +++ b/security/medusa/l2/acctype_mkdir.c @@ -1,12 +1,6 @@ -#include -#include -#include -#include -#include - -#include "kobject_process.h" -#include "kobject_file.h" -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_file.h" /* let's define the 'mkdir' access type, with subj=task and obj=inode */ diff --git a/security/medusa/l2/acctype_mknod.c b/security/medusa/l2/acctype_mknod.c index 279fd98a682d..e1ae0ae34c7c 100644 --- a/security/medusa/l2/acctype_mknod.c +++ b/security/medusa/l2/acctype_mknod.c @@ -1,12 +1,6 @@ -#include -#include -#include -#include -#include - -#include "kobject_process.h" -#include "kobject_file.h" -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_file.h" /* let's define the 'mknod' access type, with subj=task and obj=inode */ diff --git a/security/medusa/l2/acctype_notify_change.c b/security/medusa/l2/acctype_notify_change.c index fa6c990f1a08..ddf1a9a6c20d 100644 --- a/security/medusa/l2/acctype_notify_change.c +++ b/security/medusa/l2/acctype_notify_change.c @@ -1,12 +1,6 @@ -#include -#include -#include -#include -#include - -#include "kobject_process.h" -#include "kobject_file.h" -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_file.h" /* let's define the 'notify_change' access type, with subj=task and obj=inode */ /* todo: rename this to chmod or chattr or whatever */ diff --git a/security/medusa/l2/acctype_permission.c b/security/medusa/l2/acctype_permission.c index d47b0a8d4a8e..e9f124ea0034 100644 --- a/security/medusa/l2/acctype_permission.c +++ b/security/medusa/l2/acctype_permission.c @@ -1,16 +1,6 @@ -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "kobject_process.h" -#include "kobject_file.h" -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_file.h" /* let's define the 'permission' access type, with subj=task and obj=inode */ diff --git a/security/medusa/l2/acctype_ptrace.c b/security/medusa/l2/acctype_ptrace.c index 5c1af3aa8ff4..ee82d1581056 100644 --- a/security/medusa/l2/acctype_ptrace.c +++ b/security/medusa/l2/acctype_ptrace.c @@ -1,8 +1,5 @@ -#include -#include -#include -#include "kobject_process.h" -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" /* let's define the 'ptrace' access type, with object=task and subject=task. */ diff --git a/security/medusa/l2/acctype_readlink.c b/security/medusa/l2/acctype_readlink.c index 40e5c471404e..1e4d6492576d 100644 --- a/security/medusa/l2/acctype_readlink.c +++ b/security/medusa/l2/acctype_readlink.c @@ -1,12 +1,6 @@ -#include -#include -#include -#include -#include - -#include "kobject_process.h" -#include "kobject_file.h" -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_file.h" /* let's define the 'readlink' access type, with subj=task and obj=inode */ diff --git a/security/medusa/l2/acctype_readwrite.c b/security/medusa/l2/acctype_readwrite.c index 1a84d09ff574..3732e2b97910 100644 --- a/security/medusa/l2/acctype_readwrite.c +++ b/security/medusa/l2/acctype_readwrite.c @@ -2,17 +2,9 @@ * it useful. */ -#include -#include -#include -#include -#include -#include -#include - -#include "kobject_process.h" -#include "kobject_file.h" -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_file.h" /** * medusa_read - L1-called code to check VS diff --git a/security/medusa/l2/acctype_rename.c b/security/medusa/l2/acctype_rename.c index 1b2d22736e65..5017945f1730 100644 --- a/security/medusa/l2/acctype_rename.c +++ b/security/medusa/l2/acctype_rename.c @@ -1,12 +1,6 @@ -#include -#include -#include -#include -#include - -#include "kobject_process.h" -#include "kobject_file.h" -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_file.h" /* let's define the 'rename' access type, with subj=task