diff options
Diffstat (limited to 'include/linux/security.h')
-rw-r--r-- | include/linux/security.h | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 40ba39ea68ce..97de3fe3dd0d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -653,6 +653,11 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
653 | * manual page for definitions of the @clone_flags. | 653 | * manual page for definitions of the @clone_flags. |
654 | * @clone_flags contains the flags indicating what should be shared. | 654 | * @clone_flags contains the flags indicating what should be shared. |
655 | * Return 0 if permission is granted. | 655 | * Return 0 if permission is granted. |
656 | * @cred_alloc_blank: | ||
657 | * @cred points to the credentials. | ||
658 | * @gfp indicates the atomicity of any memory allocations. | ||
659 | * Only allocate sufficient memory and attach to @cred such that | ||
660 | * cred_transfer() will not get ENOMEM. | ||
656 | * @cred_free: | 661 | * @cred_free: |
657 | * @cred points to the credentials. | 662 | * @cred points to the credentials. |
658 | * Deallocate and clear the cred->security field in a set of credentials. | 663 | * Deallocate and clear the cred->security field in a set of credentials. |
@@ -665,6 +670,10 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
665 | * @new points to the new credentials. | 670 | * @new points to the new credentials. |
666 | * @old points to the original credentials. | 671 | * @old points to the original credentials. |
667 | * Install a new set of credentials. | 672 | * Install a new set of credentials. |
673 | * @cred_transfer: | ||
674 | * @new points to the new credentials. | ||
675 | * @old points to the original credentials. | ||
676 | * Transfer data from original creds to new creds | ||
668 | * @kernel_act_as: | 677 | * @kernel_act_as: |
669 | * Set the credentials for a kernel service to act as (subjective context). | 678 | * Set the credentials for a kernel service to act as (subjective context). |
670 | * @new points to the credentials to be modified. | 679 | * @new points to the credentials to be modified. |
@@ -1103,6 +1112,13 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1103 | * Return the length of the string (including terminating NUL) or -ve if | 1112 | * Return the length of the string (including terminating NUL) or -ve if |
1104 | * an error. | 1113 | * an error. |
1105 | * May also return 0 (and a NULL buffer pointer) if there is no label. | 1114 | * May also return 0 (and a NULL buffer pointer) if there is no label. |
1115 | * @key_session_to_parent: | ||
1116 | * Forcibly assign the session keyring from a process to its parent | ||
1117 | * process. | ||
1118 | * @cred: Pointer to process's credentials | ||
1119 | * @parent_cred: Pointer to parent process's credentials | ||
1120 | * @keyring: Proposed new session keyring | ||
1121 | * Return 0 if permission is granted, -ve error otherwise. | ||
1106 | * | 1122 | * |
1107 | * Security hooks affecting all System V IPC operations. | 1123 | * Security hooks affecting all System V IPC operations. |
1108 | * | 1124 | * |
@@ -1498,10 +1514,12 @@ struct security_operations { | |||
1498 | int (*dentry_open) (struct file *file, const struct cred *cred); | 1514 | int (*dentry_open) (struct file *file, const struct cred *cred); |
1499 | 1515 | ||
1500 | int (*task_create) (unsigned long clone_flags); | 1516 | int (*task_create) (unsigned long clone_flags); |
1517 | int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp); | ||
1501 | void (*cred_free) (struct cred *cred); | 1518 | void (*cred_free) (struct cred *cred); |
1502 | int (*cred_prepare)(struct cred *new, const struct cred *old, | 1519 | int (*cred_prepare)(struct cred *new, const struct cred *old, |
1503 | gfp_t gfp); | 1520 | gfp_t gfp); |
1504 | void (*cred_commit)(struct cred *new, const struct cred *old); | 1521 | void (*cred_commit)(struct cred *new, const struct cred *old); |
1522 | void (*cred_transfer)(struct cred *new, const struct cred *old); | ||
1505 | int (*kernel_act_as)(struct cred *new, u32 secid); | 1523 | int (*kernel_act_as)(struct cred *new, u32 secid); |
1506 | int (*kernel_create_files_as)(struct cred *new, struct inode *inode); | 1524 | int (*kernel_create_files_as)(struct cred *new, struct inode *inode); |
