aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorCasey Schaufler <casey@schaufler-ca.com>2015-05-02 18:10:46 -0400
committerJames Morris <james.l.morris@oracle.com>2015-05-12 01:00:16 -0400
commit3c4ed7bdf5997d8020cbb8d4abbef2fcfb9f1284 (patch)
tree6137d6577f72d7f15b2693b44a973bc94cad1b6e /include/linux
parentb787f68c36d49bb1d9236f403813641efa74a031 (diff)
LSM: Split security.h
The security.h header file serves two purposes, interfaces for users of the security modules and interfaces for security modules. Users of the security modules don't need to know about what's in the security_operations structure, so pull it out into it's own header, lsm_hooks.h Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <keescook@chromium.org> Acked-by: Paul Moore <paul@paul-moore.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/lsm_hooks.h358
-rw-r--r--include/linux/security.h305
2 files changed, 358 insertions, 305 deletions
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
new file mode 100644
index 000000000000..c60f81b2d18c
--- /dev/null
+++ b/include/linux/lsm_hooks.h
@@ -0,0 +1,358 @@
1/*
2 * Linux Security Module interfaces
3 *
4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
7 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
9 * Copyright (C) 2015 Intel Corporation.
10 * Copyright (C) 2015 Casey Schaufler <casey@schaufler-ca.com>
11 *
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
16 *
17 * Due to this file being licensed under the GPL there is controversy over
18 * whether this permits you to write a module that #includes this file
19 * without placing your module under the GPL. Please consult a lawyer for
20 * advice before doing this.
21 *
22 */
23
24#ifndef __LINUX_LSM_HOOKS_H
25#define __LINUX_LSM_HOOKS_H
26
27#include <linux/security.h>
28
29/* Maximum number of letters for an LSM name string */
30#define SECURITY_NAME_MAX 10
31
32#ifdef CONFIG_SECURITY
33
34struct security_operations {
35 char name[SECURITY_NAME_MAX + 1];
36
37 int (*binder_set_context_mgr)(struct task_struct *mgr);
38 int (*binder_transaction)(struct task_struct *from,
39 struct task_struct *to);
40 int (*binder_transfer_binder)(struct task_struct *from,
41 struct task_struct *to);
42 int (*binder_transfer_file)(struct task_struct *from,
43 struct task_struct *to,
44 struct file *file);
45
46 int (*ptrace_access_check)(struct task_struct *child,
47 unsigned int mode);
48 int (*ptrace_traceme)(struct task_struct *parent);
49 int (*capget)(struct task_struct *target, kernel_cap_t *effective,
50 kernel_cap_t *inheritable, kernel_cap_t *permitted);
51 int (*capset)(struct cred *new, const struct cred *old,
52 const kernel_cap_t *effective,
53 const kernel_cap_t *inheritable,
54 const kernel_cap_t *permitted);
55 int (*capable)(const struct cred *cred, struct user_namespace *ns,
56 int cap, int audit);
57 int (*quotactl)(int cmds, int type, int id, struct super_block *sb);
58 int (*quota_on)(struct dentry *dentry);
59 int (*syslog)(int type);
60 int (*settime)(const struct timespec *ts, const struct timezone *tz);
61 int (*vm_enough_memory)(struct mm_struct *mm, long pages);
62
63 int (*bprm_set_creds)(struct linux_binprm *bprm);
64 int (*bprm_check_security)(struct linux_binprm *bprm);
65 int (*bprm_secureexec)(struct linux_binprm *bprm);
66 void (*bprm_committing_creds)(struct linux_binprm *bprm);
67 void (*bprm_committed_creds)(struct linux_binprm *bprm);
68
69 int (*sb_alloc_security)(struct super_block *sb);
70 void (*sb_free_security)(struct super_block *sb);
71 int (*sb_copy_data)(char *orig, char *copy);
72 int (*sb_remount)(struct super_block *sb, void *data);
73 int (*sb_kern_mount)(struct super_block *sb, int flags, void *data);
74 int (*sb_show_options)(struct seq_file *m, struct super_block *sb);
75 int (*sb_statfs)(struct dentry *dentry);
76 int (*sb_mount)(const char *dev_name, struct path *path,
77 const char *type, unsigned long flags, void *data);
78 int (*sb_umount)(struct vfsmount *mnt, int flags);
79 int (*sb_pivotroot)(struct path *old_path, struct path *new_path);
80 int (*sb_set_mnt_opts)(struct super_block *sb,
81 struct security_mnt_opts *opts,
82 unsigned long kern_flags,
83 unsigned long *set_kern_flags);
