diff options
| author | David Woodhouse <David.Woodhouse@intel.com> | 2008-07-25 10:40:14 -0400 |
|---|---|---|
| committer | David Woodhouse <David.Woodhouse@intel.com> | 2008-07-25 10:40:14 -0400 |
| commit | ff877ea80efa2015b6263766f78ee42c2a1b32f9 (patch) | |
| tree | 85205005c611ab774702148558321c6fb92f1ccd /security/security.c | |
| parent | 30821fee4f0cb3e6d241d9f7ddc37742212e3eb7 (diff) | |
| parent | d37e6bf68fc1eb34a4ad21d9ae8890ed37ea80e7 (diff) | |
Merge branch 'linux-next' of git://git.infradead.org/~dedekind/ubi-2.6
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 66 |
1 files changed, 16 insertions, 50 deletions
diff --git a/security/security.c b/security/security.c index 59838a99b80e..59f23b5918b3 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -20,8 +20,8 @@ | |||
| 20 | /* Boot-time LSM user choice */ | 20 | /* Boot-time LSM user choice */ |
| 21 | static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1]; | 21 | static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1]; |
| 22 | 22 | ||
| 23 | /* things that live in dummy.c */ | 23 | /* things that live in capability.c */ |
| 24 | extern struct security_operations dummy_security_ops; | 24 | extern struct security_operations default_security_ops; |
| 25 | extern void security_fixup_ops(struct security_operations *ops); | 25 | extern void security_fixup_ops(struct security_operations *ops); |
| 26 | 26 | ||
| 27 | struct security_operations *security_ops; /* Initialized to NULL */ | 27 | struct security_operations *security_ops; /* Initialized to NULL */ |
| @@ -57,13 +57,8 @@ int __init security_init(void) | |||
| 57 | { | 57 | { |
| 58 | printk(KERN_INFO "Security Framework initialized\n"); | 58 | printk(KERN_INFO "Security Framework initialized\n"); |
| 59 | 59 | ||
| 60 | if (verify(&dummy_security_ops)) { | 60 | security_fixup_ops(&default_security_ops); |
| 61 | printk(KERN_ERR "%s could not verify " | 61 | security_ops = &default_security_ops; |
| 62 | "dummy_security_ops structure.\n", __func__); | ||
| 63 | return -EIO; | ||
| 64 | } | ||
| 65 | |||
| 66 | security_ops = &dummy_security_ops; | ||
| 67 | do_security_initcalls(); | 62 | do_security_initcalls(); |
| 68 | 63 | ||
| 69 | return 0; | 64 | return 0; |
| @@ -122,7 +117,7 @@ int register_security(struct security_operations *ops) | |||
| 122 | return -EINVAL; | 117 | return -EINVAL; |
| 123 | } | 118 | } |
| 124 | 119 | ||
| 125 | if (security_ops != &dummy_security_ops) | 120 | if (security_ops != &default_security_ops) |
| 126 | return -EAGAIN; | 121 | return -EAGAIN; |
| 127 | 122 | ||
| 128 | security_ops = ops; | 123 | security_ops = ops; |
| @@ -130,40 +125,12 @@ int register_security(struct security_operations *ops) | |||
| 130 | return 0; | 125 | return 0; |
| 131 | } | 126 | } |
| 132 | 127 | ||
| 133 | /** | ||
| 134 | * mod_reg_security - allows security modules to be "stacked" | ||
| 135 | * @name: a pointer to a string with the name of the security_options to be registered | ||
| 136 | * @ops: a pointer to the struct security_options that is to be registered | ||
| 137 | * | ||
| 138 | * This function allows security modules to be stacked if the currently loaded | ||
| 139 | * security module allows this to happen. It passes the @name and @ops to the | ||
| 140 | * register_security function of the currently loaded security module. | ||
| 141 | * | ||
| 142 | * The return value depends on the currently loaded security module, with 0 as | ||
| 143 | * success. | ||
| 144 | */ | ||
| 145 | int mod_reg_security(const char *name, struct security_operations *ops) | ||
| 146 | { | ||
| 147 | if (verify(ops)) { | ||
| 148 | printk(KERN_INFO "%s could not verify " | ||
