aboutsummaryrefslogtreecommitdiffstats
path: root/security/security.c
diff options
context:
space:
mode:
authorAndrea Bastoni <bastoni@cs.unc.edu>2010-05-30 19:16:45 -0400
committerAndrea Bastoni <bastoni@cs.unc.edu>2010-05-30 19:16:45 -0400
commitada47b5fe13d89735805b566185f4885f5a3f750 (patch)
tree644b88f8a71896307d71438e9b3af49126ffb22b /security/security.c
parent43e98717ad40a4ae64545b5ba047c7b86aa44f4f (diff)
parent3280f21d43ee541f97f8cda5792150d2dbec20d5 (diff)
Merge branch 'wip-2.6.34' into old-private-masterarchived-private-master
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c108
1 files changed, 79 insertions, 29 deletions
diff --git a/security/security.c b/security/security.c
index c4c673240c1c..687c6fd14bb6 100644
--- a/security/security.c
+++ b/security/security.c
@@ -16,15 +16,19 @@
16#include <linux/init.h> 16#include <linux/init.h>
17#include <linux/kernel.h> 17#include <linux/kernel.h>
18#include <linux/security.h> 18#include <linux/security.h>
19#include <linux/ima.h>
19 20
20/* Boot-time LSM user choice */ 21/* Boot-time LSM user choice */
21static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1]; 22static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
23 CONFIG_DEFAULT_SECURITY;
22 24
23/* things that live in capability.c */ 25/* things that live in capability.c */
24extern struct security_operations default_security_ops;
25extern void security_fixup_ops(struct security_operations *ops); 26extern void security_fixup_ops(struct security_operations *ops);
26 27
27struct security_operations *security_ops; /* Initialized to NULL */ 28static struct security_operations *security_ops;
29static struct security_operations default_security_ops = {
30 .name = "default",
31};
28 32
29static inline int verify(struct security_operations *ops) 33static inline int verify(struct security_operations *ops)
30{ 34{
@@ -61,6 +65,11 @@ int __init security_init(void)
61 return 0; 65 return 0;
62} 66}
63 67
68void reset_security_ops(void)
69{
70 security_ops = &default_security_ops;
71}
72
64/* Save user chosen LSM */ 73/* Save user chosen LSM */
65static int __init choose_lsm(char *str) 74static int __init choose_lsm(char *str)
66{ 75{
@@ -79,8 +88,10 @@ __setup("security=", choose_lsm);
79 * 88 *
80 * Return true if: 89 * Return true if:
81 * -The passed LSM is the one chosen by user at boot time, 90 * -The passed LSM is the one chosen by user at boot time,
82 * -or user didn't specify a specific LSM and we're the first to ask 91 * -or the passed LSM is configured as the default and the user did not
83 * for registration permission, 92 * choose an alternate LSM at boot time,
93 * -or there is no default LSM set and the user didn't specify a
94 * specific LSM and we're the first to ask for registration permission,
84 * -or the passed LSM is currently loaded. 95 * -or the passed LSM is currently loaded.
85 * Otherwise, return false. 96 * Otherwise, return false.
86 */ 97 */
@@ -199,9 +210,9 @@ int security_quota_on(struct dentry *dentry)
199 return security_ops->quota_on(dentry); 210 return security_ops->quota_on(dentry);
200} 211}
201 212
202int security_syslog(int type) 213int security_syslog(int type, bool from_file)
203{ 214{
204 return security_ops->syslog(type); 215 return security_ops->syslog(type, from_file);
205} 216}
206 217
207int security_settime(struct timespec *ts, struct timezone *tz) 218int security_settime(struct timespec *ts, struct timezone *tz)
@@ -235,7 +246,12 @@ int security_bprm_set_creds(struct linux_binprm *bprm)
235 246
236int security_bprm_check(struct linux_binprm *bprm) 247int security_bprm_check(struct linux_binprm *bprm)
237{ 248{
238 return security_ops->bprm_check_security(bprm); 249 int ret;
250
251 ret = security_ops->bprm_check_security(bprm);
252 if (ret)
253 return ret;
254 return ima_bprm_check(bprm);
239} 255}
240 256
241void security_bprm_committing_creds(struct linux_binprm *bprm) 257void security_bprm_committing_creds(struct linux_binprm *bprm)
@@ -352,12 +368,21 @@ EXPORT_SYMBOL(security_sb_parse_opts_str);
352 368
353int security_inode_alloc(struct inode *inode) 369int security_inode_alloc(struct inode *inode)
354{ 370{
371 int ret;
372
355 inode->i_security = NULL; 373 inode->i_security = NULL;
356 return security_ops->inode_alloc_security(inode); 374 ret = security_ops->inode_alloc_security(inode);
375 if (ret)
376 return ret;
377 ret = ima_inode_alloc(inode);
378 if (ret)
379 security_inode_free(inode);
380 return ret;
357} 381}
358 382
359void security_inode_free(struct inode *inode) 383void security_inode_free(struct inode *inode)
360{ 384{
385 ima_inode_free(inode);
361 security_ops->inode_free_security(inode); 386 security_ops->inode_free_security(inode);
362} 387}
363 388
@@ -371,42 +396,42 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
371EXPORT_SYMBOL(security_inode_init_security); 396EXPORT_SYMBOL(security_inode_init_security);
372 397
373#ifdef CONFIG_SECURITY_PATH 398#ifdef CONFIG_SECURITY_PATH
374int security_path_mknod(struct path *path, struct dentry *dentry, int mode, 399int security_path_mknod(struct path *dir, struct dentry *dentry, int mode,
375 unsigned int dev) 400 unsigned int dev)
376{ 401{
377 if (unlikely(IS_PRIVATE(path->dentry->d_inode))) 402 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
