diff options
Diffstat (limited to 'include/linux/security.h')
-rw-r--r-- | include/linux/security.h | 201 |
1 files changed, 10 insertions, 191 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 3158dd982d27..a22219afff09 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -23,6 +23,7 @@ | |||
23 | #define __LINUX_SECURITY_H | 23 | #define __LINUX_SECURITY_H |
24 | 24 | ||
25 | #include <linux/fs.h> | 25 | #include <linux/fs.h> |
26 | #include <linux/fsnotify.h> | ||
26 | #include <linux/binfmts.h> | 27 | #include <linux/binfmts.h> |
27 | #include <linux/signal.h> | 28 | #include <linux/signal.h> |
28 | #include <linux/resource.h> | 29 | #include <linux/resource.h> |
@@ -267,49 +268,16 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
267 | * @orig the original mount data copied from userspace. | 268 | * @orig the original mount data copied from userspace. |
268 | * @copy copied data which will be passed to the security module. | 269 | * @copy copied data which will be passed to the security module. |
269 | * Returns 0 if the copy was successful. | 270 | * Returns 0 if the copy was successful. |
270 | * @sb_check_sb: | ||
271 | * Check permission before the device with superblock @mnt->sb is mounted | ||
272 | * on the mount point named by @nd. | ||
273 | * @mnt contains the vfsmount for device being mounted. | ||
274 | * @path contains the path for the mount point. | ||
275 | * Return 0 if permission is granted. | ||
276 | * @sb_umount: | 271 | * @sb_umount: |
277 | * Check permission before the @mnt file system is unmounted. | 272 | * Check permission before the @mnt file system is unmounted. |
278 | * @mnt contains the mounted file system. | 273 | * @mnt contains the mounted file system. |
279 | * @flags contains the unmount flags, e.g. MNT_FORCE. | 274 | * @flags contains the unmount flags, e.g. MNT_FORCE. |
280 | * Return 0 if permission is granted. | 275 | * Return 0 if permission is granted. |
281 | * @sb_umount_close: | ||
282 | * Close any files in the @mnt mounted filesystem that are held open by | ||
283 | * the security module. This hook is called during an umount operation | ||
284 | * prior to checking whether the filesystem is still busy. | ||
285 | * @mnt contains the mounted filesystem. | ||
286 | * @sb_umount_busy: | ||
287 | * Handle a failed umount of the @mnt mounted filesystem, e.g. re-opening | ||
288 | * any files that were closed by umount_close. This hook is called during | ||
289 | * an umount operation if the umount fails after a call to the | ||
290 | * umount_close hook. | ||
291 | * @mnt contains the mounted filesystem. | ||
292 | * @sb_post_remount: | ||
293 | * Update the security module's state when a filesystem is remounted. | ||
294 | * This hook is only called if the remount was successful. | ||
295 | * @mnt contains the mounted file system. | ||
296 | * @flags contains the new filesystem flags. | ||
297 | * @data contains the filesystem-specific data. | ||
298 | * @sb_post_addmount: | ||
299 | * Update the security module's state when a filesystem is mounted. | ||
300 | * This hook is called any time a mount is successfully grafetd to | ||
301 | * the tree. | ||
302 | * @mnt contains the mounted filesystem. | ||
303 | * @mountpoint contains the path for the mount point. | ||
304 | * @sb_pivotroot: | 276 | * @sb_pivotroot: |
305 | * Check permission before pivoting the root filesystem. | 277 | * Check permission before pivoting the root filesystem. |
306 | * @old_path contains the path for the new location of the current root (put_old). | 278 | * @old_path contains the path for the new location of the current root (put_old). |
307 | * @new_path contains the path for the new root (new_root). | 279 | * @new_path contains the path for the new root (new_root). |
308 | * Return 0 if permission is granted. | 280 | * Return 0 if permission is granted. |
309 | * @sb_post_pivotroot: | ||
310 | * Update module state after a successful pivot. | ||
311 | * @old_path contains the path for the old root. | ||
312 | * @new_path contains the path for the new root. | ||
313 | * @sb_set_mnt_opts: | 281 | * @sb_set_mnt_opts: |
314 | * Set the security relevant mount options used for a superblock | 282 | * Set the security relevant mount options used for a superblock |
315 | * @sb the superblock to set security mount options for | 283 | * @sb the superblock to set security mount options for |
