Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6: selinux: make mls_compute_sid always polyinstantiate security/selinux: constify function pointer tables and fields security: add a secctx_to_secid() hook security: call security_file_permission from rw_verify_area security: remove security_sb_post_mountroot hook Security: remove security.h include from mm.h Security: remove security_file_mmap hook sparse-warnings (NULL as 0). Security: add get, set, and cloning of superblock security information security/selinux: Add missing "space"
author: Linus Torvalds <torvalds@linux-foundation.org> 2008-01-25 11:44:29 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2008-01-25 11:44:29 -0500
commit: b47711bfbcd4eb77ca61ef0162487b20e023ae55 (patch)
tree: b2a695dbd40f7ca2333664cf946ef34eda7b7dba /include/linux
parent: 7556afa0e0e436cad4f560ee83e5fbd5dac9359a (diff)
parent: 2e08c0c1c3977a5ddc88887dd3af1b26c433e9d0 (diff)
2 files changed, 52 insertions, 10 deletions
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 1b7b95c67aca..1897ca223eca 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -12,7 +12,6 @@
 #include <linux/prio_tree.h>
 #include <linux/debug_locks.h>
 #include <linux/mm_types.h>
-#include <linux/security.h>
 struct mempolicy;
 struct anon_vma;
@@ -34,6 +33,8 @@ extern int sysctl_legacy_va_layout;
 #define sysctl_legacy_va_layout 0
 #endif
+extern unsigned long mmap_min_addr;
 #include <asm/page.h>
 #include <asm/pgtable.h>
 #include <asm/processor.h>
diff --git a/include/linux/security.h b/include/linux/security.h
index ac050830a873..d24974262dc6 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -34,6 +34,12 @@
 #include <linux/xfrm.h>
 #include <net/flow.h>
+/* only a char in selinux superblock security struct flags */
+#define FSCONTEXT_MNT           0x01
+#define CONTEXT_MNT             0x02
+#define ROOTCONTEXT_MNT         0x04
+#define DEFCONTEXT_MNT          0x08
 /*
 * Bounding set
 */
@@ -243,9 +249,6 @@ struct request_sock;
 *      @mnt contains the mounted file system.
 *      @flags contains the new filesystem flags.
 *      @data contains the filesystem-specific data.
- * @sb_post_mountroot:
- *      Update the security module's state when the root filesystem is mounted.
- *      This hook is only called if the mount was successful.
 * @sb_post_addmount:
 *      Update the security module's state when a filesystem is mounted.
 *      This hook is called any time a mount is successfully grafetd to
@@ -261,6 +264,22 @@ struct request_sock;
 *      Update module state after a successful pivot.
 *      @old_nd contains the nameidata structure for the old root.
 *      @new_nd contains the nameidata structure for the new root.
+ * @sb_get_mnt_opts:
+ *      Get the security relevant mount options used for a superblock
+ *      @sb the superblock to get security mount options from
+ *      @mount_options array for pointers to mount options
+ *      @mount_flags array of ints specifying what each mount options is
+ *      @num_opts number of options in the arrays
+ * @sb_set_mnt_opts:
+ *      Set the security relevant mount options used for a superblock
+ *      @sb the superblock to set security mount options for
+ *      @mount_options array for pointers to mount options
+ *      @mount_flags array of ints specifying what each mount options is
+ *      @num_opts number of options in the arrays
+ * @sb_clone_mnt_opts:
+ *      Copy all security options from a given superblock to another
+ *      @oldsb old superblock which contain information to clone
+ *      @newsb new superblock which needs filled in
 *
 * Security hooks for inode operations.
 *
@@ -1183,6 +1202,10 @@ struct request_sock;
 *      Convert secid to security context.
 *      @secid contains the security ID.
 *      @secdata contains the pointer that stores the converted security context.
+ * @secctx_to_secid:
+ *      Convert security context to secid.
+ *      @secid contains the pointer to the generated security ID.
+ *      @secdata contains the security context.
 *
 * @release_secctx:
 *      Release the security context.
