1/* SPDX-License-Identifier: GPL-2.0-only */
 2/*
 3 * Landlock LSM - Limits for different components
 4 *
 5 * Copyright © 2016-2020 Mickaël Salaün <mic@digikod.net>
 6 * Copyright © 2018-2020 ANSSI
 7 */
 8
 9#ifndef _SECURITY_LANDLOCK_LIMITS_H
10#define _SECURITY_LANDLOCK_LIMITS_H
11
12#include <linux/bitops.h>
13#include <linux/limits.h>
14#include <uapi/linux/landlock.h>
15
16/* clang-format off */
17
18#define LANDLOCK_MAX_NUM_LAYERS		16
19#define LANDLOCK_MAX_NUM_RULES		U32_MAX
20
21#define LANDLOCK_LAST_ACCESS_FS		LANDLOCK_ACCESS_FS_IOCTL_DEV
22#define LANDLOCK_MASK_ACCESS_FS		((LANDLOCK_LAST_ACCESS_FS << 1) - 1)
23#define LANDLOCK_NUM_ACCESS_FS		__const_hweight64(LANDLOCK_MASK_ACCESS_FS)
24
25#define LANDLOCK_LAST_ACCESS_NET	LANDLOCK_ACCESS_NET_CONNECT_TCP
26#define LANDLOCK_MASK_ACCESS_NET	((LANDLOCK_LAST_ACCESS_NET << 1) - 1)
27#define LANDLOCK_NUM_ACCESS_NET		__const_hweight64(LANDLOCK_MASK_ACCESS_NET)
28
29#define LANDLOCK_LAST_SCOPE		LANDLOCK_SCOPE_SIGNAL
30#define LANDLOCK_MASK_SCOPE		((LANDLOCK_LAST_SCOPE << 1) - 1)
31#define LANDLOCK_NUM_SCOPE		__const_hweight64(LANDLOCK_MASK_SCOPE)
32/* clang-format on */
33
34#endif /* _SECURITY_LANDLOCK_LIMITS_H */