diff options
Diffstat (limited to 'include/linux/security.h')
-rw-r--r-- | include/linux/security.h | 344 |
1 files changed, 164 insertions, 180 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index e3d4ecda2673..3416cb85e77b 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -37,6 +37,10 @@ | |||
37 | /* Maximum number of letters for an LSM name string */ | 37 | /* Maximum number of letters for an LSM name string */ |
38 | #define SECURITY_NAME_MAX 10 | 38 | #define SECURITY_NAME_MAX 10 |
39 | 39 | ||
40 | /* If capable should audit the security request */ | ||
41 | #define SECURITY_CAP_NOAUDIT 0 | ||
42 | #define SECURITY_CAP_AUDIT 1 | ||
43 | |||
40 | struct ctl_table; | 44 | struct ctl_table; |
41 | struct audit_krule; | 45 | struct audit_krule; |
42 | 46 | ||
@@ -44,25 +48,25 @@ struct audit_krule; | |||
44 | * These functions are in security/capability.c and are used | 48 | * These functions are in security/capability.c and are used |
45 | * as the default capabilities functions | 49 | * as the default capabilities functions |
46 | */ | 50 | */ |
47 | extern int cap_capable(struct task_struct *tsk, int cap); | 51 | extern int cap_capable(struct task_struct *tsk, int cap, int audit); |
48 | extern int cap_settime(struct timespec *ts, struct timezone *tz); | 52 | extern int cap_settime(struct timespec *ts, struct timezone *tz); |
49 | extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); | 53 | extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); |
50 | extern int cap_ptrace_traceme(struct task_struct *parent); | 54 | extern int cap_ptrace_traceme(struct task_struct *parent); |
51 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 55 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); |
52 | extern int cap_capset_check(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 56 | extern int cap_capset(struct cred *new, const struct cred *old, |
53 | extern void cap_capset_set(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 57 | const kernel_cap_t *effective, |
54 | extern int cap_bprm_set_security(struct linux_binprm *bprm); | 58 | const kernel_cap_t *inheritable, |
55 | extern void cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); | 59 | const kernel_cap_t *permitted); |
60 | extern int cap_bprm_set_creds(struct linux_binprm *bprm); | ||
56 | extern int cap_bprm_secureexec(struct linux_binprm *bprm); | 61 | extern int cap_bprm_secureexec(struct linux_binprm *bprm); |
57 | extern int cap_inode_setxattr(struct dentry *dentry, const char *name, | 62 | extern int cap_inode_setxattr(struct dentry *dentry, const char *name, |
58 | const void *value, size_t size, int flags); | 63 | const void *value, size_t size, int flags); |
59 | extern int cap_inode_removexattr(struct dentry *dentry, const char *name); | 64 | extern int cap_inode_removexattr(struct dentry *dentry, const char *name); |
60 | extern int cap_inode_need_killpriv(struct dentry *dentry); | 65 | extern int cap_inode_need_killpriv(struct dentry *dentry); |
61 | extern int cap_inode_killpriv(struct dentry *dentry); | 66 | extern int cap_inode_killpriv(struct dentry *dentry); |
62 | extern int cap_task_post_setuid(uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); | 67 | extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags); |
63 | extern void cap_task_reparent_to_init(struct task_struct *p); | ||
64 | extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | 68 | extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
65 | unsigned long arg4, unsigned long arg5, long *rc_p); | 69 | unsigned long arg4, unsigned long arg5); |
66 | extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp); | 70 | extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp); |
67 | extern int cap_task_setioprio(struct task_struct *p, int ioprio); | 71 | extern int cap_task_setioprio(struct task_struct *p, int ioprio); |
68 | extern int cap_task_setnice(struct task_struct *p, int nice); | 72 | extern int cap_task_setnice(struct task_struct *p, int nice); |
@@ -105,7 +109,7 @@ extern unsigned long mmap_min_addr; | |||
105 | struct sched_param; | 109 | struct sched_param; |
106 | struct request_sock; | 110 | struct request_sock; |
107 | 111 | ||
108 | /* bprm_apply_creds unsafe reasons */ | 112 | /* bprm->unsafe reasons */ |
109 | #define LSM_UNSAFE_SHARE 1 | 113 | #define LSM_UNSAFE_SHARE 1 |
110 | #define LSM_UNSAFE_PTRACE 2 | 114 | #define LSM_UNSAFE_PTRACE 2 |
111 | #define LSM_UNSAFE_PTRACE_CAP 4 | 115 | #define LSM_UNSAFE_PTRACE_CAP 4 |
@@ -149,36 +153,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
149 | * | 153 | * |
150 | * Security hooks for program execution operations. | 154 | * Security hooks for program execution operations. |
151 | * | 155 | * |
152 | * @bprm_alloc_security: | 156 | * @bprm_set_creds: |
153 | * Allocate and attach a security structure to the @bprm->security field. | ||
154 | * The security field is initialized to NULL when the bprm structure is | ||
155 | * allocated. | ||
156 | * @bprm contains the linux_binprm structure to be modified. | ||
157 | * Return 0 if operation was successful. | ||
158 | * @bprm_free_security: | ||
159 | * @bprm contains the linux_binprm structure to be modified. | ||
160 | * Deallocate and clear the @bprm->security field. | ||
161 | * @bprm_apply_creds: | ||
162 | * Compute and set the security attributes of a process being transformed | ||
