diff options
author | Rafael J. Wysocki <rjw@sisk.pl> | 2009-09-14 14:26:05 -0400 |
---|---|---|
committer | Rafael J. Wysocki <rjw@sisk.pl> | 2009-09-14 14:26:05 -0400 |
commit | ac8d513a6801c8636922ccf4f30211810c9a56ce (patch) | |
tree | 83ba584487a6a612c8fcf2563c28c0263df35ba2 /include/linux/security.h | |
parent | bf992fa2bc1ad1bb2aeb0bdfadb43f236b9297fd (diff) | |
parent | 99bc47067910f7070e65ee318a6dd79a2371f1e5 (diff) |
Merge branch 'master' into for-linus
Diffstat (limited to 'include/linux/security.h')
-rw-r--r-- | include/linux/security.h | 154 |
1 files changed, 147 insertions, 7 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 1f16eea2017b..d050b66ab9ef 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -53,7 +53,7 @@ struct audit_krule; | |||
53 | extern int cap_capable(struct task_struct *tsk, const struct cred *cred, | 53 | extern int cap_capable(struct task_struct *tsk, const struct cred *cred, |
54 | int cap, int audit); | 54 | int cap, int audit); |
55 | extern int cap_settime(struct timespec *ts, struct timezone *tz); | 55 | extern int cap_settime(struct timespec *ts, struct timezone *tz); |
56 | extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); | 56 | extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); |
57 | extern int cap_ptrace_traceme(struct task_struct *parent); | 57 | extern int cap_ptrace_traceme(struct task_struct *parent); |
58 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 58 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); |
59 | extern int cap_capset(struct cred *new, const struct cred *old, | 59 | extern int cap_capset(struct cred *new, const struct cred *old, |
@@ -653,6 +653,11 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
653 | * manual page for definitions of the @clone_flags. | 653 | * manual page for definitions of the @clone_flags. |
654 | * @clone_flags contains the flags indicating what should be shared. | 654 | * @clone_flags contains the flags indicating what should be shared. |
655 | * Return 0 if permission is granted. | 655 | * Return 0 if permission is granted. |
656 | * @cred_alloc_blank: | ||
657 | * @cred points to the credentials. | ||
658 | * @gfp indicates the atomicity of any memory allocations. | ||
659 | * Only allocate sufficient memory and attach to @cred such that | ||
660 | * cred_transfer() will not get ENOMEM. | ||
656 | * @cred_free: | 661 | * @cred_free: |
657 | * @cred points to the credentials. | 662 | * @cred points to the credentials. |
658 | * Deallocate and clear the cred->security field in a set of credentials. | 663 | * Deallocate and clear the cred->security field in a set of credentials. |
@@ -665,6 +670,10 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
665 | * @new points to the new credentials. | 670 | * @new points to the new credentials. |
666 | * @old points to the original credentials. | 671 | * @old points to the original credentials. |
667 | * Install a new set of credentials. | 672 | * Install a new set of credentials. |
673 | * @cred_transfer: | ||
674 | * @new points to the new credentials. | ||
675 | * @old points to the original credentials. | ||
676 | * Transfer data from original creds to new creds | ||
668 | * @kernel_act_as: | 677 | * @kernel_act_as: |
669 | * Set the credentials for a kernel service to act as (subjective context). | 678 | * Set the credentials for a kernel service to act as (subjective context). |
670 | * @new points to the credentials to be modified. | 679 | * @new points to the credentials to be modified. |
@@ -678,6 +687,10 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
678 | * @inode points to the inode to use as a reference. | 687 | * @inode points to the inode to use as a reference. |
679 | * The current task must be the one that nominated @inode. | 688 | * The current task must be the one that nominated @inode. |
680 | * Return 0 if successful. | 689 | * Return 0 if successful. |
690 | * @kernel_module_request: | ||
691 | * Ability to trigger the kernel to automatically upcall to userspace for | ||
