aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2008-01-25 11:44:29 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2008-01-25 11:44:29 -0500
commitb47711bfbcd4eb77ca61ef0162487b20e023ae55 (patch)
treeb2a695dbd40f7ca2333664cf946ef34eda7b7dba /include
parent7556afa0e0e436cad4f560ee83e5fbd5dac9359a (diff)
parent2e08c0c1c3977a5ddc88887dd3af1b26c433e9d0 (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6: selinux: make mls_compute_sid always polyinstantiate security/selinux: constify function pointer tables and fields security: add a secctx_to_secid() hook security: call security_file_permission from rw_verify_area security: remove security_sb_post_mountroot hook Security: remove security.h include from mm.h Security: remove security_file_mmap hook sparse-warnings (NULL as 0). Security: add get, set, and cloning of superblock security information security/selinux: Add missing "space"
Diffstat (limited to 'include')
-rw-r--r--include/linux/mm.h3
-rw-r--r--include/linux/security.h59
2 files changed, 52 insertions, 10 deletions
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 1b7b95c67ac..1897ca223ec 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -12,7 +12,6 @@
12#include <linux/prio_tree.h> 12#include <linux/prio_tree.h>
13#include <linux/debug_locks.h> 13#include <linux/debug_locks.h>
14#include <linux/mm_types.h> 14#include <linux/mm_types.h>
15#include <linux/security.h>
16 15
17struct mempolicy; 16struct mempolicy;
18struct anon_vma; 17struct anon_vma;
@@ -34,6 +33,8 @@ extern int sysctl_legacy_va_layout;
34#define sysctl_legacy_va_layout 0 33#define sysctl_legacy_va_layout 0
35#endif 34#endif
36 35
36extern unsigned long mmap_min_addr;
37
37#include <asm/page.h> 38#include <asm/page.h>
38#include <asm/pgtable.h> 39#include <asm/pgtable.h>
39#include <asm/processor.h> 40#include <asm/processor.h>
diff --git a/include/linux/security.h b/include/linux/security.h
index ac050830a87..d24974262dc 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -34,6 +34,12 @@
34#include <linux/xfrm.h> 34#include <linux/xfrm.h>
35#include <net/flow.h> 35#include <net/flow.h>
36 36
37/* only a char in selinux superblock security struct flags */
38#define FSCONTEXT_MNT 0x01
39#define CONTEXT_MNT 0x02
40#define ROOTCONTEXT_MNT 0x04
41#define DEFCONTEXT_MNT 0x08
42
37/* 43/*
38 * Bounding set 44 * Bounding set
39 */ 45 */
@@ -243,9 +249,6 @@ struct request_sock;
243 * @mnt contains the mounted file system. 249 * @mnt contains the mounted file system.
244 * @flags contains the new filesystem flags. 250 * @flags contains the new filesystem flags.
245 * @data contains the filesystem-specific data. 251 * @data contains the filesystem-specific data.
246 * @sb_post_mountroot:
247 * Update the security module's state when the root filesystem is mounted.
248 * This hook is only called if the mount was successful.
249 * @sb_post_addmount: 252 * @sb_post_addmount:
250 * Update the security module's state when a filesystem is mounted. 253 * Update the security module's state when a filesystem is mounted.
251 * This hook is called any time a mount is successfully grafetd to 254 * This hook is called any time a mount is successfully grafetd to
@@ -261,6 +264,22 @@ struct request_sock;
261 * Update module state after a successful pivot. 264 * Update module state after a successful pivot.
262 * @old_nd contains the nameidata structure for the old root. 265 * @old_nd contains the nameidata structure for the old root.
263 * @new_nd contains the nameidata structure for the new root. 266 * @new_nd contains the nameidata structure for the new root.
267 * @sb_get_mnt_opts:
268 * Get the security relevant mount options used for a superblock
269 * @sb the superblock to get security mount options from
270 * @mount_options array for pointers to mount options
271 * @mount_flags array of ints specifying what each mount options is
272 * @num_opts number of options in the arrays
273 * @sb_set_mnt_opts:
274 * Set the security relevant mount options used for a superblock
275 * @sb the superblock to set security mount options for
276 * @mount_options array for pointers to mount options
277 * @mount_flags array of ints specifying what each mount options is
278 * @num_opts number of options in the arrays
279 * @sb_clone_mnt_opts:
280 * Copy all security options from a given superblock to another
281 * @oldsb old superblock which contain information to clone
282 * @newsb new superblock which needs filled in
264 * 283 *
265 * Security hooks for inode operations. 284 * Security hooks for inode operations.
266 * 285 *
@@ -1183,6 +1202,10 @@ struct request_sock;
1183 * Convert secid to security context. 1202 * Convert secid to security context.
1184 * @secid contains the security ID. 1203 * @secid contains the security ID.
1185 * @secdata contains the pointer that stores the converted security context. 1204 * @secdata contains the pointer that stores the converted security context.
1205 * @secctx_to_secid:
1206 * Convert security context to secid.
1207 * @secid contains the pointer to the generated security ID.
1208 * @secdata contains the security context.
1186 * 1209 *
1187 * @release_secctx: 1210 * @release_secctx:
1188 * Release the security context. 1211 * Release the security context.
