diff options
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index c13f1cec9abb..5fe28a671cd3 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -37,6 +37,10 @@ | |||
| 37 | /* Maximum number of letters for an LSM name string */ | 37 | /* Maximum number of letters for an LSM name string */ |
| 38 | #define SECURITY_NAME_MAX 10 | 38 | #define SECURITY_NAME_MAX 10 |
| 39 | 39 | ||
| 40 | /* If capable should audit the security request */ | ||
| 41 | #define SECURITY_CAP_NOAUDIT 0 | ||
| 42 | #define SECURITY_CAP_AUDIT 1 | ||
| 43 | |||
| 40 | struct ctl_table; | 44 | struct ctl_table; |
| 41 | struct audit_krule; | 45 | struct audit_krule; |
| 42 | 46 | ||
| @@ -44,7 +48,7 @@ struct audit_krule; | |||
| 44 | * These functions are in security/capability.c and are used | 48 | * These functions are in security/capability.c and are used |
| 45 | * as the default capabilities functions | 49 | * as the default capabilities functions |
| 46 | */ | 50 | */ |
| 47 | extern int cap_capable(struct task_struct *tsk, int cap); | 51 | extern int cap_capable(struct task_struct *tsk, int cap, int audit); |
| 48 | extern int cap_settime(struct timespec *ts, struct timezone *tz); | 52 | extern int cap_settime(struct timespec *ts, struct timezone *tz); |
| 49 | extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); | 53 | extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); |
| 50 | extern int cap_ptrace_traceme(struct task_struct *parent); | 54 | extern int cap_ptrace_traceme(struct task_struct *parent); |
| @@ -1307,7 +1311,7 @@ struct security_operations { | |||
| 1307 | kernel_cap_t *effective, | 1311 | kernel_cap_t *effective, |
| 1308 | kernel_cap_t *inheritable, | 1312 | kernel_cap_t *inheritable, |
| 1309 | kernel_cap_t *permitted); | 1313 | kernel_cap_t *permitted); |
| 1310 | int (*capable) (struct task_struct *tsk, int cap); | 1314 | int (*capable) (struct task_struct *tsk, int cap, int audit); |
| 1311 | int (*acct) (struct file *file); | 1315 | int (*acct) (struct file *file); |
| 1312 | int (*sysctl) (struct ctl_table *table, int op); | 1316 | int (*sysctl) (struct ctl_table *table, int op); |
| 1313 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); | 1317 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); |
| @@ -1577,6 +1581,7 @@ void security_capset_set(struct task_struct *target, | |||
| 1577 | kernel_cap_t *inheritable, | 1581 | kernel_cap_t *inheritable, |
| 1578 | kernel_cap_t *permitted); | 1582 | kernel_cap_t *permitted); |
| 1579 | int security_capable(struct task_struct *tsk, int cap); | 1583 | int security_capable(struct task_struct *tsk, int cap); |
| 1584 | int security_capable_noaudit(struct task_struct *tsk, int cap); | ||
| 1580 | int security_acct(struct file *file); | 1585 | int security_acct(struct file *file); |
| 1581 | int security_sysctl(struct ctl_table *table, int op); | 1586 | int security_sysctl(struct ctl_table *table, int op); |
| 1582 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); | 1587 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); |
| @@ -1782,7 +1787,12 @@ static inline void security_capset_set(struct task_struct *target, | |||
| 1782 | 1787 | ||
| 1783 | static inline int security_capable(struct task_struct *tsk, int cap) | 1788 | static inline int security_capable(struct task_struct *tsk, int cap) |
| 1784 | { | 1789 | { |
| 1785 | return cap_capable(tsk, cap); | 1790 | return cap_capable(tsk, cap, SECURITY_CAP_AUDIT); |
| 1791 | } | ||
| 1792 | |||
| 1793 | static inline int security_capable_noaudit(struct task_struct *tsk, int cap) | ||
| 1794 | { | ||
| 1795 | return cap_capable(tsk, cap, SECURITY_CAP_NOAUDIT); | ||
| 1786 | } | 1796 | } |
| 1787 | 1797 | ||
| 1788 | static inline int security_acct(struct file *file) | 1798 | static inline int security_acct(struct file *file) |