Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: security: fix up documentation for security_module_enable Security: Introduce security= boot parameter Audit: Final renamings and cleanup SELinux: use new audit hooks, remove redundant exports Audit: internally use the new LSM audit hooks LSM/Audit: Introduce generic Audit LSM hooks SELinux: remove redundant exports Netlink: Use generic LSM hook Audit: use new LSM hooks instead of SELinux exports SELinux: setup new inode/ipc getsecid hooks LSM: Introduce inode_getsecid and ipc_getsecid hooks
author: Linus Torvalds <torvalds@linux-foundation.org> 2008-04-18 21:18:30 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2008-04-18 21:18:30 -0400
commit: 3925e6fc1f774048404fdd910b0345b06c699eb4 (patch)
tree: c9a58417d9492f39f7fe81d4721d674c34dd8be2 /include
parent: 334d094504c2fe1c44211ecb49146ae6bca8c321 (diff)
parent: 7cea51be4e91edad05bd834f3235b45c57783f0d (diff)
3 files changed, 142 insertions, 135 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 2af9ec025015..4ccb048cae1d 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -353,6 +353,33 @@ struct netlink_skb_parms;
 struct linux_binprm;
 struct mq_attr;
 struct mqstat;
+struct audit_watch;
+struct audit_tree;
+struct audit_krule {
+        int                     vers_ops;
+        u32                     flags;
+        u32                     listnr;
+        u32                     action;
+        u32                     mask[AUDIT_BITMASK_SIZE];
+        u32                     buflen; /* for data alloc on list rules */
+        u32                     field_count;
+        char                    *filterkey; /* ties events to rules */
+        struct audit_field      *fields;
+        struct audit_field      *arch_f; /* quick access to arch field */
+        struct audit_field      *inode_f; /* quick access to an inode field */
+        struct audit_watch      *watch; /* associated watch */
+        struct audit_tree       *tree;  /* associated watched tree */
+        struct list_head        rlist;  /* entry in audit_{watch,tree}.rules list */
+};
+struct audit_field {
+        u32                             type;
+        u32                             val;
+        u32                             op;
+        char                            *lsm_str;
+        void                            *lsm_rule;
+};
 #define AUDITSC_INVALID 0
 #define AUDITSC_SUCCESS 1
@@ -536,6 +563,8 @@ extern void		    audit_log_d_path(struct audit_buffer *ab,
                                             const char *prefix,
                                             struct path *path);
 extern void                 audit_log_lost(const char *message);
+extern int                  audit_update_lsm_rules(void);
                                /* Private API (for audit.c only) */
 extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
 extern int audit_filter_type(int type);
diff --git a/include/linux/security.h b/include/linux/security.h
index f5eb9ff47ac5..fea1f4aa4dd5 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -36,7 +36,11 @@
 extern unsigned securebits;
+/* Maximum number of letters for an LSM name string */
+#define SECURITY_NAME_MAX       10
 struct ctl_table;
+struct audit_krule;
 /*
 * These functions are in security/capability.c and are used
@@ -136,6 +140,12 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 /**
 * struct security_operations - main security structure
 *
+ * Security module identifier.
+ *
+ * @name:
+ *      A string that acts as a unique identifeir for the LSM with max number
+ *      of characters = SECURITY_NAME_MAX.
+ *
 * Security hooks for program execution operations.
 *
 * @bprm_alloc_security:
@@ -468,6 +478,11 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 *      @dentry is the dentry being changed.
 *      Return 0 on success.  If error is returned, then the operation
 *      causing setuid bit removal is failed.
+ * @inode_getsecid:
+ *      Get the secid associated with the node.
+ *      @inode contains a pointer to the inode.
+ *      @secid contains a pointer to the location where result will be saved.
+ *      In case of failure, @secid will be set to zero.
 *
 * Security hooks for file operations
 *
@@ -636,6 +651,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 * @task_getsecid:
 *      Retrieve the security identifier of the process @p.
 *      @p contains the task_struct for the process and place is into @secid.
