diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/audit.h | 22 | ||||
-rw-r--r-- | include/linux/capability.h | 2 | ||||
-rw-r--r-- | include/linux/cred.h | 44 | ||||
-rw-r--r-- | include/linux/init_task.h | 2 | ||||
-rw-r--r-- | include/linux/key.h | 22 | ||||
-rw-r--r-- | include/linux/sched.h | 6 | ||||
-rw-r--r-- | include/linux/security.h | 178 |
7 files changed, 139 insertions, 137 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 6fbebac7b1bf..0b2fcb698a63 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -454,8 +454,10 @@ extern int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_pr | |||
454 | extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout); | 454 | extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout); |
455 | extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification); | 455 | extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification); |
456 | extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); | 456 | extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); |
457 | extern void __audit_log_bprm_fcaps(struct linux_binprm *bprm, kernel_cap_t *pP, kernel_cap_t *pE); | 457 | extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, |
458 | extern int __audit_log_capset(pid_t pid, kernel_cap_t *eff, kernel_cap_t *inh, kernel_cap_t *perm); | 458 | const struct cred *new, |
459 | const struct cred *old); | ||
460 | extern int __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old); | ||
459 | 461 | ||
460 | static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp) | 462 | static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp) |
461 | { | 463 | { |
@@ -522,16 +524,20 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) | |||
522 | * | 524 | * |
523 | * -Eric | 525 | * -Eric |
524 | */ | 526 | */ |
525 | static inline void audit_log_bprm_fcaps(struct linux_binprm *bprm, kernel_cap_t *pP, kernel_cap_t *pE) | 527 | static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, |
528 | const struct cred *new, | ||
529 | const struct cred *old) | ||
526 | { | 530 | { |
527 | if (unlikely(!audit_dummy_context())) | 531 | if (unlikely(!audit_dummy_context())) |
528 | __audit_log_bprm_fcaps(bprm, pP, pE); | 532 | return __audit_log_bprm_fcaps(bprm, new, old); |
533 | return 0; | ||
529 | } | 534 | } |
530 | 535 | ||
531 | static inline int audit_log_capset(pid_t pid, kernel_cap_t *eff, kernel_cap_t *inh, kernel_cap_t *perm) | 536 | static inline int audit_log_capset(pid_t pid, const struct cred *new, |
537 | const struct cred *old) | ||
532 | { | 538 | { |
533 | if (unlikely(!audit_dummy_context())) | 539 | if (unlikely(!audit_dummy_context())) |
534 | return __audit_log_capset(pid, eff, inh, perm); | 540 | return __audit_log_capset(pid, new, old); |
535 | return 0; | 541 | return 0; |
536 | } | 542 | } |
537 | 543 | ||
@@ -566,8 +572,8 @@ extern int audit_signals; | |||
566 | #define audit_mq_timedreceive(d,l,p,t) ({ 0; }) | 572 | #define audit_mq_timedreceive(d,l,p,t) ({ 0; }) |
567 | #define audit_mq_notify(d,n) ({ 0; }) | 573 | #define audit_mq_notify(d,n) ({ 0; }) |
568 | #define audit_mq_getsetattr(d,s) ({ 0; }) | 574 | #define audit_mq_getsetattr(d,s) ({ 0; }) |
569 | #define audit_log_bprm_fcaps(b, p, e) do { ; } while (0) | 575 | #define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; }) |
570 | #define audit_log_capset(pid, e, i, p) ({ 0; }) | 576 | #define audit_log_capset(pid, ncr, ocr) ({ 0; }) |
571 | #define audit_ptrace(t) ((void)0) | 577 | #define audit_ptrace(t) ((void)0) |
572 | #define audit_n_rules 0 | 578 | #define audit_n_rules 0 |
573 | #define audit_signals 0 | 579 | #define audit_signals 0 |
diff --git a/include/linux/capability.h b/include/linux/capability.h index 7f26580a5a4d..e22f48c2a46f 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h | |||
