diff options
| author | Anton Vorontsov <cbouatmailru@gmail.com> | 2008-07-29 18:05:23 -0400 |
|---|---|---|
| committer | Anton Vorontsov <cbouatmailru@gmail.com> | 2008-07-29 18:05:23 -0400 |
| commit | 9fec6060d9e48ed7db0dac0e16d0f0f0e615b7f6 (patch) | |
| tree | 74b41f31a08f6500ff3dfcf64ba21e2d9a8e87e5 /include/linux/security.h | |
| parent | fece418418f51e92dd7e67e17c5e3fe5a28d3279 (diff) | |
| parent | 6e86841d05f371b5b9b86ce76c02aaee83352298 (diff) | |
Merge branch 'master' of /home/cbou/linux-2.6
Conflicts:
drivers/power/Kconfig
drivers/power/Makefile
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 58 |
1 files changed, 23 insertions, 35 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 50737c70e78..fd96e7f8a6f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -46,7 +46,8 @@ struct audit_krule; | |||
| 46 | */ | 46 | */ |
| 47 | extern int cap_capable(struct task_struct *tsk, int cap); | 47 | extern int cap_capable(struct task_struct *tsk, int cap); |
| 48 | extern int cap_settime(struct timespec *ts, struct timezone *tz); | 48 | extern int cap_settime(struct timespec *ts, struct timezone *tz); |
| 49 | extern int cap_ptrace(struct task_struct *parent, struct task_struct *child); | 49 | extern int cap_ptrace(struct task_struct *parent, struct task_struct *child, |
| 50 | unsigned int mode); | ||
| 50 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 51 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); |
| 51 | extern int cap_capset_check(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 52 | extern int cap_capset_check(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); |
| 52 | extern void cap_capset_set(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 53 | extern void cap_capset_set(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); |
| @@ -79,6 +80,7 @@ struct xfrm_selector; | |||
| 79 | struct xfrm_policy; | 80 | struct xfrm_policy; |
| 80 | struct xfrm_state; | 81 | struct xfrm_state; |
| 81 | struct xfrm_user_sec_ctx; | 82 | struct xfrm_user_sec_ctx; |
| 83 | struct seq_file; | ||
| 82 | 84 | ||
| 83 | extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); | 85 | extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); |
| 84 | extern int cap_netlink_recv(struct sk_buff *skb, int cap); | 86 | extern int cap_netlink_recv(struct sk_buff *skb, int cap); |
| @@ -100,9 +102,7 @@ extern unsigned long mmap_min_addr; | |||
| 100 | #define LSM_SETID_FS 8 | 102 | #define LSM_SETID_FS 8 |
| 101 | 103 | ||
| 102 | /* forward declares to avoid warnings */ | 104 | /* forward declares to avoid warnings */ |
| 103 | struct nfsctl_arg; | ||
| 104 | struct sched_param; | 105 | struct sched_param; |
| 105 | struct swap_info_struct; | ||
| 106 | struct request_sock; | 106 | struct request_sock; |
| 107 | 107 | ||
| 108 | /* bprm_apply_creds unsafe reasons */ | 108 | /* bprm_apply_creds unsafe reasons */ |
| @@ -289,10 +289,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 289 | * Update module state after a successful pivot. | 289 | * Update module state after a successful pivot. |
| 290 | * @old_path contains the path for the old root. | 290 | * @old_path contains the path for the old root. |
| 291 | * @new_path contains the path for the new root. | 291 | * @new_path contains the path for the new root. |
| 292 | * @sb_get_mnt_opts: | ||
| 293 | * Get the security relevant mount options used for a superblock | ||
| 294 | * @sb the superblock to get security mount options from | ||
| 295 | * @opts binary data structure containing all lsm mount data | ||
| 296 | * @sb_set_mnt_opts: | 292 | * @sb_set_mnt_opts: |
| 297 | * Set the security relevant mount options used for a superblock | 293 | * Set the security relevant mount options used for a superblock |
| 298 | * @sb the superblock to set security mount options for | 294 | * @sb the superblock to set security mount options for |
| @@ -1170,6 +1166,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 1170 | * attributes would be changed by the execve. | 1166 | * attributes would be changed by the execve. |
| 1171 | * @parent contains the task_struct structure for parent process. | 1167 | * @parent contains the task_struct structure for parent process. |
