diff options
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 80 |
1 files changed, 65 insertions, 15 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 7cbef482e13a..aaa0a5cdbf75 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -869,6 +869,11 @@ struct swap_info_struct; | |||
| 869 | * @ipcp contains the kernel IPC permission structure | 869 | * @ipcp contains the kernel IPC permission structure |
| 870 | * @flag contains the desired (requested) permission set | 870 | * @flag contains the desired (requested) permission set |
| 871 | * Return 0 if permission is granted. | 871 | * Return 0 if permission is granted. |
| 872 | * @ipc_getsecurity: | ||
| 873 | * Copy the security label associated with the ipc object into | ||
| 874 | * @buffer. @buffer may be NULL to request the size of the buffer | ||
| 875 | * required. @size indicates the size of @buffer in bytes. Return | ||
| 876 | * number of bytes used/required on success. | ||
| 872 | * | 877 | * |
| 873 | * Security hooks for individual messages held in System V IPC message queues | 878 | * Security hooks for individual messages held in System V IPC message queues |
| 874 | * @msg_msg_alloc_security: | 879 | * @msg_msg_alloc_security: |
| @@ -1040,6 +1045,11 @@ struct swap_info_struct; | |||
| 1040 | * @effective contains the effective capability set. | 1045 | * @effective contains the effective capability set. |
| 1041 | * @inheritable contains the inheritable capability set. | 1046 | * @inheritable contains the inheritable capability set. |
| 1042 | * @permitted contains the permitted capability set. | 1047 | * @permitted contains the permitted capability set. |
| 1048 | * @capable: | ||
| 1049 | * Check whether the @tsk process has the @cap capability. | ||
| 1050 | * @tsk contains the task_struct for the process. | ||
| 1051 | * @cap contains the capability <include/linux/capability.h>. | ||
| 1052 | * Return 0 if the capability is granted for @tsk. | ||
| 1043 | * @acct: | 1053 | * @acct: |
| 1044 | * Check permission before enabling or disabling process accounting. If | 1054 | * Check permission before enabling or disabling process accounting. If |
| 1045 | * accounting is being enabled, then @file refers to the open file used to | 1055 | * accounting is being enabled, then @file refers to the open file used to |
| @@ -1053,11 +1063,6 @@ struct swap_info_struct; | |||
| 1053 | * @table contains the ctl_table structure for the sysctl variable. | 1063 | * @table contains the ctl_table structure for the sysctl variable. |
| 1054 | * @op contains the operation (001 = search, 002 = write, 004 = read). | 1064 | * @op contains the operation (001 = search, 002 = write, 004 = read). |
| 1055 | * Return 0 if permission is granted. | 1065 | * Return 0 if permission is granted. |
| 1056 | * @capable: | ||
| 1057 | * Check whether the @tsk process has the @cap capability. | ||
| 1058 | * @tsk contains the task_struct for the process. | ||
| 1059 | * @cap contains the capability <include/linux/capability.h>. | ||
| 1060 | * Return 0 if the capability is granted for @tsk. | ||
| 1061 | * @syslog: | 1066 | * @syslog: |
| 1062 | * Check permission before accessing the kernel message ring or changing | 1067 | * Check permission before accessing the kernel message ring or changing |
| 1063 | * logging to the console. | 1068 | * logging to the console. |
| @@ -1099,9 +1104,9 @@ struct security_operations { | |||
| 1099 | kernel_cap_t * effective, | 1104 | kernel_cap_t * effective, |
| 1100 | kernel_cap_t * inheritable, | 1105 | kernel_cap_t * inheritable, |
| 1101 | kernel_cap_t * permitted); | 1106 | kernel_cap_t * permitted); |
| 1107 | int (*capable) (struct task_struct * tsk, int cap); | ||
| 1102 | int (*acct) (struct file * file); | 1108 | int (*acct) (struct file * file); |
| 1103 | int (*sysctl) (struct ctl_table * table, int op); | 1109 | int (*sysctl) (struct ctl_table * table, int op); |
| 1104 | int (*capable) (struct task_struct * tsk, int cap); | ||
| 1105 | int (*quotactl) (int cmds, int type, int id, struct super_block * sb); | 1110 | int (*quotactl) (int cmds, int type, int id, struct super_block * sb); |
| 1106 | int (*quota_on) (struct dentry * dentry); | 1111 | int (*quota_on) (struct dentry * dentry); |
| 1107 | int (*syslog) (int type); | 1112 | int (*syslog) (int type); |
| @@ -1168,7 +1173,8 @@ struct security_operations { | |||
