diff options
| author | David Vrabel <david.vrabel@csr.com> | 2009-01-02 08:17:13 -0500 |
|---|---|---|
| committer | David Vrabel <david.vrabel@csr.com> | 2009-01-02 08:17:13 -0500 |
| commit | b21a207141d83a06abc5f492b80204602e02ca44 (patch) | |
| tree | f0152cde543008c72d7eb5c12c18095ad92785e6 /security/capability.c | |
| parent | 3af373021fa32f8f787bfbdcc1a9277a287bde4e (diff) | |
| parent | b58602a4bac012b5f4fc12fe6b46ab237b610d5d (diff) | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6 into for-upstream
Conflicts:
drivers/uwb/wlp/eda.c
Diffstat (limited to 'security/capability.c')
| -rw-r--r-- | security/capability.c | 115 |
1 files changed, 90 insertions, 25 deletions
diff --git a/security/capability.c b/security/capability.c index 245874819036..c545bd1300b5 100644 --- a/security/capability.c +++ b/security/capability.c | |||
| @@ -32,24 +32,19 @@ static int cap_quota_on(struct dentry *dentry) | |||
| 32 | return 0; | 32 | return 0; |
| 33 | } | 33 | } |
| 34 | 34 | ||
| 35 | static int cap_bprm_alloc_security(struct linux_binprm *bprm) | 35 | static int cap_bprm_check_security (struct linux_binprm *bprm) |
| 36 | { | 36 | { |
| 37 | return 0; | 37 | return 0; |
| 38 | } | 38 | } |
| 39 | 39 | ||
| 40 | static void cap_bprm_free_security(struct linux_binprm *bprm) | 40 | static void cap_bprm_committing_creds(struct linux_binprm *bprm) |
| 41 | { | 41 | { |
| 42 | } | 42 | } |
| 43 | 43 | ||
| 44 | static void cap_bprm_post_apply_creds(struct linux_binprm *bprm) | 44 | static void cap_bprm_committed_creds(struct linux_binprm *bprm) |
| 45 | { | 45 | { |
| 46 | } | 46 | } |
| 47 | 47 | ||
| 48 | static int cap_bprm_check_security(struct linux_binprm *bprm) | ||
| 49 | { | ||
| 50 | return 0; | ||
| 51 | } | ||
| 52 | |||
| 53 | static int cap_sb_alloc_security(struct super_block *sb) | 48 | static int cap_sb_alloc_security(struct super_block *sb) |
| 54 | { | 49 | { |
| 55 | return 0; | 50 | return 0; |
| @@ -64,7 +59,7 @@ static int cap_sb_copy_data(char *orig, char *copy) | |||
| 64 | return 0; | 59 | return 0; |
| 65 | } | 60 | } |
| 66 | 61 | ||
| 67 | static int cap_sb_kern_mount(struct super_block *sb, void *data) | 62 | static int cap_sb_kern_mount(struct super_block *sb, int flags, void *data) |
| 68 | { | 63 | { |
| 69 | return 0; | 64 | return 0; |
| 70 | } | 65 | } |
| @@ -268,6 +263,53 @@ static void cap_inode_getsecid(const struct inode *inode, u32 *secid) | |||
| 268 | *secid = 0; | 263 | *secid = 0; |
| 269 | } | 264 | } |
| 270 | 265 | ||
| 266 | #ifdef CONFIG_SECURITY_PATH | ||
| 267 | static int cap_path_mknod(struct path *dir, struct dentry *dentry, int mode, | ||
| 268 | unsigned int dev) | ||
| 269 | { | ||
| 270 | return 0; | ||
| 271 | } | ||
| 272 | |||
| 273 | static int cap_path_mkdir(struct path *dir, struct dentry *dentry, int mode) | ||
| 274 | { | ||
| 275 | return 0; | ||
| 276 | } | ||
| 277 | |||
| 278 | static int cap_path_rmdir(struct path *dir, struct dentry *dentry) | ||
| 279 | { | ||
| 280 | return 0; | ||
| 281 | } | ||
| 282 | |||
| 283 | static int cap_path_unlink(struct path *dir, struct dentry *dentry) | ||
| 284 | { | ||
| 285 | return 0; | ||
| 286 | } | ||
| 287 | |||
| 288 | static int cap_path_symlink(struct path *dir, struct dentry *dentry, | ||
| 289 | const char *old_name) | ||
| 290 | { | ||
| 291 | return 0; | ||
| 292 | } | ||
| 293 | |||
| 294 | static int cap_path_link(struct dentry *old_dentry, struct path *new_dir, | ||
| 295 | struct dentry *new_dentry) | ||
| 296 | { | ||
| 297 | return 0; | ||
| 298 | } | ||
| 299 | |||
| 300 | static int cap_path_rename(struct path *old_path, struct dentry *old_dentry, | ||
| 301 | struct path *new_path, struct dentry *new_dentry) | ||
| 302 | { | ||
| 303 | return 0; | ||
| 304 | } | ||
| 305 | |||
| 306 | static int cap_path_truncate(struct path *path, loff_t length, | ||
