diff options
| author | Al Viro <viro@ftp.linux.org.uk> | 2012-02-12 22:58:52 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2012-02-13 18:45:42 -0500 |
| commit | 4040153087478993cbf0809f444400a3c808074c (patch) | |
| tree | 2dc7af85b0cf930f1656553bd38410b8c16601a6 | |
| parent | 191c542442fdf53cc3c496c00be13367fd9cd42d (diff) | |
security: trim security.h
Trim security.h
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: James Morris <jmorris@namei.org>
| -rw-r--r-- | drivers/net/macvtap.c | 1 | ||||
| -rw-r--r-- | drivers/target/iscsi/iscsi_target.c | 1 | ||||
| -rw-r--r-- | drivers/target/iscsi/iscsi_target_login.c | 1 | ||||
| -rw-r--r-- | fs/nfs/client.c | 1 | ||||
| -rw-r--r-- | fs/proc/proc_sysctl.c | 2 | ||||
| -rw-r--r-- | fs/quota/dquot.c | 1 | ||||
| -rw-r--r-- | fs/super.c | 1 | ||||
| -rw-r--r-- | include/linux/security.h | 55 | ||||
| -rw-r--r-- | include/net/sock.h | 2 | ||||
| -rw-r--r-- | ipc/msgutil.c | 2 | ||||
| -rw-r--r-- | kernel/cred.c | 1 | ||||
| -rw-r--r-- | kernel/exit.c | 1 | ||||
| -rw-r--r-- | kernel/sched/core.c | 1 | ||||
| -rw-r--r-- | kernel/sysctl.c | 1 | ||||
| -rw-r--r-- | mm/mmap.c | 13 | ||||
| -rw-r--r-- | security/commoncap.c | 1 | ||||
| -rw-r--r-- | security/security.c | 2 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 2 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 3 |
19 files changed, 66 insertions, 26 deletions
diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c index 58dc117a8d78..0427c6561c84 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c | |||
| @@ -13,6 +13,7 @@ | |||
| 13 | #include <linux/init.h> | 13 | #include <linux/init.h> |
| 14 | #include <linux/wait.h> | 14 | #include <linux/wait.h> |
| 15 | #include <linux/cdev.h> | 15 | #include <linux/cdev.h> |
| 16 | #include <linux/idr.h> | ||
| 16 | #include <linux/fs.h> | 17 | #include <linux/fs.h> |
| 17 | 18 | ||
| 18 | #include <net/net_namespace.h> | 19 | #include <net/net_namespace.h> |
diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c index 44262908def5..33df66d91aad 100644 --- a/drivers/target/iscsi/iscsi_target.c +++ b/drivers/target/iscsi/iscsi_target.c | |||
| @@ -23,6 +23,7 @@ | |||
| 23 | #include <linux/crypto.h> | 23 | #include <linux/crypto.h> |
| 24 | #include <linux/completion.h> | 24 | #include <linux/completion.h> |
| 25 | #include <linux/module.h> | 25 | #include <linux/module.h> |
| 26 | #include <linux/idr.h> | ||
| 26 | #include <asm/unaligned.h> | 27 | #include <asm/unaligned.h> |
| 27 | #include <scsi/scsi_device.h> | 28 | #include <scsi/scsi_device.h> |
| 28 | #include <scsi/iscsi_proto.h> | 29 | #include <scsi/iscsi_proto.h> |
diff --git a/drivers/target/iscsi/iscsi_target_login.c b/drivers/target/iscsi/iscsi_target_login.c index 38cb7ce8469e..1ee33a8c3fab 100644 --- a/drivers/target/iscsi/iscsi_target_login.c +++ b/drivers/target/iscsi/iscsi_target_login.c | |||
| @@ -21,6 +21,7 @@ | |||
| 21 | #include <linux/string.h> | 21 | #include <linux/string.h> |
| 22 | #include <linux/kthread.h> | 22 | #include <linux/kthread.h> |
| 23 | #include <linux/crypto.h> | 23 | #include <linux/crypto.h> |
| 24 | #include <linux/idr.h> | ||
| 24 | #include <scsi/iscsi_proto.h> | 25 | #include <scsi/iscsi_proto.h> |