@@ -503,20 +471,12 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
503 | * @path_truncate: | 471 | * @path_truncate: |
504 | * Check permission before truncating a file. | 472 | * Check permission before truncating a file. |
505 | * @path contains the path structure for the file. | 473 | * @path contains the path structure for the file. |
506 | * @length is the new length of the file. | ||
507 | * @time_attrs is the flags passed to do_truncate(). | ||
508 | * Return 0 if permission is granted. | 474 | * Return 0 if permission is granted. |
509 | * @inode_getattr: | 475 | * @inode_getattr: |
510 | * Check permission before obtaining file attributes. | 476 | * Check permission before obtaining file attributes. |
511 | * @mnt is the vfsmount where the dentry was looked up | 477 | * @mnt is the vfsmount where the dentry was looked up |
512 | * @dentry contains the dentry structure for the file. | 478 | * @dentry contains the dentry structure for the file. |
513 | * Return 0 if permission is granted. | 479 | * Return 0 if permission is granted. |
514 | * @inode_delete: | ||
515 | * @inode contains the inode structure for deleted inode. | ||
516 | * This hook is called when a deleted inode is released (i.e. an inode | ||
517 | * with no hard links has its use count drop to zero). A security module | ||
518 | * can use this hook to release any persistent label associated with the | ||
519 | * inode. | ||
520 | * @inode_setxattr: | 480 | * @inode_setxattr: |
521 | * Check permission before setting the extended attributes | 481 | * Check permission before setting the extended attributes |
522 | * @value identified by @name for @dentry. | 482 | * @value identified by @name for @dentry. |
@@ -691,10 +651,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
691 | * @old points to the original credentials. | 651 | * @old points to the original credentials. |
692 | * @gfp indicates the atomicity of any memory allocations. | 652 | * @gfp indicates the atomicity of any memory allocations. |
693 | * Prepare a new set of credentials by copying the data from the old set. | 653 | * Prepare a new set of credentials by copying the data from the old set. |
694 | * @cred_commit: | ||
695 | * @new points to the new credentials. | ||
696 | * @old points to the original credentials. | ||
697 | * Install a new set of credentials. | ||
698 | * @cred_transfer: | 654 | * @cred_transfer: |
699 | * @new points to the new credentials. | 655 | * @new points to the new credentials. |
700 | * @old points to the original credentials. | 656 | * @old points to the original credentials. |
@@ -717,18 +673,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
717 | * userspace to load a kernel module with the given name. | 673 | * userspace to load a kernel module with the given name. |
718 | * @kmod_name name of the module requested by the kernel | 674 | * @kmod_name name of the module requested by the kernel |
719 | * Return 0 if successful. | 675 | * Return 0 if successful. |
720 | * @task_setuid: | ||
721 | * Check permission before setting one or more of the user identity | ||
722 | * attributes of the current process. The @flags parameter indicates | ||
723 | * which of the set*uid system calls invoked this hook and how to | ||
724 | * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID | ||
725 | * definitions at the beginning of this file for the @flags values and | ||
726 | * their meanings. | ||
727 | * @id0 contains a uid. | ||
728 | * @id1 contains a uid. | ||
729 | * @id2 contains a uid. | ||
730 | * @flags contains one of the LSM_SETID_* values. | ||
731 | * Return 0 if permission is granted. | ||
732 | * @task_fix_setuid: | 676 | * @task_fix_setuid: |
733 | * Update the module's state after setting one or more of the user | 677 | * Update the module's state after setting one or more of the user |
734 | * identity attributes of the current process. The @flags parameter | 678 | * identity attributes of the current process. The @flags parameter |
@@ -738,18 +682,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
738 | * @old is the set of credentials that are being replaces | 682 | * @old is the set of credentials that are being replaces |
739 | * @flags contains one of the LSM_SETID_* values. | 683 | * @flags contains one of the LSM_SETID_* values. |
740 | * Return 0 on success. | 684 | * Return 0 on success. |
