LSM: Add security module hook list heads

Add a list header for each security hook. They aren't used until later in the patch series. They are grouped together in a structure so that there doesn't need to be an external address for each. Macro-ize the initialization of the security_operations for each security module in anticipation of changing out the security_operations structure. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <keescook@chromium.org> Acked-by: Paul Moore <paul@paul-moore.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <james.l.morris@oracle.com>
author: Casey Schaufler <casey@schaufler-ca.com> 2015-05-02 18:11:36 -0400
committer: James Morris <james.l.morris@oracle.com> 2015-05-12 01:00:36 -0400
commit: e20b043a6902ecb61c2c84355c3bae5149f391db (patch)
tree: f5268475bb8b4bee2fbfafb063c41b02b9769af1 /include/linux/lsm_hooks.h
parent: f25fce3e8f1f15d6d2a22620ebf98a68a4641f06 (diff)
1 files changed, 220 insertions, 0 deletions
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index b4c91de510c2..27dd6fcacccc 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1626,6 +1626,226 @@ struct security_operations {
 #endif /* CONFIG_AUDIT */
 };
+struct security_hook_heads {
+        struct list_head binder_set_context_mgr;
+        struct list_head binder_transaction;
+        struct list_head binder_transfer_binder;
+        struct list_head binder_transfer_file;
+        struct list_head ptrace_access_check;
+        struct list_head ptrace_traceme;
+        struct list_head capget;
+        struct list_head capset;
+        struct list_head capable;
+        struct list_head quotactl;
+        struct list_head quota_on;
+        struct list_head syslog;
+        struct list_head settime;
+        struct list_head vm_enough_memory;
+        struct list_head bprm_set_creds;
+        struct list_head bprm_check_security;
+        struct list_head bprm_secureexec;
+        struct list_head bprm_committing_creds;
+        struct list_head bprm_committed_creds;
+        struct list_head sb_alloc_security;
+        struct list_head sb_free_security;
+        struct list_head sb_copy_data;
+        struct list_head sb_remount;
+        struct list_head sb_kern_mount;
+        struct list_head sb_show_options;
+        struct list_head sb_statfs;
+        struct list_head sb_mount;
+        struct list_head sb_umount;
+        struct list_head sb_pivotroot;
+        struct list_head sb_set_mnt_opts;
+        struct list_head sb_clone_mnt_opts;
+        struct list_head sb_parse_opts_str;
+        struct list_head dentry_init_security;
+#ifdef CONFIG_SECURITY_PATH
+        struct list_head path_unlink;
+        struct list_head path_mkdir;
+        struct list_head path_rmdir;
+        struct list_head path_mknod;
+        struct list_head path_truncate;
+        struct list_head path_symlink;
+        struct list_head path_link;
+        struct list_head path_rename;
+        struct list_head path_chmod;
+        struct list_head path_chown;
+        struct list_head path_chroot;
+#endif
+        struct list_head inode_alloc_security;
+        struct list_head inode_free_security;
+        struct list_head inode_init_security;
+        struct list_head inode_create;
+        struct list_head inode_link;
+        struct list_head inode_unlink;
+        struct list_head inode_symlink;
+        struct list_head inode_mkdir;
+        struct list_head inode_rmdir;
+        struct list_head inode_mknod;
+        struct list_head inode_rename;
+        struct list_head inode_readlink;
+        struct list_head inode_follow_link;
+        struct list_head inode_permission;
+        struct list_head inode_setattr;
+        struct list_head inode_getattr;
+        struct list_head inode_setxattr;
+        struct list_head inode_post_setxattr;
+        struct list_head inode_getxattr;
+        struct list_head inode_listxattr;
+        struct list_head inode_removexattr;
+        struct list_head inode_need_killpriv;
+        struct list_head inode_killpriv;