| 25 | #include <target/target_core_base.h> | 26 | #include <target/target_core_base.h> |
| 26 | #include <target/target_core_fabric.h> | 27 | #include <target/target_core_fabric.h> |
diff --git a/fs/nfs/client.c b/fs/nfs/client.c index 31778f74357d..d4f772ebd1ef 100644 --- a/fs/nfs/client.c +++ b/fs/nfs/client.c | |||
| @@ -36,6 +36,7 @@ | |||
| 36 | #include <linux/inet.h> | 36 | #include <linux/inet.h> |
| 37 | #include <linux/in6.h> | 37 | #include <linux/in6.h> |
| 38 | #include <linux/slab.h> | 38 | #include <linux/slab.h> |
| 39 | #include <linux/idr.h> | ||
| 39 | #include <net/ipv6.h> | 40 | #include <net/ipv6.h> |
| 40 | #include <linux/nfs_xdr.h> | 41 | #include <linux/nfs_xdr.h> |
| 41 | #include <linux/sunrpc/bc_xprt.h> | 42 | #include <linux/sunrpc/bc_xprt.h> |
diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c index a6b62173d4c3..67bbf6e4e197 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c | |||
| @@ -6,7 +6,9 @@ | |||
| 6 | #include <linux/poll.h> | 6 | #include <linux/poll.h> |
| 7 | #include <linux/proc_fs.h> | 7 | #include <linux/proc_fs.h> |
| 8 | #include <linux/security.h> | 8 | #include <linux/security.h> |
| 9 | #include <linux/sched.h> | ||
| 9 | #include <linux/namei.h> | 10 | #include <linux/namei.h> |
| 11 | #include <linux/mm.h> | ||
| 10 | #include "internal.h" | 12 | #include "internal.h" |
| 11 | 13 | ||
| 12 | static const struct dentry_operations proc_sys_dentry_operations; | 14 | static const struct dentry_operations proc_sys_dentry_operations; |
diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c index 46741970371b..8b4f12b33f57 100644 --- a/fs/quota/dquot.c +++ b/fs/quota/dquot.c | |||
| @@ -71,6 +71,7 @@ | |||
| 71 | #include <linux/module.h> | 71 | #include <linux/module.h> |
| 72 | #include <linux/proc_fs.h> | 72 | #include <linux/proc_fs.h> |
| 73 | #include <linux/security.h> | 73 | #include <linux/security.h> |
| 74 | #include <linux/sched.h> | ||
| 74 | #include <linux/kmod.h> | 75 | #include <linux/kmod.h> |
| 75 | #include <linux/namei.h> | 76 | #include <linux/namei.h> |
| 76 | #include <linux/capability.h> | 77 | #include <linux/capability.h> |
diff --git a/fs/super.c b/fs/super.c index 6015c02296b7..18660532909e 100644 --- a/fs/super.c +++ b/fs/super.c | |||
| @@ -32,6 +32,7 @@ | |||
| 32 | #include <linux/backing-dev.h> | 32 | #include <linux/backing-dev.h> |
| 33 | #include <linux/rculist_bl.h> | 33 | #include <linux/rculist_bl.h> |
| 34 | #include <linux/cleancache.h> | 34 | #include <linux/cleancache.h> |
| 35 | #include <linux/fsnotify.h> | ||
| 35 | #include "internal.h" | 36 | #include "internal.h" |
| 36 | 37 | ||
| 37 | 38 | ||
diff --git a/include/linux/security.h b/include/linux/security.h index 2fefad6d27a0..339b3b120f6c 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -22,22 +22,36 @@ | |||
| 22 | #ifndef __LINUX_SECURITY_H | 22 | #ifndef __LINUX_SECURITY_H |
| 23 | #define __LINUX_SECURITY_H | 23 | #define __LINUX_SECURITY_H |
| 24 | 24 | ||
| 25 | #include <linux/fs.h> | ||
| 26 | #include <linux/fsnotify.h> | ||
| 27 | #include <linux/binfmts.h> | ||
| 28 | #include <linux/dcache.h> | ||
| 29 | #include <linux/signal.h> | ||