741 | * @task_setgid: | ||
742 | * Check permission before setting one or more of the group identity | ||
743 | * attributes of the current process. The @flags parameter indicates | ||
744 | * which of the set*gid system calls invoked this hook and how to | ||
745 | * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID | ||
746 | * definitions at the beginning of this file for the @flags values and | ||
747 | * their meanings. | ||
748 | * @id0 contains a gid. | ||
749 | * @id1 contains a gid. | ||
750 | * @id2 contains a gid. | ||
751 | * @flags contains one of the LSM_SETID_* values. | ||
752 | * Return 0 if permission is granted. | ||
753 | * @task_setpgid: | 685 | * @task_setpgid: |
754 | * Check permission before setting the process group identifier of the | 686 | * Check permission before setting the process group identifier of the |
755 | * process @p to @pgid. | 687 | * process @p to @pgid. |
@@ -771,11 +703,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
771 | * @p contains the task_struct for the process and place is into @secid. | 703 | * @p contains the task_struct for the process and place is into @secid. |
772 | * In case of failure, @secid will be set to zero. | 704 | * In case of failure, @secid will be set to zero. |
773 | * | 705 | * |
774 | * @task_setgroups: | ||
775 | * Check permission before setting the supplementary group set of the | ||
776 | * current process. | ||
777 | * @group_info contains the new group information. | ||
778 | * Return 0 if permission is granted. | ||
779 | * @task_setnice: | 706 | * @task_setnice: |
780 | * Check permission before setting the nice value of @p to @nice. | 707 | * Check permission before setting the nice value of @p to @nice. |
781 | * @p contains the task_struct of process. | 708 | * @p contains the task_struct of process. |
@@ -1139,13 +1066,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1139 | * Return the length of the string (including terminating NUL) or -ve if | 1066 | * Return the length of the string (including terminating NUL) or -ve if |
1140 | * an error. | 1067 | * an error. |
1141 | * May also return 0 (and a NULL buffer pointer) if there is no label. | 1068 | * May also return 0 (and a NULL buffer pointer) if there is no label. |
1142 | * @key_session_to_parent: | ||
1143 | * Forcibly assign the session keyring from a process to its parent | ||
1144 | * process. | ||
1145 | * @cred: Pointer to process's credentials | ||
1146 | * @parent_cred: Pointer to parent process's credentials | ||
1147 | * @keyring: Proposed new session keyring | ||
1148 | * Return 0 if permission is granted, -ve error otherwise. | ||
1149 | * | 1069 | * |
1150 | * Security hooks affecting all System V IPC operations. | 1070 | * Security hooks affecting all System V IPC operations. |
1151 | * | 1071 | * |
@@ -1333,13 +1253,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1333 | * @cap contains the capability <include/linux/capability.h>. | 1253 | * @cap contains the capability <include/linux/capability.h>. |
1334 | * @audit: Whether to write an audit message or not | 1254 | * @audit: Whether to write an audit message or not |
1335 | * Return 0 if the capability is granted for @tsk. | 1255 | * Return 0 if the capability is granted for @tsk. |
1336 | * @acct: | ||
1337 | * Check permission before enabling or disabling process accounting. If | ||
1338 | * accounting is being enabled, then @file refers to the open file used to | ||
1339 | * store accounting records. If accounting is being disabled, then @file | ||
1340 | * is NULL. | ||
1341 | * @file contains the file structure for the accounting file (may be NULL). | ||
1342 | * Return 0 if permission is granted. | ||
1343 | * @sysctl: | 1256 | * @sysctl: |
1344 | * Check permission before accessing the @table sysctl variable in the | 1257 | * Check permission before accessing the @table sysctl variable in the |
1345 | * manner specified by @op. | 1258 | * manner specified by @op. |
@@ -1462,7 +1375,6 @@ struct security_operations { | |||
1462 | const kernel_cap_t *permitted); | 1375 | const kernel_cap_t *permitted); |
1463 | int (*capable) (struct task_struct *tsk, const struct cred *cred, | 1376 | int (*capable) (struct task_struct *tsk, const struct cred *cred, |
1464 | int cap, int audit); | 1377 | int cap, int audit); |
1465 | int (*acct) (struct file *file); | ||