+        struct list_head inode_getsecurity;
+        struct list_head inode_setsecurity;
+        struct list_head inode_listsecurity;
+        struct list_head inode_getsecid;
+        struct list_head file_permission;
+        struct list_head file_alloc_security;
+        struct list_head file_free_security;
+        struct list_head file_ioctl;
+        struct list_head mmap_addr;
+        struct list_head mmap_file;
+        struct list_head file_mprotect;
+        struct list_head file_lock;
+        struct list_head file_fcntl;
+        struct list_head file_set_fowner;
+        struct list_head file_send_sigiotask;
+        struct list_head file_receive;
+        struct list_head file_open;
+        struct list_head task_create;
+        struct list_head task_free;
+        struct list_head cred_alloc_blank;
+        struct list_head cred_free;
+        struct list_head cred_prepare;
+        struct list_head cred_transfer;
+        struct list_head kernel_act_as;
+        struct list_head kernel_create_files_as;
+        struct list_head kernel_fw_from_file;
+        struct list_head kernel_module_request;
+        struct list_head kernel_module_from_file;
+        struct list_head task_fix_setuid;
+        struct list_head task_setpgid;
+        struct list_head task_getpgid;
+        struct list_head task_getsid;
+        struct list_head task_getsecid;
+        struct list_head task_setnice;
+        struct list_head task_setioprio;
+        struct list_head task_getioprio;
+        struct list_head task_setrlimit;
+        struct list_head task_setscheduler;
+        struct list_head task_getscheduler;
+        struct list_head task_movememory;
+        struct list_head task_kill;
+        struct list_head task_wait;
+        struct list_head task_prctl;
+        struct list_head task_to_inode;
+        struct list_head ipc_permission;
+        struct list_head ipc_getsecid;
+        struct list_head msg_msg_alloc_security;
+        struct list_head msg_msg_free_security;
+        struct list_head msg_queue_alloc_security;
+        struct list_head msg_queue_free_security;
+        struct list_head msg_queue_associate;
+        struct list_head msg_queue_msgctl;
+        struct list_head msg_queue_msgsnd;
+        struct list_head msg_queue_msgrcv;
+        struct list_head shm_alloc_security;
+        struct list_head shm_free_security;
+        struct list_head shm_associate;
+        struct list_head shm_shmctl;
+        struct list_head shm_shmat;
+        struct list_head sem_alloc_security;
+        struct list_head sem_free_security;
+        struct list_head sem_associate;
+        struct list_head sem_semctl;
+        struct list_head sem_semop;
+        struct list_head netlink_send;
+        struct list_head d_instantiate;
+        struct list_head getprocattr;
+        struct list_head setprocattr;
+        struct list_head ismaclabel;
+        struct list_head secid_to_secctx;
+        struct list_head secctx_to_secid;
+        struct list_head release_secctx;
+        struct list_head inode_notifysecctx;
+        struct list_head inode_setsecctx;
+        struct list_head inode_getsecctx;
+#ifdef CONFIG_SECURITY_NETWORK
+        struct list_head unix_stream_connect;
+        struct list_head unix_may_send;
+        struct list_head socket_create;
+        struct list_head socket_post_create;
+        struct list_head socket_bind;
+        struct list_head socket_connect;
+        struct list_head socket_listen;
+        struct list_head socket_accept;
+        struct list_head socket_sendmsg;
+        struct list_head socket_recvmsg;
+        struct list_head socket_getsockname;
+        struct list_head socket_getpeername;
+        struct list_head socket_getsockopt;
+        struct list_head socket_setsockopt;
+        struct list_head socket_shutdown;
+        struct list_head socket_sock_rcv_skb;
+        struct list_head socket_getpeersec_stream;
+        struct list_head socket_getpeersec_dgram;
+        struct list_head sk_alloc_security;