84 int (*sb_clone_mnt_opts)(const struct super_block *oldsb,
85 struct super_block *newsb);
86 int (*sb_parse_opts_str)(char *options, struct security_mnt_opts *opts);
87 int (*dentry_init_security)(struct dentry *dentry, int mode,
88 struct qstr *name, void **ctx,
89 u32 *ctxlen);
90
91
92#ifdef CONFIG_SECURITY_PATH
93 int (*path_unlink)(struct path *dir, struct dentry *dentry);
94 int (*path_mkdir)(struct path *dir, struct dentry *dentry,
95 umode_t mode);
96 int (*path_rmdir)(struct path *dir, struct dentry *dentry);
97 int (*path_mknod)(struct path *dir, struct dentry *dentry,
98 umode_t mode, unsigned int dev);
99 int (*path_truncate)(struct path *path);
100 int (*path_symlink)(struct path *dir, struct dentry *dentry,
101 const char *old_name);
102 int (*path_link)(struct dentry *old_dentry, struct path *new_dir,
103 struct dentry *new_dentry);
104 int (*path_rename)(struct path *old_dir, struct dentry *old_dentry,
105 struct path *new_dir,
106 struct dentry *new_dentry);
107 int (*path_chmod)(struct path *path, umode_t mode);
108 int (*path_chown)(struct path *path, kuid_t uid, kgid_t gid);
109 int (*path_chroot)(struct path *path);
110#endif
111
112 int (*inode_alloc_security)(struct inode *inode);
113 void (*inode_free_security)(struct inode *inode);
114 int (*inode_init_security)(struct inode *inode, struct inode *dir,
115 const struct qstr *qstr,
116 const char **name, void **value,
117 size_t *len);
118 int (*inode_create)(struct inode *dir, struct dentry *dentry,
119 umode_t mode);
120 int (*inode_link)(struct dentry *old_dentry, struct inode *dir,
121 struct dentry *new_dentry);
122 int (*inode_unlink)(struct inode *dir, struct dentry *dentry);
123 int (*inode_symlink)(struct inode *dir, struct dentry *dentry,
124 const char *old_name);
125 int (*inode_mkdir)(struct inode *dir, struct dentry *dentry,
126 umode_t mode);
127 int (*inode_rmdir)(struct inode *dir, struct dentry *dentry);
128 int (*inode_mknod)(struct inode *dir, struct dentry *dentry,
129 umode_t mode, dev_t dev);
130 int (*inode_rename)(struct inode *old_dir, struct dentry *old_dentry,
131 struct inode *new_dir,
132 struct dentry *new_dentry);
133 int (*inode_readlink)(struct dentry *dentry);
134 int (*inode_follow_link)(struct dentry *dentry, struct nameidata *nd);
135 int (*inode_permission)(struct inode *inode, int mask);
136 int (*inode_setattr)(struct dentry *dentry, struct iattr *attr);
137 int (*inode_getattr)(const struct path *path);
138 int (*inode_setxattr)(struct dentry *dentry, const char *name,
139 const void *value, size_t size, int flags);
140 void (*inode_post_setxattr)(struct dentry *dentry, const char *name,
141 const void *value, size_t size,
142 int flags);
143 int (*inode_getxattr)(struct dentry *dentry, const char *name);
144 int (*inode_listxattr)(struct dentry *dentry);
145 int (*inode_removexattr)(struct dentry *dentry, const char *name);
146 int (*inode_need_killpriv)(struct dentry *dentry);
147 int (*inode_killpriv)(struct dentry *dentry);
148 int (*inode_getsecurity)(const struct inode *inode, const char *name,
149 void **buffer, bool alloc);
150 int (*inode_setsecurity)(struct inode *inode, const char *name,
151 const void *value, size_t size,
152 int flags);
153 int (*inode_listsecurity)(struct inode *inode, char *buffer,
154 size_t buffer_size);
155 void (*inode_getsecid)(const struct inode *inode, u32 *secid);
156
157 int (*file_permission)(struct file *file, int mask);
158 int (*file_alloc_security)(struct file *file);
159 void (*file_free_security)(struct file *file);
160 int (*file_ioctl)(struct file *file, unsigned int cmd,
161 unsigned long arg);
162 int (*mmap_addr)(unsigned long addr);
163 int (*mmap_file)(struct file *file, unsigned long reqprot,
164 unsigned long prot, unsigned long flags);
165 int (*file_mprotect)(struct vm_area_struct *vma, unsigned long reqprot,
166 unsigned long prot);
167 int (*file_lock)(struct file *file, unsigned int cmd);
168 int (*file_fcntl)(struct file *file, unsigned int cmd,
169 unsigned long arg);
170 void (*file_set_fowner)(struct file *file);
171 int (*file_send_sigiotask)(struct task_struct *tsk,
172 struct fown_struct *fown, int sig);