692 | * userspace to load a kernel module with the given name. | ||
693 | * Return 0 if successful. | ||
681 | * @task_setuid: | 694 | * @task_setuid: |
682 | * Check permission before setting one or more of the user identity | 695 | * Check permission before setting one or more of the user identity |
683 | * attributes of the current process. The @flags parameter indicates | 696 | * attributes of the current process. The @flags parameter indicates |
@@ -994,6 +1007,17 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
994 | * Sets the connection's peersid to the secmark on skb. | 1007 | * Sets the connection's peersid to the secmark on skb. |
995 | * @req_classify_flow: | 1008 | * @req_classify_flow: |
996 | * Sets the flow's sid to the openreq sid. | 1009 | * Sets the flow's sid to the openreq sid. |
1010 | * @tun_dev_create: | ||
1011 | * Check permissions prior to creating a new TUN device. | ||
1012 | * @tun_dev_post_create: | ||
1013 | * This hook allows a module to update or allocate a per-socket security | ||
1014 | * structure. | ||
1015 | * @sk contains the newly created sock structure. | ||
1016 | * @tun_dev_attach: | ||
1017 | * Check permissions prior to attaching to a persistent TUN device. This | ||
1018 | * hook can also be used by the module to update any security state | ||
1019 | * associated with the TUN device's sock structure. | ||
1020 | * @sk contains the existing sock structure. | ||
997 | * | 1021 | * |
998 | * Security hooks for XFRM operations. | 1022 | * Security hooks for XFRM operations. |
999 | * | 1023 | * |
@@ -1088,6 +1112,13 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1088 | * Return the length of the string (including terminating NUL) or -ve if | 1112 | * Return the length of the string (including terminating NUL) or -ve if |
1089 | * an error. | 1113 | * an error. |
1090 | * May also return 0 (and a NULL buffer pointer) if there is no label. | 1114 | * May also return 0 (and a NULL buffer pointer) if there is no label. |
1115 | * @key_session_to_parent: | ||
1116 | * Forcibly assign the session keyring from a process to its parent | ||
1117 | * process. | ||
1118 | * @cred: Pointer to process's credentials | ||
1119 | * @parent_cred: Pointer to parent process's credentials | ||
1120 | * @keyring: Proposed new session keyring | ||
1121 | * Return 0 if permission is granted, -ve error otherwise. | ||
1091 | * | 1122 | * |
1092 | * Security hooks affecting all System V IPC operations. | 1123 | * Security hooks affecting all System V IPC operations. |
1093 | * | 1124 | * |
@@ -1229,7 +1260,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1229 | * @alter contains the flag indicating whether changes are to be made. | 1260 | * @alter contains the flag indicating whether changes are to be made. |
1230 | * Return 0 if permission is granted. | 1261 | * Return 0 if permission is granted. |
1231 | * | 1262 | * |
1232 | * @ptrace_may_access: | 1263 | * @ptrace_access_check: |
1233 | * Check permission before allowing the current process to trace the | 1264 | * Check permission before allowing the current process to trace the |
1234 | * @child process. | 1265 | * @child process. |
1235 | * Security modules may also want to perform a process tracing check | 1266 | * Security modules may also want to perform a process tracing check |
@@ -1244,7 +1275,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1244 | * Check that the @parent process has sufficient permission to trace the | 1275 | * Check that the @parent process has sufficient permission to trace the |
1245 | * current process before allowing the current process to present itself | 1276 | * current process before allowing the current process to present itself |
1246 | * to the @parent process for tracing. | 1277 | * to the @parent process for tracing. |
1247 | * The parent process will still have to undergo the ptrace_may_access | 1278 | * The parent process will still have to undergo the ptrace_access_check |
1248 | * checks before it is allowed to trace this one. | 1279 | * checks before it is allowed to trace this one. |
