aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/security.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h180
1 files changed, 41 insertions, 139 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 7aab6ab7c57f..55b02e1c73f4 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -250,29 +250,37 @@ struct swap_info_struct;
250 * @inode contains the inode structure. 250 * @inode contains the inode structure.
251 * Deallocate the inode security structure and set @inode->i_security to 251 * Deallocate the inode security structure and set @inode->i_security to
252 * NULL. 252 * NULL.
253 * @inode_init_security:
254 * Obtain the security attribute name suffix and value to set on a newly
255 * created inode and set up the incore security field for the new inode.
256 * This hook is called by the fs code as part of the inode creation
257 * transaction and provides for atomic labeling of the inode, unlike
258 * the post_create/mkdir/... hooks called by the VFS. The hook function
259 * is expected to allocate the name and value via kmalloc, with the caller
260 * being responsible for calling kfree after using them.
261 * If the security module does not use security attributes or does
262 * not wish to put a security attribute on this particular inode,
263 * then it should return -EOPNOTSUPP to skip this processing.
264 * @inode contains the inode structure of the newly created inode.
265 * @dir contains the inode structure of the parent directory.
266 * @name will be set to the allocated name suffix (e.g. selinux).
267 * @value will be set to the allocated attribute value.
268 * @len will be set to the length of the value.
269 * Returns 0 if @name and @value have been successfully set,
270 * -EOPNOTSUPP if no security attribute is needed, or
271 * -ENOMEM on memory allocation failure.
253 * @inode_create: 272 * @inode_create:
254 * Check permission to create a regular file. 273 * Check permission to create a regular file.
255 * @dir contains inode structure of the parent of the new file. 274 * @dir contains inode structure of the parent of the new file.
256 * @dentry contains the dentry structure for the file to be created. 275 * @dentry contains the dentry structure for the file to be created.
257 * @mode contains the file mode of the file to be created. 276 * @mode contains the file mode of the file to be created.
258 * Return 0 if permission is granted. 277 * Return 0 if permission is granted.
259 * @inode_post_create:
260 * Set the security attributes on a newly created regular file. This hook
261 * is called after a file has been successfully created.
262 * @dir contains the inode structure of the parent directory of the new file.
263 * @dentry contains the the dentry structure for the newly created file.
264 * @mode contains the file mode.
265 * @inode_link: 278 * @inode_link:
266 * Check permission before creating a new hard link to a file. 279 * Check permission before creating a new hard link to a file.
267 * @old_dentry contains the dentry structure for an existing link to the file. 280 * @old_dentry contains the dentry structure for an existing link to the file.
268 * @dir contains the inode structure of the parent directory of the new link. 281 * @dir contains the inode structure of the parent directory of the new link.
269 * @new_dentry contains the dentry structure for the new link. 282 * @new_dentry contains the dentry structure for the new link.
270 * Return 0 if permission is granted. 283 * Return 0 if permission is granted.
271 * @inode_post_link:
272 * Set security attributes for a new hard link to a file.
273 * @old_dentry contains the dentry structure for the existing link.
274 * @dir contains the inode structure of the parent directory of the new file.
275 * @new_dentry contains the dentry structure for the new file link.
276 * @inode_unlink: 284 * @inode_unlink:
277 * Check the permission to remove a hard link to a file. 285 * Check the permission to remove a hard link to a file.
278 * @dir contains the inode structure of parent directory of the file. 286 * @dir contains the inode structure of parent directory of the file.
@@ -284,13 +292,6 @@ struct swap_info_struct;
284 * @dentry contains the dentry structure of the symbolic link. 292 * @dentry contains the dentry structure of the symbolic link.
285 * @old_name contains the pathname of file. 293 * @old_name contains the pathname of file.
286 * Return 0 if permission is granted. 294 * Return 0 if permission is granted.
287 * @inode_post_symlink:
288 * @dir contains the inode structure of the parent directory of the new link.
289 * @dentry contains the dentry structure of new symbolic link.
