aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@g5.osdl.org>2006-03-25 12:24:53 -0500
committerLinus Torvalds <torvalds@g5.osdl.org>2006-03-25 12:24:53 -0500
commit1b9a3917366028cc451a98dd22e3bcd537d4e5c1 (patch)
treed911058720e0a9aeeaf9f407ccdc6fbf4047f47d /include/linux
parent3661f00e2097676847deb01add1a0918044bd816 (diff)
parent71e1c784b24a026a490b3de01541fc5ee14ebc09 (diff)
Merge branch 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: (22 commits) [PATCH] fix audit_init failure path [PATCH] EXPORT_SYMBOL patch for audit_log, audit_log_start, audit_log_end and audit_format [PATCH] sem2mutex: audit_netlink_sem [PATCH] simplify audit_free() locking [PATCH] Fix audit operators [PATCH] promiscuous mode [PATCH] Add tty to syscall audit records [PATCH] add/remove rule update [PATCH] audit string fields interface + consumer [PATCH] SE Linux audit events [PATCH] Minor cosmetic cleanups to the code moved into auditfilter.c [PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL [PATCH] Fix IA64 success/failure indication in syscall auditing. [PATCH] Miscellaneous bug and warning fixes [PATCH] Capture selinux subject/object context information. [PATCH] Exclude messages by message type [PATCH] Collect more inode information during syscall processing. [PATCH] Pass dentry, not just name, in fsnotify creation hooks. [PATCH] Define new range of userspace messages. [PATCH] Filter rule comparators ... Fixed trivial conflict in security/selinux/hooks.c
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/audit.h130
-rw-r--r--include/linux/fsnotify.h14
-rw-r--r--include/linux/security.h33
3 files changed, 147 insertions, 30 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index da3c01955f3d..1c47c59058c1 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -33,27 +33,42 @@
33 * 1200 - 1299 messages internal to the audit daemon 33 * 1200 - 1299 messages internal to the audit daemon
34 * 1300 - 1399 audit event messages 34 * 1300 - 1399 audit event messages
35 * 1400 - 1499 SE Linux use 35 * 1400 - 1499 SE Linux use
36 * 1500 - 1999 future use 36 * 1500 - 1599 kernel LSPP events
37 * 2000 is for otherwise unclassified kernel audit messages 37 * 1600 - 1699 kernel crypto events
38 * 1700 - 1799 kernel anomaly records
39 * 1800 - 1999 future kernel use (maybe integrity labels and related events)
40 * 2000 is for otherwise unclassified kernel audit messages (legacy)
41 * 2001 - 2099 unused (kernel)
42 * 2100 - 2199 user space anomaly records
43 * 2200 - 2299 user space actions taken in response to anomalies
44 * 2300 - 2399 user space generated LSPP events
45 * 2400 - 2499 user space crypto events
46 * 2500 - 2999 future user space (maybe integrity labels and related events)
38 * 47 *
39 * Messages from 1000-1199 are bi-directional. 1200-1299 are exclusively user 48 * Messages from 1000-1199 are bi-directional. 1200-1299 & 2100 - 2999 are
40 * space. Anything over that is kernel --> user space communication. 49 * exclusively user space. 1300-2099 is kernel --> user space
50 * communication.