173 int (*file_receive)(struct file *file);
174 int (*file_open)(struct file *file, const struct cred *cred);
175
176 int (*task_create)(unsigned long clone_flags);
177 void (*task_free)(struct task_struct *task);
178 int (*cred_alloc_blank)(struct cred *cred, gfp_t gfp);
179 void (*cred_free)(struct cred *cred);
180 int (*cred_prepare)(struct cred *new, const struct cred *old,
181 gfp_t gfp);
182 void (*cred_transfer)(struct cred *new, const struct cred *old);
183 int (*kernel_act_as)(struct cred *new, u32 secid);
184 int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
185 int (*kernel_fw_from_file)(struct file *file, char *buf, size_t size);
186 int (*kernel_module_request)(char *kmod_name);
187 int (*kernel_module_from_file)(struct file *file);
188 int (*task_fix_setuid)(struct cred *new, const struct cred *old,
189 int flags);
190 int (*task_setpgid)(struct task_struct *p, pid_t pgid);
191 int (*task_getpgid)(struct task_struct *p);
192 int (*task_getsid)(struct task_struct *p);
193 void (*task_getsecid)(struct task_struct *p, u32 *secid);
194 int (*task_setnice)(struct task_struct *p, int nice);
195 int (*task_setioprio)(struct task_struct *p, int ioprio);
196 int (*task_getioprio)(struct task_struct *p);
197 int (*task_setrlimit)(struct task_struct *p, unsigned int resource,
198 struct rlimit *new_rlim);
199 int (*task_setscheduler)(struct task_struct *p);
200 int (*task_getscheduler)(struct task_struct *p);
201 int (*task_movememory)(struct task_struct *p);
202 int (*task_kill)(struct task_struct *p, struct siginfo *info,
203 int sig, u32 secid);
204 int (*task_wait)(struct task_struct *p);
205 int (*task_prctl)(int option, unsigned long arg2, unsigned long arg3,
206 unsigned long arg4, unsigned long arg5);
207 void (*task_to_inode)(struct task_struct *p, struct inode *inode);
208
209 int (*ipc_permission)(struct kern_ipc_perm *ipcp, short flag);
210 void (*ipc_getsecid)(struct kern_ipc_perm *ipcp, u32 *secid);
211
212 int (*msg_msg_alloc_security)(struct msg_msg *msg);
213 void (*msg_msg_free_security)(struct msg_msg *msg);
214
215 int (*msg_queue_alloc_security)(struct msg_queue *msq);
216 void (*msg_queue_free_security)(struct msg_queue *msq);
217 int (*msg_queue_associate)(struct msg_queue *msq, int msqflg);
218 int (*msg_queue_msgctl)(struct msg_queue *msq, int cmd);
219 int (*msg_queue_msgsnd)(struct msg_queue *msq, struct msg_msg *msg,
220 int msqflg);
221 int (*msg_queue_msgrcv)(struct msg_queue *msq, struct msg_msg *msg,
222 struct task_struct *target, long type,
223 int mode);
224
225 int (*shm_alloc_security)(struct shmid_kernel *shp);
226 void (*shm_free_security)(struct shmid_kernel *shp);
227 int (*shm_associate)(struct shmid_kernel *shp, int shmflg);
228 int (*shm_shmctl)(struct shmid_kernel *shp, int cmd);
229 int (*shm_shmat)(struct shmid_kernel *shp, char __user *shmaddr,
230 int shmflg);
231
232 int (*sem_alloc_security)(struct sem_array *sma);
233 void (*sem_free_security)(struct sem_array *sma);
234 int (*sem_associate)(struct sem_array *sma, int semflg);
235 int (*sem_semctl)(struct sem_array *sma, int cmd);
236 int (*sem_semop)(struct sem_array *sma, struct sembuf *sops,
237 unsigned nsops, int alter);
238
239 int (*netlink_send)(struct sock *sk, struct sk_buff *skb);
240
241 void (*d_instantiate)(struct dentry *dentry, struct inode *inode);
242
243 int (*getprocattr)(struct task_struct *p, char *name, char **value);
244 int (*setprocattr)(struct task_struct *p, char *name, void *value,
245 size_t size);
246 int (*ismaclabel)(const char *name);
247 int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen);
248 int (*secctx_to_secid)(const char *secdata, u32 seclen, u32 *secid);
249 void (*release_secctx)(char *secdata, u32 seclen);
250
251 int (*inode_notifysecctx)(struct inode *inode, void *ctx, u32 ctxlen);
252 int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen);
253 int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen);
254
255#ifdef CONFIG_SECURITY_NETWORK
256 int (*unix_stream_connect)(struct sock *sock, struct sock *other,
257 struct sock *newsk);
258 int (*unix_may_send)(struct socket *sock, struct socket *other);
259
260 int (*socket_create)(int family, int type, int protocol, int kern);
