diff options
| author | Steve French <sfrench@us.ibm.com> | 2008-05-06 13:55:32 -0400 |
|---|---|---|
| committer | Steve French <sfrench@us.ibm.com> | 2008-05-06 13:55:32 -0400 |
| commit | a815752ac0ffdb910e92958d41d28f4fb28e5296 (patch) | |
| tree | a3aa16a282354da0debe8e3a3a7ed8aac6e54001 /include/linux/security.h | |
| parent | 5ade9deaaa3e1f7291467d97b238648e43eae15e (diff) | |
| parent | a15306365a16380f3bafee9e181ba01231d4acd7 (diff) | |
Merge branch 'master' of /pub/scm/linux/kernel/git/torvalds/linux-2.6
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 69 |
1 files changed, 45 insertions, 24 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index d0a28fd1747a..50737c70e78e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -53,8 +53,9 @@ extern void cap_capset_set(struct task_struct *target, kernel_cap_t *effective, | |||
| 53 | extern int cap_bprm_set_security(struct linux_binprm *bprm); | 53 | extern int cap_bprm_set_security(struct linux_binprm *bprm); |
| 54 | extern void cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); | 54 | extern void cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); |
| 55 | extern int cap_bprm_secureexec(struct linux_binprm *bprm); | 55 | extern int cap_bprm_secureexec(struct linux_binprm *bprm); |
| 56 | extern int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags); | 56 | extern int cap_inode_setxattr(struct dentry *dentry, const char *name, |
| 57 | extern int cap_inode_removexattr(struct dentry *dentry, char *name); | 57 | const void *value, size_t size, int flags); |
| 58 | extern int cap_inode_removexattr(struct dentry *dentry, const char *name); | ||
| 58 | extern int cap_inode_need_killpriv(struct dentry *dentry); | 59 | extern int cap_inode_need_killpriv(struct dentry *dentry); |
| 59 | extern int cap_inode_killpriv(struct dentry *dentry); | 60 | extern int cap_inode_killpriv(struct dentry *dentry); |
| 60 | extern int cap_task_post_setuid(uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); | 61 | extern int cap_task_post_setuid(uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); |
| @@ -1008,6 +1009,17 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 1008 | * @perm describes the combination of permissions required of this key. | 1009 | * @perm describes the combination of permissions required of this key. |
| 1009 | * Return 1 if permission granted, 0 if permission denied and -ve it the | 1010 | * Return 1 if permission granted, 0 if permission denied and -ve it the |
| 1010 | * normal permissions model should be effected. | 1011 | * normal permissions model should be effected. |
| 1012 | * @key_getsecurity: | ||
| 1013 | * Get a textual representation of the security context attached to a key | ||
| 1014 | * for the purposes of honouring KEYCTL_GETSECURITY. This function | ||
| 1015 | * allocates the storage for the NUL-terminated string and the caller | ||
| 1016 | * should free it. | ||
| 1017 | * @key points to the key to be queried. | ||
| 1018 | * @_buffer points to a pointer that should be set to point to the | ||
| 1019 | * resulting string (if no label or an error occurs). | ||
| 1020 | * Return the length of the string (including terminating NUL) or -ve if | ||
| 1021 | * an error. | ||
| 1022 | * May also return 0 (and a NULL buffer pointer) if there is no label. | ||
| 1011 | * | 1023 | * |
| 1012 | * Security hooks affecting all System V IPC operations. | 1024 | * Security hooks affecting all System V IPC operations. |
| 1013 | * | 1025 | * |
| @@ -1362,13 +1374,13 @@ struct security_operations { | |||
| 1362 | int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); | 1374 | int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); |
| 1363 | int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); | 1375 | int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); |
| 1364 | void (*inode_delete) (struct inode *inode); | 1376 | void (*inode_delete) (struct inode *inode); |
| 1365 | int (*inode_setxattr) (struct dentry *dentry, char *name, void *value, | 1377 | int (*inode_setxattr) (struct dentry *dentry, const char *name, |
| 1366 | size_t size, int flags); | 1378 | const void *value, size_t size, int flags); |
| 1367 | void (*inode_post_setxattr) (struct dentry *dentry, char *name, void *value, | 1379 | void (*inode_post_setxattr) (struct dentry *dentry, const char *name, |