| 149 | "security operations.\n", __func__); | ||
| 150 | return -EINVAL; | ||
| 151 | } | ||
| 152 | |||
| 153 | if (ops == security_ops) { | ||
| 154 | printk(KERN_INFO "%s security operations " | ||
| 155 | "already registered.\n", __func__); | ||
| 156 | return -EINVAL; | ||
| 157 | } | ||
| 158 | |||
| 159 | return security_ops->register_security(name, ops); | ||
| 160 | } | ||
| 161 | |||
| 162 | /* Security operations */ | 128 | /* Security operations */ |
| 163 | 129 | ||
| 164 | int security_ptrace(struct task_struct *parent, struct task_struct *child) | 130 | int security_ptrace(struct task_struct *parent, struct task_struct *child, |
| 131 | unsigned int mode) | ||
| 165 | { | 132 | { |
| 166 | return security_ops->ptrace(parent, child); | 133 | return security_ops->ptrace(parent, child, mode); |
| 167 | } | 134 | } |
| 168 | 135 | ||
| 169 | int security_capget(struct task_struct *target, | 136 | int security_capget(struct task_struct *target, |
| @@ -291,6 +258,11 @@ int security_sb_kern_mount(struct super_block *sb, void *data) | |||
| 291 | return security_ops->sb_kern_mount(sb, data); | 258 | return security_ops->sb_kern_mount(sb, data); |
| 292 | } | 259 | } |
| 293 | 260 | ||
| 261 | int security_sb_show_options(struct seq_file *m, struct super_block *sb) | ||
| 262 | { | ||
| 263 | return security_ops->sb_show_options(m, sb); | ||
| 264 | } | ||
| 265 | |||
| 294 | int security_sb_statfs(struct dentry *dentry) | 266 | int security_sb_statfs(struct dentry *dentry) |
| 295 | { | 267 | { |
| 296 | return security_ops->sb_statfs(dentry); | 268 | return security_ops->sb_statfs(dentry); |
| @@ -342,12 +314,6 @@ void security_sb_post_pivotroot(struct path *old_path, struct path *new_path) | |||
| 342 | security_ops->sb_post_pivotroot(old_path, new_path); | 314 | security_ops->sb_post_pivotroot(old_path, new_path); |
| 343 | } | 315 | } |
| 344 | 316 | ||
| 345 | int security_sb_get_mnt_opts(const struct super_block *sb, | ||
| 346 | struct security_mnt_opts *opts) | ||
| 347 | { | ||
| 348 | return security_ops->sb_get_mnt_opts(sb, opts); | ||
| 349 | } | ||
| 350 | |||
| 351 | int security_sb_set_mnt_opts(struct super_block *sb, | 317 | int security_sb_set_mnt_opts(struct super_block *sb, |
| 352 | struct security_mnt_opts *opts) | 318 | struct security_mnt_opts *opts) |
| 353 | { | 319 | { |
| @@ -894,7 +860,7 @@ EXPORT_SYMBOL(security_secctx_to_secid); | |||
| 894 | 860 | ||
| 895 | void security_release_secctx(char *secdata, u32 seclen) | 861 | void security_release_secctx(char *secdata, u32 seclen) |
| 896 | { | 862 | { |
| 897 | return security_ops->release_secctx(secdata, seclen); | 863 | security_ops->release_secctx(secdata, seclen); |
| 898 | } | 864 | } |
| 899 | EXPORT_SYMBOL(security_release_secctx); | 865 | EXPORT_SYMBOL(security_release_secctx); |
| 900 | 866 | ||
| @@ -1011,12 +977,12 @@ int security_sk_alloc(struct sock *sk, int family, gfp_t priority) | |||
| 1011 | 977 | ||
| 1012 | void security_sk_free(struct sock *sk) | 978 | void security_sk_free(struct sock *sk) |
| 1013 | { | 979 | { |
| 1014 | return security_ops->sk_free_security(sk); | 980 | security_ops->sk_free_security(sk); |
| 1015 | } | 981 | } |
| 1016 | 982 | ||
| 1017 | void security_sk_clone(const struct sock *sk, struct sock *newsk) | 983 | void security_sk_clone(const struct sock *sk, struct sock *newsk) |
| 1018 | { | 984 | { |
| 1019 | return security_ops->sk_clone_security(sk, newsk); | 985 | security_ops->sk_clone_security(sk, newsk); |
| 1020 | } | 986 | } |
| 1021 | 987 | ||
| 1022 | void security_sk_classify_flow(struct sock *sk, struct flowi *fl) | 988 | void security_sk_classify_flow(struct sock *sk, struct flowi *fl) |