diff options
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index fd4d55fb8845..c642bb8b8f5a 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -457,7 +457,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 457 | * called when the actual read/write operations are performed. | 457 | * called when the actual read/write operations are performed. |
| 458 | * @inode contains the inode structure to check. | 458 | * @inode contains the inode structure to check. |
| 459 | * @mask contains the permission mask. | 459 | * @mask contains the permission mask. |
| 460 | * @nd contains the nameidata (may be NULL). | ||
| 461 | * Return 0 if permission is granted. | 460 | * Return 0 if permission is granted. |
| 462 | * @inode_setattr: | 461 | * @inode_setattr: |
| 463 | * Check permission before setting file attributes. Note that the kernel | 462 | * Check permission before setting file attributes. Note that the kernel |
| @@ -796,8 +795,9 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 796 | * @unix_stream_connect: | 795 | * @unix_stream_connect: |
| 797 | * Check permissions before establishing a Unix domain stream connection | 796 | * Check permissions before establishing a Unix domain stream connection |
| 798 | * between @sock and @other. | 797 | * between @sock and @other. |
| 799 | * @sock contains the socket structure. | 798 | * @sock contains the sock structure. |
| 800 | * @other contains the peer socket structure. | 799 | * @other contains the peer sock structure. |
| 800 | * @newsk contains the new sock structure. | ||
| 801 | * Return 0 if permission is granted. | 801 | * Return 0 if permission is granted. |
| 802 | * @unix_may_send: | 802 | * @unix_may_send: |
| 803 | * Check permissions before connecting or sending datagrams from @sock to | 803 | * Check permissions before connecting or sending datagrams from @sock to |
| @@ -1058,8 +1058,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 1058 | * @cred points to the credentials to provide the context against which to | 1058 | * @cred points to the credentials to provide the context against which to |
| 1059 | * evaluate the security data on the key. | 1059 | * evaluate the security data on the key. |
| 1060 | * @perm describes the combination of permissions required of this key. | 1060 | * @perm describes the combination of permissions required of this key. |
| 1061 | * Return 1 if permission granted, 0 if permission denied and -ve it the | 1061 | * Return 0 if permission is granted, -ve error otherwise. |
| 1062 | * normal permissions model should be effected. | ||
| 1063 | * @key_getsecurity: | 1062 | * @key_getsecurity: |
| 1064 | * Get a textual representation of the security context attached to a key | 1063 | * Get a textual representation of the security context attached to a key |
| 1065 | * for the purposes of honouring KEYCTL_GETSECURITY. This function | 1064 | * for the purposes of honouring KEYCTL_GETSECURITY. This function |
| @@ -1568,8 +1567,7 @@ struct security_operations { | |||
| 1568 | int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen); | 1567 | int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen); |
| 1569 | 1568 | ||
| 1570 | #ifdef CONFIG_SECURITY_NETWORK | 1569 | #ifdef CONFIG_SECURITY_NETWORK |
| 1571 | int (*unix_stream_connect) (struct socket *sock, | 1570 | int (*unix_stream_connect) (struct sock *sock, struct sock *other, struct sock *newsk); |
| 1572 | struct socket *other, struct sock *newsk); | ||
| 1573 | int (*unix_may_send) (struct socket *sock, struct socket *other); | 1571 | int (*unix_may_send) (struct socket *sock, struct socket *other); |
| 1574 | 1572 | ||
| 1575 | int (*socket_create) (int family, int type, int protocol, int kern); | 1573 | int (*socket_create) (int family, int type, int protocol, int kern); |
| @@ -1713,6 +1711,7 @@ int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, | |||
| 1713 | int security_inode_readlink(struct dentry *dentry); | 1711 | int security_inode_readlink(struct dentry *dentry); |
| 1714 | int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); | 1712 | int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); |
| 1715 | int security_inode_permission(struct inode *inode, int mask); | 1713 | int security_inode_permission(struct inode *inode, int mask); |
| 1714 | int security_inode_exec_permission(struct inode *inode, unsigned int flags); | ||
| 1716 | int security_inode_setattr(struct dentry *dentry, struct iattr *attr); | 1715 | int security_inode_setattr(struct dentry *dentry, struct iattr *attr); |
| 1717 | int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); | 1716 | int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); |
| 1718 | int security_inode_setxattr(struct dentry *dentry, const char *name, | 1717 | int security_inode_setxattr(struct dentry *dentry, const char *name, |
| @@ -2102,6 +2101,12 @@ static inline int security_inode_permission(struct inode *inode, int mask) | |||
| 2102 | return 0; | 2101 | return 0; |
| 2103 | } | 2102 | } |
| 2104 | 2103 | ||
| 2104 | static inline int security_inode_exec_permission(struct inode *inode, | ||
| 2105 | unsigned int flags) | ||
| 2106 | { | ||
| 2107 | return 0; | ||
| 2108 | } | ||
| 2109 | |||
| 2105 | static inline int security_inode_setattr(struct dentry *dentry, | 2110 | static inline int security_inode_setattr(struct dentry *dentry, |
| 2106 | struct iattr *attr) | 2111 | struct iattr *attr) |
| 2107 | { | 2112 | { |
| @@ -2525,8 +2530,7 @@ static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 | |||
| 2525 | 2530 | ||
| 2526 | #ifdef CONFIG_SECURITY_NETWORK | 2531 | #ifdef CONFIG_SECURITY_NETWORK |
| 2527 | 2532 | ||
| 2528 | int security_unix_stream_connect(struct socket *sock, struct socket *other, | 2533 | int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk); |
| 2529 | struct sock *newsk); | ||
| 2530 | int security_unix_may_send(struct socket *sock, struct socket *other); | 2534 | int security_unix_may_send(struct socket *sock, struct socket *other); |
| 2531 | int security_socket_create(int family, int type, int protocol, int kern); | 2535 | int security_socket_create(int family, int type, int protocol, int kern); |
| 2532 | int security_socket_post_create(struct socket *sock, int family, | 2536 | int security_socket_post_create(struct socket *sock, int family, |
| @@ -2567,8 +2571,8 @@ void security_tun_dev_post_create(struct sock *sk); | |||
| 2567 | int security_tun_dev_attach(struct sock *sk); | 2571 | int security_tun_dev_attach(struct sock *sk); |
| 2568 | 2572 | ||
| 2569 | #else /* CONFIG_SECURITY_NETWORK */ | 2573 | #else /* CONFIG_SECURITY_NETWORK */ |
| 2570 | static inline int security_unix_stream_connect(struct socket *sock, | 2574 | static inline int security_unix_stream_connect(struct sock *sock, |
| 2571 | struct socket *other, | 2575 | struct sock *other, |
| 2572 | struct sock *newsk) | 2576 | struct sock *newsk) |
| 2573 | { | 2577 | { |
| 2574 | return 0; | 2578 | return 0; |