diff options
| author | Grant Likely <grant.likely@secretlab.ca> | 2010-12-30 00:20:30 -0500 |
|---|---|---|
| committer | Grant Likely <grant.likely@secretlab.ca> | 2010-12-30 00:21:47 -0500 |
| commit | d392da5207352f09030e95d9ea335a4225667ec0 (patch) | |
| tree | 7d6cd1932afcad0a5619a5c504a6d93ca318187c /security/security.c | |
| parent | e39d5ef678045d61812c1401f04fe8edb14d6359 (diff) | |
| parent | 387c31c7e5c9805b0aef8833d1731a5fe7bdea14 (diff) | |
Merge v2.6.37-rc8 into powerpc/next
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 70 |
1 files changed, 42 insertions, 28 deletions
diff --git a/security/security.c b/security/security.c index e8c87b8601b4..1b798d3df710 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -89,20 +89,12 @@ __setup("security=", choose_lsm); | |||
| 89 | * Return true if: | 89 | * Return true if: |
| 90 | * -The passed LSM is the one chosen by user at boot time, | 90 | * -The passed LSM is the one chosen by user at boot time, |
| 91 | * -or the passed LSM is configured as the default and the user did not | 91 | * -or the passed LSM is configured as the default and the user did not |
| 92 | * choose an alternate LSM at boot time, | 92 | * choose an alternate LSM at boot time. |
| 93 | * -or there is no default LSM set and the user didn't specify a | ||
| 94 | * specific LSM and we're the first to ask for registration permission, | ||
| 95 | * -or the passed LSM is currently loaded. | ||
| 96 | * Otherwise, return false. | 93 | * Otherwise, return false. |
| 97 | */ | 94 | */ |
| 98 | int __init security_module_enable(struct security_operations *ops) | 95 | int __init security_module_enable(struct security_operations *ops) |
| 99 | { | 96 | { |
| 100 | if (!*chosen_lsm) | 97 | return !strcmp(ops->name, chosen_lsm); |
| 101 | strncpy(chosen_lsm, ops->name, SECURITY_NAME_MAX); | ||
| 102 | else if (strncmp(ops->name, chosen_lsm, SECURITY_NAME_MAX)) | ||
| 103 | return 0; | ||
| 104 | |||
| 105 | return 1; | ||
| 106 | } | 98 | } |
| 107 | 99 | ||
| 108 | /** | 100 | /** |
| @@ -205,9 +197,9 @@ int security_quota_on(struct dentry *dentry) | |||
| 205 | return security_ops->quota_on(dentry); | 197 | return security_ops->quota_on(dentry); |
| 206 | } | 198 | } |
| 207 | 199 | ||
| 208 | int security_syslog(int type, bool from_file) | 200 | int security_syslog(int type) |
| 209 | { | 201 | { |
| 210 | return security_ops->syslog(type, from_file); | 202 | return security_ops->syslog(type); |
| 211 | } | 203 | } |
| 212 | 204 | ||
| 213 | int security_settime(struct timespec *ts, struct timezone *tz) | 205 | int security_settime(struct timespec *ts, struct timezone *tz) |
| @@ -333,16 +325,8 @@ EXPORT_SYMBOL(security_sb_parse_opts_str); | |||
| 333 | 325 | ||
| 334 | int security_inode_alloc(struct inode *inode) | 326 | int security_inode_alloc(struct inode *inode) |
| 335 | { | 327 | { |
| 336 | int ret; | ||
| 337 | |||
| 338 | inode->i_security = NULL; | 328 | inode->i_security = NULL; |
| 339 | ret = security_ops->inode_alloc_security(inode); | 329 | return security_ops->inode_alloc_security(inode); |
| 340 | if (ret) | ||
| 341 | return ret; | ||
| 342 | ret = ima_inode_alloc(inode); | ||
| 343 | if (ret) | ||
| 344 | security_inode_free(inode); | ||
| 345 | return ret; | ||
| 346 | } | 330 | } |
| 347 | 331 | ||
| 348 | void security_inode_free(struct inode *inode) | 332 | void security_inode_free(struct inode *inode) |
| @@ -619,7 +603,13 @@ void security_inode_getsecid(const struct inode *inode, u32 *secid) | |||
