diff options
| author | Casey Schaufler <casey@schaufler-ca.com> | 2015-05-02 18:11:36 -0400 |
|---|---|---|
| committer | James Morris <james.l.morris@oracle.com> | 2015-05-12 01:00:36 -0400 |
| commit | e20b043a6902ecb61c2c84355c3bae5149f391db (patch) | |
| tree | f5268475bb8b4bee2fbfafb063c41b02b9769af1 /security/smack | |
| parent | f25fce3e8f1f15d6d2a22620ebf98a68a4641f06 (diff) | |
LSM: Add security module hook list heads
Add a list header for each security hook. They aren't used until
later in the patch series. They are grouped together in a structure
so that there doesn't need to be an external address for each.
Macro-ize the initialization of the security_operations
for each security module in anticipation of changing out
the security_operations structure.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Paul Moore <paul@paul-moore.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security/smack')
| -rw-r--r-- | security/smack/smack_lsm.c | 258 |
1 files changed, 129 insertions, 129 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index b644757886bc..4313bf44c3f0 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -4267,146 +4267,146 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) | |||
| 4267 | } | 4267 | } |
| 4268 | 4268 | ||
| 4269 | struct security_operations smack_ops = { | 4269 | struct security_operations smack_ops = { |
| 4270 | .name = "smack", | 4270 | LSM_HOOK_INIT(name, "smack"), |
| 4271 | 4271 | ||
| 4272 | .ptrace_access_check = smack_ptrace_access_check, | 4272 | LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), |
| 4273 | .ptrace_traceme = smack_ptrace_traceme, | 4273 | LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), |
| 4274 | .syslog = smack_syslog, | 4274 | LSM_HOOK_INIT(syslog, smack_syslog), |
| 4275 | 4275 | ||
| 4276 | .sb_alloc_security = smack_sb_alloc_security, | 4276 | LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), |
| 4277 | .sb_free_security = smack_sb_free_security, | 4277 | LSM_HOOK_INIT(sb_free_security, smack_sb_free_security), |
| 4278 | .sb_copy_data = smack_sb_copy_data, | 4278 | LSM_HOOK_INIT(sb_copy_data, smack_sb_copy_data), |
| 4279 | .sb_kern_mount = smack_sb_kern_mount, | 4279 | LSM_HOOK_INIT(sb_kern_mount, smack_sb_kern_mount), |
| 4280 | .sb_statfs = smack_sb_statfs, | 4280 | LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), |
| 4281 | 4281 | ||
| 4282 | .bprm_set_creds = smack_bprm_set_creds, | 4282 | LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds), |
| 4283 | .bprm_committing_creds = smack_bprm_committing_creds, | 4283 | LSM_HOOK_INIT(bprm_committing_creds, smack_bprm_committing_creds), |
| 4284 | .bprm_secureexec = smack_bprm_secureexec, | 4284 | LSM_HOOK_INIT(bprm_secureexec, smack_bprm_secureexec), |
| 4285 | 4285 | ||
| 4286 | .inode_alloc_security = smack_inode_alloc_security, | 4286 | LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), |
| 4287 | .inode_free_security = smack_inode_free_security, | 4287 | LSM_HOOK_INIT(inode_free_security, smack_inode_free_security), |
| 4288 | .inode_init_security = smack_inode_init_security, | 4288 | LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), |
| 4289 | .inode_link = smack_inode_link, | 4289 | LSM_HOOK_INIT(inode_link, smack_inode_link), |
| 4290 | .inode_unlink = smack_inode_unlink, | 4290 | LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), |
| 4291 | .inode_rmdir = smack_inode_rmdir, | 4291 | LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), |
| 4292 | .inode_rename = smack_inode_rename, | 4292 | LSM_HOOK_INIT(inode_rename, smack_inode_rename), |
| 4293 | .inode_permission = smack_inode_permission, | 4293 | LSM_HOOK_INIT(inode_permission, smack_inode_permission), |
| 4294 | .inode_setattr = smack_inode_setattr, | 4294 | LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), |