1249 | * @parent contains the task_struct structure for debugger process. | 1280 | * @parent contains the task_struct structure for debugger process. |
1250 | * Return 0 if permission is granted. | 1281 | * Return 0 if permission is granted. |
@@ -1351,12 +1382,47 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1351 | * audit_rule_init. | 1382 | * audit_rule_init. |
1352 | * @rule contains the allocated rule | 1383 | * @rule contains the allocated rule |
1353 | * | 1384 | * |
1385 | * @inode_notifysecctx: | ||
1386 | * Notify the security module of what the security context of an inode | ||
1387 | * should be. Initializes the incore security context managed by the | ||
1388 | * security module for this inode. Example usage: NFS client invokes | ||
1389 | * this hook to initialize the security context in its incore inode to the | ||
1390 | * value provided by the server for the file when the server returned the | ||
1391 | * file's attributes to the client. | ||
1392 | * | ||
1393 | * Must be called with inode->i_mutex locked. | ||
1394 | * | ||
1395 | * @inode we wish to set the security context of. | ||
1396 | * @ctx contains the string which we wish to set in the inode. | ||
1397 | * @ctxlen contains the length of @ctx. | ||
1398 | * | ||
1399 | * @inode_setsecctx: | ||
1400 | * Change the security context of an inode. Updates the | ||
1401 | * incore security context managed by the security module and invokes the | ||
1402 | * fs code as needed (via __vfs_setxattr_noperm) to update any backing | ||
1403 | * xattrs that represent the context. Example usage: NFS server invokes | ||
1404 | * this hook to change the security context in its incore inode and on the | ||
1405 | * backing filesystem to a value provided by the client on a SETATTR | ||
1406 | * operation. | ||
1407 | * | ||
1408 | * Must be called with inode->i_mutex locked. | ||
1409 | * | ||
1410 | * @dentry contains the inode we wish to set the security context of. | ||
1411 | * @ctx contains the string which we wish to set in the inode. | ||
1412 | * @ctxlen contains the length of @ctx. | ||
1413 | * | ||
1414 | * @inode_getsecctx: | ||
1415 | * Returns a string containing all relavent security context information | ||
1416 | * | ||
1417 | * @inode we wish to set the security context of. | ||
1418 | * @ctx is a pointer in which to place the allocated security context. | ||
1419 | * @ctxlen points to the place to put the length of @ctx. | ||
1354 | * This is the main security structure. | 1420 | * This is the main security structure. |
1355 | */ | 1421 | */ |
1356 | struct security_operations { | 1422 | struct security_operations { |
1357 | char name[SECURITY_NAME_MAX + 1]; | 1423 | char name[SECURITY_NAME_MAX + 1]; |
1358 | 1424 | ||
1359 | int (*ptrace_may_access) (struct task_struct *child, unsigned int mode); | 1425 | int (*ptrace_access_check) (struct task_struct *child, unsigned int mode); |
1360 | int (*ptrace_traceme) (struct task_struct *parent); | 1426 | int (*ptrace_traceme) (struct task_struct *parent); |
1361 | int (*capget) (struct task_struct *target, | 1427 | int (*capget) (struct task_struct *target, |
1362 | kernel_cap_t *effective, | 1428 | kernel_cap_t *effective, |
@@ -1483,12 +1549,15 @@ struct security_operations { | |||
1483 | int (*dentry_open) (struct file *file, const struct cred *cred); | 1549 | int (*dentry_open) (struct file *file, const struct cred *cred); |
1484 | 1550 | ||
1485 | int (*task_create) (unsigned long clone_flags); | 1551 | int (*task_create) (unsigned long clone_flags); |
1552 | int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp); | ||
1486 | void (*cred_free) (struct cred *cred); | 1553 | void (*cred_free) (struct cred *cred); |
1487 | int (*cred_prepare)(struct cred *new, const struct cred *old, | 1554 | int (*cred_prepare)(struct cred *new, const struct cred *old, |
1488 | gfp_t gfp); | 1555 | gfp_t gfp); |
1489 | void (*cred_commit)(struct cred *new, const struct cred *old); | 1556 | void (*cred_commit)(struct cred *new, const struct cred *old); |