1466 | int (*sysctl) (struct ctl_table *table, int op); | 1378 | int (*sysctl) (struct ctl_table *table, int op); |
1467 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); | 1379 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); |
1468 | int (*quota_on) (struct dentry *dentry); | 1380 | int (*quota_on) (struct dentry *dentry); |
@@ -1484,18 +1396,9 @@ struct security_operations { | |||
1484 | int (*sb_statfs) (struct dentry *dentry); | 1396 | int (*sb_statfs) (struct dentry *dentry); |
1485 | int (*sb_mount) (char *dev_name, struct path *path, | 1397 | int (*sb_mount) (char *dev_name, struct path *path, |
1486 | char *type, unsigned long flags, void *data); | 1398 | char *type, unsigned long flags, void *data); |
1487 | int (*sb_check_sb) (struct vfsmount *mnt, struct path *path); | ||
1488 | int (*sb_umount) (struct vfsmount *mnt, int flags); | 1399 | int (*sb_umount) (struct vfsmount *mnt, int flags); |
1489 | void (*sb_umount_close) (struct vfsmount *mnt); | ||
1490 | void (*sb_umount_busy) (struct vfsmount *mnt); | ||
1491 | void (*sb_post_remount) (struct vfsmount *mnt, | ||
1492 | unsigned long flags, void *data); | ||
1493 | void (*sb_post_addmount) (struct vfsmount *mnt, | ||
1494 | struct path *mountpoint); | ||
1495 | int (*sb_pivotroot) (struct path *old_path, | 1400 | int (*sb_pivotroot) (struct path *old_path, |
1496 | struct path *new_path); | 1401 | struct path *new_path); |
1497 | void (*sb_post_pivotroot) (struct path *old_path, | ||
1498 | struct path *new_path); | ||
1499 | int (*sb_set_mnt_opts) (struct super_block *sb, | 1402 | int (*sb_set_mnt_opts) (struct super_block *sb, |
1500 | struct security_mnt_opts *opts); | 1403 | struct security_mnt_opts *opts); |
1501 | void (*sb_clone_mnt_opts) (const struct super_block *oldsb, | 1404 | void (*sb_clone_mnt_opts) (const struct super_block *oldsb, |
@@ -1508,8 +1411,7 @@ struct security_operations { | |||
1508 | int (*path_rmdir) (struct path *dir, struct dentry *dentry); | 1411 | int (*path_rmdir) (struct path *dir, struct dentry *dentry); |
1509 | int (*path_mknod) (struct path *dir, struct dentry *dentry, int mode, | 1412 | int (*path_mknod) (struct path *dir, struct dentry *dentry, int mode, |
1510 | unsigned int dev); | 1413 | unsigned int dev); |
1511 | int (*path_truncate) (struct path *path, loff_t length, | 1414 | int (*path_truncate) (struct path *path); |
1512 | unsigned int time_attrs); | ||
1513 | int (*path_symlink) (struct path *dir, struct dentry *dentry, | 1415 | int (*path_symlink) (struct path *dir, struct dentry *dentry, |
1514 | const char *old_name); | 1416 | const char *old_name); |
1515 | int (*path_link) (struct dentry *old_dentry, struct path *new_dir, | 1417 | int (*path_link) (struct dentry *old_dentry, struct path *new_dir, |
@@ -1544,7 +1446,6 @@ struct security_operations { | |||
1544 | int (*inode_permission) (struct inode *inode, int mask); | 1446 | int (*inode_permission) (struct inode *inode, int mask); |
1545 | int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); | 1447 | int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); |
1546 | int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); | 1448 | int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); |
1547 | void (*inode_delete) (struct inode *inode); | ||
1548 | int (*inode_setxattr) (struct dentry *dentry, const char *name, | 1449 | int (*inode_setxattr) (struct dentry *dentry, const char *name, |
1549 | const void *value, size_t size, int flags); | 1450 | const void *value, size_t size, int flags); |
1550 | void (*inode_post_setxattr) (struct dentry *dentry, const char *name, | 1451 | void (*inode_post_setxattr) (struct dentry *dentry, const char *name, |
@@ -1585,24 +1486,21 @@ struct security_operations { | |||
1585 | void (*cred_free) (struct cred *cred); | 1486 | void (*cred_free) (struct cred *cred); |
1586 | int (*cred_prepare)(struct cred *new, const struct cred *old, | 1487 | int (*cred_prepare)(struct cred *new, const struct cred *old, |
1587 | gfp_t gfp); | 1488 | gfp_t gfp); |
1588 | void (*cred_commit)(struct cred *new, const struct cred *old); | ||
1589 | void (*cred_transfer)(struct cred *new, const struct cred *old); | 1489 | void (*cred_transfer)(struct cred *new, const struct cred *old); |
1590 | int (*kernel_act_as)(struct cred *new, u32 secid); | 1490 | int (*kernel_act_as)(struct cred *new, u32 secid); |
