aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/security.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h51
1 files changed, 41 insertions, 10 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 51805806f974..f75303831d09 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -67,7 +67,7 @@ struct xfrm_state;
67struct xfrm_user_sec_ctx; 67struct xfrm_user_sec_ctx;
68 68
69extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); 69extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
70extern int cap_netlink_recv(struct sk_buff *skb); 70extern int cap_netlink_recv(struct sk_buff *skb, int cap);
71 71
72/* 72/*
73 * Values used in the task_security_ops calls 73 * Values used in the task_security_ops calls
@@ -567,6 +567,9 @@ struct swap_info_struct;
567 * @p. 567 * @p.
568 * @p contains the task_struct for the process. 568 * @p contains the task_struct for the process.
569 * Return 0 if permission is granted. 569 * Return 0 if permission is granted.
570 * @task_getsecid:
571 * Retrieve the security identifier of the process @p.
572 * @p contains the task_struct for the process and place is into @secid.
570 * @task_setgroups: 573 * @task_setgroups:
571 * Check permission before setting the supplementary group set of the 574 * Check permission before setting the supplementary group set of the
572 * current process. 575 * current process.
@@ -582,6 +585,10 @@ struct swap_info_struct;
582 * @p contains the task_struct of process. 585 * @p contains the task_struct of process.
583 * @ioprio contains the new ioprio value 586 * @ioprio contains the new ioprio value
584 * Return 0 if permission is granted. 587 * Return 0 if permission is granted.
588 * @task_getioprio
589 * Check permission before getting the ioprio value of @p.
590 * @p contains the task_struct of process.
591 * Return 0 if permission is granted.
585 * @task_setrlimit: 592 * @task_setrlimit:
586 * Check permission before setting the resource limits of the current 593 * Check permission before setting the resource limits of the current
587 * process for @resource to @new_rlim. The old resource limit values can 594 * process for @resource to @new_rlim. The old resource limit values can
@@ -615,6 +622,7 @@ struct swap_info_struct;
615 * @p contains the task_struct for process. 622 * @p contains the task_struct for process.
616 * @info contains the signal information. 623 * @info contains the signal information.
617 * @sig contains the signal value. 624 * @sig contains the signal value.
625 * @secid contains the sid of the process where the signal originated
618 * Return 0 if permission is granted. 626 * Return 0 if permission is granted.
619 * @task_wait: 627 * @task_wait:
620 * Check permission before allowing a process to reap a child process @p 628 * Check permission before allowing a process to reap a child process @p
@@ -656,6 +664,7 @@ struct swap_info_struct;
656 * Check permission before processing the received netlink message in 664 * Check permission before processing the received netlink message in
657 * @skb. 665 * @skb.
658 * @skb contains the sk_buff structure for the netlink message. 666 * @skb contains the sk_buff structure for the netlink message.
667 * @cap indicates the capability required
659 * Return 0 if permission is granted. 668 * Return 0 if permission is granted.
660 * 669 *
661 * Security hooks for Unix domain networking. 670 * Security hooks for Unix domain networking.
@@ -1218,16 +1227,18 @@ struct security_operations {
1218 int (*task_setpgid) (struct task_struct * p, pid_t pgid); 1227 int (*task_setpgid) (struct task_struct * p, pid_t pgid);
1219 int (*task_getpgid) (struct task_struct * p); 1228 int (*task_getpgid) (struct task_struct * p);
1220 int (*task_getsid) (struct task_struct * p); 1229 int (*task_getsid) (struct task_struct * p);
1230 void (*task_getsecid) (struct task_struct * p, u32 * secid);
1221 int (*task_setgroups) (struct group_info *group_info); 1231 int (*task_setgroups) (struct group_info *group_info);
1222 int (*task_setnice) (struct task_struct * p, int nice); 1232 int (*task_setnice) (struct task_struct * p, int nice);
1223 int (*task_setioprio) (struct task_struct * p, int ioprio); 1233 int (*task_setioprio) (struct task_struct * p, int ioprio);
1234 int (*task_getioprio) (struct task_struct * p);
1224 int (*task_setrlimit) (unsigned int resource, struct rlimit * new_rlim); 1235 int (*task_setrlimit) (unsigned int resource, struct rlimit * new_rlim);
1225 int (*task_setscheduler) (struct task_struct * p, int policy, 1236 int (*task_setscheduler) (struct task_struct * p, int policy,
1226 struct sched_param * lp); 1237 struct sched_param * lp);
1227 int (*task_getscheduler) (struct task_struct * p); 1238 int (*task_getscheduler) (struct task_struct * p);
1228 int (*task_movememory) (struct task_struct * p); 1239 int (*task_movememory) (struct task_struct * p);
1229 int (*task_kill) (struct task_struct * p, 1240 int (*task_kill) (struct task_struct * p,
1230 struct siginfo * info, int sig); 1241 struct siginfo * info, int sig, u32 secid);