290 * @old_name contains the pathname of file.
291 * Set security attributes for a newly created symbolic link. Note that
292 * @dentry->d_inode may be NULL, since the filesystem might not
293 * instantiate the dentry (e.g. NFS).
294 * @inode_mkdir: 295 * @inode_mkdir:
295 * Check permissions to create a new directory in the existing directory 296 * Check permissions to create a new directory in the existing directory
296 * associated with inode strcture @dir. 297 * associated with inode strcture @dir.
@@ -298,11 +299,6 @@ struct swap_info_struct;
298 * @dentry contains the dentry structure of new directory. 299 * @dentry contains the dentry structure of new directory.
299 * @mode contains the mode of new directory. 300 * @mode contains the mode of new directory.
300 * Return 0 if permission is granted. 301 * Return 0 if permission is granted.
301 * @inode_post_mkdir:
302 * Set security attributes on a newly created directory.
303 * @dir contains the inode structure of parent of the directory to be created.
304 * @dentry contains the dentry structure of new directory.
305 * @mode contains the mode of new directory.
306 * @inode_rmdir: 302 * @inode_rmdir:
307 * Check the permission to remove a directory. 303 * Check the permission to remove a directory.
308 * @dir contains the inode structure of parent of the directory to be removed. 304 * @dir contains the inode structure of parent of the directory to be removed.
@@ -318,13 +314,6 @@ struct swap_info_struct;
318 * @mode contains the mode of the new file. 314 * @mode contains the mode of the new file.
319 * @dev contains the the device number. 315 * @dev contains the the device number.
320 * Return 0 if permission is granted. 316 * Return 0 if permission is granted.
321 * @inode_post_mknod:
322 * Set security attributes on a newly created special file (or socket or
323 * fifo file created via the mknod system call).
324 * @dir contains the inode structure of parent of the new node.
325 * @dentry contains the dentry structure of the new node.
326 * @mode contains the mode of the new node.
327 * @dev contains the the device number.
328 * @inode_rename: 317 * @inode_rename:
329 * Check for permission to rename a file or directory. 318 * Check for permission to rename a file or directory.
330 * @old_dir contains the inode structure for parent of the old link. 319 * @old_dir contains the inode structure for parent of the old link.
@@ -332,12 +321,6 @@ struct swap_info_struct;
332 * @new_dir contains the inode structure for parent of the new link. 321 * @new_dir contains the inode structure for parent of the new link.
333 * @new_dentry contains the dentry structure of the new link. 322 * @new_dentry contains the dentry structure of the new link.
334 * Return 0 if permission is granted. 323 * Return 0 if permission is granted.
335 * @inode_post_rename:
336 * Set security attributes on a renamed file or directory.
337 * @old_dir contains the inode structure for parent of the old link.
338 * @old_dentry contains the dentry structure of the old link.
339 * @new_dir contains the inode structure for parent of the new link.
340 * @new_dentry contains the dentry structure of the new link.
341 * @inode_readlink: 324 * @inode_readlink:
342 * Check the permission to read the symbolic link. 325 * Check the permission to read the symbolic link.
343 * @dentry contains the dentry structure for the file link. 326 * @dentry contains the dentry structure for the file link.