and obj=inode */ diff --git a/security/medusa/l2/acctype_rmdir.c b/security/medusa/l2/acctype_rmdir.c index dca9064cb59e..3d909bceeac2 100644 --- a/security/medusa/l2/acctype_rmdir.c +++ b/security/medusa/l2/acctype_rmdir.c @@ -1,13 +1,6 @@ -#include -#include -#include -#include -#include - -#include "kobject_process.h" -#include "kobject_file.h" -#include "kobject_fuck.h" -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_file.h" /* let's define the 'rmdir' access type, with subj=task and obj=inode */ int medusa_l1_inode_alloc_security(struct inode *inode); diff --git a/security/medusa/l2/acctype_sendsig.c b/security/medusa/l2/acctype_sendsig.c index beb94e9c8e2d..14c39bb26ce2 100644 --- a/security/medusa/l2/acctype_sendsig.c +++ b/security/medusa/l2/acctype_sendsig.c @@ -1,13 +1,5 @@ -#include -#include /* SEND_SIG_PRIV */ -#include -#include -#include -#include -#include "kobject_process.h" -#include -#include -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" /* let's define the 'kill' access type, with object=task and subject=task. */ diff --git a/security/medusa/l2/acctype_setresuid.c b/security/medusa/l2/acctype_setresuid.c index 4152e2d7a874..133463c4f93a 100644 --- a/security/medusa/l2/acctype_setresuid.c +++ b/security/medusa/l2/acctype_setresuid.c @@ -2,11 +2,8 @@ * * This file defines the 'setresuid' access type, with object=subject=process. */ -#include -#include -#include "kobject_process.h" -#include -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" struct setresuid { MEDUSA_ACCESS_HEADER; diff --git a/security/medusa/l2/acctype_sexec.c b/security/medusa/l2/acctype_sexec.c index 3bb1ab50c7ca..c1bcc395dfd5 100644 --- a/security/medusa/l2/acctype_sexec.c +++ b/security/medusa/l2/acctype_sexec.c @@ -1,16 +1,7 @@ -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "kobject_process.h" -#include "kobject_file.h" -#include +#include +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_file.h" /* let's define the 'sexec' access type, with subj=task and obj=inode */ diff --git a/security/medusa/l2/acctype_socket_accept.c b/security/medusa/l2/acctype_socket_accept.c index 1ed9d6d030ce..bc10ea89268a 100644 --- a/security/medusa/l2/acctype_socket_accept.c +++ b/security/medusa/l2/acctype_socket_accept.c @@ -1,6 +1,6 @@ -#include "kobject_process.h" -#include "kobject_socket.h" -#include "kobject_file.h" +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_socket.h" struct socket_accept_access { MEDUSA_ACCESS_HEADER; diff --git a/security/medusa/l2/acctype_socket_bind.c b/security/medusa/l2/acctype_socket_bind.c index 823388973a5e..25a883ccd51b 100644 --- a/security/medusa/l2/acctype_socket_bind.c +++ b/security/medusa/l2/acctype_socket_bind.c @@ -1,14 +1,12 @@ -#include -#include -#include "kobject_process.h" -#include "kobject_socket.h" -#include "kobject_file.h" +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_socket.h" struct socket_bind_access { MEDUSA_ACCESS_HEADER; sa_family_t family; int addrlen; - MED_ADDRESS address; + union MED_ADDRESS address; }; MED_ATTRS(socket_bind_access) { diff --git a/security/medusa/l2/acctype_socket_connect.c b/security/medusa/l2/acctype_socket_connect.c index 2f94ff9b8ddf..246992b4a2d9 100644 --- a/security/medusa/l2/acctype_socket_connect.c +++ b/security/medusa/l2/acctype_socket_connect.c @@ -1,14 +1,12 @@ -#include -#include -#include "kobject_process.h" -#include "kobject_socket.h" -#include "kobject_file.h" +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_socket.h" struct socket_connect_access { MEDUSA_ACCESS_HEADER; sa_family_t family; int addrlen; - MED_ADDRESS address; + union MED_ADDRESS address; }; MED_ATTRS(socket_connect_access) { diff --git a/security/medusa/l2/acctype_socket_create.c b/security/medusa/l2/acctype_socket_create.c index 8cf0e9fab592..38611bab6774 100644 --- a/security/medusa/l2/acctype_socket_create.c +++ b/security/medusa/l2/acctype_socket_create.c @@ -1,5 +1,6 @@ -#include "kobject_socket.h" -#include "kobject_process.h" +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_socket.h" struct socket_create_access { MEDUSA_ACCESS_HEADER; diff --git a/security/medusa/l2/acctype_socket_listen.c b/security/medusa/l2/acctype_socket_listen.c index fc308950d23a..a9ddb849a790 100644 --- a/security/medusa/l2/acctype_socket_listen.c +++ b/security/medusa/l2/acctype_socket_listen.c @@ -1,6 +1,6 @@ -#include "kobject_process.h" -#include "kobject_socket.h" -#include "kobject_file.h" +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_socket.h" struct socket_listen_access { MEDUSA_ACCESS_HEADER; diff --git a/security/medusa/l2/acctype_socket_recvmsg.c b/security/medusa/l2/acctype_socket_recvmsg.c index 0427cd1a8cc0..af861d699e76 100644 --- a/security/medusa/l2/acctype_socket_recvmsg.c +++ b/security/medusa/l2/acctype_socket_recvmsg.c @@ -1,13 +1,11 @@ -#include -#include -#include "kobject_process.h" -#include "kobject_socket.h" -#include "kobject_file.h" +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_socket.h" struct socket_recvmsg_access { MEDUSA_ACCESS_HEADER; int addrlen; - MED_ADDRESS address; + union MED_ADDRESS address; }; MED_ATTRS(socket_recvmsg_access) { diff --git a/security/medusa/l2/acctype_socket_sendmsg.c b/security/medusa/l2/acctype_socket_sendmsg.c index 9737c95bdb1e..e2b070e4f453 100644 --- a/security/medusa/l2/acctype_socket_sendmsg.c +++ b/security/medusa/l2/acctype_socket_sendmsg.c @@ -1,13 +1,11 @@ -#include -#include -#include "kobject_process.h" -#include "kobject_socket.h" -#include "kobject_file.h" +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_socket.h" struct socket_sendmsg_access { MEDUSA_ACCESS_HEADER; int addrlen; - MED_ADDRESS address; + union MED_ADDRESS address; }; MED_ATTRS(socket_sendmsg_access) { diff --git a/security/medusa/l2/acctype_symlink.c b/security/medusa/l2/acctype_symlink.c index 98f71a277a03..f4c26129b1f8 100644 --- a/security/medusa/l2/acctype_symlink.c +++ b/security/medusa/l2/acctype_symlink.c @@ -1,12 +1,6 @@ -#include -#include -#include -#include -#include - -#include "kobject_process.h" -#include "kobject_file.h" -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_file.h" /* let's define the 'symlink' access type, with subj=task and obj=inode */ diff --git a/security/medusa/l2/acctype_truncate.c b/security/medusa/l2/acctype_truncate.c index e7722313becc..cf7212cf6938 100644 --- a/security/medusa/l2/acctype_truncate.c +++ b/security/medusa/l2/acctype_truncate.c @@ -1,12 +1,6 @@ -#include -#include -#include -#include -#include - -#include "kobject_process.h" -#include "kobject_file.h" -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_file.h" /* let's define the 'truncate' access type, with subj=task and obj=inode */ diff --git a/security/medusa/l2/acctype_unlink.c b/security/medusa/l2/acctype_unlink.c index 91b9ae647dc6..1caf8b989b3c 100644 --- a/security/medusa/l2/acctype_unlink.c +++ b/security/medusa/l2/acctype_unlink.c @@ -1,12 +1,6 @@ -#include -#include -#include -#include -#include - -#include "kobject_process.h" -#include "kobject_file.h" -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_file.h" /* let's define the 'unlink' access type, with subj=task and obj=inode */ int medusa_l1_inode_alloc_security(struct inode *inode); diff --git a/security/medusa/l2/evtype_fuck.c b/security/medusa/l2/evtype_fuck.c index e72984b6b1ac..be50da020d3c 