aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/security.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h82
1 files changed, 39 insertions, 43 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 83c18e8c846d..673afbb8238a 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -22,22 +22,36 @@
22#ifndef __LINUX_SECURITY_H 22#ifndef __LINUX_SECURITY_H
23#define __LINUX_SECURITY_H 23#define __LINUX_SECURITY_H
24 24
25#include <linux/fs.h>
26#include <linux/fsnotify.h>
27#include <linux/binfmts.h>
28#include <linux/dcache.h>
29#include <linux/signal.h>
30#include <linux/resource.h>
31#include <linux/sem.h>
32#include <linux/shm.h>
33#include <linux/mm.h> /* PAGE_ALIGN */
34#include <linux/msg.h>
35#include <linux/sched.h>
36#include <linux/key.h> 25#include <linux/key.h>
37#include <linux/xfrm.h> 26#include <linux/capability.h>
38#include <linux/slab.h> 27#include <linux/slab.h>
39#include <linux/xattr.h> 28#include <linux/err.h>
40#include <net/flow.h> 29
30struct linux_binprm;
31struct cred;
32struct rlimit;
33struct siginfo;
34struct sem_array;
35struct sembuf;
36struct kern_ipc_perm;
37struct audit_context;
38struct super_block;
39struct inode;
40struct dentry;
41struct file;
42struct vfsmount;
43struct path;
44struct qstr;
45struct nameidata;
46struct iattr;
47struct fown_struct;
48struct file_operations;
49struct shmid_kernel;
50struct msg_msg;
51struct msg_queue;
52struct xattr;
53struct xfrm_sec_ctx;
54struct mm_struct;
41 55
42/* Maximum number of letters for an LSM name string */ 56/* Maximum number of letters for an LSM name string */
43#define SECURITY_NAME_MAX 10 57#define SECURITY_NAME_MAX 10
@@ -49,6 +63,7 @@
49struct ctl_table; 63struct ctl_table;
50struct audit_krule; 64struct audit_krule;
51struct user_namespace; 65struct user_namespace;
66struct timezone;
52 67
53/* 68/*
54 * These functions are in security/capability.c and are used 69 * These functions are in security/capability.c and are used
@@ -131,18 +146,6 @@ struct request_sock;
131#define LSM_UNSAFE_PTRACE_CAP 4 146#define LSM_UNSAFE_PTRACE_CAP 4
132 147
133#ifdef CONFIG_MMU 148#ifdef CONFIG_MMU
134/*
135 * If a hint addr is less than mmap_min_addr change hint to be as
136 * low as possible but still greater than mmap_min_addr
137 */
138static inline unsigned long round_hint_to_min(unsigned long hint)
139{
140 hint &= PAGE_MASK;
141 if (((void *)hint != NULL) &&
142 (hint < mmap_min_addr))
143 return PAGE_ALIGN(mmap_min_addr);
144 return hint;
145}
146extern int mmap_min_addr_handler(struct ctl_table *table, int write, 149extern int mmap_min_addr_handler(struct ctl_table *table, int write,
147 void __user *buffer, size_t *lenp, loff_t *ppos); 150 void __user *buffer, size_t *lenp, loff_t *ppos);
148#endif 151#endif
@@ -651,6 +654,10 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
651 * manual page for definitions of the @clone_flags. 654 * manual page for definitions of the @clone_flags.
652 * @clone_flags contains the flags indicating what should be shared. 655 * @clone_flags contains the flags indicating what should be shared.
653 * Return 0 if permission is granted. 656 * Return 0 if permission is granted.
657 * @task_free:
658 * @task task being freed
659 * Handle release of task-related resources. (Note that this can be called
660 * from interrupt context.)
654 * @cred_alloc_blank: 661 * @cred_alloc_blank:
655 * @cred points to the credentials. 662 * @cred points to the credentials.
656 * @gfp indicates the atomicity of any memory allocations. 663 * @gfp indicates the atomicity of any memory allocations.
@@ -812,7 +819,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
812 * Check permissions before connecting or sending datagrams from @sock to 819 * Check permissions before connecting or sending datagrams from @sock to
813 * @other. 820 * @other.
814 * @sock contains the socket structure. 821 * @sock contains the socket structure.