@@ -1080,34 +1063,21 @@ struct security_operations {
1080 1063
1081 int (*inode_alloc_security) (struct inode *inode); 1064 int (*inode_alloc_security) (struct inode *inode);
1082 void (*inode_free_security) (struct inode *inode); 1065 void (*inode_free_security) (struct inode *inode);
1066 int (*inode_init_security) (struct inode *inode, struct inode *dir,
1067 char **name, void **value, size_t *len);
1083 int (*inode_create) (struct inode *dir, 1068 int (*inode_create) (struct inode *dir,
1084 struct dentry *dentry, int mode); 1069 struct dentry *dentry, int mode);
1085 void (*inode_post_create) (struct inode *dir,
1086 struct dentry *dentry, int mode);
1087 int (*inode_link) (struct dentry *old_dentry, 1070 int (*inode_link) (struct dentry *old_dentry,
1088 struct inode *dir, struct dentry *new_dentry); 1071 struct inode *dir, struct dentry *new_dentry);
1089 void (*inode_post_link) (struct dentry *old_dentry,
1090 struct inode *dir, struct dentry *new_dentry);
1091 int (*inode_unlink) (struct inode *dir, struct dentry *dentry); 1072 int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
1092 int (*inode_symlink) (struct inode *dir, 1073 int (*inode_symlink) (struct inode *dir,
1093 struct dentry *dentry, const char *old_name); 1074 struct dentry *dentry, const char *old_name);
1094 void (*inode_post_symlink) (struct inode *dir,
1095 struct dentry *dentry,
1096 const char *old_name);
1097 int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, int mode); 1075 int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, int mode);
1098 void (*inode_post_mkdir) (struct inode *dir, struct dentry *dentry,
1099 int mode);
1100 int (*inode_rmdir) (struct inode *dir, struct dentry *dentry); 1076 int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
1101 int (*inode_mknod) (struct inode *dir, struct dentry *dentry, 1077 int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
1102 int mode, dev_t dev); 1078 int mode, dev_t dev);
1103 void (*inode_post_mknod) (struct inode *dir, struct dentry *dentry,
1104 int mode, dev_t dev);
1105 int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry, 1079 int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
1106 struct inode *new_dir, struct dentry *new_dentry); 1080 struct inode *new_dir, struct dentry *new_dentry);
1107 void (*inode_post_rename) (struct inode *old_dir,
1108 struct dentry *old_dentry,
1109 struct inode *new_dir,
1110 struct dentry *new_dentry);
1111 int (*inode_readlink) (struct dentry *dentry); 1081 int (*inode_readlink) (struct dentry *dentry);
1112 int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd); 1082 int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
1113 int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd); 1083 int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd);
@@ -1442,6 +1412,17 @@ static inline void security_inode_free (struct inode *inode)
1442 return; 1412 return;
1443 security_ops->inode_free_security (inode); 1413 security_ops->inode_free_security (inode);
1444} 1414}
1415
1416static inline int security_inode_init_security (struct inode *inode,
1417 struct inode *dir,
1418 char **name,
1419 void **value,
1420 size_t *len)
1421{
1422 if (unlikely (IS_PRIVATE (inode)))
1423 return -EOPNOTSUPP;
1424 return security_ops->inode_init_security (inode, dir, name, value, len);
1425}
1445 1426
1446static inline int security_inode_create (struct inode *dir, 1427static inline int security_inode_create (struct inode *dir,
1447 struct dentry *dentry, 1428 struct dentry *dentry,
@@ -1452,15 +1433,6 @@ static inline int security_inode_create (struct inode *dir,
1452 return security_ops->inode_create (dir, dentry, mode); 1433 return security_ops->inode_create (dir, dentry, mode);
1453} 1434}
1454 1435
1455static inline void security_inode_post_create (struct inode *dir,
1456 struct dentry *dentry,
1457 int mode)
1458{
