diff options
-rw-r--r-- | drivers/char/tpm/Kconfig | 1 | ||||
-rw-r--r-- | include/linux/security.h | 54 | ||||
-rw-r--r-- | security/Kconfig | 8 | ||||
-rw-r--r-- | security/Makefile | 3 |
4 files changed, 41 insertions, 25 deletions
diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig index 3738cfa209ff..f5fc64f89c5c 100644 --- a/drivers/char/tpm/Kconfig +++ b/drivers/char/tpm/Kconfig | |||
@@ -6,6 +6,7 @@ menuconfig TCG_TPM | |||
6 | tristate "TPM Hardware Support" | 6 | tristate "TPM Hardware Support" |
7 | depends on HAS_IOMEM | 7 | depends on HAS_IOMEM |
8 | depends on EXPERIMENTAL | 8 | depends on EXPERIMENTAL |
9 | select SECURITYFS | ||
9 | ---help--- | 10 | ---help--- |
10 | If you have a TPM security chip in your system, which | 11 | If you have a TPM security chip in your system, which |
11 | implements the Trusted Computing Group's specification, | 12 | implements the Trusted Computing Group's specification, |
diff --git a/include/linux/security.h b/include/linux/security.h index 80c4d002864c..f5c4a51eb42e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -1560,11 +1560,6 @@ struct security_operations { | |||
1560 | extern int security_init(void); | 1560 | extern int security_init(void); |
1561 | extern int security_module_enable(struct security_operations *ops); | 1561 | extern int security_module_enable(struct security_operations *ops); |
1562 | extern int register_security(struct security_operations *ops); | 1562 | extern int register_security(struct security_operations *ops); |
1563 | extern struct dentry *securityfs_create_file(const char *name, mode_t mode, | ||
1564 | struct dentry *parent, void *data, | ||
1565 | const struct file_operations *fops); | ||
1566 | extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent); | ||
1567 | extern void securityfs_remove(struct dentry *dentry); | ||
1568 | 1563 | ||
1569 | /* Security operations */ | 1564 | /* Security operations */ |
1570 | int security_ptrace_may_access(struct task_struct *child, unsigned int mode); | 1565 | int security_ptrace_may_access(struct task_struct *child, unsigned int mode); |
@@ -2424,25 +2419,6 @@ static inline int security_netlink_recv(struct sk_buff *skb, int cap) | |||
2424 | return cap_netlink_recv(skb, cap); | 2419 | return cap_netlink_recv(skb, cap); |
2425 | } | 2420 | } |
2426 | 2421 | ||
2427 | static inline struct dentry *securityfs_create_dir(const char *name, | ||
2428 | struct dentry *parent) | ||
2429 | { | ||
2430 | return ERR_PTR(-ENODEV); | ||
2431 | } | ||
2432 | |||
2433 | static inline struct dentry *securityfs_create_file(const char *name, | ||
2434 | mode_t mode, | ||
2435 | struct dentry *parent, | ||
2436 | void *data, | ||
2437 | const struct file_operations *fops) | ||
2438 | { | ||
2439 | return ERR_PTR(-ENODEV); | ||
2440 | } | ||
2441 | |||
2442 | static inline void securityfs_remove(struct dentry *dentry) | ||
2443 | { | ||
2444 | } | ||
2445 | |||
2446 | static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) | 2422 | static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) |
2447 | { | 2423 | { |
2448 | return -EOPNOTSUPP; | 2424 | return -EOPNOTSUPP; |
@@ -2806,5 +2782,35 @@ static inline void security_audit_rule_free(void *lsmrule) | |||
2806 | #endif /* CONFIG_SECURITY */ | 2782 | #endif /* CONFIG_SECURITY */ |
2807 | #endif /* CONFIG_AUDIT */ | 2783 | #endif /* CONFIG_AUDIT */ |
2808 | 2784 | ||
2785 | #ifdef CONFIG_SECURITYFS | ||
2786 | |||
2787 | extern struct dentry *securityfs_create_file(const char *name, mode_t mode, | ||
2788 | struct dentry *parent, void *data, | ||
2789 | const struct file_operations *fops); | ||
2790 | extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent); | ||
2791 | extern void securityfs_remove(struct dentry *dentry); | ||
2792 | |||
2793 | #else /* CONFIG_SECURITYFS */ | ||
2794 | |||
2795 | static inline struct dentry *securityfs_create_dir(const char *name, | ||
2796 | struct dentry *parent) | ||
2797 | { | ||
2798 | return ERR_PTR(-ENODEV); | ||
2799 | } | ||
2800 | |||
2801 | static inline struct dentry *securityfs_create_file(const char *name, | ||
2802 | mode_t mode, | ||
2803 | struct dentry *parent, | ||
2804 | void *data, | ||
2805 | const struct file_operations *fops) | ||
2806 | { | ||
2807 | return ERR_PTR(-ENODEV); | ||
2808 | } | ||
2809 | |||
2810 | static inline void securityfs_remove(struct dentry *dentry) | ||
2811 | {} | ||
2812 | |||
2813 | #endif | ||
2814 | |||
2809 | #endif /* ! __LINUX_SECURITY_H */ | 2815 | #endif /* ! __LINUX_SECURITY_H */ |
2810 | 2816 | ||
diff --git a/security/Kconfig b/security/Kconfig index 559293922a47..d9f47ce7e207 100644 --- a/security/Kconfig +++ b/security/Kconfig | |||
@@ -51,6 +51,14 @@ config SECURITY | |||
51 | 51 | ||
52 | If you are unsure how to answer this question, answer N. | 52 | If you are unsure how to answer this question, answer N. |
53 | 53 | ||
54 | config SECURITYFS | ||
55 | bool "Enable the securityfs filesystem" | ||
56 | help | ||
57 | This will build the securityfs filesystem. It is currently used by | ||
58 | the TPM bios character driver. It is not used by SELinux or SMACK. | ||
59 | |||
60 | If you are unsure how to answer this question, answer N. | ||
61 | |||
54 | config SECURITY_NETWORK | 62 | config SECURITY_NETWORK |
55 | bool "Socket and Networking Security Hooks" | 63 | bool "Socket and Networking Security Hooks" |
56 | depends on SECURITY | 64 | depends on SECURITY |
diff --git a/security/Makefile b/security/Makefile index f65426099aa6..c05c127fff9a 100644 --- a/security/Makefile +++ b/security/Makefile | |||
@@ -10,7 +10,8 @@ subdir-$(CONFIG_SECURITY_SMACK) += smack | |||
10 | obj-y += commoncap.o | 10 | obj-y += commoncap.o |
11 | 11 | ||
12 | # Object file lists | 12 | # Object file lists |
13 | obj-$(CONFIG_SECURITY) += security.o capability.o inode.o | 13 | obj-$(CONFIG_SECURITY) += security.o capability.o |
14 | obj-$(CONFIG_SECURITYFS) += inode.o | ||
14 | # Must precede capability.o in order to stack properly. | 15 | # Must precede capability.o in order to stack properly. |
15 | obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o | 16 | obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o |
16 | obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o | 17 | obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o |