diff options
| author | Linus Torvalds <torvalds@g5.osdl.org> | 2006-03-25 12:24:53 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-03-25 12:24:53 -0500 |
| commit | 1b9a3917366028cc451a98dd22e3bcd537d4e5c1 (patch) | |
| tree | d911058720e0a9aeeaf9f407ccdc6fbf4047f47d /include/linux/security.h | |
| parent | 3661f00e2097676847deb01add1a0918044bd816 (diff) | |
| parent | 71e1c784b24a026a490b3de01541fc5ee14ebc09 (diff) | |
Merge branch 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: (22 commits)
[PATCH] fix audit_init failure path
[PATCH] EXPORT_SYMBOL patch for audit_log, audit_log_start, audit_log_end and audit_format
[PATCH] sem2mutex: audit_netlink_sem
[PATCH] simplify audit_free() locking
[PATCH] Fix audit operators
[PATCH] promiscuous mode
[PATCH] Add tty to syscall audit records
[PATCH] add/remove rule update
[PATCH] audit string fields interface + consumer
[PATCH] SE Linux audit events
[PATCH] Minor cosmetic cleanups to the code moved into auditfilter.c
[PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL
[PATCH] Fix IA64 success/failure indication in syscall auditing.
[PATCH] Miscellaneous bug and warning fixes
[PATCH] Capture selinux subject/object context information.
[PATCH] Exclude messages by message type
[PATCH] Collect more inode information during syscall processing.
[PATCH] Pass dentry, not just name, in fsnotify creation hooks.
[PATCH] Define new range of userspace messages.
[PATCH] Filter rule comparators
...
Fixed trivial conflict in security/selinux/hooks.c
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 3c19be35124b..aaa0a5cdbf75 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -869,6 +869,11 @@ struct swap_info_struct; | |||
| 869 | * @ipcp contains the kernel IPC permission structure | 869 | * @ipcp contains the kernel IPC permission structure |
| 870 | * @flag contains the desired (requested) permission set | 870 | * @flag contains the desired (requested) permission set |
| 871 | * Return 0 if permission is granted. | 871 | * Return 0 if permission is granted. |
| 872 | * @ipc_getsecurity: | ||
| 873 | * Copy the security label associated with the ipc object into | ||
| 874 | * @buffer. @buffer may be NULL to request the size of the buffer | ||
| 875 | * required. @size indicates the size of @buffer in bytes. Return | ||
| 876 | * number of bytes used/required on success. | ||
| 872 | * | 877 | * |
| 873 | * Security hooks for individual messages held in System V IPC message queues | 878 | * Security hooks for individual messages held in System V IPC message queues |
| 874 | * @msg_msg_alloc_security: | 879 | * @msg_msg_alloc_security: |
| @@ -1168,7 +1173,8 @@ struct security_operations { | |||
| 1168 | int (*inode_getxattr) (struct dentry *dentry, char *name); | 1173 | int (*inode_getxattr) (struct dentry *dentry, char *name); |
| 1169 | int (*inode_listxattr) (struct dentry *dentry); | 1174 | int (*inode_listxattr) (struct dentry *dentry); |
| 1170 | int (*inode_removexattr) (struct dentry *dentry, char *name); | 1175 | int (*inode_removexattr) (struct dentry *dentry, char *name); |
| 1171 | int (*inode_getsecurity)(struct inode *inode, const char *name, void *buffer, size_t size, int err); | 1176 | const char *(*inode_xattr_getsuffix) (void); |
| 1177 | int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err); | ||
| 1172 | int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); | 1178 | int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); |
| 1173 | int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); | 1179 | int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); |
| 1174 | 1180 | ||
| @@ -1217,6 +1223,7 @@ struct security_operations { | |||
| 1217 | void (*task_to_inode)(struct task_struct *p, struct inode *inode); | 1223 | void (*task_to_inode)(struct task_struct *p, struct inode *inode); |
| 1218 | 1224 | ||
| 1219 | int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); | 1225 | int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); |
| 1226 | int (*ipc_getsecurity)(struct kern_ipc_perm *ipcp, void *buffer, size_t size); | ||
| 1220 | 1227 | ||
| 1221 | int (*msg_msg_alloc_security) (struct msg_msg * msg); | 1228 | int (*msg_msg_alloc_security) (struct msg_msg * msg); |
| 1222 | void (*msg_msg_free_security) (struct msg_msg * msg); | 1229 | void (*msg_msg_free_security) (struct msg_msg * msg); |
| @@ -1680,7 +1687,12 @@ static inline int security_inode_removexattr (struct dentry *dentry, char *name) | |||
| 1680 | return security_ops->inode_removexattr (dentry, name); | 1687 | return security_ops->inode_removexattr (dentry, name); |
| 1681 | } | 1688 | } |
| 1682 | 1689 | ||
| 1683 | static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) | 1690 | static inline const char *security_inode_xattr_getsuffix(void) |
| 1691 | { | ||
| 1692 | return security_ops->inode_xattr_getsuffix(); | ||
| 1693 | } | ||
| 1694 | |||
| 1695 | static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) | ||
| 1684 | { | 1696 | { |
| 1685 | if (unlikely (IS_PRIVATE (inode))) | 1697 | if (unlikely (IS_PRIVATE (inode))) |
| 1686 | return 0; | 1698 | return 0; |
| @@ -1875,6 +1887,11 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp, | |||
| 1875 | return security_ops->ipc_permission (ipcp, flag); | 1887 | return security_ops->ipc_permission (ipcp, flag); |
| 1876 | } | 1888 | } |
| 1877 | 1889 | ||
| 1890 | static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size) | ||
| 1891 | { | ||
| 1892 | return security_ops->ipc_getsecurity(ipcp, buffer, size); | ||
| 1893 | } | ||
| 1894 | |||
| 1878 | static inline int security_msg_msg_alloc (struct msg_msg * msg) | 1895 | static inline int security_msg_msg_alloc (struct msg_msg * msg) |
| 1879 | { | 1896 | { |
| 1880 | return security_ops->msg_msg_alloc_security (msg); | 1897 | return security_ops->msg_msg_alloc_security (msg); |
| @@ -2327,7 +2344,12 @@ static inline int security_inode_removexattr (struct dentry *dentry, char *name) | |||
| 2327 | return cap_inode_removexattr(dentry, name); | 2344 | return cap_inode_removexattr(dentry, name); |
| 2328 | } | 2345 | } |
| 2329 | 2346 | ||
| 2330 | static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) | 2347 | static inline const char *security_inode_xattr_getsuffix (void) |
| 2348 | { | ||
| 2349 | return NULL ; | ||
| 2350 | } | ||
| 2351 | |||
| 2352 | static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) | ||
| 2331 | { | 2353 | { |
| 2332 | return -EOPNOTSUPP; | 2354 | return -EOPNOTSUPP; |
| 2333 | } | 2355 | } |
| @@ -2510,6 +2532,11 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp, | |||
| 2510 | return 0; | 2532 | return 0; |
| 2511 | } | 2533 | } |
| 2512 | 2534 | ||
| 2535 | static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size) | ||
| 2536 | { | ||
| 2537 | return -EOPNOTSUPP; | ||
| 2538 | } | ||
| 2539 | |||
| 2513 | static inline int security_msg_msg_alloc (struct msg_msg * msg) | 2540 | static inline int security_msg_msg_alloc (struct msg_msg * msg) |
| 2514 | { | 2541 | { |
| 2515 | return 0; | 2542 | return 0; |