| 1368 | size_t size, int flags); | 1380 | const void *value, size_t size, int flags); |
| 1369 | int (*inode_getxattr) (struct dentry *dentry, char *name); | 1381 | int (*inode_getxattr) (struct dentry *dentry, const char *name); |
| 1370 | int (*inode_listxattr) (struct dentry *dentry); | 1382 | int (*inode_listxattr) (struct dentry *dentry); |
| 1371 | int (*inode_removexattr) (struct dentry *dentry, char *name); | 1383 | int (*inode_removexattr) (struct dentry *dentry, const char *name); |
| 1372 | int (*inode_need_killpriv) (struct dentry *dentry); | 1384 | int (*inode_need_killpriv) (struct dentry *dentry); |
| 1373 | int (*inode_killpriv) (struct dentry *dentry); | 1385 | int (*inode_killpriv) (struct dentry *dentry); |
| 1374 | int (*inode_getsecurity) (const struct inode *inode, const char *name, void **buffer, bool alloc); | 1386 | int (*inode_getsecurity) (const struct inode *inode, const char *name, void **buffer, bool alloc); |
| @@ -1469,7 +1481,7 @@ struct security_operations { | |||
| 1469 | int (*getprocattr) (struct task_struct *p, char *name, char **value); | 1481 | int (*getprocattr) (struct task_struct *p, char *name, char **value); |
| 1470 | int (*setprocattr) (struct task_struct *p, char *name, void *value, size_t size); | 1482 | int (*setprocattr) (struct task_struct *p, char *name, void *value, size_t size); |
| 1471 | int (*secid_to_secctx) (u32 secid, char **secdata, u32 *seclen); | 1483 | int (*secid_to_secctx) (u32 secid, char **secdata, u32 *seclen); |
| 1472 | int (*secctx_to_secid) (char *secdata, u32 seclen, u32 *secid); | 1484 | int (*secctx_to_secid) (const char *secdata, u32 seclen, u32 *secid); |
| 1473 | void (*release_secctx) (char *secdata, u32 seclen); | 1485 | void (*release_secctx) (char *secdata, u32 seclen); |
| 1474 | 1486 | ||
| 1475 | #ifdef CONFIG_SECURITY_NETWORK | 1487 | #ifdef CONFIG_SECURITY_NETWORK |
| @@ -1537,7 +1549,7 @@ struct security_operations { | |||
| 1537 | int (*key_permission) (key_ref_t key_ref, | 1549 | int (*key_permission) (key_ref_t key_ref, |
| 1538 | struct task_struct *context, | 1550 | struct task_struct *context, |
| 1539 | key_perm_t perm); | 1551 | key_perm_t perm); |
| 1540 | 1552 | int (*key_getsecurity)(struct key *key, char **_buffer); | |
| 1541 | #endif /* CONFIG_KEYS */ | 1553 | #endif /* CONFIG_KEYS */ |
| 1542 | 1554 | ||
| 1543 | #ifdef CONFIG_AUDIT | 1555 | #ifdef CONFIG_AUDIT |
| @@ -1633,13 +1645,13 @@ int security_inode_permission(struct inode *inode, int mask, struct nameidata *n | |||
| 1633 | int security_inode_setattr(struct dentry *dentry, struct iattr *attr); | 1645 | int security_inode_setattr(struct dentry *dentry, struct iattr *attr); |
| 1634 | int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); | 1646 | int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); |
| 1635 | void security_inode_delete(struct inode *inode); | 1647 | void security_inode_delete(struct inode *inode); |
| 1636 | int security_inode_setxattr(struct dentry *dentry, char *name, | 1648 | int security_inode_setxattr(struct dentry *dentry, const char *name, |
| 1637 | void *value, size_t size, int flags); | 1649 | const void *value, size_t size, int flags); |
| 1638 | void security_inode_post_setxattr(struct dentry *dentry, char *name, | 1650 | void security_inode_post_setxattr(struct dentry *dentry, const char *name, |
| 1639 | void *value, size_t size, int flags); | 1651 | const void *value, size_t size, int flags); |
| 1640 | int security_inode_getxattr(struct dentry *dentry, char *name); | 1652 | int security_inode_getxattr(struct dentry *dentry, const char *name); |
| 1641 | int security_inode_listxattr(struct dentry *dentry); | 1653 | int security_inode_listxattr(struct dentry *dentry); |
| 1642 | int security_inode_removexattr(struct dentry *dentry, char *name); | 1654 | int security_inode_removexattr(struct dentry *dentry, const char *name); |
| 1643 | int security_inode_need_killpriv(struct dentry *dentry); | 1655 | int security_inode_need_killpriv(struct dentry *dentry); |
| 1644 | int security_inode_killpriv(struct dentry *dentry); | 1656 | int security_inode_killpriv(struct dentry *dentry); |
| 1645 | int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc); | 1657 | int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc); |