+        struct list_head sk_free_security;
+        struct list_head sk_clone_security;
+        struct list_head sk_getsecid;
+        struct list_head sock_graft;
+        struct list_head inet_conn_request;
+        struct list_head inet_csk_clone;
+        struct list_head inet_conn_established;
+        struct list_head secmark_relabel_packet;
+        struct list_head secmark_refcount_inc;
+        struct list_head secmark_refcount_dec;
+        struct list_head req_classify_flow;
+        struct list_head tun_dev_alloc_security;
+        struct list_head tun_dev_free_security;
+        struct list_head tun_dev_create;
+        struct list_head tun_dev_attach_queue;
+        struct list_head tun_dev_attach;
+        struct list_head tun_dev_open;
+        struct list_head skb_owned_by;
+#endif  /* CONFIG_SECURITY_NETWORK */
+#ifdef CONFIG_SECURITY_NETWORK_XFRM
+        struct list_head xfrm_policy_alloc_security;
+        struct list_head xfrm_policy_clone_security;
+        struct list_head xfrm_policy_free_security;
+        struct list_head xfrm_policy_delete_security;
+        struct list_head xfrm_state_alloc;
+        struct list_head xfrm_state_alloc_acquire;
+        struct list_head xfrm_state_free_security;
+        struct list_head xfrm_state_delete_security;
+        struct list_head xfrm_policy_lookup;
+        struct list_head xfrm_state_pol_flow_match;
+        struct list_head xfrm_decode_session;
+#endif  /* CONFIG_SECURITY_NETWORK_XFRM */
+#ifdef CONFIG_KEYS
+        struct list_head key_alloc;
+        struct list_head key_free;
+        struct list_head key_permission;
+        struct list_head key_getsecurity;
+#endif  /* CONFIG_KEYS */
+#ifdef CONFIG_AUDIT
+        struct list_head audit_rule_init;
+        struct list_head audit_rule_known;
+        struct list_head audit_rule_match;
+        struct list_head audit_rule_free;
+#endif /* CONFIG_AUDIT */
+};
+/*
+ * Initializing a security_hook_list structure takes
+ * up a lot of space in a source file. This macro takes
+ * care of the common case and reduces the amount of
+ * text involved.
+ * Casey says: Comment is true in the next patch.
+ */
+#define LSM_HOOK_INIT(HEAD, HOOK)       .HEAD = HOOK
 /* prototypes */
 extern int security_module_enable(struct security_operations *ops);
 extern int register_security(struct security_operations *ops);
author	Casey Schaufler <casey@schaufler-ca.com>	2015-05-02 18:11:36 -0400
committer	James Morris <james.l.morris@oracle.com>	2015-05-12 01:00:36 -0400
commit	e20b043a6902ecb61c2c84355c3bae5149f391db (patch)
tree	f5268475bb8b4bee2fbfafb063c41b02b9769af1 /include/linux/lsm_hooks.h
parent	f25fce3e8f1f15d6d2a22620ebf98a68a4641f06 (diff)

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index b4c91de510c2..27dd6fcacccc 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h
@@ -1626,6 +1626,226 @@ struct security_operations {
1626	#endif /* CONFIG_AUDIT */	1626	#endif /* CONFIG_AUDIT */
1627	};	1627	};
1628		1628
		1629	struct security_hook_heads {
		1630	struct list_head binder_set_context_mgr;
		1631	struct list_head binder_transaction;
		1632	struct list_head binder_transfer_binder;
		1633	struct list_head binder_transfer_file;
		1634	struct list_head ptrace_access_check;
		1635	struct list_head ptrace_traceme;
		1636	struct list_head capget;
		1637	struct list_head capset;
		1638	struct list_head capable;
		1639	struct list_head quotactl;
		1640	struct list_head quota_on;
		1641	struct list_head syslog;
		1642	struct list_head settime;
		1643	struct list_head vm_enough_memory;
		1644	struct list_head bprm_set_creds;
		1645	struct list_head bprm_check_security;
		1646	struct list_head bprm_secureexec;
		1647	struct list_head bprm_committing_creds;
		1648	struct list_head bprm_committed_creds;
		1649	struct list_head sb_alloc_security;
		1650	struct list_head sb_free_security;
		1651	struct list_head sb_copy_data;
		1652	struct list_head sb_remount;
		1653	struct list_head sb_kern_mount;
		1654	struct list_head sb_show_options;
		1655	struct list_head sb_statfs;