1507 | int (*kernel_module_request)(void); | 1525 | int (*kernel_module_request)(void); |
@@ -1639,6 +1657,9 @@ struct security_operations { | |||
1639 | const struct cred *cred, | 1657 | const struct cred *cred, |
1640 | key_perm_t perm); | 1658 | key_perm_t perm); |
1641 | int (*key_getsecurity)(struct key *key, char **_buffer); | 1659 | int (*key_getsecurity)(struct key *key, char **_buffer); |
1660 | int (*key_session_to_parent)(const struct cred *cred, | ||
1661 | const struct cred *parent_cred, | ||
1662 | struct key *key); | ||
1642 | #endif /* CONFIG_KEYS */ | 1663 | #endif /* CONFIG_KEYS */ |
1643 | 1664 | ||
1644 | #ifdef CONFIG_AUDIT | 1665 | #ifdef CONFIG_AUDIT |
@@ -1755,9 +1776,11 @@ int security_file_send_sigiotask(struct task_struct *tsk, | |||
1755 | int security_file_receive(struct file *file); | 1776 | int security_file_receive(struct file *file); |
1756 | int security_dentry_open(struct file *file, const struct cred *cred); | 1777 | int security_dentry_open(struct file *file, const struct cred *cred); |
1757 | int security_task_create(unsigned long clone_flags); | 1778 | int security_task_create(unsigned long clone_flags); |
1779 | int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); | ||
1758 | void security_cred_free(struct cred *cred); | 1780 | void security_cred_free(struct cred *cred); |
1759 | int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); | 1781 | int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); |
1760 | void security_commit_creds(struct cred *new, const struct cred *old); | 1782 | void security_commit_creds(struct cred *new, const struct cred *old); |
1783 | void security_transfer_creds(struct cred *new, const struct cred *old); | ||
1761 | int security_kernel_act_as(struct cred *new, u32 secid); | 1784 | int security_kernel_act_as(struct cred *new, u32 secid); |
1762 | int security_kernel_create_files_as(struct cred *new, struct inode *inode); | 1785 | int security_kernel_create_files_as(struct cred *new, struct inode *inode); |
1763 | int security_kernel_module_request(void); | 1786 | int security_kernel_module_request(void); |
@@ -2286,6 +2309,9 @@ static inline int security_task_create(unsigned long clone_flags) | |||
2286 | return 0; | 2309 | return 0; |
2287 | } | 2310 | } |
2288 | 2311 | ||
2312 | static inline void security_cred_alloc_blank(struct cred *cred, gfp_t gfp) | ||
2313 | { } | ||
2314 | |||
2289 | static inline void security_cred_free(struct cred *cred) | 2315 | static inline void security_cred_free(struct cred *cred) |
2290 | { } | 2316 | { } |
2291 | 2317 | ||
@@ -2301,6 +2327,11 @@ static inline void security_commit_creds(struct cred *new, | |||
2301 | { | 2327 | { |
2302 | } | 2328 | } |
2303 | 2329 | ||
2330 | static inline void security_transfer_creds(struct cred *new, | ||
2331 | const struct cred *old) | ||
2332 | { | ||
2333 | } | ||
2334 | |||
2304 | static inline int security_kernel_act_as(struct cred *cred, u32 secid) | 2335 | static inline int security_kernel_act_as(struct cred *cred, u32 secid) |
2305 | { | 2336 | { |
2306 | return 0; | 2337 | return 0; |
@@ -2923,6 +2954,9 @@ void security_key_free(struct key *key); | |||
2923 | int security_key_permission(key_ref_t key_ref, | 2954 | int security_key_permission(key_ref_t key_ref, |
2924 | const struct cred *cred, key_perm_t perm); | 2955 | const struct cred *cred, key_perm_t perm); |
2925 | int security_key_getsecurity(struct key *key, char **_buffer); | 2956 | int security_key_getsecurity(struct key *key, char **_buffer); |
2957 | int security_key_session_to_parent(const struct cred *cred, | ||
2958 | const struct cred *parent_cred, | ||
2959 | struct key *key); | ||
2926 | 2960 | ||
2927 | #else | 2961 | #else |
2928 | 2962 | ||
@@ -2950,6 +2984,10 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) | |||
2950 | return 0; | 2984 | return 0; |
2951 | } | 2985 | } |
2952 | 2986 | ||
2987 | static inline int security_key_session_to_parent(const struct cred *cred, | ||
2988 | const struct cred *parent_cred, | ||
2989 | struct key *key); | ||
2990 | |||
2953 | #endif | 2991 | #endif |
2954 | #endif /* CONFIG_KEYS */ | 2992 | #endif /* CONFIG_KEYS */ |
2955 | 2993 | ||