| 30 | #include <linux/resource.h> | ||
| 31 | #include <linux/sem.h> | ||
| 32 | #include <linux/shm.h> | ||
| 33 | #include <linux/mm.h> /* PAGE_ALIGN */ | ||
| 34 | #include <linux/msg.h> | ||
| 35 | #include <linux/sched.h> | ||
| 36 | #include <linux/key.h> | 25 | #include <linux/key.h> |
| 37 | #include <linux/xfrm.h> | 26 | #include <linux/capability.h> |
| 38 | #include <linux/slab.h> | 27 | #include <linux/slab.h> |
| 39 | #include <linux/xattr.h> | 28 | #include <linux/err.h> |
| 40 | #include <net/flow.h> | 29 | |
| 30 | struct linux_binprm; | ||
| 31 | struct cred; | ||
| 32 | struct rlimit; | ||
| 33 | struct siginfo; | ||
| 34 | struct sem_array; | ||
| 35 | struct sembuf; | ||
| 36 | struct kern_ipc_perm; | ||
| 37 | struct audit_context; | ||
| 38 | struct super_block; | ||
| 39 | struct inode; | ||
| 40 | struct dentry; | ||
| 41 | struct file; | ||
| 42 | struct vfsmount; | ||
| 43 | struct path; | ||
| 44 | struct qstr; | ||
| 45 | struct nameidata; | ||
| 46 | struct iattr; | ||
| 47 | struct fown_struct; | ||
| 48 | struct file_operations; | ||
| 49 | struct shmid_kernel; | ||
| 50 | struct msg_msg; | ||
| 51 | struct msg_queue; | ||
| 52 | struct xattr; | ||
| 53 | struct xfrm_sec_ctx; | ||
| 54 | struct mm_struct; | ||
| 41 | 55 | ||
| 42 | /* Maximum number of letters for an LSM name string */ | 56 | /* Maximum number of letters for an LSM name string */ |
| 43 | #define SECURITY_NAME_MAX 10 | 57 | #define SECURITY_NAME_MAX 10 |
| @@ -49,6 +63,7 @@ | |||
| 49 | struct ctl_table; | 63 | struct ctl_table; |
| 50 | struct audit_krule; | 64 | struct audit_krule; |
| 51 | struct user_namespace; | 65 | struct user_namespace; |
| 66 | struct timezone; | ||
| 52 | 67 | ||
| 53 | /* | 68 | /* |
| 54 | * These functions are in security/capability.c and are used | 69 | * These functions are in security/capability.c and are used |
| @@ -131,18 +146,6 @@ struct request_sock; | |||
| 131 | #define LSM_UNSAFE_PTRACE_CAP 4 | 146 | #define LSM_UNSAFE_PTRACE_CAP 4 |
| 132 | 147 | ||
| 133 | #ifdef CONFIG_MMU | 148 | #ifdef CONFIG_MMU |
| 134 | /* | ||
| 135 | * If a hint addr is less than mmap_min_addr change hint to be as | ||
| 136 | * low as possible but still greater than mmap_min_addr | ||
| 137 | */ | ||
| 138 | static inline unsigned long round_hint_to_min(unsigned long hint) | ||
| 139 | { | ||
| 140 | hint &= PAGE_MASK; | ||
| 141 | if (((void *)hint != NULL) && | ||
| 142 | (hint < mmap_min_addr)) | ||
| 143 | return PAGE_ALIGN(mmap_min_addr); | ||
| 144 | return hint; | ||
| 145 | } | ||
| 146 | extern int mmap_min_addr_handler(struct ctl_table *table, int write, | 149 | extern int mmap_min_addr_handler(struct ctl_table *table, int write, |
| 147 | void __user *buffer, size_t *lenp, loff_t *ppos); | 150 | void __user *buffer, size_t *lenp, loff_t *ppos); |
| 148 | #endif | 151 | #endif |
diff --git a/include/net/sock.h b/include/net/sock.h index 91c1c8baf020..27508f07eada 100644 --- a/include/net/sock.h +++ b/include/net/sock.h | |||
| @@ -56,6 +56,8 @@ | |||
| 56 | #include <linux/memcontrol.h> | 56 | #include <linux/memcontrol.h> |
| 57 | #include <linux/res_counter.h> | 57 | #include <linux/res_counter.h> |
