diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-18 21:18:30 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-18 21:18:30 -0400 |
commit | 3925e6fc1f774048404fdd910b0345b06c699eb4 (patch) | |
tree | c9a58417d9492f39f7fe81d4721d674c34dd8be2 /include/linux/security.h | |
parent | 334d094504c2fe1c44211ecb49146ae6bca8c321 (diff) | |
parent | 7cea51be4e91edad05bd834f3235b45c57783f0d (diff) |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
security: fix up documentation for security_module_enable
Security: Introduce security= boot parameter
Audit: Final renamings and cleanup
SELinux: use new audit hooks, remove redundant exports
Audit: internally use the new LSM audit hooks
LSM/Audit: Introduce generic Audit LSM hooks
SELinux: remove redundant exports
Netlink: Use generic LSM hook
Audit: use new LSM hooks instead of SELinux exports
SELinux: setup new inode/ipc getsecid hooks
LSM: Introduce inode_getsecid and ipc_getsecid hooks
Diffstat (limited to 'include/linux/security.h')
-rw-r--r-- | include/linux/security.h | 114 |
1 files changed, 113 insertions, 1 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index f5eb9ff47ac5..fea1f4aa4dd5 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -36,7 +36,11 @@ | |||
36 | 36 | ||
37 | extern unsigned securebits; | 37 | extern unsigned securebits; |
38 | 38 | ||
39 | /* Maximum number of letters for an LSM name string */ | ||
40 | #define SECURITY_NAME_MAX 10 | ||
41 | |||
39 | struct ctl_table; | 42 | struct ctl_table; |
43 | struct audit_krule; | ||
40 | 44 | ||
41 | /* | 45 | /* |
42 | * These functions are in security/capability.c and are used | 46 | * These functions are in security/capability.c and are used |
@@ -136,6 +140,12 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
136 | /** | 140 | /** |
137 | * struct security_operations - main security structure | 141 | * struct security_operations - main security structure |
138 | * | 142 | * |
143 | * Security module identifier. | ||
144 | * | ||
145 | * @name: | ||
146 | * A string that acts as a unique identifeir for the LSM with max number | ||
147 | * of characters = SECURITY_NAME_MAX. | ||
148 | * | ||
139 | * Security hooks for program execution operations. | 149 | * Security hooks for program execution operations. |
140 | * | 150 | * |
141 | * @bprm_alloc_security: | 151 | * @bprm_alloc_security: |
@@ -468,6 +478,11 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
468 | * @dentry is the dentry being changed. | 478 | * @dentry is the dentry being changed. |
469 | * Return 0 on success. If error is returned, then the operation | 479 | * Return 0 on success. If error is returned, then the operation |
470 | * causing setuid bit removal is failed. | 480 | * causing setuid bit removal is failed. |
481 | * @inode_getsecid: | ||
482 | * Get the secid associated with the node. | ||
483 | * @inode contains a pointer to the inode. | ||
484 | * @secid contains a pointer to the location where result will be saved. | ||
485 | * In case of failure, @secid will be set to zero. | ||
471 | * | 486 | * |
472 | * Security hooks for file operations | 487 | * Security hooks for file operations |
473 | * | 488 | * |
@@ -636,6 +651,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
636 | * @task_getsecid: | 651 | * @task_getsecid: |
637 | * Retrieve the security identifier of the process @p. | 652 | * Retrieve the security identifier of the process @p. |
638 | * @p contains the task_struct for the process and place is into @secid. | 653 | * @p contains the task_struct for the process and place is into @secid. |
654 | * In case of failure, @secid will be set to zero. | ||
655 | * | ||
639 | * @task_setgroups: | 656 | * @task_setgroups: |
640 | * Check permission before setting the supplementary group set of the | 657 | * Check permission before setting the supplementary group set of the |