163 | * by an execve operation based on the old attributes (current->security) | ||
164 | * and the information saved in @bprm->security by the set_security hook. | ||
165 | * Since this hook function (and its caller) are void, this hook can not | ||
166 | * return an error. However, it can leave the security attributes of the | ||
167 | * process unchanged if an access failure occurs at this point. | ||
168 | * bprm_apply_creds is called under task_lock. @unsafe indicates various | ||
169 | * reasons why it may be unsafe to change security state. | ||
170 | * @bprm contains the linux_binprm structure. | ||
171 | * @bprm_post_apply_creds: | ||
172 | * Runs after bprm_apply_creds with the task_lock dropped, so that | ||
173 | * functions which cannot be called safely under the task_lock can | ||
174 | * be used. This hook is a good place to perform state changes on | ||
175 | * the process such as closing open file descriptors to which access | ||
176 | * is no longer granted if the attributes were changed. | ||
177 | * Note that a security module might need to save state between | ||
178 | * bprm_apply_creds and bprm_post_apply_creds to store the decision | ||
179 | * on whether the process may proceed. | ||
180 | * @bprm contains the linux_binprm structure. | ||
181 | * @bprm_set_security: | ||
182 | * Save security information in the bprm->security field, typically based | 157 | * Save security information in the bprm->security field, typically based |
183 | * on information about the bprm->file, for later use by the apply_creds | 158 | * on information about the bprm->file, for later use by the apply_creds |
184 | * hook. This hook may also optionally check permissions (e.g. for | 159 | * hook. This hook may also optionally check permissions (e.g. for |
@@ -191,15 +166,30 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
191 | * @bprm contains the linux_binprm structure. | 166 | * @bprm contains the linux_binprm structure. |
192 | * Return 0 if the hook is successful and permission is granted. | 167 | * Return 0 if the hook is successful and permission is granted. |
193 | * @bprm_check_security: | 168 | * @bprm_check_security: |
194 | * This hook mediates the point when a search for a binary handler will | 169 | * This hook mediates the point when a search for a binary handler will |
195 | * begin. It allows a check the @bprm->security value which is set in | 170 | * begin. It allows a check the @bprm->security value which is set in the |
196 | * the preceding set_security call. The primary difference from | 171 | * preceding set_creds call. The primary difference from set_creds is |
197 | * set_security is that the argv list and envp list are reliably | 172 | * that the argv list and envp list are reliably available in @bprm. This |
198 | * available in @bprm. This hook may be called multiple times | 173 | * hook may be called multiple times during a single execve; and in each |
199 | * during a single execve; and in each pass set_security is called | 174 | * pass set_creds is called first. |
200 | * first. | ||
201 | * @bprm contains the linux_binprm structure. | 175 | * @bprm contains the linux_binprm structure. |
202 | * Return 0 if the hook is successful and permission is granted. | 176 | * Return 0 if the hook is successful and permission is granted. |
177 | * @bprm_committing_creds: | ||
178 | * Prepare to install the new security attributes of a process being | ||
179 | * transformed by an execve operation, based on the old credentials | ||
180 | * pointed to by @current->cred and the information set in @bprm->cred by | ||
181 | * the bprm_set_creds hook. @bprm points to the linux_binprm structure. | ||
182 | * This hook is a good place to perform state changes on the process such | ||
183 | * as closing open file descriptors to which access will no longer be | ||
184 | * granted when the attributes are changed. This is called immediately | ||
185 | * before commit_creds(). | ||
186 | * @bprm_committed_creds: | ||
187 | * Tidy up after the installation of the new security attributes of a | ||
188 | * process being transformed by an execve operation. The new credentials | ||
189 | * have, by this point, been set to @current->cred. @bprm points to the | ||
190 | * linux_binprm structure. This hook is a good place to perform state | ||
191 | * changes on the process such as clearing out non-inheritable signal | ||
192 | * state. This is called immediately after commit_creds(). | ||
203 | * @bprm_secureexec: | 193 | * @bprm_secureexec: |
204 | * Return a boolean value (0 or 1) indicating whether a "secure exec" | 194 | * Return a boolean value (0 or 1) indicating whether a "secure exec" |
205 | * is required. The flag is passed in the auxiliary table | 195 | * is required. The flag is passed in the auxiliary table |
@@ -585,15 +575,31 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
585 | * manual page for definitions of the @clone_flags. | 575 | * manual page for definitions of the @clone_flags. |
586 | * @clone_flags contains the flags indicating what should be shared. | 576 | * @clone_flags contains the flags indicating what should be shared. |
587 | * Return 0 if permission is granted. | 577 | * Return 0 if permission is granted. |
588 | * @task_alloc_security: | 578 | * @cred_free: |
