1 files changed, 52 insertions, 3 deletions

diff --git a/include/linux/security.h b/include/linux/security.h
index 239e40d0450b..2c627d361c02 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -95,8 +95,13 @@ struct seq_file;
 extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
 extern int cap_netlink_recv(struct sk_buff *skb, int cap);
 
+#ifdef CONFIG_MMU
 extern unsigned long mmap_min_addr;
 extern unsigned long dac_mmap_min_addr;
+#else
+#define dac_mmap_min_addr       0UL
+#endif
+
 /*
  * Values used in the task_security_ops calls
  */
@@ -121,6 +126,7 @@ struct request_sock;
 #define LSM_UNSAFE_PTRACE       2
 #define LSM_UNSAFE_PTRACE_CAP   4
 
+#ifdef CONFIG_MMU
 /*
  * If a hint addr is less than mmap_min_addr change hint to be as
  * low as possible but still greater than mmap_min_addr
@@ -135,6 +141,7 @@ static inline unsigned long round_hint_to_min(unsigned long hint)
 }
 extern int mmap_min_addr_handler(struct ctl_table *table, int write,
                                  void __user *buffer, size_t *lenp, loff_t *ppos);
+#endif
 
 #ifdef CONFIG_SECURITY
 
@@ -447,6 +454,22 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *      @new_dir contains the path structure for parent of the new link.
  *      @new_dentry contains the dentry structure of the new link.
  *      Return 0 if permission is granted.
+ * @path_chmod:
+ *      Check for permission to change DAC's permission of a file or directory.
+ *      @dentry contains the dentry structure.
+ *      @mnt contains the vfsmnt structure.
+ *      @mode contains DAC's mode.
+ *      Return 0 if permission is granted.
+ * @path_chown:
+ *      Check for permission to change owner/group of a file or directory.
+ *      @path contains the path structure.
+ *      @uid contains new owner's ID.
+ *      @gid contains new group's ID.
+ *      Return 0 if permission is granted.
+ * @path_chroot:
+ *      Check for permission to change root directory.
+ *      @path contains the path structure.
+ *      Return 0 if permission is granted.
  * @inode_readlink:
  *      Check the permission to read the symbolic link.
  *      @dentry contains the dentry structure for the file link.
@@ -690,6 +713,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  * @kernel_module_request:
  *      Ability to trigger the kernel to automatically upcall to userspace for
  *      userspace to load a kernel module with the given name.
+ *      @kmod_name name of the module requested by the kernel
  *      Return 0 if successful.
  * @task_setuid:
  *      Check permission before setting one or more of the user identity
@@ -1488,6 +1512,10 @@ struct security_operations {
                           struct dentry *new_dentry);
         int (*path_rename) (struct path *old_dir, struct dentry *old_dentry,
                             struct path *new_dir, struct dentry *new_dentry);
+        int (*path_chmod) (struct dentry *dentry, struct vfsmount *mnt,
+                           mode_t mode);
+        int (*path_chown) (struct path *path, uid_t uid, gid_t gid);
+        int (*path_chroot) (struct path *path);
 #endif
 
         int (*inode_alloc_security) (struct inode *inode);
@@ -1557,7 +1585,7 @@ struct security_operations {
         void (*cred_transfer)(struct cred *new, const struct cred *old);
         int (*kernel_act_as)(struct cred *new, u32 secid);
         int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
-        int (*kernel_module_request)(void);
+        int (*kernel_module_request)(char *kmod_name);
         int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags);
         int (*task_fix_setuid) (struct cred *new, const struct cred *old,
                                 int flags);
@@ -1822,7 +1850,7 @@ void security_commit_creds(struct cred *new, const struct cred *old);
 void security_transfer_creds(struct cred *new, const struct cred *old);
 int security_kernel_act_as(struct cred *new, u32 secid);
 int security_kernel_create_files_as(struct cred *new, struct inode *inode);
-int security_kernel_module_request(void);
+int security_kernel_module_request(char *kmod_name);
 int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags);
 int security_task_fix_setuid(struct cred *new, const struct cred *old,
                              int flags);
@@ -2387,7 +2415,7 @@ static inline int security_kernel_create_files_as(struct cred *cred,
         return 0;
 }
 
-static inline int security_kernel_module_request(void)
+static inline int security_kernel_module_request(char *kmod_name)
 {
         return 0;
 }
@@ -2952,6 +2980,10 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
                        struct dentry *new_dentry);
 int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
                          struct path *new_dir, struct dentry *new_dentry);
+int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
+                        mode_t mode);
+int security_path_chown(struct path *path, uid_t uid, gid_t gid);
+int security_path_chroot(struct path *path);
 #else   /* CONFIG_SECURITY_PATH */
 static inline int security_path_unlink(struct path *dir, struct dentry *dentry)
 {
@@ -3001,6 +3033,23 @@ static inline int security_path_rename(struct path *old_dir,
 {
         return 0;
 }
+
+static inline int security_path_chmod(struct dentry *dentry,
+                                      struct vfsmount *mnt,
+                                      mode_t mode)
+{
+        return 0;
+}
+
+static inline int security_path_chown(struct path *path, uid_t uid, gid_t gid)
+{
+        return 0;
+}
+
+static inline int security_path_chroot(struct path *path)
+{
+        return 0;
+}
 #endif  /* CONFIG_SECURITY_PATH */
 
 #ifdef CONFIG_KEYS