aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/security.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h55
1 files changed, 46 insertions, 9 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index b18eb8cfa639..aaa0a5cdbf75 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -869,6 +869,11 @@ struct swap_info_struct;
869 * @ipcp contains the kernel IPC permission structure 869 * @ipcp contains the kernel IPC permission structure
870 * @flag contains the desired (requested) permission set 870 * @flag contains the desired (requested) permission set
871 * Return 0 if permission is granted. 871 * Return 0 if permission is granted.
872 * @ipc_getsecurity:
873 * Copy the security label associated with the ipc object into
874 * @buffer. @buffer may be NULL to request the size of the buffer
875 * required. @size indicates the size of @buffer in bytes. Return
876 * number of bytes used/required on success.
872 * 877 *
873 * Security hooks for individual messages held in System V IPC message queues 878 * Security hooks for individual messages held in System V IPC message queues
874 * @msg_msg_alloc_security: 879 * @msg_msg_alloc_security:
@@ -1040,6 +1045,11 @@ struct swap_info_struct;
1040 * @effective contains the effective capability set. 1045 * @effective contains the effective capability set.
1041 * @inheritable contains the inheritable capability set. 1046 * @inheritable contains the inheritable capability set.
1042 * @permitted contains the permitted capability set. 1047 * @permitted contains the permitted capability set.
1048 * @capable:
1049 * Check whether the @tsk process has the @cap capability.
1050 * @tsk contains the task_struct for the process.
1051 * @cap contains the capability <include/linux/capability.h>.
1052 * Return 0 if the capability is granted for @tsk.
1043 * @acct: 1053 * @acct:
1044 * Check permission before enabling or disabling process accounting. If 1054 * Check permission before enabling or disabling process accounting. If
1045 * accounting is being enabled, then @file refers to the open file used to 1055 * accounting is being enabled, then @file refers to the open file used to
@@ -1053,11 +1063,6 @@ struct swap_info_struct;
1053 * @table contains the ctl_table structure for the sysctl variable. 1063 * @table contains the ctl_table structure for the sysctl variable.
1054 * @op contains the operation (001 = search, 002 = write, 004 = read). 1064 * @op contains the operation (001 = search, 002 = write, 004 = read).
1055 * Return 0 if permission is granted. 1065 * Return 0 if permission is granted.
1056 * @capable:
1057 * Check whether the @tsk process has the @cap capability.
1058 * @tsk contains the task_struct for the process.
1059 * @cap contains the capability <include/linux/capability.h>.
1060 * Return 0 if the capability is granted for @tsk.
1061 * @syslog: 1066 * @syslog:
1062 * Check permission before accessing the kernel message ring or changing 1067 * Check permission before accessing the kernel message ring or changing
1063 * logging to the console. 1068 * logging to the console.
@@ -1099,9 +1104,9 @@ struct security_operations {
1099 kernel_cap_t * effective, 1104 kernel_cap_t * effective,
1100 kernel_cap_t * inheritable, 1105 kernel_cap_t * inheritable,
1101 kernel_cap_t * permitted); 1106 kernel_cap_t * permitted);
1107 int (*capable) (struct task_struct * tsk, int cap);
1102 int (*acct) (struct file * file); 1108 int (*acct) (struct file * file);
1103 int (*sysctl) (struct ctl_table * table, int op); 1109 int (*sysctl) (struct ctl_table * table, int op);
1104 int (*capable) (struct task_struct * tsk, int cap);
1105 int (*quotactl) (int cmds, int type, int id, struct super_block * sb); 1110 int (*quotactl) (int cmds, int type, int id, struct super_block * sb);
1106 int (*quota_on) (struct dentry * dentry); 1111 int (*quota_on) (struct dentry * dentry);
1107 int (*syslog) (int type); 1112 int (*syslog) (int type);
@@ -1168,7 +1173,8 @@ struct security_operations {
1168 int (*inode_getxattr) (struct dentry *dentry, char *name); 1173 int (*inode_getxattr) (struct dentry *dentry, char *name);
1169 int (*inode_listxattr) (struct dentry *dentry); 1174 int (*inode_listxattr) (struct dentry *dentry);
1170 int (*inode_removexattr) (struct dentry *dentry, char *name); 1175 int (*inode_removexattr) (struct dentry *dentry, char *name);
1171 int (*inode_getsecurity)(struct inode *inode, const char *name, void *buffer, size_t size, int err); 1176 const char *(*inode_xattr_getsuffix) (void);