589 | * @p contains the task_struct for child process. | 579 | * @cred points to the credentials. |
590 | * Allocate and attach a security structure to the p->security field. The | 580 | * Deallocate and clear the cred->security field in a set of credentials. |
591 | * security field is initialized to NULL when the task structure is | 581 | * @cred_prepare: |
592 | * allocated. | 582 | * @new points to the new credentials. |
593 | * Return 0 if operation was successful. | 583 | * @old points to the original credentials. |
594 | * @task_free_security: | 584 | * @gfp indicates the atomicity of any memory allocations. |
595 | * @p contains the task_struct for process. | 585 | * Prepare a new set of credentials by copying the data from the old set. |
596 | * Deallocate and clear the p->security field. | 586 | * @cred_commit: |
587 | * @new points to the new credentials. | ||
588 | * @old points to the original credentials. | ||
589 | * Install a new set of credentials. | ||
590 | * @kernel_act_as: | ||
591 | * Set the credentials for a kernel service to act as (subjective context). | ||
592 | * @new points to the credentials to be modified. | ||
593 | * @secid specifies the security ID to be set | ||
594 | * The current task must be the one that nominated @secid. | ||
595 | * Return 0 if successful. | ||
596 | * @kernel_create_files_as: | ||
597 | * Set the file creation context in a set of credentials to be the same as | ||
598 | * the objective context of the specified inode. | ||
599 | * @new points to the credentials to be modified. | ||
600 | * @inode points to the inode to use as a reference. | ||
601 | * The current task must be the one that nominated @inode. | ||
602 | * Return 0 if successful. | ||
597 | * @task_setuid: | 603 | * @task_setuid: |
598 | * Check permission before setting one or more of the user identity | 604 | * Check permission before setting one or more of the user identity |
599 | * attributes of the current process. The @flags parameter indicates | 605 | * attributes of the current process. The @flags parameter indicates |
@@ -606,15 +612,13 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
606 | * @id2 contains a uid. | 612 | * @id2 contains a uid. |
607 | * @flags contains one of the LSM_SETID_* values. | 613 | * @flags contains one of the LSM_SETID_* values. |
608 | * Return 0 if permission is granted. | 614 | * Return 0 if permission is granted. |
609 | * @task_post_setuid: | 615 | * @task_fix_setuid: |
610 | * Update the module's state after setting one or more of the user | 616 | * Update the module's state after setting one or more of the user |
611 | * identity attributes of the current process. The @flags parameter | 617 | * identity attributes of the current process. The @flags parameter |
612 | * indicates which of the set*uid system calls invoked this hook. If | 618 | * indicates which of the set*uid system calls invoked this hook. If |
613 | * @flags is LSM_SETID_FS, then @old_ruid is the old fs uid and the other | 619 | * @new is the set of credentials that will be installed. Modifications |
614 | * parameters are not used. | 620 | * should be made to this rather than to @current->cred. |
615 | * @old_ruid contains the old real uid (or fs uid if LSM_SETID_FS). | 621 | * @old is the set of credentials that are being replaces |
616 | * @old_euid contains the old effective uid (or -1 if LSM_SETID_FS). | ||
617 | * @old_suid contains the old saved uid (or -1 if LSM_SETID_FS). | ||
618 | * @flags contains one of the LSM_SETID_* values. | 622 | * @flags contains one of the LSM_SETID_* values. |
619 | * Return 0 on success. | 623 | * Return 0 on success. |
620 | * @task_setgid: | 624 | * @task_setgid: |
@@ -717,13 +721,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
717 | * @arg3 contains a argument. | 721 | * @arg3 contains a argument. |
718 | * @arg4 contains a argument. | 722 | * @arg4 contains a argument. |
719 | * @arg5 contains a argument. | 723 | * @arg5 contains a argument. |
720 | * @rc_p contains a pointer to communicate back the forced return code | 724 | * Return -ENOSYS if no-one wanted to handle this op, any other value to |
721 | * Return 0 if permission is granted, and non-zero if the security module | 725 | * cause prctl() to return immediately with that value. |
722 | * has taken responsibility (setting *rc_p) for the prctl call. | ||
723 | * @task_reparent_to_init: | ||
724 | * Set the security attributes in @p->security for a kernel thread that | ||
725 | * is being reparented to the init task. | ||
726 | * @p contains the task_struct for the kernel thread. | ||
727 | * @task_to_inode: | 726 | * @task_to_inode: |
728 | * Set the security attributes for an inode based on an associated task's | 727 | * Set the security attributes for an inode based on an associated task's |
729 | * security attributes, e.g. for /proc/pid inodes. | 728 | * security attributes, e.g. for /proc/pid inodes. |
@@ -1000,7 +999,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1000 | * See whether a specific operational right is granted to a process on a | 999 | * See whether a specific operational right is granted to a process on a |
1001 | * key. | 1000 | * key. |
1002 | * @key_ref refers to the key (key pointer + possession attribute bit). | 1001 | * @key_ref refers to the key (key pointer + possession attribute bit). |
