diff options
Diffstat (limited to 'include/linux/security.h')
-rw-r--r-- | include/linux/security.h | 82 |
1 files changed, 39 insertions, 43 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 83c18e8c846d..673afbb8238a 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -22,22 +22,36 @@ | |||
22 | #ifndef __LINUX_SECURITY_H | 22 | #ifndef __LINUX_SECURITY_H |
23 | #define __LINUX_SECURITY_H | 23 | #define __LINUX_SECURITY_H |
24 | 24 | ||
25 | #include <linux/fs.h> | ||
26 | #include <linux/fsnotify.h> | ||
27 | #include <linux/binfmts.h> | ||
28 | #include <linux/dcache.h> | ||
29 | #include <linux/signal.h> | ||
30 | #include <linux/resource.h> | ||
31 | #include <linux/sem.h> | ||
32 | #include <linux/shm.h> | ||
33 | #include <linux/mm.h> /* PAGE_ALIGN */ | ||
34 | #include <linux/msg.h> | ||
35 | #include <linux/sched.h> | ||
36 | #include <linux/key.h> | 25 | #include <linux/key.h> |
37 | #include <linux/xfrm.h> | 26 | #include <linux/capability.h> |
38 | #include <linux/slab.h> | 27 | #include <linux/slab.h> |
39 | #include <linux/xattr.h> | 28 | #include <linux/err.h> |
40 | #include <net/flow.h> | 29 | |
30 | struct linux_binprm; | ||
31 | struct cred; | ||
32 | struct rlimit; | ||
33 | struct siginfo; | ||
34 | struct sem_array; | ||
35 | struct sembuf; | ||
36 | struct kern_ipc_perm; | ||
37 | struct audit_context; | ||
38 | struct super_block; | ||
39 | struct inode; | ||
40 | struct dentry; | ||
41 | struct file; | ||
42 | struct vfsmount; | ||
43 | struct path; | ||
44 | struct qstr; | ||
45 | struct nameidata; | ||
46 | struct iattr; | ||
47 | struct fown_struct; | ||
48 | struct file_operations; | ||
49 | struct shmid_kernel; | ||
50 | struct msg_msg; | ||
51 | struct msg_queue; | ||
52 | struct xattr; | ||
53 | struct xfrm_sec_ctx; | ||
54 | struct mm_struct; | ||
41 | 55 | ||
42 | /* Maximum number of letters for an LSM name string */ | 56 | /* Maximum number of letters for an LSM name string */ |
43 | #define SECURITY_NAME_MAX 10 | 57 | #define SECURITY_NAME_MAX 10 |
@@ -49,6 +63,7 @@ | |||
49 | struct ctl_table; | 63 | struct ctl_table; |
50 | struct audit_krule; | 64 | struct audit_krule; |
51 | struct user_namespace; | 65 | struct user_namespace; |
66 | struct timezone; | ||
52 | 67 | ||
53 | /* | 68 | /* |
54 | * These functions are in security/capability.c and are used | 69 | * These functions are in security/capability.c and are used |
@@ -131,18 +146,6 @@ struct request_sock; | |||
131 | #define LSM_UNSAFE_PTRACE_CAP 4 | 146 | #define LSM_UNSAFE_PTRACE_CAP 4 |
132 | 147 | ||
133 | #ifdef CONFIG_MMU | 148 | #ifdef CONFIG_MMU |
134 | /* | ||
135 | * If a hint addr is less than mmap_min_addr change hint to be as | ||
136 | * low as possible but still greater than mmap_min_addr | ||
137 | */ | ||
138 | static inline unsigned long round_hint_to_min(unsigned long hint) | ||
139 | { | ||
140 | hint &= PAGE_MASK; | ||
141 | if (((void *)hint != NULL) && | ||
142 | (hint < mmap_min_addr)) | ||
143 | return PAGE_ALIGN(mmap_min_addr); | ||
144 | return hint; | ||
145 | } | ||
146 | extern int mmap_min_addr_handler(struct ctl_table *table, int write, | 149 | extern int mmap_min_addr_handler(struct ctl_table *table, int write, |
147 | void __user *buffer, size_t *lenp, loff_t *ppos); | 150 | void __user *buffer, size_t *lenp, loff_t *ppos); |
148 | #endif | 151 | #endif |
@@ -651,6 +654,10 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
651 | * manual page for definitions of the @clone_flags. | 654 | * manual page for definitions of the @clone_flags. |
652 | * @clone_flags contains the flags indicating what should be shared. | 655 | * @clone_flags contains the flags indicating what should be shared. |
653 | * Return 0 if permission is granted. | 656 | * Return 0 if permission is granted. |
657 | * @task_free: | ||
658 | * @task task being freed | ||
659 | * Handle release of task-related resources. (Note that this can be called | ||
660 | * from interrupt context.) | ||
654 | * @cred_alloc_blank: | 661 | * @cred_alloc_blank: |
655 | * @cred points to the credentials. | 662 | * @cred points to the credentials. |
656 | * @gfp indicates the atomicity of any memory allocations. | 663 | * @gfp indicates the atomicity of any memory allocations. |
@@ -812,7 +819,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
812 | * Check permissions before connecting or sending datagrams from @sock to | 819 | * Check permissions before connecting or sending datagrams from @sock to |
813 | * @other. | 820 | * @other. |
814 | * @sock contains the socket structure. | 821 | * @sock contains the socket structure. |
815 | * @sock contains the peer socket structure. | 822 | * @other contains the peer socket structure. |
816 | * Return 0 if permission is granted. | 823 | * Return 0 if permission is granted. |
