diff options
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 54 |
1 files changed, 39 insertions, 15 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index a22219afff09..fd4d55fb8845 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -74,10 +74,9 @@ extern int cap_file_mmap(struct file *file, unsigned long reqprot, | |||
| 74 | extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags); | 74 | extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags); |
| 75 | extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | 75 | extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
| 76 | unsigned long arg4, unsigned long arg5); | 76 | unsigned long arg4, unsigned long arg5); |
| 77 | extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp); | 77 | extern int cap_task_setscheduler(struct task_struct *p); |
| 78 | extern int cap_task_setioprio(struct task_struct *p, int ioprio); | 78 | extern int cap_task_setioprio(struct task_struct *p, int ioprio); |
| 79 | extern int cap_task_setnice(struct task_struct *p, int nice); | 79 | extern int cap_task_setnice(struct task_struct *p, int nice); |
| 80 | extern int cap_syslog(int type, bool from_file); | ||
| 81 | extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); | 80 | extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); |
| 82 | 81 | ||
| 83 | struct msghdr; | 82 | struct msghdr; |
| @@ -959,6 +958,12 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 959 | * Sets the new child socket's sid to the openreq sid. | 958 | * Sets the new child socket's sid to the openreq sid. |
| 960 | * @inet_conn_established: | 959 | * @inet_conn_established: |
| 961 | * Sets the connection's peersid to the secmark on skb. | 960 | * Sets the connection's peersid to the secmark on skb. |
| 961 | * @secmark_relabel_packet: | ||
| 962 | * check if the process should be allowed to relabel packets to the given secid | ||
| 963 | * @security_secmark_refcount_inc | ||
| 964 | * tells the LSM to increment the number of secmark labeling rules loaded | ||
| 965 | * @security_secmark_refcount_dec | ||
| 966 | * tells the LSM to decrement the number of secmark labeling rules loaded | ||
| 962 | * @req_classify_flow: | 967 | * @req_classify_flow: |
| 963 | * Sets the flow's sid to the openreq sid. | 968 | * Sets the flow's sid to the openreq sid. |
| 964 | * @tun_dev_create: | 969 | * @tun_dev_create: |
| @@ -1279,9 +1284,13 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 1279 | * Return 0 if permission is granted. | 1284 | * Return 0 if permission is granted. |
| 1280 | * | 1285 | * |
| 1281 | * @secid_to_secctx: | 1286 | * @secid_to_secctx: |
| 1282 | * Convert secid to security context. | 1287 | * Convert secid to security context. If secdata is NULL the length of |
| 1288 | * the result will be returned in seclen, but no secdata will be returned. | ||
| 1289 | * This does mean that the length could change between calls to check the | ||
| 1290 | * length and the next call which actually allocates and returns the secdata. | ||
| 1283 | * @secid contains the security ID. | 1291 | * @secid contains the security ID. |
| 1284 | * @secdata contains the pointer that stores the converted security context. | 1292 | * @secdata contains the pointer that stores the converted security context. |
| 1293 | * @seclen pointer which contains the length of the data | ||
| 1285 | * @secctx_to_secid: | 1294 | * @secctx_to_secid: |
| 1286 | * Convert security context to secid. | 1295 | * Convert security context to secid. |
| 1287 | * @secid contains the pointer to the generated security ID. | 1296 | * @secid contains the pointer to the generated security ID. |
| @@ -1378,7 +1387,7 @@ struct security_operations { | |||