		1656	struct list_head sb_mount;
		1657	struct list_head sb_umount;
		1658	struct list_head sb_pivotroot;
		1659	struct list_head sb_set_mnt_opts;
		1660	struct list_head sb_clone_mnt_opts;
		1661	struct list_head sb_parse_opts_str;
		1662	struct list_head dentry_init_security;
		1663	#ifdef CONFIG_SECURITY_PATH
		1664	struct list_head path_unlink;
		1665	struct list_head path_mkdir;
		1666	struct list_head path_rmdir;
		1667	struct list_head path_mknod;
		1668	struct list_head path_truncate;
		1669	struct list_head path_symlink;
		1670	struct list_head path_link;
		1671	struct list_head path_rename;
		1672	struct list_head path_chmod;
		1673	struct list_head path_chown;
		1674	struct list_head path_chroot;
		1675	#endif
		1676	struct list_head inode_alloc_security;
		1677	struct list_head inode_free_security;
		1678	struct list_head inode_init_security;
		1679	struct list_head inode_create;
		1680	struct list_head inode_link;
		1681	struct list_head inode_unlink;
		1682	struct list_head inode_symlink;
		1683	struct list_head inode_mkdir;
		1684	struct list_head inode_rmdir;
		1685	struct list_head inode_mknod;
		1686	struct list_head inode_rename;
		1687	struct list_head inode_readlink;
		1688	struct list_head inode_follow_link;
		1689	struct list_head inode_permission;
		1690	struct list_head inode_setattr;
		1691	struct list_head inode_getattr;
		1692	struct list_head inode_setxattr;
		1693	struct list_head inode_post_setxattr;
		1694	struct list_head inode_getxattr;
		1695	struct list_head inode_listxattr;
		1696	struct list_head inode_removexattr;
		1697	struct list_head inode_need_killpriv;
		1698	struct list_head inode_killpriv;
		1699	struct list_head inode_getsecurity;
		1700	struct list_head inode_setsecurity;
		1701	struct list_head inode_listsecurity;
		1702	struct list_head inode_getsecid;
		1703	struct list_head file_permission;
		1704	struct list_head file_alloc_security;
		1705	struct list_head file_free_security;
		1706	struct list_head file_ioctl;
		1707	struct list_head mmap_addr;
		1708	struct list_head mmap_file;
		1709	struct list_head file_mprotect;
		1710	struct list_head file_lock;
		1711	struct list_head file_fcntl;
		1712	struct list_head file_set_fowner;
		1713	struct list_head file_send_sigiotask;
		1714	struct list_head file_receive;
		1715	struct list_head file_open;
		1716	struct list_head task_create;
		1717	struct list_head task_free;
		1718	struct list_head cred_alloc_blank;
		1719	struct list_head cred_free;
		1720	struct list_head cred_prepare;
		1721	struct list_head cred_transfer;
		1722	struct list_head kernel_act_as;
		1723	struct list_head kernel_create_files_as;
		1724	struct list_head kernel_fw_from_file;
		1725	struct list_head kernel_module_request;
		1726	struct list_head kernel_module_from_file;
		1727	struct list_head task_fix_setuid;
		1728	struct list_head task_setpgid;
		1729	struct list_head task_getpgid;
		1730	struct list_head task_getsid;
		1731	struct list_head task_getsecid;
		1732	struct list_head task_setnice;
		1733	struct list_head task_setioprio;
		1734	struct list_head task_getioprio;
		1735	struct list_head task_setrlimit;
		1736	struct list_head task_setscheduler;
		1737	struct list_head task_getscheduler;
		1738	struct list_head task_movememory;
		1739	struct list_head task_kill;
		1740	struct list_head task_wait;
		1741	struct list_head task_prctl;
		1742	struct list_head task_to_inode;
		1743	struct list_head ipc_permission;
		1744	struct list_head ipc_getsecid;
		1745	struct list_head msg_msg_alloc_security;
		1746	struct list_head msg_msg_free_security;
		1747	struct list_head msg_queue_alloc_security;
		1748	struct list_head msg_queue_free_security;
		1749	struct list_head msg_queue_associate;
		1750	struct list_head msg_queue_msgctl;
		1751	struct list_head msg_queue_msgsnd;
		1752	struct list_head msg_queue_msgrcv;
		1753	struct list_head shm_alloc_security;
		1754	struct list_head shm_free_security;
		1755	struct list_head shm_associate;
		1756	struct list_head shm_shmctl;
		1757	struct list_head shm_shmat;
