aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/security.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h24
1 files changed, 21 insertions, 3 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 5eff459b3833..1f16eea2017b 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -28,6 +28,7 @@
28#include <linux/resource.h> 28#include <linux/resource.h>
29#include <linux/sem.h> 29#include <linux/sem.h>
30#include <linux/shm.h> 30#include <linux/shm.h>
31#include <linux/mm.h> /* PAGE_ALIGN */
31#include <linux/msg.h> 32#include <linux/msg.h>
32#include <linux/sched.h> 33#include <linux/sched.h>
33#include <linux/key.h> 34#include <linux/key.h>
@@ -66,6 +67,9 @@ extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
66extern int cap_inode_removexattr(struct dentry *dentry, const char *name); 67extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
67extern int cap_inode_need_killpriv(struct dentry *dentry); 68extern int cap_inode_need_killpriv(struct dentry *dentry);
68extern int cap_inode_killpriv(struct dentry *dentry); 69extern int cap_inode_killpriv(struct dentry *dentry);
70extern int cap_file_mmap(struct file *file, unsigned long reqprot,
71 unsigned long prot, unsigned long flags,
72 unsigned long addr, unsigned long addr_only);
69extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags); 73extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
70extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, 74extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
71 unsigned long arg4, unsigned long arg5); 75 unsigned long arg4, unsigned long arg5);
@@ -92,6 +96,7 @@ extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
92extern int cap_netlink_recv(struct sk_buff *skb, int cap); 96extern int cap_netlink_recv(struct sk_buff *skb, int cap);
93 97
94extern unsigned long mmap_min_addr; 98extern unsigned long mmap_min_addr;
99extern unsigned long dac_mmap_min_addr;
95/* 100/*
96 * Values used in the task_security_ops calls 101 * Values used in the task_security_ops calls
97 */ 102 */
@@ -116,6 +121,21 @@ struct request_sock;
116#define LSM_UNSAFE_PTRACE 2 121#define LSM_UNSAFE_PTRACE 2
117#define LSM_UNSAFE_PTRACE_CAP 4 122#define LSM_UNSAFE_PTRACE_CAP 4
118 123
124/*
125 * If a hint addr is less than mmap_min_addr change hint to be as
126 * low as possible but still greater than mmap_min_addr
127 */
128static inline unsigned long round_hint_to_min(unsigned long hint)
129{
130 hint &= PAGE_MASK;
131 if (((void *)hint != NULL) &&
132 (hint < mmap_min_addr))
133 return PAGE_ALIGN(mmap_min_addr);
134 return hint;
135}
136extern int mmap_min_addr_handler(struct ctl_table *table, int write, struct file *filp,
137 void __user *buffer, size_t *lenp, loff_t *ppos);
138
119#ifdef CONFIG_SECURITY 139#ifdef CONFIG_SECURITY
120 140
121struct security_mnt_opts { 141struct security_mnt_opts {
@@ -2197,9 +2217,7 @@ static inline int security_file_mmap(struct file *file, unsigned long reqprot,
2197 unsigned long addr, 2217 unsigned long addr,
2198 unsigned long addr_only) 2218 unsigned long addr_only)
2199{ 2219{
2200 if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO)) 2220 return cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
2201 return -EACCES;
2202 return 0;
2203} 2221}
2204 2222
2205static inline int security_file_mprotect(struct vm_area_struct *vma, 2223static inline int security_file_mprotect(struct vm_area_struct *vma,
generated by cgit v1.2.2 (git 2.25.0) at 2025-10-27 07:43:49 -0400