@@ -519,8 +519,6 @@ extern const kernel_cap_t __cap_empty_set; | |||
519 | extern const kernel_cap_t __cap_full_set; | 519 | extern const kernel_cap_t __cap_full_set; |
520 | extern const kernel_cap_t __cap_init_eff_set; | 520 | extern const kernel_cap_t __cap_init_eff_set; |
521 | 521 | ||
522 | kernel_cap_t cap_set_effective(const kernel_cap_t pE_new); | ||
523 | |||
524 | /** | 522 | /** |
525 | * has_capability - Determine if a task has a superior capability available | 523 | * has_capability - Determine if a task has a superior capability available |
526 | * @t: The task in question | 524 | * @t: The task in question |
diff --git a/include/linux/cred.h b/include/linux/cred.h index 62b9e532422d..eaf6fa695a04 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h | |||
@@ -84,6 +84,8 @@ struct thread_group_cred { | |||
84 | struct key *process_keyring; /* keyring private to this process */ | 84 | struct key *process_keyring; /* keyring private to this process */ |
85 | struct rcu_head rcu; /* RCU deletion hook */ | 85 | struct rcu_head rcu; /* RCU deletion hook */ |
86 | }; | 86 | }; |
87 | |||
88 | extern void release_tgcred(struct cred *cred); | ||
87 | #endif | 89 | #endif |
88 | 90 | ||
89 | /* | 91 | /* |
@@ -137,11 +139,30 @@ struct cred { | |||
137 | struct user_struct *user; /* real user ID subscription */ | 139 | struct user_struct *user; /* real user ID subscription */ |
138 | struct group_info *group_info; /* supplementary groups for euid/fsgid */ | 140 | struct group_info *group_info; /* supplementary groups for euid/fsgid */ |
139 | struct rcu_head rcu; /* RCU deletion hook */ | 141 | struct rcu_head rcu; /* RCU deletion hook */ |
140 | spinlock_t lock; /* lock for pointer changes */ | ||
141 | }; | 142 | }; |
142 | 143 | ||
143 | extern void __put_cred(struct cred *); | 144 | extern void __put_cred(struct cred *); |
144 | extern int copy_creds(struct task_struct *, unsigned long); | 145 | extern int copy_creds(struct task_struct *, unsigned long); |
146 | extern struct cred *prepare_creds(void); | ||
147 | extern struct cred *prepare_usermodehelper_creds(void); | ||
148 | extern int commit_creds(struct cred *); | ||
149 | extern void abort_creds(struct cred *); | ||
150 | extern const struct cred *override_creds(const struct cred *) __deprecated; | ||
151 | extern void revert_creds(const struct cred *) __deprecated; | ||
152 | extern void __init cred_init(void); | ||
153 | |||
154 | /** | ||
155 | * get_new_cred - Get a reference on a new set of credentials | ||
156 | * @cred: The new credentials to reference | ||
157 | * | ||
158 | * Get a reference on the specified set of new credentials. The caller must | ||
159 | * release the reference. | ||
160 | */ | ||
161 | static inline struct cred *get_new_cred(struct cred *cred) | ||
162 | { | ||
163 | atomic_inc(&cred->usage); | ||
164 | return cred; | ||
165 | } | ||
145 | 166 | ||
146 | /** | 167 | /** |
147 | * get_cred - Get a reference on a set of credentials | 168 | * get_cred - Get a reference on a set of credentials |
@@ -150,10 +171,9 @@ extern int copy_creds(struct task_struct *, unsigned long); | |||
150 | * Get a reference on the specified set of credentials. The caller must | 171 | * Get a reference on the specified set of credentials. The caller must |
151 | * release the reference. | 172 | * release the reference. |
152 | */ | 173 | */ |
153 | static inline struct cred *get_cred(struct cred *cred) | 174 | static inline const struct cred *get_cred(const struct cred *cred) |
154 | { | 175 | { |
155 | atomic_inc(&cred->usage); | 176 | return get_new_cred((struct cred *) cred); |
156 | return cred; | ||
157 | } | 177 | } |
158 | 178 | ||
159 | /** | 179 | /** |
@@ -166,6 +186,8 @@ static inline struct cred *get_cred(struct cred *cred) | |||