+ *      In case of failure, @secid will be set to zero.
+ *
 * @task_setgroups:
 *      Check permission before setting the supplementary group set of the
 *      current process.
@@ -997,6 +1014,11 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 *      @ipcp contains the kernel IPC permission structure
 *      @flag contains the desired (requested) permission set
 *      Return 0 if permission is granted.
+ * @ipc_getsecid:
+ *      Get the secid associated with the ipc object.
+ *      @ipcp contains the kernel IPC permission structure.
+ *      @secid contains a pointer to the location where result will be saved.
+ *      In case of failure, @secid will be set to zero.
 *
 * Security hooks for individual messages held in System V IPC message queues
 * @msg_msg_alloc_security:
@@ -1223,9 +1245,42 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 *      @secdata contains the security context.
 *      @seclen contains the length of the security context.
 *
+ * Security hooks for Audit
+ *
+ * @audit_rule_init:
+ *      Allocate and initialize an LSM audit rule structure.
+ *      @field contains the required Audit action. Fields flags are defined in include/linux/audit.h
+ *      @op contains the operator the rule uses.
+ *      @rulestr contains the context where the rule will be applied to.
+ *      @lsmrule contains a pointer to receive the result.
+ *      Return 0 if @lsmrule has been successfully set,
+ *      -EINVAL in case of an invalid rule.
+ *
+ * @audit_rule_known:
+ *      Specifies whether given @rule contains any fields related to current LSM.
+ *      @rule contains the audit rule of interest.
+ *      Return 1 in case of relation found, 0 otherwise.
+ *
+ * @audit_rule_match:
+ *      Determine if given @secid matches a rule previously approved
+ *      by @audit_rule_known.
+ *      @secid contains the security id in question.
+ *      @field contains the field which relates to current LSM.
+ *      @op contains the operator that will be used for matching.
+ *      @rule points to the audit rule that will be checked against.
+ *      @actx points to the audit context associated with the check.
+ *      Return 1 if secid matches the rule, 0 if it does not, -ERRNO on failure.
+ *
+ * @audit_rule_free:
+ *      Deallocate the LSM audit rule structure previously allocated by
+ *      audit_rule_init.
+ *      @rule contains the allocated rule
+ *
 * This is the main security structure.
 */
 struct security_operations {
+        char name[SECURITY_NAME_MAX + 1];
        int (*ptrace) (struct task_struct * parent, struct task_struct * child);
        int (*capget) (struct task_struct * target,
                       kernel_cap_t * effective,
@@ -1317,6 +1372,7 @@ struct security_operations {
        int (*inode_getsecurity)(const struct inode *inode, const char *name, void **buffer, bool alloc);
        int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags);
        int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size);
+        void (*inode_getsecid)(const struct inode *inode, u32 *secid);
        int (*file_permission) (struct file * file, int mask);
        int (*file_alloc_security) (struct file * file);
@@ -1369,6 +1425,7 @@ struct security_operations {
        void (*task_to_inode)(struct task_struct *p, struct inode *inode);
        int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag);
+        void (*ipc_getsecid) (struct kern_ipc_perm *ipcp, u32 *secid);
        int (*msg_msg_alloc_security) (struct msg_msg * msg);
        void (*msg_msg_free_security) (struct msg_msg * msg);
@@ -1480,10 +1537,18 @@ struct security_operations {
 #endif  /* CONFIG_KEYS */
+#ifdef CONFIG_AUDIT
+        int (*audit_rule_init)(u32 field, u32 op, char *rulestr, void **lsmrule);
+        int (*audit_rule_known)(struct audit_krule *krule);
+        int (*audit_rule_match)(u32 secid, u32 field, u32 op, void *lsmrule,
+                                struct audit_context *actx);
+        void (*audit_rule_free)(void *lsmrule);
+#endif /* CONFIG_AUDIT */
 };
 /* prototypes */
 extern int security_init        (void);
+extern int security_module_enable(struct security_operations *ops);
 extern int register_security    (struct security_operations *ops);