| 619 | 603 | ||
| 620 | int security_file_permission(struct file *file, int mask) | 604 | int security_file_permission(struct file *file, int mask) |
| 621 | { | 605 | { |
| 622 | return security_ops->file_permission(file, mask); | 606 | int ret; |
| 607 | |||
| 608 | ret = security_ops->file_permission(file, mask); | ||
| 609 | if (ret) | ||
| 610 | return ret; | ||
| 611 | |||
| 612 | return fsnotify_perm(file, mask); | ||
| 623 | } | 613 | } |
| 624 | 614 | ||
| 625 | int security_file_alloc(struct file *file) | 615 | int security_file_alloc(struct file *file) |
| @@ -683,7 +673,13 @@ int security_file_receive(struct file *file) | |||
| 683 | 673 | ||
| 684 | int security_dentry_open(struct file *file, const struct cred *cred) | 674 | int security_dentry_open(struct file *file, const struct cred *cred) |
| 685 | { | 675 | { |
| 686 | return security_ops->dentry_open(file, cred); | 676 | int ret; |
| 677 | |||
| 678 | ret = security_ops->dentry_open(file, cred); | ||
| 679 | if (ret) | ||
| 680 | return ret; | ||
| 681 | |||
| 682 | return fsnotify_perm(file, MAY_OPEN); | ||
| 687 | } | 683 | } |
| 688 | 684 | ||
| 689 | int security_task_create(unsigned long clone_flags) | 685 | int security_task_create(unsigned long clone_flags) |
| @@ -768,15 +764,15 @@ int security_task_getioprio(struct task_struct *p) | |||
| 768 | return security_ops->task_getioprio(p); | 764 | return security_ops->task_getioprio(p); |
| 769 | } | 765 | } |
| 770 | 766 | ||
| 771 | int security_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) | 767 | int security_task_setrlimit(struct task_struct *p, unsigned int resource, |
| 768 | struct rlimit *new_rlim) | ||
| 772 | { | 769 | { |
| 773 | return security_ops->task_setrlimit(resource, new_rlim); | 770 | return security_ops->task_setrlimit(p, resource, new_rlim); |
| 774 | } | 771 | } |
| 775 | 772 | ||
| 776 | int security_task_setscheduler(struct task_struct *p, | 773 | int security_task_setscheduler(struct task_struct *p) |
| 777 | int policy, struct sched_param *lp) | ||
| 778 | { | 774 | { |
| 779 | return security_ops->task_setscheduler(p, policy, lp); | 775 | return security_ops->task_setscheduler(p); |
| 780 | } | 776 | } |
| 781 | 777 | ||
| 782 | int security_task_getscheduler(struct task_struct *p) | 778 | int security_task_getscheduler(struct task_struct *p) |
| @@ -1132,6 +1128,24 @@ void security_inet_conn_established(struct sock *sk, | |||
| 1132 | security_ops->inet_conn_established(sk, skb); | 1128 | security_ops->inet_conn_established(sk, skb); |
| 1133 | } | 1129 | } |
| 1134 | 1130 | ||
| 1131 | int security_secmark_relabel_packet(u32 secid) | ||
| 1132 | { | ||
| 1133 | return security_ops->secmark_relabel_packet(secid); | ||
| 1134 | } | ||
| 1135 | EXPORT_SYMBOL(security_secmark_relabel_packet); | ||
| 1136 | |||
| 1137 | void security_secmark_refcount_inc(void) | ||
| 1138 | { | ||
| 1139 | security_ops->secmark_refcount_inc(); | ||
| 1140 | } | ||
| 1141 | EXPORT_SYMBOL(security_secmark_refcount_inc); | ||
| 1142 | |||
| 1143 | void security_secmark_refcount_dec(void) | ||
| 1144 | { | ||
| 1145 | security_ops->secmark_refcount_dec(); | ||
| 1146 | } | ||
| 1147 | EXPORT_SYMBOL(security_secmark_refcount_dec); | ||
| 1148 | |||
| 1135 | int security_tun_dev_create(void) | 1149 | int security_tun_dev_create(void) |
| 1136 | { | 1150 | { |
| 1137 | return security_ops->tun_dev_create(); | 1151 | return security_ops->tun_dev_create(); |