@@ -1235,13 +1258,19 @@ struct security_operations {
        void (*sb_umount_busy) (struct vfsmount * mnt);
        void (*sb_post_remount) (struct vfsmount * mnt,
                                 unsigned long flags, void *data);
-        void (*sb_post_mountroot) (void);
        void (*sb_post_addmount) (struct vfsmount * mnt,
                                  struct nameidata * mountpoint_nd);
        int (*sb_pivotroot) (struct nameidata * old_nd,
                             struct nameidata * new_nd);
        void (*sb_post_pivotroot) (struct nameidata * old_nd,
                                   struct nameidata * new_nd);
+        int (*sb_get_mnt_opts) (const struct super_block *sb,
+                                char ***mount_options, int **flags,
+                                int *num_opts);
+        int (*sb_set_mnt_opts) (struct super_block *sb, char **mount_options,
+                                int *flags, int num_opts);
+        void (*sb_clone_mnt_opts) (const struct super_block *oldsb,
+                                   struct super_block *newsb);
        int (*inode_alloc_security) (struct inode *inode);      
        void (*inode_free_security) (struct inode *inode);
@@ -1371,6 +1400,7 @@ struct security_operations {
        int (*getprocattr)(struct task_struct *p, char *name, char **value);
        int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size);
        int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen);
+        int (*secctx_to_secid)(char *secdata, u32 seclen, u32 *secid);
        void (*release_secctx)(char *secdata, u32 seclen);
 #ifdef CONFIG_SECURITY_NETWORK
@@ -1495,10 +1525,16 @@ int security_sb_umount(struct vfsmount *mnt, int flags);
 void security_sb_umount_close(struct vfsmount *mnt);
 void security_sb_umount_busy(struct vfsmount *mnt);
 void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data);
-void security_sb_post_mountroot(void);
 void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd);
 int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);
 void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);
+int security_sb_get_mnt_opts(const struct super_block *sb, char ***mount_options,
+                             int **flags, int *num_opts);
+int security_sb_set_mnt_opts(struct super_block *sb, char **mount_options,
+                             int *flags, int num_opts);
+void security_sb_clone_mnt_opts(const struct super_block *oldsb,
+                                struct super_block *newsb);
 int security_inode_alloc(struct inode *inode);
 void security_inode_free(struct inode *inode);
 int security_inode_init_security(struct inode *inode, struct inode *dir,
@@ -1603,6 +1639,7 @@ int security_setprocattr(struct task_struct *p, char *name, void *value, size_t
 int security_netlink_send(struct sock *sk, struct sk_buff *skb);
 int security_netlink_recv(struct sk_buff *skb, int cap);
 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
+int security_secctx_to_secid(char *secdata, u32 seclen, u32 *secid);
 void security_release_secctx(char *secdata, u32 seclen);
 #else /* CONFIG_SECURITY */
@@ -1777,9 +1814,6 @@ static inline void security_sb_post_remount (struct vfsmount *mnt,
                                             unsigned long flags, void *data)
 { }
-static inline void security_sb_post_mountroot (void)
-{ }
 static inline void security_sb_post_addmount (struct vfsmount *mnt,
                                              struct nameidata *mountpoint_nd)
 { }
@@ -2266,7 +2300,7 @@ static inline struct dentry *securityfs_create_file(const char *name,
                                                mode_t mode,
                                                struct dentry *parent,
                                                void *data,
-                                                struct file_operations *fops)
+                                                const struct file_operations *fops)
 {
        return ERR_PTR(-ENODEV);
 }
@@ -2280,6 +2314,13 @@ static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *secle
        return -EOPNOTSUPP;
 }
+static inline int security_secctx_to_secid(char *secdata,
+                                           u32 seclen,
+                                           u32 *secid)
+{
+        return -EOPNOTSUPP;
+}
 static inline void security_release_secctx(char *secdata, u32 seclen)
 {
 }
author	Linus Torvalds <torvalds@linux-foundation.org>	2008-01-25 11:44:29 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2008-01-25 11:44:29 -0500
commit	b47711bfbcd4eb77ca61ef0162487b20e023ae55 (patch)
tree	b2a695dbd40f7ca2333664cf946ef34eda7b7dba /include/linux
parent	7556afa0e0e436cad4f560ee83e5fbd5dac9359a (diff)
parent	2e08c0c1c3977a5ddc88887dd3af1b26c433e9d0 (diff)