166 | static inline void put_cred(const struct cred *_cred) | 186 | static inline void put_cred(const struct cred *_cred) |
167 | { | 187 | { |
168 | struct cred *cred = (struct cred *) _cred; | 188 | struct cred *cred = (struct cred *) _cred; |
189 | |||
190 | BUG_ON(atomic_read(&(cred)->usage) <= 0); | ||
169 | if (atomic_dec_and_test(&(cred)->usage)) | 191 | if (atomic_dec_and_test(&(cred)->usage)) |
170 | __put_cred(cred); | 192 | __put_cred(cred); |
171 | } | 193 | } |
@@ -250,13 +272,13 @@ static inline void put_cred(const struct cred *_cred) | |||
250 | __groups; \ | 272 | __groups; \ |
251 | }) | 273 | }) |
252 | 274 | ||
253 | #define task_cred_xxx(task, xxx) \ | 275 | #define task_cred_xxx(task, xxx) \ |
254 | ({ \ | 276 | ({ \ |
255 | __typeof__(task->cred->xxx) ___val; \ | 277 | __typeof__(((struct cred *)NULL)->xxx) ___val; \ |
256 | rcu_read_lock(); \ | 278 | rcu_read_lock(); \ |
257 | ___val = __task_cred((task))->xxx; \ | 279 | ___val = __task_cred((task))->xxx; \ |
258 | rcu_read_unlock(); \ | 280 | rcu_read_unlock(); \ |
259 | ___val; \ | 281 | ___val; \ |
260 | }) | 282 | }) |
261 | 283 | ||
262 | #define task_uid(task) (task_cred_xxx((task), uid)) | 284 | #define task_uid(task) (task_cred_xxx((task), uid)) |
diff --git a/include/linux/init_task.h b/include/linux/init_task.h index 5e24c54b6dfd..08c3b24ad9a8 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h | |||
@@ -150,6 +150,8 @@ extern struct cred init_cred; | |||
150 | .sibling = LIST_HEAD_INIT(tsk.sibling), \ | 150 | .sibling = LIST_HEAD_INIT(tsk.sibling), \ |
151 | .group_leader = &tsk, \ | 151 | .group_leader = &tsk, \ |
152 | .cred = &init_cred, \ | 152 | .cred = &init_cred, \ |
153 | .cred_exec_mutex = \ | ||
154 | __MUTEX_INITIALIZER(tsk.cred_exec_mutex), \ | ||
153 | .comm = "swapper", \ | 155 | .comm = "swapper", \ |
154 | .thread = INIT_THREAD, \ | 156 | .thread = INIT_THREAD, \ |
155 | .fs = &init_fs, \ | 157 | .fs = &init_fs, \ |
diff --git a/include/linux/key.h b/include/linux/key.h index 0836cc838b0c..69ecf0934b02 100644 --- a/include/linux/key.h +++ b/include/linux/key.h | |||
@@ -73,6 +73,7 @@ struct key; | |||
73 | struct seq_file; | 73 | struct seq_file; |
74 | struct user_struct; | 74 | struct user_struct; |
75 | struct signal_struct; | 75 | struct signal_struct; |
76 | struct cred; | ||
76 | 77 | ||
77 | struct key_type; | 78 | struct key_type; |
78 | struct key_owner; | 79 | struct key_owner; |
@@ -181,7 +182,7 @@ struct key { | |||
181 | extern struct key *key_alloc(struct key_type *type, | 182 | extern struct key *key_alloc(struct key_type *type, |
182 | const char *desc, | 183 | const char *desc, |
183 | uid_t uid, gid_t gid, | 184 | uid_t uid, gid_t gid, |
184 | struct task_struct *ctx, | 185 | const struct cred *cred, |
185 | key_perm_t perm, | 186 | key_perm_t perm, |
186 | unsigned long flags); | 187 | unsigned long flags); |
187 | 188 | ||
@@ -249,7 +250,7 @@ extern int key_unlink(struct key *keyring, | |||
249 | struct key *key); | 250 | struct key *key); |
250 | 251 | ||
251 | extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, | 252 | extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, |
252 | struct task_struct *ctx, | 253 | const struct cred *cred, |
253 | unsigned long flags, | 254 | unsigned long flags, |
254 | struct key *dest); | 255 | struct key *dest); |
255 | 256 | ||
@@ -276,22 +277,12 @@ extern ctl_table key_sysctls[]; | |||
276 | /* | 277 | /* |
277 | * the userspace interface | 278 | * the userspace interface |
278 | */ | 279 | */ |
279 | extern void switch_uid_keyring(struct user_struct *new_user); | 280 | extern int install_thread_keyring_to_cred(struct cred *cred); |
280 | extern int copy_keys(unsigned long clone_flags, struct task_struct *tsk); | ||
281 | extern void exit_keys(struct task_struct *tsk); | ||
