import updated landloc.h

landloc.h

@@ -65,9 +65,13 @@ int main(void) {
 #define __LANDLOC_H__
 
 #ifndef __linux__
-#error "no landlock without linux"
+#   error "no landlock without linux"
 #endif
 
+#include <linux/version.h>
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 13, 0)
+
 #include <unistd.h>
 #include <linux/landlock.h>
 #include <sys/syscall.h>
@@ -75,53 +79,89 @@ int main(void) {
 #include <fcntl.h>
 
 #ifndef O_PATH
-#define O_PATH		010000000
+#   define O_PATH		010000000
 #endif
 
 #ifndef LL_PRINTERR
-#define LL_PRINTERR(fmt, ...) (void)fmt;
+#   define LL_PRINTERR(fmt, ...) (void)fmt;
 #else
-#include <string.h>
-#include <errno.h>
+#   include <string.h>
+#   include <errno.h>
 #endif
 
-#define LL_FS_ALL                   (\
-    LANDLOCK_ACCESS_FS_EXECUTE      |\
-    LANDLOCK_ACCESS_FS_WRITE_FILE   |\
-    LANDLOCK_ACCESS_FS_READ_FILE    |\
-    LANDLOCK_ACCESS_FS_READ_DIR     |\
-    LANDLOCK_ACCESS_FS_REMOVE_DIR   |\
-    LANDLOCK_ACCESS_FS_REMOVE_FILE  |\
-    LANDLOCK_ACCESS_FS_MAKE_CHAR    |\
-    LANDLOCK_ACCESS_FS_MAKE_DIR     |\
-    LANDLOCK_ACCESS_FS_MAKE_REG     |\
-    LANDLOCK_ACCESS_FS_MAKE_SOCK    |\
-    LANDLOCK_ACCESS_FS_MAKE_FIFO    |\
-    LANDLOCK_ACCESS_FS_MAKE_BLOCK   |\
-    LANDLOCK_ACCESS_FS_MAKE_SYM     |\
-    LANDLOCK_ACCESS_FS_REFER        |\
-    LANDLOCK_ACCESS_FS_TRUNCATE     |\
-    LANDLOCK_ACCESS_FS_IOCTL_DEV    )
-
-#define LL_NET_ALL                  (\
-    LANDLOCK_ACCESS_NET_BIND_TCP    |\
-    LANDLOCK_ACCESS_NET_CONNECT_TCP )
+#ifdef LANDLOCK_ACCESS_FS_REFER
+#   define __LL_FS_REFER_COMPAT LANDLOCK_ACCESS_FS_REFER
+#   define __LL_SWITCH_FS_REFER __rattr.handled_access_fs &= ~__LL_FS_REFER_COMPAT
+#else
+#   define __LL_FS_REFER_COMPAT 0
+#   define __LL_SWITCH_FS_REFER (void)0
+#endif
+
+#ifdef LANDLOCK_ACCESS_FS_TRUNCATE
+#   define __LL_FS_TRUNCATE_COMPAT LANDLOCK_ACCESS_FS_TRUNCATE
+#   define __LL_SWITCH_FS_TRUNCATE __rattr.handled_access_fs  &= ~__LL_FS_TRUNCATE_COMPAT
+#else
+#   define __LL_FS_TRUNCATE_COMPAT 0
+#   define __LL_SWITCH_FS_TRUNCATE (void)0
+#endif
+
+#ifdef LANDLOCK_ACCESS_FS_IOCTL_DEV
+#   define __LL_FS_IOCTL_DEV_COMPAT LANDLOCK_ACCESS_FS_IOCTL_DEV
+#   define __LL_SWITCH_FS_IOCTL_DEV __rattr.handled_access_fs &= ~__LL_FS_IOCTL_DEV_COMPAT
+#else
+#   define __LL_FS_IOCTL_DEV_COMPAT 0
+#   define __LL_SWITCH_FS_IOCTL_DEV (void)0
+#endif
+
+#define LL_FS_ALL                       (\
+    LANDLOCK_ACCESS_FS_EXECUTE          |\
+    LANDLOCK_ACCESS_FS_WRITE_FILE       |\
+    LANDLOCK_ACCESS_FS_READ_FILE        |\
+    LANDLOCK_ACCESS_FS_READ_DIR         |\
+    LANDLOCK_ACCESS_FS_REMOVE_DIR       |\
+    LANDLOCK_ACCESS_FS_REMOVE_FILE      |\
+    LANDLOCK_ACCESS_FS_MAKE_CHAR        |\
+    LANDLOCK_ACCESS_FS_MAKE_DIR         |\
+    LANDLOCK_ACCESS_FS_MAKE_REG         |\
+    LANDLOCK_ACCESS_FS_MAKE_SOCK        |\
+    LANDLOCK_ACCESS_FS_MAKE_FIFO        |\
+    LANDLOCK_ACCESS_FS_MAKE_BLOCK       |\
+    LANDLOCK_ACCESS_FS_MAKE_SYM         |\
+    __LL_FS_REFER_COMPAT                |\
+    __LL_FS_TRUNCATE_COMPAT             |\
+    __LL_FS_IOCTL_DEV_COMPAT            )
+
+#if defined(LANDLOCK_ACCESS_NET_BIND_TCP) && defined(LANDLOCK_ACCESS_NET_CONNECT_TCP)
+#   define __LL_HAVE_NET
+#endif
+
+#ifdef __LL_HAVE_NET
+#   define LL_NET_ALL (LANDLOCK_ACCESS_NET_BIND_TCP | LANDLOCK_ACCESS_NET_CONNECT_TCP)
+#   define __LL_DECLARE_NET struct landlock_net_port_attr __nattr = {0}
+#   define __LL_INIT_NET __rattr.handled_access_net = LL_NET_ALL
+#   define __LL_SWITCH_NET do { __rattr.handled_access_net &= ~(LANDLOCK_ACCESS_NET_BIND_TCP | LANDLOCK_ACCESS_NET_CONNECT_TCP); } while (0)
+#else
+#   define LL_NET_ALL 0
+#   define __LL_DECLARE_NET (void)0
+#   define __LL_INIT_NET (void)0
+#   define __LL_SWITCH_NET (void)0
+#endif
 