| 1168 | int (*inode_getxattr) (struct dentry *dentry, char *name); | 1173 | int (*inode_getxattr) (struct dentry *dentry, char *name); |
| 1169 | int (*inode_listxattr) (struct dentry *dentry); | 1174 | int (*inode_listxattr) (struct dentry *dentry); |
| 1170 | int (*inode_removexattr) (struct dentry *dentry, char *name); | 1175 | int (*inode_removexattr) (struct dentry *dentry, char *name); |
| 1171 | int (*inode_getsecurity)(struct inode *inode, const char *name, void *buffer, size_t size, int err); | 1176 | const char *(*inode_xattr_getsuffix) (void); |
| 1177 | int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err); | ||
| 1172 | int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); | 1178 | int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); |
| 1173 | int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); | 1179 | int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); |
| 1174 | 1180 | ||
| @@ -1217,6 +1223,7 @@ struct security_operations { | |||
| 1217 | void (*task_to_inode)(struct task_struct *p, struct inode *inode); | 1223 | void (*task_to_inode)(struct task_struct *p, struct inode *inode); |
| 1218 | 1224 | ||
| 1219 | int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); | 1225 | int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); |
| 1226 | int (*ipc_getsecurity)(struct kern_ipc_perm *ipcp, void *buffer, size_t size); | ||
| 1220 | 1227 | ||
| 1221 | int (*msg_msg_alloc_security) (struct msg_msg * msg); | 1228 | int (*msg_msg_alloc_security) (struct msg_msg * msg); |
| 1222 | void (*msg_msg_free_security) (struct msg_msg * msg); | 1229 | void (*msg_msg_free_security) (struct msg_msg * msg); |
| @@ -1286,7 +1293,8 @@ struct security_operations { | |||
| 1286 | int (*socket_setsockopt) (struct socket * sock, int level, int optname); | 1293 | int (*socket_setsockopt) (struct socket * sock, int level, int optname); |
| 1287 | int (*socket_shutdown) (struct socket * sock, int how); | 1294 | int (*socket_shutdown) (struct socket * sock, int how); |
| 1288 | int (*socket_sock_rcv_skb) (struct sock * sk, struct sk_buff * skb); | 1295 | int (*socket_sock_rcv_skb) (struct sock * sk, struct sk_buff * skb); |
| 1289 | int (*socket_getpeersec) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len); | 1296 | int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len); |
| 1297 | int (*socket_getpeersec_dgram) (struct sk_buff *skb, char **secdata, u32 *seclen); | ||
| 1290 | int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority); | 1298 | int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority); |
| 1291 | void (*sk_free_security) (struct sock *sk); | 1299 | void (*sk_free_security) (struct sock *sk); |
| 1292 | unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir); | 1300 | unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir); |
| @@ -1346,6 +1354,11 @@ static inline void security_capset_set (struct task_struct *target, | |||
| 1346 | security_ops->capset_set (target, effective, inheritable, permitted); | 1354 | security_ops->capset_set (target, effective, inheritable, permitted); |
| 1347 | } | 1355 | } |
| 1348 | 1356 | ||
| 1357 | static inline int security_capable(struct task_struct *tsk, int cap) | ||
| 1358 | { | ||
| 1359 | return security_ops->capable(tsk, cap); | ||
| 1360 | } | ||
| 1361 | |||
| 1349 | static inline int security_acct (struct file *file) | 1362 | static inline int security_acct (struct file *file) |
| 1350 | { | 1363 | { |
| 1351 | return security_ops->acct (file); | 1364 | return security_ops->acct (file); |
| @@ -1674,7 +1687,12 @@ static inline int security_inode_removexattr (struct dentry *dentry, char *name) | |||
| 1674 | return security_ops->inode_removexattr (dentry, name); | 1687 | return security_ops->inode_removexattr (dentry, name); |
| 1675 | } | 1688 | } |
| 1676 | 1689 | ||
| 1677 | static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) | 1690 | static inline const char *security_inode_xattr_getsuffix(void) |
| 1691 | { | ||
| 1692 | return security_ops->inode_xattr_getsuffix(); | ||
| 1693 | } | ||
| 1694 | |||
| 1695 | static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) | ||
| 1678 | { | 1696 | { |
| 1679 | if (unlikely (IS_PRIVATE (inode))) | 1697 | if (unlikely (IS_PRIVATE (inode))) |
| 1680 | return 0; | 1698 | return 0; |
| @@ -1869,6 +1887,11 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp, | |||
