aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/security.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h55
1 files changed, 44 insertions, 11 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 4dfb1b84a9b3..d2c17bd91a29 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -171,9 +171,9 @@ struct swap_info_struct;
171 * Deallocate and clear the sb->s_security field. 171 * Deallocate and clear the sb->s_security field.
172 * @sb contains the super_block structure to be modified. 172 * @sb contains the super_block structure to be modified.
173 * @sb_statfs: 173 * @sb_statfs:
174 * Check permission before obtaining filesystem statistics for the @sb 174 * Check permission before obtaining filesystem statistics for the @mnt
175 * filesystem. 175 * mountpoint.
176 * @sb contains the super_block structure for the filesystem. 176 * @dentry is a handle on the superblock for the filesystem.
177 * Return 0 if permission is granted. 177 * Return 0 if permission is granted.
178 * @sb_mount: 178 * @sb_mount:
179 * Check permission before an object specified by @dev_name is mounted on 179 * Check permission before an object specified by @dev_name is mounted on
@@ -577,6 +577,11 @@ struct swap_info_struct;
577 * @p contains the task_struct of process. 577 * @p contains the task_struct of process.
578 * @nice contains the new nice value. 578 * @nice contains the new nice value.
579 * Return 0 if permission is granted. 579 * Return 0 if permission is granted.
580 * @task_setioprio
581 * Check permission before setting the ioprio value of @p to @ioprio.
582 * @p contains the task_struct of process.
583 * @ioprio contains the new ioprio value
584 * Return 0 if permission is granted.
580 * @task_setrlimit: 585 * @task_setrlimit:
581 * Check permission before setting the resource limits of the current 586 * Check permission before setting the resource limits of the current
582 * process for @resource to @new_rlim. The old resource limit values can 587 * process for @resource to @new_rlim. The old resource limit values can
@@ -596,6 +601,10 @@ struct swap_info_struct;
596 * @p. 601 * @p.
597 * @p contains the task_struct for process. 602 * @p contains the task_struct for process.
598 * Return 0 if permission is granted. 603 * Return 0 if permission is granted.
604 * @task_movememory
605 * Check permission before moving memory owned by process @p.
606 * @p contains the task_struct for process.
607 * Return 0 if permission is granted.
599 * @task_kill: 608 * @task_kill:
600 * Check permission before sending signal @sig to @p. @info can be NULL, 609 * Check permission before sending signal @sig to @p. @info can be NULL,
601 * the constant 1, or a pointer to a siginfo structure. If @info is 1 or 610 * the constant 1, or a pointer to a siginfo structure. If @info is 1 or
@@ -1127,7 +1136,7 @@ struct security_operations {
1127 int (*sb_copy_data)(struct file_system_type *type, 1136 int (*sb_copy_data)(struct file_system_type *type,
1128 void *orig, void *copy); 1137 void *orig, void *copy);
1129 int (*sb_kern_mount) (struct super_block *sb, void *data); 1138 int (*sb_kern_mount) (struct super_block *sb, void *data);
1130 int (*sb_statfs) (struct super_block * sb); 1139 int (*sb_statfs) (struct dentry *dentry);
1131 int (*sb_mount) (char *dev_name, struct nameidata * nd, 1140 int (*sb_mount) (char *dev_name, struct nameidata * nd,
1132 char *type, unsigned long flags, void *data); 1141 char *type, unsigned long flags, void *data);
1133 int (*sb_check_sb) (struct vfsmount * mnt, struct nameidata * nd); 1142 int (*sb_check_sb) (struct vfsmount * mnt, struct nameidata * nd);
@@ -1210,10 +1219,12 @@ struct security_operations {
1210 int (*task_getsid) (struct task_struct * p); 1219 int (*task_getsid) (struct task_struct * p);
1211 int (*task_setgroups) (struct group_info *group_info); 1220 int (*task_setgroups) (struct group_info *group_info);
1212 int (*task_setnice) (struct task_struct * p, int nice); 1221 int (*task_setnice) (struct task_struct * p, int nice);
1222 int (*task_setioprio) (struct task_struct * p, int ioprio);
1213 int (*task_setrlimit) (unsigned int resource, struct rlimit * new_rlim); 1223 int (*task_setrlimit) (unsigned int resource, struct rlimit * new_rlim);
1214 int (*task_setscheduler) (struct task_struct * p, int policy, 1224 int (*task_setscheduler) (struct task_struct * p, int policy,
1215 struct sched_param * lp); 1225 struct sched_param * lp);
1216 int (*task_getscheduler) (struct task_struct * p); 1226 int (*task_getscheduler) (struct task_struct * p);
1227 int (*task_movememory) (struct task_struct * p);
1217 int (*task_kill) (struct task_struct * p, 1228 int (*task_kill) (struct task_struct * p,