261 int (*socket_post_create)(struct socket *sock, int family, int type,
262 int protocol, int kern);
263 int (*socket_bind)(struct socket *sock, struct sockaddr *address,
264 int addrlen);
265 int (*socket_connect)(struct socket *sock, struct sockaddr *address,
266 int addrlen);
267 int (*socket_listen)(struct socket *sock, int backlog);
268 int (*socket_accept)(struct socket *sock, struct socket *newsock);
269 int (*socket_sendmsg)(struct socket *sock, struct msghdr *msg,
270 int size);
271 int (*socket_recvmsg)(struct socket *sock, struct msghdr *msg,
272 int size, int flags);
273 int (*socket_getsockname)(struct socket *sock);
274 int (*socket_getpeername)(struct socket *sock);
275 int (*socket_getsockopt)(struct socket *sock, int level, int optname);
276 int (*socket_setsockopt)(struct socket *sock, int level, int optname);
277 int (*socket_shutdown)(struct socket *sock, int how);
278 int (*socket_sock_rcv_skb)(struct sock *sk, struct sk_buff *skb);
279 int (*socket_getpeersec_stream)(struct socket *sock,
280 char __user *optval,
281 int __user *optlen, unsigned len);
282 int (*socket_getpeersec_dgram)(struct socket *sock,
283 struct sk_buff *skb, u32 *secid);
284 int (*sk_alloc_security)(struct sock *sk, int family, gfp_t priority);
285 void (*sk_free_security)(struct sock *sk);
286 void (*sk_clone_security)(const struct sock *sk, struct sock *newsk);
287 void (*sk_getsecid)(struct sock *sk, u32 *secid);
288 void (*sock_graft)(struct sock *sk, struct socket *parent);
289 int (*inet_conn_request)(struct sock *sk, struct sk_buff *skb,
290 struct request_sock *req);
291 void (*inet_csk_clone)(struct sock *newsk,
292 const struct request_sock *req);
293 void (*inet_conn_established)(struct sock *sk, struct sk_buff *skb);
294 int (*secmark_relabel_packet)(u32 secid);
295 void (*secmark_refcount_inc)(void);
296 void (*secmark_refcount_dec)(void);
297 void (*req_classify_flow)(const struct request_sock *req,
298 struct flowi *fl);
299 int (*tun_dev_alloc_security)(void **security);
300 void (*tun_dev_free_security)(void *security);
301 int (*tun_dev_create)(void);
302 int (*tun_dev_attach_queue)(void *security);
303 int (*tun_dev_attach)(struct sock *sk, void *security);
304 int (*tun_dev_open)(void *security);
305#endif /* CONFIG_SECURITY_NETWORK */
306
307#ifdef CONFIG_SECURITY_NETWORK_XFRM
308 int (*xfrm_policy_alloc_security)(struct xfrm_sec_ctx **ctxp,
309 struct xfrm_user_sec_ctx *sec_ctx,
310 gfp_t gfp);
311 int (*xfrm_policy_clone_security)(struct xfrm_sec_ctx *old_ctx,
312 struct xfrm_sec_ctx **new_ctx);
313 void (*xfrm_policy_free_security)(struct xfrm_sec_ctx *ctx);
314 int (*xfrm_policy_delete_security)(struct xfrm_sec_ctx *ctx);
315 int (*xfrm_state_alloc)(struct xfrm_state *x,
316 struct xfrm_user_sec_ctx *sec_ctx);
317 int (*xfrm_state_alloc_acquire)(struct xfrm_state *x,
318 struct xfrm_sec_ctx *polsec,
319 u32 secid);
320 void (*xfrm_state_free_security)(struct xfrm_state *x);
321 int (*xfrm_state_delete_security)(struct xfrm_state *x);
322 int (*xfrm_policy_lookup)(struct xfrm_sec_ctx *ctx, u32 fl_secid,
323 u8 dir);
324 int (*xfrm_state_pol_flow_match)(struct xfrm_state *x,
325 struct xfrm_policy *xp,
326 const struct flowi *fl);
327 int (*xfrm_decode_session)(struct sk_buff *skb, u32 *secid, int ckall);
328#endif /* CONFIG_SECURITY_NETWORK_XFRM */
329
330 /* key management security hooks */
331#ifdef CONFIG_KEYS
332 int (*key_alloc)(struct key *key, const struct cred *cred,
333 unsigned long flags);
334 void (*key_free)(struct key *key);
335 int (*key_permission)(key_ref_t key_ref, const struct cred *cred,
336 unsigned perm);
337 int (*key_getsecurity)(struct key *key, char **_buffer);
338#endif /* CONFIG_KEYS */
339
340#ifdef CONFIG_AUDIT
341 int (*audit_rule_init)(u32 field, u32 op, char *rulestr,
342 void **lsmrule);
343 int (*audit_rule_known)(struct audit_krule *krule);
344 int (*audit_rule_match)(u32 secid, u32 field, u32 op, void *lsmrule,
345 struct audit_context *actx);
346 void (*audit_rule_free)(void *lsmrule);
347#endif /* CONFIG_AUDIT */
348};
349
350/* prototypes */
351extern int security_module_enable(struct security_operations *ops);