282 | extern int suid_keys(struct task_struct *tsk); | ||
283 | extern int exec_keys(struct task_struct *tsk); | 281 | extern int exec_keys(struct task_struct *tsk); |
284 | extern void key_fsuid_changed(struct task_struct *tsk); | 282 | extern void key_fsuid_changed(struct task_struct *tsk); |
285 | extern void key_fsgid_changed(struct task_struct *tsk); | 283 | extern void key_fsgid_changed(struct task_struct *tsk); |
286 | extern void key_init(void); | 284 | extern void key_init(void); |
287 | 285 | ||
288 | #define __install_session_keyring(keyring) \ | ||
289 | ({ \ | ||
290 | struct key *old_session = current->cred->tgcred->session_keyring; \ | ||
291 | current->cred->tgcred->session_keyring = keyring; \ | ||
292 | old_session; \ | ||
293 | }) | ||
294 | |||
295 | #else /* CONFIG_KEYS */ | 286 | #else /* CONFIG_KEYS */ |
296 | 287 | ||
297 | #define key_validate(k) 0 | 288 | #define key_validate(k) 0 |
@@ -303,11 +294,6 @@ extern void key_init(void); | |||
303 | #define make_key_ref(k, p) NULL | 294 | #define make_key_ref(k, p) NULL |
304 | #define key_ref_to_ptr(k) NULL | 295 | #define key_ref_to_ptr(k) NULL |
305 | #define is_key_possessed(k) 0 | 296 | #define is_key_possessed(k) 0 |
306 | #define switch_uid_keyring(u) do { } while(0) | ||
307 | #define __install_session_keyring(k) ({ NULL; }) | ||
308 | #define copy_keys(f,t) 0 | ||
309 | #define exit_keys(t) do { } while(0) | ||
310 | #define suid_keys(t) do { } while(0) | ||
311 | #define exec_keys(t) do { } while(0) | 297 | #define exec_keys(t) do { } while(0) |
312 | #define key_fsuid_changed(t) do { } while(0) | 298 | #define key_fsuid_changed(t) do { } while(0) |
313 | #define key_fsgid_changed(t) do { } while(0) | 299 | #define key_fsgid_changed(t) do { } while(0) |
diff --git a/include/linux/sched.h b/include/linux/sched.h index 2913252989b3..121d655e460d 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h | |||
@@ -1145,7 +1145,8 @@ struct task_struct { | |||
1145 | struct list_head cpu_timers[3]; | 1145 | struct list_head cpu_timers[3]; |
1146 | 1146 | ||
1147 | /* process credentials */ | 1147 | /* process credentials */ |
1148 | struct cred *cred; /* actual/objective task credentials */ | 1148 | const struct cred *cred; /* actual/objective task credentials (COW) */ |
1149 | struct mutex cred_exec_mutex; /* execve vs ptrace cred calculation mutex */ | ||
1149 | 1150 | ||
1150 | char comm[TASK_COMM_LEN]; /* executable name excluding path | 1151 | char comm[TASK_COMM_LEN]; /* executable name excluding path |
1151 | - access with [gs]et_task_comm (which lock | 1152 | - access with [gs]et_task_comm (which lock |
@@ -1720,7 +1721,6 @@ static inline struct user_struct *get_uid(struct user_struct *u) | |||
1720 | return u; | 1721 | return u; |
1721 | } | 1722 | } |
1722 | extern void free_uid(struct user_struct *); | 1723 | extern void free_uid(struct user_struct *); |
1723 | extern void switch_uid(struct user_struct *); | ||
1724 | extern void release_uids(struct user_namespace *ns); | 1724 | extern void release_uids(struct user_namespace *ns); |
1725 | 1725 | ||
1726 | #include <asm/current.h> | 1726 | #include <asm/current.h> |
@@ -1870,6 +1870,8 @@ static inline unsigned long wait_task_inactive(struct task_struct *p, | |||
1870 | #define for_each_process(p) \ | 1870 | #define for_each_process(p) \ |
1871 | for (p = &init_task ; (p = next_task(p)) != &init_task ; ) | 1871 | for (p = &init_task ; (p = next_task(p)) != &init_task ; ) |
1872 | 1872 | ||
1873 | extern bool is_single_threaded(struct task_struct *); | ||
1874 | |||
1873 | /* | 1875 | /* |
1874 | * Careful: do_each_thread/while_each_thread is a double loop so | 1876 | * Careful: do_each_thread/while_each_thread is a double loop so |