817 | * | 824 | * |
818 | * The @unix_stream_connect and @unix_may_send hooks were necessary because | 825 | * The @unix_stream_connect and @unix_may_send hooks were necessary because |
@@ -1493,6 +1500,7 @@ struct security_operations { | |||
1493 | int (*dentry_open) (struct file *file, const struct cred *cred); | 1500 | int (*dentry_open) (struct file *file, const struct cred *cred); |
1494 | 1501 | ||
1495 | int (*task_create) (unsigned long clone_flags); | 1502 | int (*task_create) (unsigned long clone_flags); |
1503 | void (*task_free) (struct task_struct *task); | ||
1496 | int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp); | 1504 | int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp); |
1497 | void (*cred_free) (struct cred *cred); | 1505 | void (*cred_free) (struct cred *cred); |
1498 | int (*cred_prepare)(struct cred *new, const struct cred *old, | 1506 | int (*cred_prepare)(struct cred *new, const struct cred *old, |
@@ -1674,9 +1682,7 @@ int security_quotactl(int cmds, int type, int id, struct super_block *sb); | |||
1674 | int security_quota_on(struct dentry *dentry); | 1682 | int security_quota_on(struct dentry *dentry); |
1675 | int security_syslog(int type); | 1683 | int security_syslog(int type); |
1676 | int security_settime(const struct timespec *ts, const struct timezone *tz); | 1684 | int security_settime(const struct timespec *ts, const struct timezone *tz); |
1677 | int security_vm_enough_memory(long pages); | ||
1678 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); | 1685 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); |
1679 | int security_vm_enough_memory_kern(long pages); | ||
1680 | int security_bprm_set_creds(struct linux_binprm *bprm); | 1686 | int security_bprm_set_creds(struct linux_binprm *bprm); |
1681 | int security_bprm_check(struct linux_binprm *bprm); | 1687 | int security_bprm_check(struct linux_binprm *bprm); |
1682 | void security_bprm_committing_creds(struct linux_binprm *bprm); | 1688 | void security_bprm_committing_creds(struct linux_binprm *bprm); |
@@ -1752,6 +1758,7 @@ int security_file_send_sigiotask(struct task_struct *tsk, | |||
1752 | int security_file_receive(struct file *file); | 1758 | int security_file_receive(struct file *file); |
1753 | int security_dentry_open(struct file *file, const struct cred *cred); | 1759 | int security_dentry_open(struct file *file, const struct cred *cred); |
1754 | int security_task_create(unsigned long clone_flags); | 1760 | int security_task_create(unsigned long clone_flags); |
1761 | void security_task_free(struct task_struct *task); | ||
1755 | int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); | 1762 | int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); |
1756 | void security_cred_free(struct cred *cred); | 1763 | void security_cred_free(struct cred *cred); |
1757 | int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); | 1764 | int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); |
@@ -1896,25 +1903,11 @@ static inline int security_settime(const struct timespec *ts, | |||
1896 | return cap_settime(ts, tz); | 1903 | return cap_settime(ts, tz); |
1897 | } | 1904 | } |
1898 | 1905 | ||
1899 | static inline int security_vm_enough_memory(long pages) | ||
1900 | { | ||
1901 | WARN_ON(current->mm == NULL); | ||
1902 | return cap_vm_enough_memory(current->mm, pages); | ||
1903 | } | ||
1904 | |||
1905 | static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) | 1906 | static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) |
1906 | { | 1907 | { |
1907 | WARN_ON(mm == NULL); | ||
1908 | return cap_vm_enough_memory(mm, pages); | 1908 | return cap_vm_enough_memory(mm, pages); |
1909 | } | 1909 | } |
1910 | 1910 | ||
1911 | static inline int security_vm_enough_memory_kern(long pages) | ||
1912 | { | ||
1913 | /* If current->mm is a kernel thread then we will pass NULL, | ||
1914 | for this specific case that is fine */ | ||
1915 | return cap_vm_enough_memory(current->mm, pages); | ||
1916 | } | ||
1917 | |||
1918 | static inline int security_bprm_set_creds(struct linux_binprm *bprm) | 1911 | static inline int security_bprm_set_creds(struct linux_binprm *bprm) |
1919 | { | 1912 | { |
1920 | return cap_bprm_set_creds(bprm); | 1913 | return cap_bprm_set_creds(bprm); |
@@ -2245,6 +2238,9 @@ static inline int security_task_create(unsigned long clone_flags) | |||
2245 | return 0; | 2238 | return 0; |
2246 | } | 2239 | } |
2247 | 2240 | ||
2241 | static inline void security_task_free(struct task_struct *task) | ||
2242 | { } | ||
2243 | |||
2248 | static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) | 2244 | static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) |
2249 | { | 2245 | { |
2250 | return 0; | 2246 | return 0; |