| 1172 | * @child contains the task_struct structure for child process. | 1168 | * @child contains the task_struct structure for child process. |
| 1169 | * @mode contains the PTRACE_MODE flags indicating the form of access. | ||
| 1173 | * Return 0 if permission is granted. | 1170 | * Return 0 if permission is granted. |
| 1174 | * @capget: | 1171 | * @capget: |
| 1175 | * Get the @effective, @inheritable, and @permitted capability sets for | 1172 | * Get the @effective, @inheritable, and @permitted capability sets for |
| @@ -1240,11 +1237,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 1240 | * @pages contains the number of pages. | 1237 | * @pages contains the number of pages. |
| 1241 | * Return 0 if permission is granted. | 1238 | * Return 0 if permission is granted. |
| 1242 | * | 1239 | * |
| 1243 | * @register_security: | ||
| 1244 | * allow module stacking. | ||
| 1245 | * @name contains the name of the security module being stacked. | ||
| 1246 | * @ops contains a pointer to the struct security_operations of the module to stack. | ||
| 1247 | * | ||
| 1248 | * @secid_to_secctx: | 1240 | * @secid_to_secctx: |
| 1249 | * Convert secid to security context. | 1241 | * Convert secid to security context. |
| 1250 | * @secid contains the security ID. | 1242 | * @secid contains the security ID. |
| @@ -1295,7 +1287,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 1295 | struct security_operations { | 1287 | struct security_operations { |
| 1296 | char name[SECURITY_NAME_MAX + 1]; | 1288 | char name[SECURITY_NAME_MAX + 1]; |
| 1297 | 1289 | ||
| 1298 | int (*ptrace) (struct task_struct *parent, struct task_struct *child); | 1290 | int (*ptrace) (struct task_struct *parent, struct task_struct *child, |
| 1291 | unsigned int mode); | ||
| 1299 | int (*capget) (struct task_struct *target, | 1292 | int (*capget) (struct task_struct *target, |
| 1300 | kernel_cap_t *effective, | 1293 | kernel_cap_t *effective, |
| 1301 | kernel_cap_t *inheritable, kernel_cap_t *permitted); | 1294 | kernel_cap_t *inheritable, kernel_cap_t *permitted); |
| @@ -1328,6 +1321,7 @@ struct security_operations { | |||
| 1328 | void (*sb_free_security) (struct super_block *sb); | 1321 | void (*sb_free_security) (struct super_block *sb); |
| 1329 | int (*sb_copy_data) (char *orig, char *copy); | 1322 | int (*sb_copy_data) (char *orig, char *copy); |
| 1330 | int (*sb_kern_mount) (struct super_block *sb, void *data); | 1323 | int (*sb_kern_mount) (struct super_block *sb, void *data); |
| 1324 | int (*sb_show_options) (struct seq_file *m, struct super_block *sb); | ||
| 1331 | int (*sb_statfs) (struct dentry *dentry); | 1325 | int (*sb_statfs) (struct dentry *dentry); |
| 1332 | int (*sb_mount) (char *dev_name, struct path *path, | 1326 | int (*sb_mount) (char *dev_name, struct path *path, |
| 1333 | char *type, unsigned long flags, void *data); | 1327 | char *type, unsigned long flags, void *data); |
| @@ -1343,8 +1337,6 @@ struct security_operations { | |||
| 1343 | struct path *new_path); | 1337 | struct path *new_path); |
| 1344 | void (*sb_post_pivotroot) (struct path *old_path, | 1338 | void (*sb_post_pivotroot) (struct path *old_path, |
| 1345 | struct path *new_path); | 1339 | struct path *new_path); |
| 1346 | int (*sb_get_mnt_opts) (const struct super_block *sb, | ||
| 1347 | struct security_mnt_opts *opts); | ||
| 1348 | int (*sb_set_mnt_opts) (struct super_block *sb, | 1340 | int (*sb_set_mnt_opts) (struct super_block *sb, |
| 1349 | struct security_mnt_opts *opts); | 1341 | struct security_mnt_opts *opts); |
| 1350 | void (*sb_clone_mnt_opts) (const struct super_block *oldsb, | 1342 | void (*sb_clone_mnt_opts) (const struct super_block *oldsb, |
| @@ -1370,7 +1362,7 @@ struct security_operations { | |||
| 1370 | struct inode *new_dir, struct dentry *new_dentry); | 1362 | struct inode *new_dir, struct dentry *new_dentry); |
| 1371 | int (*inode_readlink) (struct dentry *dentry); | 1363 | int (*inode_readlink) (struct dentry *dentry); |
| 1372 | int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd); | 1364 | int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd); |
| 1373 | int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd); | 1365 | int (*inode_permission) (struct inode *inode, int mask); |