| 4295 | .inode_getattr = smack_inode_getattr, | 4295 | LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), |
| 4296 | .inode_setxattr = smack_inode_setxattr, | 4296 | LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), |
| 4297 | .inode_post_setxattr = smack_inode_post_setxattr, | 4297 | LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), |
| 4298 | .inode_getxattr = smack_inode_getxattr, | 4298 | LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), |
| 4299 | .inode_removexattr = smack_inode_removexattr, | 4299 | LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), |
| 4300 | .inode_getsecurity = smack_inode_getsecurity, | 4300 | LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), |
| 4301 | .inode_setsecurity = smack_inode_setsecurity, | 4301 | LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), |
| 4302 | .inode_listsecurity = smack_inode_listsecurity, | 4302 | LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), |
| 4303 | .inode_getsecid = smack_inode_getsecid, | 4303 | LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), |
| 4304 | 4304 | ||
| 4305 | .file_permission = smack_file_permission, | 4305 | LSM_HOOK_INIT(file_permission, smack_file_permission), |
| 4306 | .file_alloc_security = smack_file_alloc_security, | 4306 | LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), |
| 4307 | .file_free_security = smack_file_free_security, | 4307 | LSM_HOOK_INIT(file_free_security, smack_file_free_security), |
| 4308 | .file_ioctl = smack_file_ioctl, | 4308 | LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), |
| 4309 | .file_lock = smack_file_lock, | 4309 | LSM_HOOK_INIT(file_lock, smack_file_lock), |
| 4310 | .file_fcntl = smack_file_fcntl, | 4310 | LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), |
| 4311 | .mmap_file = smack_mmap_file, | 4311 | LSM_HOOK_INIT(mmap_file, smack_mmap_file), |
| 4312 | .mmap_addr = cap_mmap_addr, | 4312 | LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), |
| 4313 | .file_set_fowner = smack_file_set_fowner, | 4313 | LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), |
| 4314 | .file_send_sigiotask = smack_file_send_sigiotask, | 4314 | LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), |
| 4315 | .file_receive = smack_file_receive, | 4315 | LSM_HOOK_INIT(file_receive, smack_file_receive), |
| 4316 | 4316 | ||
| 4317 | .file_open = smack_file_open, | 4317 | LSM_HOOK_INIT(file_open, smack_file_open), |
| 4318 | 4318 | ||
| 4319 | .cred_alloc_blank = smack_cred_alloc_blank, | 4319 | LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), |
| 4320 | .cred_free = smack_cred_free, | 4320 | LSM_HOOK_INIT(cred_free, smack_cred_free), |
| 4321 | .cred_prepare = smack_cred_prepare, | 4321 | LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), |
| 4322 | .cred_transfer = smack_cred_transfer, | 4322 | LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), |
| 4323 | .kernel_act_as = smack_kernel_act_as, | 4323 | LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), |
| 4324 | .kernel_create_files_as = smack_kernel_create_files_as, | 4324 | LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), |
| 4325 | .task_setpgid = smack_task_setpgid, | 4325 | LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), |
| 4326 | .task_getpgid = smack_task_getpgid, | 4326 | LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), |
| 4327 | .task_getsid = smack_task_getsid, | 4327 | LSM_HOOK_INIT(task_getsid, smack_task_getsid), |
| 4328 | .task_getsecid = smack_task_getsecid, | 4328 | LSM_HOOK_INIT(task_getsecid, smack_task_getsecid), |
| 4329 | .task_setnice = smack_task_setnice, | 4329 | LSM_HOOK_INIT(task_setnice, smack_task_setnice), |
| 4330 | .task_setioprio = smack_task_setioprio, | 4330 | LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), |
| 4331 | .task_getioprio = smack_task_getioprio, | 4331 | LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), |
