aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/security.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h38
1 files changed, 38 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 40ba39ea68ce..97de3fe3dd0d 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -653,6 +653,11 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
653 * manual page for definitions of the @clone_flags. 653 * manual page for definitions of the @clone_flags.
654 * @clone_flags contains the flags indicating what should be shared. 654 * @clone_flags contains the flags indicating what should be shared.
655 * Return 0 if permission is granted. 655 * Return 0 if permission is granted.
656 * @cred_alloc_blank:
657 * @cred points to the credentials.
658 * @gfp indicates the atomicity of any memory allocations.
659 * Only allocate sufficient memory and attach to @cred such that
660 * cred_transfer() will not get ENOMEM.
656 * @cred_free: 661 * @cred_free:
657 * @cred points to the credentials. 662 * @cred points to the credentials.
658 * Deallocate and clear the cred->security field in a set of credentials. 663 * Deallocate and clear the cred->security field in a set of credentials.
@@ -665,6 +670,10 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
665 * @new points to the new credentials. 670 * @new points to the new credentials.
666 * @old points to the original credentials. 671 * @old points to the original credentials.
667 * Install a new set of credentials. 672 * Install a new set of credentials.
673 * @cred_transfer:
674 * @new points to the new credentials.
675 * @old points to the original credentials.
676 * Transfer data from original creds to new creds
668 * @kernel_act_as: 677 * @kernel_act_as:
669 * Set the credentials for a kernel service to act as (subjective context). 678 * Set the credentials for a kernel service to act as (subjective context).
670 * @new points to the credentials to be modified. 679 * @new points to the credentials to be modified.
@@ -1103,6 +1112,13 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1103 * Return the length of the string (including terminating NUL) or -ve if 1112 * Return the length of the string (including terminating NUL) or -ve if
1104 * an error. 1113 * an error.
1105 * May also return 0 (and a NULL buffer pointer) if there is no label. 1114 * May also return 0 (and a NULL buffer pointer) if there is no label.
1115 * @key_session_to_parent:
1116 * Forcibly assign the session keyring from a process to its parent
1117 * process.
1118 * @cred: Pointer to process's credentials
1119 * @parent_cred: Pointer to parent process's credentials
1120 * @keyring: Proposed new session keyring
1121 * Return 0 if permission is granted, -ve error otherwise.
1106 * 1122 *
1107 * Security hooks affecting all System V IPC operations. 1123 * Security hooks affecting all System V IPC operations.
1108 * 1124 *
@@ -1498,10 +1514,12 @@ struct security_operations {
1498 int (*dentry_open) (struct file *file, const struct cred *cred); 1514 int (*dentry_open) (struct file *file, const struct cred *cred);
1499 1515
1500 int (*task_create) (unsigned long clone_flags); 1516 int (*task_create) (unsigned long clone_flags);
1517 int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp);
1501 void (*cred_free) (struct cred *cred); 1518 void (*cred_free) (struct cred *cred);
1502 int (*cred_prepare)(struct cred *new, const struct cred *old, 1519 int (*cred_prepare)(struct cred *new, const struct cred *old,
1503 gfp_t gfp); 1520 gfp_t gfp);
1504 void (*cred_commit)(struct cred *new, const struct cred *old); 1521 void (*cred_commit)(struct cred *new, const struct cred *old);
1522 void (*cred_transfer)(struct cred *new, const struct cred *old);
1505 int (*kernel_act_as)(struct cred *new, u32 secid); 1523 int (*kernel_act_as)(struct cred *new, u32 secid);
1506 int (*kernel_create_files_as)(struct cred *new, struct inode *inode); 1524 int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
1507 int (*kernel_module_request)(void); 1525 int (*kernel_module_request)(void);
@@ -1639,6 +1657,9 @@ struct security_operations {
1639 const struct cred *cred, 1657 const struct cred *cred,
1640 key_perm_t perm); 1658 key_perm_t perm);
1641 int (*key_getsecurity)(struct key *key, char **_buffer); 1659 int (*key_getsecurity)(struct key *key, char **_buffer);
1660 int (*key_session_to_parent)(const struct cred *cred,
1661 const struct cred *parent_cred,
1662 struct key *key);
1642#endif /* CONFIG_KEYS */ 1663#endif /* CONFIG_KEYS */
1643 1664
1644#ifdef CONFIG_AUDIT 1665#ifdef CONFIG_AUDIT
@@ -1755,9 +1776,11 @@ int security_file_send_sigiotask(struct task_struct *tsk,
1755int security_file_receive(struct file *file); 1776int security_file_receive(struct file *file);
1756int security_dentry_open(struct file *file, const struct cred *cred); 1777int security_dentry_open(struct file *file, const struct cred *cred);
1757int security_task_create(unsigned long clone_flags); 1778int security_task_create(unsigned long clone_flags);
1779int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
1758void security_cred_free(struct cred *cred); 1780void security_cred_free(struct cred *cred);
1759int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); 1781int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
1760void security_commit_creds(struct cred *new, const struct cred *old); 1782void security_commit_creds(struct cred *new, const struct cred *old);
1783void security_transfer_creds(struct cred *new, const struct cred *old);
1761int security_kernel_act_as(struct cred *new, u32 secid); 1784int security_kernel_act_as(struct cred *new, u32 secid);
1762int security_kernel_create_files_as(struct cred *new, struct inode *inode); 1785int security_kernel_create_files_as(struct cred *new, struct inode *inode);
1763int security_kernel_module_request(void); 1786int security_kernel_module_request(void);
@@ -2286,6 +2309,9 @@ static inline int security_task_create(unsigned long clone_flags)
2286 return 0; 2309 return 0;
2287} 2310}
2288 2311
2312static inline void security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
2313{ }
2314
2289static inline void security_cred_free(struct cred *cred) 2315static inline void security_cred_free(struct cred *cred)
2290{ } 2316{ }
2291 2317
@@ -2301,6 +2327,11 @@ static inline void security_commit_creds(struct cred *new,
2301{ 2327{
2302} 2328}
2303 2329
2330static inline void security_transfer_creds(struct cred *new,
2331 const struct cred *old)
2332{
2333}
2334
2304static inline int security_kernel_act_as(struct cred *cred, u32 secid) 2335static inline int security_kernel_act_as(struct cred *cred, u32 secid)
2305{ 2336{
2306 return 0; 2337 return 0;
@@ -2923,6 +2954,9 @@ void security_key_free(struct key *key);
2923int security_key_permission(key_ref_t key_ref, 2954int security_key_permission(key_ref_t key_ref,
2924 const struct cred *cred, key_perm_t perm); 2955 const struct cred *cred, key_perm_t perm);
2925int security_key_getsecurity(struct key *key, char **_buffer); 2956int security_key_getsecurity(struct key *key, char **_buffer);
2957int security_key_session_to_parent(const struct cred *cred,
2958 const struct cred *parent_cred,
2959 struct key *key);
2926 2960
2927#else 2961#else
2928 2962
@@ -2950,6 +2984,10 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer)
2950 return 0; 2984 return 0;
2951} 2985}
2952 2986
2987static inline int security_key_session_to_parent(const struct cred *cred,
2988 const struct cred *parent_cred,
2989 struct key *key);
2990
2953#endif 2991#endif
2954#endif /* CONFIG_KEYS */ 2992#endif /* CONFIG_KEYS */
2955 2993