diff options
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 49 |
1 files changed, 20 insertions, 29 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 50737c70e78e..31c8851ec5d0 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -46,7 +46,8 @@ struct audit_krule; | |||
| 46 | */ | 46 | */ |
| 47 | extern int cap_capable(struct task_struct *tsk, int cap); | 47 | extern int cap_capable(struct task_struct *tsk, int cap); |
| 48 | extern int cap_settime(struct timespec *ts, struct timezone *tz); | 48 | extern int cap_settime(struct timespec *ts, struct timezone *tz); |
| 49 | extern int cap_ptrace(struct task_struct *parent, struct task_struct *child); | 49 | extern int cap_ptrace(struct task_struct *parent, struct task_struct *child, |
| 50 | unsigned int mode); | ||
| 50 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 51 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); |
| 51 | extern int cap_capset_check(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 52 | extern int cap_capset_check(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); |
| 52 | extern void cap_capset_set(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 53 | extern void cap_capset_set(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); |
| @@ -79,6 +80,7 @@ struct xfrm_selector; | |||
| 79 | struct xfrm_policy; | 80 | struct xfrm_policy; |
| 80 | struct xfrm_state; | 81 | struct xfrm_state; |
| 81 | struct xfrm_user_sec_ctx; | 82 | struct xfrm_user_sec_ctx; |
| 83 | struct seq_file; | ||
| 82 | 84 | ||
| 83 | extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); | 85 | extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); |
| 84 | extern int cap_netlink_recv(struct sk_buff *skb, int cap); | 86 | extern int cap_netlink_recv(struct sk_buff *skb, int cap); |
| @@ -289,10 +291,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 289 | * Update module state after a successful pivot. | 291 | * Update module state after a successful pivot. |
| 290 | * @old_path contains the path for the old root. | 292 | * @old_path contains the path for the old root. |
| 291 | * @new_path contains the path for the new root. | 293 | * @new_path contains the path for the new root. |
| 292 | * @sb_get_mnt_opts: | ||
| 293 | * Get the security relevant mount options used for a superblock | ||
| 294 | * @sb the superblock to get security mount options from | ||
| 295 | * @opts binary data structure containing all lsm mount data | ||
| 296 | * @sb_set_mnt_opts: | 294 | * @sb_set_mnt_opts: |
| 297 | * Set the security relevant mount options used for a superblock | 295 | * Set the security relevant mount options used for a superblock |
| 298 | * @sb the superblock to set security mount options for | 296 | * @sb the superblock to set security mount options for |
| @@ -1170,6 +1168,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 1170 | * attributes would be changed by the execve. | 1168 | * attributes would be changed by the execve. |
| 1171 | * @parent contains the task_struct structure for parent process. | 1169 | * @parent contains the task_struct structure for parent process. |
| 1172 | * @child contains the task_struct structure for child process. | 1170 | * @child contains the task_struct structure for child process. |
| 1171 | * @mode contains the PTRACE_MODE flags indicating the form of access. | ||
| 1173 | * Return 0 if permission is granted. | 1172 | * Return 0 if permission is granted. |
| 1174 | * @capget: | 1173 | * @capget: |
| 1175 | * Get the @effective, @inheritable, and @permitted capability sets for | 1174 | * Get the @effective, @inheritable, and @permitted capability sets for |
| @@ -1240,11 +1239,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 1240 | * @pages contains the number of pages. | 1239 | * @pages contains the number of pages. |
| 1241 | * Return 0 if permission is granted. | 1240 | * Return 0 if permission is granted. |
| 1242 | * | 1241 | * |
| 1243 | * @register_security: | ||
| 1244 | * allow module stacking. | ||
| 1245 | * @name contains the name of the security module being stacked. | ||
| 1246 | * @ops contains a pointer to the struct security_operations of the module to stack. | ||
| 1247 | * | ||
| 1248 | * @secid_to_secctx: | 1242 | * @secid_to_secctx: |
| 1249 | * Convert secid to security context. | 1243 | * Convert secid to security context. |
| 1250 | * @secid contains the security ID. | 1244 | * @secid contains the security ID. |