@@ -1235,13 +1258,19 @@ struct security_operations {
1235 void (*sb_umount_busy) (struct vfsmount * mnt); 1258 void (*sb_umount_busy) (struct vfsmount * mnt);
1236 void (*sb_post_remount) (struct vfsmount * mnt, 1259 void (*sb_post_remount) (struct vfsmount * mnt,
1237 unsigned long flags, void *data); 1260 unsigned long flags, void *data);
1238 void (*sb_post_mountroot) (void);
1239 void (*sb_post_addmount) (struct vfsmount * mnt, 1261 void (*sb_post_addmount) (struct vfsmount * mnt,
1240 struct nameidata * mountpoint_nd); 1262 struct nameidata * mountpoint_nd);
1241 int (*sb_pivotroot) (struct nameidata * old_nd, 1263 int (*sb_pivotroot) (struct nameidata * old_nd,
1242 struct nameidata * new_nd); 1264 struct nameidata * new_nd);
1243 void (*sb_post_pivotroot) (struct nameidata * old_nd, 1265 void (*sb_post_pivotroot) (struct nameidata * old_nd,
1244 struct nameidata * new_nd); 1266 struct nameidata * new_nd);
1267 int (*sb_get_mnt_opts) (const struct super_block *sb,
1268 char ***mount_options, int **flags,
1269 int *num_opts);
1270 int (*sb_set_mnt_opts) (struct super_block *sb, char **mount_options,
1271 int *flags, int num_opts);
1272 void (*sb_clone_mnt_opts) (const struct super_block *oldsb,
1273 struct super_block *newsb);
1245 1274
1246 int (*inode_alloc_security) (struct inode *inode); 1275 int (*inode_alloc_security) (struct inode *inode);
1247 void (*inode_free_security) (struct inode *inode); 1276 void (*inode_free_security) (struct inode *inode);
@@ -1371,6 +1400,7 @@ struct security_operations {
1371 int (*getprocattr)(struct task_struct *p, char *name, char **value); 1400 int (*getprocattr)(struct task_struct *p, char *name, char **value);
1372 int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size); 1401 int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size);
1373 int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen); 1402 int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen);
1403 int (*secctx_to_secid)(char *secdata, u32 seclen, u32 *secid);
1374 void (*release_secctx)(char *secdata, u32 seclen); 1404 void (*release_secctx)(char *secdata, u32 seclen);
1375 1405
1376#ifdef CONFIG_SECURITY_NETWORK 1406#ifdef CONFIG_SECURITY_NETWORK
@@ -1495,10 +1525,16 @@ int security_sb_umount(struct vfsmount *mnt, int flags);
1495void security_sb_umount_close(struct vfsmount *mnt); 1525void security_sb_umount_close(struct vfsmount *mnt);
1496void security_sb_umount_busy(struct vfsmount *mnt); 1526void security_sb_umount_busy(struct vfsmount *mnt);
1497void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data); 1527void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data);
1498void security_sb_post_mountroot(void);
1499void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd); 1528void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd);
1500int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd); 1529int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);
1501void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd); 1530void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);
1531int security_sb_get_mnt_opts(const struct super_block *sb, char ***mount_options,
1532 int **flags, int *num_opts);
1533int security_sb_set_mnt_opts(struct super_block *sb, char **mount_options,
1534 int *flags, int num_opts);
1535void security_sb_clone_mnt_opts(const struct super_block *oldsb,
1536 struct super_block *newsb);
1537
1502int security_inode_alloc(struct inode *inode); 1538int security_inode_alloc(struct inode *inode);
1503void security_inode_free(struct inode *inode); 1539void security_inode_free(struct inode *inode);
1504int security_inode_init_security(struct inode *inode, struct inode *dir, 1540int security_inode_init_security(struct inode *inode, struct inode *dir,
@@ -1603,6 +1639,7 @@ int security_setprocattr(struct task_struct *p, char *name, void *value, size_t
1603int security_netlink_send(struct sock *sk, struct sk_buff *skb); 1639int security_netlink_send(struct sock *sk, struct sk_buff *skb);
1604int security_netlink_recv(struct sk_buff *skb, int cap); 1640int security_netlink_recv(struct sk_buff *skb, int cap);
1605int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); 1641int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
1642int security_secctx_to_secid(char *secdata, u32 seclen, u32 *secid);
1606void security_release_secctx(char *secdata, u32 seclen); 1643void security_release_secctx(char *secdata, u32 seclen);
1607 1644
1608#else /* CONFIG_SECURITY */ 1645#else /* CONFIG_SECURITY */
@@ -1777,9 +1814,6 @@ static inline void security_sb_post_remount (struct vfsmount *mnt,
1777 unsigned long flags, void *data) 1814 unsigned long flags, void *data)
1778{ } 1815{ }
1779 1816
1780static inline void security_sb_post_mountroot (void)
1781{ }
1782
1783static inline void security_sb_post_addmount (struct vfsmount *mnt, 1817static inline void security_sb_post_addmount (struct vfsmount *mnt,
1784 struct nameidata *mountpoint_nd) 1818 struct nameidata *mountpoint_nd)
1785{ } 1819{ }
@@ -2266,7 +2300,7 @@ static inline struct dentry *securityfs_create_file(const char *name,
2266 mode_t mode, 2300 mode_t mode,
2267 struct dentry *parent, 2301 struct dentry *parent,
2268 void *data, 2302 void *data,
2269 struct file_operations *fops) 2303 const struct file_operations *fops)
2270{ 2304{
2271 return ERR_PTR(-ENODEV); 2305 return ERR_PTR(-ENODEV);
2272} 2306}
@@ -2280,6 +2314,13 @@ static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *secle
2280 return -EOPNOTSUPP; 2314 return -EOPNOTSUPP;
2281} 2315}
2282 2316
2317static inline int security_secctx_to_secid(char *secdata,
2318 u32 seclen,
2319 u32 *secid)
2320{
2321 return -EOPNOTSUPP;
2322}
2323
2283static inline void security_release_secctx(char *secdata, u32 seclen) 2324static inline void security_release_secctx(char *secdata, u32 seclen)
2284{ 2325{
2285} 2326}