352extern int register_security(struct security_operations *ops);
353extern void __init security_fixup_ops(struct security_operations *ops);
354extern void reset_security_ops(void);
355
356#endif /* CONFIG_SECURITY */
357
358#endif /* ! __LINUX_LSM_HOOKS_H */
diff --git a/include/linux/security.h b/include/linux/security.h
index 18264ea9e314..f3d42c636f27 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -116,8 +116,6 @@ struct seq_file;
116 116
117extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); 117extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
118 118
119void reset_security_ops(void);
120
121#ifdef CONFIG_MMU 119#ifdef CONFIG_MMU
122extern unsigned long mmap_min_addr; 120extern unsigned long mmap_min_addr;
123extern unsigned long dac_mmap_min_addr; 121extern unsigned long dac_mmap_min_addr;
@@ -1457,312 +1455,9 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1457 * @ctxlen points to the place to put the length of @ctx. 1455 * @ctxlen points to the place to put the length of @ctx.
1458 * This is the main security structure. 1456 * This is the main security structure.
1459 */ 1457 */
1460struct security_operations {
1461 char name[SECURITY_NAME_MAX + 1];
1462
1463 int (*binder_set_context_mgr) (struct task_struct *mgr);
1464 int (*binder_transaction) (struct task_struct *from,
1465 struct task_struct *to);
1466 int (*binder_transfer_binder) (struct task_struct *from,
1467 struct task_struct *to);
1468 int (*binder_transfer_file) (struct task_struct *from,
1469 struct task_struct *to, struct file *file);
1470
1471 int (*ptrace_access_check) (struct task_struct *child, unsigned int mode);
1472 int (*ptrace_traceme) (struct task_struct *parent);
1473 int (*capget) (struct task_struct *target,
1474 kernel_cap_t *effective,
1475 kernel_cap_t *inheritable, kernel_cap_t *permitted);
1476 int (*capset) (struct cred *new,
1477 const struct cred *old,
1478 const kernel_cap_t *effective,
1479 const kernel_cap_t *inheritable,
1480 const kernel_cap_t *permitted);
1481 int (*capable) (const struct cred *cred, struct user_namespace *ns,
1482 int cap, int audit);
1483 int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
1484 int (*quota_on) (struct dentry *dentry);
1485 int (*syslog) (int type);
1486 int (*settime) (const struct timespec *ts, const struct timezone *tz);
1487 int (*vm_enough_memory) (struct mm_struct *mm, long pages);
1488
1489 int (*bprm_set_creds) (struct linux_binprm *bprm);
1490 int (*bprm_check_security) (struct linux_binprm *bprm);
1491 int (*bprm_secureexec) (struct linux_binprm *bprm);
1492 void (*bprm_committing_creds) (struct linux_binprm *bprm);
1493 void (*bprm_committed_creds) (struct linux_binprm *bprm);
1494
1495 int (*sb_alloc_security) (struct super_block *sb);
1496 void (*sb_free_security) (struct super_block *sb);
1497 int (*sb_copy_data) (char *orig, char *copy);
1498 int (*sb_remount) (struct super_block *sb, void *data);
1499 int (*sb_kern_mount) (struct super_block *sb, int flags, void *data);
1500 int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
1501 int (*sb_statfs) (struct dentry *dentry);
1502 int (*sb_mount) (const char *dev_name, struct path *path,
1503 const char *type, unsigned long flags, void *data);
1504 int (*sb_umount) (struct vfsmount *mnt, int flags);
1505 int (*sb_pivotroot) (struct path *old_path,
1506 struct path *new_path);
1507 int (*sb_set_mnt_opts) (struct super_block *sb,
1508 struct security_mnt_opts *opts,
1509 unsigned long kern_flags,
1510 unsigned long *set_kern_flags);
1511 int (*sb_clone_mnt_opts) (const struct super_block *oldsb,
1512 struct super_block *newsb);
1513 int (*sb_parse_opts_str) (char *options, struct security_mnt_opts *opts);
1514 int (*dentry_init_security) (struct dentry *dentry, int mode,
1515 struct qstr *name, void **ctx,
1516 u32 *ctxlen);
1517
1518
1519#ifdef CONFIG_SECURITY_PATH
1520 int (*path_unlink) (struct path *dir, struct dentry *dentry);
1521 int (*path_mkdir) (struct path *dir, struct dentry *dentry, umode_t mode);
1522 int (*path_rmdir) (struct path *dir, struct dentry *dentry);
1523 int (*path_mknod) (struct path *dir, struct dentry *dentry, umode_t mode,
1524 unsigned int dev);
1525 int (*path_truncate) (struct path *path);