| 1374 | int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); | 1366 | int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); |
| 1375 | int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); | 1367 | int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); |
| 1376 | void (*inode_delete) (struct inode *inode); | 1368 | void (*inode_delete) (struct inode *inode); |
| @@ -1472,10 +1464,6 @@ struct security_operations { | |||
| 1472 | int (*netlink_send) (struct sock *sk, struct sk_buff *skb); | 1464 | int (*netlink_send) (struct sock *sk, struct sk_buff *skb); |
| 1473 | int (*netlink_recv) (struct sk_buff *skb, int cap); | 1465 | int (*netlink_recv) (struct sk_buff *skb, int cap); |
| 1474 | 1466 | ||
| 1475 | /* allow module stacking */ | ||
| 1476 | int (*register_security) (const char *name, | ||
| 1477 | struct security_operations *ops); | ||
| 1478 | |||
| 1479 | void (*d_instantiate) (struct dentry *dentry, struct inode *inode); | 1467 | void (*d_instantiate) (struct dentry *dentry, struct inode *inode); |
| 1480 | 1468 | ||
| 1481 | int (*getprocattr) (struct task_struct *p, char *name, char **value); | 1469 | int (*getprocattr) (struct task_struct *p, char *name, char **value); |
| @@ -1565,7 +1553,6 @@ struct security_operations { | |||
| 1565 | extern int security_init(void); | 1553 | extern int security_init(void); |
| 1566 | extern int security_module_enable(struct security_operations *ops); | 1554 | extern int security_module_enable(struct security_operations *ops); |
| 1567 | extern int register_security(struct security_operations *ops); | 1555 | extern int register_security(struct security_operations *ops); |
| 1568 | extern int mod_reg_security(const char *name, struct security_operations *ops); | ||
| 1569 | extern struct dentry *securityfs_create_file(const char *name, mode_t mode, | 1556 | extern struct dentry *securityfs_create_file(const char *name, mode_t mode, |
| 1570 | struct dentry *parent, void *data, | 1557 | struct dentry *parent, void *data, |
| 1571 | const struct file_operations *fops); | 1558 | const struct file_operations *fops); |
| @@ -1573,7 +1560,8 @@ extern struct dentry *securityfs_create_dir(const char *name, struct dentry *par | |||
| 1573 | extern void securityfs_remove(struct dentry *dentry); | 1560 | extern void securityfs_remove(struct dentry *dentry); |
| 1574 | 1561 | ||
| 1575 | /* Security operations */ | 1562 | /* Security operations */ |
| 1576 | int security_ptrace(struct task_struct *parent, struct task_struct *child); | 1563 | int security_ptrace(struct task_struct *parent, struct task_struct *child, |
| 1564 | unsigned int mode); | ||
| 1577 | int security_capget(struct task_struct *target, | 1565 | int security_capget(struct task_struct *target, |
| 1578 | kernel_cap_t *effective, | 1566 | kernel_cap_t *effective, |
| 1579 | kernel_cap_t *inheritable, | 1567 | kernel_cap_t *inheritable, |
| @@ -1606,6 +1594,7 @@ int security_sb_alloc(struct super_block *sb); | |||
| 1606 | void security_sb_free(struct super_block *sb); | 1594 | void security_sb_free(struct super_block *sb); |
| 1607 | int security_sb_copy_data(char *orig, char *copy); | 1595 | int security_sb_copy_data(char *orig, char *copy); |
| 1608 | int security_sb_kern_mount(struct super_block *sb, void *data); | 1596 | int security_sb_kern_mount(struct super_block *sb, void *data); |
| 1597 | int security_sb_show_options(struct seq_file *m, struct super_block *sb); | ||
| 1609 | int security_sb_statfs(struct dentry *dentry); | 1598 | int security_sb_statfs(struct dentry *dentry); |
| 1610 | int security_sb_mount(char *dev_name, struct path *path, | 1599 | int security_sb_mount(char *dev_name, struct path *path, |
| 1611 | char *type, unsigned long flags, void *data); | 1600 | char *type, unsigned long flags, void *data); |
| @@ -1617,8 +1606,6 @@ void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *d | |||
| 1617 | void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint); | 1606 | void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint); |
| 1618 | int security_sb_pivotroot(struct path *old_path, struct path *new_path); | 1607 | int security_sb_pivotroot(struct path *old_path, struct path *new_path); |