		1758	struct list_head sem_alloc_security;
		1759	struct list_head sem_free_security;
		1760	struct list_head sem_associate;
		1761	struct list_head sem_semctl;
		1762	struct list_head sem_semop;
		1763	struct list_head netlink_send;
		1764	struct list_head d_instantiate;
		1765	struct list_head getprocattr;
		1766	struct list_head setprocattr;
		1767	struct list_head ismaclabel;
		1768	struct list_head secid_to_secctx;
		1769	struct list_head secctx_to_secid;
		1770	struct list_head release_secctx;
		1771	struct list_head inode_notifysecctx;
		1772	struct list_head inode_setsecctx;
		1773	struct list_head inode_getsecctx;
		1774	#ifdef CONFIG_SECURITY_NETWORK
		1775	struct list_head unix_stream_connect;
		1776	struct list_head unix_may_send;
		1777	struct list_head socket_create;
		1778	struct list_head socket_post_create;
		1779	struct list_head socket_bind;
		1780	struct list_head socket_connect;
		1781	struct list_head socket_listen;
		1782	struct list_head socket_accept;
		1783	struct list_head socket_sendmsg;
		1784	struct list_head socket_recvmsg;
		1785	struct list_head socket_getsockname;
		1786	struct list_head socket_getpeername;
		1787	struct list_head socket_getsockopt;
		1788	struct list_head socket_setsockopt;
		1789	struct list_head socket_shutdown;
		1790	struct list_head socket_sock_rcv_skb;
		1791	struct list_head socket_getpeersec_stream;
		1792	struct list_head socket_getpeersec_dgram;
		1793	struct list_head sk_alloc_security;
		1794	struct list_head sk_free_security;
		1795	struct list_head sk_clone_security;
		1796	struct list_head sk_getsecid;
		1797	struct list_head sock_graft;
		1798	struct list_head inet_conn_request;
		1799	struct list_head inet_csk_clone;
		1800	struct list_head inet_conn_established;
		1801	struct list_head secmark_relabel_packet;
		1802	struct list_head secmark_refcount_inc;
		1803	struct list_head secmark_refcount_dec;
		1804	struct list_head req_classify_flow;
		1805	struct list_head tun_dev_alloc_security;
		1806	struct list_head tun_dev_free_security;
		1807	struct list_head tun_dev_create;
		1808	struct list_head tun_dev_attach_queue;
		1809	struct list_head tun_dev_attach;
		1810	struct list_head tun_dev_open;
		1811	struct list_head skb_owned_by;
		1812	#endif /* CONFIG_SECURITY_NETWORK */
		1813	#ifdef CONFIG_SECURITY_NETWORK_XFRM
		1814	struct list_head xfrm_policy_alloc_security;
		1815	struct list_head xfrm_policy_clone_security;
		1816	struct list_head xfrm_policy_free_security;
		1817	struct list_head xfrm_policy_delete_security;
		1818	struct list_head xfrm_state_alloc;
		1819	struct list_head xfrm_state_alloc_acquire;
		1820	struct list_head xfrm_state_free_security;
		1821	struct list_head xfrm_state_delete_security;
		1822	struct list_head xfrm_policy_lookup;
		1823	struct list_head xfrm_state_pol_flow_match;
		1824	struct list_head xfrm_decode_session;
		1825	#endif /* CONFIG_SECURITY_NETWORK_XFRM */
		1826	#ifdef CONFIG_KEYS
		1827	struct list_head key_alloc;
		1828	struct list_head key_free;
		1829	struct list_head key_permission;
		1830	struct list_head key_getsecurity;
		1831	#endif /* CONFIG_KEYS */
		1832	#ifdef CONFIG_AUDIT
		1833	struct list_head audit_rule_init;
		1834	struct list_head audit_rule_known;
		1835	struct list_head audit_rule_match;
		1836	struct list_head audit_rule_free;
		1837	#endif /* CONFIG_AUDIT */
		1838	};
		1839
		1840	/*
		1841	* Initializing a security_hook_list structure takes
		1842	* up a lot of space in a source file. This macro takes
		1843	* care of the common case and reduces the amount of
		1844	* text involved.
		1845	* Casey says: Comment is true in the next patch.
		1846	*/
		1847	#define LSM_HOOK_INIT(HEAD, HOOK) .HEAD = HOOK
		1848
1629	/* prototypes */	1849	/* prototypes */
1630	extern int security_module_enable(struct security_operations *ops);	1850	extern int security_module_enable(struct security_operations *ops);
1631	extern int register_security(struct security_operations *ops);	1851	extern int register_security(struct security_operations *ops);