aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--drivers/char/tpm/Kconfig1
-rw-r--r--include/linux/security.h54
-rw-r--r--security/Kconfig8
-rw-r--r--security/Makefile3
4 files changed, 41 insertions, 25 deletions
diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
index 3738cfa209ff..f5fc64f89c5c 100644
--- a/drivers/char/tpm/Kconfig
+++ b/drivers/char/tpm/Kconfig
@@ -6,6 +6,7 @@ menuconfig TCG_TPM
6 tristate "TPM Hardware Support" 6 tristate "TPM Hardware Support"
7 depends on HAS_IOMEM 7 depends on HAS_IOMEM
8 depends on EXPERIMENTAL 8 depends on EXPERIMENTAL
9 select SECURITYFS
9 ---help--- 10 ---help---
10 If you have a TPM security chip in your system, which 11 If you have a TPM security chip in your system, which
11 implements the Trusted Computing Group's specification, 12 implements the Trusted Computing Group's specification,
diff --git a/include/linux/security.h b/include/linux/security.h
index 80c4d002864c..f5c4a51eb42e 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1560,11 +1560,6 @@ struct security_operations {
1560extern int security_init(void); 1560extern int security_init(void);
1561extern int security_module_enable(struct security_operations *ops); 1561extern int security_module_enable(struct security_operations *ops);
1562extern int register_security(struct security_operations *ops); 1562extern int register_security(struct security_operations *ops);
1563extern struct dentry *securityfs_create_file(const char *name, mode_t mode,
1564 struct dentry *parent, void *data,
1565 const struct file_operations *fops);
1566extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
1567extern void securityfs_remove(struct dentry *dentry);
1568 1563
1569/* Security operations */ 1564/* Security operations */
1570int security_ptrace_may_access(struct task_struct *child, unsigned int mode); 1565int security_ptrace_may_access(struct task_struct *child, unsigned int mode);
@@ -2424,25 +2419,6 @@ static inline int security_netlink_recv(struct sk_buff *skb, int cap)
2424 return cap_netlink_recv(skb, cap); 2419 return cap_netlink_recv(skb, cap);
2425} 2420}
2426 2421
2427static inline struct dentry *securityfs_create_dir(const char *name,
2428 struct dentry *parent)
2429{
2430 return ERR_PTR(-ENODEV);
2431}
2432
2433static inline struct dentry *securityfs_create_file(const char *name,
2434 mode_t mode,
2435 struct dentry *parent,
2436 void *data,
2437 const struct file_operations *fops)
2438{
2439 return ERR_PTR(-ENODEV);
2440}
2441
2442static inline void securityfs_remove(struct dentry *dentry)
2443{
2444}
2445
2446static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 2422static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
2447{ 2423{
2448 return -EOPNOTSUPP; 2424 return -EOPNOTSUPP;
@@ -2806,5 +2782,35 @@ static inline void security_audit_rule_free(void *lsmrule)
2806#endif /* CONFIG_SECURITY */ 2782#endif /* CONFIG_SECURITY */
2807#endif /* CONFIG_AUDIT */ 2783#endif /* CONFIG_AUDIT */
2808 2784
2785#ifdef CONFIG_SECURITYFS
2786
2787extern struct dentry *securityfs_create_file(const char *name, mode_t mode,
2788 struct dentry *parent, void *data,
2789 const struct file_operations *fops);
2790extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
2791extern void securityfs_remove(struct dentry *dentry);
2792
2793#else /* CONFIG_SECURITYFS */
2794
2795static inline struct dentry *securityfs_create_dir(const char *name,
2796 struct dentry *parent)
2797{
2798 return ERR_PTR(-ENODEV);
2799}
2800
2801static inline struct dentry *securityfs_create_file(const char *name,
2802 mode_t mode,
2803 struct dentry *parent,
2804 void *data,
2805 const struct file_operations *fops)
2806{
2807 return ERR_PTR(-ENODEV);
2808}
2809
2810static inline void securityfs_remove(struct dentry *dentry)
2811{}
2812
2813#endif
2814
2809#endif /* ! __LINUX_SECURITY_H */ 2815#endif /* ! __LINUX_SECURITY_H */
2810 2816
diff --git a/security/Kconfig b/security/Kconfig
index 559293922a47..d9f47ce7e207 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -51,6 +51,14 @@ config SECURITY
51 51
52 If you are unsure how to answer this question, answer N. 52 If you are unsure how to answer this question, answer N.
53 53
54config SECURITYFS
55 bool "Enable the securityfs filesystem"
56 help
57 This will build the securityfs filesystem. It is currently used by
58 the TPM bios character driver. It is not used by SELinux or SMACK.
59
60 If you are unsure how to answer this question, answer N.
61
54config SECURITY_NETWORK 62config SECURITY_NETWORK
55 bool "Socket and Networking Security Hooks" 63 bool "Socket and Networking Security Hooks"
56 depends on SECURITY 64 depends on SECURITY
diff --git a/security/Makefile b/security/Makefile
index f65426099aa6..c05c127fff9a 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -10,7 +10,8 @@ subdir-$(CONFIG_SECURITY_SMACK) += smack
10obj-y += commoncap.o 10obj-y += commoncap.o
11 11
12# Object file lists 12# Object file lists
13obj-$(CONFIG_SECURITY) += security.o capability.o inode.o 13obj-$(CONFIG_SECURITY) += security.o capability.o
14obj-$(CONFIG_SECURITYFS) += inode.o
14# Must precede capability.o in order to stack properly. 15# Must precede capability.o in order to stack properly.
15obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o 16obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
16obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o 17obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o