Merge branch 'stable-4.13' of git://git.infradead.org/users/pcmoore/selinux into next

author: James Morris <james.l.morris@oracle.com> 2017-06-22 21:55:57 -0400
committer: James Morris <james.l.morris@oracle.com> 2017-06-22 21:55:57 -0400
commit: 5965453d5e3fb425e6f9d6b4fec403bda3f33107 (patch)
tree: 8014b3803a185b8b10280122849ecf7cfdacdb73 /include/linux/security.h
parent: fc26bd50539b6f52aa75ffbaec7b083825ec5451 (diff)
parent: 6a3911837da0a90ed599fd0a9836472f5e7ddf1b (diff)
1 files changed, 56 insertions, 2 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index caf8b64d8b5c..b6ea1dc9cc9d 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -6,6 +6,7 @@
 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
+ * Copyright (C) 2016 Mellanox Techonologies
 *
 *      This program is free software; you can redistribute it and/or modify
 *      it under the terms of the GNU General Public License as published by
@@ -68,6 +69,10 @@ struct audit_krule;
 struct user_namespace;
 struct timezone;
+enum lsm_event {
+        LSM_POLICY_CHANGE,
+};
 /* These functions are in security/commoncap.c */
 extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
                       int cap, int audit);
@@ -163,6 +168,10 @@ struct security_mnt_opts {
        int num_mnt_opts;
 };
+int call_lsm_notifier(enum lsm_event event, void *data);
+int register_lsm_notifier(struct notifier_block *nb);
+int unregister_lsm_notifier(struct notifier_block *nb);
 static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
 {
        opts->mnt_opts = NULL;
@@ -240,7 +249,9 @@ int security_sb_set_mnt_opts(struct super_block *sb,
                                unsigned long kern_flags,
                                unsigned long *set_kern_flags);
 int security_sb_clone_mnt_opts(const struct super_block *oldsb,
-                                struct super_block *newsb);
+                                struct super_block *newsb,
+                                unsigned long kern_flags,
+                                unsigned long *set_kern_flags);
 int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts);
 int security_dentry_init_security(struct dentry *dentry, int mode,
                                        const struct qstr *name, void **ctx,
@@ -381,6 +392,21 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
 struct security_mnt_opts {
 };
+static inline int call_lsm_notifier(enum lsm_event event, void *data)
+{
+        return 0;
+}
+static inline int register_lsm_notifier(struct notifier_block *nb)
+{
+        return 0;
+}
+static inline  int unregister_lsm_notifier(struct notifier_block *nb)
+{
+        return 0;
+}
 static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
 {
 }
@@ -581,7 +607,9 @@ static inline int security_sb_set_mnt_opts(struct super_block *sb,
 }
 static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb,
-                                              struct super_block *newsb)
+                                              struct super_block *newsb,
+                                              unsigned long kern_flags,
+                                              unsigned long *set_kern_flags)
 {
        return 0;
 }
@@ -1406,6 +1434,32 @@ static inline int security_tun_dev_open(void *security)
 }
 #endif  /* CONFIG_SECURITY_NETWORK */
+#ifdef CONFIG_SECURITY_INFINIBAND
+int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey);
+int security_ib_endport_manage_subnet(void *sec, const char *name, u8 port_num);
+int security_ib_alloc_security(void **sec);
+void security_ib_free_security(void *sec);
+#else   /* CONFIG_SECURITY_INFINIBAND */
+static inline int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey)
+{
+        return 0;
+}
+static inline int security_ib_endport_manage_subnet(void *sec, const char *dev_name, u8 port_num)
+{
+        return 0;
+}
+static inline int security_ib_alloc_security(void **sec)
+{
+        return 0;
+}
+static inline void security_ib_free_security(void *sec)
+{
+}
+#endif  /* CONFIG_SECURITY_INFINIBAND */
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
 int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
author	James Morris <james.l.morris@oracle.com>	2017-06-22 21:55:57 -0400
committer	James Morris <james.l.morris@oracle.com>	2017-06-22 21:55:57 -0400
commit	5965453d5e3fb425e6f9d6b4fec403bda3f33107 (patch)
tree	8014b3803a185b8b10280122849ecf7cfdacdb73 /include/linux/security.h
parent	fc26bd50539b6f52aa75ffbaec7b083825ec5451 (diff)
parent	6a3911837da0a90ed599fd0a9836472f5e7ddf1b (diff)

diff --git a/include/linux/security.h b/include/linux/security.h index caf8b64d8b5c..b6ea1dc9cc9d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h
@@ -6,6 +6,7 @@
6	* Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>	6	* Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