378 return 0; 403 return 0;
379 return security_ops->path_mknod(path, dentry, mode, dev); 404 return security_ops->path_mknod(dir, dentry, mode, dev);
380} 405}
381EXPORT_SYMBOL(security_path_mknod); 406EXPORT_SYMBOL(security_path_mknod);
382 407
383int security_path_mkdir(struct path *path, struct dentry *dentry, int mode) 408int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode)
384{ 409{
385 if (unlikely(IS_PRIVATE(path->dentry->d_inode))) 410 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
386 return 0; 411 return 0;
387 return security_ops->path_mkdir(path, dentry, mode); 412 return security_ops->path_mkdir(dir, dentry, mode);
388} 413}
389 414
390int security_path_rmdir(struct path *path, struct dentry *dentry) 415int security_path_rmdir(struct path *dir, struct dentry *dentry)
391{ 416{
392 if (unlikely(IS_PRIVATE(path->dentry->d_inode))) 417 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
393 return 0; 418 return 0;
394 return security_ops->path_rmdir(path, dentry); 419 return security_ops->path_rmdir(dir, dentry);
395} 420}
396 421
397int security_path_unlink(struct path *path, struct dentry *dentry) 422int security_path_unlink(struct path *dir, struct dentry *dentry)
398{ 423{
399 if (unlikely(IS_PRIVATE(path->dentry->d_inode))) 424 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
400 return 0; 425 return 0;
401 return security_ops->path_unlink(path, dentry); 426 return security_ops->path_unlink(dir, dentry);
402} 427}
403 428
404int security_path_symlink(struct path *path, struct dentry *dentry, 429int security_path_symlink(struct path *dir, struct dentry *dentry,
405 const char *old_name) 430 const char *old_name)
406{ 431{
407 if (unlikely(IS_PRIVATE(path->dentry->d_inode))) 432 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
408 return 0; 433 return 0;
409 return security_ops->path_symlink(path, dentry, old_name); 434 return security_ops->path_symlink(dir, dentry, old_name);
410} 435}
411 436
412int security_path_link(struct dentry *old_dentry, struct path *new_dir, 437int security_path_link(struct dentry *old_dentry, struct path *new_dir,
@@ -434,6 +459,26 @@ int security_path_truncate(struct path *path, loff_t length,
434 return 0; 459 return 0;
435 return security_ops->path_truncate(path, length, time_attrs); 460 return security_ops->path_truncate(path, length, time_attrs);
436} 461}
462
463int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
464 mode_t mode)
465{
466 if (unlikely(IS_PRIVATE(dentry->d_inode)))
467 return 0;
468 return security_ops->path_chmod(dentry, mnt, mode);
469}
470
471int security_path_chown(struct path *path, uid_t uid, gid_t gid)
472{
473 if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
474 return 0;
475 return security_ops->path_chown(path, uid, gid);
476}
477
478int security_path_chroot(struct path *path)
479{
480 return security_ops->path_chroot(path);
481}
437#endif 482#endif
438 483
439int security_inode_create(struct inode *dir, struct dentry *dentry, int mode) 484int security_inode_create(struct inode *dir, struct dentry *dentry, int mode)
@@ -592,14 +637,14 @@ int security_inode_killpriv(struct dentry *dentry)
592int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc) 637int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
593{ 638{
594 if (unlikely(IS_PRIVATE(inode))) 639 if (unlikely(IS_PRIVATE(inode)))
595 return 0; 640 return -EOPNOTSUPP;
596 return security_ops->inode_getsecurity(inode, name, buffer, alloc); 641 return security_ops->inode_getsecurity(inode, name, buffer, alloc);
597} 642}
598 643
599int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) 644int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
600{ 645{
601 if (unlikely(IS_PRIVATE(inode))) 646 if (unlikely(IS_PRIVATE(inode)))
602 return 0; 647 return -EOPNOTSUPP;
603 return security_ops->inode_setsecurity(inode, name, value, size, flags); 648 return security_ops->inode_setsecurity(inode, name, value, size, flags);
604} 649}
605 650
@@ -639,7 +684,12 @@ int security_file_mmap(struct file *file, unsigned long reqprot,
639 unsigned long prot, unsigned long flags, 684 unsigned long prot, unsigned long flags,
640 unsigned long addr, unsigned long addr_only) 685 unsigned long addr, unsigned long addr_only)
641{ 686{
642 return security_ops->file_mmap(file, reqprot, prot, flags, addr, addr_only); 687 int ret;
688
689 ret = security_ops->file_mmap(file, reqprot, prot, flags, addr, addr_only);
690 if (ret)
691 return ret;
692 return ima_file_mmap(file, prot);
643} 693}
644 694
645int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, 695int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
@@ -719,9 +769,9 @@ int security_kernel_create_files_as(struct cred *new, struct inode *inode)
719 return security_ops->kernel_create_files_as(new, inode); 769 return security_ops->kernel_create_files_as(new, inode);
720} 770}
721 771
722int security_kernel_module_request(void) 772int security_kernel_module_request(char *kmod_name)
723{ 773{
724 return security_ops->kernel_module_request(); 774 return security_ops->kernel_module_request(kmod_name);
725} 775}
726 776
727int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) 777int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
generated by cgit v1.2.2 (git 2.25.0) at 2025-07-05 04:31:52 -0400