| 58 | #include <linux/jump_label.h> | 58 | #include <linux/jump_label.h> |
| 59 | #include <linux/aio.h> | ||
| 60 | #include <linux/sched.h> | ||
| 59 | 61 | ||
| 60 | #include <linux/filter.h> | 62 | #include <linux/filter.h> |
| 61 | #include <linux/rculist_nulls.h> | 63 | #include <linux/rculist_nulls.h> |
diff --git a/ipc/msgutil.c b/ipc/msgutil.c index 5652101cdac0..26143d377c95 100644 --- a/ipc/msgutil.c +++ b/ipc/msgutil.c | |||
| @@ -13,7 +13,9 @@ | |||
| 13 | #include <linux/security.h> | 13 | #include <linux/security.h> |
| 14 | #include <linux/slab.h> | 14 | #include <linux/slab.h> |
| 15 | #include <linux/ipc.h> | 15 | #include <linux/ipc.h> |
| 16 | #include <linux/msg.h> | ||
| 16 | #include <linux/ipc_namespace.h> | 17 | #include <linux/ipc_namespace.h> |
| 18 | #include <linux/utsname.h> | ||
| 17 | #include <asm/uaccess.h> | 19 | #include <asm/uaccess.h> |
| 18 | 20 | ||
| 19 | #include "util.h" | 21 | #include "util.h" |
diff --git a/kernel/cred.c b/kernel/cred.c index 5791612a4045..97b36eeca4c9 100644 --- a/kernel/cred.c +++ b/kernel/cred.c | |||
| @@ -16,6 +16,7 @@ | |||
| 16 | #include <linux/keyctl.h> | 16 | #include <linux/keyctl.h> |
| 17 | #include <linux/init_task.h> | 17 | #include <linux/init_task.h> |
| 18 | #include <linux/security.h> | 18 | #include <linux/security.h> |
| 19 | #include <linux/binfmts.h> | ||
| 19 | #include <linux/cn_proc.h> | 20 | #include <linux/cn_proc.h> |
| 20 | 21 | ||
| 21 | #if 0 | 22 | #if 0 |
diff --git a/kernel/exit.c b/kernel/exit.c index 4b4042f9bc6a..5ad867a3685e 100644 --- a/kernel/exit.c +++ b/kernel/exit.c | |||
| @@ -52,6 +52,7 @@ | |||
| 52 | #include <linux/hw_breakpoint.h> | 52 | #include <linux/hw_breakpoint.h> |
| 53 | #include <linux/oom.h> | 53 | #include <linux/oom.h> |
| 54 | #include <linux/writeback.h> | 54 | #include <linux/writeback.h> |
| 55 | #include <linux/shm.h> | ||
| 55 | 56 | ||
| 56 | #include <asm/uaccess.h> | 57 | #include <asm/uaccess.h> |
| 57 | #include <asm/unistd.h> | 58 | #include <asm/unistd.h> |
diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 5255c9d2e053..78682bfb3405 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c | |||
| @@ -71,6 +71,7 @@ | |||
| 71 | #include <linux/ftrace.h> | 71 | #include <linux/ftrace.h> |
| 72 | #include <linux/slab.h> | 72 | #include <linux/slab.h> |
| 73 | #include <linux/init_task.h> | 73 | #include <linux/init_task.h> |
| 74 | #include <linux/binfmts.h> | ||
| 74 | 75 | ||
| 75 | #include <asm/tlb.h> | 76 | #include <asm/tlb.h> |
| 76 | #include <asm/irq_regs.h> | 77 | #include <asm/irq_regs.h> |
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index f487f257e05e..11d53046b905 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c | |||
| @@ -58,6 +58,7 @@ | |||
| 58 | #include <linux/oom.h> | 58 | #include <linux/oom.h> |
| 59 | #include <linux/kmod.h> | 59 | #include <linux/kmod.h> |
| 60 | #include <linux/capability.h> | 60 | #include <linux/capability.h> |
| 61 | #include <linux/binfmts.h> | ||
| 61 | 62 | ||
| 62 | #include <asm/uaccess.h> | 63 | #include <asm/uaccess.h> |
| 63 | #include <asm/processor.h> | 64 | #include <asm/processor.h> |