41 */ 51 */
42#define AUDIT_GET 1000 /* Get status */ 52#define AUDIT_GET 1000 /* Get status */
43#define AUDIT_SET 1001 /* Set status (enable/disable/auditd) */ 53#define AUDIT_SET 1001 /* Set status (enable/disable/auditd) */
44#define AUDIT_LIST 1002 /* List syscall filtering rules */ 54#define AUDIT_LIST 1002 /* List syscall rules -- deprecated */
45#define AUDIT_ADD 1003 /* Add syscall filtering rule */ 55#define AUDIT_ADD 1003 /* Add syscall rule -- deprecated */
46#define AUDIT_DEL 1004 /* Delete syscall filtering rule */ 56#define AUDIT_DEL 1004 /* Delete syscall rule -- deprecated */
47#define AUDIT_USER 1005 /* Message from userspace -- deprecated */ 57#define AUDIT_USER 1005 /* Message from userspace -- deprecated */
48#define AUDIT_LOGIN 1006 /* Define the login id and information */ 58#define AUDIT_LOGIN 1006 /* Define the login id and information */
49#define AUDIT_WATCH_INS 1007 /* Insert file/dir watch entry */ 59#define AUDIT_WATCH_INS 1007 /* Insert file/dir watch entry */
50#define AUDIT_WATCH_REM 1008 /* Remove file/dir watch entry */ 60#define AUDIT_WATCH_REM 1008 /* Remove file/dir watch entry */
51#define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */ 61#define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */
52#define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */ 62#define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */
63#define AUDIT_ADD_RULE 1011 /* Add syscall filtering rule */
64#define AUDIT_DEL_RULE 1012 /* Delete syscall filtering rule */
65#define AUDIT_LIST_RULES 1013 /* List syscall filtering rules */
53 66
54#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */ 67#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */
55#define AUDIT_USER_AVC 1107 /* We filter this differently */ 68#define AUDIT_USER_AVC 1107 /* We filter this differently */
56#define AUDIT_LAST_USER_MSG 1199 69#define AUDIT_LAST_USER_MSG 1199
70#define AUDIT_FIRST_USER_MSG2 2100 /* More user space messages */
71#define AUDIT_LAST_USER_MSG2 2999
57 72
58#define AUDIT_DAEMON_START 1200 /* Daemon startup record */ 73#define AUDIT_DAEMON_START 1200 /* Daemon startup record */
59#define AUDIT_DAEMON_END 1201 /* Daemon normal stop record */ 74#define AUDIT_DAEMON_END 1201 /* Daemon normal stop record */
@@ -72,6 +87,13 @@
72#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ 87#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
73#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ 88#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
74#define AUDIT_AVC_PATH 1402 /* dentry, vfsmount pair from avc */ 89#define AUDIT_AVC_PATH 1402 /* dentry, vfsmount pair from avc */
90#define AUDIT_MAC_POLICY_LOAD 1403 /* Policy file load */
91#define AUDIT_MAC_STATUS 1404 /* Changed enforcing,permissive,off */
92#define AUDIT_MAC_CONFIG_CHANGE 1405 /* Changes to booleans */
93
94#define AUDIT_FIRST_KERN_ANOM_MSG 1700
95#define AUDIT_LAST_KERN_ANOM_MSG 1799
96#define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */
75 97
76#define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ 98#define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */
77 99
@@ -81,8 +103,9 @@
81#define AUDIT_FILTER_ENTRY 0x02 /* Apply rule at syscall entry */ 103#define AUDIT_FILTER_ENTRY 0x02 /* Apply rule at syscall entry */
82#define AUDIT_FILTER_WATCH 0x03 /* Apply rule to file system watches */ 104#define AUDIT_FILTER_WATCH 0x03 /* Apply rule to file system watches */
83#define AUDIT_FILTER_EXIT 0x04 /* Apply rule at syscall exit */ 105#define AUDIT_FILTER_EXIT 0x04 /* Apply rule at syscall exit */
106#define AUDIT_FILTER_TYPE 0x05 /* Apply rule at audit_log_start */
84 107
85#define AUDIT_NR_FILTERS 5 108#define AUDIT_NR_FILTERS 6
86 109
87#define AUDIT_FILTER_PREPEND 0x10 /* Prepend to front of list */ 110#define AUDIT_FILTER_PREPEND 0x10 /* Prepend to front of list */
88 111
@@ -98,6 +121,13 @@
98#define AUDIT_WORD(nr) ((__u32)((nr)/32)) 121#define AUDIT_WORD(nr) ((__u32)((nr)/32))
99#define AUDIT_BIT(nr) (1 << ((nr) - AUDIT_WORD(nr)*32)) 122#define AUDIT_BIT(nr) (1 << ((nr) - AUDIT_WORD(nr)*32))
100 123
124/* This bitmask is used to validate user input. It represents all bits that
125 * are currently used in an audit field constant understood by the kernel.
