aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/security.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h72
1 files changed, 35 insertions, 37 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 19d8e04e1688..0ccceb9b1046 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -186,7 +186,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
186 * Security module identifier. 186 * Security module identifier.
187 * 187 *
188 * @name: 188 * @name:
189 * A string that acts as a unique identifeir for the LSM with max number 189 * A string that acts as a unique identifier for the LSM with max number
190 * of characters = SECURITY_NAME_MAX. 190 * of characters = SECURITY_NAME_MAX.
191 * 191 *
192 * Security hooks for program execution operations. 192 * Security hooks for program execution operations.
@@ -275,7 +275,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
275 * @copy copied data which will be passed to the security module. 275 * @copy copied data which will be passed to the security module.
276 * Returns 0 if the copy was successful. 276 * Returns 0 if the copy was successful.
277 * @sb_remount: 277 * @sb_remount:
278 * Extracts security system specifc mount options and verifys no changes 278 * Extracts security system specific mount options and verifies no changes
279 * are being made to those options. 279 * are being made to those options.
280 * @sb superblock being remounted 280 * @sb superblock being remounted
281 * @data contains the filesystem-specific data. 281 * @data contains the filesystem-specific data.
@@ -380,15 +380,15 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
380 * Return 0 if permission is granted. 380 * Return 0 if permission is granted.
381 * @inode_mkdir: 381 * @inode_mkdir:
382 * Check permissions to create a new directory in the existing directory 382 * Check permissions to create a new directory in the existing directory
383 * associated with inode strcture @dir. 383 * associated with inode structure @dir.
384 * @dir containst the inode structure of parent of the directory to be created. 384 * @dir contains the inode structure of parent of the directory to be created.
385 * @dentry contains the dentry structure of new directory. 385 * @dentry contains the dentry structure of new directory.
386 * @mode contains the mode of new directory. 386 * @mode contains the mode of new directory.
387 * Return 0 if permission is granted. 387 * Return 0 if permission is granted.
388 * @path_mkdir: 388 * @path_mkdir:
389 * Check permissions to create a new directory in the existing directory 389 * Check permissions to create a new directory in the existing directory
390 * associated with path strcture @path. 390 * associated with path structure @path.
391 * @dir containst the path structure of parent of the directory 391 * @dir contains the path structure of parent of the directory
392 * to be created. 392 * to be created.
393 * @dentry contains the dentry structure of new directory. 393 * @dentry contains the dentry structure of new directory.
394 * @mode contains the mode of new directory. 394 * @mode contains the mode of new directory.
@@ -578,7 +578,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
578 * @file contains the file structure. 578 * @file contains the file structure.
579 * @cmd contains the operation to perform. 579 * @cmd contains the operation to perform.
580 * @arg contains the operational arguments. 580 * @arg contains the operational arguments.
581 * Check permission for an ioctl operation on @file. Note that @arg can 581 * Check permission for an ioctl operation on @file. Note that @arg
582 * sometimes represents a user space pointer; in other cases, it may be a 582 * sometimes represents a user space pointer; in other cases, it may be a
583 * simple integer value. When @arg represents a user space pointer, it 583 * simple integer value. When @arg represents a user space pointer, it
584 * should never be used by the security module. 584 * should never be used by the security module.
@@ -590,6 +590,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
590 * @reqprot contains the protection requested by the application. 590 * @reqprot contains the protection requested by the application.
591 * @prot contains the protection that will be applied by the kernel. 591 * @prot contains the protection that will be applied by the kernel.
592 * @flags contains the operational flags. 592 * @flags contains the operational flags.
593 * @addr contains virtual address that will be used for the operation.
594 * @addr_only contains a boolean: 0 if file-backed VMA, otherwise 1.
593 * Return 0 if permission is granted. 595 * Return 0 if permission is granted.
594 * @file_mprotect: 596 * @file_mprotect:
595 * Check permissions before changing memory access permissions. 597 * Check permissions before changing memory access permissions.
@@ -606,7 +608,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
606 * Return 0 if permission is granted. 608 * Return 0 if permission is granted.
607 * @file_fcntl: 609 * @file_fcntl:
608 * Check permission before allowing the file operation specified by @cmd 610 * Check permission before allowing the file operation specified by @cmd
609 * from being performed on the file @file. Note that @arg can sometimes 611 * from being performed on the file @file. Note that @arg sometimes
610 * represents a user space pointer; in other cases, it may be a simple 612 * represents a user space pointer; in other cases, it may be a simple
611 * integer value. When @arg represents a user space pointer, it should 613 * integer value. When @arg represents a user space pointer, it should
612 * never be used by the security module. 614 * never be used by the security module.