| 4332 | .task_setscheduler = smack_task_setscheduler, | 4332 | LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), |
| 4333 | .task_getscheduler = smack_task_getscheduler, | 4333 | LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), |
| 4334 | .task_movememory = smack_task_movememory, | 4334 | LSM_HOOK_INIT(task_movememory, smack_task_movememory), |
| 4335 | .task_kill = smack_task_kill, | 4335 | LSM_HOOK_INIT(task_kill, smack_task_kill), |
| 4336 | .task_wait = smack_task_wait, | 4336 | LSM_HOOK_INIT(task_wait, smack_task_wait), |
| 4337 | .task_to_inode = smack_task_to_inode, | 4337 | LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), |
| 4338 | 4338 | ||
| 4339 | .ipc_permission = smack_ipc_permission, | 4339 | LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), |
| 4340 | .ipc_getsecid = smack_ipc_getsecid, | 4340 | LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), |
| 4341 | 4341 | ||
| 4342 | .msg_msg_alloc_security = smack_msg_msg_alloc_security, | 4342 | LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), |
| 4343 | .msg_msg_free_security = smack_msg_msg_free_security, | 4343 | LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security), |
| 4344 | 4344 | ||
| 4345 | .msg_queue_alloc_security = smack_msg_queue_alloc_security, | 4345 | LSM_HOOK_INIT(msg_queue_alloc_security, smack_msg_queue_alloc_security), |
| 4346 | .msg_queue_free_security = smack_msg_queue_free_security, | 4346 | LSM_HOOK_INIT(msg_queue_free_security, smack_msg_queue_free_security), |
| 4347 | .msg_queue_associate = smack_msg_queue_associate, | 4347 | LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), |
| 4348 | .msg_queue_msgctl = smack_msg_queue_msgctl, | 4348 | LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), |
| 4349 | .msg_queue_msgsnd = smack_msg_queue_msgsnd, | 4349 | LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), |
| 4350 | .msg_queue_msgrcv = smack_msg_queue_msgrcv, | 4350 | LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), |
| 4351 | 4351 | ||
| 4352 | .shm_alloc_security = smack_shm_alloc_security, | 4352 | LSM_HOOK_INIT(shm_alloc_security, smack_shm_alloc_security), |
| 4353 | .shm_free_security = smack_shm_free_security, | 4353 | LSM_HOOK_INIT(shm_free_security, smack_shm_free_security), |
| 4354 | .shm_associate = smack_shm_associate, | 4354 | LSM_HOOK_INIT(shm_associate, smack_shm_associate), |
| 4355 | .shm_shmctl = smack_shm_shmctl, | 4355 | LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), |
| 4356 | .shm_shmat = smack_shm_shmat, | 4356 | LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), |
| 4357 | 4357 | ||
| 4358 | .sem_alloc_security = smack_sem_alloc_security, | 4358 | LSM_HOOK_INIT(sem_alloc_security, smack_sem_alloc_security), |
| 4359 | .sem_free_security = smack_sem_free_security, | 4359 | LSM_HOOK_INIT(sem_free_security, smack_sem_free_security), |
| 4360 | .sem_associate = smack_sem_associate, | 4360 | LSM_HOOK_INIT(sem_associate, smack_sem_associate), |
| 4361 | .sem_semctl = smack_sem_semctl, | 4361 | LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), |
| 4362 | .sem_semop = smack_sem_semop, | 4362 | LSM_HOOK_INIT(sem_semop, smack_sem_semop), |
| 4363 | 4363 | ||
| 4364 | .d_instantiate = smack_d_instantiate, | 4364 | LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), |
| 4365 | 4365 | ||
| 4366 | .getprocattr = smack_getprocattr, | 4366 | LSM_HOOK_INIT(getprocattr, smack_getprocattr), |
| 4367 | .setprocattr = smack_setprocattr, | 4367 | LSM_HOOK_INIT(setprocattr, smack_setprocattr), |
| 4368 | 4368 | ||
| 4369 | .unix_stream_connect = smack_unix_stream_connect, | 4369 | LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), |
| 4370 | .unix_may_send = smack_unix_may_send, | 4370 | LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), |
| 4371 | 4371 | ||