| 1378 | int (*sysctl) (struct ctl_table *table, int op); | 1387 | int (*sysctl) (struct ctl_table *table, int op); |
| 1379 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); | 1388 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); |
| 1380 | int (*quota_on) (struct dentry *dentry); | 1389 | int (*quota_on) (struct dentry *dentry); |
| 1381 | int (*syslog) (int type, bool from_file); | 1390 | int (*syslog) (int type); |
| 1382 | int (*settime) (struct timespec *ts, struct timezone *tz); | 1391 | int (*settime) (struct timespec *ts, struct timezone *tz); |
| 1383 | int (*vm_enough_memory) (struct mm_struct *mm, long pages); | 1392 | int (*vm_enough_memory) (struct mm_struct *mm, long pages); |
| 1384 | 1393 | ||
| @@ -1501,8 +1510,7 @@ struct security_operations { | |||
| 1501 | int (*task_getioprio) (struct task_struct *p); | 1510 | int (*task_getioprio) (struct task_struct *p); |
| 1502 | int (*task_setrlimit) (struct task_struct *p, unsigned int resource, | 1511 | int (*task_setrlimit) (struct task_struct *p, unsigned int resource, |
| 1503 | struct rlimit *new_rlim); | 1512 | struct rlimit *new_rlim); |
| 1504 | int (*task_setscheduler) (struct task_struct *p, int policy, | 1513 | int (*task_setscheduler) (struct task_struct *p); |
| 1505 | struct sched_param *lp); | ||
| 1506 | int (*task_getscheduler) (struct task_struct *p); | 1514 | int (*task_getscheduler) (struct task_struct *p); |
| 1507 | int (*task_movememory) (struct task_struct *p); | 1515 | int (*task_movememory) (struct task_struct *p); |
| 1508 | int (*task_kill) (struct task_struct *p, | 1516 | int (*task_kill) (struct task_struct *p, |
| @@ -1594,6 +1602,9 @@ struct security_operations { | |||
| 1594 | struct request_sock *req); | 1602 | struct request_sock *req); |
| 1595 | void (*inet_csk_clone) (struct sock *newsk, const struct request_sock *req); | 1603 | void (*inet_csk_clone) (struct sock *newsk, const struct request_sock *req); |
| 1596 | void (*inet_conn_established) (struct sock *sk, struct sk_buff *skb); | 1604 | void (*inet_conn_established) (struct sock *sk, struct sk_buff *skb); |
| 1605 | int (*secmark_relabel_packet) (u32 secid); | ||
| 1606 | void (*secmark_refcount_inc) (void); | ||
| 1607 | void (*secmark_refcount_dec) (void); | ||
| 1597 | void (*req_classify_flow) (const struct request_sock *req, struct flowi *fl); | 1608 | void (*req_classify_flow) (const struct request_sock *req, struct flowi *fl); |
| 1598 | int (*tun_dev_create)(void); | 1609 | int (*tun_dev_create)(void); |
| 1599 | void (*tun_dev_post_create)(struct sock *sk); | 1610 | void (*tun_dev_post_create)(struct sock *sk); |
| @@ -1659,7 +1670,7 @@ int security_real_capable_noaudit(struct task_struct *tsk, int cap); | |||
| 1659 | int security_sysctl(struct ctl_table *table, int op); | 1670 | int security_sysctl(struct ctl_table *table, int op); |
| 1660 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); | 1671 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); |
| 1661 | int security_quota_on(struct dentry *dentry); | 1672 | int security_quota_on(struct dentry *dentry); |
| 1662 | int security_syslog(int type, bool from_file); | 1673 | int security_syslog(int type); |
| 1663 | int security_settime(struct timespec *ts, struct timezone *tz); | 1674 | int security_settime(struct timespec *ts, struct timezone *tz); |
| 1664 | int security_vm_enough_memory(long pages); | 1675 | int security_vm_enough_memory(long pages); |
| 1665 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); | 1676 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); |
| @@ -1752,8 +1763,7 @@ int security_task_setioprio(struct task_struct *p, int ioprio); | |||
| 1752 | int security_task_getioprio(struct task_struct *p); | 1763 | int security_task_getioprio(struct task_struct *p); |
