aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/security.h
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2011-03-16 12:15:43 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2011-03-16 12:15:43 -0400
commit0f6e0e8448a16d8d22119ce91d8dd24b44865b51 (patch)
tree7c295c02db035fc6a0b867465911a2bc9dc6b1ef /include/linux/security.h
parent0d2ecee2bdb2a19d04bc5cefac0f86e790f1aad4 (diff)
parenta002951c97ff8da49938c982a4c236bf2fafdc9f (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (33 commits) AppArmor: kill unused macros in lsm.c AppArmor: cleanup generated files correctly KEYS: Add an iovec version of KEYCTL_INSTANTIATE KEYS: Add a new keyctl op to reject a key with a specified error code KEYS: Add a key type op to permit the key description to be vetted KEYS: Add an RCU payload dereference macro AppArmor: Cleanup make file to remove cruft and make it easier to read SELinux: implement the new sb_remount LSM hook LSM: Pass -o remount options to the LSM SELinux: Compute SID for the newly created socket SELinux: Socket retains creator role and MLS attribute SELinux: Auto-generate security_is_socket_class TOMOYO: Fix memory leak upon file open. Revert "selinux: simplify ioctl checking" selinux: drop unused packet flow permissions selinux: Fix packet forwarding checks on postrouting selinux: Fix wrong checks for selinux_policycap_netpeer selinux: Fix check for xfrm selinux context algorithm ima: remove unnecessary call to ima_must_measure IMA: remove IMA imbalance checking ...
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h35
1 files changed, 20 insertions, 15 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index debbd97db7ab..83d9227abf02 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -25,6 +25,7 @@
25#include <linux/fs.h> 25#include <linux/fs.h>
26#include <linux/fsnotify.h> 26#include <linux/fsnotify.h>
27#include <linux/binfmts.h> 27#include <linux/binfmts.h>
28#include <linux/dcache.h>
28#include <linux/signal.h> 29#include <linux/signal.h>
29#include <linux/resource.h> 30#include <linux/resource.h>
30#include <linux/sem.h> 31#include <linux/sem.h>
@@ -267,6 +268,12 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
267 * @orig the original mount data copied from userspace. 268 * @orig the original mount data copied from userspace.
268 * @copy copied data which will be passed to the security module. 269 * @copy copied data which will be passed to the security module.
269 * Returns 0 if the copy was successful. 270 * Returns 0 if the copy was successful.
271 * @sb_remount:
272 * Extracts security system specifc mount options and verifys no changes
273 * are being made to those options.
274 * @sb superblock being remounted
275 * @data contains the filesystem-specific data.
276 * Return 0 if permission is granted.
270 * @sb_umount: 277 * @sb_umount:
271 * Check permission before the @mnt file system is unmounted. 278 * Check permission before the @mnt file system is unmounted.
272 * @mnt contains the mounted file system. 279 * @mnt contains the mounted file system.
@@ -315,6 +322,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
315 * then it should return -EOPNOTSUPP to skip this processing. 322 * then it should return -EOPNOTSUPP to skip this processing.
316 * @inode contains the inode structure of the newly created inode. 323 * @inode contains the inode structure of the newly created inode.
317 * @dir contains the inode structure of the parent directory. 324 * @dir contains the inode structure of the parent directory.
325 * @qstr contains the last path component of the new object
318 * @name will be set to the allocated name suffix (e.g. selinux). 326 * @name will be set to the allocated name suffix (e.g. selinux).
319 * @value will be set to the allocated attribute value. 327 * @value will be set to the allocated attribute value.
320 * @len will be set to the length of the value. 328 * @len will be set to the length of the value.
@@ -1257,12 +1265,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1257 * @cap contains the capability <include/linux/capability.h>. 1265 * @cap contains the capability <include/linux/capability.h>.
1258 * @audit: Whether to write an audit message or not 1266 * @audit: Whether to write an audit message or not
1259 * Return 0 if the capability is granted for @tsk. 1267 * Return 0 if the capability is granted for @tsk.
1260 * @sysctl:
1261 * Check permission before accessing the @table sysctl variable in the
1262 * manner specified by @op.
1263 * @table contains the ctl_table structure for the sysctl variable.
1264 * @op contains the operation (001 = search, 002 = write, 004 = read).
1265 * Return 0 if permission is granted.
1266 * @syslog: 1268 * @syslog:
1267 * Check permission before accessing the kernel message ring or changing 1269 * Check permission before accessing the kernel message ring or changing
1268 * logging to the console. 1270 * logging to the console.
