diff options
Diffstat (limited to 'include/linux/security.h')
-rw-r--r-- | include/linux/security.h | 48 |
1 files changed, 24 insertions, 24 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index c673dfd4dffc..f5eb9ff47ac5 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -910,24 +910,24 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
910 | * Security hooks for XFRM operations. | 910 | * Security hooks for XFRM operations. |
911 | * | 911 | * |
912 | * @xfrm_policy_alloc_security: | 912 | * @xfrm_policy_alloc_security: |
913 | * @xp contains the xfrm_policy being added to Security Policy Database | 913 | * @ctxp is a pointer to the xfrm_sec_ctx being added to Security Policy |
914 | * used by the XFRM system. | 914 | * Database used by the XFRM system. |
915 | * @sec_ctx contains the security context information being provided by | 915 | * @sec_ctx contains the security context information being provided by |
916 | * the user-level policy update program (e.g., setkey). | 916 | * the user-level policy update program (e.g., setkey). |
917 | * Allocate a security structure to the xp->security field; the security | 917 | * Allocate a security structure to the xp->security field; the security |
918 | * field is initialized to NULL when the xfrm_policy is allocated. | 918 | * field is initialized to NULL when the xfrm_policy is allocated. |
919 | * Return 0 if operation was successful (memory to allocate, legal context) | 919 | * Return 0 if operation was successful (memory to allocate, legal context) |
920 | * @xfrm_policy_clone_security: | 920 | * @xfrm_policy_clone_security: |
921 | * @old contains an existing xfrm_policy in the SPD. | 921 | * @old_ctx contains an existing xfrm_sec_ctx. |
922 | * @new contains a new xfrm_policy being cloned from old. | 922 | * @new_ctxp contains a new xfrm_sec_ctx being cloned from old. |
923 | * Allocate a security structure to the new->security field | 923 | * Allocate a security structure in new_ctxp that contains the |
924 | * that contains the information from the old->security field. | 924 | * information from the old_ctx structure. |
925 | * Return 0 if operation was successful (memory to allocate). | 925 | * Return 0 if operation was successful (memory to allocate). |
926 | * @xfrm_policy_free_security: | 926 | * @xfrm_policy_free_security: |
927 | * @xp contains the xfrm_policy | 927 | * @ctx contains the xfrm_sec_ctx |
928 | * Deallocate xp->security. | 928 | * Deallocate xp->security. |
929 | * @xfrm_policy_delete_security: | 929 | * @xfrm_policy_delete_security: |
930 | * @xp contains the xfrm_policy. | 930 | * @ctx contains the xfrm_sec_ctx. |
931 | * Authorize deletion of xp->security. | 931 | * Authorize deletion of xp->security. |
932 | * @xfrm_state_alloc_security: | 932 | * @xfrm_state_alloc_security: |
933 | * @x contains the xfrm_state being added to the Security Association | 933 | * @x contains the xfrm_state being added to the Security Association |
@@ -947,7 +947,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
947 | * @x contains the xfrm_state. | 947 | * @x contains the xfrm_state. |
948 | * Authorize deletion of x->security. | 948 | * Authorize deletion of x->security. |
949 | * @xfrm_policy_lookup: | 949 | * @xfrm_policy_lookup: |
950 | * @xp contains the xfrm_policy for which the access control is being | 950 | * @ctx contains the xfrm_sec_ctx for which the access control is being |
951 | * checked. | 951 | * checked. |
952 | * @fl_secid contains the flow security label that is used to authorize | 952 | * @fl_secid contains the flow security label that is used to authorize |
953 | * access to the policy xp. | 953 | * access to the policy xp. |
@@ -1454,17 +1454,17 @@ struct security_operations { | |||
1454 | #endif /* CONFIG_SECURITY_NETWORK */ | 1454 | #endif /* CONFIG_SECURITY_NETWORK */ |
1455 | 1455 | ||
1456 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 1456 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
1457 | int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, | 1457 | int (*xfrm_policy_alloc_security) (struct xfrm_sec_ctx **ctxp, |
1458 | struct xfrm_user_sec_ctx *sec_ctx); | 1458 | struct xfrm_user_sec_ctx *sec_ctx); |
1459 | int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new); | 1459 | int (*xfrm_policy_clone_security) (struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctx); |
1460 | void (*xfrm_policy_free_security) (struct xfrm_policy *xp); | 1460 | void (*xfrm_policy_free_security) (struct xfrm_sec_ctx *ctx); |
1461 | int (*xfrm_policy_delete_security) (struct xfrm_policy *xp); | 1461 | int (*xfrm_policy_delete_security) (struct xfrm_sec_ctx *ctx); |