1003 | * @context points to the process to provide the context against which to | 1002 | * @cred points to the credentials to provide the context against which to |
1004 | * evaluate the security data on the key. | 1003 | * evaluate the security data on the key. |
1005 | * @perm describes the combination of permissions required of this key. | 1004 | * @perm describes the combination of permissions required of this key. |
1006 | * Return 1 if permission granted, 0 if permission denied and -ve it the | 1005 | * Return 1 if permission granted, 0 if permission denied and -ve it the |
@@ -1162,6 +1161,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1162 | * @child process. | 1161 | * @child process. |
1163 | * Security modules may also want to perform a process tracing check | 1162 | * Security modules may also want to perform a process tracing check |
1164 | * during an execve in the set_security or apply_creds hooks of | 1163 | * during an execve in the set_security or apply_creds hooks of |
1164 | * tracing check during an execve in the bprm_set_creds hook of | ||
1165 | * binprm_security_ops if the process is being traced and its security | 1165 | * binprm_security_ops if the process is being traced and its security |
1166 | * attributes would be changed by the execve. | 1166 | * attributes would be changed by the execve. |
1167 | * @child contains the task_struct structure for the target process. | 1167 | * @child contains the task_struct structure for the target process. |
@@ -1185,29 +1185,15 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1185 | * @inheritable contains the inheritable capability set. | 1185 | * @inheritable contains the inheritable capability set. |
1186 | * @permitted contains the permitted capability set. | 1186 | * @permitted contains the permitted capability set. |
1187 | * Return 0 if the capability sets were successfully obtained. | 1187 | * Return 0 if the capability sets were successfully obtained. |
1188 | * @capset_check: | 1188 | * @capset: |
1189 | * Check permission before setting the @effective, @inheritable, and | ||
1190 | * @permitted capability sets for the @target process. | ||
1191 | * Caveat: @target is also set to current if a set of processes is | ||
1192 | * specified (i.e. all processes other than current and init or a | ||
1193 | * particular process group). Hence, the capset_set hook may need to | ||
1194 | * revalidate permission to the actual target process. | ||
1195 | * @target contains the task_struct structure for target process. | ||
1196 | * @effective contains the effective capability set. | ||
1197 | * @inheritable contains the inheritable capability set. | ||
1198 | * @permitted contains the permitted capability set. | ||
1199 | * Return 0 if permission is granted. | ||
1200 | * @capset_set: | ||
1201 | * Set the @effective, @inheritable, and @permitted capability sets for | 1189 | * Set the @effective, @inheritable, and @permitted capability sets for |
1202 | * the @target process. Since capset_check cannot always check permission | 1190 | * the current process. |
1203 | * to the real @target process, this hook may also perform permission | 1191 | * @new contains the new credentials structure for target process. |
1204 | * checking to determine if the current process is allowed to set the | 1192 | * @old contains the current credentials structure for target process. |
1205 | * capability sets of the @target process. However, this hook has no way | ||
1206 | * of returning an error due to the structure of the sys_capset code. | ||
1207 | * @target contains the task_struct structure for target process. | ||
1208 | * @effective contains the effective capability set. | 1193 | * @effective contains the effective capability set. |
1209 | * @inheritable contains the inheritable capability set. | 1194 | * @inheritable contains the inheritable capability set. |
1210 | * @permitted contains the permitted capability set. | 1195 | * @permitted contains the permitted capability set. |
1196 | * Return 0 and update @new if permission is granted. | ||
1211 | * @capable: | 1197 | * @capable: |
1212 | * Check whether the @tsk process has the @cap capability. | 1198 | * Check whether the @tsk process has the @cap capability. |
1213 | * @tsk contains the task_struct for the process. | 1199 | * @tsk contains the task_struct for the process. |
@@ -1299,15 +1285,12 @@ struct security_operations { | |||
1299 | int (*capget) (struct task_struct *target, | 1285 | int (*capget) (struct task_struct *target, |
1300 | kernel_cap_t *effective, | 1286 | kernel_cap_t *effective, |
1301 | kernel_cap_t *inheritable, kernel_cap_t *permitted); | 1287 | kernel_cap_t *inheritable, kernel_cap_t *permitted); |
1302 | int (*capset_check) (struct task_struct *target, | 1288 | int (*capset) (struct cred *new, |
1303 | kernel_cap_t *effective, | 1289 | const struct cred *old, |
1304 | kernel_cap_t *inheritable, | 1290 | const kernel_cap_t *effective, |
1305 | kernel_cap_t *permitted); | 1291 | const kernel_cap_t *inheritable, |
1306 | void (*capset_set) (struct task_struct *target, | 1292 | const kernel_cap_t *permitted); |
1307 | kernel_cap_t *effective, | 1293 | int (*capable) (struct task_struct *tsk, int cap, int audit); |
1308 | kernel_cap_t *inheritable, | ||
1309 | kernel_cap_t *permitted); | ||
