1 files changed, 36 insertions, 4 deletions

diff --git a/include/linux/security.h b/include/linux/security.h
index a300a3f2fe68..df591d289ec9 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -51,8 +51,14 @@ extern void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe);
 extern int cap_bprm_secureexec(struct linux_binprm *bprm);
 extern int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags);
 extern int cap_inode_removexattr(struct dentry *dentry, char *name);
+extern int cap_inode_need_killpriv(struct dentry *dentry);
+extern int cap_inode_killpriv(struct dentry *dentry);
 extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
 extern void cap_task_reparent_to_init (struct task_struct *p);
+extern int cap_task_kill(struct task_struct *p, struct siginfo *info, int sig, u32 secid);
+extern int cap_task_setscheduler (struct task_struct *p, int policy, struct sched_param *lp);
+extern int cap_task_setioprio (struct task_struct *p, int ioprio);
+extern int cap_task_setnice (struct task_struct *p, int nice);
 extern int cap_syslog (int type);
 extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
 
@@ -413,6 +419,18 @@ struct request_sock;
  *      is specified by @buffer_size.  @buffer may be NULL to request
  *      the size of the buffer required.
  *      Returns number of bytes used/required on success.
+ * @inode_need_killpriv:
+ *      Called when an inode has been changed.
+ *      @dentry is the dentry being changed.
+ *      Return <0 on error to abort the inode change operation.
+ *      Return 0 if inode_killpriv does not need to be called.
+ *      Return >0 if inode_killpriv does need to be called.
+ * @inode_killpriv:
+ *      The setuid bit is being removed.  Remove similar security labels.
+ *      Called with the dentry->d_inode->i_mutex held.
+ *      @dentry is the dentry being changed.
+ *      Return 0 on success.  If error is returned, then the operation
+ *      causing setuid bit removal is failed.
  *
  * Security hooks for file operations
  *
@@ -1239,6 +1257,8 @@ struct security_operations {
         int (*inode_getxattr) (struct dentry *dentry, char *name);
         int (*inode_listxattr) (struct dentry *dentry);
         int (*inode_removexattr) (struct dentry *dentry, char *name);
+        int (*inode_need_killpriv) (struct dentry *dentry);
+        int (*inode_killpriv) (struct dentry *dentry);
         const char *(*inode_xattr_getsuffix) (void);
         int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err);
         int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags);
@@ -1496,6 +1516,8 @@ void security_inode_post_setxattr(struct dentry *dentry, char *name,
 int security_inode_getxattr(struct dentry *dentry, char *name);
 int security_inode_listxattr(struct dentry *dentry);
 int security_inode_removexattr(struct dentry *dentry, char *name);
+int security_inode_need_killpriv(struct dentry *dentry);
+int security_inode_killpriv(struct dentry *dentry);
 const char *security_inode_xattr_getsuffix(void);
 int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err);
 int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
@@ -1891,6 +1913,16 @@ static inline int security_inode_removexattr (struct dentry *dentry, char *name)
         return cap_inode_removexattr(dentry, name);
 }
 
+static inline int security_inode_need_killpriv(struct dentry *dentry)
+{
+        return cap_inode_need_killpriv(dentry);
+}
+
+static inline int security_inode_killpriv(struct dentry *dentry)
+{
+        return cap_inode_killpriv(dentry);
+}
+
 static inline const char *security_inode_xattr_getsuffix (void)
 {
         return NULL ;
@@ -2035,12 +2067,12 @@ static inline int security_task_setgroups (struct group_info *group_info)
 
 static inline int security_task_setnice (struct task_struct *p, int nice)
 {
-        return 0;
+        return cap_task_setnice(p, nice);
 }
 
 static inline int security_task_setioprio (struct task_struct *p, int ioprio)
 {
-        return 0;
+        return cap_task_setioprio(p, ioprio);
 }
 
 static inline int security_task_getioprio (struct task_struct *p)
@@ -2058,7 +2090,7 @@ static inline int security_task_setscheduler (struct task_struct *p,
                                               int policy,
                                               struct sched_param *lp)
 {
-        return 0;
+        return cap_task_setscheduler(p, policy, lp);
 }
 
 static inline int security_task_getscheduler (struct task_struct *p)
@@ -2075,7 +2107,7 @@ static inline int security_task_kill (struct task_struct *p,
                                       struct siginfo *info, int sig,
                                       u32 secid)
 {
-        return 0;
+        return cap_task_kill(p, info, sig, secid);
 }
 
 static inline int security_task_wait (struct task_struct *p)