 extern int mod_reg_security     (const char *name, struct security_operations *ops);
 extern struct dentry *securityfs_create_file(const char *name, mode_t mode,
@@ -1578,6 +1643,7 @@ int security_inode_killpriv(struct dentry *dentry);
 int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc);
 int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
 int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
+void security_inode_getsecid(const struct inode *inode, u32 *secid);
 int security_file_permission(struct file *file, int mask);
 int security_file_alloc(struct file *file);
 void security_file_free(struct file *file);
@@ -1622,6 +1688,7 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
 void security_task_reparent_to_init(struct task_struct *p);
 void security_task_to_inode(struct task_struct *p, struct inode *inode);
 int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
+void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
 int security_msg_msg_alloc(struct msg_msg *msg);
 void security_msg_msg_free(struct msg_msg *msg);
 int security_msg_queue_alloc(struct msg_queue *msq);
@@ -2022,6 +2089,11 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer,
        return 0;
 }
+static inline void security_inode_getsecid(const struct inode *inode, u32 *secid)
+{
+        *secid = 0;
+}
 static inline int security_file_permission (struct file *file, int mask)
 {
        return 0;
@@ -2137,7 +2209,9 @@ static inline int security_task_getsid (struct task_struct *p)
 }
 static inline void security_task_getsecid (struct task_struct *p, u32 *secid)
-{ }
+{
+        *secid = 0;
+}
 static inline int security_task_setgroups (struct group_info *group_info)
 {
@@ -2216,6 +2290,11 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
        return 0;
 }
+static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
+{
+        *secid = 0;
+}
 static inline int security_msg_msg_alloc (struct msg_msg * msg)
 {
        return 0;
@@ -2672,5 +2751,38 @@ static inline int security_key_permission(key_ref_t key_ref,
 #endif
 #endif /* CONFIG_KEYS */
+#ifdef CONFIG_AUDIT
+#ifdef CONFIG_SECURITY
+int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
+int security_audit_rule_known(struct audit_krule *krule);
+int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
+                              struct audit_context *actx);
+void security_audit_rule_free(void *lsmrule);
+#else
+static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr,
+                                           void **lsmrule)
+{
+        return 0;
+}
+static inline int security_audit_rule_known(struct audit_krule *krule)
+{
+        return 0;
+}
+static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
+                                   void *lsmrule, struct audit_context *actx)
+{
+        return 0;
+}
+static inline void security_audit_rule_free(void *lsmrule)
+{ }
+#endif /* CONFIG_SECURITY */
+#endif /* CONFIG_AUDIT */
 #endif /* ! __LINUX_SECURITY_H */
diff --git a/include/linux/selinux.h b/include/linux/selinux.h
index 8c2cc4c02526..20f965d4b041 100644
--- a/include/linux/selinux.h
+++ b/include/linux/selinux.h
@@ -16,99 +16,11 @@
 struct selinux_audit_rule;
 struct audit_context;
-struct inode;
 struct kern_ipc_perm;
 #ifdef CONFIG_SECURITY_SELINUX
 /**
- *      selinux_audit_rule_init - alloc/init an selinux audit rule structure.
- *      @field: the field this rule refers to
- *      @op: the operater the rule uses
- *      @rulestr: the text "target" of the rule
- *      @rule: pointer to the new rule structure returned via this
- *
- *      Returns 0 if successful, -errno if not.  On success, the rule structure
- *      will be allocated internally.  The caller must free this structure with
- *      selinux_audit_rule_free() after use.
- */
-int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
-                            struct selinux_audit_rule **rule);
-/**
- *      selinux_audit_rule_free - free an selinux audit rule structure.
- *      @rule: pointer to the audit rule to be freed
- *
- *      This will free all memory associated with the given rule.
- *      If @rule is NULL, no operation is performed.
- */
-void selinux_audit_rule_free(struct selinux_audit_rule *rule);
-/**
- *      selinux_audit_rule_match - determine if a context ID matches a rule.
