diff options
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 48 |
1 files changed, 45 insertions, 3 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 239e40d0450b..466cbadbd1ef 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -447,6 +447,22 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 447 | * @new_dir contains the path structure for parent of the new link. | 447 | * @new_dir contains the path structure for parent of the new link. |
| 448 | * @new_dentry contains the dentry structure of the new link. | 448 | * @new_dentry contains the dentry structure of the new link. |
| 449 | * Return 0 if permission is granted. | 449 | * Return 0 if permission is granted. |
| 450 | * @path_chmod: | ||
| 451 | * Check for permission to change DAC's permission of a file or directory. | ||
| 452 | * @dentry contains the dentry structure. | ||
| 453 | * @mnt contains the vfsmnt structure. | ||
| 454 | * @mode contains DAC's mode. | ||
| 455 | * Return 0 if permission is granted. | ||
| 456 | * @path_chown: | ||
| 457 | * Check for permission to change owner/group of a file or directory. | ||
| 458 | * @path contains the path structure. | ||
| 459 | * @uid contains new owner's ID. | ||
| 460 | * @gid contains new group's ID. | ||
| 461 | * Return 0 if permission is granted. | ||
| 462 | * @path_chroot: | ||
| 463 | * Check for permission to change root directory. | ||
| 464 | * @path contains the path structure. | ||
| 465 | * Return 0 if permission is granted. | ||
| 450 | * @inode_readlink: | 466 | * @inode_readlink: |
| 451 | * Check the permission to read the symbolic link. | 467 | * Check the permission to read the symbolic link. |
| 452 | * @dentry contains the dentry structure for the file link. | 468 | * @dentry contains the dentry structure for the file link. |
| @@ -690,6 +706,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 690 | * @kernel_module_request: | 706 | * @kernel_module_request: |
| 691 | * Ability to trigger the kernel to automatically upcall to userspace for | 707 | * Ability to trigger the kernel to automatically upcall to userspace for |
| 692 | * userspace to load a kernel module with the given name. | 708 | * userspace to load a kernel module with the given name. |
| 709 | * @kmod_name name of the module requested by the kernel | ||
| 693 | * Return 0 if successful. | 710 | * Return 0 if successful. |
| 694 | * @task_setuid: | 711 | * @task_setuid: |
| 695 | * Check permission before setting one or more of the user identity | 712 | * Check permission before setting one or more of the user identity |
| @@ -1488,6 +1505,10 @@ struct security_operations { | |||
| 1488 | struct dentry *new_dentry); | 1505 | struct dentry *new_dentry); |
| 1489 | int (*path_rename) (struct path *old_dir, struct dentry *old_dentry, | 1506 | int (*path_rename) (struct path *old_dir, struct dentry *old_dentry, |
| 1490 | struct path *new_dir, struct dentry *new_dentry); | 1507 | struct path *new_dir, struct dentry *new_dentry); |
| 1508 | int (*path_chmod) (struct dentry *dentry, struct vfsmount *mnt, | ||
| 1509 | mode_t mode); | ||
| 1510 | int (*path_chown) (struct path *path, uid_t uid, gid_t gid); | ||
| 1511 | int (*path_chroot) (struct path *path); | ||
| 1491 | #endif | 1512 | #endif |
| 1492 | 1513 | ||
| 1493 | int (*inode_alloc_security) (struct inode *inode); | 1514 | int (*inode_alloc_security) (struct inode *inode); |
| @@ -1557,7 +1578,7 @@ struct security_operations { | |||
| 1557 | void (*cred_transfer)(struct cred *new, const struct cred *old); | 1578 | void (*cred_transfer)(struct cred *new, const struct cred *old); |
| 1558 | int (*kernel_act_as)(struct cred *new, u32 secid); | 1579 | int (*kernel_act_as)(struct cred *new, u32 secid); |