1591 | int (*kernel_create_files_as)(struct cred *new, struct inode *inode); | 1491 | int (*kernel_create_files_as)(struct cred *new, struct inode *inode); |
1592 | int (*kernel_module_request)(char *kmod_name); | 1492 | int (*kernel_module_request)(char *kmod_name); |
1593 | int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); | ||
1594 | int (*task_fix_setuid) (struct cred *new, const struct cred *old, | 1493 | int (*task_fix_setuid) (struct cred *new, const struct cred *old, |
1595 | int flags); | 1494 | int flags); |
1596 | int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); | ||
1597 | int (*task_setpgid) (struct task_struct *p, pid_t pgid); | 1495 | int (*task_setpgid) (struct task_struct *p, pid_t pgid); |
1598 | int (*task_getpgid) (struct task_struct *p); | 1496 | int (*task_getpgid) (struct task_struct *p); |
1599 | int (*task_getsid) (struct task_struct *p); | 1497 | int (*task_getsid) (struct task_struct *p); |
1600 | void (*task_getsecid) (struct task_struct *p, u32 *secid); | 1498 | void (*task_getsecid) (struct task_struct *p, u32 *secid); |
1601 | int (*task_setgroups) (struct group_info *group_info); | ||
1602 | int (*task_setnice) (struct task_struct *p, int nice); | 1499 | int (*task_setnice) (struct task_struct *p, int nice); |
1603 | int (*task_setioprio) (struct task_struct *p, int ioprio); | 1500 | int (*task_setioprio) (struct task_struct *p, int ioprio); |
1604 | int (*task_getioprio) (struct task_struct *p); | 1501 | int (*task_getioprio) (struct task_struct *p); |
1605 | int (*task_setrlimit) (unsigned int resource, struct rlimit *new_rlim); | 1502 | int (*task_setrlimit) (struct task_struct *p, unsigned int resource, |
1503 | struct rlimit *new_rlim); | ||
1606 | int (*task_setscheduler) (struct task_struct *p, int policy, | 1504 | int (*task_setscheduler) (struct task_struct *p, int policy, |
1607 | struct sched_param *lp); | 1505 | struct sched_param *lp); |
1608 | int (*task_getscheduler) (struct task_struct *p); | 1506 | int (*task_getscheduler) (struct task_struct *p); |
@@ -1728,9 +1626,6 @@ struct security_operations { | |||
1728 | const struct cred *cred, | 1626 | const struct cred *cred, |
1729 | key_perm_t perm); | 1627 | key_perm_t perm); |
1730 | int (*key_getsecurity)(struct key *key, char **_buffer); | 1628 | int (*key_getsecurity)(struct key *key, char **_buffer); |
1731 | int (*key_session_to_parent)(const struct cred *cred, | ||
1732 | const struct cred *parent_cred, | ||
1733 | struct key *key); | ||
1734 | #endif /* CONFIG_KEYS */ | 1629 | #endif /* CONFIG_KEYS */ |
1735 | 1630 | ||
1736 | #ifdef CONFIG_AUDIT | 1631 | #ifdef CONFIG_AUDIT |
@@ -1761,7 +1656,6 @@ int security_capset(struct cred *new, const struct cred *old, | |||
1761 | int security_capable(int cap); | 1656 | int security_capable(int cap); |
1762 | int security_real_capable(struct task_struct *tsk, int cap); | 1657 | int security_real_capable(struct task_struct *tsk, int cap); |
1763 | int security_real_capable_noaudit(struct task_struct *tsk, int cap); | 1658 | int security_real_capable_noaudit(struct task_struct *tsk, int cap); |
1764 | int security_acct(struct file *file); | ||
1765 | int security_sysctl(struct ctl_table *table, int op); | 1659 | int security_sysctl(struct ctl_table *table, int op); |
1766 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); | 1660 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); |
1767 | int security_quota_on(struct dentry *dentry); | 1661 | int security_quota_on(struct dentry *dentry); |
@@ -1783,14 +1677,8 @@ int security_sb_show_options(struct seq_file *m, struct super_block *sb); | |||
1783 | int security_sb_statfs(struct dentry *dentry); | 1677 | int security_sb_statfs(struct dentry *dentry); |
1784 | int security_sb_mount(char *dev_name, struct path *path, | 1678 | int security_sb_mount(char *dev_name, struct path *path, |
1785 | char *type, unsigned long flags, void *data); | 1679 | char *type, unsigned long flags, void *data); |
1786 | int security_sb_check_sb(struct vfsmount *mnt, struct path *path); | ||
1787 | int security_sb_umount(struct vfsmount *mnt, int flags); | 1680 | int security_sb_umount(struct vfsmount *mnt, int flags); |
1788 | void security_sb_umount_close(struct vfsmount *mnt); | ||
1789 | void security_sb_umount_busy(struct vfsmount *mnt); | ||