1310 | int (*capable) (struct task_struct *tsk, int cap); | ||
1311 | int (*acct) (struct file *file); | 1294 | int (*acct) (struct file *file); |
1312 | int (*sysctl) (struct ctl_table *table, int op); | 1295 | int (*sysctl) (struct ctl_table *table, int op); |
1313 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); | 1296 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); |
@@ -1316,18 +1299,16 @@ struct security_operations { | |||
1316 | int (*settime) (struct timespec *ts, struct timezone *tz); | 1299 | int (*settime) (struct timespec *ts, struct timezone *tz); |
1317 | int (*vm_enough_memory) (struct mm_struct *mm, long pages); | 1300 | int (*vm_enough_memory) (struct mm_struct *mm, long pages); |
1318 | 1301 | ||
1319 | int (*bprm_alloc_security) (struct linux_binprm *bprm); | 1302 | int (*bprm_set_creds) (struct linux_binprm *bprm); |
1320 | void (*bprm_free_security) (struct linux_binprm *bprm); | ||
1321 | void (*bprm_apply_creds) (struct linux_binprm *bprm, int unsafe); | ||
1322 | void (*bprm_post_apply_creds) (struct linux_binprm *bprm); | ||
1323 | int (*bprm_set_security) (struct linux_binprm *bprm); | ||
1324 | int (*bprm_check_security) (struct linux_binprm *bprm); | 1303 | int (*bprm_check_security) (struct linux_binprm *bprm); |
1325 | int (*bprm_secureexec) (struct linux_binprm *bprm); | 1304 | int (*bprm_secureexec) (struct linux_binprm *bprm); |
1305 | void (*bprm_committing_creds) (struct linux_binprm *bprm); | ||
1306 | void (*bprm_committed_creds) (struct linux_binprm *bprm); | ||
1326 | 1307 | ||
1327 | int (*sb_alloc_security) (struct super_block *sb); | 1308 | int (*sb_alloc_security) (struct super_block *sb); |
1328 | void (*sb_free_security) (struct super_block *sb); | 1309 | void (*sb_free_security) (struct super_block *sb); |
1329 | int (*sb_copy_data) (char *orig, char *copy); | 1310 | int (*sb_copy_data) (char *orig, char *copy); |
1330 | int (*sb_kern_mount) (struct super_block *sb, void *data); | 1311 | int (*sb_kern_mount) (struct super_block *sb, int flags, void *data); |
1331 | int (*sb_show_options) (struct seq_file *m, struct super_block *sb); | 1312 | int (*sb_show_options) (struct seq_file *m, struct super_block *sb); |
1332 | int (*sb_statfs) (struct dentry *dentry); | 1313 | int (*sb_statfs) (struct dentry *dentry); |
1333 | int (*sb_mount) (char *dev_name, struct path *path, | 1314 | int (*sb_mount) (char *dev_name, struct path *path, |
@@ -1406,14 +1387,18 @@ struct security_operations { | |||
1406 | int (*file_send_sigiotask) (struct task_struct *tsk, | 1387 | int (*file_send_sigiotask) (struct task_struct *tsk, |
1407 | struct fown_struct *fown, int sig); | 1388 | struct fown_struct *fown, int sig); |
1408 | int (*file_receive) (struct file *file); | 1389 | int (*file_receive) (struct file *file); |
1409 | int (*dentry_open) (struct file *file); | 1390 | int (*dentry_open) (struct file *file, const struct cred *cred); |
1410 | 1391 | ||
1411 | int (*task_create) (unsigned long clone_flags); | 1392 | int (*task_create) (unsigned long clone_flags); |
1412 | int (*task_alloc_security) (struct task_struct *p); | 1393 | void (*cred_free) (struct cred *cred); |
1413 | void (*task_free_security) (struct task_struct *p); | 1394 | int (*cred_prepare)(struct cred *new, const struct cred *old, |
1395 | gfp_t gfp); | ||
1396 | void (*cred_commit)(struct cred *new, const struct cred *old); | ||
1397 | int (*kernel_act_as)(struct cred *new, u32 secid); | ||
1398 | int (*kernel_create_files_as)(struct cred *new, struct inode *inode); | ||
1414 | int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); | 1399 | int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); |
1415 | int (*task_post_setuid) (uid_t old_ruid /* or fsuid */ , | 1400 | int (*task_fix_setuid) (struct cred *new, const struct cred *old, |
1416 | uid_t old_euid, uid_t old_suid, int flags); | 1401 | int flags); |
1417 | int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); | 1402 | int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); |
1418 | int (*task_setpgid) (struct task_struct *p, pid_t pgid); | 1403 | int (*task_setpgid) (struct task_struct *p, pid_t pgid); |
1419 | int (*task_getpgid) (struct task_struct *p); | 1404 | int (*task_getpgid) (struct task_struct *p); |
@@ -1433,8 +1418,7 @@ struct security_operations { | |||
1433 | int (*task_wait) (struct task_struct *p); | 1418 | int (*task_wait) (struct task_struct *p); |
1434 | int (*task_prctl) (int option, unsigned long arg2, | 1419 | int (*task_prctl) (int option, unsigned long arg2, |
1435 | unsigned long arg3, unsigned long arg4, | 1420 | unsigned long arg3, unsigned long arg4, |
1436 | unsigned long arg5, long *rc_p); | 1421 | unsigned long arg5); |
1437 | void (*task_reparent_to_init) (struct task_struct *p); | ||
1438 | void (*task_to_inode) (struct task_struct *p, struct inode *inode); | 1422 | void (*task_to_inode) (struct task_struct *p, struct inode *inode); |
1439 | 1423 | ||
1440 | int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag); | 1424 | int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag); |
@@ -1539,10 +1523,10 @@ struct security_operations { | |||
1539 | 1523 | ||
1540 | /* key management security hooks */ | 1524 | /* key management security hooks */ |
1541 | #ifdef CONFIG_KEYS | 1525 | #ifdef CONFIG_KEYS |