641 | * current process. | 658 | * current process. |
@@ -997,6 +1014,11 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
997 | * @ipcp contains the kernel IPC permission structure | 1014 | * @ipcp contains the kernel IPC permission structure |
998 | * @flag contains the desired (requested) permission set | 1015 | * @flag contains the desired (requested) permission set |
999 | * Return 0 if permission is granted. | 1016 | * Return 0 if permission is granted. |
1017 | * @ipc_getsecid: | ||
1018 | * Get the secid associated with the ipc object. | ||
1019 | * @ipcp contains the kernel IPC permission structure. | ||
1020 | * @secid contains a pointer to the location where result will be saved. | ||
1021 | * In case of failure, @secid will be set to zero. | ||
1000 | * | 1022 | * |
1001 | * Security hooks for individual messages held in System V IPC message queues | 1023 | * Security hooks for individual messages held in System V IPC message queues |
1002 | * @msg_msg_alloc_security: | 1024 | * @msg_msg_alloc_security: |
@@ -1223,9 +1245,42 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1223 | * @secdata contains the security context. | 1245 | * @secdata contains the security context. |
1224 | * @seclen contains the length of the security context. | 1246 | * @seclen contains the length of the security context. |
1225 | * | 1247 | * |
1248 | * Security hooks for Audit | ||
1249 | * | ||
1250 | * @audit_rule_init: | ||
1251 | * Allocate and initialize an LSM audit rule structure. | ||
1252 | * @field contains the required Audit action. Fields flags are defined in include/linux/audit.h | ||
1253 | * @op contains the operator the rule uses. | ||
1254 | * @rulestr contains the context where the rule will be applied to. | ||
1255 | * @lsmrule contains a pointer to receive the result. | ||
1256 | * Return 0 if @lsmrule has been successfully set, | ||
1257 | * -EINVAL in case of an invalid rule. | ||
1258 | * | ||
1259 | * @audit_rule_known: | ||
1260 | * Specifies whether given @rule contains any fields related to current LSM. | ||
1261 | * @rule contains the audit rule of interest. | ||
1262 | * Return 1 in case of relation found, 0 otherwise. | ||
1263 | * | ||
1264 | * @audit_rule_match: | ||
1265 | * Determine if given @secid matches a rule previously approved | ||
1266 | * by @audit_rule_known. | ||
1267 | * @secid contains the security id in question. | ||
1268 | * @field contains the field which relates to current LSM. | ||
1269 | * @op contains the operator that will be used for matching. | ||
1270 | * @rule points to the audit rule that will be checked against. | ||
1271 | * @actx points to the audit context associated with the check. | ||
1272 | * Return 1 if secid matches the rule, 0 if it does not, -ERRNO on failure. | ||
1273 | * | ||
1274 | * @audit_rule_free: | ||
1275 | * Deallocate the LSM audit rule structure previously allocated by | ||
1276 | * audit_rule_init. | ||
1277 | * @rule contains the allocated rule | ||
1278 | * | ||
1226 | * This is the main security structure. | 1279 | * This is the main security structure. |
1227 | */ | 1280 | */ |
1228 | struct security_operations { | 1281 | struct security_operations { |
1282 | char name[SECURITY_NAME_MAX + 1]; | ||
1283 | |||
1229 | int (*ptrace) (struct task_struct * parent, struct task_struct * child); | 1284 | int (*ptrace) (struct task_struct * parent, struct task_struct * child); |
1230 | int (*capget) (struct task_struct * target, | 1285 | int (*capget) (struct task_struct * target, |
1231 | kernel_cap_t * effective, | 1286 | kernel_cap_t * effective, |
@@ -1317,6 +1372,7 @@ struct security_operations { | |||