1790 | void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data); | ||
1791 | void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint); | ||
1792 | int security_sb_pivotroot(struct path *old_path, struct path *new_path); | 1681 | int security_sb_pivotroot(struct path *old_path, struct path *new_path); |
1793 | void security_sb_post_pivotroot(struct path *old_path, struct path *new_path); | ||
1794 | int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts); | 1682 | int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts); |
1795 | void security_sb_clone_mnt_opts(const struct super_block *oldsb, | 1683 | void security_sb_clone_mnt_opts(const struct super_block *oldsb, |
1796 | struct super_block *newsb); | 1684 | struct super_block *newsb); |
@@ -1816,7 +1704,6 @@ int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); | |||
1816 | int security_inode_permission(struct inode *inode, int mask); | 1704 | int security_inode_permission(struct inode *inode, int mask); |
1817 | int security_inode_setattr(struct dentry *dentry, struct iattr *attr); | 1705 | int security_inode_setattr(struct dentry *dentry, struct iattr *attr); |
1818 | int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); | 1706 | int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); |
1819 | void security_inode_delete(struct inode *inode); | ||
1820 | int security_inode_setxattr(struct dentry *dentry, const char *name, | 1707 | int security_inode_setxattr(struct dentry *dentry, const char *name, |
1821 | const void *value, size_t size, int flags); | 1708 | const void *value, size_t size, int flags); |
1822 | void security_inode_post_setxattr(struct dentry *dentry, const char *name, | 1709 | void security_inode_post_setxattr(struct dentry *dentry, const char *name, |
@@ -1850,24 +1737,21 @@ int security_task_create(unsigned long clone_flags); | |||
1850 | int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); | 1737 | int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); |
1851 | void security_cred_free(struct cred *cred); | 1738 | void security_cred_free(struct cred *cred); |
1852 | int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); | 1739 | int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); |
1853 | void security_commit_creds(struct cred *new, const struct cred *old); | ||
1854 | void security_transfer_creds(struct cred *new, const struct cred *old); | 1740 | void security_transfer_creds(struct cred *new, const struct cred *old); |
1855 | int security_kernel_act_as(struct cred *new, u32 secid); | 1741 | int security_kernel_act_as(struct cred *new, u32 secid); |
1856 | int security_kernel_create_files_as(struct cred *new, struct inode *inode); | 1742 | int security_kernel_create_files_as(struct cred *new, struct inode *inode); |
1857 | int security_kernel_module_request(char *kmod_name); | 1743 | int security_kernel_module_request(char *kmod_name); |
1858 | int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); | ||
1859 | int security_task_fix_setuid(struct cred *new, const struct cred *old, | 1744 | int security_task_fix_setuid(struct cred *new, const struct cred *old, |
1860 | int flags); | 1745 | int flags); |
1861 | int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); | ||
1862 | int security_task_setpgid(struct task_struct *p, pid_t pgid); | 1746 | int security_task_setpgid(struct task_struct *p, pid_t pgid); |
1863 | int security_task_getpgid(struct task_struct *p); | 1747 | int security_task_getpgid(struct task_struct *p); |
1864 | int security_task_getsid(struct task_struct *p); | 1748 | int security_task_getsid(struct task_struct *p); |
1865 | void security_task_getsecid(struct task_struct *p, u32 *secid); | 1749 | void security_task_getsecid(struct task_struct *p, u32 *secid); |
1866 | int security_task_setgroups(struct group_info *group_info); | ||
1867 | int security_task_setnice(struct task_struct *p, int nice); | 1750 | int security_task_setnice(struct task_struct *p, int nice); |
1868 | int security_task_setioprio(struct task_struct *p, int ioprio); | 1751 | int security_task_setioprio(struct task_struct *p, int ioprio); |
1869 | int security_task_getioprio(struct task_struct *p); | 1752 | int security_task_getioprio(struct task_struct *p); |
1870 | int security_task_setrlimit(unsigned int resource, struct rlimit *new_rlim); | 1753 | int security_task_setrlimit(struct task_struct *p, unsigned int resource, |
