diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2010-03-02 17:47:24 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2010-03-02 17:47:24 -0500 |
| commit | 832d30ca72c0a59058e66e097f5ea11f99640819 (patch) | |
| tree | ab71581c4ad66b2a151298ed13c0eb2506fc8068 /include/linux/security.h | |
| parent | 3a5b27bf6f29574d667230c7e76e4b83fe3014e0 (diff) | |
| parent | b4ccebdd37ff70d349321a198f416ba737a5e833 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (38 commits)
SELinux: Make selinux_kernel_create_files_as() shouldn't just always return 0
TOMOYO: Protect find_task_by_vpid() with RCU.
Security: add static to security_ops and default_security_ops variable
selinux: libsepol: remove dead code in check_avtab_hierarchy_callback()
TOMOYO: Remove __func__ from tomoyo_is_correct_path/domain
security: fix a couple of sparse warnings
TOMOYO: Remove unneeded parameter.
TOMOYO: Use shorter names.
TOMOYO: Use enum for index numbers.
TOMOYO: Add garbage collector.
TOMOYO: Add refcounter on domain structure.
TOMOYO: Merge headers.
TOMOYO: Add refcounter on string data.
TOMOYO: Reduce lines by using common path for addition and deletion.
selinux: fix memory leak in sel_make_bools
TOMOYO: Extract bitfield
syslog: clean up needless comment
syslog: use defined constants instead of raw numbers
syslog: distinguish between /proc/kmsg and syscalls
selinux: allow MLS->non-MLS and vice versa upon policy reload
...
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 2c627d361c02..233d20b52c1b 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -76,7 +76,7 @@ extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | |||
| 76 | extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp); | 76 | extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp); |
| 77 | extern int cap_task_setioprio(struct task_struct *p, int ioprio); | 77 | extern int cap_task_setioprio(struct task_struct *p, int ioprio); |
| 78 | extern int cap_task_setnice(struct task_struct *p, int nice); | 78 | extern int cap_task_setnice(struct task_struct *p, int nice); |
| 79 | extern int cap_syslog(int type); | 79 | extern int cap_syslog(int type, bool from_file); |
| 80 | extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); | 80 | extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); |
| 81 | 81 | ||
| 82 | struct msghdr; | 82 | struct msghdr; |
| @@ -95,6 +95,8 @@ struct seq_file; | |||
| 95 | extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); | 95 | extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); |
| 96 | extern int cap_netlink_recv(struct sk_buff *skb, int cap); | 96 | extern int cap_netlink_recv(struct sk_buff *skb, int cap); |
| 97 | 97 | ||
| 98 | void reset_security_ops(void); | ||
| 99 | |||
| 98 | #ifdef CONFIG_MMU | 100 | #ifdef CONFIG_MMU |
| 99 | extern unsigned long mmap_min_addr; | 101 | extern unsigned long mmap_min_addr; |
| 100 | extern unsigned long dac_mmap_min_addr; | 102 | extern unsigned long dac_mmap_min_addr; |
| @@ -985,6 +987,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 985 | * Check permissions on incoming network packets. This hook is distinct | 987 | * Check permissions on incoming network packets. This hook is distinct |
| 986 | * from Netfilter's IP input hooks since it is the first time that the | 988 | * from Netfilter's IP input hooks since it is the first time that the |
| 987 | * incoming sk_buff @skb has been associated with a particular socket, @sk. | 989 | * incoming sk_buff @skb has been associated with a particular socket, @sk. |
| 990 | * Must not sleep inside this hook because some callers hold spinlocks. | ||
| 988 | * @sk contains the sock (not socket) associated with the incoming sk_buff. | 991 | * @sk contains the sock (not socket) associated with the incoming sk_buff. |
| 989 | * @skb contains the incoming network data. | 992 | * @skb contains the incoming network data. |
| 990 | * @socket_getpeersec_stream: | 993 | * @socket_getpeersec_stream: |
| @@ -1348,6 +1351,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 1348 | * logging to the console. | 1351 | * logging to the console. |
| 1349 | * See the syslog(2) manual page for an explanation of the @type values. | 1352 | * See the syslog(2) manual page for an explanation of the @type values. |
| 1350 | * @type contains the type of action. | 1353 | * @type contains the type of action. |
| 1354 | * @from_file indicates the context of action (if it came from /proc). | ||
| 1351 | * Return 0 if permission is granted. | 1355 | * Return 0 if permission is granted. |
| 1352 | * @settime: | 1356 | * @settime: |
| 1353 | * Check permission to change the system time. | 1357 | * Check permission to change the system time. |
| @@ -1462,7 +1466,7 @@ struct security_operations { | |||
| 1462 | int (*sysctl) (struct ctl_table *table, int op); | 1466 | int (*sysctl) (struct ctl_table *table, int op); |
| 1463 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); | 1467 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); |
| 1464 | int (*quota_on) (struct dentry *dentry); | 1468 | int (*quota_on) (struct dentry *dentry); |
| 1465 | int (*syslog) (int type); | 1469 | int (*syslog) (int type, bool from_file); |
| 1466 | int (*settime) (struct timespec *ts, struct timezone *tz); | 1470 | int (*settime) (struct timespec *ts, struct timezone *tz); |
| 1467 | int (*vm_enough_memory) (struct mm_struct *mm, long pages); | 1471 | int (*vm_enough_memory) (struct mm_struct *mm, long pages); |
| 1468 | 1472 | ||
| @@ -1761,7 +1765,7 @@ int security_acct(struct file *file); | |||
| 1761 | int security_sysctl(struct ctl_table *table, int op); | 1765 | int security_sysctl(struct ctl_table *table, int op); |
| 1762 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); | 1766 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); |
| 1763 | int security_quota_on(struct dentry *dentry); | 1767 | int security_quota_on(struct dentry *dentry); |
| 1764 | int security_syslog(int type); | 1768 | int security_syslog(int type, bool from_file); |
| 1765 | int security_settime(struct timespec *ts, struct timezone *tz); | 1769 | int security_settime(struct timespec *ts, struct timezone *tz); |
| 1766 | int security_vm_enough_memory(long pages); | 1770 | int security_vm_enough_memory(long pages); |
| 1767 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); | 1771 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); |
| @@ -2007,9 +2011,9 @@ static inline int security_quota_on(struct dentry *dentry) | |||
| 2007 | return 0; | 2011 | return 0; |
| 2008 | } | 2012 | } |
| 2009 | 2013 | ||
| 2010 | static inline int security_syslog(int type) | 2014 | static inline int security_syslog(int type, bool from_file) |
| 2011 | { | 2015 | { |
| 2012 | return cap_syslog(type); | 2016 | return cap_syslog(type, from_file); |
| 2013 | } | 2017 | } |
| 2014 | 2018 | ||
| 2015 | static inline int security_settime(struct timespec *ts, struct timezone *tz) | 2019 | static inline int security_settime(struct timespec *ts, struct timezone *tz) |