1542 | int (*key_alloc) (struct key *key, struct task_struct *tsk, unsigned long flags); | 1526 | int (*key_alloc) (struct key *key, const struct cred *cred, unsigned long flags); |
1543 | void (*key_free) (struct key *key); | 1527 | void (*key_free) (struct key *key); |
1544 | int (*key_permission) (key_ref_t key_ref, | 1528 | int (*key_permission) (key_ref_t key_ref, |
1545 | struct task_struct *context, | 1529 | const struct cred *cred, |
1546 | key_perm_t perm); | 1530 | key_perm_t perm); |
1547 | int (*key_getsecurity)(struct key *key, char **_buffer); | 1531 | int (*key_getsecurity)(struct key *key, char **_buffer); |
1548 | #endif /* CONFIG_KEYS */ | 1532 | #endif /* CONFIG_KEYS */ |
@@ -1568,15 +1552,12 @@ int security_capget(struct task_struct *target, | |||
1568 | kernel_cap_t *effective, | 1552 | kernel_cap_t *effective, |
1569 | kernel_cap_t *inheritable, | 1553 | kernel_cap_t *inheritable, |
1570 | kernel_cap_t *permitted); | 1554 | kernel_cap_t *permitted); |
1571 | int security_capset_check(struct task_struct *target, | 1555 | int security_capset(struct cred *new, const struct cred *old, |
1572 | kernel_cap_t *effective, | 1556 | const kernel_cap_t *effective, |
1573 | kernel_cap_t *inheritable, | 1557 | const kernel_cap_t *inheritable, |
1574 | kernel_cap_t *permitted); | 1558 | const kernel_cap_t *permitted); |
1575 | void security_capset_set(struct task_struct *target, | ||
1576 | kernel_cap_t *effective, | ||
1577 | kernel_cap_t *inheritable, | ||
1578 | kernel_cap_t *permitted); | ||
1579 | int security_capable(struct task_struct *tsk, int cap); | 1559 | int security_capable(struct task_struct *tsk, int cap); |
1560 | int security_capable_noaudit(struct task_struct *tsk, int cap); | ||
1580 | int security_acct(struct file *file); | 1561 | int security_acct(struct file *file); |
1581 | int security_sysctl(struct ctl_table *table, int op); | 1562 | int security_sysctl(struct ctl_table *table, int op); |
1582 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); | 1563 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); |
@@ -1586,17 +1567,15 @@ int security_settime(struct timespec *ts, struct timezone *tz); | |||
1586 | int security_vm_enough_memory(long pages); | 1567 | int security_vm_enough_memory(long pages); |
1587 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); | 1568 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); |
1588 | int security_vm_enough_memory_kern(long pages); | 1569 | int security_vm_enough_memory_kern(long pages); |
1589 | int security_bprm_alloc(struct linux_binprm *bprm); | 1570 | int security_bprm_set_creds(struct linux_binprm *bprm); |
1590 | void security_bprm_free(struct linux_binprm *bprm); | ||
1591 | void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); | ||
1592 | void security_bprm_post_apply_creds(struct linux_binprm *bprm); | ||
1593 | int security_bprm_set(struct linux_binprm *bprm); | ||
1594 | int security_bprm_check(struct linux_binprm *bprm); | 1571 | int security_bprm_check(struct linux_binprm *bprm); |
1572 | void security_bprm_committing_creds(struct linux_binprm *bprm); | ||
1573 | void security_bprm_committed_creds(struct linux_binprm *bprm); | ||
1595 | int security_bprm_secureexec(struct linux_binprm *bprm); | 1574 | int security_bprm_secureexec(struct linux_binprm *bprm); |
1596 | int security_sb_alloc(struct super_block *sb); | 1575 | int security_sb_alloc(struct super_block *sb); |
1597 | void security_sb_free(struct super_block *sb); | 1576 | void security_sb_free(struct super_block *sb); |
1598 | int security_sb_copy_data(char *orig, char *copy); | 1577 | int security_sb_copy_data(char *orig, char *copy); |
1599 | int security_sb_kern_mount(struct super_block *sb, void *data); | 1578 | int security_sb_kern_mount(struct super_block *sb, int flags, void *data); |
1600 | int security_sb_show_options(struct seq_file *m, struct super_block *sb); | 1579 | int security_sb_show_options(struct seq_file *m, struct super_block *sb); |
1601 | int security_sb_statfs(struct dentry *dentry); | 1580 | int security_sb_statfs(struct dentry *dentry); |
1602 | int security_sb_mount(char *dev_name, struct path *path, | 1581 | int security_sb_mount(char *dev_name, struct path *path, |
@@ -1663,13 +1642,16 @@ int security_file_set_fowner(struct file *file); | |||
1663 | int security_file_send_sigiotask(struct task_struct *tsk, | 1642 | int security_file_send_sigiotask(struct task_struct *tsk, |
1664 | struct fown_struct *fown, int sig); | 1643 | struct fown_struct *fown, int sig); |
1665 | int security_file_receive(struct file *file); | 1644 | int security_file_receive(struct file *file); |
1666 | int security_dentry_open(struct file *file); | 1645 | int security_dentry_open(struct file *file, const struct cred *cred); |
1667 | int security_task_create(unsigned long clone_flags); | 1646 | int security_task_create(unsigned long clone_flags); |
1668 | int security_task_alloc(struct task_struct *p); | 1647 | void security_cred_free(struct cred *cred); |
1669 | void security_task_free(struct task_struct *p); | 1648 | int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); |
1649 | void security_commit_creds(struct cred *new, const struct cred *old); | ||
1650 | int security_kernel_act_as(struct cred *new, u32 secid); | ||
1651 | int security_kernel_create_files_as(struct cred *new, struct inode *inode); | ||