100644 --- a/security/medusa/l2/evtype_fuck.c +++ b/security/medusa/l2/evtype_fuck.c @@ -1,6 +1,7 @@ /* (C) 2002 Milan Pikula */ -#include -#include "kobject_fuck.h" + +#include "l3/registry.h" +#include "l2/kobject_fuck.h" struct getfuck_event { MEDUSA_ACCESS_HEADER; diff --git a/security/medusa/l2/evtype_getfile.c b/security/medusa/l2/evtype_getfile.c index a5ae2f5e7809..2e50230128c9 100644 --- a/security/medusa/l2/evtype_getfile.c +++ b/security/medusa/l2/evtype_getfile.c @@ -1,16 +1,11 @@ /* (C) 2002 Milan Pikula */ -#include -#include #include -#include -#include -#include -#include "../../../fs/mount.h" - -#include "kobject_process.h" -#include "kobject_file.h" -#include +#include "../../../fs/mount.h" /* real_mount() */ + +#include "l3/registry.h" +#include "l2/kobject_process.h" +#include "l2/kobject_file.h" /* the getfile event types (yes, there are more of them) are a bit special: * 1) they are called from the beginning of various access types to get the diff --git a/security/medusa/l2/evtype_getipc.c b/security/medusa/l2/evtype_getipc.c index aa2995765044..560302222e85 100644 --- a/security/medusa/l2/evtype_getipc.c +++ b/security/medusa/l2/evtype_getipc.c @@ -1,8 +1,5 @@ -#include -#include -#include -#include -#include "kobject_ipc.h" +#include "l3/registry.h" +#include "l2/kobject_ipc.h" struct ipc_event { MEDUSA_ACCESS_HEADER; diff --git a/security/medusa/l2/evtype_getprocess.c b/security/medusa/l2/evtype_getprocess.c index 1f8e78505293..11db71383ee9 100644 --- a/security/medusa/l2/evtype_getprocess.c +++ b/security/medusa/l2/evtype_getprocess.c @@ -1,11 +1,7 @@ /* (C) 2002 Milan Pikula */ -#include -#include -#include - -#include "kobject_process.h" -#include +#include "l3/registry.h" +#include "l2/kobject_process.h" /* * diff --git a/security/medusa/l2/evtype_getsocket.c b/security/medusa/l2/evtype_getsocket.c index 108521445aed..7e169628cbe9 100644 --- a/security/medusa/l2/evtype_getsocket.c +++ b/security/medusa/l2/evtype_getsocket.c @@ -1,5 +1,5 @@ -#include -#include "kobject_socket.h" +#include "l3/registry.h" +#include "l2/kobject_socket.h" struct socket_event { MEDUSA_ACCESS_HEADER; diff --git a/security/medusa/l2/kobject_cstrmem.c b/security/medusa/l2/kobject_cstrmem.c index 85eaa543d7d8..20b666438aea 100644 --- a/security/medusa/l2/kobject_cstrmem.c +++ b/security/medusa/l2/kobject_cstrmem.c @@ -11,14 +11,9 @@ /* And as it isn't really necessary, it's a perfect example of loadable L2 * module. */ -#include -#include -#include -#include #include #include -#include -#include +#include "l3/registry.h" struct cstrmem_kobject { pid_t pid; /* pid of process to read/write */ diff --git a/security/medusa/l2/kobject_file.c b/security/medusa/l2/kobject_file.c index c98974cada37..a36bac343b70 100644 --- a/security/medusa/l2/kobject_file.c +++ b/security/medusa/l2/kobject_file.c @@ -1,13 +1,7 @@ /* file_kobject.c, (C) 2002 Milan Pikula */ -#include -#include -#include -#include -#include -#include - -#include "kobject_file.h" +#include "l2/kobject_file.h" +#include "l3/registry.h" int file_kobj2kern(struct file_kobject * fk, struct inode * inode) { diff --git a/security/medusa/l2/kobject_file.h b/security/medusa/l2/kobject_file.h deleted file mode 100644 index c9fb1bf2865c..000000000000 --- a/security/medusa/l2/kobject_file.h +++ /dev/null @@ -1,72 +0,0 @@ -/* inode_kobject.h, (C) 2002 Milan Pikula - * - * FILE kobject: this file defines the kobject structure for inode, e.g. - * the data, which we want to pass to the authorization server. - * - * The structure contains some data from ordinary struct inode, - * and some data from medusa_l1_inode_s, which is defined in - * medusa/l1/inode.h. - * - * This