7	* Copyright (C) 2001 James Morris <jmorris@intercode.com.au>	7	* Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
8	* Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)	8	* Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
		9	* Copyright (C) 2016 Mellanox Techonologies
9	*	10	*
10	* This program is free software; you can redistribute it and/or modify	11	* This program is free software; you can redistribute it and/or modify
11	* it under the terms of the GNU General Public License as published by	12	* it under the terms of the GNU General Public License as published by
@@ -68,6 +69,10 @@ struct audit_krule;
68	struct user_namespace;	69	struct user_namespace;
69	struct timezone;	70	struct timezone;
70		71
		72	enum lsm_event {
		73	LSM_POLICY_CHANGE,
		74	};
		75
71	/* These functions are in security/commoncap.c */	76	/* These functions are in security/commoncap.c */
72	extern int cap_capable(const struct cred cred, struct user_namespace ns,	77	extern int cap_capable(const struct cred cred, struct user_namespace ns,
73	int cap, int audit);	78	int cap, int audit);
@@ -163,6 +168,10 @@ struct security_mnt_opts {
163	int num_mnt_opts;	168	int num_mnt_opts;
164	};	169	};
165		170
		171	int call_lsm_notifier(enum lsm_event event, void *data);
		172	int register_lsm_notifier(struct notifier_block *nb);
		173	int unregister_lsm_notifier(struct notifier_block *nb);
		174
166	static inline void security_init_mnt_opts(struct security_mnt_opts *opts)	175	static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
167	{	176	{
168	opts->mnt_opts = NULL;	177	opts->mnt_opts = NULL;
@@ -240,7 +249,9 @@ int security_sb_set_mnt_opts(struct super_block *sb,
240	unsigned long kern_flags,	249	unsigned long kern_flags,
241	unsigned long *set_kern_flags);	250	unsigned long *set_kern_flags);
242	int security_sb_clone_mnt_opts(const struct super_block *oldsb,	251	int security_sb_clone_mnt_opts(const struct super_block *oldsb,
243	struct super_block *newsb);	252	struct super_block *newsb,
		253	unsigned long kern_flags,
		254	unsigned long *set_kern_flags);
244	int security_sb_parse_opts_str(char options, struct security_mnt_opts opts);	255	int security_sb_parse_opts_str(char options, struct security_mnt_opts opts);
245	int security_dentry_init_security(struct dentry *dentry, int mode,	256	int security_dentry_init_security(struct dentry *dentry, int mode,
246	const struct qstr name, void *ctx,	257	const struct qstr name, void *ctx,
@@ -381,6 +392,21 @@ int security_inode_getsecctx(struct inode inode, void ctx, u32 ctxlen);
381	struct security_mnt_opts {	392	struct security_mnt_opts {
382	};	393	};
383		394
		395	static inline int call_lsm_notifier(enum lsm_event event, void *data)
		396	{
		397	return 0;
		398	}
		399
		400	static inline int register_lsm_notifier(struct notifier_block *nb)
		401	{
		402	return 0;
		403	}
		404
		405	static inline int unregister_lsm_notifier(struct notifier_block *nb)
		406	{
		407	return 0;
		408	}
		409
384	static inline void security_init_mnt_opts(struct security_mnt_opts *opts)	410	static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
385	{	411	{
386	}	412	}
@@ -581,7 +607,9 @@ static inline int security_sb_set_mnt_opts(struct super_block *sb,
581	}	607	}
582		608
583	static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb,	609	static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb,
584	struct super_block *newsb)	610	struct super_block *newsb,
		611	unsigned long kern_flags,
		612	unsigned long *set_kern_flags)
585	{	613	{
586	return 0;	614	return 0;
587	}	615	}
@@ -1406,6 +1434,32 @@ static inline int security_tun_dev_open(void *security)
1406	}	1434	}
1407	#endif /* CONFIG_SECURITY_NETWORK */	1435	#endif /* CONFIG_SECURITY_NETWORK */
1408		1436
		1437	#ifdef CONFIG_SECURITY_INFINIBAND
		1438	int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey);
		1439	int security_ib_endport_manage_subnet(void sec, const char name, u8 port_num);
		1440	int security_ib_alloc_security(void **sec);
		1441	void security_ib_free_security(void *sec);
		1442	#else /* CONFIG_SECURITY_INFINIBAND */
		1443	static inline int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey)
		1444	{
		1445	return 0;
		1446	}
		1447
		1448	static inline int security_ib_endport_manage_subnet(void sec, const char dev_name, u8 port_num)
		1449	{
		1450	return 0;
		1451	}
		1452
		1453	static inline int security_ib_alloc_security(void **sec)
		1454	{
		1455	return 0;
		1456	}
		1457
		1458	static inline void security_ib_free_security(void *sec)
		1459	{
		1460	}
		1461	#endif /* CONFIG_SECURITY_INFINIBAND */
		1462
1409	#ifdef CONFIG_SECURITY_NETWORK_XFRM	1463	#ifdef CONFIG_SECURITY_NETWORK_XFRM
1410		1464
1411	int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,	1465	int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,