1670 | int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); | 1652 | int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); |
1671 | int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, | 1653 | int security_task_fix_setuid(struct cred *new, const struct cred *old, |
1672 | uid_t old_suid, int flags); | 1654 | int flags); |
1673 | int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); | 1655 | int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); |
1674 | int security_task_setpgid(struct task_struct *p, pid_t pgid); | 1656 | int security_task_setpgid(struct task_struct *p, pid_t pgid); |
1675 | int security_task_getpgid(struct task_struct *p); | 1657 | int security_task_getpgid(struct task_struct *p); |
@@ -1688,8 +1670,7 @@ int security_task_kill(struct task_struct *p, struct siginfo *info, | |||
1688 | int sig, u32 secid); | 1670 | int sig, u32 secid); |
1689 | int security_task_wait(struct task_struct *p); | 1671 | int security_task_wait(struct task_struct *p); |
1690 | int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, | 1672 | int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
1691 | unsigned long arg4, unsigned long arg5, long *rc_p); | 1673 | unsigned long arg4, unsigned long arg5); |
1692 | void security_task_reparent_to_init(struct task_struct *p); | ||
1693 | void security_task_to_inode(struct task_struct *p, struct inode *inode); | 1674 | void security_task_to_inode(struct task_struct *p, struct inode *inode); |
1694 | int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); | 1675 | int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); |
1695 | void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); | 1676 | void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); |
@@ -1764,25 +1745,23 @@ static inline int security_capget(struct task_struct *target, | |||
1764 | return cap_capget(target, effective, inheritable, permitted); | 1745 | return cap_capget(target, effective, inheritable, permitted); |
1765 | } | 1746 | } |
1766 | 1747 | ||
1767 | static inline int security_capset_check(struct task_struct *target, | 1748 | static inline int security_capset(struct cred *new, |
1768 | kernel_cap_t *effective, | 1749 | const struct cred *old, |
1769 | kernel_cap_t *inheritable, | 1750 | const kernel_cap_t *effective, |
1770 | kernel_cap_t *permitted) | 1751 | const kernel_cap_t *inheritable, |
1752 | const kernel_cap_t *permitted) | ||
1771 | { | 1753 | { |
1772 | return cap_capset_check(target, effective, inheritable, permitted); | 1754 | return cap_capset(new, old, effective, inheritable, permitted); |
1773 | } | 1755 | } |
1774 | 1756 | ||
1775 | static inline void security_capset_set(struct task_struct *target, | 1757 | static inline int security_capable(struct task_struct *tsk, int cap) |
1776 | kernel_cap_t *effective, | ||
1777 | kernel_cap_t *inheritable, | ||
1778 | kernel_cap_t *permitted) | ||
1779 | { | 1758 | { |
1780 | cap_capset_set(target, effective, inheritable, permitted); | 1759 | return cap_capable(tsk, cap, SECURITY_CAP_AUDIT); |
1781 | } | 1760 | } |
1782 | 1761 | ||
1783 | static inline int security_capable(struct task_struct *tsk, int cap) | 1762 | static inline int security_capable_noaudit(struct task_struct *tsk, int cap) |
1784 | { | 1763 | { |
1785 | return cap_capable(tsk, cap); | 1764 | return cap_capable(tsk, cap, SECURITY_CAP_NOAUDIT); |
1786 | } | 1765 | } |
1787 | 1766 | ||
1788 | static inline int security_acct(struct file *file) | 1767 | static inline int security_acct(struct file *file) |
@@ -1835,32 +1814,22 @@ static inline int security_vm_enough_memory_kern(long pages) | |||
1835 | return cap_vm_enough_memory(current->mm, pages); | 1814 | return cap_vm_enough_memory(current->mm, pages); |
1836 | } | 1815 | } |
1837 | 1816 | ||
1838 | static inline int security_bprm_alloc(struct linux_binprm *bprm) | 1817 | static inline int security_bprm_set_creds(struct linux_binprm *bprm) |
1839 | { | ||
1840 | return 0; | ||
1841 | } | ||
1842 | |||
1843 | static inline void security_bprm_free(struct linux_binprm *bprm) | ||
1844 | { } | ||
1845 | |||
1846 | static inline void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) | ||
1847 | { | 1818 | { |
1848 | cap_bprm_apply_creds(bprm, unsafe); | 1819 | return cap_bprm_set_creds(bprm); |
1849 | } | 1820 | } |
1850 | 1821 | ||
1851 | static inline void security_bprm_post_apply_creds(struct linux_binprm *bprm) | 1822 | static inline int security_bprm_check(struct linux_binprm *bprm) |
1852 | { | 1823 | { |
1853 | return; | 1824 | return 0; |
1854 | } | 1825 | } |
1855 | 1826 | ||
1856 | static inline int security_bprm_set(struct linux_binprm *bprm) | 1827 | static inline void security_bprm_committing_creds(struct linux_binprm *bprm) |
1857 | { | 1828 | { |
1858 | return cap_bprm_set_security(bprm); | ||
1859 | } | 1829 | } |
1860 | 1830 | ||
1861 | static inline int security_bprm_check(struct linux_binprm *bprm) | 1831 | static inline void security_bprm_committed_creds(struct linux_binprm *bprm) |
1862 | { | 1832 | { |
1863 | return 0; | ||
1864 | } | 1833 | } |
1865 | 1834 | ||
1866 | static inline int security_bprm_secureexec(struct linux_binprm *bprm) | 1835 | static inline int security_bprm_secureexec(struct linux_binprm *bprm) |
@@ -1881,7 +1850,7 @@ static inline int security_sb_copy_data(char *orig, char *copy) | |||
1881 | return 0; | 1850 | return 0; |