815 * @sock contains the peer socket structure. 822 * @other contains the peer socket structure.
816 * Return 0 if permission is granted. 823 * Return 0 if permission is granted.
817 * 824 *
818 * The @unix_stream_connect and @unix_may_send hooks were necessary because 825 * The @unix_stream_connect and @unix_may_send hooks were necessary because
@@ -1493,6 +1500,7 @@ struct security_operations {
1493 int (*dentry_open) (struct file *file, const struct cred *cred); 1500 int (*dentry_open) (struct file *file, const struct cred *cred);
1494 1501
1495 int (*task_create) (unsigned long clone_flags); 1502 int (*task_create) (unsigned long clone_flags);
1503 void (*task_free) (struct task_struct *task);
1496 int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp); 1504 int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp);
1497 void (*cred_free) (struct cred *cred); 1505 void (*cred_free) (struct cred *cred);
1498 int (*cred_prepare)(struct cred *new, const struct cred *old, 1506 int (*cred_prepare)(struct cred *new, const struct cred *old,
@@ -1674,9 +1682,7 @@ int security_quotactl(int cmds, int type, int id, struct super_block *sb);
1674int security_quota_on(struct dentry *dentry); 1682int security_quota_on(struct dentry *dentry);
1675int security_syslog(int type); 1683int security_syslog(int type);
1676int security_settime(const struct timespec *ts, const struct timezone *tz); 1684int security_settime(const struct timespec *ts, const struct timezone *tz);
1677int security_vm_enough_memory(long pages);
1678int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); 1685int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
1679int security_vm_enough_memory_kern(long pages);
1680int security_bprm_set_creds(struct linux_binprm *bprm); 1686int security_bprm_set_creds(struct linux_binprm *bprm);
1681int security_bprm_check(struct linux_binprm *bprm); 1687int security_bprm_check(struct linux_binprm *bprm);
1682void security_bprm_committing_creds(struct linux_binprm *bprm); 1688void security_bprm_committing_creds(struct linux_binprm *bprm);
@@ -1752,6 +1758,7 @@ int security_file_send_sigiotask(struct task_struct *tsk,
1752int security_file_receive(struct file *file); 1758int security_file_receive(struct file *file);
1753int security_dentry_open(struct file *file, const struct cred *cred); 1759int security_dentry_open(struct file *file, const struct cred *cred);
1754int security_task_create(unsigned long clone_flags); 1760int security_task_create(unsigned long clone_flags);
1761void security_task_free(struct task_struct *task);
1755int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); 1762int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
1756void security_cred_free(struct cred *cred); 1763void security_cred_free(struct cred *cred);
1757int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); 1764int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
@@ -1896,25 +1903,11 @@ static inline int security_settime(const struct timespec *ts,
1896 return cap_settime(ts, tz); 1903 return cap_settime(ts, tz);
1897} 1904}
1898 1905
1899static inline int security_vm_enough_memory(long pages)
1900{
1901 WARN_ON(current->mm == NULL);
1902 return cap_vm_enough_memory(current->mm, pages);
1903}
1904
1905static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) 1906static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
1906{ 1907{
1907 WARN_ON(mm == NULL);
1908 return cap_vm_enough_memory(mm, pages); 1908 return cap_vm_enough_memory(mm, pages);
1909} 1909}
1910 1910
1911static inline int security_vm_enough_memory_kern(long pages)
1912{
1913 /* If current->mm is a kernel thread then we will pass NULL,
1914 for this specific case that is fine */
1915 return cap_vm_enough_memory(current->mm, pages);
1916}
1917
1918static inline int security_bprm_set_creds(struct linux_binprm *bprm) 1911static inline int security_bprm_set_creds(struct linux_binprm *bprm)
1919{ 1912{
1920 return cap_bprm_set_creds(bprm); 1913 return cap_bprm_set_creds(bprm);
@@ -2245,6 +2238,9 @@ static inline int security_task_create(unsigned long clone_flags)
2245 return 0; 2238 return 0;
2246} 2239}
2247 2240
2241static inline void security_task_free(struct task_struct *task)
2242{ }
2243
2248static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) 2244static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
2249{ 2245{
2250 return 0; 2246 return 0;