1317 | int (*inode_getsecurity)(const struct inode *inode, const char *name, void **buffer, bool alloc); | 1372 | int (*inode_getsecurity)(const struct inode *inode, const char *name, void **buffer, bool alloc); |
1318 | int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); | 1373 | int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); |
1319 | int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); | 1374 | int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); |
1375 | void (*inode_getsecid)(const struct inode *inode, u32 *secid); | ||
1320 | 1376 | ||
1321 | int (*file_permission) (struct file * file, int mask); | 1377 | int (*file_permission) (struct file * file, int mask); |
1322 | int (*file_alloc_security) (struct file * file); | 1378 | int (*file_alloc_security) (struct file * file); |
@@ -1369,6 +1425,7 @@ struct security_operations { | |||
1369 | void (*task_to_inode)(struct task_struct *p, struct inode *inode); | 1425 | void (*task_to_inode)(struct task_struct *p, struct inode *inode); |
1370 | 1426 | ||
1371 | int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); | 1427 | int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); |
1428 | void (*ipc_getsecid) (struct kern_ipc_perm *ipcp, u32 *secid); | ||
1372 | 1429 | ||
1373 | int (*msg_msg_alloc_security) (struct msg_msg * msg); | 1430 | int (*msg_msg_alloc_security) (struct msg_msg * msg); |
1374 | void (*msg_msg_free_security) (struct msg_msg * msg); | 1431 | void (*msg_msg_free_security) (struct msg_msg * msg); |
@@ -1480,10 +1537,18 @@ struct security_operations { | |||
1480 | 1537 | ||
1481 | #endif /* CONFIG_KEYS */ | 1538 | #endif /* CONFIG_KEYS */ |
1482 | 1539 | ||
1540 | #ifdef CONFIG_AUDIT | ||
1541 | int (*audit_rule_init)(u32 field, u32 op, char *rulestr, void **lsmrule); | ||
1542 | int (*audit_rule_known)(struct audit_krule *krule); | ||
1543 | int (*audit_rule_match)(u32 secid, u32 field, u32 op, void *lsmrule, | ||
1544 | struct audit_context *actx); | ||
1545 | void (*audit_rule_free)(void *lsmrule); | ||
1546 | #endif /* CONFIG_AUDIT */ | ||
1483 | }; | 1547 | }; |
1484 | 1548 | ||
1485 | /* prototypes */ | 1549 | /* prototypes */ |
1486 | extern int security_init (void); | 1550 | extern int security_init (void); |
1551 | extern int security_module_enable(struct security_operations *ops); | ||
1487 | extern int register_security (struct security_operations *ops); | 1552 | extern int register_security (struct security_operations *ops); |
1488 | extern int mod_reg_security (const char *name, struct security_operations *ops); | 1553 | extern int mod_reg_security (const char *name, struct security_operations *ops); |
1489 | extern struct dentry *securityfs_create_file(const char *name, mode_t mode, | 1554 | extern struct dentry *securityfs_create_file(const char *name, mode_t mode, |
@@ -1578,6 +1643,7 @@ int security_inode_killpriv(struct dentry *dentry); | |||
1578 | int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc); | 1643 | int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc); |
1579 | int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); | 1644 | int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); |
1580 | int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); | 1645 | int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); |
1646 | void security_inode_getsecid(const struct inode *inode, u32 *secid); | ||
1581 | int security_file_permission(struct file *file, int mask); | 1647 | int security_file_permission(struct file *file, int mask); |
1582 | int security_file_alloc(struct file *file); | 1648 | int security_file_alloc(struct file *file); |
1583 | void security_file_free(struct file *file); | 1649 | void security_file_free(struct file *file); |
@@ -1622,6 +1688,7 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, | |||
1622 | void security_task_reparent_to_init(struct task_struct *p); | 1688 | void security_task_reparent_to_init(struct task_struct *p); |