1459 if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
1460 return;
1461 security_ops->inode_post_create (dir, dentry, mode);
1462}
1463
1464static inline int security_inode_link (struct dentry *old_dentry, 1436static inline int security_inode_link (struct dentry *old_dentry,
1465 struct inode *dir, 1437 struct inode *dir,
1466 struct dentry *new_dentry) 1438 struct dentry *new_dentry)
@@ -1470,15 +1442,6 @@ static inline int security_inode_link (struct dentry *old_dentry,
1470 return security_ops->inode_link (old_dentry, dir, new_dentry); 1442 return security_ops->inode_link (old_dentry, dir, new_dentry);
1471} 1443}
1472 1444
1473static inline void security_inode_post_link (struct dentry *old_dentry,
1474 struct inode *dir,
1475 struct dentry *new_dentry)
1476{
1477 if (new_dentry->d_inode && unlikely (IS_PRIVATE (new_dentry->d_inode)))
1478 return;
1479 security_ops->inode_post_link (old_dentry, dir, new_dentry);
1480}
1481
1482static inline int security_inode_unlink (struct inode *dir, 1445static inline int security_inode_unlink (struct inode *dir,
1483 struct dentry *dentry) 1446 struct dentry *dentry)
1484{ 1447{
@@ -1496,15 +1459,6 @@ static inline int security_inode_symlink (struct inode *dir,
1496 return security_ops->inode_symlink (dir, dentry, old_name); 1459 return security_ops->inode_symlink (dir, dentry, old_name);
1497} 1460}
1498 1461
1499static inline void security_inode_post_symlink (struct inode *dir,
1500 struct dentry *dentry,
1501 const char *old_name)
1502{
1503 if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
1504 return;
1505 security_ops->inode_post_symlink (dir, dentry, old_name);
1506}
1507
1508static inline int security_inode_mkdir (struct inode *dir, 1462static inline int security_inode_mkdir (struct inode *dir,
1509 struct dentry *dentry, 1463 struct dentry *dentry,
1510 int mode) 1464 int mode)
@@ -1514,15 +1468,6 @@ static inline int security_inode_mkdir (struct inode *dir,
1514 return security_ops->inode_mkdir (dir, dentry, mode); 1468 return security_ops->inode_mkdir (dir, dentry, mode);
1515} 1469}
1516 1470
1517static inline void security_inode_post_mkdir (struct inode *dir,
1518 struct dentry *dentry,
1519 int mode)
1520{
1521 if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
1522 return;
1523 security_ops->inode_post_mkdir (dir, dentry, mode);
1524}
1525
1526static inline int security_inode_rmdir (struct inode *dir, 1471static inline int security_inode_rmdir (struct inode *dir,
1527 struct dentry *dentry) 1472 struct dentry *dentry)
1528{ 1473{
@@ -1540,15 +1485,6 @@ static inline int security_inode_mknod (struct inode *dir,
1540 return security_ops->inode_mknod (dir, dentry, mode, dev); 1485 return security_ops->inode_mknod (dir, dentry, mode, dev);
1541} 1486}
1542 1487
1543static inline void security_inode_post_mknod (struct inode *dir,
1544 struct dentry *dentry,
1545 int mode, dev_t dev)
1546{
1547 if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
1548 return;
1549 security_ops->inode_post_mknod (dir, dentry, mode, dev);
1550}
1551
1552static inline int security_inode_rename (struct inode *old_dir, 1488static inline int security_inode_rename (struct inode *old_dir,
1553 struct dentry *old_dentry, 1489 struct dentry *old_dentry,
1554 struct inode *new_dir, 1490 struct inode *new_dir,
@@ -1561,18 +1497,6 @@ static inline int security_inode_rename (struct inode *old_dir,
1561 new_dir, new_dentry); 1497 new_dir, new_dentry);
1562} 1498}
1563 1499
1564static inline void security_inode_post_rename (struct inode *old_dir,
1565 struct dentry *old_dentry,
1566 struct inode *new_dir,
1567 struct dentry *new_dentry)
1568{
1569 if (unlikely (IS_PRIVATE (old_dentry->d_inode) ||
1570 (new_dentry->d_inode && IS_PRIVATE (new_dentry->d_inode))))
1571 return;
1572 security_ops->inode_post_rename (old_dir, old_dentry,
1573 new_dir, new_dentry);
1574}
1575