1882 | } | 1851 | } |
1883 | 1852 | ||
1884 | static inline int security_sb_kern_mount(struct super_block *sb, void *data) | 1853 | static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data) |
1885 | { | 1854 | { |
1886 | return 0; | 1855 | return 0; |
1887 | } | 1856 | } |
@@ -2177,7 +2146,8 @@ static inline int security_file_receive(struct file *file) | |||
2177 | return 0; | 2146 | return 0; |
2178 | } | 2147 | } |
2179 | 2148 | ||
2180 | static inline int security_dentry_open(struct file *file) | 2149 | static inline int security_dentry_open(struct file *file, |
2150 | const struct cred *cred) | ||
2181 | { | 2151 | { |
2182 | return 0; | 2152 | return 0; |
2183 | } | 2153 | } |
@@ -2187,13 +2157,31 @@ static inline int security_task_create(unsigned long clone_flags) | |||
2187 | return 0; | 2157 | return 0; |
2188 | } | 2158 | } |
2189 | 2159 | ||
2190 | static inline int security_task_alloc(struct task_struct *p) | 2160 | static inline void security_cred_free(struct cred *cred) |
2161 | { } | ||
2162 | |||
2163 | static inline int security_prepare_creds(struct cred *new, | ||
2164 | const struct cred *old, | ||
2165 | gfp_t gfp) | ||
2191 | { | 2166 | { |
2192 | return 0; | 2167 | return 0; |
2193 | } | 2168 | } |
2194 | 2169 | ||
2195 | static inline void security_task_free(struct task_struct *p) | 2170 | static inline void security_commit_creds(struct cred *new, |
2196 | { } | 2171 | const struct cred *old) |
2172 | { | ||
2173 | } | ||
2174 | |||
2175 | static inline int security_kernel_act_as(struct cred *cred, u32 secid) | ||
2176 | { | ||
2177 | return 0; | ||
2178 | } | ||
2179 | |||
2180 | static inline int security_kernel_create_files_as(struct cred *cred, | ||
2181 | struct inode *inode) | ||
2182 | { | ||
2183 | return 0; | ||
2184 | } | ||
2197 | 2185 | ||
2198 | static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, | 2186 | static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, |
2199 | int flags) | 2187 | int flags) |
@@ -2201,10 +2189,11 @@ static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, | |||
2201 | return 0; | 2189 | return 0; |
2202 | } | 2190 | } |
2203 | 2191 | ||
2204 | static inline int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, | 2192 | static inline int security_task_fix_setuid(struct cred *new, |
2205 | uid_t old_suid, int flags) | 2193 | const struct cred *old, |
2194 | int flags) | ||
2206 | { | 2195 | { |
2207 | return cap_task_post_setuid(old_ruid, old_euid, old_suid, flags); | 2196 | return cap_task_fix_setuid(new, old, flags); |
2208 | } | 2197 | } |
2209 | 2198 | ||
2210 | static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, | 2199 | static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, |
@@ -2291,14 +2280,9 @@ static inline int security_task_wait(struct task_struct *p) | |||
2291 | static inline int security_task_prctl(int option, unsigned long arg2, | 2280 | static inline int security_task_prctl(int option, unsigned long arg2, |
2292 | unsigned long arg3, | 2281 | unsigned long arg3, |
2293 | unsigned long arg4, | 2282 | unsigned long arg4, |
2294 | unsigned long arg5, long *rc_p) | 2283 | unsigned long arg5) |
2295 | { | ||
2296 | return cap_task_prctl(option, arg2, arg3, arg3, arg5, rc_p); | ||
2297 | } | ||
2298 | |||
2299 | static inline void security_task_reparent_to_init(struct task_struct *p) | ||
2300 | { | 2284 | { |
2301 | cap_task_reparent_to_init(p); | 2285 | return cap_task_prctl(option, arg2, arg3, arg3, arg5); |
2302 | } | 2286 | } |
2303 | 2287 | ||
2304 | static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) | 2288 | static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) |
@@ -2724,16 +2708,16 @@ static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi | |||
2724 | #ifdef CONFIG_KEYS | 2708 | #ifdef CONFIG_KEYS |
2725 | #ifdef CONFIG_SECURITY | 2709 | #ifdef CONFIG_SECURITY |
2726 | 2710 | ||
2727 | int security_key_alloc(struct key *key, struct task_struct *tsk, unsigned long flags); | 2711 | int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags); |
2728 | void security_key_free(struct key *key); | 2712 | void security_key_free(struct key *key); |
2729 | int security_key_permission(key_ref_t key_ref, | 2713 | int security_key_permission(key_ref_t key_ref, |
2730 | struct task_struct *context, key_perm_t perm); | 2714 | const struct cred *cred, key_perm_t perm); |
2731 | int security_key_getsecurity(struct key *key, char **_buffer); | 2715 | int security_key_getsecurity(struct key *key, char **_buffer); |
2732 | 2716 | ||
2733 | #else | 2717 | #else |
2734 | 2718 | ||
2735 | static inline int security_key_alloc(struct key *key, | 2719 | static inline int security_key_alloc(struct key *key, |
2736 | struct task_struct *tsk, | 2720 | const struct cred *cred, |
2737 | unsigned long flags) | 2721 | unsigned long flags) |
2738 | { | 2722 | { |
2739 | return 0; | 2723 | return 0; |
@@ -2744,7 +2728,7 @@ static inline void security_key_free(struct key *key) | |||
2744 | } | 2728 | } |
2745 | 2729 | ||
2746 | static inline int security_key_permission(key_ref_t key_ref, | 2730 | static inline int security_key_permission(key_ref_t key_ref, |
2747 | struct task_struct *context, | 2731 | const struct cred *cred, |
2748 | key_perm_t perm) | 2732 | key_perm_t perm) |
2749 | { | 2733 | { |
2750 | return 0; | 2734 | return 0; |