diff options
| author | James Morris <jmorris@namei.org> | 2011-01-09 17:46:24 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2011-01-09 17:46:24 -0500 |
| commit | d2e7ad19229f982fc1eb731827d82ceac90abfb3 (patch) | |
| tree | 98a3741b4d4b27a48b3c7ea9babe331e539416a8 /include/linux/security.h | |
| parent | d03a5d888fb688c832d470b749acc5ed38e0bc1d (diff) | |
| parent | 0c21e3aaf6ae85bee804a325aa29c325209180fd (diff) | |
Merge branch 'master' into next
Conflicts:
security/smack/smack_lsm.c
Verified and added fix by Stephen Rothwell <sfr@canb.auug.org.au>
Ok'd by Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index e7d89b0c1fd8..c642bb8b8f5a 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -457,7 +457,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 457 | * called when the actual read/write operations are performed. | 457 | * called when the actual read/write operations are performed. |
| 458 | * @inode contains the inode structure to check. | 458 | * @inode contains the inode structure to check. |
| 459 | * @mask contains the permission mask. | 459 | * @mask contains the permission mask. |
| 460 | * @nd contains the nameidata (may be NULL). | ||
| 461 | * Return 0 if permission is granted. | 460 | * Return 0 if permission is granted. |
| 462 | * @inode_setattr: | 461 | * @inode_setattr: |
| 463 | * Check permission before setting file attributes. Note that the kernel | 462 | * Check permission before setting file attributes. Note that the kernel |
| @@ -796,8 +795,9 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 796 | * @unix_stream_connect: | 795 | * @unix_stream_connect: |
| 797 | * Check permissions before establishing a Unix domain stream connection | 796 | * Check permissions before establishing a Unix domain stream connection |
| 798 | * between @sock and @other. | 797 | * between @sock and @other. |
| 799 | * @sock contains the socket structure. | 798 | * @sock contains the sock structure. |
| 800 | * @other contains the peer socket structure. | 799 | * @other contains the peer sock structure. |
| 800 | * @newsk contains the new sock structure. | ||
| 801 | * Return 0 if permission is granted. | 801 | * Return 0 if permission is granted. |
| 802 | * @unix_may_send: | 802 | * @unix_may_send: |
| 803 | * Check permissions before connecting or sending datagrams from @sock to | 803 | * Check permissions before connecting or sending datagrams from @sock to |
| @@ -1567,8 +1567,7 @@ struct security_operations { | |||
| 1567 | int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen); | 1567 | int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen); |
| 1568 | 1568 | ||
| 1569 | #ifdef CONFIG_SECURITY_NETWORK | 1569 | #ifdef CONFIG_SECURITY_NETWORK |
| 1570 | int (*unix_stream_connect) (struct socket *sock, | 1570 | int (*unix_stream_connect) (struct sock *sock, struct sock *other, struct sock *newsk); |
| 1571 | struct socket *other, struct sock *newsk); | ||
| 1572 | int (*unix_may_send) (struct socket *sock, struct socket *other); | 1571 | int (*unix_may_send) (struct socket *sock, struct socket *other); |
| 1573 | 1572 | ||
| 1574 | int (*socket_create) (int family, int type, int protocol, int kern); | 1573 | int (*socket_create) (int family, int type, int protocol, int kern); |
| @@ -1712,6 +1711,7 @@ int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, | |||
| 1712 | int security_inode_readlink(struct dentry *dentry); | 1711 | int security_inode_readlink(struct dentry *dentry); |
| 1713 | int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); | 1712 | int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); |
| 1714 | int security_inode_permission(struct inode *inode, int mask); | 1713 | int security_inode_permission(struct inode *inode, int mask); |
| 1714 | int security_inode_exec_permission(struct inode *inode, unsigned int flags); | ||
| 1715 | int security_inode_setattr(struct dentry *dentry, struct iattr *attr); | 1715 | int security_inode_setattr(struct dentry *dentry, struct iattr *attr); |
| 1716 | int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); | 1716 | int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); |
| 1717 | int security_inode_setxattr(struct dentry *dentry, const char *name, | 1717 | int security_inode_setxattr(struct dentry *dentry, const char *name, |
| @@ -2101,6 +2101,12 @@ static inline int security_inode_permission(struct inode *inode, int mask) | |||
| 2101 | return 0; | 2101 | return 0; |
| 2102 | } | 2102 | } |
| 2103 | 2103 | ||
| 2104 | static inline int security_inode_exec_permission(struct inode *inode, | ||
| 2105 | unsigned int flags) | ||
| 2106 | { | ||
| 2107 | return 0; | ||
| 2108 | } | ||
| 2109 | |||
| 2104 | static inline int security_inode_setattr(struct dentry *dentry, | 2110 | static inline int security_inode_setattr(struct dentry *dentry, |
| 2105 | struct iattr *attr) | 2111 | struct iattr *attr) |
| 2106 | { | 2112 | { |
| @@ -2524,8 +2530,7 @@ static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 | |||
| 2524 | 2530 | ||
| 2525 | #ifdef CONFIG_SECURITY_NETWORK | 2531 | #ifdef CONFIG_SECURITY_NETWORK |
| 2526 | 2532 | ||
| 2527 | int security_unix_stream_connect(struct socket *sock, struct socket *other, | 2533 | int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk); |
| 2528 | struct sock *newsk); | ||
| 2529 | int security_unix_may_send(struct socket *sock, struct socket *other); | 2534 | int security_unix_may_send(struct socket *sock, struct socket *other); |
| 2530 | int security_socket_create(int family, int type, int protocol, int kern); | 2535 | int security_socket_create(int family, int type, int protocol, int kern); |
| 2531 | int security_socket_post_create(struct socket *sock, int family, | 2536 | int security_socket_post_create(struct socket *sock, int family, |
| @@ -2566,8 +2571,8 @@ void security_tun_dev_post_create(struct sock *sk); | |||
| 2566 | int security_tun_dev_attach(struct sock *sk); | 2571 | int security_tun_dev_attach(struct sock *sk); |
| 2567 | 2572 | ||
| 2568 | #else /* CONFIG_SECURITY_NETWORK */ | 2573 | #else /* CONFIG_SECURITY_NETWORK */ |
| 2569 | static inline int security_unix_stream_connect(struct socket *sock, | 2574 | static inline int security_unix_stream_connect(struct sock *sock, |
| 2570 | struct socket *other, | 2575 | struct sock *other, |
| 2571 | struct sock *newsk) | 2576 | struct sock *newsk) |
| 2572 | { | 2577 | { |
| 2573 | return 0; | 2578 | return 0; |