1875 | * 'break' will not work as expected - use goto instead. | 1877 | * 'break' will not work as expected - use goto instead. |
diff --git a/include/linux/security.h b/include/linux/security.h index 7e9fe046a0d1..68be11251447 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -53,24 +53,21 @@ extern int cap_settime(struct timespec *ts, struct timezone *tz); | |||
53 | extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); | 53 | extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); |
54 | extern int cap_ptrace_traceme(struct task_struct *parent); | 54 | extern int cap_ptrace_traceme(struct task_struct *parent); |
55 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); | 55 | extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); |
56 | extern int cap_capset_check(const kernel_cap_t *effective, | 56 | extern int cap_capset(struct cred *new, const struct cred *old, |
57 | const kernel_cap_t *inheritable, | 57 | const kernel_cap_t *effective, |
58 | const kernel_cap_t *permitted); | 58 | const kernel_cap_t *inheritable, |
59 | extern void cap_capset_set(const kernel_cap_t *effective, | 59 | const kernel_cap_t *permitted); |
60 | const kernel_cap_t *inheritable, | ||
61 | const kernel_cap_t *permitted); | ||
62 | extern int cap_bprm_set_security(struct linux_binprm *bprm); | 60 | extern int cap_bprm_set_security(struct linux_binprm *bprm); |
63 | extern void cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); | 61 | extern int cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); |
64 | extern int cap_bprm_secureexec(struct linux_binprm *bprm); | 62 | extern int cap_bprm_secureexec(struct linux_binprm *bprm); |
65 | extern int cap_inode_setxattr(struct dentry *dentry, const char *name, | 63 | extern int cap_inode_setxattr(struct dentry *dentry, const char *name, |
66 | const void *value, size_t size, int flags); | 64 | const void *value, size_t size, int flags); |
67 | extern int cap_inode_removexattr(struct dentry *dentry, const char *name); | 65 | extern int cap_inode_removexattr(struct dentry *dentry, const char *name); |
68 | extern int cap_inode_need_killpriv(struct dentry *dentry); | 66 | extern int cap_inode_need_killpriv(struct dentry *dentry); |
69 | extern int cap_inode_killpriv(struct dentry *dentry); | 67 | extern int cap_inode_killpriv(struct dentry *dentry); |
70 | extern int cap_task_post_setuid(uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); | 68 | extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags); |
71 | extern void cap_task_reparent_to_init(struct task_struct *p); | ||
72 | extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, | 69 | extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
73 | unsigned long arg4, unsigned long arg5, long *rc_p); | 70 | unsigned long arg4, unsigned long arg5); |
74 | extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp); | 71 | extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp); |
75 | extern int cap_task_setioprio(struct task_struct *p, int ioprio); | 72 | extern int cap_task_setioprio(struct task_struct *p, int ioprio); |
76 | extern int cap_task_setnice(struct task_struct *p, int nice); | 73 | extern int cap_task_setnice(struct task_struct *p, int nice); |
@@ -170,8 +167,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
170 | * Compute and set the security attributes of a process being transformed | 167 | * Compute and set the security attributes of a process being transformed |
171 | * by an execve operation based on the old attributes (current->security) | 168 | * by an execve operation based on the old attributes (current->security) |
172 | * and the information saved in @bprm->security by the set_security hook. | 169 | * and the information saved in @bprm->security by the set_security hook. |