1754 | struct rlimit *new_rlim); | ||
1871 | int security_task_setscheduler(struct task_struct *p, | 1755 | int security_task_setscheduler(struct task_struct *p, |
1872 | int policy, struct sched_param *lp); | 1756 | int policy, struct sched_param *lp); |
1873 | int security_task_getscheduler(struct task_struct *p); | 1757 | int security_task_getscheduler(struct task_struct *p); |
@@ -1990,11 +1874,6 @@ int security_real_capable_noaudit(struct task_struct *tsk, int cap) | |||
1990 | return ret; | 1874 | return ret; |
1991 | } | 1875 | } |
1992 | 1876 | ||
1993 | static inline int security_acct(struct file *file) | ||
1994 | { | ||
1995 | return 0; | ||
1996 | } | ||
1997 | |||
1998 | static inline int security_sysctl(struct ctl_table *table, int op) | 1877 | static inline int security_sysctl(struct ctl_table *table, int op) |
1999 | { | 1878 | { |
2000 | return 0; | 1879 | return 0; |
@@ -2099,41 +1978,17 @@ static inline int security_sb_mount(char *dev_name, struct path *path, | |||
2099 | return 0; | 1978 | return 0; |
2100 | } | 1979 | } |
2101 | 1980 | ||
2102 | static inline int security_sb_check_sb(struct vfsmount *mnt, | ||
2103 | struct path *path) | ||
2104 | { | ||
2105 | return 0; | ||
2106 | } | ||
2107 | |||
2108 | static inline int security_sb_umount(struct vfsmount *mnt, int flags) | 1981 | static inline int security_sb_umount(struct vfsmount *mnt, int flags) |
2109 | { | 1982 | { |
2110 | return 0; | 1983 | return 0; |
2111 | } | 1984 | } |
2112 | 1985 | ||
2113 | static inline void security_sb_umount_close(struct vfsmount *mnt) | ||
2114 | { } | ||
2115 | |||
2116 | static inline void security_sb_umount_busy(struct vfsmount *mnt) | ||
2117 | { } | ||
2118 | |||
2119 | static inline void security_sb_post_remount(struct vfsmount *mnt, | ||
2120 | unsigned long flags, void *data) | ||
2121 | { } | ||
2122 | |||
2123 | static inline void security_sb_post_addmount(struct vfsmount *mnt, | ||
2124 | struct path *mountpoint) | ||
2125 | { } | ||
2126 | |||
2127 | static inline int security_sb_pivotroot(struct path *old_path, | 1986 | static inline int security_sb_pivotroot(struct path *old_path, |
2128 | struct path *new_path) | 1987 | struct path *new_path) |
2129 | { | 1988 | { |
2130 | return 0; | 1989 | return 0; |
2131 | } | 1990 | } |
2132 | 1991 | ||
2133 | static inline void security_sb_post_pivotroot(struct path *old_path, | ||
2134 | struct path *new_path) | ||
2135 | { } | ||
2136 | |||
2137 | static inline int security_sb_set_mnt_opts(struct super_block *sb, | 1992 | static inline int security_sb_set_mnt_opts(struct super_block *sb, |
2138 | struct security_mnt_opts *opts) | 1993 | struct security_mnt_opts *opts) |
2139 | { | 1994 | { |
@@ -2249,9 +2104,6 @@ static inline int security_inode_getattr(struct vfsmount *mnt, | |||
2249 | return 0; | 2104 | return 0; |
2250 | } | 2105 | } |
2251 | 2106 | ||
2252 | static inline void security_inode_delete(struct inode *inode) | ||
2253 | { } | ||
2254 | |||
2255 | static inline int security_inode_setxattr(struct dentry *dentry, | 2107 | static inline int security_inode_setxattr(struct dentry *dentry, |
2256 | const char *name, const void *value, size_t size, int flags) | 2108 | const char *name, const void *value, size_t size, int flags) |
2257 | { | 2109 | { |
@@ -2398,11 +2250,6 @@ static inline int security_prepare_creds(struct cred *new, | |||
2398 | return 0; | 2250 | return 0; |
2399 | } | 2251 | } |
2400 | 2252 | ||
2401 | static inline void security_commit_creds(struct cred *new, | ||
2402 | const struct cred *old) | ||
2403 | { | ||
2404 | } | ||
2405 | |||
2406 | static inline void security_transfer_creds(struct cred *new, | 2253 | static inline void security_transfer_creds(struct cred *new, |
2407 | const struct cred *old) | 2254 | const struct cred *old) |
2408 | { | 2255 | { |
@@ -2424,12 +2271,6 @@ static inline int security_kernel_module_request(char *kmod_name) | |||
2424 | return 0; | 2271 | return 0; |
2425 | } | 2272 | } |
2426 | 2273 | ||
2427 | static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, | ||
2428 | int flags) | ||
2429 | { | ||
2430 | return 0; | ||
2431 | } | ||
2432 | |||
2433 | static inline int security_task_fix_setuid(struct cred *new, | 2274 | static inline int security_task_fix_setuid(struct cred *new, |
2434 | const struct cred *old, | 2275 | const struct cred *old, |
