diff options
Diffstat (limited to 'include/linux/security.h')
-rw-r--r-- | include/linux/security.h | 51 |
1 files changed, 41 insertions, 10 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 51805806f974..f75303831d09 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -67,7 +67,7 @@ struct xfrm_state; | |||
67 | struct xfrm_user_sec_ctx; | 67 | struct xfrm_user_sec_ctx; |
68 | 68 | ||
69 | extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); | 69 | extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); |
70 | extern int cap_netlink_recv(struct sk_buff *skb); | 70 | extern int cap_netlink_recv(struct sk_buff *skb, int cap); |
71 | 71 | ||
72 | /* | 72 | /* |
73 | * Values used in the task_security_ops calls | 73 | * Values used in the task_security_ops calls |
@@ -567,6 +567,9 @@ struct swap_info_struct; | |||
567 | * @p. | 567 | * @p. |
568 | * @p contains the task_struct for the process. | 568 | * @p contains the task_struct for the process. |
569 | * Return 0 if permission is granted. | 569 | * Return 0 if permission is granted. |
570 | * @task_getsecid: | ||
571 | * Retrieve the security identifier of the process @p. | ||
572 | * @p contains the task_struct for the process and place is into @secid. | ||
570 | * @task_setgroups: | 573 | * @task_setgroups: |
571 | * Check permission before setting the supplementary group set of the | 574 | * Check permission before setting the supplementary group set of the |
572 | * current process. | 575 | * current process. |
@@ -582,6 +585,10 @@ struct swap_info_struct; | |||
582 | * @p contains the task_struct of process. | 585 | * @p contains the task_struct of process. |
583 | * @ioprio contains the new ioprio value | 586 | * @ioprio contains the new ioprio value |
584 | * Return 0 if permission is granted. | 587 | * Return 0 if permission is granted. |
588 | * @task_getioprio | ||
589 | * Check permission before getting the ioprio value of @p. | ||
590 | * @p contains the task_struct of process. | ||
591 | * Return 0 if permission is granted. | ||
585 | * @task_setrlimit: | 592 | * @task_setrlimit: |
586 | * Check permission before setting the resource limits of the current | 593 | * Check permission before setting the resource limits of the current |
587 | * process for @resource to @new_rlim. The old resource limit values can | 594 | * process for @resource to @new_rlim. The old resource limit values can |
@@ -615,6 +622,7 @@ struct swap_info_struct; | |||
615 | * @p contains the task_struct for process. | 622 | * @p contains the task_struct for process. |
616 | * @info contains the signal information. | 623 | * @info contains the signal information. |
617 | * @sig contains the signal value. | 624 | * @sig contains the signal value. |
625 | * @secid contains the sid of the process where the signal originated | ||
618 | * Return 0 if permission is granted. | 626 | * Return 0 if permission is granted. |
619 | * @task_wait: | 627 | * @task_wait: |
620 | * Check permission before allowing a process to reap a child process @p | 628 | * Check permission before allowing a process to reap a child process @p |
@@ -656,6 +664,7 @@ struct swap_info_struct; | |||
656 | * Check permission before processing the received netlink message in | 664 | * Check permission before processing the received netlink message in |
657 | * @skb. | 665 | * @skb. |
658 | * @skb contains the sk_buff structure for the netlink message. | 666 | * @skb contains the sk_buff structure for the netlink message. |
667 | * @cap indicates the capability required | ||
659 | * Return 0 if permission is granted. | 668 | * Return 0 if permission is granted. |
660 | * | 669 | * |
661 | * Security hooks for Unix domain networking. | 670 | * Security hooks for Unix domain networking. |
@@ -1218,16 +1227,18 @@ struct security_operations { | |||