1177 int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err);
1172 int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); 1178 int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags);
1173 int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); 1179 int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size);
1174 1180
@@ -1217,6 +1223,7 @@ struct security_operations {
1217 void (*task_to_inode)(struct task_struct *p, struct inode *inode); 1223 void (*task_to_inode)(struct task_struct *p, struct inode *inode);
1218 1224
1219 int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); 1225 int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag);
1226 int (*ipc_getsecurity)(struct kern_ipc_perm *ipcp, void *buffer, size_t size);
1220 1227
1221 int (*msg_msg_alloc_security) (struct msg_msg * msg); 1228 int (*msg_msg_alloc_security) (struct msg_msg * msg);
1222 void (*msg_msg_free_security) (struct msg_msg * msg); 1229 void (*msg_msg_free_security) (struct msg_msg * msg);
@@ -1347,6 +1354,11 @@ static inline void security_capset_set (struct task_struct *target,
1347 security_ops->capset_set (target, effective, inheritable, permitted); 1354 security_ops->capset_set (target, effective, inheritable, permitted);
1348} 1355}
1349 1356
1357static inline int security_capable(struct task_struct *tsk, int cap)
1358{
1359 return security_ops->capable(tsk, cap);
1360}
1361
1350static inline int security_acct (struct file *file) 1362static inline int security_acct (struct file *file)
1351{ 1363{
1352 return security_ops->acct (file); 1364 return security_ops->acct (file);
@@ -1675,7 +1687,12 @@ static inline int security_inode_removexattr (struct dentry *dentry, char *name)
1675 return security_ops->inode_removexattr (dentry, name); 1687 return security_ops->inode_removexattr (dentry, name);
1676} 1688}
1677 1689
1678static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) 1690static inline const char *security_inode_xattr_getsuffix(void)
1691{
1692 return security_ops->inode_xattr_getsuffix();
1693}
1694
1695static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
1679{ 1696{
1680 if (unlikely (IS_PRIVATE (inode))) 1697 if (unlikely (IS_PRIVATE (inode)))
1681 return 0; 1698 return 0;
@@ -1870,6 +1887,11 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
1870 return security_ops->ipc_permission (ipcp, flag); 1887 return security_ops->ipc_permission (ipcp, flag);
1871} 1888}
1872 1889
1890static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
1891{
1892 return security_ops->ipc_getsecurity(ipcp, buffer, size);
1893}
1894
1873static inline int security_msg_msg_alloc (struct msg_msg * msg) 1895static inline int security_msg_msg_alloc (struct msg_msg * msg)
1874{ 1896{
1875 return security_ops->msg_msg_alloc_security (msg); 1897 return security_ops->msg_msg_alloc_security (msg);
@@ -2050,6 +2072,11 @@ static inline void security_capset_set (struct task_struct *target,
2050 cap_capset_set (target, effective, inheritable, permitted); 2072 cap_capset_set (target, effective, inheritable, permitted);
2051} 2073}
2052 2074
2075static inline int security_capable(struct task_struct *tsk, int cap)
2076{
2077 return cap_capable(tsk, cap);
2078}
2079
2053static inline int security_acct (struct file *file) 2080static inline int security_acct (struct file *file)
2054{ 2081{
2055 return 0; 2082 return 0;
@@ -2317,7 +2344,12 @@ static inline int security_inode_removexattr (struct dentry *dentry, char *name)
2317 return cap_inode_removexattr(dentry, name); 2344 return cap_inode_removexattr(dentry, name);
2318} 2345}
2319 2346
2320static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) 2347static inline const char *security_inode_xattr_getsuffix (void)
2348{
2349 return NULL ;
2350}
2351
2352static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
2321{ 2353{
2322 return -EOPNOTSUPP; 2354 return -EOPNOTSUPP;
2323} 2355}
@@ -2500,6 +2532,11 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
2500 return 0; 2532 return 0;
2501} 2533}
2502 2534
2535static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
2536{
2537 return -EOPNOTSUPP;
2538}
2539
2503static inline int security_msg_msg_alloc (struct msg_msg * msg) 2540static inline int security_msg_msg_alloc (struct msg_msg * msg)
2504{ 2541{
2505 return 0; 2542 return 0;
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-17 04:51:03 -0500