126 * If you are adding a new #define AUDIT_<whatever>, please ensure that
127 * AUDIT_UNUSED_BITS is updated if need be. */
128#define AUDIT_UNUSED_BITS 0x0FFFFC00
129
130
101/* Rule fields */ 131/* Rule fields */
102 /* These are useful when checking the 132 /* These are useful when checking the
103 * task structure at task creation time 133 * task structure at task creation time
@@ -114,6 +144,7 @@
114#define AUDIT_LOGINUID 9 144#define AUDIT_LOGINUID 9
115#define AUDIT_PERS 10 145#define AUDIT_PERS 10
116#define AUDIT_ARCH 11 146#define AUDIT_ARCH 11
147#define AUDIT_MSGTYPE 12
117 148
118 /* These are ONLY useful when checking 149 /* These are ONLY useful when checking
119 * at syscall exit time (AUDIT_AT_EXIT). */ 150 * at syscall exit time (AUDIT_AT_EXIT). */
@@ -128,8 +159,28 @@
128#define AUDIT_ARG2 (AUDIT_ARG0+2) 159#define AUDIT_ARG2 (AUDIT_ARG0+2)
129#define AUDIT_ARG3 (AUDIT_ARG0+3) 160#define AUDIT_ARG3 (AUDIT_ARG0+3)
130 161
131#define AUDIT_NEGATE 0x80000000 162#define AUDIT_NEGATE 0x80000000
132 163
164/* These are the supported operators.
165 * 4 2 1
166 * = > <
167 * -------
168 * 0 0 0 0 nonsense
169 * 0 0 1 1 <
170 * 0 1 0 2 >
171 * 0 1 1 3 !=
172 * 1 0 0 4 =
173 * 1 0 1 5 <=
174 * 1 1 0 6 >=
175 * 1 1 1 7 all operators
176 */
177#define AUDIT_LESS_THAN 0x10000000
178#define AUDIT_GREATER_THAN 0x20000000
179#define AUDIT_NOT_EQUAL 0x30000000
180#define AUDIT_EQUAL 0x40000000
181#define AUDIT_LESS_THAN_OR_EQUAL (AUDIT_LESS_THAN|AUDIT_EQUAL)
182#define AUDIT_GREATER_THAN_OR_EQUAL (AUDIT_GREATER_THAN|AUDIT_EQUAL)
183#define AUDIT_OPERATORS (AUDIT_EQUAL|AUDIT_NOT_EQUAL)
133 184
134/* Status symbols */ 185/* Status symbols */
135 /* Mask values */ 186 /* Mask values */
@@ -186,6 +237,26 @@ struct audit_status {
186 __u32 backlog; /* messages waiting in queue */ 237 __u32 backlog; /* messages waiting in queue */
187}; 238};
188 239
240/* audit_rule_data supports filter rules with both integer and string
241 * fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and
242 * AUDIT_LIST_RULES requests.
243 */
244struct audit_rule_data {
245 __u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */
246 __u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */
247 __u32 field_count;
248 __u32 mask[AUDIT_BITMASK_SIZE]; /* syscall(s) affected */
249 __u32 fields[AUDIT_MAX_FIELDS];
250 __u32 values[AUDIT_MAX_FIELDS];
251 __u32 fieldflags[AUDIT_MAX_FIELDS];
252 __u32 buflen; /* total length of string fields */
253 char buf[0]; /* string fields buffer */
254};
255
256/* audit_rule is supported to maintain backward compatibility with
257 * userspace. It supports integer fields only and corresponds to
258 * AUDIT_ADD, AUDIT_DEL and AUDIT_LIST requests.