1557 | void (*cred_transfer)(struct cred *new, const struct cred *old); | ||
1490 | int (*kernel_act_as)(struct cred *new, u32 secid); | 1558 | int (*kernel_act_as)(struct cred *new, u32 secid); |
1491 | int (*kernel_create_files_as)(struct cred *new, struct inode *inode); | 1559 | int (*kernel_create_files_as)(struct cred *new, struct inode *inode); |
1560 | int (*kernel_module_request)(void); | ||
1492 | int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); | 1561 | int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); |
1493 | int (*task_fix_setuid) (struct cred *new, const struct cred *old, | 1562 | int (*task_fix_setuid) (struct cred *new, const struct cred *old, |
1494 | int flags); | 1563 | int flags); |
@@ -1556,6 +1625,10 @@ struct security_operations { | |||
1556 | int (*secctx_to_secid) (const char *secdata, u32 seclen, u32 *secid); | 1625 | int (*secctx_to_secid) (const char *secdata, u32 seclen, u32 *secid); |
1557 | void (*release_secctx) (char *secdata, u32 seclen); | 1626 | void (*release_secctx) (char *secdata, u32 seclen); |
1558 | 1627 | ||
1628 | int (*inode_notifysecctx)(struct inode *inode, void *ctx, u32 ctxlen); | ||
1629 | int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen); | ||
1630 | int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen); | ||
1631 | |||
1559 | #ifdef CONFIG_SECURITY_NETWORK | 1632 | #ifdef CONFIG_SECURITY_NETWORK |
1560 | int (*unix_stream_connect) (struct socket *sock, | 1633 | int (*unix_stream_connect) (struct socket *sock, |
1561 | struct socket *other, struct sock *newsk); | 1634 | struct socket *other, struct sock *newsk); |
@@ -1592,6 +1665,9 @@ struct security_operations { | |||
1592 | void (*inet_csk_clone) (struct sock *newsk, const struct request_sock *req); | 1665 | void (*inet_csk_clone) (struct sock *newsk, const struct request_sock *req); |
1593 | void (*inet_conn_established) (struct sock *sk, struct sk_buff *skb); | 1666 | void (*inet_conn_established) (struct sock *sk, struct sk_buff *skb); |
1594 | void (*req_classify_flow) (const struct request_sock *req, struct flowi *fl); | 1667 | void (*req_classify_flow) (const struct request_sock *req, struct flowi *fl); |
1668 | int (*tun_dev_create)(void); | ||
1669 | void (*tun_dev_post_create)(struct sock *sk); | ||
1670 | int (*tun_dev_attach)(struct sock *sk); | ||
1595 | #endif /* CONFIG_SECURITY_NETWORK */ | 1671 | #endif /* CONFIG_SECURITY_NETWORK */ |
1596 | 1672 | ||
1597 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 1673 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
@@ -1620,6 +1696,9 @@ struct security_operations { | |||
1620 | const struct cred *cred, | 1696 | const struct cred *cred, |
1621 | key_perm_t perm); | 1697 | key_perm_t perm); |
1622 | int (*key_getsecurity)(struct key *key, char **_buffer); | 1698 | int (*key_getsecurity)(struct key *key, char **_buffer); |
1699 | int (*key_session_to_parent)(const struct cred *cred, | ||
1700 | const struct cred *parent_cred, | ||
1701 | struct key *key); | ||
1623 | #endif /* CONFIG_KEYS */ | 1702 | #endif /* CONFIG_KEYS */ |
1624 | 1703 | ||
1625 | #ifdef CONFIG_AUDIT | 1704 | #ifdef CONFIG_AUDIT |
@@ -1637,7 +1716,7 @@ extern int security_module_enable(struct security_operations *ops); | |||
1637 | extern int register_security(struct security_operations *ops); | 1716 | extern int register_security(struct security_operations *ops); |
1638 | 1717 | ||
1639 | /* Security operations */ | 1718 | /* Security operations */ |
1640 | int security_ptrace_may_access(struct task_struct *child, unsigned int mode); | 1719 | int security_ptrace_access_check(struct task_struct *child, unsigned int mode); |
1641 | int security_ptrace_traceme(struct task_struct *parent); | 1720 | int security_ptrace_traceme(struct task_struct *parent); |
1642 | int security_capget(struct task_struct *target, | 1721 | int security_capget(struct task_struct *target, |
1643 | kernel_cap_t *effective, | 1722 | kernel_cap_t *effective, |
@@ -1736,11 +1815,14 @@ int security_file_send_sigiotask(struct task_struct *tsk, | |||