2435 | int flags) | 2276 | int flags) |
@@ -2437,12 +2278,6 @@ static inline int security_task_fix_setuid(struct cred *new, | |||
2437 | return cap_task_fix_setuid(new, old, flags); | 2278 | return cap_task_fix_setuid(new, old, flags); |
2438 | } | 2279 | } |
2439 | 2280 | ||
2440 | static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, | ||
2441 | int flags) | ||
2442 | { | ||
2443 | return 0; | ||
2444 | } | ||
2445 | |||
2446 | static inline int security_task_setpgid(struct task_struct *p, pid_t pgid) | 2281 | static inline int security_task_setpgid(struct task_struct *p, pid_t pgid) |
2447 | { | 2282 | { |
2448 | return 0; | 2283 | return 0; |
@@ -2463,11 +2298,6 @@ static inline void security_task_getsecid(struct task_struct *p, u32 *secid) | |||
2463 | *secid = 0; | 2298 | *secid = 0; |
2464 | } | 2299 | } |
2465 | 2300 | ||
2466 | static inline int security_task_setgroups(struct group_info *group_info) | ||
2467 | { | ||
2468 | return 0; | ||
2469 | } | ||
2470 | |||
2471 | static inline int security_task_setnice(struct task_struct *p, int nice) | 2301 | static inline int security_task_setnice(struct task_struct *p, int nice) |
2472 | { | 2302 | { |
2473 | return cap_task_setnice(p, nice); | 2303 | return cap_task_setnice(p, nice); |
@@ -2483,7 +2313,8 @@ static inline int security_task_getioprio(struct task_struct *p) | |||
2483 | return 0; | 2313 | return 0; |
2484 | } | 2314 | } |
2485 | 2315 | ||
2486 | static inline int security_task_setrlimit(unsigned int resource, | 2316 | static inline int security_task_setrlimit(struct task_struct *p, |
2317 | unsigned int resource, | ||
2487 | struct rlimit *new_rlim) | 2318 | struct rlimit *new_rlim) |
2488 | { | 2319 | { |
2489 | return 0; | 2320 | return 0; |
@@ -2976,8 +2807,7 @@ int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode); | |||
2976 | int security_path_rmdir(struct path *dir, struct dentry *dentry); | 2807 | int security_path_rmdir(struct path *dir, struct dentry *dentry); |
2977 | int security_path_mknod(struct path *dir, struct dentry *dentry, int mode, | 2808 | int security_path_mknod(struct path *dir, struct dentry *dentry, int mode, |
2978 | unsigned int dev); | 2809 | unsigned int dev); |
2979 | int security_path_truncate(struct path *path, loff_t length, | 2810 | int security_path_truncate(struct path *path); |
2980 | unsigned int time_attrs); | ||
2981 | int security_path_symlink(struct path *dir, struct dentry *dentry, | 2811 | int security_path_symlink(struct path *dir, struct dentry *dentry, |
2982 | const char *old_name); | 2812 | const char *old_name); |
2983 | int security_path_link(struct dentry *old_dentry, struct path *new_dir, | 2813 | int security_path_link(struct dentry *old_dentry, struct path *new_dir, |
@@ -3011,8 +2841,7 @@ static inline int security_path_mknod(struct path *dir, struct dentry *dentry, | |||
3011 | return 0; | 2841 | return 0; |
3012 | } | 2842 | } |
3013 | 2843 | ||
3014 | static inline int security_path_truncate(struct path *path, loff_t length, | 2844 | static inline int security_path_truncate(struct path *path) |
3015 | unsigned int time_attrs) | ||
3016 | { | 2845 | { |
3017 | return 0; | 2846 | return 0; |
3018 | } | 2847 | } |
@@ -3064,9 +2893,6 @@ void security_key_free(struct key *key); | |||
3064 | int security_key_permission(key_ref_t key_ref, | 2893 | int security_key_permission(key_ref_t key_ref, |
3065 | const struct cred *cred, key_perm_t perm); | 2894 | const struct cred *cred, key_perm_t perm); |
3066 | int security_key_getsecurity(struct key *key, char **_buffer); | 2895 | int security_key_getsecurity(struct key *key, char **_buffer); |
3067 | int security_key_session_to_parent(const struct cred *cred, | ||
3068 | const struct cred *parent_cred, | ||
3069 | struct key *key); | ||
3070 | 2896 | ||
3071 | #else | 2897 | #else |
3072 | 2898 | ||
@@ -3094,13 +2920,6 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) | |||
3094 | return 0; | 2920 | return 0; |
3095 | } | 2921 | } |
3096 | 2922 | ||
3097 | static inline int security_key_session_to_parent(const struct cred *cred, | ||
3098 | const struct cred *parent_cred, | ||
3099 | struct key *key) | ||
3100 | { | ||
3101 | return 0; | ||
3102 | } | ||
3103 | |||
3104 | #endif | 2923 | #endif |
3105 | #endif /* CONFIG_KEYS */ | 2924 | #endif /* CONFIG_KEYS */ |
3106 | 2925 | ||