259 */
189struct audit_rule { /* for AUDIT_LIST, AUDIT_ADD, and AUDIT_DEL */ 260struct audit_rule { /* for AUDIT_LIST, AUDIT_ADD, and AUDIT_DEL */
190 __u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */ 261 __u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */
191 __u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */ 262 __u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */
@@ -222,22 +293,33 @@ extern void audit_syscall_entry(struct task_struct *task, int arch,
222extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code); 293extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code);
223extern void audit_getname(const char *name); 294extern void audit_getname(const char *name);
224extern void audit_putname(const char *name); 295extern void audit_putname(const char *name);
225extern void audit_inode(const char *name, const struct inode *inode, unsigned flags); 296extern void __audit_inode(const char *name, const struct inode *inode, unsigned flags);
297extern void __audit_inode_child(const char *dname, const struct inode *inode,
298 unsigned long pino);
299static inline void audit_inode(const char *name, const struct inode *inode,
300 unsigned flags) {
301 if (unlikely(current->audit_context))
302 __audit_inode(name, inode, flags);
303}
304static inline void audit_inode_child(const char *dname,
305 const struct inode *inode,
306 unsigned long pino) {
307 if (unlikely(current->audit_context))
308 __audit_inode_child(dname, inode, pino);
309}
226 310
227 /* Private API (for audit.c only) */ 311 /* Private API (for audit.c only) */
228extern int audit_receive_filter(int type, int pid, int uid, int seq,
229 void *data, uid_t loginuid);
230extern unsigned int audit_serial(void); 312extern unsigned int audit_serial(void);
231extern void auditsc_get_stamp(struct audit_context *ctx, 313extern void auditsc_get_stamp(struct audit_context *ctx,
232 struct timespec *t, unsigned int *serial); 314 struct timespec *t, unsigned int *serial);
233extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); 315extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid);
234extern uid_t audit_get_loginuid(struct audit_context *ctx); 316extern uid_t audit_get_loginuid(struct audit_context *ctx);
235extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); 317extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, struct kern_ipc_perm *ipcp);
236extern int audit_socketcall(int nargs, unsigned long *args); 318extern int audit_socketcall(int nargs, unsigned long *args);
237extern int audit_sockaddr(int len, void *addr); 319extern int audit_sockaddr(int len, void *addr);
238extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); 320extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt);
239extern void audit_signal_info(int sig, struct task_struct *t); 321extern void audit_signal_info(int sig, struct task_struct *t);
240extern int audit_filter_user(struct netlink_skb_parms *cb, int type); 322extern int audit_set_macxattr(const char *name);
241#else 323#else
242#define audit_alloc(t) ({ 0; }) 324#define audit_alloc(t) ({ 0; })
243#define audit_free(t) do { ; } while (0) 325#define audit_free(t) do { ; } while (0)
@@ -245,16 +327,18 @@ extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
245#define audit_syscall_exit(t,f,r) do { ; } while (0) 327#define audit_syscall_exit(t,f,r) do { ; } while (0)
246#define audit_getname(n) do { ; } while (0) 328#define audit_getname(n) do { ; } while (0)
247#define audit_putname(n) do { ; } while (0) 329#define audit_putname(n) do { ; } while (0)
330#define __audit_inode(n,i,f) do { ; } while (0)
331#define __audit_inode_child(d,i,p) do { ; } while (0)
248#define audit_inode(n,i,f) do { ; } while (0) 332#define audit_inode(n,i,f) do { ; } while (0)
249#define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; }) 333#define audit_inode_child(d,i,p) do { ; } while (0)
250#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) 334#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
251#define audit_get_loginuid(c) ({ -1; }) 335#define audit_get_loginuid(c) ({ -1; })
252#define audit_ipc_perms(q,u,g,m) ({ 0; }) 336#define audit_ipc_perms(q,u,g,m,i) ({ 0; })
253#define audit_socketcall(n,a) ({ 0; }) 337#define audit_socketcall(n,a) ({ 0; })
254#define audit_sockaddr(len, addr) ({ 0; }) 338#define audit_sockaddr(len, addr) ({ 0; })
255#define audit_avc_path(dentry, mnt) ({ 0; }) 339#define audit_avc_path(dentry, mnt) ({ 0; })