@@ -793,7 +795,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
793 * information can be saved using the eff_cap field of the 795 * information can be saved using the eff_cap field of the
794 * netlink_skb_parms structure. Also may be used to provide fine 796 * netlink_skb_parms structure. Also may be used to provide fine
795 * grained control over message transmission. 797 * grained control over message transmission.
796 * @sk associated sock of task sending the message., 798 * @sk associated sock of task sending the message.
797 * @skb contains the sk_buff structure for the netlink message. 799 * @skb contains the sk_buff structure for the netlink message.
798 * Return 0 if the information was successfully saved and message 800 * Return 0 if the information was successfully saved and message
799 * is allowed to be transmitted. 801 * is allowed to be transmitted.
@@ -1080,9 +1082,9 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1080 * should free it. 1082 * should free it.
1081 * @key points to the key to be queried. 1083 * @key points to the key to be queried.
1082 * @_buffer points to a pointer that should be set to point to the 1084 * @_buffer points to a pointer that should be set to point to the
1083 * resulting string (if no label or an error occurs). 1085 * resulting string (if no label or an error occurs).
1084 * Return the length of the string (including terminating NUL) or -ve if 1086 * Return the length of the string (including terminating NUL) or -ve if
1085 * an error. 1087 * an error.
1086 * May also return 0 (and a NULL buffer pointer) if there is no label. 1088 * May also return 0 (and a NULL buffer pointer) if there is no label.
1087 * 1089 *
1088 * Security hooks affecting all System V IPC operations. 1090 * Security hooks affecting all System V IPC operations.
@@ -1268,7 +1270,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1268 * credentials. 1270 * credentials.
1269 * @tsk contains the task_struct for the process. 1271 * @tsk contains the task_struct for the process.
1270 * @cred contains the credentials to use. 1272 * @cred contains the credentials to use.
1271 * @ns contains the user namespace we want the capability in 1273 * @ns contains the user namespace we want the capability in
1272 * @cap contains the capability <include/linux/capability.h>. 1274 * @cap contains the capability <include/linux/capability.h>.
1273 * @audit: Whether to write an audit message or not 1275 * @audit: Whether to write an audit message or not
1274 * Return 0 if the capability is granted for @tsk. 1276 * Return 0 if the capability is granted for @tsk.
@@ -1370,7 +1372,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1370 * @ctxlen contains the length of @ctx. 1372 * @ctxlen contains the length of @ctx.
1371 * 1373 *
1372 * @inode_getsecctx: 1374 * @inode_getsecctx:
1373 * Returns a string containing all relavent security context information 1375 * Returns a string containing all relevant security context information
1374 * 1376 *
1375 * @inode we wish to get the security context of. 1377 * @inode we wish to get the security context of.
1376 * @ctx is a pointer in which to place the allocated security context. 1378 * @ctx is a pointer in which to place the allocated security context.
@@ -1424,9 +1426,9 @@ struct security_operations {
1424 1426
1425#ifdef CONFIG_SECURITY_PATH 1427#ifdef CONFIG_SECURITY_PATH
1426 int (*path_unlink) (struct path *dir, struct dentry *dentry); 1428 int (*path_unlink) (struct path *dir, struct dentry *dentry);
1427 int (*path_mkdir) (struct path *dir, struct dentry *dentry, int mode); 1429 int (*path_mkdir) (struct path *dir, struct dentry *dentry, umode_t mode);
1428 int (*path_rmdir) (struct path *dir, struct dentry *dentry); 1430 int (*path_rmdir) (struct path *dir, struct dentry *dentry);
1429 int (*path_mknod) (struct path *dir, struct dentry *dentry, int mode, 1431 int (*path_mknod) (struct path *dir, struct dentry *dentry, umode_t mode,
1430 unsigned int dev); 1432 unsigned int dev);
1431 int (*path_truncate) (struct path *path); 1433 int (*path_truncate) (struct path *path);
1432 int (*path_symlink) (struct path *dir, struct dentry *dentry, 1434 int (*path_symlink) (struct path *dir, struct dentry *dentry,
@@ -1435,8 +1437,7 @@ struct security_operations {
1435 struct dentry *new_dentry); 1437 struct dentry *new_dentry);
1436 int (*path_rename) (struct path *old_dir, struct dentry *old_dentry, 1438 int (*path_rename) (struct path *old_dir, struct dentry *old_dentry,
1437 struct path *new_dir, struct dentry *new_dentry); 1439 struct path *new_dir, struct dentry *new_dentry);