| 1869 | return security_ops->ipc_permission (ipcp, flag); | 1887 | return security_ops->ipc_permission (ipcp, flag); |
| 1870 | } | 1888 | } |
| 1871 | 1889 | ||
| 1890 | static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size) | ||
| 1891 | { | ||
| 1892 | return security_ops->ipc_getsecurity(ipcp, buffer, size); | ||
| 1893 | } | ||
| 1894 | |||
| 1872 | static inline int security_msg_msg_alloc (struct msg_msg * msg) | 1895 | static inline int security_msg_msg_alloc (struct msg_msg * msg) |
| 1873 | { | 1896 | { |
| 1874 | return security_ops->msg_msg_alloc_security (msg); | 1897 | return security_ops->msg_msg_alloc_security (msg); |
| @@ -2049,6 +2072,11 @@ static inline void security_capset_set (struct task_struct *target, | |||
| 2049 | cap_capset_set (target, effective, inheritable, permitted); | 2072 | cap_capset_set (target, effective, inheritable, permitted); |
| 2050 | } | 2073 | } |
| 2051 | 2074 | ||
| 2075 | static inline int security_capable(struct task_struct *tsk, int cap) | ||
| 2076 | { | ||
| 2077 | return cap_capable(tsk, cap); | ||
| 2078 | } | ||
| 2079 | |||
| 2052 | static inline int security_acct (struct file *file) | 2080 | static inline int security_acct (struct file *file) |
| 2053 | { | 2081 | { |
| 2054 | return 0; | 2082 | return 0; |
| @@ -2316,7 +2344,12 @@ static inline int security_inode_removexattr (struct dentry *dentry, char *name) | |||
| 2316 | return cap_inode_removexattr(dentry, name); | 2344 | return cap_inode_removexattr(dentry, name); |
| 2317 | } | 2345 | } |
| 2318 | 2346 | ||
| 2319 | static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) | 2347 | static inline const char *security_inode_xattr_getsuffix (void) |
| 2348 | { | ||
| 2349 | return NULL ; | ||
| 2350 | } | ||
| 2351 | |||
| 2352 | static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) | ||
| 2320 | { | 2353 | { |
| 2321 | return -EOPNOTSUPP; | 2354 | return -EOPNOTSUPP; |
| 2322 | } | 2355 | } |
| @@ -2499,6 +2532,11 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp, | |||
| 2499 | return 0; | 2532 | return 0; |
| 2500 | } | 2533 | } |
| 2501 | 2534 | ||
| 2535 | static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size) | ||
| 2536 | { | ||
| 2537 | return -EOPNOTSUPP; | ||
| 2538 | } | ||
| 2539 | |||
| 2502 | static inline int security_msg_msg_alloc (struct msg_msg * msg) | 2540 | static inline int security_msg_msg_alloc (struct msg_msg * msg) |
| 2503 | { | 2541 | { |
| 2504 | return 0; | 2542 | return 0; |
| @@ -2741,10 +2779,16 @@ static inline int security_sock_rcv_skb (struct sock * sk, | |||
| 2741 | return security_ops->socket_sock_rcv_skb (sk, skb); | 2779 | return security_ops->socket_sock_rcv_skb (sk, skb); |
| 2742 | } | 2780 | } |
| 2743 | 2781 | ||
| 2744 | static inline int security_socket_getpeersec(struct socket *sock, char __user *optval, | 2782 | static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, |
| 2745 | int __user *optlen, unsigned len) | 2783 | int __user *optlen, unsigned len) |
| 2784 | { | ||
| 2785 | return security_ops->socket_getpeersec_stream(sock, optval, optlen, len); | ||
| 2786 | } | ||
| 2787 | |||
| 2788 | static inline int security_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, | ||
| 2789 | u32 *seclen) | ||
| 2746 | { | 2790 | { |
| 2747 | return security_ops->socket_getpeersec(sock, optval, optlen, len); | 2791 | return security_ops->socket_getpeersec_dgram(skb, secdata, seclen); |
| 2748 | } | 2792 | } |
| 2749 | 2793 | ||
| 2750 | static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority) | 2794 | static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority) |
| @@ -2863,8 +2907,14 @@ static inline int security_sock_rcv_skb (struct sock * sk, | |||
| 2863 | return 0; | 2907 | return 0; |
| 2864 | } | 2908 | } |
| 2865 | 2909 | ||
| 2866 | static inline int security_socket_getpeersec(struct socket *sock, char __user *optval, | 2910 | static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, |
| 2867 | int __user *optlen, unsigned len) | 2911 | int __user *optlen, unsigned len) |
| 2912 | { | ||
| 2913 | return -ENOPROTOOPT; | ||
| 2914 | } | ||
| 2915 | |||
| 2916 | static inline int security_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, | ||
| 2917 | u32 *seclen) | ||
| 2868 | { | 2918 | { |
| 2869 | return -ENOPROTOOPT; | 2919 | return -ENOPROTOOPT; |
| 2870 | } | 2920 | } |