1526 int (*path_symlink) (struct path *dir, struct dentry *dentry,
1527 const char *old_name);
1528 int (*path_link) (struct dentry *old_dentry, struct path *new_dir,
1529 struct dentry *new_dentry);
1530 int (*path_rename) (struct path *old_dir, struct dentry *old_dentry,
1531 struct path *new_dir, struct dentry *new_dentry);
1532 int (*path_chmod) (struct path *path, umode_t mode);
1533 int (*path_chown) (struct path *path, kuid_t uid, kgid_t gid);
1534 int (*path_chroot) (struct path *path);
1535#endif
1536
1537 int (*inode_alloc_security) (struct inode *inode);
1538 void (*inode_free_security) (struct inode *inode);
1539 int (*inode_init_security) (struct inode *inode, struct inode *dir,
1540 const struct qstr *qstr, const char **name,
1541 void **value, size_t *len);
1542 int (*inode_create) (struct inode *dir,
1543 struct dentry *dentry, umode_t mode);
1544 int (*inode_link) (struct dentry *old_dentry,
1545 struct inode *dir, struct dentry *new_dentry);
1546 int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
1547 int (*inode_symlink) (struct inode *dir,
1548 struct dentry *dentry, const char *old_name);
1549 int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, umode_t mode);
1550 int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
1551 int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
1552 umode_t mode, dev_t dev);
1553 int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
1554 struct inode *new_dir, struct dentry *new_dentry);
1555 int (*inode_readlink) (struct dentry *dentry);
1556 int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
1557 int (*inode_permission) (struct inode *inode, int mask);
1558 int (*inode_setattr) (struct dentry *dentry, struct iattr *attr);
1559 int (*inode_getattr) (const struct path *path);
1560 int (*inode_setxattr) (struct dentry *dentry, const char *name,
1561 const void *value, size_t size, int flags);
1562 void (*inode_post_setxattr) (struct dentry *dentry, const char *name,
1563 const void *value, size_t size, int flags);
1564 int (*inode_getxattr) (struct dentry *dentry, const char *name);
1565 int (*inode_listxattr) (struct dentry *dentry);
1566 int (*inode_removexattr) (struct dentry *dentry, const char *name);
1567 int (*inode_need_killpriv) (struct dentry *dentry);
1568 int (*inode_killpriv) (struct dentry *dentry);
1569 int (*inode_getsecurity) (const struct inode *inode, const char *name, void **buffer, bool alloc);
1570 int (*inode_setsecurity) (struct inode *inode, const char *name, const void *value, size_t size, int flags);
1571 int (*inode_listsecurity) (struct inode *inode, char *buffer, size_t buffer_size);
1572 void (*inode_getsecid) (const struct inode *inode, u32 *secid);
1573
1574 int (*file_permission) (struct file *file, int mask);
1575 int (*file_alloc_security) (struct file *file);
1576 void (*file_free_security) (struct file *file);
1577 int (*file_ioctl) (struct file *file, unsigned int cmd,
1578 unsigned long arg);
1579 int (*mmap_addr) (unsigned long addr);
1580 int (*mmap_file) (struct file *file,
1581 unsigned long reqprot, unsigned long prot,
1582 unsigned long flags);
1583 int (*file_mprotect) (struct vm_area_struct *vma,
1584 unsigned long reqprot,
1585 unsigned long prot);
1586 int (*file_lock) (struct file *file, unsigned int cmd);
1587 int (*file_fcntl) (struct file *file, unsigned int cmd,
1588 unsigned long arg);
1589 void (*file_set_fowner) (struct file *file);
1590 int (*file_send_sigiotask) (struct task_struct *tsk,
1591 struct fown_struct *fown, int sig);
1592 int (*file_receive) (struct file *file);
1593 int (*file_open) (struct file *file, const struct cred *cred);
1594
1595 int (*task_create) (unsigned long clone_flags);
1596 void (*task_free) (struct task_struct *task);
1597 int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp);
1598 void (*cred_free) (struct cred *cred);
1599 int (*cred_prepare)(struct cred *new, const struct cred *old,
1600 gfp_t gfp);
1601 void (*cred_transfer)(struct cred *new, const struct cred *old);
1602 int (*kernel_act_as)(struct cred *new, u32 secid);
1603 int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
1604 int (*kernel_fw_from_file)(struct file *file, char *buf, size_t size);
