diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-01-25 11:44:29 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-01-25 11:44:29 -0500 |
commit | b47711bfbcd4eb77ca61ef0162487b20e023ae55 (patch) | |
tree | b2a695dbd40f7ca2333664cf946ef34eda7b7dba /include | |
parent | 7556afa0e0e436cad4f560ee83e5fbd5dac9359a (diff) | |
parent | 2e08c0c1c3977a5ddc88887dd3af1b26c433e9d0 (diff) |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
selinux: make mls_compute_sid always polyinstantiate
security/selinux: constify function pointer tables and fields
security: add a secctx_to_secid() hook
security: call security_file_permission from rw_verify_area
security: remove security_sb_post_mountroot hook
Security: remove security.h include from mm.h
Security: remove security_file_mmap hook sparse-warnings (NULL as 0).
Security: add get, set, and cloning of superblock security information
security/selinux: Add missing "space"
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/mm.h | 3 | ||||
-rw-r--r-- | include/linux/security.h | 59 |
2 files changed, 52 insertions, 10 deletions
diff --git a/include/linux/mm.h b/include/linux/mm.h index 1b7b95c67ac..1897ca223ec 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h | |||
@@ -12,7 +12,6 @@ | |||
12 | #include <linux/prio_tree.h> | 12 | #include <linux/prio_tree.h> |
13 | #include <linux/debug_locks.h> | 13 | #include <linux/debug_locks.h> |
14 | #include <linux/mm_types.h> | 14 | #include <linux/mm_types.h> |
15 | #include <linux/security.h> | ||
16 | 15 | ||
17 | struct mempolicy; | 16 | struct mempolicy; |
18 | struct anon_vma; | 17 | struct anon_vma; |
@@ -34,6 +33,8 @@ extern int sysctl_legacy_va_layout; | |||
34 | #define sysctl_legacy_va_layout 0 | 33 | #define sysctl_legacy_va_layout 0 |
35 | #endif | 34 | #endif |
36 | 35 | ||
36 | extern unsigned long mmap_min_addr; | ||
37 | |||
37 | #include <asm/page.h> | 38 | #include <asm/page.h> |
38 | #include <asm/pgtable.h> | 39 | #include <asm/pgtable.h> |
39 | #include <asm/processor.h> | 40 | #include <asm/processor.h> |
diff --git a/include/linux/security.h b/include/linux/security.h index ac050830a87..d24974262dc 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -34,6 +34,12 @@ | |||
34 | #include <linux/xfrm.h> | 34 | #include <linux/xfrm.h> |
35 | #include <net/flow.h> | 35 | #include <net/flow.h> |
36 | 36 | ||
37 | /* only a char in selinux superblock security struct flags */ | ||
38 | #define FSCONTEXT_MNT 0x01 | ||
39 | #define CONTEXT_MNT 0x02 | ||
40 | #define ROOTCONTEXT_MNT 0x04 | ||
41 | #define DEFCONTEXT_MNT 0x08 | ||
42 | |||
37 | /* | 43 | /* |
38 | * Bounding set | 44 | * Bounding set |
39 | */ | 45 | */ |
@@ -243,9 +249,6 @@ struct request_sock; | |||
243 | * @mnt contains the mounted file system. | 249 | * @mnt contains the mounted file system. |
244 | * @flags contains the new filesystem flags. | 250 | * @flags contains the new filesystem flags. |
245 | * @data contains the filesystem-specific data. | 251 | * @data contains the filesystem-specific data. |
246 | * @sb_post_mountroot: | ||
247 | * Update the security module's state when the root filesystem is mounted. | ||
248 | * This hook is only called if the mount was successful. | ||
249 | * @sb_post_addmount: | 252 | * @sb_post_addmount: |
250 | * Update the security module's state when a filesystem is mounted. | 253 | * Update the security module's state when a filesystem is mounted. |
251 | * This hook is called any time a mount is successfully grafetd to | 254 | * This hook is called any time a mount is successfully grafetd to |
@@ -261,6 +264,22 @@ struct request_sock; | |||
261 | * Update module state after a successful pivot. | 264 | * Update module state after a successful pivot. |
262 | * @old_nd contains the nameidata structure for the old root. | 265 | * @old_nd contains the nameidata structure for the old root. |
263 | * @new_nd contains the nameidata structure for the new root. | 266 | * @new_nd contains the nameidata structure for the new root. |
267 | * @sb_get_mnt_opts: | ||
268 | * Get the security relevant mount options used for a superblock | ||
269 | * @sb the superblock to get security mount options from | ||