1438 int (*path_chmod) (struct dentry *dentry, struct vfsmount *mnt, 1440 int (*path_chmod) (struct path *path, umode_t mode);
1439 mode_t mode);
1440 int (*path_chown) (struct path *path, uid_t uid, gid_t gid); 1441 int (*path_chown) (struct path *path, uid_t uid, gid_t gid);
1441 int (*path_chroot) (struct path *path); 1442 int (*path_chroot) (struct path *path);
1442#endif 1443#endif
@@ -1447,16 +1448,16 @@ struct security_operations {
1447 const struct qstr *qstr, char **name, 1448 const struct qstr *qstr, char **name,
1448 void **value, size_t *len); 1449 void **value, size_t *len);
1449 int (*inode_create) (struct inode *dir, 1450 int (*inode_create) (struct inode *dir,
1450 struct dentry *dentry, int mode); 1451 struct dentry *dentry, umode_t mode);
1451 int (*inode_link) (struct dentry *old_dentry, 1452 int (*inode_link) (struct dentry *old_dentry,
1452 struct inode *dir, struct dentry *new_dentry); 1453 struct inode *dir, struct dentry *new_dentry);
1453 int (*inode_unlink) (struct inode *dir, struct dentry *dentry); 1454 int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
1454 int (*inode_symlink) (struct inode *dir, 1455 int (*inode_symlink) (struct inode *dir,
1455 struct dentry *dentry, const char *old_name); 1456 struct dentry *dentry, const char *old_name);
1456 int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, int mode); 1457 int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, umode_t mode);
1457 int (*inode_rmdir) (struct inode *dir, struct dentry *dentry); 1458 int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
1458 int (*inode_mknod) (struct inode *dir, struct dentry *dentry, 1459 int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
1459 int mode, dev_t dev); 1460 umode_t mode, dev_t dev);
1460 int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry, 1461 int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
1461 struct inode *new_dir, struct dentry *new_dentry); 1462 struct inode *new_dir, struct dentry *new_dentry);
1462 int (*inode_readlink) (struct dentry *dentry); 1463 int (*inode_readlink) (struct dentry *dentry);
@@ -1716,15 +1717,15 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
1716int security_old_inode_init_security(struct inode *inode, struct inode *dir, 1717int security_old_inode_init_security(struct inode *inode, struct inode *dir,
1717 const struct qstr *qstr, char **name, 1718 const struct qstr *qstr, char **name,
1718 void **value, size_t *len); 1719 void **value, size_t *len);
1719int security_inode_create(struct inode *dir, struct dentry *dentry, int mode); 1720int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode);
1720int security_inode_link(struct dentry *old_dentry, struct inode *dir, 1721int security_inode_link(struct dentry *old_dentry, struct inode *dir,
1721 struct dentry *new_dentry); 1722 struct dentry *new_dentry);
1722int security_inode_unlink(struct inode *dir, struct dentry *dentry); 1723int security_inode_unlink(struct inode *dir, struct dentry *dentry);
1723int security_inode_symlink(struct inode *dir, struct dentry *dentry, 1724int security_inode_symlink(struct inode *dir, struct dentry *dentry,
1724 const char *old_name); 1725 const char *old_name);
1725int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode); 1726int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode);
1726int security_inode_rmdir(struct inode *dir, struct dentry *dentry); 1727int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
1727int security_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev); 1728int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev);
1728int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, 1729int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
1729 struct inode *new_dir, struct dentry *new_dentry); 1730 struct inode *new_dir, struct dentry *new_dentry);
1730int security_inode_readlink(struct dentry *dentry); 1731int security_inode_readlink(struct dentry *dentry);
@@ -2044,7 +2045,7 @@ static inline void security_inode_free(struct inode *inode)
2044static inline int security_inode_init_security(struct inode *inode, 2045static inline int security_inode_init_security(struct inode *inode,
2045 struct inode *dir, 2046 struct inode *dir,
2046 const struct qstr *qstr, 2047 const struct qstr *qstr,
2047 initxattrs initxattrs, 2048 const initxattrs initxattrs,
2048 void *fs_data) 2049 void *fs_data)
2049{ 2050{
2050 return 0; 2051 return 0;
@@ -2056,12 +2057,12 @@ static inline int security_old_inode_init_security(struct inode *inode,