1605 int (*kernel_module_request)(char *kmod_name);
1606 int (*kernel_module_from_file)(struct file *file);
1607 int (*task_fix_setuid) (struct cred *new, const struct cred *old,
1608 int flags);
1609 int (*task_setpgid) (struct task_struct *p, pid_t pgid);
1610 int (*task_getpgid) (struct task_struct *p);
1611 int (*task_getsid) (struct task_struct *p);
1612 void (*task_getsecid) (struct task_struct *p, u32 *secid);
1613 int (*task_setnice) (struct task_struct *p, int nice);
1614 int (*task_setioprio) (struct task_struct *p, int ioprio);
1615 int (*task_getioprio) (struct task_struct *p);
1616 int (*task_setrlimit) (struct task_struct *p, unsigned int resource,
1617 struct rlimit *new_rlim);
1618 int (*task_setscheduler) (struct task_struct *p);
1619 int (*task_getscheduler) (struct task_struct *p);
1620 int (*task_movememory) (struct task_struct *p);
1621 int (*task_kill) (struct task_struct *p,
1622 struct siginfo *info, int sig, u32 secid);
1623 int (*task_wait) (struct task_struct *p);
1624 int (*task_prctl) (int option, unsigned long arg2,
1625 unsigned long arg3, unsigned long arg4,
1626 unsigned long arg5);
1627 void (*task_to_inode) (struct task_struct *p, struct inode *inode);
1628
1629 int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag);
1630 void (*ipc_getsecid) (struct kern_ipc_perm *ipcp, u32 *secid);
1631
1632 int (*msg_msg_alloc_security) (struct msg_msg *msg);
1633 void (*msg_msg_free_security) (struct msg_msg *msg);
1634
1635 int (*msg_queue_alloc_security) (struct msg_queue *msq);
1636 void (*msg_queue_free_security) (struct msg_queue *msq);
1637 int (*msg_queue_associate) (struct msg_queue *msq, int msqflg);
1638 int (*msg_queue_msgctl) (struct msg_queue *msq, int cmd);
1639 int (*msg_queue_msgsnd) (struct msg_queue *msq,
1640 struct msg_msg *msg, int msqflg);
1641 int (*msg_queue_msgrcv) (struct msg_queue *msq,
1642 struct msg_msg *msg,
1643 struct task_struct *target,
1644 long type, int mode);
1645
1646 int (*shm_alloc_security) (struct shmid_kernel *shp);
1647 void (*shm_free_security) (struct shmid_kernel *shp);
1648 int (*shm_associate) (struct shmid_kernel *shp, int shmflg);
1649 int (*shm_shmctl) (struct shmid_kernel *shp, int cmd);
1650 int (*shm_shmat) (struct shmid_kernel *shp,
1651 char __user *shmaddr, int shmflg);
1652
1653 int (*sem_alloc_security) (struct sem_array *sma);
1654 void (*sem_free_security) (struct sem_array *sma);
1655 int (*sem_associate) (struct sem_array *sma, int semflg);
1656 int (*sem_semctl) (struct sem_array *sma, int cmd);
1657 int (*sem_semop) (struct sem_array *sma,
1658 struct sembuf *sops, unsigned nsops, int alter);
1659
1660 int (*netlink_send) (struct sock *sk, struct sk_buff *skb);
1661
1662 void (*d_instantiate) (struct dentry *dentry, struct inode *inode);
1663
1664 int (*getprocattr) (struct task_struct *p, char *name, char **value);
1665 int (*setprocattr) (struct task_struct *p, char *name, void *value, size_t size);
1666 int (*ismaclabel) (const char *name);
1667 int (*secid_to_secctx) (u32 secid, char **secdata, u32 *seclen);
1668 int (*secctx_to_secid) (const char *secdata, u32 seclen, u32 *secid);
1669 void (*release_secctx) (char *secdata, u32 seclen);
1670
1671 int (*inode_notifysecctx)(struct inode *inode, void *ctx, u32 ctxlen);
1672 int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen);
1673 int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen);
1674
1675#ifdef CONFIG_SECURITY_NETWORK
1676 int (*unix_stream_connect) (struct sock *sock, struct sock *other, struct sock *newsk);
1677 int (*unix_may_send) (struct socket *sock, struct socket *other);
1678
1679 int (*socket_create) (int family, int type, int protocol, int kern);
1680 int (*socket_post_create) (struct socket *sock, int family,
1681 int type, int protocol, int kern);
1682 int (*socket_bind) (struct socket *sock,
1683 struct sockaddr *address, int addrlen);
1684 int (*socket_connect) (struct socket *sock,
1685 struct sockaddr *address, int addrlen);
1686 int (*socket_listen) (struct socket *sock, int backlog);
1687 int (*socket_accept) (struct socket *sock, struct socket *newsock);
1688 int (*socket_sendmsg) (struct socket *sock,
