Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: security: fix up documentation for security_module_enable Security: Introduce security= boot parameter Audit: Final renamings and cleanup SELinux: use new audit hooks, remove redundant exports Audit: internally use the new LSM audit hooks LSM/Audit: Introduce generic Audit LSM hooks SELinux: remove redundant exports Netlink: Use generic LSM hook Audit: use new LSM hooks instead of SELinux exports SELinux: setup new inode/ipc getsecid hooks LSM: Introduce inode_getsecid and ipc_getsecid hooks
author: Linus Torvalds <torvalds@linux-foundation.org> 2008-04-18 21:18:30 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2008-04-18 21:18:30 -0400
commit: 3925e6fc1f774048404fdd910b0345b06c699eb4 (patch)
tree: c9a58417d9492f39f7fe81d4721d674c34dd8be2 /security/dummy.c
parent: 334d094504c2fe1c44211ecb49146ae6bca8c321 (diff)
parent: 7cea51be4e91edad05bd834f3235b45c57783f0d (diff)
1 files changed, 48 insertions, 3 deletions
diff --git a/security/dummy.c b/security/dummy.c
index 480366f9c41d..98d5f969cdc8 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -424,6 +424,11 @@ static int dummy_inode_listsecurity(struct inode *inode, char *buffer, size_t bu
        return 0;
 }
+static void dummy_inode_getsecid(const struct inode *inode, u32 *secid)
+{
+        *secid = 0;
+}
 static int dummy_file_permission (struct file *file, int mask)
 {
        return 0;
@@ -542,7 +547,9 @@ static int dummy_task_getsid (struct task_struct *p)
 }
 static void dummy_task_getsecid (struct task_struct *p, u32 *secid)
-{ }
+{
+        *secid = 0;
+}
 static int dummy_task_setgroups (struct group_info *group_info)
 {
@@ -616,6 +623,11 @@ static int dummy_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
        return 0;
 }
+static void dummy_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
+{
+        *secid = 0;
+}
 static int dummy_msg_msg_alloc_security (struct msg_msg *msg)
 {
        return 0;
@@ -983,7 +995,33 @@ static inline int dummy_key_permission(key_ref_t key_ref,
 }
 #endif /* CONFIG_KEYS */
-struct security_operations dummy_security_ops;
+#ifdef CONFIG_AUDIT
+static inline int dummy_audit_rule_init(u32 field, u32 op, char *rulestr,
+                                        void **lsmrule)
+{
+        return 0;
+}
+static inline int dummy_audit_rule_known(struct audit_krule *krule)
+{
+        return 0;
+}
+static inline int dummy_audit_rule_match(u32 secid, u32 field, u32 op,
+                                         void *lsmrule,
+                                         struct audit_context *actx)
+{
+        return 0;
+}
+static inline void dummy_audit_rule_free(void *lsmrule)
+{ }
+#endif /* CONFIG_AUDIT */
+struct security_operations dummy_security_ops = {
+        .name = "dummy",
+};
 #define set_to_dummy_if_null(ops, function)                             \
        do {                                                            \
@@ -1060,6 +1098,7 @@ void security_fixup_ops (struct security_operations *ops)
        set_to_dummy_if_null(ops, inode_getsecurity);
        set_to_dummy_if_null(ops, inode_setsecurity);
        set_to_dummy_if_null(ops, inode_listsecurity);
+        set_to_dummy_if_null(ops, inode_getsecid);
        set_to_dummy_if_null(ops, file_permission);
        set_to_dummy_if_null(ops, file_alloc_security);
        set_to_dummy_if_null(ops, file_free_security);
@@ -1096,6 +1135,7 @@ void security_fixup_ops (struct security_operations *ops)
        set_to_dummy_if_null(ops, task_reparent_to_init);
        set_to_dummy_if_null(ops, task_to_inode);
        set_to_dummy_if_null(ops, ipc_permission);
+        set_to_dummy_if_null(ops, ipc_getsecid);
        set_to_dummy_if_null(ops, msg_msg_alloc_security);
        set_to_dummy_if_null(ops, msg_msg_free_security);
        set_to_dummy_if_null(ops, msg_queue_alloc_security);
@@ -1170,6 +1210,11 @@ void security_fixup_ops (struct security_operations *ops)
        set_to_dummy_if_null(ops, key_free);
        set_to_dummy_if_null(ops, key_permission);
 #endif  /* CONFIG_KEYS */
+#ifdef CONFIG_AUDIT
+        set_to_dummy_if_null(ops, audit_rule_init);
+        set_to_dummy_if_null(ops, audit_rule_known);
+        set_to_dummy_if_null(ops, audit_rule_match);
+        set_to_dummy_if_null(ops, audit_rule_free);
+#endif
 }
author	Linus Torvalds <torvalds@linux-foundation.org>	2008-04-18 21:18:30 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2008-04-18 21:18:30 -0400
commit	3925e6fc1f774048404fdd910b0345b06c699eb4 (patch)
tree	c9a58417d9492f39f7fe81d4721d674c34dd8be2 /security/dummy.c
parent	334d094504c2fe1c44211ecb49146ae6bca8c321 (diff)