173 | * Since this hook function (and its caller) are void, this hook can not | 170 | * Since this function may return an error, in which case the process will |
174 | * return an error. However, it can leave the security attributes of the | 171 | * be killed. However, it can leave the security attributes of the |
175 | * process unchanged if an access failure occurs at this point. | 172 | * process unchanged if an access failure occurs at this point. |
176 | * bprm_apply_creds is called under task_lock. @unsafe indicates various | 173 | * bprm_apply_creds is called under task_lock. @unsafe indicates various |
177 | * reasons why it may be unsafe to change security state. | 174 | * reasons why it may be unsafe to change security state. |
@@ -593,15 +590,18 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
593 | * manual page for definitions of the @clone_flags. | 590 | * manual page for definitions of the @clone_flags. |
594 | * @clone_flags contains the flags indicating what should be shared. | 591 | * @clone_flags contains the flags indicating what should be shared. |
595 | * Return 0 if permission is granted. | 592 | * Return 0 if permission is granted. |
596 | * @cred_alloc_security: | ||
597 | * @cred contains the cred struct for child process. | ||
598 | * Allocate and attach a security structure to the cred->security field. | ||
599 | * The security field is initialized to NULL when the task structure is | ||
600 | * allocated. | ||
601 | * Return 0 if operation was successful. | ||
602 | * @cred_free: | 593 | * @cred_free: |
603 | * @cred points to the credentials. | 594 | * @cred points to the credentials. |
604 | * Deallocate and clear the cred->security field in a set of credentials. | 595 | * Deallocate and clear the cred->security field in a set of credentials. |
596 | * @cred_prepare: | ||
597 | * @new points to the new credentials. | ||
598 | * @old points to the original credentials. | ||
599 | * @gfp indicates the atomicity of any memory allocations. | ||
600 | * Prepare a new set of credentials by copying the data from the old set. | ||
601 | * @cred_commit: | ||
602 | * @new points to the new credentials. | ||
603 | * @old points to the original credentials. | ||
604 | * Install a new set of credentials. | ||
605 | * @task_setuid: | 605 | * @task_setuid: |
606 | * Check permission before setting one or more of the user identity | 606 | * Check permission before setting one or more of the user identity |
607 | * attributes of the current process. The @flags parameter indicates | 607 | * attributes of the current process. The @flags parameter indicates |
@@ -614,15 +614,13 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
614 | * @id2 contains a uid. | 614 | * @id2 contains a uid. |
615 | * @flags contains one of the LSM_SETID_* values. | 615 | * @flags contains one of the LSM_SETID_* values. |
616 | * Return 0 if permission is granted. | 616 | * Return 0 if permission is granted. |
617 | * @task_post_setuid: | 617 | * @task_fix_setuid: |
618 | * Update the module's state after setting one or more of the user | 618 | * Update the module's state after setting one or more of the user |
619 | * identity attributes of the current process. The @flags parameter | 619 | * identity attributes of the current process. The @flags parameter |
620 | * indicates which of the set*uid system calls invoked this hook. If | 620 | * indicates which of the set*uid system calls invoked this hook. If |
621 | * @flags is LSM_SETID_FS, then @old_ruid is the old fs uid and the other | 621 | * @new is the set of credentials that will be installed. Modifications |
622 | * parameters are not used. | 622 | * should be made to this rather than to @current->cred. |
623 | * @old_ruid contains the old real uid (or fs uid if LSM_SETID_FS). | 623 | * @old is the set of credentials that are being replaces |
