diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/security.h | 40 |
1 files changed, 34 insertions, 6 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 1bab48f6aeac..14c9bd050607 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -805,31 +805,37 @@ struct swap_info_struct; | |||
805 | * used by the XFRM system. | 805 | * used by the XFRM system. |
806 | * @sec_ctx contains the security context information being provided by | 806 | * @sec_ctx contains the security context information being provided by |
807 | * the user-level policy update program (e.g., setkey). | 807 | * the user-level policy update program (e.g., setkey). |
808 | * Allocate a security structure to the xp->selector.security field. | 808 | * Allocate a security structure to the xp->security field. |
809 | * The security field is initialized to NULL when the xfrm_policy is | 809 | * The security field is initialized to NULL when the xfrm_policy is |
810 | * allocated. | 810 | * allocated. |
811 | * Return 0 if operation was successful (memory to allocate, legal context) | 811 | * Return 0 if operation was successful (memory to allocate, legal context) |
812 | * @xfrm_policy_clone_security: | 812 | * @xfrm_policy_clone_security: |
813 | * @old contains an existing xfrm_policy in the SPD. | 813 | * @old contains an existing xfrm_policy in the SPD. |
814 | * @new contains a new xfrm_policy being cloned from old. | 814 | * @new contains a new xfrm_policy being cloned from old. |
815 | * Allocate a security structure to the new->selector.security field | 815 | * Allocate a security structure to the new->security field |
816 | * that contains the information from the old->selector.security field. | 816 | * that contains the information from the old->security field. |
817 | * Return 0 if operation was successful (memory to allocate). | 817 | * Return 0 if operation was successful (memory to allocate). |
818 | * @xfrm_policy_free_security: | 818 | * @xfrm_policy_free_security: |
819 | * @xp contains the xfrm_policy | 819 | * @xp contains the xfrm_policy |
820 | * Deallocate xp->selector.security. | 820 | * Deallocate xp->security. |
821 | * @xfrm_policy_delete_security: | ||
822 | * @xp contains the xfrm_policy. | ||
823 | * Authorize deletion of xp->security. | ||
821 | * @xfrm_state_alloc_security: | 824 | * @xfrm_state_alloc_security: |
822 | * @x contains the xfrm_state being added to the Security Association | 825 | * @x contains the xfrm_state being added to the Security Association |
823 | * Database by the XFRM system. | 826 | * Database by the XFRM system. |
824 | * @sec_ctx contains the security context information being provided by | 827 | * @sec_ctx contains the security context information being provided by |
825 | * the user-level SA generation program (e.g., setkey or racoon). | 828 | * the user-level SA generation program (e.g., setkey or racoon). |
826 | * Allocate a security structure to the x->sel.security field. The | 829 | * Allocate a security structure to the x->security field. The |
827 | * security field is initialized to NULL when the xfrm_state is | 830 | * security field is initialized to NULL when the xfrm_state is |
828 | * allocated. | 831 | * allocated. |
829 | * Return 0 if operation was successful (memory to allocate, legal context). | 832 | * Return 0 if operation was successful (memory to allocate, legal context). |
830 | * @xfrm_state_free_security: | 833 | * @xfrm_state_free_security: |
831 | * @x contains the xfrm_state. | 834 | * @x contains the xfrm_state. |
832 | * Deallocate x>sel.security. | 835 | * Deallocate x->security. |
836 | * @xfrm_state_delete_security: | ||
837 | * @x contains the xfrm_state. | ||
838 | * Authorize deletion of x->security. | ||
833 | * @xfrm_policy_lookup: | 839 | * @xfrm_policy_lookup: |
834 | * @xp contains the xfrm_policy for which the access control is being | 840 | * @xp contains the xfrm_policy for which the access control is being |
835 | * checked. | 841 | * checked. |
@@ -1298,8 +1304,10 @@ struct security_operations { | |||
1298 | int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx); | 1304 | int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx); |
1299 | int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new); | 1305 | int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new); |
1300 | void (*xfrm_policy_free_security) (struct xfrm_policy *xp); | 1306 | void (*xfrm_policy_free_security) (struct xfrm_policy *xp); |
1307 | int (*xfrm_policy_delete_security) (struct xfrm_policy *xp); | ||
1301 | int (*xfrm_state_alloc_security) (struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx); | 1308 | int (*xfrm_state_alloc_security) (struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx); |
1302 | void (*xfrm_state_free_security) (struct xfrm_state *x); | 1309 | void (*xfrm_state_free_security) (struct xfrm_state *x); |
1310 | int (*xfrm_state_delete_security) (struct xfrm_state *x); | ||
1303 | int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 sk_sid, u8 dir); | 1311 | int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 sk_sid, u8 dir); |
1304 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ | 1312 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ |
1305 | 1313 | ||
@@ -2934,11 +2942,21 @@ static inline void security_xfrm_policy_free(struct xfrm_policy *xp) | |||
2934 | security_ops->xfrm_policy_free_security(xp); | 2942 | security_ops->xfrm_policy_free_security(xp); |
2935 | } | 2943 | } |
2936 | 2944 | ||
2945 | static inline int security_xfrm_policy_delete(struct xfrm_policy *xp) | ||
2946 | { | ||
2947 | return security_ops->xfrm_policy_delete_security(xp); | ||
2948 | } | ||
2949 | |||
2937 | static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) | 2950 | static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) |
2938 | { | 2951 | { |
2939 | return security_ops->xfrm_state_alloc_security(x, sec_ctx); | 2952 | return security_ops->xfrm_state_alloc_security(x, sec_ctx); |
2940 | } | 2953 | } |
2941 | 2954 | ||
2955 | static inline int security_xfrm_state_delete(struct xfrm_state *x) | ||
2956 | { | ||
2957 | return security_ops->xfrm_state_delete_security(x); | ||
2958 | } | ||
2959 | |||
2942 | static inline void security_xfrm_state_free(struct xfrm_state *x) | 2960 | static inline void security_xfrm_state_free(struct xfrm_state *x) |
2943 | { | 2961 | { |
2944 | security_ops->xfrm_state_free_security(x); | 2962 | security_ops->xfrm_state_free_security(x); |
@@ -2963,6 +2981,11 @@ static inline void security_xfrm_policy_free(struct xfrm_policy *xp) | |||
2963 | { | 2981 | { |
2964 | } | 2982 | } |
2965 | 2983 | ||
2984 | static inline int security_xfrm_policy_delete(struct xfrm_policy *xp) | ||
2985 | { | ||
2986 | return 0; | ||
2987 | } | ||
2988 | |||
2966 | static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) | 2989 | static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) |
2967 | { | 2990 | { |
2968 | return 0; | 2991 | return 0; |
@@ -2972,6 +2995,11 @@ static inline void security_xfrm_state_free(struct xfrm_state *x) | |||
2972 | { | 2995 | { |
2973 | } | 2996 | } |
2974 | 2997 | ||
2998 | static inline int security_xfrm_state_delete(struct xfrm_policy *xp) | ||
2999 | { | ||
3000 | return 0; | ||
3001 | } | ||
3002 | |||
2975 | static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir) | 3003 | static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir) |
2976 | { | 3004 | { |
2977 | return 0; | 3005 | return 0; |