270 | * @mount_options array for pointers to mount options | ||
271 | * @mount_flags array of ints specifying what each mount options is | ||
272 | * @num_opts number of options in the arrays | ||
273 | * @sb_set_mnt_opts: | ||
274 | * Set the security relevant mount options used for a superblock | ||
275 | * @sb the superblock to set security mount options for | ||
276 | * @mount_options array for pointers to mount options | ||
277 | * @mount_flags array of ints specifying what each mount options is | ||
278 | * @num_opts number of options in the arrays | ||
279 | * @sb_clone_mnt_opts: | ||
280 | * Copy all security options from a given superblock to another | ||
281 | * @oldsb old superblock which contain information to clone | ||
282 | * @newsb new superblock which needs filled in | ||
264 | * | 283 | * |
265 | * Security hooks for inode operations. | 284 | * Security hooks for inode operations. |
266 | * | 285 | * |
@@ -1183,6 +1202,10 @@ struct request_sock; | |||
1183 | * Convert secid to security context. | 1202 | * Convert secid to security context. |
1184 | * @secid contains the security ID. | 1203 | * @secid contains the security ID. |
1185 | * @secdata contains the pointer that stores the converted security context. | 1204 | * @secdata contains the pointer that stores the converted security context. |
1205 | * @secctx_to_secid: | ||
1206 | * Convert security context to secid. | ||
1207 | * @secid contains the pointer to the generated security ID. | ||
1208 | * @secdata contains the security context. | ||
1186 | * | 1209 | * |
1187 | * @release_secctx: | 1210 | * @release_secctx: |
1188 | * Release the security context. | 1211 | * Release the security context. |
@@ -1235,13 +1258,19 @@ struct security_operations { | |||
1235 | void (*sb_umount_busy) (struct vfsmount * mnt); | 1258 | void (*sb_umount_busy) (struct vfsmount * mnt); |
1236 | void (*sb_post_remount) (struct vfsmount * mnt, | 1259 | void (*sb_post_remount) (struct vfsmount * mnt, |
1237 | unsigned long flags, void *data); | 1260 | unsigned long flags, void *data); |
1238 | void (*sb_post_mountroot) (void); | ||
1239 | void (*sb_post_addmount) (struct vfsmount * mnt, | 1261 | void (*sb_post_addmount) (struct vfsmount * mnt, |
1240 | struct nameidata * mountpoint_nd); | 1262 | struct nameidata * mountpoint_nd); |
1241 | int (*sb_pivotroot) (struct nameidata * old_nd, | 1263 | int (*sb_pivotroot) (struct nameidata * old_nd, |
1242 | struct nameidata * new_nd); | 1264 | struct nameidata * new_nd); |
1243 | void (*sb_post_pivotroot) (struct nameidata * old_nd, | 1265 | void (*sb_post_pivotroot) (struct nameidata * old_nd, |
1244 | struct nameidata * new_nd); | 1266 | struct nameidata * new_nd); |
1267 | int (*sb_get_mnt_opts) (const struct super_block *sb, | ||
1268 | char ***mount_options, int **flags, | ||
1269 | int *num_opts); | ||
1270 | int (*sb_set_mnt_opts) (struct super_block *sb, char **mount_options, | ||
1271 | int *flags, int num_opts); | ||
1272 | void (*sb_clone_mnt_opts) (const struct super_block *oldsb, | ||
1273 | struct super_block *newsb); | ||
1245 | 1274 | ||
1246 | int (*inode_alloc_security) (struct inode *inode); | 1275 | int (*inode_alloc_security) (struct inode *inode); |
1247 | void (*inode_free_security) (struct inode *inode); | 1276 | void (*inode_free_security) (struct inode *inode); |
@@ -1371,6 +1400,7 @@ struct security_operations { | |||
1371 | int (*getprocattr)(struct task_struct *p, char *name, char **value); | 1400 | int (*getprocattr)(struct task_struct *p, char *name, char **value); |
1372 | int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size); | 1401 | int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size); |
1373 | int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen); | 1402 | int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen); |
1403 | int (*secctx_to_secid)(char *secdata, u32 seclen, u32 *secid); | ||
1374 | void (*release_secctx)(char *secdata, u32 seclen); | 1404 | void (*release_secctx)(char *secdata, u32 seclen); |
1375 | 1405 | ||
1376 | #ifdef CONFIG_SECURITY_NETWORK | 1406 | #ifdef CONFIG_SECURITY_NETWORK |