1218 | int (*task_setpgid) (struct task_struct * p, pid_t pgid); | 1227 | int (*task_setpgid) (struct task_struct * p, pid_t pgid); |
1219 | int (*task_getpgid) (struct task_struct * p); | 1228 | int (*task_getpgid) (struct task_struct * p); |
1220 | int (*task_getsid) (struct task_struct * p); | 1229 | int (*task_getsid) (struct task_struct * p); |
1230 | void (*task_getsecid) (struct task_struct * p, u32 * secid); | ||
1221 | int (*task_setgroups) (struct group_info *group_info); | 1231 | int (*task_setgroups) (struct group_info *group_info); |
1222 | int (*task_setnice) (struct task_struct * p, int nice); | 1232 | int (*task_setnice) (struct task_struct * p, int nice); |
1223 | int (*task_setioprio) (struct task_struct * p, int ioprio); | 1233 | int (*task_setioprio) (struct task_struct * p, int ioprio); |
1234 | int (*task_getioprio) (struct task_struct * p); | ||
1224 | int (*task_setrlimit) (unsigned int resource, struct rlimit * new_rlim); | 1235 | int (*task_setrlimit) (unsigned int resource, struct rlimit * new_rlim); |
1225 | int (*task_setscheduler) (struct task_struct * p, int policy, | 1236 | int (*task_setscheduler) (struct task_struct * p, int policy, |
1226 | struct sched_param * lp); | 1237 | struct sched_param * lp); |
1227 | int (*task_getscheduler) (struct task_struct * p); | 1238 | int (*task_getscheduler) (struct task_struct * p); |
1228 | int (*task_movememory) (struct task_struct * p); | 1239 | int (*task_movememory) (struct task_struct * p); |
1229 | int (*task_kill) (struct task_struct * p, | 1240 | int (*task_kill) (struct task_struct * p, |
1230 | struct siginfo * info, int sig); | 1241 | struct siginfo * info, int sig, u32 secid); |
1231 | int (*task_wait) (struct task_struct * p); | 1242 | int (*task_wait) (struct task_struct * p); |
1232 | int (*task_prctl) (int option, unsigned long arg2, | 1243 | int (*task_prctl) (int option, unsigned long arg2, |
1233 | unsigned long arg3, unsigned long arg4, | 1244 | unsigned long arg3, unsigned long arg4, |
@@ -1266,7 +1277,7 @@ struct security_operations { | |||
1266 | struct sembuf * sops, unsigned nsops, int alter); | 1277 | struct sembuf * sops, unsigned nsops, int alter); |
1267 | 1278 | ||
1268 | int (*netlink_send) (struct sock * sk, struct sk_buff * skb); | 1279 | int (*netlink_send) (struct sock * sk, struct sk_buff * skb); |
1269 | int (*netlink_recv) (struct sk_buff * skb); | 1280 | int (*netlink_recv) (struct sk_buff * skb, int cap); |
1270 | 1281 | ||
1271 | /* allow module stacking */ | 1282 | /* allow module stacking */ |
1272 | int (*register_security) (const char *name, | 1283 | int (*register_security) (const char *name, |
@@ -1838,6 +1849,11 @@ static inline int security_task_getsid (struct task_struct *p) | |||
1838 | return security_ops->task_getsid (p); | 1849 | return security_ops->task_getsid (p); |
1839 | } | 1850 | } |
1840 | 1851 | ||
1852 | static inline void security_task_getsecid (struct task_struct *p, u32 *secid) | ||
1853 | { | ||
1854 | security_ops->task_getsecid (p, secid); | ||
1855 | } | ||
1856 | |||
1841 | static inline int security_task_setgroups (struct group_info *group_info) | 1857 | static inline int security_task_setgroups (struct group_info *group_info) |
1842 | { | 1858 | { |
1843 | return security_ops->task_setgroups (group_info); | 1859 | return security_ops->task_setgroups (group_info); |
@@ -1853,6 +1869,11 @@ static inline int security_task_setioprio (struct task_struct *p, int ioprio) | |||
1853 | return security_ops->task_setioprio (p, ioprio); | 1869 | return security_ops->task_setioprio (p, ioprio); |
1854 | } | 1870 | } |
1855 | 1871 | ||
1872 | static inline int security_task_getioprio (struct task_struct *p) | ||
1873 | { | ||
1874 | return security_ops->task_getioprio (p); | ||
