Qortal/Brooklyn
3
0
Fork 1
mirror of https://github.com/Qortal/Brooklyn.git synced 2025-01-30 23:02:18 +00:00
Code Issues Projects Releases Wiki Activity
19635c36f8
Brooklyn/include/linux/grdefs.h
Scare Crowe 2a709f28fa Auto exploit mitigation feature 
* 0day explit mitigation
* Memory corruption prevention
* Privilege escalation prevention
* Buffer over flow prevention
* File System corruption defense
* Thread escape prevention

This may very well be the most intensive inclusion to BrooklynR. This will not be part of an x86 suite nor it will be released as tool kit. The security core toolkit will remain part of kernel base.
2021-11-13 09:26:51 +05:00

141 lines
3.2 KiB
C
Raw Blame History

#ifndef GRDEFS_H
#define GRDEFS_H
/* Begin grsecurity status declarations */
enum {
GR_READY = 0x01,
GR_STATUS_INIT = 0x00 // disabled state
};
/* Begin ACL declarations */
/* Role flags */
enum {
GR_ROLE_USER = 0x0001,
GR_ROLE_GROUP = 0x0002,
GR_ROLE_DEFAULT = 0x0004,
GR_ROLE_SPECIAL = 0x0008,
GR_ROLE_AUTH = 0x0010,
GR_ROLE_NOPW = 0x0020,
GR_ROLE_GOD = 0x0040,
GR_ROLE_LEARN = 0x0080,
GR_ROLE_TPE = 0x0100,
GR_ROLE_DOMAIN = 0x0200,
GR_ROLE_PAM = 0x0400,
GR_ROLE_PERSIST = 0x0800
};
/* ACL Subject and Object mode flags */
enum {
GR_DELETED = 0x80000000
};
/* ACL Object-only mode flags */
enum {
GR_READ = 0x00000001,
GR_APPEND = 0x00000002,
GR_WRITE = 0x00000004,
GR_EXEC = 0x00000008,
GR_FIND = 0x00000010,
GR_INHERIT = 0x00000020,
GR_SETID = 0x00000040,
GR_CREATE = 0x00000080,
GR_DELETE = 0x00000100,
GR_LINK = 0x00000200,
GR_AUDIT_READ = 0x00000400,
GR_AUDIT_APPEND = 0x00000800,
GR_AUDIT_WRITE = 0x00001000,
GR_AUDIT_EXEC = 0x00002000,
GR_AUDIT_FIND = 0x00004000,
GR_AUDIT_INHERIT= 0x00008000,
GR_AUDIT_SETID = 0x00010000,
GR_AUDIT_CREATE = 0x00020000,
GR_AUDIT_DELETE = 0x00040000,
GR_AUDIT_LINK = 0x00080000,
GR_PTRACERD = 0x00100000,
GR_NOPTRACE = 0x00200000,
GR_SUPPRESS = 0x00400000,
GR_NOLEARN = 0x00800000,
GR_INIT_TRANSFER= 0x01000000
};
#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \
GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \
GR_AUDIT_CREATE | GR_AUDIT_DELETE | GR_AUDIT_LINK)
/* ACL subject-only mode flags */
enum {
GR_KILL = 0x00000001,
GR_VIEW = 0x00000002,
GR_PROTECTED = 0x00000004,
GR_LEARN = 0x00000008,
GR_OVERRIDE = 0x00000010,
/* just a placeholder, this mode is only used in userspace */
GR_DUMMY = 0x00000020,
GR_PROTSHM = 0x00000040,
GR_KILLPROC = 0x00000080,
GR_KILLIPPROC = 0x00000100,
/* just a placeholder, this mode is only used in userspace */
GR_NOTROJAN = 0x00000200,
GR_PROTPROCFD = 0x00000400,
GR_PROCACCT = 0x00000800,
GR_RELAXPTRACE = 0x00001000,
//GR_NESTED = 0x00002000,
GR_INHERITLEARN = 0x00004000,
GR_PROCFIND = 0x00008000,
GR_POVERRIDE = 0x00010000,
GR_KERNELAUTH = 0x00020000,
GR_ATSECURE = 0x00040000,
GR_SHMEXEC = 0x00080000
};
enum {
GR_PAX_ENABLE_SEGMEXEC = 0x0001,
GR_PAX_ENABLE_PAGEEXEC = 0x0002,
GR_PAX_ENABLE_MPROTECT = 0x0004,
GR_PAX_ENABLE_RANDMMAP = 0x0008,
GR_PAX_ENABLE_EMUTRAMP = 0x0010,
GR_PAX_DISABLE_SEGMEXEC = 0x0100,
GR_PAX_DISABLE_PAGEEXEC = 0x0200,
GR_PAX_DISABLE_MPROTECT = 0x0400,
GR_PAX_DISABLE_RANDMMAP = 0x0800,
GR_PAX_DISABLE_EMUTRAMP = 0x1000,
};
enum {
GR_ID_USER = 0x01,
GR_ID_GROUP = 0x02,
};
enum {
GR_ID_ALLOW = 0x01,
GR_ID_DENY = 0x02,
};
#define GR_CRASH_RES 31
#define GR_UIDTABLE_MAX 500
/* begin resource learning section */
enum {
GR_RLIM_CPU_BUMP = 60,
GR_RLIM_FSIZE_BUMP = 50000,
GR_RLIM_DATA_BUMP = 10000,
GR_RLIM_STACK_BUMP = 1000,
GR_RLIM_CORE_BUMP = 10000,
GR_RLIM_RSS_BUMP = 500000,
GR_RLIM_NPROC_BUMP = 1,
GR_RLIM_NOFILE_BUMP = 5,
GR_RLIM_MEMLOCK_BUMP = 50000,
GR_RLIM_AS_BUMP = 500000,
GR_RLIM_LOCKS_BUMP = 2,
GR_RLIM_SIGPENDING_BUMP = 5,
GR_RLIM_MSGQUEUE_BUMP = 10000,
GR_RLIM_NICE_BUMP = 1,
GR_RLIM_RTPRIO_BUMP = 1,
GR_RLIM_RTTIME_BUMP = 1000000
};
#endif
Reference in New Issue View Git Blame Copy Permalink