| @@ -1718,7 +1730,7 @@ int security_setprocattr(struct task_struct *p, char *name, void *value, size_t | |||
| 1718 | int security_netlink_send(struct sock *sk, struct sk_buff *skb); | 1730 | int security_netlink_send(struct sock *sk, struct sk_buff *skb); |
| 1719 | int security_netlink_recv(struct sk_buff *skb, int cap); | 1731 | int security_netlink_recv(struct sk_buff *skb, int cap); |
| 1720 | int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); | 1732 | int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); |
| 1721 | int security_secctx_to_secid(char *secdata, u32 seclen, u32 *secid); | 1733 | int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); |
| 1722 | void security_release_secctx(char *secdata, u32 seclen); | 1734 | void security_release_secctx(char *secdata, u32 seclen); |
| 1723 | 1735 | ||
| 1724 | #else /* CONFIG_SECURITY */ | 1736 | #else /* CONFIG_SECURITY */ |
| @@ -2041,17 +2053,18 @@ static inline int security_inode_getattr(struct vfsmount *mnt, | |||
| 2041 | static inline void security_inode_delete(struct inode *inode) | 2053 | static inline void security_inode_delete(struct inode *inode) |
| 2042 | { } | 2054 | { } |
| 2043 | 2055 | ||
| 2044 | static inline int security_inode_setxattr(struct dentry *dentry, char *name, | 2056 | static inline int security_inode_setxattr(struct dentry *dentry, |
| 2045 | void *value, size_t size, int flags) | 2057 | const char *name, const void *value, size_t size, int flags) |
| 2046 | { | 2058 | { |
| 2047 | return cap_inode_setxattr(dentry, name, value, size, flags); | 2059 | return cap_inode_setxattr(dentry, name, value, size, flags); |
| 2048 | } | 2060 | } |
| 2049 | 2061 | ||
| 2050 | static inline void security_inode_post_setxattr(struct dentry *dentry, char *name, | 2062 | static inline void security_inode_post_setxattr(struct dentry *dentry, |
| 2051 | void *value, size_t size, int flags) | 2063 | const char *name, const void *value, size_t size, int flags) |
| 2052 | { } | 2064 | { } |
| 2053 | 2065 | ||
| 2054 | static inline int security_inode_getxattr(struct dentry *dentry, char *name) | 2066 | static inline int security_inode_getxattr(struct dentry *dentry, |
| 2067 | const char *name) | ||
| 2055 | { | 2068 | { |
| 2056 | return 0; | 2069 | return 0; |
| 2057 | } | 2070 | } |
| @@ -2061,7 +2074,8 @@ static inline int security_inode_listxattr(struct dentry *dentry) | |||
| 2061 | return 0; | 2074 | return 0; |
| 2062 | } | 2075 | } |
| 2063 | 2076 | ||
| 2064 | static inline int security_inode_removexattr(struct dentry *dentry, char *name) | 2077 | static inline int security_inode_removexattr(struct dentry *dentry, |
| 2078 | const char *name) | ||
| 2065 | { | 2079 | { |
| 2066 | return cap_inode_removexattr(dentry, name); | 2080 | return cap_inode_removexattr(dentry, name); |
| 2067 | } | 2081 | } |
| @@ -2435,7 +2449,7 @@ static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *secle | |||
| 2435 | return -EOPNOTSUPP; | 2449 | return -EOPNOTSUPP; |
| 2436 | } | 2450 | } |
| 2437 | 2451 | ||
| 2438 | static inline int security_secctx_to_secid(char *secdata, | 2452 | static inline int security_secctx_to_secid(const char *secdata, |
| 2439 | u32 seclen, | 2453 | u32 seclen, |
| 2440 | u32 *secid) | 2454 | u32 *secid) |
| 2441 | { | 2455 | { |
| @@ -2729,6 +2743,7 @@ int security_key_alloc(struct key *key, struct task_struct *tsk, unsigned long f | |||
| 2729 | void security_key_free(struct key *key); | 2743 | void security_key_free(struct key *key); |
| 2730 | int security_key_permission(key_ref_t key_ref, | 2744 | int security_key_permission(key_ref_t key_ref, |
| 2731 | struct task_struct *context, key_perm_t perm); | 2745 | struct task_struct *context, key_perm_t perm); |
| 2746 | int security_key_getsecurity(struct key *key, char **_buffer); | ||
| 2732 | 2747 | ||
| 2733 | #else | 2748 | #else |
| 2734 | 2749 | ||
| @@ -2750,6 +2765,12 @@ static inline int security_key_permission(key_ref_t key_ref, | |||
| 2750 | return 0; | 2765 | return 0; |
| 2751 | } | 2766 | } |
| 2752 | 2767 | ||
| 2768 | static inline int security_key_getsecurity(struct key *key, char **_buffer) | ||
| 2769 | { | ||
| 2770 | *_buffer = NULL; | ||
| 2771 | return 0; | ||
| 2772 | } | ||
| 2773 | |||
| 2753 | #endif | 2774 | #endif |
| 2754 | #endif /* CONFIG_KEYS */ | 2775 | #endif /* CONFIG_KEYS */ |
| 2755 | 2776 | ||