diff options
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 41 |
1 files changed, 23 insertions, 18 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index fd4d55fb884..debbd97db7a 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -53,7 +53,7 @@ struct audit_krule; | |||
| 53 | */ | 53 | */ |
| 54 | extern int cap_capable(struct task_struct *tsk, const struct cred *cred, | 54 | extern int cap_capable(struct task_struct *tsk, const struct cred *cred, |
| 55 | int cap, int audit); | 55 | int cap, int audit); |
| 56 | extern int cap_settime(struct timespec *ts, struct timezone *tz); | 56 | extern int cap_settime(const struct timespec *ts, const struct timezone *tz); |
| 57 | extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); | 57 | extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); |
| 58 | extern int cap_ptrace_traceme(struct task_struct *parent); | 58 | extern int cap_ptrace_traceme(struct task_struct *parent); |
| 59 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 59 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); |
| @@ -457,7 +457,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 457 | * called when the actual read/write operations are performed. | 457 | * called when the actual read/write operations are performed. |
| 458 | * @inode contains the inode structure to check. | 458 | * @inode contains the inode structure to check. |
| 459 | * @mask contains the permission mask. | 459 | * @mask contains the permission mask. |
| 460 | * @nd contains the nameidata (may be NULL). | ||
| 461 | * Return 0 if permission is granted. | 460 | * Return 0 if permission is granted. |
| 462 | * @inode_setattr: | 461 | * @inode_setattr: |
| 463 | * Check permission before setting file attributes. Note that the kernel | 462 | * Check permission before setting file attributes. Note that the kernel |
| @@ -796,8 +795,9 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 796 | * @unix_stream_connect: | 795 | * @unix_stream_connect: |
| 797 | * Check permissions before establishing a Unix domain stream connection | 796 | * Check permissions before establishing a Unix domain stream connection |
| 798 | * between @sock and @other. | 797 | * between @sock and @other. |
| 799 | * @sock contains the socket structure. | 798 | * @sock contains the sock structure. |
| 800 | * @other contains the peer socket structure. | 799 | * @other contains the peer sock structure. |
| 800 | * @newsk contains the new sock structure. | ||
| 801 | * Return 0 if permission is granted. | 801 | * Return 0 if permission is granted. |
| 802 | * @unix_may_send: | 802 | * @unix_may_send: |
| 803 | * Check permissions before connecting or sending datagrams from @sock to | 803 | * Check permissions before connecting or sending datagrams from @sock to |
| @@ -1058,8 +1058,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 1058 | * @cred points to the credentials to provide the context against which to | 1058 | * @cred points to the credentials to provide the context against which to |
| 1059 | * evaluate the security data on the key. | 1059 | * evaluate the security data on the key. |
| 1060 | * @perm describes the combination of permissions required of this key. | 1060 | * @perm describes the combination of permissions required of this key. |
| 1061 | * Return 1 if permission granted, 0 if permission denied and -ve it the | 1061 | * Return 0 if permission is granted, -ve error otherwise. |
| 1062 | * normal permissions model should be effected. | ||
| 1063 | * @key_getsecurity: | 1062 | * @key_getsecurity: |
| 1064 | * Get a textual representation of the security context attached to a key | 1063 | * Get a textual representation of the security context attached to a key |
| 1065 | * for the purposes of honouring KEYCTL_GETSECURITY. This function | 1064 | * for the purposes of honouring KEYCTL_GETSECURITY. This function |