| @@ -936,6 +936,19 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags, | |||
| 936 | #endif /* CONFIG_PROC_FS */ | 936 | #endif /* CONFIG_PROC_FS */ |
| 937 | 937 | ||
| 938 | /* | 938 | /* |
| 939 | * If a hint addr is less than mmap_min_addr change hint to be as | ||
| 940 | * low as possible but still greater than mmap_min_addr | ||
| 941 | */ | ||
| 942 | static inline unsigned long round_hint_to_min(unsigned long hint) | ||
| 943 | { | ||
| 944 | hint &= PAGE_MASK; | ||
| 945 | if (((void *)hint != NULL) && | ||
| 946 | (hint < mmap_min_addr)) | ||
| 947 | return PAGE_ALIGN(mmap_min_addr); | ||
| 948 | return hint; | ||
| 949 | } | ||
| 950 | |||
| 951 | /* | ||
| 939 | * The caller must hold down_write(¤t->mm->mmap_sem). | 952 | * The caller must hold down_write(¤t->mm->mmap_sem). |
| 940 | */ | 953 | */ |
| 941 | 954 | ||
diff --git a/security/commoncap.c b/security/commoncap.c index 7ce191ea29a0..0cf4b53480a7 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -28,6 +28,7 @@ | |||
| 28 | #include <linux/prctl.h> | 28 | #include <linux/prctl.h> |
| 29 | #include <linux/securebits.h> | 29 | #include <linux/securebits.h> |
| 30 | #include <linux/user_namespace.h> | 30 | #include <linux/user_namespace.h> |
| 31 | #include <linux/binfmts.h> | ||
| 31 | 32 | ||
| 32 | /* | 33 | /* |
| 33 | * If a non-root user executes a setuid-root binary in | 34 | * If a non-root user executes a setuid-root binary in |
diff --git a/security/security.c b/security/security.c index 44177add4713..bf619ffc9a4d 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -19,6 +19,8 @@ | |||
| 19 | #include <linux/integrity.h> | 19 | #include <linux/integrity.h> |
| 20 | #include <linux/ima.h> | 20 | #include <linux/ima.h> |
| 21 | #include <linux/evm.h> | 21 | #include <linux/evm.h> |
| 22 | #include <linux/fsnotify.h> | ||
| 23 | #include <net/flow.h> | ||
| 22 | 24 | ||
| 23 | #define MAX_LSM_EVM_XATTR 2 | 25 | #define MAX_LSM_EVM_XATTR 2 |
| 24 | 26 | ||
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 6a3683e28426..304929909375 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -81,6 +81,8 @@ | |||
| 81 | #include <linux/syslog.h> | 81 | #include <linux/syslog.h> |
| 82 | #include <linux/user_namespace.h> | 82 | #include <linux/user_namespace.h> |
| 83 | #include <linux/export.h> | 83 | #include <linux/export.h> |
| 84 | #include <linux/msg.h> | ||
| 85 | #include <linux/shm.h> | ||
| 84 | 86 | ||
| 85 | #include "avc.h" | 87 | #include "avc.h" |
| 86 | #include "objsec.h" | 88 | #include "objsec.h" |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index e8af5b0ba80f..cd667b4089a5 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -36,6 +36,9 @@ | |||
| 36 | #include <linux/magic.h> | 36 | #include <linux/magic.h> |
| 37 | #include <linux/dcache.h> | 37 | #include <linux/dcache.h> |
| 38 | #include <linux/personality.h> | 38 | #include <linux/personality.h> |
| 39 | #include <linux/msg.h> | ||
| 40 | #include <linux/shm.h> | ||
| 41 | #include <linux/binfmts.h> | ||
| 39 | #include "smack.h" | 42 | #include "smack.h" |
| 40 | 43 | ||
| 41 | #define task_security(task) (task_cred_xxx((task), security)) | 44 | #define task_security(task) (task_cred_xxx((task), security)) |