1875 | } | ||
1876 | |||
1856 | static inline int security_task_setrlimit (unsigned int resource, | 1877 | static inline int security_task_setrlimit (unsigned int resource, |
1857 | struct rlimit *new_rlim) | 1878 | struct rlimit *new_rlim) |
1858 | { | 1879 | { |
@@ -1877,9 +1898,10 @@ static inline int security_task_movememory (struct task_struct *p) | |||
1877 | } | 1898 | } |
1878 | 1899 | ||
1879 | static inline int security_task_kill (struct task_struct *p, | 1900 | static inline int security_task_kill (struct task_struct *p, |
1880 | struct siginfo *info, int sig) | 1901 | struct siginfo *info, int sig, |
1902 | u32 secid) | ||
1881 | { | 1903 | { |
1882 | return security_ops->task_kill (p, info, sig); | 1904 | return security_ops->task_kill (p, info, sig, secid); |
1883 | } | 1905 | } |
1884 | 1906 | ||
1885 | static inline int security_task_wait (struct task_struct *p) | 1907 | static inline int security_task_wait (struct task_struct *p) |
@@ -2032,9 +2054,9 @@ static inline int security_netlink_send(struct sock *sk, struct sk_buff * skb) | |||
2032 | return security_ops->netlink_send(sk, skb); | 2054 | return security_ops->netlink_send(sk, skb); |
2033 | } | 2055 | } |
2034 | 2056 | ||
2035 | static inline int security_netlink_recv(struct sk_buff * skb) | 2057 | static inline int security_netlink_recv(struct sk_buff * skb, int cap) |
2036 | { | 2058 | { |
2037 | return security_ops->netlink_recv(skb); | 2059 | return security_ops->netlink_recv(skb, cap); |
2038 | } | 2060 | } |
2039 | 2061 | ||
2040 | /* prototypes */ | 2062 | /* prototypes */ |
@@ -2490,6 +2512,9 @@ static inline int security_task_getsid (struct task_struct *p) | |||
2490 | return 0; | 2512 | return 0; |
2491 | } | 2513 | } |
2492 | 2514 | ||
2515 | static inline void security_task_getsecid (struct task_struct *p, u32 *secid) | ||
2516 | { } | ||
2517 | |||
2493 | static inline int security_task_setgroups (struct group_info *group_info) | 2518 | static inline int security_task_setgroups (struct group_info *group_info) |
2494 | { | 2519 | { |
2495 | return 0; | 2520 | return 0; |
@@ -2505,6 +2530,11 @@ static inline int security_task_setioprio (struct task_struct *p, int ioprio) | |||
2505 | return 0; | 2530 | return 0; |
2506 | } | 2531 | } |
2507 | 2532 | ||
2533 | static inline int security_task_getioprio (struct task_struct *p) | ||
2534 | { | ||
2535 | return 0; | ||
2536 | } | ||
2537 | |||
2508 | static inline int security_task_setrlimit (unsigned int resource, | 2538 | static inline int security_task_setrlimit (unsigned int resource, |
2509 | struct rlimit *new_rlim) | 2539 | struct rlimit *new_rlim) |
2510 | { | 2540 | { |
@@ -2529,7 +2559,8 @@ static inline int security_task_movememory (struct task_struct *p) | |||
2529 | } | 2559 | } |
2530 | 2560 | ||
2531 | static inline int security_task_kill (struct task_struct *p, | 2561 | static inline int security_task_kill (struct task_struct *p, |
2532 | struct siginfo *info, int sig) | 2562 | struct siginfo *info, int sig, |
2563 | u32 secid) | ||
2533 | { | 2564 | { |
2534 | return 0; | 2565 | return 0; |
2535 | } | 2566 | } |
@@ -2670,9 +2701,9 @@ static inline int security_netlink_send (struct sock *sk, struct sk_buff *skb) | |||
2670 | return cap_netlink_send (sk, skb); | 2701 | return cap_netlink_send (sk, skb); |
2671 | } | 2702 | } |
2672 | 2703 | ||
2673 | static inline int security_netlink_recv (struct sk_buff *skb) | 2704 | static inline int security_netlink_recv (struct sk_buff *skb, int cap) |
2674 | { | 2705 | { |
2675 | return cap_netlink_recv (skb); | 2706 | return cap_netlink_recv (skb, cap); |
2676 | } | 2707 | } |
2677 | 2708 | ||
2678 | static inline struct dentry *securityfs_create_dir(const char *name, | 2709 | static inline struct dentry *securityfs_create_dir(const char *name, |