624 | * @old_euid contains the old effective uid (or -1 if LSM_SETID_FS). | ||
625 | * @old_suid contains the old saved uid (or -1 if LSM_SETID_FS). | ||
626 | * @flags contains one of the LSM_SETID_* values. | 624 | * @flags contains one of the LSM_SETID_* values. |
627 | * Return 0 on success. | 625 | * Return 0 on success. |
628 | * @task_setgid: | 626 | * @task_setgid: |
@@ -725,13 +723,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
725 | * @arg3 contains a argument. | 723 | * @arg3 contains a argument. |
726 | * @arg4 contains a argument. | 724 | * @arg4 contains a argument. |
727 | * @arg5 contains a argument. | 725 | * @arg5 contains a argument. |
728 | * @rc_p contains a pointer to communicate back the forced return code | 726 | * Return -ENOSYS if no-one wanted to handle this op, any other value to |
729 | * Return 0 if permission is granted, and non-zero if the security module | 727 | * cause prctl() to return immediately with that value. |
730 | * has taken responsibility (setting *rc_p) for the prctl call. | ||
731 | * @task_reparent_to_init: | ||
732 | * Set the security attributes in @p->security for a kernel thread that | ||
733 | * is being reparented to the init task. | ||
734 | * @p contains the task_struct for the kernel thread. | ||
735 | * @task_to_inode: | 728 | * @task_to_inode: |
736 | * Set the security attributes for an inode based on an associated task's | 729 | * Set the security attributes for an inode based on an associated task's |
737 | * security attributes, e.g. for /proc/pid inodes. | 730 | * security attributes, e.g. for /proc/pid inodes. |
@@ -1008,7 +1001,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1008 | * See whether a specific operational right is granted to a process on a | 1001 | * See whether a specific operational right is granted to a process on a |
1009 | * key. | 1002 | * key. |
1010 | * @key_ref refers to the key (key pointer + possession attribute bit). | 1003 | * @key_ref refers to the key (key pointer + possession attribute bit). |
1011 | * @context points to the process to provide the context against which to | 1004 | * @cred points to the credentials to provide the context against which to |
1012 | * evaluate the security data on the key. | 1005 | * evaluate the security data on the key. |
1013 | * @perm describes the combination of permissions required of this key. | 1006 | * @perm describes the combination of permissions required of this key. |
1014 | * Return 1 if permission granted, 0 if permission denied and -ve it the | 1007 | * Return 1 if permission granted, 0 if permission denied and -ve it the |
@@ -1170,6 +1163,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1170 | * @child process. | 1163 | * @child process. |
1171 | * Security modules may also want to perform a process tracing check | 1164 | * Security modules may also want to perform a process tracing check |
1172 | * during an execve in the set_security or apply_creds hooks of | 1165 | * during an execve in the set_security or apply_creds hooks of |
1166 | * tracing check during an execve in the bprm_set_creds hook of | ||
1173 | * binprm_security_ops if the process is being traced and its security | 1167 | * binprm_security_ops if the process is being traced and its security |
1174 | * attributes would be changed by the execve. | 1168 | * attributes would be changed by the execve. |
1175 | * @child contains the task_struct structure for the target process. | 1169 | * @child contains the task_struct structure for the target process. |
@@ -1193,19 +1187,15 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1193 | * @inheritable contains the inheritable capability set. | 1187 | * @inheritable contains the inheritable capability set. |