| 4372 | .socket_post_create = smack_socket_post_create, | 4372 | LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), |
| 4373 | #ifndef CONFIG_SECURITY_SMACK_NETFILTER | 4373 | #ifndef CONFIG_SECURITY_SMACK_NETFILTER |
| 4374 | .socket_bind = smack_socket_bind, | 4374 | LSM_HOOK_INIT(socket_bind, smack_socket_bind), |
| 4375 | #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ | 4375 | #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ |
| 4376 | .socket_connect = smack_socket_connect, | 4376 | LSM_HOOK_INIT(socket_connect, smack_socket_connect), |
| 4377 | .socket_sendmsg = smack_socket_sendmsg, | 4377 | LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), |
| 4378 | .socket_sock_rcv_skb = smack_socket_sock_rcv_skb, | 4378 | LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), |
| 4379 | .socket_getpeersec_stream = smack_socket_getpeersec_stream, | 4379 | LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), |
| 4380 | .socket_getpeersec_dgram = smack_socket_getpeersec_dgram, | 4380 | LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), |
| 4381 | .sk_alloc_security = smack_sk_alloc_security, | 4381 | LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), |
| 4382 | .sk_free_security = smack_sk_free_security, | 4382 | LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), |
| 4383 | .sock_graft = smack_sock_graft, | 4383 | LSM_HOOK_INIT(sock_graft, smack_sock_graft), |
| 4384 | .inet_conn_request = smack_inet_conn_request, | 4384 | LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), |
| 4385 | .inet_csk_clone = smack_inet_csk_clone, | 4385 | LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), |
| 4386 | 4386 | ||
| 4387 | /* key management security hooks */ | 4387 | /* key management security hooks */ |
| 4388 | #ifdef CONFIG_KEYS | 4388 | #ifdef CONFIG_KEYS |
| 4389 | .key_alloc = smack_key_alloc, | 4389 | LSM_HOOK_INIT(key_alloc, smack_key_alloc), |
| 4390 | .key_free = smack_key_free, | 4390 | LSM_HOOK_INIT(key_free, smack_key_free), |
| 4391 | .key_permission = smack_key_permission, | 4391 | LSM_HOOK_INIT(key_permission, smack_key_permission), |
| 4392 | .key_getsecurity = smack_key_getsecurity, | 4392 | LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), |
| 4393 | #endif /* CONFIG_KEYS */ | 4393 | #endif /* CONFIG_KEYS */ |
| 4394 | 4394 | ||
| 4395 | /* Audit hooks */ | 4395 | /* Audit hooks */ |
| 4396 | #ifdef CONFIG_AUDIT | 4396 | #ifdef CONFIG_AUDIT |
| 4397 | .audit_rule_init = smack_audit_rule_init, | 4397 | LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), |
| 4398 | .audit_rule_known = smack_audit_rule_known, | 4398 | LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), |
| 4399 | .audit_rule_match = smack_audit_rule_match, | 4399 | LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), |
| 4400 | .audit_rule_free = smack_audit_rule_free, | 4400 | LSM_HOOK_INIT(audit_rule_free, smack_audit_rule_free), |
| 4401 | #endif /* CONFIG_AUDIT */ | 4401 | #endif /* CONFIG_AUDIT */ |
| 4402 | 4402 | ||
| 4403 | .ismaclabel = smack_ismaclabel, | 4403 | LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), |
| 4404 | .secid_to_secctx = smack_secid_to_secctx, | 4404 | LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), |
| 4405 | .secctx_to_secid = smack_secctx_to_secid, | 4405 | LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), |
| 4406 | .release_secctx = smack_release_secctx, | 4406 | LSM_HOOK_INIT(release_secctx, smack_release_secctx), |
| 4407 | .inode_notifysecctx = smack_inode_notifysecctx, | 4407 | LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), |
| 4408 | .inode_setsecctx = smack_inode_setsecctx, | 4408 | LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), |
| 4409 | .inode_getsecctx = smack_inode_getsecctx, | 4409 | LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), |
| 4410 | }; | 4410 | }; |
| 4411 | 4411 | ||
| 4412 | 4412 | ||