1218 struct siginfo * info, int sig); 1229 struct siginfo * info, int sig);
1219 int (*task_wait) (struct task_struct * p); 1230 int (*task_wait) (struct task_struct * p);
@@ -1313,7 +1324,7 @@ struct security_operations {
1313 1324
1314 /* key management security hooks */ 1325 /* key management security hooks */
1315#ifdef CONFIG_KEYS 1326#ifdef CONFIG_KEYS
1316 int (*key_alloc)(struct key *key); 1327 int (*key_alloc)(struct key *key, struct task_struct *tsk);
1317 void (*key_free)(struct key *key); 1328 void (*key_free)(struct key *key);
1318 int (*key_permission)(key_ref_t key_ref, 1329 int (*key_permission)(key_ref_t key_ref,
1319 struct task_struct *context, 1330 struct task_struct *context,
@@ -1450,9 +1461,9 @@ static inline int security_sb_kern_mount (struct super_block *sb, void *data)
1450 return security_ops->sb_kern_mount (sb, data); 1461 return security_ops->sb_kern_mount (sb, data);
1451} 1462}
1452 1463
1453static inline int security_sb_statfs (struct super_block *sb) 1464static inline int security_sb_statfs (struct dentry *dentry)
1454{ 1465{
1455 return security_ops->sb_statfs (sb); 1466 return security_ops->sb_statfs (dentry);
1456} 1467}
1457 1468
1458static inline int security_sb_mount (char *dev_name, struct nameidata *nd, 1469static inline int security_sb_mount (char *dev_name, struct nameidata *nd,
@@ -1836,6 +1847,11 @@ static inline int security_task_setnice (struct task_struct *p, int nice)
1836 return security_ops->task_setnice (p, nice); 1847 return security_ops->task_setnice (p, nice);
1837} 1848}
1838 1849
1850static inline int security_task_setioprio (struct task_struct *p, int ioprio)
1851{
1852 return security_ops->task_setioprio (p, ioprio);
1853}
1854
1839static inline int security_task_setrlimit (unsigned int resource, 1855static inline int security_task_setrlimit (unsigned int resource,
1840 struct rlimit *new_rlim) 1856 struct rlimit *new_rlim)
1841{ 1857{
@@ -1854,6 +1870,11 @@ static inline int security_task_getscheduler (struct task_struct *p)
1854 return security_ops->task_getscheduler (p); 1870 return security_ops->task_getscheduler (p);
1855} 1871}
1856 1872
1873static inline int security_task_movememory (struct task_struct *p)
1874{
1875 return security_ops->task_movememory (p);
1876}
1877
1857static inline int security_task_kill (struct task_struct *p, 1878static inline int security_task_kill (struct task_struct *p,
1858 struct siginfo *info, int sig) 1879 struct siginfo *info, int sig)
1859{ 1880{
@@ -2162,7 +2183,7 @@ static inline int security_sb_kern_mount (struct super_block *sb, void *data)
2162 return 0; 2183 return 0;
2163} 2184}
2164 2185
2165static inline int security_sb_statfs (struct super_block *sb) 2186static inline int security_sb_statfs (struct dentry *dentry)
2166{ 2187{
2167 return 0; 2188 return 0;
2168} 2189}
@@ -2478,6 +2499,11 @@ static inline int security_task_setnice (struct task_struct *p, int nice)
2478 return 0; 2499 return 0;
2479} 2500}
2480 2501
2502static inline int security_task_setioprio (struct task_struct *p, int ioprio)
2503{
2504 return 0;
2505}
2506
2481static inline int security_task_setrlimit (unsigned int resource, 2507static inline int security_task_setrlimit (unsigned int resource,
2482 struct rlimit *new_rlim) 2508 struct rlimit *new_rlim)
2483{ 2509{
@@ -2496,6 +2522,11 @@ static inline int security_task_getscheduler (struct task_struct *p)
2496 return 0; 2522 return 0;
2497} 2523}
2498 2524
2525static inline int security_task_movememory (struct task_struct *p)
2526{
2527 return 0;
2528}
2529
2499static inline int security_task_kill (struct task_struct *p, 2530static inline int security_task_kill (struct task_struct *p,
2500 struct siginfo *info, int sig) 2531 struct siginfo *info, int sig)
2501{ 2532{
@@ -3008,9 +3039,10 @@ static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid
3008 3039
3009#ifdef CONFIG_KEYS 3040#ifdef CONFIG_KEYS
3010#ifdef CONFIG_SECURITY 3041#ifdef CONFIG_SECURITY
3011static inline int security_key_alloc(struct key *key) 3042static inline int security_key_alloc(struct key *key,
3043 struct task_struct *tsk)
3012{ 3044{
3013 return security_ops->key_alloc(key); 3045 return security_ops->key_alloc(key, tsk);
3014} 3046}
3015 3047
3016static inline void security_key_free(struct key *key) 3048static inline void security_key_free(struct key *key)
@@ -3027,7 +3059,8 @@ static inline int security_key_permission(key_ref_t key_ref,
3027 3059
3028#else 3060#else
3029 3061
3030static inline int security_key_alloc(struct key *key) 3062static inline int security_key_alloc(struct key *key,
3063 struct task_struct *tsk)
3031{ 3064{
3032 return 0; 3065 return 0;
3033} 3066}
generated by cgit v1.2.2 (git 2.25.0) at 2024-09-21 10:32:32 -0400