| @@ -1295,7 +1289,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 1295 | struct security_operations { | 1289 | struct security_operations { |
| 1296 | char name[SECURITY_NAME_MAX + 1]; | 1290 | char name[SECURITY_NAME_MAX + 1]; |
| 1297 | 1291 | ||
| 1298 | int (*ptrace) (struct task_struct *parent, struct task_struct *child); | 1292 | int (*ptrace) (struct task_struct *parent, struct task_struct *child, |
| 1293 | unsigned int mode); | ||
| 1299 | int (*capget) (struct task_struct *target, | 1294 | int (*capget) (struct task_struct *target, |
| 1300 | kernel_cap_t *effective, | 1295 | kernel_cap_t *effective, |
| 1301 | kernel_cap_t *inheritable, kernel_cap_t *permitted); | 1296 | kernel_cap_t *inheritable, kernel_cap_t *permitted); |
| @@ -1328,6 +1323,7 @@ struct security_operations { | |||
| 1328 | void (*sb_free_security) (struct super_block *sb); | 1323 | void (*sb_free_security) (struct super_block *sb); |
| 1329 | int (*sb_copy_data) (char *orig, char *copy); | 1324 | int (*sb_copy_data) (char *orig, char *copy); |
| 1330 | int (*sb_kern_mount) (struct super_block *sb, void *data); | 1325 | int (*sb_kern_mount) (struct super_block *sb, void *data); |
| 1326 | int (*sb_show_options) (struct seq_file *m, struct super_block *sb); | ||
| 1331 | int (*sb_statfs) (struct dentry *dentry); | 1327 | int (*sb_statfs) (struct dentry *dentry); |
| 1332 | int (*sb_mount) (char *dev_name, struct path *path, | 1328 | int (*sb_mount) (char *dev_name, struct path *path, |
| 1333 | char *type, unsigned long flags, void *data); | 1329 | char *type, unsigned long flags, void *data); |
| @@ -1343,8 +1339,6 @@ struct security_operations { | |||
| 1343 | struct path *new_path); | 1339 | struct path *new_path); |
| 1344 | void (*sb_post_pivotroot) (struct path *old_path, | 1340 | void (*sb_post_pivotroot) (struct path *old_path, |
| 1345 | struct path *new_path); | 1341 | struct path *new_path); |
| 1346 | int (*sb_get_mnt_opts) (const struct super_block *sb, | ||
| 1347 | struct security_mnt_opts *opts); | ||
| 1348 | int (*sb_set_mnt_opts) (struct super_block *sb, | 1342 | int (*sb_set_mnt_opts) (struct super_block *sb, |
| 1349 | struct security_mnt_opts *opts); | 1343 | struct security_mnt_opts *opts); |
| 1350 | void (*sb_clone_mnt_opts) (const struct super_block *oldsb, | 1344 | void (*sb_clone_mnt_opts) (const struct super_block *oldsb, |
| @@ -1472,10 +1466,6 @@ struct security_operations { | |||
| 1472 | int (*netlink_send) (struct sock *sk, struct sk_buff *skb); | 1466 | int (*netlink_send) (struct sock *sk, struct sk_buff *skb); |
| 1473 | int (*netlink_recv) (struct sk_buff *skb, int cap); | 1467 | int (*netlink_recv) (struct sk_buff *skb, int cap); |
| 1474 | 1468 | ||
| 1475 | /* allow module stacking */ | ||
| 1476 | int (*register_security) (const char *name, | ||
| 1477 | struct security_operations *ops); | ||
| 1478 | |||
| 1479 | void (*d_instantiate) (struct dentry *dentry, struct inode *inode); | 1469 | void (*d_instantiate) (struct dentry *dentry, struct inode *inode); |
| 1480 | 1470 | ||
| 1481 | int (*getprocattr) (struct task_struct *p, char *name, char **value); | 1471 | int (*getprocattr) (struct task_struct *p, char *name, char **value); |
| @@ -1565,7 +1555,6 @@ struct security_operations { | |||
| 1565 | extern int security_init(void); | 1555 | extern int security_init(void); |
| 1566 | extern int security_module_enable(struct security_operations *ops); | 1556 | extern int security_module_enable(struct security_operations *ops); |
| 1567 | extern int register_security(struct security_operations *ops); | 1557 | extern int register_security(struct security_operations *ops); |
| 1568 | extern int mod_reg_security(const char *name, struct security_operations *ops); | ||
| 1569 | extern struct dentry *securityfs_create_file(const char *name, mode_t mode, | 1558 | extern struct dentry *securityfs_create_file(const char *name, mode_t mode, |
| 1570 | struct dentry *parent, void *data, | 1559 | struct dentry *parent, void *data, |
| 1571 | const struct file_operations *fops); | 1560 | const struct file_operations *fops); |
| @@ -1573,7 +1562,8 @@ extern struct dentry *securityfs_create_dir(const char *name, struct dentry *par | |||
| 1573 | extern void securityfs_remove(struct dentry *dentry); | 1562 | extern void securityfs_remove(struct dentry *dentry); |
| 1574 | 1563 | ||
| 1575 | /* Security operations */ | 1564 | /* Security operations */ |