1689 struct msghdr *msg, int size);
1690 int (*socket_recvmsg) (struct socket *sock,
1691 struct msghdr *msg, int size, int flags);
1692 int (*socket_getsockname) (struct socket *sock);
1693 int (*socket_getpeername) (struct socket *sock);
1694 int (*socket_getsockopt) (struct socket *sock, int level, int optname);
1695 int (*socket_setsockopt) (struct socket *sock, int level, int optname);
1696 int (*socket_shutdown) (struct socket *sock, int how);
1697 int (*socket_sock_rcv_skb) (struct sock *sk, struct sk_buff *skb);
1698 int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
1699 int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
1700 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
1701 void (*sk_free_security) (struct sock *sk);
1702 void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
1703 void (*sk_getsecid) (struct sock *sk, u32 *secid);
1704 void (*sock_graft) (struct sock *sk, struct socket *parent);
1705 int (*inet_conn_request) (struct sock *sk, struct sk_buff *skb,
1706 struct request_sock *req);
1707 void (*inet_csk_clone) (struct sock *newsk, const struct request_sock *req);
1708 void (*inet_conn_established) (struct sock *sk, struct sk_buff *skb);
1709 int (*secmark_relabel_packet) (u32 secid);
1710 void (*secmark_refcount_inc) (void);
1711 void (*secmark_refcount_dec) (void);
1712 void (*req_classify_flow) (const struct request_sock *req, struct flowi *fl);
1713 int (*tun_dev_alloc_security) (void **security);
1714 void (*tun_dev_free_security) (void *security);
1715 int (*tun_dev_create) (void);
1716 int (*tun_dev_attach_queue) (void *security);
1717 int (*tun_dev_attach) (struct sock *sk, void *security);
1718 int (*tun_dev_open) (void *security);
1719#endif /* CONFIG_SECURITY_NETWORK */
1720
1721#ifdef CONFIG_SECURITY_NETWORK_XFRM
1722 int (*xfrm_policy_alloc_security) (struct xfrm_sec_ctx **ctxp,
1723 struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp);
1724 int (*xfrm_policy_clone_security) (struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctx);
1725 void (*xfrm_policy_free_security) (struct xfrm_sec_ctx *ctx);
1726 int (*xfrm_policy_delete_security) (struct xfrm_sec_ctx *ctx);
1727 int (*xfrm_state_alloc) (struct xfrm_state *x,
1728 struct xfrm_user_sec_ctx *sec_ctx);
1729 int (*xfrm_state_alloc_acquire) (struct xfrm_state *x,
1730 struct xfrm_sec_ctx *polsec,
1731 u32 secid);
1732 void (*xfrm_state_free_security) (struct xfrm_state *x);
1733 int (*xfrm_state_delete_security) (struct xfrm_state *x);
1734 int (*xfrm_policy_lookup) (struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
1735 int (*xfrm_state_pol_flow_match) (struct xfrm_state *x,
1736 struct xfrm_policy *xp,
1737 const struct flowi *fl);
1738 int (*xfrm_decode_session) (struct sk_buff *skb, u32 *secid, int ckall);
1739#endif /* CONFIG_SECURITY_NETWORK_XFRM */
1740
1741 /* key management security hooks */
1742#ifdef CONFIG_KEYS
1743 int (*key_alloc) (struct key *key, const struct cred *cred, unsigned long flags);
1744 void (*key_free) (struct key *key);
1745 int (*key_permission) (key_ref_t key_ref,
1746 const struct cred *cred,
1747 unsigned perm);
1748 int (*key_getsecurity)(struct key *key, char **_buffer);
1749#endif /* CONFIG_KEYS */
1750
1751#ifdef CONFIG_AUDIT
1752 int (*audit_rule_init) (u32 field, u32 op, char *rulestr, void **lsmrule);
1753 int (*audit_rule_known) (struct audit_krule *krule);
1754 int (*audit_rule_match) (u32 secid, u32 field, u32 op, void *lsmrule,
1755 struct audit_context *actx);
1756 void (*audit_rule_free) (void *lsmrule);
1757#endif /* CONFIG_AUDIT */
1758};
1759 1458
1760/* prototypes */ 1459/* prototypes */
1761extern int security_init(void); 1460extern int security_init(void);
1762extern int security_module_enable(struct security_operations *ops);
1763extern int register_security(struct security_operations *ops);
1764extern void __init security_fixup_ops(struct security_operations *ops);
1765
1766 1461
1767/* Security operations */ 1462/* Security operations */
1768int security_binder_set_context_mgr(struct task_struct *mgr); 1463int security_binder_set_context_mgr(struct task_struct *mgr);
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-25 02:08:06 -0500