1736 | int security_file_receive(struct file *file); | 1815 | int security_file_receive(struct file *file); |
1737 | int security_dentry_open(struct file *file, const struct cred *cred); | 1816 | int security_dentry_open(struct file *file, const struct cred *cred); |
1738 | int security_task_create(unsigned long clone_flags); | 1817 | int security_task_create(unsigned long clone_flags); |
1818 | int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); | ||
1739 | void security_cred_free(struct cred *cred); | 1819 | void security_cred_free(struct cred *cred); |
1740 | int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); | 1820 | int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); |
1741 | void security_commit_creds(struct cred *new, const struct cred *old); | 1821 | void security_commit_creds(struct cred *new, const struct cred *old); |
1822 | void security_transfer_creds(struct cred *new, const struct cred *old); | ||
1742 | int security_kernel_act_as(struct cred *new, u32 secid); | 1823 | int security_kernel_act_as(struct cred *new, u32 secid); |
1743 | int security_kernel_create_files_as(struct cred *new, struct inode *inode); | 1824 | int security_kernel_create_files_as(struct cred *new, struct inode *inode); |
1825 | int security_kernel_module_request(void); | ||
1744 | int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); | 1826 | int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); |
1745 | int security_task_fix_setuid(struct cred *new, const struct cred *old, | 1827 | int security_task_fix_setuid(struct cred *new, const struct cred *old, |
1746 | int flags); | 1828 | int flags); |
@@ -1796,6 +1878,9 @@ int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); | |||
1796 | int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); | 1878 | int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); |
1797 | void security_release_secctx(char *secdata, u32 seclen); | 1879 | void security_release_secctx(char *secdata, u32 seclen); |
1798 | 1880 | ||
1881 | int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); | ||
1882 | int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); | ||
1883 | int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); | ||
1799 | #else /* CONFIG_SECURITY */ | 1884 | #else /* CONFIG_SECURITY */ |
1800 | struct security_mnt_opts { | 1885 | struct security_mnt_opts { |
1801 | }; | 1886 | }; |
@@ -1818,10 +1903,10 @@ static inline int security_init(void) | |||
1818 | return 0; | 1903 | return 0; |
1819 | } | 1904 | } |
1820 | 1905 | ||
1821 | static inline int security_ptrace_may_access(struct task_struct *child, | 1906 | static inline int security_ptrace_access_check(struct task_struct *child, |
1822 | unsigned int mode) | 1907 | unsigned int mode) |
1823 | { | 1908 | { |
1824 | return cap_ptrace_may_access(child, mode); | 1909 | return cap_ptrace_access_check(child, mode); |
1825 | } | 1910 | } |
1826 | 1911 | ||
1827 | static inline int security_ptrace_traceme(struct task_struct *parent) | 1912 | static inline int security_ptrace_traceme(struct task_struct *parent) |
@@ -2266,6 +2351,11 @@ static inline int security_task_create(unsigned long clone_flags) | |||
2266 | return 0; | 2351 | return 0; |
2267 | } | 2352 | } |
2268 | 2353 | ||
2354 | static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) | ||
2355 | { | ||
2356 | return 0; | ||
2357 | } | ||
2358 | |||
2269 | static inline void security_cred_free(struct cred *cred) | 2359 | static inline void security_cred_free(struct cred *cred) |
2270 | { } | 2360 | { } |
2271 | 2361 | ||
@@ -2281,6 +2371,11 @@ static inline void security_commit_creds(struct cred *new, | |||
2281 | { | 2371 | { |
2282 | } | 2372 | } |
2283 | 2373 | ||
2374 | static inline void security_transfer_creds(struct cred *new, | ||
2375 | const struct cred *old) | ||
2376 | { | ||
2377 | } | ||
2378 | |||
2284 | static inline int security_kernel_act_as(struct cred *cred, u32 secid) | 2379 | static inline int security_kernel_act_as(struct cred *cred, u32 secid) |
2285 | { | 2380 | { |
2286 | return 0; | 2381 | return 0; |