parent	7cea51be4e91edad05bd834f3235b45c57783f0d (diff)

diff --git a/security/dummy.c b/security/dummy.c index 480366f9c41d..98d5f969cdc8 100644 --- a/security/dummy.c +++ b/security/dummy.c
@@ -424,6 +424,11 @@ static int dummy_inode_listsecurity(struct inode inode, char buffer, size_t bu
424	return 0;	424	return 0;
425	}	425	}
426		426
		427	static void dummy_inode_getsecid(const struct inode inode, u32 secid)
		428	{
		429	*secid = 0;
		430	}
		431
427	static int dummy_file_permission (struct file *file, int mask)	432	static int dummy_file_permission (struct file *file, int mask)
428	{	433	{
429	return 0;	434	return 0;
@@ -542,7 +547,9 @@ static int dummy_task_getsid (struct task_struct *p)
542	}	547	}
543		548
544	static void dummy_task_getsecid (struct task_struct p, u32 secid)	549	static void dummy_task_getsecid (struct task_struct p, u32 secid)
545	{ }	550	{
		551	*secid = 0;
		552	}
546		553
547	static int dummy_task_setgroups (struct group_info *group_info)	554	static int dummy_task_setgroups (struct group_info *group_info)
548	{	555	{
@@ -616,6 +623,11 @@ static int dummy_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
616	return 0;	623	return 0;
617	}	624	}
618		625
		626	static void dummy_ipc_getsecid(struct kern_ipc_perm ipcp, u32 secid)
		627	{
		628	*secid = 0;
		629	}
		630
619	static int dummy_msg_msg_alloc_security (struct msg_msg *msg)	631	static int dummy_msg_msg_alloc_security (struct msg_msg *msg)
620	{	632	{
621	return 0;	633	return 0;
@@ -983,7 +995,33 @@ static inline int dummy_key_permission(key_ref_t key_ref,
983	}	995	}
984	#endif /* CONFIG_KEYS */	996	#endif /* CONFIG_KEYS */
985		997
986	struct security_operations dummy_security_ops;	998	#ifdef CONFIG_AUDIT
		999	static inline int dummy_audit_rule_init(u32 field, u32 op, char *rulestr,
		1000	void **lsmrule)
		1001	{
		1002	return 0;
		1003	}
		1004
		1005	static inline int dummy_audit_rule_known(struct audit_krule *krule)
		1006	{
		1007	return 0;
		1008	}
		1009
		1010	static inline int dummy_audit_rule_match(u32 secid, u32 field, u32 op,
		1011	void *lsmrule,
		1012	struct audit_context *actx)
		1013	{
		1014	return 0;
		1015	}
		1016
		1017	static inline void dummy_audit_rule_free(void *lsmrule)
		1018	{ }
		1019
		1020	#endif /* CONFIG_AUDIT */
		1021
		1022	struct security_operations dummy_security_ops = {
		1023	.name = "dummy",
		1024	};
987		1025
988	#define set_to_dummy_if_null(ops, function) \	1026	#define set_to_dummy_if_null(ops, function) \
989	do { \	1027	do { \
@@ -1060,6 +1098,7 @@ void security_fixup_ops (struct security_operations *ops)
1060	set_to_dummy_if_null(ops, inode_getsecurity);	1098	set_to_dummy_if_null(ops, inode_getsecurity);
1061	set_to_dummy_if_null(ops, inode_setsecurity);	1099	set_to_dummy_if_null(ops, inode_setsecurity);
1062	set_to_dummy_if_null(ops, inode_listsecurity);	1100	set_to_dummy_if_null(ops, inode_listsecurity);
		1101	set_to_dummy_if_null(ops, inode_getsecid);
1063	set_to_dummy_if_null(ops, file_permission);	1102	set_to_dummy_if_null(ops, file_permission);
1064	set_to_dummy_if_null(ops, file_alloc_security);	1103	set_to_dummy_if_null(ops, file_alloc_security);
1065	set_to_dummy_if_null(ops, file_free_security);	1104	set_to_dummy_if_null(ops, file_free_security);
@@ -1096,6 +1135,7 @@ void security_fixup_ops (struct security_operations *ops)
1096	set_to_dummy_if_null(ops, task_reparent_to_init);	1135	set_to_dummy_if_null(ops, task_reparent_to_init);
1097	set_to_dummy_if_null(ops, task_to_inode);	1136	set_to_dummy_if_null(ops, task_to_inode);
1098	set_to_dummy_if_null(ops, ipc_permission);	1137	set_to_dummy_if_null(ops, ipc_permission);
		1138	set_to_dummy_if_null(ops, ipc_getsecid);
1099	set_to_dummy_if_null(ops, msg_msg_alloc_security);	1139	set_to_dummy_if_null(ops, msg_msg_alloc_security);
1100	set_to_dummy_if_null(ops, msg_msg_free_security);	1140	set_to_dummy_if_null(ops, msg_msg_free_security);
1101	set_to_dummy_if_null(ops, msg_queue_alloc_security);	1141	set_to_dummy_if_null(ops, msg_queue_alloc_security);
@@ -1170,6 +1210,11 @@ void security_fixup_ops (struct security_operations *ops)
1170	set_to_dummy_if_null(ops, key_free);	1210	set_to_dummy_if_null(ops, key_free);
1171	set_to_dummy_if_null(ops, key_permission);	1211	set_to_dummy_if_null(ops, key_permission);
1172	#endif /* CONFIG_KEYS */	1212	#endif /* CONFIG_KEYS */
1173		1213	#ifdef CONFIG_AUDIT
		1214	set_to_dummy_if_null(ops, audit_rule_init);
		1215	set_to_dummy_if_null(ops, audit_rule_known);
		1216	set_to_dummy_if_null(ops, audit_rule_match);
		1217	set_to_dummy_if_null(ops, audit_rule_free);
		1218	#endif
1174	}	1219	}
1175		1220