aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/security.h
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2011-12-21 15:17:03 -0500
committerJames Morris <jmorris@namei.org>2012-02-09 17:14:51 -0500
commit1a2a4d06e1e95260c470ebe3a945f61bbe8c1fd8 (patch)
tree7167d158749a7acf2ce8bbe1ecd25234b654e813 /include/linux/security.h
parent9e3ff38647a316e4f92d59b14c8f0eb13b33bb2c (diff)
security: create task_free security callback
The current LSM interface to cred_free is not sufficient for allowing an LSM to track the life and death of a task. This patch adds the task_free hook so that an LSM can clean up resources on task death. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h9
1 files changed, 9 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 83c18e8c846d..8325eddd9ee4 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -651,6 +651,10 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
651 * manual page for definitions of the @clone_flags. 651 * manual page for definitions of the @clone_flags.
652 * @clone_flags contains the flags indicating what should be shared. 652 * @clone_flags contains the flags indicating what should be shared.
653 * Return 0 if permission is granted. 653 * Return 0 if permission is granted.
654 * @task_free:
655 * @task task being freed
656 * Handle release of task-related resources. (Note that this can be called
657 * from interrupt context.)
654 * @cred_alloc_blank: 658 * @cred_alloc_blank:
655 * @cred points to the credentials. 659 * @cred points to the credentials.
656 * @gfp indicates the atomicity of any memory allocations. 660 * @gfp indicates the atomicity of any memory allocations.
@@ -1493,6 +1497,7 @@ struct security_operations {
1493 int (*dentry_open) (struct file *file, const struct cred *cred); 1497 int (*dentry_open) (struct file *file, const struct cred *cred);
1494 1498
1495 int (*task_create) (unsigned long clone_flags); 1499 int (*task_create) (unsigned long clone_flags);
1500 void (*task_free) (struct task_struct *task);
1496 int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp); 1501 int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp);
1497 void (*cred_free) (struct cred *cred); 1502 void (*cred_free) (struct cred *cred);
1498 int (*cred_prepare)(struct cred *new, const struct cred *old, 1503 int (*cred_prepare)(struct cred *new, const struct cred *old,
@@ -1752,6 +1757,7 @@ int security_file_send_sigiotask(struct task_struct *tsk,
1752int security_file_receive(struct file *file); 1757int security_file_receive(struct file *file);
1753int security_dentry_open(struct file *file, const struct cred *cred); 1758int security_dentry_open(struct file *file, const struct cred *cred);
1754int security_task_create(unsigned long clone_flags); 1759int security_task_create(unsigned long clone_flags);
1760void security_task_free(struct task_struct *task);
1755int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); 1761int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
1756void security_cred_free(struct cred *cred); 1762void security_cred_free(struct cred *cred);
1757int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); 1763int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
@@ -2245,6 +2251,9 @@ static inline int security_task_create(unsigned long clone_flags)
2245 return 0; 2251 return 0;
2246} 2252}
2247 2253
2254static inline void security_task_free(struct task_struct *task)
2255{ }
2256
2248static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) 2257static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
2249{ 2258{
2250 return 0; 2259 return 0;
generated by cgit v1.2.2 (git 2.25.0) at 2024-09-19 21:24:02 -0400