 #define LL_BEGIN(function, ...) int function(__VA_ARGS__) {\
     int ll_rule_fd, ll_abi;\
     struct landlock_ruleset_attr      __rattr = {0};\
     struct landlock_path_beneath_attr __pattr = {0};\
-    struct landlock_net_port_attr     __nattr = {0};\
+    __LL_DECLARE_NET;\
     int __err = 0;\
     __rattr.handled_access_fs  = LL_FS_ALL;\
-    __rattr.handled_access_net = LL_NET_ALL;\
+    __LL_INIT_NET;\
     ll_abi = (int)syscall(SYS_landlock_create_ruleset, NULL, 0, LANDLOCK_CREATE_RULESET_VERSION);\
     switch (ll_abi) {\
     case -1: return -1;\
-    case  1: __rattr.handled_access_fs  &= ~LANDLOCK_ACCESS_FS_REFER; __attribute__((fallthrough));\
-    case  2: __rattr.handled_access_fs  &= ~LANDLOCK_ACCESS_FS_TRUNCATE; __attribute__((fallthrough));\
-    case  3: __rattr.handled_access_net &= ~(LANDLOCK_ACCESS_NET_BIND_TCP | LANDLOCK_ACCESS_NET_CONNECT_TCP); __attribute__((fallthrough));\
-    case  4: __rattr.handled_access_fs &= ~LANDLOCK_ACCESS_FS_IOCTL_DEV;\
+    case  1: __LL_SWITCH_FS_REFER; __attribute__((fallthrough));\
+    case  2: __LL_SWITCH_FS_TRUNCATE; __attribute__((fallthrough));\
+    case  3: __LL_SWITCH_NET; __attribute__((fallthrough));\
+    case  4: __LL_SWITCH_FS_IOCTL_DEV;\
     default: break;\
     }\
     ll_rule_fd = (int)syscall(SYS_landlock_create_ruleset, &__rattr, sizeof(struct landlock_ruleset_attr), 0);\
@@ -159,6 +199,8 @@ int main(void) {
     close(__pattr.parent_fd);\
 } while (0)
 
+#ifdef __LL_HAVE_NET
+
 #define LL_PORT(p, rules) do {\
     unsigned short __port = (p);\
     __nattr.allowed_access = (rules);\
@@ -172,4 +214,12 @@ int main(void) {
     }\
 } while (0)
 
+#else
+
+#define LL_PORT(p, rules) do { (void)p; (void)rules; } while (0)
+
+#endif /* __LL_HAVE_NET */
+
+#endif /* KERNEL_VERSION(5, 13, 0) */
+
 #endif /* __LANDLOC_H__ */