1576static inline int security_inode_readlink (struct dentry *dentry) 1500static inline int security_inode_readlink (struct dentry *dentry)
1577{ 1501{
1578 if (unlikely (IS_PRIVATE (dentry->d_inode))) 1502 if (unlikely (IS_PRIVATE (dentry->d_inode)))
@@ -2171,6 +2095,15 @@ static inline int security_inode_alloc (struct inode *inode)
2171 2095
2172static inline void security_inode_free (struct inode *inode) 2096static inline void security_inode_free (struct inode *inode)
2173{ } 2097{ }
2098
2099static inline int security_inode_init_security (struct inode *inode,
2100 struct inode *dir,
2101 char **name,
2102 void **value,
2103 size_t *len)
2104{
2105 return -EOPNOTSUPP;
2106}
2174 2107
2175static inline int security_inode_create (struct inode *dir, 2108static inline int security_inode_create (struct inode *dir,
2176 struct dentry *dentry, 2109 struct dentry *dentry,
@@ -2179,11 +2112,6 @@ static inline int security_inode_create (struct inode *dir,
2179 return 0; 2112 return 0;
2180} 2113}
2181 2114
2182static inline void security_inode_post_create (struct inode *dir,
2183 struct dentry *dentry,
2184 int mode)
2185{ }
2186
2187static inline int security_inode_link (struct dentry *old_dentry, 2115static inline int security_inode_link (struct dentry *old_dentry,
2188 struct inode *dir, 2116 struct inode *dir,
2189 struct dentry *new_dentry) 2117 struct dentry *new_dentry)
@@ -2191,11 +2119,6 @@ static inline int security_inode_link (struct dentry *old_dentry,
2191 return 0; 2119 return 0;
2192} 2120}
2193 2121
2194static inline void security_inode_post_link (struct dentry *old_dentry,
2195 struct inode *dir,
2196 struct dentry *new_dentry)
2197{ }
2198
2199static inline int security_inode_unlink (struct inode *dir, 2122static inline int security_inode_unlink (struct inode *dir,
2200 struct dentry *dentry) 2123 struct dentry *dentry)
2201{ 2124{
@@ -2209,11 +2132,6 @@ static inline int security_inode_symlink (struct inode *dir,
2209 return 0; 2132 return 0;
2210} 2133}
2211 2134
2212static inline void security_inode_post_symlink (struct inode *dir,
2213 struct dentry *dentry,
2214 const char *old_name)
2215{ }
2216
2217static inline int security_inode_mkdir (struct inode *dir, 2135static inline int security_inode_mkdir (struct inode *dir,
2218 struct dentry *dentry, 2136 struct dentry *dentry,
2219 int mode) 2137 int mode)
@@ -2221,11 +2139,6 @@ static inline int security_inode_mkdir (struct inode *dir,
2221 return 0; 2139 return 0;
2222} 2140}
2223 2141
2224static inline void security_inode_post_mkdir (struct inode *dir,
2225 struct dentry *dentry,
2226 int mode)
2227{ }
2228
2229static inline int security_inode_rmdir (struct inode *dir, 2142static inline int security_inode_rmdir (struct inode *dir,
2230 struct dentry *dentry) 2143 struct dentry *dentry)
2231{ 2144{
@@ -2239,11 +2152,6 @@ static inline int security_inode_mknod (struct inode *dir,
2239 return 0; 2152 return 0;
2240} 2153}
2241 2154
2242static inline void security_inode_post_mknod (struct inode *dir,
2243 struct dentry *dentry,
2244 int mode, dev_t dev)
2245{ }
2246
2247static inline int security_inode_rename (struct inode *old_dir, 2155static inline int security_inode_rename (struct inode *old_dir,
2248 struct dentry *old_dentry, 2156 struct dentry *old_dentry,
2249 struct inode *new_dir, 2157 struct inode *new_dir,
@@ -2252,12 +2160,6 @@ static inline int security_inode_rename (struct inode *old_dir,
2252 return 0; 2160 return 0;
2253} 2161}
2254 2162
2255static inline void security_inode_post_rename (struct inode *old_dir,
2256 struct dentry *old_dentry,
2257 struct inode *new_dir,
2258 struct dentry *new_dentry)
2259{ }
2260
2261static inline int security_inode_readlink (struct dentry *dentry) 2163static inline int security_inode_readlink (struct dentry *dentry)
2262{ 2164{
2263 return 0; 2165 return 0;
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-28 20:55:42 -0500