256#define audit_signal_info(s,t) do { ; } while (0) 340#define audit_signal_info(s,t) do { ; } while (0)
257#define audit_filter_user(cb,t) ({ 1; }) 341#define audit_set_macxattr(n) do { ; } while (0)
258#endif 342#endif
259 343
260#ifdef CONFIG_AUDIT 344#ifdef CONFIG_AUDIT
@@ -278,12 +362,11 @@ extern void audit_log_d_path(struct audit_buffer *ab,
278 const char *prefix, 362 const char *prefix,
279 struct dentry *dentry, 363 struct dentry *dentry,
280 struct vfsmount *vfsmnt); 364 struct vfsmount *vfsmnt);
281 /* Private API (for auditsc.c only) */ 365 /* Private API (for audit.c only) */
282extern void audit_send_reply(int pid, int seq, int type, 366extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
283 int done, int multi, 367extern int audit_filter_type(int type);
284 void *payload, int size); 368extern int audit_receive_filter(int type, int pid, int uid, int seq,
285extern void audit_log_lost(const char *message); 369 void *data, size_t datasz, uid_t loginuid);
286extern struct semaphore audit_netlink_sem;
287#else 370#else
288#define audit_log(c,g,t,f,...) do { ; } while (0) 371#define audit_log(c,g,t,f,...) do { ; } while (0)
289#define audit_log_start(c,g,t) ({ NULL; }) 372#define audit_log_start(c,g,t) ({ NULL; })
@@ -293,6 +376,7 @@ extern struct semaphore audit_netlink_sem;
293#define audit_log_hex(a,b,l) do { ; } while (0) 376#define audit_log_hex(a,b,l) do { ; } while (0)
294#define audit_log_untrustedstring(a,s) do { ; } while (0) 377#define audit_log_untrustedstring(a,s) do { ; } while (0)
295#define audit_log_d_path(b,p,d,v) do { ; } while (0) 378#define audit_log_d_path(b,p,d,v) do { ; } while (0)
379#define audit_panic(m) do { ; } while (0)
296#endif 380#endif
297#endif 381#endif
298#endif 382#endif
diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
index f7e517c1f1bd..11438eff4d44 100644
--- a/include/linux/fsnotify.h
+++ b/include/linux/fsnotify.h
@@ -15,6 +15,7 @@
15 15
16#include <linux/dnotify.h> 16#include <linux/dnotify.h>
17#include <linux/inotify.h> 17#include <linux/inotify.h>
18#include <linux/audit.h>
18 19
19/* 20/*
20 * fsnotify_d_instantiate - instantiate a dentry for inode 21 * fsnotify_d_instantiate - instantiate a dentry for inode
@@ -64,6 +65,8 @@ static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir,
64 if (source) { 65 if (source) {
65 inotify_inode_queue_event(source, IN_MOVE_SELF, 0, NULL); 66 inotify_inode_queue_event(source, IN_MOVE_SELF, 0, NULL);
66 } 67 }
68 audit_inode_child(old_name, source, old_dir->i_ino);
69 audit_inode_child(new_name, target, new_dir->i_ino);
67} 70}
68 71
69/* 72/*
@@ -89,19 +92,22 @@ static inline void fsnotify_inoderemove(struct inode *inode)
89/* 92/*
90 * fsnotify_create - 'name' was linked in 93 * fsnotify_create - 'name' was linked in
91 */ 94 */
92static inline void fsnotify_create(struct inode *inode, const char *name) 95static inline void fsnotify_create(struct inode *inode, struct dentry *dentry)
93{ 96{
94 inode_dir_notify(inode, DN_CREATE); 97 inode_dir_notify(inode, DN_CREATE);
95 inotify_inode_queue_event(inode, IN_CREATE, 0, name); 98 inotify_inode_queue_event(inode, IN_CREATE, 0, dentry->d_name.name);
99 audit_inode_child(dentry->d_name.name, dentry->d_inode, inode->i_ino);
96} 100}
97 101
98/* 102/*
99 * fsnotify_mkdir - directory 'name' was created 103 * fsnotify_mkdir - directory 'name' was created
100 */ 104 */
101static inline void fsnotify_mkdir(struct inode *inode, const char *name) 105static inline void fsnotify_mkdir(struct inode *inode, struct dentry *dentry)
102{ 106{
103 inode_dir_notify(inode, DN_CREATE); 107 inode_dir_notify(inode, DN_CREATE);
104 inotify_inode_queue_event(inode, IN_CREATE | IN_ISDIR, 0, name); 108 inotify_inode_queue_event(inode, IN_CREATE | IN_ISDIR, 0,
109 dentry->d_name.name);
110 audit_inode_child(dentry->d_name.name, dentry->d_inode, inode->i_ino);
105} 111}
106 112
107/* 113/*
diff --git a/include/linux/security.h b/include/linux/security.h
index 3c19be35124b..aaa0a5cdbf75 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -869,6 +869,11 @@ struct swap_info_struct;
869 * @ipcp contains the kernel IPC permission structure 869 * @ipcp contains the kernel IPC permission structure
870 * @flag contains the desired (requested) permission set 870 * @flag contains the desired (requested) permission set
871 * Return 0 if permission is granted. 871 * Return 0 if permission is granted.