1462 | int (*xfrm_state_alloc_security) (struct xfrm_state *x, | 1462 | int (*xfrm_state_alloc_security) (struct xfrm_state *x, |
1463 | struct xfrm_user_sec_ctx *sec_ctx, | 1463 | struct xfrm_user_sec_ctx *sec_ctx, |
1464 | u32 secid); | 1464 | u32 secid); |
1465 | void (*xfrm_state_free_security) (struct xfrm_state *x); | 1465 | void (*xfrm_state_free_security) (struct xfrm_state *x); |
1466 | int (*xfrm_state_delete_security) (struct xfrm_state *x); | 1466 | int (*xfrm_state_delete_security) (struct xfrm_state *x); |
1467 | int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 fl_secid, u8 dir); | 1467 | int (*xfrm_policy_lookup)(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir); |
1468 | int (*xfrm_state_pol_flow_match)(struct xfrm_state *x, | 1468 | int (*xfrm_state_pol_flow_match)(struct xfrm_state *x, |
1469 | struct xfrm_policy *xp, struct flowi *fl); | 1469 | struct xfrm_policy *xp, struct flowi *fl); |
1470 | int (*xfrm_decode_session)(struct sk_buff *skb, u32 *secid, int ckall); | 1470 | int (*xfrm_decode_session)(struct sk_buff *skb, u32 *secid, int ckall); |
@@ -2562,16 +2562,16 @@ static inline void security_inet_conn_established(struct sock *sk, | |||
2562 | 2562 | ||
2563 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 2563 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
2564 | 2564 | ||
2565 | int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx); | 2565 | int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx); |
2566 | int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new); | 2566 | int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp); |
2567 | void security_xfrm_policy_free(struct xfrm_policy *xp); | 2567 | void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx); |
2568 | int security_xfrm_policy_delete(struct xfrm_policy *xp); | 2568 | int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx); |
2569 | int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx); | 2569 | int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx); |
2570 | int security_xfrm_state_alloc_acquire(struct xfrm_state *x, | 2570 | int security_xfrm_state_alloc_acquire(struct xfrm_state *x, |
2571 | struct xfrm_sec_ctx *polsec, u32 secid); | 2571 | struct xfrm_sec_ctx *polsec, u32 secid); |
2572 | int security_xfrm_state_delete(struct xfrm_state *x); | 2572 | int security_xfrm_state_delete(struct xfrm_state *x); |
2573 | void security_xfrm_state_free(struct xfrm_state *x); | 2573 | void security_xfrm_state_free(struct xfrm_state *x); |
2574 | int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir); | 2574 | int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir); |
2575 | int security_xfrm_state_pol_flow_match(struct xfrm_state *x, | 2575 | int security_xfrm_state_pol_flow_match(struct xfrm_state *x, |
2576 | struct xfrm_policy *xp, struct flowi *fl); | 2576 | struct xfrm_policy *xp, struct flowi *fl); |
2577 | int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid); | 2577 | int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid); |
@@ -2579,21 +2579,21 @@ void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl); | |||
2579 | 2579 | ||
2580 | #else /* CONFIG_SECURITY_NETWORK_XFRM */ | 2580 | #else /* CONFIG_SECURITY_NETWORK_XFRM */ |
2581 | 2581 | ||
2582 | static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) | 2582 | static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx) |
2583 | { | 2583 | { |
2584 | return 0; | 2584 | return 0; |
2585 | } | 2585 | } |
2586 | 2586 | ||
2587 | static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) | 2587 | static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp) |
2588 | { | 2588 | { |
2589 | return 0; | 2589 | return 0; |
2590 | } | 2590 | } |
2591 | 2591 | ||
2592 | static inline void security_xfrm_policy_free(struct xfrm_policy *xp) | 2592 | static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx) |
2593 | { | 2593 | { |
2594 | } | 2594 | } |
2595 | 2595 | ||
2596 | static inline int security_xfrm_policy_delete(struct xfrm_policy *xp) | 2596 | static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) |
2597 | { | 2597 | { |
2598 | return 0; | 2598 | return 0; |
2599 | } | 2599 | } |
@@ -2619,7 +2619,7 @@ static inline int security_xfrm_state_delete(struct xfrm_state *x) | |||
2619 | return 0; | 2619 | return 0; |
2620 | } | 2620 | } |
2621 | 2621 | ||
2622 | static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir) | 2622 | static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) |
2623 | { | 2623 | { |
2624 | return 0; | 2624 | return 0; |
2625 | } | 2625 | } |