| 307 | unsigned int time_attrs) | ||
| 308 | { | ||
| 309 | return 0; | ||
| 310 | } | ||
| 311 | #endif | ||
| 312 | |||
| 271 | static int cap_file_permission(struct file *file, int mask) | 313 | static int cap_file_permission(struct file *file, int mask) |
| 272 | { | 314 | { |
| 273 | return 0; | 315 | return 0; |
| @@ -330,7 +372,7 @@ static int cap_file_receive(struct file *file) | |||
| 330 | return 0; | 372 | return 0; |
| 331 | } | 373 | } |
| 332 | 374 | ||
| 333 | static int cap_dentry_open(struct file *file) | 375 | static int cap_dentry_open(struct file *file, const struct cred *cred) |
| 334 | { | 376 | { |
| 335 | return 0; | 377 | return 0; |
| 336 | } | 378 | } |
| @@ -340,13 +382,27 @@ static int cap_task_create(unsigned long clone_flags) | |||
| 340 | return 0; | 382 | return 0; |
| 341 | } | 383 | } |
| 342 | 384 | ||
| 343 | static int cap_task_alloc_security(struct task_struct *p) | 385 | static void cap_cred_free(struct cred *cred) |
| 386 | { | ||
| 387 | } | ||
| 388 | |||
| 389 | static int cap_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) | ||
| 390 | { | ||
| 391 | return 0; | ||
| 392 | } | ||
| 393 | |||
| 394 | static void cap_cred_commit(struct cred *new, const struct cred *old) | ||
| 395 | { | ||
| 396 | } | ||
| 397 | |||
| 398 | static int cap_kernel_act_as(struct cred *new, u32 secid) | ||
| 344 | { | 399 | { |
| 345 | return 0; | 400 | return 0; |
| 346 | } | 401 | } |
| 347 | 402 | ||
| 348 | static void cap_task_free_security(struct task_struct *p) | 403 | static int cap_kernel_create_files_as(struct cred *new, struct inode *inode) |
| 349 | { | 404 | { |
| 405 | return 0; | ||
| 350 | } | 406 | } |
| 351 | 407 | ||
| 352 | static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | 408 | static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) |
| @@ -750,7 +806,7 @@ static void cap_release_secctx(char *secdata, u32 seclen) | |||
| 750 | } | 806 | } |
| 751 | 807 | ||
| 752 | #ifdef CONFIG_KEYS | 808 | #ifdef CONFIG_KEYS |
| 753 | static int cap_key_alloc(struct key *key, struct task_struct *ctx, | 809 | static int cap_key_alloc(struct key *key, const struct cred *cred, |
| 754 | unsigned long flags) | 810 | unsigned long flags) |
| 755 | { | 811 | { |
| 756 | return 0; | 812 | return 0; |
| @@ -760,7 +816,7 @@ static void cap_key_free(struct key *key) | |||
| 760 | { | 816 | { |
| 761 | } | 817 | } |
| 762 | 818 | ||
| 763 | static int cap_key_permission(key_ref_t key_ref, struct task_struct *context, | 819 | static int cap_key_permission(key_ref_t key_ref, const struct cred *cred, |
| 764 | key_perm_t perm) | 820 | key_perm_t perm) |
| 765 | { | 821 | { |
| 766 | return 0; | 822 | return 0; |
| @@ -814,8 +870,7 @@ void security_fixup_ops(struct security_operations *ops) | |||
| 814 | set_to_cap_if_null(ops, ptrace_may_access); | 870 | set_to_cap_if_null(ops, ptrace_may_access); |
| 815 | set_to_cap_if_null(ops, ptrace_traceme); | 871 | set_to_cap_if_null(ops, ptrace_traceme); |
| 816 | set_to_cap_if_null(ops, capget); | 872 | set_to_cap_if_null(ops, capget); |
| 817 | set_to_cap_if_null(ops, capset_check); | 873 | set_to_cap_if_null(ops, capset); |
| 818 | set_to_cap_if_null(ops, capset_set); | ||
| 819 | set_to_cap_if_null(ops, acct); | 874 | set_to_cap_if_null(ops, acct); |
| 820 | set_to_cap_if_null(ops, capable); | 875 | set_to_cap_if_null(ops, capable); |
| 821 | set_to_cap_if_null(ops, quotactl); | 876 | set_to_cap_if_null(ops, quotactl); |
| @@ -824,11 +879,9 @@ void security_fixup_ops(struct security_operations *ops) | |||
| 824 | set_to_cap_if_null(ops, syslog); | 879 | set_to_cap_if_null(ops, syslog); |
| 825 | set_to_cap_if_null(ops, settime); | 880 | set_to_cap_if_null(ops, settime); |
| 826 | set_to_cap_if_null(ops, vm_enough_memory); | 881 | set_to_cap_if_null(ops, vm_enough_memory); |