| 1576 | int security_ptrace(struct task_struct *parent, struct task_struct *child); | 1565 | int security_ptrace(struct task_struct *parent, struct task_struct *child, |
| 1566 | unsigned int mode); | ||
| 1577 | int security_capget(struct task_struct *target, | 1567 | int security_capget(struct task_struct *target, |
| 1578 | kernel_cap_t *effective, | 1568 | kernel_cap_t *effective, |
| 1579 | kernel_cap_t *inheritable, | 1569 | kernel_cap_t *inheritable, |
| @@ -1606,6 +1596,7 @@ int security_sb_alloc(struct super_block *sb); | |||
| 1606 | void security_sb_free(struct super_block *sb); | 1596 | void security_sb_free(struct super_block *sb); |
| 1607 | int security_sb_copy_data(char *orig, char *copy); | 1597 | int security_sb_copy_data(char *orig, char *copy); |
| 1608 | int security_sb_kern_mount(struct super_block *sb, void *data); | 1598 | int security_sb_kern_mount(struct super_block *sb, void *data); |
| 1599 | int security_sb_show_options(struct seq_file *m, struct super_block *sb); | ||
| 1609 | int security_sb_statfs(struct dentry *dentry); | 1600 | int security_sb_statfs(struct dentry *dentry); |
| 1610 | int security_sb_mount(char *dev_name, struct path *path, | 1601 | int security_sb_mount(char *dev_name, struct path *path, |
| 1611 | char *type, unsigned long flags, void *data); | 1602 | char *type, unsigned long flags, void *data); |
| @@ -1617,8 +1608,6 @@ void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *d | |||
| 1617 | void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint); | 1608 | void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint); |
| 1618 | int security_sb_pivotroot(struct path *old_path, struct path *new_path); | 1609 | int security_sb_pivotroot(struct path *old_path, struct path *new_path); |
| 1619 | void security_sb_post_pivotroot(struct path *old_path, struct path *new_path); | 1610 | void security_sb_post_pivotroot(struct path *old_path, struct path *new_path); |
| 1620 | int security_sb_get_mnt_opts(const struct super_block *sb, | ||
| 1621 | struct security_mnt_opts *opts); | ||
| 1622 | int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts); | 1611 | int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts); |
| 1623 | void security_sb_clone_mnt_opts(const struct super_block *oldsb, | 1612 | void security_sb_clone_mnt_opts(const struct super_block *oldsb, |
| 1624 | struct super_block *newsb); | 1613 | struct super_block *newsb); |
| @@ -1755,9 +1744,11 @@ static inline int security_init(void) | |||
| 1755 | return 0; | 1744 | return 0; |
| 1756 | } | 1745 | } |
| 1757 | 1746 | ||
| 1758 | static inline int security_ptrace(struct task_struct *parent, struct task_struct *child) | 1747 | static inline int security_ptrace(struct task_struct *parent, |
| 1748 | struct task_struct *child, | ||
| 1749 | unsigned int mode) | ||
| 1759 | { | 1750 | { |
| 1760 | return cap_ptrace(parent, child); | 1751 | return cap_ptrace(parent, child, mode); |
| 1761 | } | 1752 | } |
| 1762 | 1753 | ||
| 1763 | static inline int security_capget(struct task_struct *target, | 1754 | static inline int security_capget(struct task_struct *target, |
| @@ -1881,6 +1872,12 @@ static inline int security_sb_kern_mount(struct super_block *sb, void *data) | |||
| 1881 | return 0; | 1872 | return 0; |
| 1882 | } | 1873 | } |
| 1883 | 1874 | ||
| 1875 | static inline int security_sb_show_options(struct seq_file *m, | ||
| 1876 | struct super_block *sb) | ||
| 1877 | { | ||
| 1878 | return 0; | ||
| 1879 | } | ||
| 1880 | |||
| 1884 | static inline int security_sb_statfs(struct dentry *dentry) | 1881 | static inline int security_sb_statfs(struct dentry *dentry) |
| 1885 | { | 1882 | { |
| 1886 | return 0; | 1883 | return 0; |
| @@ -1927,12 +1924,6 @@ static inline int security_sb_pivotroot(struct path *old_path, | |||
| 1927 | static inline void security_sb_post_pivotroot(struct path *old_path, | 1924 | static inline void security_sb_post_pivotroot(struct path *old_path, |
| 1928 | struct path *new_path) | 1925 | struct path *new_path) |
| 1929 | { } | 1926 | { } |
| 1930 | static inline int security_sb_get_mnt_opts(const struct super_block *sb, | ||
| 1931 | struct security_mnt_opts *opts) | ||
| 1932 | { | ||
| 1933 | security_init_mnt_opts(opts); | ||
| 1934 | return 0; | ||
| 1935 | } | ||
| 1936 | 1927 | ||
| 1937 | static inline int security_sb_set_mnt_opts(struct super_block *sb, | 1928 | static inline int security_sb_set_mnt_opts(struct super_block *sb, |
| 1938 | struct security_mnt_opts *opts) | 1929 | struct security_mnt_opts *opts) |