| 1753 | int security_task_setrlimit(struct task_struct *p, unsigned int resource, | 1764 | int security_task_setrlimit(struct task_struct *p, unsigned int resource, |
| 1754 | struct rlimit *new_rlim); | 1765 | struct rlimit *new_rlim); |
| 1755 | int security_task_setscheduler(struct task_struct *p, | 1766 | int security_task_setscheduler(struct task_struct *p); |
| 1756 | int policy, struct sched_param *lp); | ||
| 1757 | int security_task_getscheduler(struct task_struct *p); | 1767 | int security_task_getscheduler(struct task_struct *p); |
| 1758 | int security_task_movememory(struct task_struct *p); | 1768 | int security_task_movememory(struct task_struct *p); |
| 1759 | int security_task_kill(struct task_struct *p, struct siginfo *info, | 1769 | int security_task_kill(struct task_struct *p, struct siginfo *info, |
| @@ -1890,9 +1900,9 @@ static inline int security_quota_on(struct dentry *dentry) | |||
| 1890 | return 0; | 1900 | return 0; |
| 1891 | } | 1901 | } |
| 1892 | 1902 | ||
| 1893 | static inline int security_syslog(int type, bool from_file) | 1903 | static inline int security_syslog(int type) |
| 1894 | { | 1904 | { |
| 1895 | return cap_syslog(type, from_file); | 1905 | return 0; |
| 1896 | } | 1906 | } |
| 1897 | 1907 | ||
| 1898 | static inline int security_settime(struct timespec *ts, struct timezone *tz) | 1908 | static inline int security_settime(struct timespec *ts, struct timezone *tz) |
| @@ -2320,11 +2330,9 @@ static inline int security_task_setrlimit(struct task_struct *p, | |||
| 2320 | return 0; | 2330 | return 0; |
| 2321 | } | 2331 | } |
| 2322 | 2332 | ||
| 2323 | static inline int security_task_setscheduler(struct task_struct *p, | 2333 | static inline int security_task_setscheduler(struct task_struct *p) |
| 2324 | int policy, | ||
| 2325 | struct sched_param *lp) | ||
| 2326 | { | 2334 | { |
| 2327 | return cap_task_setscheduler(p, policy, lp); | 2335 | return cap_task_setscheduler(p); |
| 2328 | } | 2336 | } |
| 2329 | 2337 | ||
| 2330 | static inline int security_task_getscheduler(struct task_struct *p) | 2338 | static inline int security_task_getscheduler(struct task_struct *p) |
| @@ -2551,6 +2559,9 @@ void security_inet_csk_clone(struct sock *newsk, | |||
| 2551 | const struct request_sock *req); | 2559 | const struct request_sock *req); |
| 2552 | void security_inet_conn_established(struct sock *sk, | 2560 | void security_inet_conn_established(struct sock *sk, |
| 2553 | struct sk_buff *skb); | 2561 | struct sk_buff *skb); |
| 2562 | int security_secmark_relabel_packet(u32 secid); | ||
| 2563 | void security_secmark_refcount_inc(void); | ||
| 2564 | void security_secmark_refcount_dec(void); | ||
| 2554 | int security_tun_dev_create(void); | 2565 | int security_tun_dev_create(void); |
| 2555 | void security_tun_dev_post_create(struct sock *sk); | 2566 | void security_tun_dev_post_create(struct sock *sk); |
| 2556 | int security_tun_dev_attach(struct sock *sk); | 2567 | int security_tun_dev_attach(struct sock *sk); |
| @@ -2705,6 +2716,19 @@ static inline void security_inet_conn_established(struct sock *sk, | |||
| 2705 | { | 2716 | { |
| 2706 | } | 2717 | } |
| 2707 | 2718 | ||
| 2719 | static inline int security_secmark_relabel_packet(u32 secid) | ||
| 2720 | { | ||
| 2721 | return 0; | ||
| 2722 | } | ||
| 2723 | |||
| 2724 | static inline void security_secmark_refcount_inc(void) | ||
| 2725 | { | ||
| 2726 | } | ||
| 2727 | |||
| 2728 | static inline void security_secmark_refcount_dec(void) | ||
| 2729 | { | ||
| 2730 | } | ||
| 2731 | |||
| 2708 | static inline int security_tun_dev_create(void) | 2732 | static inline int security_tun_dev_create(void) |
| 2709 | { | 2733 | { |
| 2710 | return 0; | 2734 | return 0; |