@@ -2292,6 +2387,11 @@ static inline int security_kernel_create_files_as(struct cred *cred, | |||
2292 | return 0; | 2387 | return 0; |
2293 | } | 2388 | } |
2294 | 2389 | ||
2390 | static inline int security_kernel_module_request(void) | ||
2391 | { | ||
2392 | return 0; | ||
2393 | } | ||
2394 | |||
2295 | static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, | 2395 | static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, |
2296 | int flags) | 2396 | int flags) |
2297 | { | 2397 | { |
@@ -2537,6 +2637,19 @@ static inline int security_secctx_to_secid(const char *secdata, | |||
2537 | static inline void security_release_secctx(char *secdata, u32 seclen) | 2637 | static inline void security_release_secctx(char *secdata, u32 seclen) |
2538 | { | 2638 | { |
2539 | } | 2639 | } |
2640 | |||
2641 | static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) | ||
2642 | { | ||
2643 | return -EOPNOTSUPP; | ||
2644 | } | ||
2645 | static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) | ||
2646 | { | ||
2647 | return -EOPNOTSUPP; | ||
2648 | } | ||
2649 | static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) | ||
2650 | { | ||
2651 | return -EOPNOTSUPP; | ||
2652 | } | ||
2540 | #endif /* CONFIG_SECURITY */ | 2653 | #endif /* CONFIG_SECURITY */ |
2541 | 2654 | ||
2542 | #ifdef CONFIG_SECURITY_NETWORK | 2655 | #ifdef CONFIG_SECURITY_NETWORK |
@@ -2575,6 +2688,9 @@ void security_inet_csk_clone(struct sock *newsk, | |||
2575 | const struct request_sock *req); | 2688 | const struct request_sock *req); |
2576 | void security_inet_conn_established(struct sock *sk, | 2689 | void security_inet_conn_established(struct sock *sk, |
2577 | struct sk_buff *skb); | 2690 | struct sk_buff *skb); |
2691 | int security_tun_dev_create(void); | ||
2692 | void security_tun_dev_post_create(struct sock *sk); | ||
2693 | int security_tun_dev_attach(struct sock *sk); | ||
2578 | 2694 | ||
2579 | #else /* CONFIG_SECURITY_NETWORK */ | 2695 | #else /* CONFIG_SECURITY_NETWORK */ |
2580 | static inline int security_unix_stream_connect(struct socket *sock, | 2696 | static inline int security_unix_stream_connect(struct socket *sock, |
@@ -2725,6 +2841,20 @@ static inline void security_inet_conn_established(struct sock *sk, | |||
2725 | struct sk_buff *skb) | 2841 | struct sk_buff *skb) |
2726 | { | 2842 | { |
2727 | } | 2843 | } |
2844 | |||
2845 | static inline int security_tun_dev_create(void) | ||
2846 | { | ||
2847 | return 0; | ||
2848 | } | ||
2849 | |||
2850 | static inline void security_tun_dev_post_create(struct sock *sk) | ||
2851 | { | ||
2852 | } | ||
2853 | |||
2854 | static inline int security_tun_dev_attach(struct sock *sk) | ||
2855 | { | ||
2856 | return 0; | ||
2857 | } | ||
2728 | #endif /* CONFIG_SECURITY_NETWORK */ | 2858 | #endif /* CONFIG_SECURITY_NETWORK */ |
2729 | 2859 | ||
2730 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 2860 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
@@ -2881,6 +3011,9 @@ void security_key_free(struct key *key); | |||
2881 | int security_key_permission(key_ref_t key_ref, | 3011 | int security_key_permission(key_ref_t key_ref, |
2882 | const struct cred *cred, key_perm_t perm); | 3012 | const struct cred *cred, key_perm_t perm); |
2883 | int security_key_getsecurity(struct key *key, char **_buffer); | 3013 | int security_key_getsecurity(struct key *key, char **_buffer); |
3014 | int security_key_session_to_parent(const struct cred *cred, | ||
3015 | const struct cred *parent_cred, | ||
3016 | struct key *key); | ||
2884 | 3017 | ||
2885 | #else | 3018 | #else |
2886 | 3019 | ||
@@ -2908,6 +3041,13 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) | |||
2908 | return 0; | 3041 | return 0; |
2909 | } | 3042 | } |
2910 | 3043 | ||
3044 | static inline int security_key_session_to_parent(const struct cred *cred, | ||
3045 | const struct cred *parent_cred, | ||
3046 | struct key *key) | ||
3047 | { | ||
3048 | return 0; | ||
3049 | } | ||
3050 | |||
2911 | #endif | 3051 | #endif |
2912 | #endif /* CONFIG_KEYS */ | 3052 | #endif /* CONFIG_KEYS */ |
2913 | 3053 | ||