| 827 | set_to_cap_if_null(ops, bprm_alloc_security); | 882 | set_to_cap_if_null(ops, bprm_set_creds); |
| 828 | set_to_cap_if_null(ops, bprm_free_security); | 883 | set_to_cap_if_null(ops, bprm_committing_creds); |
| 829 | set_to_cap_if_null(ops, bprm_apply_creds); | 884 | set_to_cap_if_null(ops, bprm_committed_creds); |
| 830 | set_to_cap_if_null(ops, bprm_post_apply_creds); | ||
| 831 | set_to_cap_if_null(ops, bprm_set_security); | ||
| 832 | set_to_cap_if_null(ops, bprm_check_security); | 885 | set_to_cap_if_null(ops, bprm_check_security); |
| 833 | set_to_cap_if_null(ops, bprm_secureexec); | 886 | set_to_cap_if_null(ops, bprm_secureexec); |
| 834 | set_to_cap_if_null(ops, sb_alloc_security); | 887 | set_to_cap_if_null(ops, sb_alloc_security); |
| @@ -877,6 +930,16 @@ void security_fixup_ops(struct security_operations *ops) | |||
| 877 | set_to_cap_if_null(ops, inode_setsecurity); | 930 | set_to_cap_if_null(ops, inode_setsecurity); |
| 878 | set_to_cap_if_null(ops, inode_listsecurity); | 931 | set_to_cap_if_null(ops, inode_listsecurity); |
| 879 | set_to_cap_if_null(ops, inode_getsecid); | 932 | set_to_cap_if_null(ops, inode_getsecid); |
| 933 | #ifdef CONFIG_SECURITY_PATH | ||
| 934 | set_to_cap_if_null(ops, path_mknod); | ||
| 935 | set_to_cap_if_null(ops, path_mkdir); | ||
| 936 | set_to_cap_if_null(ops, path_rmdir); | ||
| 937 | set_to_cap_if_null(ops, path_unlink); | ||
| 938 | set_to_cap_if_null(ops, path_symlink); | ||
| 939 | set_to_cap_if_null(ops, path_link); | ||
| 940 | set_to_cap_if_null(ops, path_rename); | ||
| 941 | set_to_cap_if_null(ops, path_truncate); | ||
| 942 | #endif | ||
| 880 | set_to_cap_if_null(ops, file_permission); | 943 | set_to_cap_if_null(ops, file_permission); |
| 881 | set_to_cap_if_null(ops, file_alloc_security); | 944 | set_to_cap_if_null(ops, file_alloc_security); |
| 882 | set_to_cap_if_null(ops, file_free_security); | 945 | set_to_cap_if_null(ops, file_free_security); |
| @@ -890,10 +953,13 @@ void security_fixup_ops(struct security_operations *ops) | |||
| 890 | set_to_cap_if_null(ops, file_receive); | 953 | set_to_cap_if_null(ops, file_receive); |
| 891 | set_to_cap_if_null(ops, dentry_open); | 954 | set_to_cap_if_null(ops, dentry_open); |
| 892 | set_to_cap_if_null(ops, task_create); | 955 | set_to_cap_if_null(ops, task_create); |
| 893 | set_to_cap_if_null(ops, task_alloc_security); | 956 | set_to_cap_if_null(ops, cred_free); |
| 894 | set_to_cap_if_null(ops, task_free_security); | 957 | set_to_cap_if_null(ops, cred_prepare); |
| 958 | set_to_cap_if_null(ops, cred_commit); | ||
| 959 | set_to_cap_if_null(ops, kernel_act_as); | ||
| 960 | set_to_cap_if_null(ops, kernel_create_files_as); | ||
| 895 | set_to_cap_if_null(ops, task_setuid); | 961 | set_to_cap_if_null(ops, task_setuid); |
| 896 | set_to_cap_if_null(ops, task_post_setuid); | 962 | set_to_cap_if_null(ops, task_fix_setuid); |
| 897 | set_to_cap_if_null(ops, task_setgid); | 963 | set_to_cap_if_null(ops, task_setgid); |
| 898 | set_to_cap_if_null(ops, task_setpgid); | 964 | set_to_cap_if_null(ops, task_setpgid); |
| 899 | set_to_cap_if_null(ops, task_getpgid); | 965 | set_to_cap_if_null(ops, task_getpgid); |
| @@ -910,7 +976,6 @@ void security_fixup_ops(struct security_operations *ops) | |||
| 910 | set_to_cap_if_null(ops, task_wait); | 976 | set_to_cap_if_null(ops, task_wait); |
| 911 | set_to_cap_if_null(ops, task_kill); | 977 | set_to_cap_if_null(ops, task_kill); |
| 912 | set_to_cap_if_null(ops, task_prctl); | 978 | set_to_cap_if_null(ops, task_prctl); |
| 913 | set_to_cap_if_null(ops, task_reparent_to_init); | ||
| 914 | set_to_cap_if_null(ops, task_to_inode); | 979 | set_to_cap_if_null(ops, task_to_inode); |
| 915 | set_to_cap_if_null(ops, ipc_permission); | 980 | set_to_cap_if_null(ops, ipc_permission); |
| 916 | set_to_cap_if_null(ops, ipc_getsecid); | 981 | set_to_cap_if_null(ops, ipc_getsecid); |