@@ -1495,10 +1525,16 @@ int security_sb_umount(struct vfsmount *mnt, int flags); | |||
1495 | void security_sb_umount_close(struct vfsmount *mnt); | 1525 | void security_sb_umount_close(struct vfsmount *mnt); |
1496 | void security_sb_umount_busy(struct vfsmount *mnt); | 1526 | void security_sb_umount_busy(struct vfsmount *mnt); |
1497 | void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data); | 1527 | void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data); |
1498 | void security_sb_post_mountroot(void); | ||
1499 | void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd); | 1528 | void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd); |
1500 | int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd); | 1529 | int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd); |
1501 | void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd); | 1530 | void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd); |
1531 | int security_sb_get_mnt_opts(const struct super_block *sb, char ***mount_options, | ||
1532 | int **flags, int *num_opts); | ||
1533 | int security_sb_set_mnt_opts(struct super_block *sb, char **mount_options, | ||
1534 | int *flags, int num_opts); | ||
1535 | void security_sb_clone_mnt_opts(const struct super_block *oldsb, | ||
1536 | struct super_block *newsb); | ||
1537 | |||
1502 | int security_inode_alloc(struct inode *inode); | 1538 | int security_inode_alloc(struct inode *inode); |
1503 | void security_inode_free(struct inode *inode); | 1539 | void security_inode_free(struct inode *inode); |
1504 | int security_inode_init_security(struct inode *inode, struct inode *dir, | 1540 | int security_inode_init_security(struct inode *inode, struct inode *dir, |
@@ -1603,6 +1639,7 @@ int security_setprocattr(struct task_struct *p, char *name, void *value, size_t | |||
1603 | int security_netlink_send(struct sock *sk, struct sk_buff *skb); | 1639 | int security_netlink_send(struct sock *sk, struct sk_buff *skb); |
1604 | int security_netlink_recv(struct sk_buff *skb, int cap); | 1640 | int security_netlink_recv(struct sk_buff *skb, int cap); |
1605 | int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); | 1641 | int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); |
1642 | int security_secctx_to_secid(char *secdata, u32 seclen, u32 *secid); | ||
1606 | void security_release_secctx(char *secdata, u32 seclen); | 1643 | void security_release_secctx(char *secdata, u32 seclen); |
1607 | 1644 | ||
1608 | #else /* CONFIG_SECURITY */ | 1645 | #else /* CONFIG_SECURITY */ |
@@ -1777,9 +1814,6 @@ static inline void security_sb_post_remount (struct vfsmount *mnt, | |||
1777 | unsigned long flags, void *data) | 1814 | unsigned long flags, void *data) |
1778 | { } | 1815 | { } |
1779 | 1816 | ||
1780 | static inline void security_sb_post_mountroot (void) | ||
1781 | { } | ||
1782 | |||
1783 | static inline void security_sb_post_addmount (struct vfsmount *mnt, | 1817 | static inline void security_sb_post_addmount (struct vfsmount *mnt, |
1784 | struct nameidata *mountpoint_nd) | 1818 | struct nameidata *mountpoint_nd) |
1785 | { } | 1819 | { } |
@@ -2266,7 +2300,7 @@ static inline struct dentry *securityfs_create_file(const char *name, | |||
2266 | mode_t mode, | 2300 | mode_t mode, |
2267 | struct dentry *parent, | 2301 | struct dentry *parent, |
2268 | void *data, | 2302 | void *data, |
2269 | struct file_operations *fops) | 2303 | const struct file_operations *fops) |
2270 | { | 2304 | { |
2271 | return ERR_PTR(-ENODEV); | 2305 | return ERR_PTR(-ENODEV); |
2272 | } | 2306 | } |
@@ -2280,6 +2314,13 @@ static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *secle | |||
2280 | return -EOPNOTSUPP; | 2314 | return -EOPNOTSUPP; |
2281 | } | 2315 | } |
2282 | 2316 | ||
2317 | static inline int security_secctx_to_secid(char *secdata, | ||
2318 | u32 seclen, | ||
2319 | u32 *secid) | ||
2320 | { | ||
2321 | return -EOPNOTSUPP; | ||
2322 | } | ||
2323 | |||
2283 | static inline void security_release_secctx(char *secdata, u32 seclen) | 2324 | static inline void security_release_secctx(char *secdata, u32 seclen) |
2284 | { | 2325 | { |
2285 | } | 2326 | } |