file (as well as many others) is based on Medusa DS9, version - * 0.9.2, which is (C) Marek Zelem, Martin Ockajak and myself. - */ - -#ifndef _INODE_KOBJECT_H -#define _INODE_KOBJECT_H - -//#include -#include /* contains all includes we need ;) */ -#include -#include -#include -#include -#include - -struct file_kobject { /* was: m_inode_inf */ -/* - * As a preparation for the total deletion of device numbers, - * we introduce a type unsigned long to hold them. No information about - * this type is known outside of this include file. - * - * ... for more folklore read the comment in kdev_t.h ;) - */ - unsigned long dev; - unsigned long ino; - - umode_t mode; - nlink_t nlink; - kuid_t uid; - kgid_t gid; - unsigned long rdev; - - struct medusa_object_s med_object; - - __u32 user; -#ifdef CONFIG_MEDUSA_FILE_CAPABILITIES - kernel_cap_t icap; /* support for Linux capabilities */ - kernel_cap_t pcap; - kernel_cap_t ecap; -#endif /* CONFIG_MEDUSA_FILE_CAPABILITIES */ -}; -extern MED_DECLARE_KCLASSOF(file_kobject); - -struct file_sub_kobject { /* the 'subject' view... */ - struct file_kobject f; - struct medusa_subject_s med_subject; -}; -extern MED_DECLARE_KCLASSOF(file_sub_kobject); - -/* the conversion routines */ -int file_kobj2kern(struct file_kobject * fk, struct inode * inode); -int file_kern2kobj(struct file_kobject * fk, struct inode * inode); - -/* we want to keep a cache of "live" inodes - the ones which participate - * on some access right now - */ -void file_kobj_live_add(struct inode * ino); -void file_kobj_live_remove(struct inode * ino); - -/* conversion beteween filename (stored in dentry) and static buffer */ -void file_kobj_dentry2string(struct dentry * dentry, char * buf); - -#endif diff --git a/security/medusa/l2/kobject_fuck.c b/security/medusa/l2/kobject_fuck.c index e158d21ff3d3..618f4d379f82 100644 --- a/security/medusa/l2/kobject_fuck.c +++ b/security/medusa/l2/kobject_fuck.c @@ -1,18 +1,12 @@ /* kobject_fuck.c, (C) 2002 Milan Pikula */ -#include -#include #include -#include #include -#include -#include -#include -#include #include -#include -#include "kobject_fuck.h" -#include "../../fs/internal.h" /* we need internal fs function 'user_get_super' */ +/* we need internal fs function 'user_get_super' */ +#include "../../fs/internal.h" +#include "l3/registry.h" +#include "l2/kobject_fuck.h" MED_ATTRS(fuck_kobject) { MED_ATTR (fuck_kobject, path, "path", MED_STRING), diff --git a/security/medusa/l2/kobject_ipc.c b/security/medusa/l2/kobject_ipc.c index fce5c772a145..eb26836cbb99 100644 --- a/security/medusa/l2/kobject_ipc.c +++ b/security/medusa/l2/kobject_ipc.c @@ -1,6 +1,10 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include #include -#include "../../../ipc/util.h" //TODO -#include "kobject_ipc.h" +#include "../../../ipc/util.h" // TODO +#include "l3/registry.h" +#include "l2/kobject_ipc.h" /* from ipc/shm.c, ipc/sem.c, ipc/msg.c */ #define shm_ids(ns) ((ns)->ids[IPC_SHM_IDS]) diff --git a/security/medusa/l2/kobject_memory.c b/security/medusa/l2/kobject_memory.c index c8b8e3897413..1217208c7432 100644 --- a/security/medusa/l2/kobject_memory.c +++ b/security/medusa/l2/kobject_memory.c @@ -9,14 +9,9 @@ /* And as it isn't really necessary, it's a perfect example of loadable L2 * module. */ -#include -#include -#include -#include #include #include -#include -#include +#include "l3/registry.h" struct memory_kobject { pid_t pid; /* pid of process to read/write */ diff --git a/security/medusa/l2/kobject_printk.c b/security/medusa/l2/kobject_printk.c index 08269bf93673..1aa8c5133dee 100644 --- a/security/medusa/l2/kobject_printk.c +++ b/security/medusa/l2/kobject_printk.c @@ -1,10 +1,6 @@ /* kobject_printk.c, (C) 2002 Milan Pikula */ -#include -#include -#include -#include -#include +#include "l3/registry.h" struct printk_kobject { char message[512]; diff --git a/security/medusa/l2/kobject_process.c b/security/medusa/l2/kobject_process.c index 64f224c63be2..c7d181ba5efe 100644 --- a/security/medusa/l2/kobject_process.c +++ b/security/medusa/l2/kobject_process.c @@ -12,17 +12,8 @@ * roderik.ploszek@gmail.com */ -#include -#include -#include -#include -#include -#include - -#include -#include - -#include "kobject_process.h" +#include "l3/registry.h" +#include "l2/kobject_process.h" /** * uid_differs() - Check equality of original and new (proposed) UID. diff --git a/security/medusa/l2/kobject_socket.c b/security/medusa/l2/kobject_socket.c index 2241e71ec276..b4a49c943877 100644 --- a/security/medusa/l2/kobject_socket.c +++ b/security/medusa/l2/kobject_socket.c @@ -1,5 +1,10 @@ -#include "kobject_socket.h" -#include "kobject_file.h" +// SPDX-License-Identifier: GPL-2.0 + +#include +#include +#include "../../fs/internal.h" /* For user_get_super() */ +#include "l3/registry.h" +#include "l2/kobject_socket.h" MED_ATTRS(socket_kobject) { MED_ATTR_KEY_RO (socket_kobject, dev, "dev", MED_UNSIGNED), diff --git a/security/medusa/l2/kobject_socket.h b/security/medusa/l2/kobject_socket.h deleted file mode 100644 index 2cfc71633618..000000000000 --- a/security/medusa/l2/kobject_socket.h +++ /dev/null @@ -1,71 +0,0 @@ -#ifndef _SOCKET_KOBJECT_H -#define _SOCKET_KOBJECT_H - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "../../fs/internal.h" // For user_get_super() - -#define sock_security(sk) ((struct medusa_l1_socket_s*)(sk->sk_security)) - -struct med_inet6_addr_i { - __be16 port; - __be32 addrdata[16]; -}; - -struct med_inet_addr_i { - __be16 port; - __be32 addrdata[4]; -}; - -struct med_unix_addr_i { - char addrdata[UNIX_PATH_MAX]; -}; - -union MED_ADDRESS { - struct med_inet6_addr_i inet6_i; - struct med_inet_addr_i inet_i; - struct med_unix_addr_i unix_i; -}; -typedef union MED_ADDRESS MED_ADDRESS; - -/** - * struct medusa_l1_socket_s - additional security struct for socket objects - * - * @struct medusa_object_s - members used in Medusa VS access evaluation process - */ -struct medusa_l1_socket_s { - struct medusa_object_s med_object; - int addrlen; - MED_ADDRESS address; -}; - -struct socket_kobject { - dev_t dev; - unsigned long ino; - - int type; - int family; - int addrlen; - union MED_ADDRESS address; - kuid_t uid; - - struct medusa_object_s med_object; -}; -extern MED_DECLARE_KCLASSOF(socket_kobject); - -/* the conversion routines */ -int socket_kobj2kern(struct socket_kobject * sock_kobj, struct socket * sock); -int socket_kern2kobj(struct socket_kobject * sock_kobj, struct socket * sock); - -struct medusa_kobject_s *socket_fetch(struct medusa_kobject_s *kobj); -medusa_answer_t socket_update(struct medusa_kobject_s *kobj); - -#endif diff --git a/security/medusa/l2/medusa_l2_ksyms.c b/security/medusa/l2/medusa_l2_ksyms.c index 80011bf6510f..7fc44e583583 100644 --- a/security/medusa/l2/medusa_l2_ksyms.c +++ b/security/medusa/l2/medusa_l2_ksyms.c @@ -21,8 +21,8 @@ * but now it just exports some symbols. */ -#include -#include +#include "l3/arch.h" +#include "l1/task.h" EXPORT_SYMBOL(medusa_capable); diff --git a/security/medusa/l3/comm.c b/security/medusa/l3/comm.c index c5734e3da590..20a294c22366 100644 --- a/security/medusa/l3/comm.c +++ b/security/medusa/l3/comm.c @@ -1,10 +1,12 @@ /* comm.c, (C) 2002 Milan Pikula * */ -#include -#include -#include -#include "l3_internals.h" + +#include "l3/arch.h" +#include "l3/registry.h" +#include "l3/server.h" + +MED_DECLARE_LOCK_DATA(registry_lock); inline