| 1619 | void security_sb_post_pivotroot(struct path *old_path, struct path *new_path); | 1608 | void security_sb_post_pivotroot(struct path *old_path, struct path *new_path); |
| 1620 | int security_sb_get_mnt_opts(const struct super_block *sb, | ||
| 1621 | struct security_mnt_opts *opts); | ||
| 1622 | int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts); | 1609 | int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts); |
| 1623 | void security_sb_clone_mnt_opts(const struct super_block *oldsb, | 1610 | void security_sb_clone_mnt_opts(const struct super_block *oldsb, |
| 1624 | struct super_block *newsb); | 1611 | struct super_block *newsb); |
| @@ -1641,7 +1628,7 @@ int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, | |||
| 1641 | struct inode *new_dir, struct dentry *new_dentry); | 1628 | struct inode *new_dir, struct dentry *new_dentry); |
| 1642 | int security_inode_readlink(struct dentry *dentry); | 1629 | int security_inode_readlink(struct dentry *dentry); |
| 1643 | int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); | 1630 | int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); |
| 1644 | int security_inode_permission(struct inode *inode, int mask, struct nameidata *nd); | 1631 | int security_inode_permission(struct inode *inode, int mask); |
| 1645 | int security_inode_setattr(struct dentry *dentry, struct iattr *attr); | 1632 | int security_inode_setattr(struct dentry *dentry, struct iattr *attr); |
| 1646 | int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); | 1633 | int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); |
| 1647 | void security_inode_delete(struct inode *inode); | 1634 | void security_inode_delete(struct inode *inode); |
| @@ -1755,9 +1742,11 @@ static inline int security_init(void) | |||
| 1755 | return 0; | 1742 | return 0; |
| 1756 | } | 1743 | } |
| 1757 | 1744 | ||
| 1758 | static inline int security_ptrace(struct task_struct *parent, struct task_struct *child) | 1745 | static inline int security_ptrace(struct task_struct *parent, |
| 1746 | struct task_struct *child, | ||
| 1747 | unsigned int mode) | ||
| 1759 | { | 1748 | { |
| 1760 | return cap_ptrace(parent, child); | 1749 | return cap_ptrace(parent, child, mode); |
| 1761 | } | 1750 | } |
| 1762 | 1751 | ||
| 1763 | static inline int security_capget(struct task_struct *target, | 1752 | static inline int security_capget(struct task_struct *target, |
| @@ -1881,6 +1870,12 @@ static inline int security_sb_kern_mount(struct super_block *sb, void *data) | |||
| 1881 | return 0; | 1870 | return 0; |
| 1882 | } | 1871 | } |
| 1883 | 1872 | ||
| 1873 | static inline int security_sb_show_options(struct seq_file *m, | ||
| 1874 | struct super_block *sb) | ||
| 1875 | { | ||
| 1876 | return 0; | ||
| 1877 | } | ||
| 1878 | |||
| 1884 | static inline int security_sb_statfs(struct dentry *dentry) | 1879 | static inline int security_sb_statfs(struct dentry *dentry) |
| 1885 | { | 1880 | { |
| 1886 | return 0; | 1881 | return 0; |
| @@ -1927,12 +1922,6 @@ static inline int security_sb_pivotroot(struct path *old_path, | |||
| 1927 | static inline void security_sb_post_pivotroot(struct path *old_path, | 1922 | static inline void security_sb_post_pivotroot(struct path *old_path, |
| 1928 | struct path *new_path) | 1923 | struct path *new_path) |
| 1929 | { } | 1924 | { } |
| 1930 | static inline int security_sb_get_mnt_opts(const struct super_block *sb, | ||
| 1931 | struct security_mnt_opts *opts) | ||
| 1932 | { | ||
| 1933 | security_init_mnt_opts(opts); | ||
| 1934 | return 0; | ||
| 1935 | } | ||
| 1936 | 1925 | ||
| 1937 | static inline int security_sb_set_mnt_opts(struct super_block *sb, | 1926 | static inline int security_sb_set_mnt_opts(struct super_block *sb, |
| 1938 | struct security_mnt_opts *opts) | 1927 | struct security_mnt_opts *opts) |
| @@ -2032,8 +2021,7 @@ static inline int security_inode_follow_link(struct dentry *dentry, | |||
| 2032 | return 0; | 2021 | return 0; |
| 2033 | } | 2022 | } |
| 2034 | 2023 | ||
| 2035 | static inline int security_inode_permission(struct inode *inode, int mask, | 2024 | static inline int security_inode_permission(struct inode *inode, int mask) |
| 2036 | struct nameidata *nd) | ||
| 2037 | { | 2025 | { |
| 2038 | return 0; | 2026 | return 0; |
| 2039 | } | 2027 | } |