@@ -1383,7 +1385,6 @@ struct security_operations {
1383 const kernel_cap_t *permitted); 1385 const kernel_cap_t *permitted);
1384 int (*capable) (struct task_struct *tsk, const struct cred *cred, 1386 int (*capable) (struct task_struct *tsk, const struct cred *cred,
1385 int cap, int audit); 1387 int cap, int audit);
1386 int (*sysctl) (struct ctl_table *table, int op);
1387 int (*quotactl) (int cmds, int type, int id, struct super_block *sb); 1388 int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
1388 int (*quota_on) (struct dentry *dentry); 1389 int (*quota_on) (struct dentry *dentry);
1389 int (*syslog) (int type); 1390 int (*syslog) (int type);
@@ -1399,6 +1400,7 @@ struct security_operations {
1399 int (*sb_alloc_security) (struct super_block *sb); 1400 int (*sb_alloc_security) (struct super_block *sb);
1400 void (*sb_free_security) (struct super_block *sb); 1401 void (*sb_free_security) (struct super_block *sb);
1401 int (*sb_copy_data) (char *orig, char *copy); 1402 int (*sb_copy_data) (char *orig, char *copy);
1403 int (*sb_remount) (struct super_block *sb, void *data);
1402 int (*sb_kern_mount) (struct super_block *sb, int flags, void *data); 1404 int (*sb_kern_mount) (struct super_block *sb, int flags, void *data);
1403 int (*sb_show_options) (struct seq_file *m, struct super_block *sb); 1405 int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
1404 int (*sb_statfs) (struct dentry *dentry); 1406 int (*sb_statfs) (struct dentry *dentry);
@@ -1435,7 +1437,8 @@ struct security_operations {
1435 int (*inode_alloc_security) (struct inode *inode); 1437 int (*inode_alloc_security) (struct inode *inode);
1436 void (*inode_free_security) (struct inode *inode); 1438 void (*inode_free_security) (struct inode *inode);
1437 int (*inode_init_security) (struct inode *inode, struct inode *dir, 1439 int (*inode_init_security) (struct inode *inode, struct inode *dir,
1438 char **name, void **value, size_t *len); 1440 const struct qstr *qstr, char **name,
1441 void **value, size_t *len);
1439 int (*inode_create) (struct inode *dir, 1442 int (*inode_create) (struct inode *dir,
1440 struct dentry *dentry, int mode); 1443 struct dentry *dentry, int mode);
1441 int (*inode_link) (struct dentry *old_dentry, 1444 int (*inode_link) (struct dentry *old_dentry,
@@ -1665,7 +1668,6 @@ int security_capset(struct cred *new, const struct cred *old,
1665int security_capable(const struct cred *cred, int cap); 1668int security_capable(const struct cred *cred, int cap);
1666int security_real_capable(struct task_struct *tsk, int cap); 1669int security_real_capable(struct task_struct *tsk, int cap);
1667int security_real_capable_noaudit(struct task_struct *tsk, int cap); 1670int security_real_capable_noaudit(struct task_struct *tsk, int cap);
1668int security_sysctl(struct ctl_table *table, int op);
1669int security_quotactl(int cmds, int type, int id, struct super_block *sb); 1671int security_quotactl(int cmds, int type, int id, struct super_block *sb);
1670int security_quota_on(struct dentry *dentry); 1672int security_quota_on(struct dentry *dentry);
1671int security_syslog(int type); 1673int security_syslog(int type);
@@ -1681,6 +1683,7 @@ int security_bprm_secureexec(struct linux_binprm *bprm);
1681int security_sb_alloc(struct super_block *sb); 1683int security_sb_alloc(struct super_block *sb);
1682void security_sb_free(struct super_block *sb); 1684void security_sb_free(struct super_block *sb);
1683int security_sb_copy_data(char *orig, char *copy); 1685int security_sb_copy_data(char *orig, char *copy);
1686int security_sb_remount(struct super_block *sb, void *data);
1684int security_sb_kern_mount(struct super_block *sb, int flags, void *data); 1687int security_sb_kern_mount(struct super_block *sb, int flags, void *data);
1685int security_sb_show_options(struct seq_file *m, struct super_block *sb); 1688int security_sb_show_options(struct seq_file *m, struct super_block *sb);
1686int security_sb_statfs(struct dentry *dentry); 1689int security_sb_statfs(struct dentry *dentry);
@@ -1696,7 +1699,8 @@ int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts);
1696int security_inode_alloc(struct inode *inode); 1699int security_inode_alloc(struct inode *inode);
1697void security_inode_free(struct inode *inode); 1700void security_inode_free(struct inode *inode);
1698int security_inode_init_security(struct inode *inode, struct inode *dir, 1701int security_inode_init_security(struct inode *inode, struct inode *dir,
1699 char **name, void **value, size_t *len); 1702 const struct qstr *qstr, char **name,
1703 void **value, size_t *len);
1700int security_inode_create(struct inode *dir, struct dentry *dentry, int mode); 1704int security_inode_create(struct inode *dir, struct dentry *dentry, int mode);
1701int security_inode_link(struct dentry *old_dentry, struct inode *dir, 1705int security_inode_link(struct dentry *old_dentry, struct inode *dir,
1702 struct dentry *new_dentry); 1706 struct dentry *new_dentry);
@@ -1883,11 +1887,6 @@ int security_real_capable_noaudit(struct task_struct *tsk, int cap)
1883 return ret; 1887 return ret;
1884} 1888}
1885 1889
1886static inline int security_sysctl(struct ctl_table *table, int op)
1887{
1888 return 0;
1889}
1890
1891static inline int security_quotactl(int cmds, int type, int id, 1890static inline int security_quotactl(int cmds, int type, int id,
1892 struct super_block *sb) 1891 struct super_block *sb)
1893{ 1892{
@@ -1965,6 +1964,11 @@ static inline int security_sb_copy_data(char *orig, char *copy)
1965 return 0; 1964 return 0;
1966} 1965}
1967 1966
1967static inline int security_sb_remount(struct super_block *sb, void *data)
1968{
1969 return 0;
1970}
1971
1968static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data) 1972static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
1969{ 1973{
1970 return 0; 1974 return 0;
@@ -2024,6 +2028,7 @@ static inline void security_inode_free(struct inode *inode)
2024 2028
2025static inline int security_inode_init_security(struct inode *inode, 2029static inline int security_inode_init_security(struct inode *inode,
2026 struct inode *dir, 2030 struct inode *dir,
2031 const struct qstr *qstr,
2027 char **name, 2032 char **name,
2028 void **value, 2033 void **value,
2029 size_t *len) 2034 size_t *len)