| 1559 | int (*kernel_create_files_as)(struct cred *new, struct inode *inode); | 1580 | int (*kernel_create_files_as)(struct cred *new, struct inode *inode); |
| 1560 | int (*kernel_module_request)(void); | 1581 | int (*kernel_module_request)(char *kmod_name); |
| 1561 | int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); | 1582 | int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); |
| 1562 | int (*task_fix_setuid) (struct cred *new, const struct cred *old, | 1583 | int (*task_fix_setuid) (struct cred *new, const struct cred *old, |
| 1563 | int flags); | 1584 | int flags); |
| @@ -1822,7 +1843,7 @@ void security_commit_creds(struct cred *new, const struct cred *old); | |||
| 1822 | void security_transfer_creds(struct cred *new, const struct cred *old); | 1843 | void security_transfer_creds(struct cred *new, const struct cred *old); |
| 1823 | int security_kernel_act_as(struct cred *new, u32 secid); | 1844 | int security_kernel_act_as(struct cred *new, u32 secid); |
| 1824 | int security_kernel_create_files_as(struct cred *new, struct inode *inode); | 1845 | int security_kernel_create_files_as(struct cred *new, struct inode *inode); |
| 1825 | int security_kernel_module_request(void); | 1846 | int security_kernel_module_request(char *kmod_name); |
| 1826 | int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); | 1847 | int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); |
| 1827 | int security_task_fix_setuid(struct cred *new, const struct cred *old, | 1848 | int security_task_fix_setuid(struct cred *new, const struct cred *old, |
| 1828 | int flags); | 1849 | int flags); |
| @@ -2387,7 +2408,7 @@ static inline int security_kernel_create_files_as(struct cred *cred, | |||
| 2387 | return 0; | 2408 | return 0; |
| 2388 | } | 2409 | } |
| 2389 | 2410 | ||
| 2390 | static inline int security_kernel_module_request(void) | 2411 | static inline int security_kernel_module_request(char *kmod_name) |
| 2391 | { | 2412 | { |
| 2392 | return 0; | 2413 | return 0; |
| 2393 | } | 2414 | } |
| @@ -2952,6 +2973,10 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir, | |||
| 2952 | struct dentry *new_dentry); | 2973 | struct dentry *new_dentry); |
| 2953 | int security_path_rename(struct path *old_dir, struct dentry *old_dentry, | 2974 | int security_path_rename(struct path *old_dir, struct dentry *old_dentry, |
| 2954 | struct path *new_dir, struct dentry *new_dentry); | 2975 | struct path *new_dir, struct dentry *new_dentry); |
| 2976 | int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt, | ||
| 2977 | mode_t mode); | ||
| 2978 | int security_path_chown(struct path *path, uid_t uid, gid_t gid); | ||
| 2979 | int security_path_chroot(struct path *path); | ||
| 2955 | #else /* CONFIG_SECURITY_PATH */ | 2980 | #else /* CONFIG_SECURITY_PATH */ |
| 2956 | static inline int security_path_unlink(struct path *dir, struct dentry *dentry) | 2981 | static inline int security_path_unlink(struct path *dir, struct dentry *dentry) |
| 2957 | { | 2982 | { |
| @@ -3001,6 +3026,23 @@ static inline int security_path_rename(struct path *old_dir, | |||
| 3001 | { | 3026 | { |
| 3002 | return 0; | 3027 | return 0; |
| 3003 | } | 3028 | } |
| 3029 | |||
| 3030 | static inline int security_path_chmod(struct dentry *dentry, | ||
| 3031 | struct vfsmount *mnt, | ||
| 3032 | mode_t mode) | ||
| 3033 | { | ||
| 3034 | return 0; | ||
| 3035 | } | ||
| 3036 | |||
| 3037 | static inline int security_path_chown(struct path *path, uid_t uid, gid_t gid) | ||
| 3038 | { | ||
| 3039 | return 0; | ||
| 3040 | } | ||
| 3041 | |||
| 3042 | static inline int security_path_chroot(struct path *path) | ||
| 3043 | { | ||
| 3044 | return 0; | ||
| 3045 | } | ||
| 3004 | #endif /* CONFIG_SECURITY_PATH */ | 3046 | #endif /* CONFIG_SECURITY_PATH */ |
| 3005 | 3047 | ||
| 3006 | #ifdef CONFIG_KEYS | 3048 | #ifdef CONFIG_KEYS |