2056 char **name, void **value, 2057 char **name, void **value,
2057 size_t *len) 2058 size_t *len)
2058{ 2059{
2059 return 0; 2060 return -EOPNOTSUPP;
2060} 2061}
2061 2062
2062static inline int security_inode_create(struct inode *dir, 2063static inline int security_inode_create(struct inode *dir,
2063 struct dentry *dentry, 2064 struct dentry *dentry,
2064 int mode) 2065 umode_t mode)
2065{ 2066{
2066 return 0; 2067 return 0;
2067} 2068}
@@ -2855,9 +2856,9 @@ static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi
2855 2856
2856#ifdef CONFIG_SECURITY_PATH 2857#ifdef CONFIG_SECURITY_PATH
2857int security_path_unlink(struct path *dir, struct dentry *dentry); 2858int security_path_unlink(struct path *dir, struct dentry *dentry);
2858int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode); 2859int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode);
2859int security_path_rmdir(struct path *dir, struct dentry *dentry); 2860int security_path_rmdir(struct path *dir, struct dentry *dentry);
2860int security_path_mknod(struct path *dir, struct dentry *dentry, int mode, 2861int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
2861 unsigned int dev); 2862 unsigned int dev);
2862int security_path_truncate(struct path *path); 2863int security_path_truncate(struct path *path);
2863int security_path_symlink(struct path *dir, struct dentry *dentry, 2864int security_path_symlink(struct path *dir, struct dentry *dentry,
@@ -2866,8 +2867,7 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
2866 struct dentry *new_dentry); 2867 struct dentry *new_dentry);
2867int security_path_rename(struct path *old_dir, struct dentry *old_dentry, 2868int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
2868 struct path *new_dir, struct dentry *new_dentry); 2869 struct path *new_dir, struct dentry *new_dentry);
2869int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt, 2870int security_path_chmod(struct path *path, umode_t mode);
2870 mode_t mode);
2871int security_path_chown(struct path *path, uid_t uid, gid_t gid); 2871int security_path_chown(struct path *path, uid_t uid, gid_t gid);
2872int security_path_chroot(struct path *path); 2872int security_path_chroot(struct path *path);
2873#else /* CONFIG_SECURITY_PATH */ 2873#else /* CONFIG_SECURITY_PATH */
@@ -2877,7 +2877,7 @@ static inline int security_path_unlink(struct path *dir, struct dentry *dentry)
2877} 2877}
2878 2878
2879static inline int security_path_mkdir(struct path *dir, struct dentry *dentry, 2879static inline int security_path_mkdir(struct path *dir, struct dentry *dentry,
2880 int mode) 2880 umode_t mode)
2881{ 2881{
2882 return 0; 2882 return 0;
2883} 2883}
@@ -2888,7 +2888,7 @@ static inline int security_path_rmdir(struct path *dir, struct dentry *dentry)
2888} 2888}
2889 2889
2890static inline int security_path_mknod(struct path *dir, struct dentry *dentry, 2890static inline int security_path_mknod(struct path *dir, struct dentry *dentry,
2891 int mode, unsigned int dev) 2891 umode_t mode, unsigned int dev)
2892{ 2892{
2893 return 0; 2893 return 0;
2894} 2894}
@@ -2919,9 +2919,7 @@ static inline int security_path_rename(struct path *old_dir,
2919 return 0; 2919 return 0;
2920} 2920}
2921 2921
2922static inline int security_path_chmod(struct dentry *dentry, 2922static inline int security_path_chmod(struct path *path, umode_t mode)
2923 struct vfsmount *mnt,
2924 mode_t mode)
2925{ 2923{
2926 return 0; 2924 return 0;
2927} 2925}
@@ -3010,7 +3008,7 @@ static inline void security_audit_rule_free(void *lsmrule)
3010 3008
3011#ifdef CONFIG_SECURITYFS 3009#ifdef CONFIG_SECURITYFS
3012 3010
3013extern struct dentry *securityfs_create_file(const char *name, mode_t mode, 3011extern struct dentry *securityfs_create_file(const char *name, umode_t mode,
3014 struct dentry *parent, void *data, 3012 struct dentry *parent, void *data,
3015 const struct file_operations *fops); 3013 const struct file_operations *fops);
3016extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent); 3014extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
@@ -3025,7 +3023,7 @@ static inline struct dentry *securityfs_create_dir(const char *name,
3025} 3023}
3026 3024
3027static inline struct dentry *securityfs_create_file(const char *name, 3025static inline struct dentry *securityfs_create_file(const char *name,
3028 mode_t mode, 3026 umode_t mode,
3029 struct dentry *parent, 3027 struct dentry *parent,
3030 void *data, 3028 void *data,
3031 const struct file_operations *fops) 3029 const struct file_operations *fops)
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-24 06:41:02 -0500