1231 int (*task_wait) (struct task_struct * p); 1242 int (*task_wait) (struct task_struct * p);
1232 int (*task_prctl) (int option, unsigned long arg2, 1243 int (*task_prctl) (int option, unsigned long arg2,
1233 unsigned long arg3, unsigned long arg4, 1244 unsigned long arg3, unsigned long arg4,
@@ -1266,7 +1277,7 @@ struct security_operations {
1266 struct sembuf * sops, unsigned nsops, int alter); 1277 struct sembuf * sops, unsigned nsops, int alter);
1267 1278
1268 int (*netlink_send) (struct sock * sk, struct sk_buff * skb); 1279 int (*netlink_send) (struct sock * sk, struct sk_buff * skb);
1269 int (*netlink_recv) (struct sk_buff * skb); 1280 int (*netlink_recv) (struct sk_buff * skb, int cap);
1270 1281
1271 /* allow module stacking */ 1282 /* allow module stacking */
1272 int (*register_security) (const char *name, 1283 int (*register_security) (const char *name,
@@ -1838,6 +1849,11 @@ static inline int security_task_getsid (struct task_struct *p)
1838 return security_ops->task_getsid (p); 1849 return security_ops->task_getsid (p);
1839} 1850}
1840 1851
1852static inline void security_task_getsecid (struct task_struct *p, u32 *secid)
1853{
1854 security_ops->task_getsecid (p, secid);
1855}
1856
1841static inline int security_task_setgroups (struct group_info *group_info) 1857static inline int security_task_setgroups (struct group_info *group_info)
1842{ 1858{
1843 return security_ops->task_setgroups (group_info); 1859 return security_ops->task_setgroups (group_info);
@@ -1853,6 +1869,11 @@ static inline int security_task_setioprio (struct task_struct *p, int ioprio)
1853 return security_ops->task_setioprio (p, ioprio); 1869 return security_ops->task_setioprio (p, ioprio);
1854} 1870}
1855 1871
1872static inline int security_task_getioprio (struct task_struct *p)
1873{
1874 return security_ops->task_getioprio (p);
1875}
1876
1856static inline int security_task_setrlimit (unsigned int resource, 1877static inline int security_task_setrlimit (unsigned int resource,
1857 struct rlimit *new_rlim) 1878 struct rlimit *new_rlim)
1858{ 1879{
@@ -1877,9 +1898,10 @@ static inline int security_task_movememory (struct task_struct *p)
1877} 1898}
1878 1899
1879static inline int security_task_kill (struct task_struct *p, 1900static inline int security_task_kill (struct task_struct *p,
1880 struct siginfo *info, int sig) 1901 struct siginfo *info, int sig,
1902 u32 secid)
1881{ 1903{
1882 return security_ops->task_kill (p, info, sig); 1904 return security_ops->task_kill (p, info, sig, secid);
1883} 1905}
1884 1906
1885static inline int security_task_wait (struct task_struct *p) 1907static inline int security_task_wait (struct task_struct *p)
@@ -2032,9 +2054,9 @@ static inline int security_netlink_send(struct sock *sk, struct sk_buff * skb)
2032 return security_ops->netlink_send(sk, skb); 2054 return security_ops->netlink_send(sk, skb);
2033} 2055}
2034 2056
2035static inline int security_netlink_recv(struct sk_buff * skb) 2057static inline int security_netlink_recv(struct sk_buff * skb, int cap)
2036{ 2058{
2037 return security_ops->netlink_recv(skb); 2059 return security_ops->netlink_recv(skb, cap);
2038} 2060}
2039 2061
2040/* prototypes */ 2062/* prototypes */
@@ -2490,6 +2512,9 @@ static inline int security_task_getsid (struct task_struct *p)
2490 return 0; 2512 return 0;
2491} 2513}
2492 2514
2515static inline void security_task_getsecid (struct task_struct *p, u32 *secid)
2516{ }
2517
2493static inline int security_task_setgroups (struct group_info *group_info) 2518static inline int security_task_setgroups (struct group_info *group_info)
2494{ 2519{
2495 return 0; 2520 return 0;
@@ -2505,6 +2530,11 @@ static inline int security_task_setioprio (struct task_struct *p, int ioprio)
2505 return 0; 2530 return 0;
2506} 2531}
2507 2532
2533static inline int security_task_getioprio (struct task_struct *p)
2534{
2535 return 0;
2536}
2537
2508static inline int security_task_setrlimit (unsigned int resource, 2538static inline int security_task_setrlimit (unsigned int resource,
2509 struct rlimit *new_rlim) 2539 struct rlimit *new_rlim)
2510{ 2540{
@@ -2529,7 +2559,8 @@ static inline int security_task_movememory (struct task_struct *p)
2529} 2559}
2530 2560
2531static inline int security_task_kill (struct task_struct *p, 2561static inline int security_task_kill (struct task_struct *p,
2532 struct siginfo *info, int sig) 2562 struct siginfo *info, int sig,
2563 u32 secid)
2533{ 2564{
2534 return 0; 2565 return 0;
2535} 2566}
@@ -2670,9 +2701,9 @@ static inline int security_netlink_send (struct sock *sk, struct sk_buff *skb)
2670 return cap_netlink_send (sk, skb); 2701 return cap_netlink_send (sk, skb);
2671} 2702}
2672 2703
2673static inline int security_netlink_recv (struct sk_buff *skb) 2704static inline int security_netlink_recv (struct sk_buff *skb, int cap)
2674{ 2705{
2675 return cap_netlink_recv (skb); 2706 return cap_netlink_recv (skb, cap);
2676} 2707}
2677 2708
2678static inline struct dentry *securityfs_create_dir(const char *name, 2709static inline struct dentry *securityfs_create_dir(const char *name,