| @@ -1388,7 +1387,7 @@ struct security_operations { | |||
| 1388 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); | 1387 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); |
| 1389 | int (*quota_on) (struct dentry *dentry); | 1388 | int (*quota_on) (struct dentry *dentry); |
| 1390 | int (*syslog) (int type); | 1389 | int (*syslog) (int type); |
| 1391 | int (*settime) (struct timespec *ts, struct timezone *tz); | 1390 | int (*settime) (const struct timespec *ts, const struct timezone *tz); |
| 1392 | int (*vm_enough_memory) (struct mm_struct *mm, long pages); | 1391 | int (*vm_enough_memory) (struct mm_struct *mm, long pages); |
| 1393 | 1392 | ||
| 1394 | int (*bprm_set_creds) (struct linux_binprm *bprm); | 1393 | int (*bprm_set_creds) (struct linux_binprm *bprm); |
| @@ -1568,8 +1567,7 @@ struct security_operations { | |||
| 1568 | int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen); | 1567 | int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen); |
| 1569 | 1568 | ||
| 1570 | #ifdef CONFIG_SECURITY_NETWORK | 1569 | #ifdef CONFIG_SECURITY_NETWORK |
| 1571 | int (*unix_stream_connect) (struct socket *sock, | 1570 | int (*unix_stream_connect) (struct sock *sock, struct sock *other, struct sock *newsk); |
| 1572 | struct socket *other, struct sock *newsk); | ||
| 1573 | int (*unix_may_send) (struct socket *sock, struct socket *other); | 1571 | int (*unix_may_send) (struct socket *sock, struct socket *other); |
| 1574 | 1572 | ||
| 1575 | int (*socket_create) (int family, int type, int protocol, int kern); | 1573 | int (*socket_create) (int family, int type, int protocol, int kern); |
| @@ -1664,14 +1662,14 @@ int security_capset(struct cred *new, const struct cred *old, | |||
| 1664 | const kernel_cap_t *effective, | 1662 | const kernel_cap_t *effective, |
| 1665 | const kernel_cap_t *inheritable, | 1663 | const kernel_cap_t *inheritable, |
| 1666 | const kernel_cap_t *permitted); | 1664 | const kernel_cap_t *permitted); |
| 1667 | int security_capable(int cap); | 1665 | int security_capable(const struct cred *cred, int cap); |
| 1668 | int security_real_capable(struct task_struct *tsk, int cap); | 1666 | int security_real_capable(struct task_struct *tsk, int cap); |
| 1669 | int security_real_capable_noaudit(struct task_struct *tsk, int cap); | 1667 | int security_real_capable_noaudit(struct task_struct *tsk, int cap); |
| 1670 | int security_sysctl(struct ctl_table *table, int op); | 1668 | int security_sysctl(struct ctl_table *table, int op); |
| 1671 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); | 1669 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); |
| 1672 | int security_quota_on(struct dentry *dentry); | 1670 | int security_quota_on(struct dentry *dentry); |
| 1673 | int security_syslog(int type); | 1671 | int security_syslog(int type); |
| 1674 | int security_settime(struct timespec *ts, struct timezone *tz); | 1672 | int security_settime(const struct timespec *ts, const struct timezone *tz); |
| 1675 | int security_vm_enough_memory(long pages); | 1673 | int security_vm_enough_memory(long pages); |
| 1676 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); | 1674 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); |
| 1677 | int security_vm_enough_memory_kern(long pages); | 1675 | int security_vm_enough_memory_kern(long pages); |
| @@ -1713,6 +1711,7 @@ int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, | |||
| 1713 | int security_inode_readlink(struct dentry *dentry); | 1711 | int security_inode_readlink(struct dentry *dentry); |
| 1714 | int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); | 1712 | int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); |
| 1715 | int security_inode_permission(struct inode *inode, int mask); | 1713 | int security_inode_permission(struct inode *inode, int mask); |
| 1714 | int security_inode_exec_permission(struct inode *inode, unsigned int flags); | ||