int is_authserver_reached(medusa_answer_t answer) { diff --git a/security/medusa/l3/l3_internals.h b/security/medusa/l3/l3_internals.h deleted file mode 100644 index 1ad7c9d0b812..000000000000 --- a/security/medusa/l3/l3_internals.h +++ /dev/null @@ -1,10 +0,0 @@ -#ifndef L3_INTERNALS_H -#define L3_INTERNALS_H - -/* data structures, internal l3 use only. */ -MED_DECLARE_LOCK_DATA(registry_lock); -extern struct medusa_kclass_s * kclasses; -extern struct medusa_acctype_s * acctypes; -extern struct medusa_authserver_s * authserver; - -#endif diff --git a/security/medusa/l3/med_l3_init.c b/security/medusa/l3/med_l3_init.c index 54d0316d5abd..750543faa6ca 100644 --- a/security/medusa/l3/med_l3_init.c +++ b/security/medusa/l3/med_l3_init.c @@ -23,8 +23,8 @@ * module. */ -#include -#include +#include "l3/arch.h" +#include "l3/registry.h" EXPORT_SYMBOL(med_register_kclass); EXPORT_SYMBOL(med_unregister_kclass); diff --git a/security/medusa/l3/registry.c b/security/medusa/l3/registry.c index e3ff55f0c043..edeae9428d94 100644 --- a/security/medusa/l3/registry.c +++ b/security/medusa/l3/registry.c @@ -1,7 +1,6 @@ -#include -#include -#include "l3_internals.h" -#include "../l4-constable/med_cache.h" +#include "l3/arch.h" +#include "l3/registry.h" +#include "l4/med_cache.h" /* nesting as follows: registry_lock is outer, usecount_lock is inner. */ diff --git a/security/medusa/l4-constable/chardev.c b/security/medusa/l4-constable/chardev.c index f0a037da1393..d75a1bb56014 100644 --- a/security/medusa/l4-constable/chardev.c +++ b/security/medusa/l4-constable/chardev.c @@ -27,28 +27,18 @@ #define GDB_HACK /* TODO: Check the calls to l3; they can't be called from a lock. */ - -#include -#include -#include -#include -#include /* task_tgid() */ +#include +#include #include -#include -#include #include -#include -#include -#include -#include -#include -#include -#include -#include +#include "l3/arch.h" +#include "l3/registry.h" +#include "l3/server.h" +#include "l4/comm.h" -#include "teleport.h" -#include "med_cache.h" +#include "l4/teleport.h" +#include "l4/med_cache.h" #define MEDUSA_MAJOR 111 #define MODULENAME "chardev/linux" diff --git a/security/medusa/l4-constable/teleport.c b/security/medusa/l4-constable/teleport.c index c45b9e70f94f..f5d8fdfa1d6b 100644 --- a/security/medusa/l4-constable/teleport.c +++ b/security/medusa/l4-constable/teleport.c @@ -5,10 +5,10 @@ * data to userspace go through this programmable teleport ;) */ -#include -#include -#include -#include +#include "l3/arch.h" +#include "l4/comm.h" +#include "l3/constants.h" +#include "l3/kobject.h" #if MED_RO != MED_COMM_TYPE_READ_ONLY #error "L3 and L4 constants don't match. We don't convert them. Go well, go hell." @@ -16,7 +16,7 @@ #define DEBUG /* define this to get extra debugging output */ -#include "teleport.h" +#include "l4/teleport.h" #undef PARANOIA_CHECKS /* define this to enable extra checking */ diff --git a/security/medusa/testing/l3/med_model-tests.c b/security/medusa/testing/l3/med_model-tests.c index ffc587f75747..5945f0ddc374 100644 --- a/security/medusa/testing/l3/med_model-tests.c +++ b/security/medusa/testing/l3/med_model-tests.c @@ -1,6 +1,6 @@ #include -#include -#include +#include "l3/med_model.h" +#include "l1/task.h" static void fake_med_object_init(struct medusa_object_s *med_object) { diff --git a/security/medusa/testing/l3/vs_model-tests.c b/security/medusa/testing/l3/vs_model-tests.c index c534833c0ae1..18a8152fe795 100644 --- a/security/medusa/testing/l3/vs_model-tests.c +++ b/security/medusa/testing/l3/vs_model-tests.c @@ -1,5 +1,5 @@ #include -#include +#include "l3/vs_model.h" static void vs_intersects_empty(struct kunit *test) {