1623 | void security_task_to_inode(struct task_struct *p, struct inode *inode); | 1689 | void security_task_to_inode(struct task_struct *p, struct inode *inode); |
1624 | int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); | 1690 | int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); |
1691 | void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); | ||
1625 | int security_msg_msg_alloc(struct msg_msg *msg); | 1692 | int security_msg_msg_alloc(struct msg_msg *msg); |
1626 | void security_msg_msg_free(struct msg_msg *msg); | 1693 | void security_msg_msg_free(struct msg_msg *msg); |
1627 | int security_msg_queue_alloc(struct msg_queue *msq); | 1694 | int security_msg_queue_alloc(struct msg_queue *msq); |
@@ -2022,6 +2089,11 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer, | |||
2022 | return 0; | 2089 | return 0; |
2023 | } | 2090 | } |
2024 | 2091 | ||
2092 | static inline void security_inode_getsecid(const struct inode *inode, u32 *secid) | ||
2093 | { | ||
2094 | *secid = 0; | ||
2095 | } | ||
2096 | |||
2025 | static inline int security_file_permission (struct file *file, int mask) | 2097 | static inline int security_file_permission (struct file *file, int mask) |
2026 | { | 2098 | { |
2027 | return 0; | 2099 | return 0; |
@@ -2137,7 +2209,9 @@ static inline int security_task_getsid (struct task_struct *p) | |||
2137 | } | 2209 | } |
2138 | 2210 | ||
2139 | static inline void security_task_getsecid (struct task_struct *p, u32 *secid) | 2211 | static inline void security_task_getsecid (struct task_struct *p, u32 *secid) |
2140 | { } | 2212 | { |
2213 | *secid = 0; | ||
2214 | } | ||
2141 | 2215 | ||
2142 | static inline int security_task_setgroups (struct group_info *group_info) | 2216 | static inline int security_task_setgroups (struct group_info *group_info) |
2143 | { | 2217 | { |
@@ -2216,6 +2290,11 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp, | |||
2216 | return 0; | 2290 | return 0; |
2217 | } | 2291 | } |
2218 | 2292 | ||
2293 | static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) | ||
2294 | { | ||
2295 | *secid = 0; | ||
2296 | } | ||
2297 | |||
2219 | static inline int security_msg_msg_alloc (struct msg_msg * msg) | 2298 | static inline int security_msg_msg_alloc (struct msg_msg * msg) |
2220 | { | 2299 | { |
2221 | return 0; | 2300 | return 0; |
@@ -2672,5 +2751,38 @@ static inline int security_key_permission(key_ref_t key_ref, | |||
2672 | #endif | 2751 | #endif |
2673 | #endif /* CONFIG_KEYS */ | 2752 | #endif /* CONFIG_KEYS */ |
2674 | 2753 | ||
2754 | #ifdef CONFIG_AUDIT | ||
2755 | #ifdef CONFIG_SECURITY | ||
2756 | int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); | ||
2757 | int security_audit_rule_known(struct audit_krule *krule); | ||
2758 | int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, | ||
2759 | struct audit_context *actx); | ||
2760 | void security_audit_rule_free(void *lsmrule); | ||
2761 | |||
2762 | #else | ||
2763 | |||
2764 | static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr, | ||
2765 | void **lsmrule) | ||
2766 | { | ||
2767 | return 0; | ||
2768 | } | ||
2769 | |||
2770 | static inline int security_audit_rule_known(struct audit_krule *krule) | ||
2771 | { | ||
2772 | return 0; | ||
2773 | } | ||
2774 | |||
2775 | static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, | ||
2776 | void *lsmrule, struct audit_context *actx) | ||
2777 | { | ||
2778 | return 0; | ||
2779 | } | ||
2780 | |||
2781 | static inline void security_audit_rule_free(void *lsmrule) | ||
2782 | { } | ||
2783 | |||
2784 | #endif /* CONFIG_SECURITY */ | ||
2785 | #endif /* CONFIG_AUDIT */ | ||
2786 | |||
2675 | #endif /* ! __LINUX_SECURITY_H */ | 2787 | #endif /* ! __LINUX_SECURITY_H */ |
2676 | 2788 | ||