| 1716 | int security_inode_setattr(struct dentry *dentry, struct iattr *attr); | 1715 | int security_inode_setattr(struct dentry *dentry, struct iattr *attr); |
| 1717 | int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); | 1716 | int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); |
| 1718 | int security_inode_setxattr(struct dentry *dentry, const char *name, | 1717 | int security_inode_setxattr(struct dentry *dentry, const char *name, |
| @@ -1857,9 +1856,9 @@ static inline int security_capset(struct cred *new, | |||
| 1857 | return cap_capset(new, old, effective, inheritable, permitted); | 1856 | return cap_capset(new, old, effective, inheritable, permitted); |
| 1858 | } | 1857 | } |
| 1859 | 1858 | ||
| 1860 | static inline int security_capable(int cap) | 1859 | static inline int security_capable(const struct cred *cred, int cap) |
| 1861 | { | 1860 | { |
| 1862 | return cap_capable(current, current_cred(), cap, SECURITY_CAP_AUDIT); | 1861 | return cap_capable(current, cred, cap, SECURITY_CAP_AUDIT); |
| 1863 | } | 1862 | } |
| 1864 | 1863 | ||
| 1865 | static inline int security_real_capable(struct task_struct *tsk, int cap) | 1864 | static inline int security_real_capable(struct task_struct *tsk, int cap) |
| @@ -1905,7 +1904,8 @@ static inline int security_syslog(int type) | |||
| 1905 | return 0; | 1904 | return 0; |
| 1906 | } | 1905 | } |
| 1907 | 1906 | ||
| 1908 | static inline int security_settime(struct timespec *ts, struct timezone *tz) | 1907 | static inline int security_settime(const struct timespec *ts, |
| 1908 | const struct timezone *tz) | ||
| 1909 | { | 1909 | { |
| 1910 | return cap_settime(ts, tz); | 1910 | return cap_settime(ts, tz); |
| 1911 | } | 1911 | } |
| @@ -2102,6 +2102,12 @@ static inline int security_inode_permission(struct inode *inode, int mask) | |||
| 2102 | return 0; | 2102 | return 0; |
| 2103 | } | 2103 | } |
| 2104 | 2104 | ||
| 2105 | static inline int security_inode_exec_permission(struct inode *inode, | ||
| 2106 | unsigned int flags) | ||
| 2107 | { | ||
| 2108 | return 0; | ||
| 2109 | } | ||
| 2110 | |||
| 2105 | static inline int security_inode_setattr(struct dentry *dentry, | 2111 | static inline int security_inode_setattr(struct dentry *dentry, |
| 2106 | struct iattr *attr) | 2112 | struct iattr *attr) |
| 2107 | { | 2113 | { |
| @@ -2525,8 +2531,7 @@ static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 | |||
| 2525 | 2531 | ||
| 2526 | #ifdef CONFIG_SECURITY_NETWORK | 2532 | #ifdef CONFIG_SECURITY_NETWORK |
| 2527 | 2533 | ||
| 2528 | int security_unix_stream_connect(struct socket *sock, struct socket *other, | 2534 | int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk); |
| 2529 | struct sock *newsk); | ||
| 2530 | int security_unix_may_send(struct socket *sock, struct socket *other); | 2535 | int security_unix_may_send(struct socket *sock, struct socket *other); |
| 2531 | int security_socket_create(int family, int type, int protocol, int kern); | 2536 | int security_socket_create(int family, int type, int protocol, int kern); |
| 2532 | int security_socket_post_create(struct socket *sock, int family, | 2537 | int security_socket_post_create(struct socket *sock, int family, |
| @@ -2567,8 +2572,8 @@ void security_tun_dev_post_create(struct sock *sk); | |||
| 2567 | int security_tun_dev_attach(struct sock *sk); | 2572 | int security_tun_dev_attach(struct sock *sk); |
| 2568 | 2573 | ||
| 2569 | #else /* CONFIG_SECURITY_NETWORK */ | 2574 | #else /* CONFIG_SECURITY_NETWORK */ |
| 2570 | static inline int security_unix_stream_connect(struct socket *sock, | 2575 | static inline int security_unix_stream_connect(struct sock *sock, |
| 2571 | struct socket *other, | 2576 | struct sock *other, |
| 2572 | struct sock *newsk) | 2577 | struct sock *newsk) |
| 2573 | { | 2578 | { |
| 2574 | return 0; | 2579 | return 0; |