872 * @ipc_getsecurity:
873 * Copy the security label associated with the ipc object into
874 * @buffer. @buffer may be NULL to request the size of the buffer
875 * required. @size indicates the size of @buffer in bytes. Return
876 * number of bytes used/required on success.
872 * 877 *
873 * Security hooks for individual messages held in System V IPC message queues 878 * Security hooks for individual messages held in System V IPC message queues
874 * @msg_msg_alloc_security: 879 * @msg_msg_alloc_security:
@@ -1168,7 +1173,8 @@ struct security_operations {
1168 int (*inode_getxattr) (struct dentry *dentry, char *name); 1173 int (*inode_getxattr) (struct dentry *dentry, char *name);
1169 int (*inode_listxattr) (struct dentry *dentry); 1174 int (*inode_listxattr) (struct dentry *dentry);
1170 int (*inode_removexattr) (struct dentry *dentry, char *name); 1175 int (*inode_removexattr) (struct dentry *dentry, char *name);
1171 int (*inode_getsecurity)(struct inode *inode, const char *name, void *buffer, size_t size, int err); 1176 const char *(*inode_xattr_getsuffix) (void);
1177 int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err);
1172 int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); 1178 int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags);
1173 int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); 1179 int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size);
1174 1180
@@ -1217,6 +1223,7 @@ struct security_operations {
1217 void (*task_to_inode)(struct task_struct *p, struct inode *inode); 1223 void (*task_to_inode)(struct task_struct *p, struct inode *inode);
1218 1224
1219 int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); 1225 int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag);
1226 int (*ipc_getsecurity)(struct kern_ipc_perm *ipcp, void *buffer, size_t size);
1220 1227
1221 int (*msg_msg_alloc_security) (struct msg_msg * msg); 1228 int (*msg_msg_alloc_security) (struct msg_msg * msg);
1222 void (*msg_msg_free_security) (struct msg_msg * msg); 1229 void (*msg_msg_free_security) (struct msg_msg * msg);
@@ -1680,7 +1687,12 @@ static inline int security_inode_removexattr (struct dentry *dentry, char *name)
1680 return security_ops->inode_removexattr (dentry, name); 1687 return security_ops->inode_removexattr (dentry, name);
1681} 1688}
1682 1689
1683static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) 1690static inline const char *security_inode_xattr_getsuffix(void)
1691{
1692 return security_ops->inode_xattr_getsuffix();
1693}
1694
1695static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
1684{ 1696{
1685 if (unlikely (IS_PRIVATE (inode))) 1697 if (unlikely (IS_PRIVATE (inode)))
1686 return 0; 1698 return 0;
@@ -1875,6 +1887,11 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
1875 return security_ops->ipc_permission (ipcp, flag); 1887 return security_ops->ipc_permission (ipcp, flag);
1876} 1888}
1877 1889
1890static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
1891{
1892 return security_ops->ipc_getsecurity(ipcp, buffer, size);
1893}
1894
1878static inline int security_msg_msg_alloc (struct msg_msg * msg) 1895static inline int security_msg_msg_alloc (struct msg_msg * msg)
1879{ 1896{
1880 return security_ops->msg_msg_alloc_security (msg); 1897 return security_ops->msg_msg_alloc_security (msg);
@@ -2327,7 +2344,12 @@ static inline int security_inode_removexattr (struct dentry *dentry, char *name)
2327 return cap_inode_removexattr(dentry, name); 2344 return cap_inode_removexattr(dentry, name);
2328} 2345}
2329 2346
2330static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) 2347static inline const char *security_inode_xattr_getsuffix (void)
2348{
2349 return NULL ;
2350}
2351
2352static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
2331{ 2353{
2332 return -EOPNOTSUPP; 2354 return -EOPNOTSUPP;
2333} 2355}
@@ -2510,6 +2532,11 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
2510 return 0; 2532 return 0;
2511} 2533}
2512 2534
2535static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
2536{
2537 return -EOPNOTSUPP;
2538}
2539
2513static inline int security_msg_msg_alloc (struct msg_msg * msg) 2540static inline int security_msg_msg_alloc (struct msg_msg * msg)
2514{ 2541{
2515 return 0; 2542 return 0;