- *      @sid: the context ID to check
- *      @field: the field this rule refers to
- *      @op: the operater the rule uses
- *      @rule: pointer to the audit rule to check against
- *      @actx: the audit context (can be NULL) associated with the check
- *
- *      Returns 1 if the context id matches the rule, 0 if it does not, and
- *      -errno on failure.
- */
-int selinux_audit_rule_match(u32 sid, u32 field, u32 op,
-                             struct selinux_audit_rule *rule,
-                             struct audit_context *actx);
-/**
- *      selinux_audit_set_callback - set the callback for policy reloads.
- *      @callback: the function to call when the policy is reloaded
- *
- *      This sets the function callback function that will update the rules
- *      upon policy reloads.  This callback should rebuild all existing rules
- *      using selinux_audit_rule_init().
- */
-void selinux_audit_set_callback(int (*callback)(void));
-/**
- *     selinux_sid_to_string - map a security context ID to a string
- *     @sid: security context ID to be converted.
- *     @ctx: address of context string to be returned
- *     @ctxlen: length of returned context string.
- *
- *     Returns 0 if successful, -errno if not.  On success, the context
- *     string will be allocated internally, and the caller must call
- *     kfree() on it after use.
- */
-int selinux_sid_to_string(u32 sid, char **ctx, u32 *ctxlen);
-/**
- *     selinux_get_inode_sid - get the inode's security context ID
- *     @inode: inode structure to get the sid from.
- *     @sid: pointer to security context ID to be filled in.
- *
- *     Returns nothing
- */
-void selinux_get_inode_sid(const struct inode *inode, u32 *sid);
-/**
- *     selinux_get_ipc_sid - get the ipc security context ID
- *     @ipcp: ipc structure to get the sid from.
- *     @sid: pointer to security context ID to be filled in.
- *
- *     Returns nothing
- */
-void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid);
-/**
- *     selinux_get_task_sid - return the SID of task
- *     @tsk: the task whose SID will be returned
- *     @sid: pointer to security context ID to be filled in.
- *
- *     Returns nothing
- */
-void selinux_get_task_sid(struct task_struct *tsk, u32 *sid);
-/**
 *     selinux_string_to_sid - map a security context string to a security ID
 *     @str: the security context string to be mapped
 *     @sid: ID value returned via this.
@@ -151,52 +63,6 @@ void selinux_secmark_refcount_inc(void);
 void selinux_secmark_refcount_dec(void);
 #else
-static inline int selinux_audit_rule_init(u32 field, u32 op,
-                                          char *rulestr,
-                                          struct selinux_audit_rule **rule)
-{
-        return -EOPNOTSUPP;
-}
-static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule)
-{
-        return;
-}
-static inline int selinux_audit_rule_match(u32 sid, u32 field, u32 op,
-                                           struct selinux_audit_rule *rule,
-                                           struct audit_context *actx)
-{
-        return 0;
-}
-static inline void selinux_audit_set_callback(int (*callback)(void))
-{
-        return;
-}
-static inline int selinux_sid_to_string(u32 sid, char **ctx, u32 *ctxlen)
-{
-       *ctx = NULL;
-       *ctxlen = 0;
-       return 0;
-}
-static inline void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
-{
-        *sid = 0;
-}
-static inline void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)
-{
-        *sid = 0;
-}
-static inline void selinux_get_task_sid(struct task_struct *tsk, u32 *sid)
-{
-        *sid = 0;
-}
 static inline int selinux_string_to_sid(const char *str, u32 *sid)
 {
       *sid = 0;
author	Linus Torvalds <torvalds@linux-foundation.org>	2008-04-18 21:18:30 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2008-04-18 21:18:30 -0400
commit	3925e6fc1f774048404fdd910b0345b06c699eb4 (patch)
tree	c9a58417d9492f39f7fe81d4721d674c34dd8be2 /include
parent	334d094504c2fe1c44211ecb49146ae6bca8c321 (diff)
parent	7cea51be4e91edad05bd834f3235b45c57783f0d (diff)