1194 | * @permitted contains the permitted capability set. | 1188 | * @permitted contains the permitted capability set. |
1195 | * Return 0 if the capability sets were successfully obtained. | 1189 | * Return 0 if the capability sets were successfully obtained. |
1196 | * @capset_check: | 1190 | * @capset: |
1197 | * Check permission before setting the @effective, @inheritable, and | ||
1198 | * @permitted capability sets for the current process. | ||
1199 | * @effective contains the effective capability set. | ||
1200 | * @inheritable contains the inheritable capability set. | ||
1201 | * @permitted contains the permitted capability set. | ||
1202 | * Return 0 if permission is granted. | ||
1203 | * @capset_set: | ||
1204 | * Set the @effective, @inheritable, and @permitted capability sets for | 1191 | * Set the @effective, @inheritable, and @permitted capability sets for |
1205 | * the current process. | 1192 | * the current process. |
1193 | * @new contains the new credentials structure for target process. | ||
1194 | * @old contains the current credentials structure for target process. | ||
1206 | * @effective contains the effective capability set. | 1195 | * @effective contains the effective capability set. |
1207 | * @inheritable contains the inheritable capability set. | 1196 | * @inheritable contains the inheritable capability set. |
1208 | * @permitted contains the permitted capability set. | 1197 | * @permitted contains the permitted capability set. |
1198 | * Return 0 and update @new if permission is granted. | ||
1209 | * @capable: | 1199 | * @capable: |
1210 | * Check whether the @tsk process has the @cap capability. | 1200 | * Check whether the @tsk process has the @cap capability. |
1211 | * @tsk contains the task_struct for the process. | 1201 | * @tsk contains the task_struct for the process. |
@@ -1297,12 +1287,11 @@ struct security_operations { | |||
1297 | int (*capget) (struct task_struct *target, | 1287 | int (*capget) (struct task_struct *target, |
1298 | kernel_cap_t *effective, | 1288 | kernel_cap_t *effective, |
1299 | kernel_cap_t *inheritable, kernel_cap_t *permitted); | 1289 | kernel_cap_t *inheritable, kernel_cap_t *permitted); |
1300 | int (*capset_check) (const kernel_cap_t *effective, | 1290 | int (*capset) (struct cred *new, |
1301 | const kernel_cap_t *inheritable, | 1291 | const struct cred *old, |
1302 | const kernel_cap_t *permitted); | 1292 | const kernel_cap_t *effective, |
1303 | void (*capset_set) (const kernel_cap_t *effective, | 1293 | const kernel_cap_t *inheritable, |
1304 | const kernel_cap_t *inheritable, | 1294 | const kernel_cap_t *permitted); |
1305 | const kernel_cap_t *permitted); | ||
1306 | int (*capable) (struct task_struct *tsk, int cap, int audit); | 1295 | int (*capable) (struct task_struct *tsk, int cap, int audit); |
1307 | int (*acct) (struct file *file); | 1296 | int (*acct) (struct file *file); |
1308 | int (*sysctl) (struct ctl_table *table, int op); | 1297 | int (*sysctl) (struct ctl_table *table, int op); |
@@ -1314,7 +1303,7 @@ struct security_operations { | |||
1314 | 1303 | ||
1315 | int (*bprm_alloc_security) (struct linux_binprm *bprm); | 1304 | int (*bprm_alloc_security) (struct linux_binprm *bprm); |
1316 | void (*bprm_free_security) (struct linux_binprm *bprm); | 1305 | void (*bprm_free_security) (struct linux_binprm *bprm); |
1317 | void (*bprm_apply_creds) (struct linux_binprm *bprm, int unsafe); | 1306 | int (*bprm_apply_creds) (struct linux_binprm *bprm, int unsafe); |
1318 | void (*bprm_post_apply_creds) (struct linux_binprm *bprm); | 1307 | void (*bprm_post_apply_creds) (struct linux_binprm *bprm); |
1319 | int (*bprm_set_security) (struct linux_binprm *bprm); | 1308 | int (*bprm_set_security) (struct linux_binprm *bprm); |
1320 | int (*bprm_check_security) (struct linux_binprm *bprm); | 1309 | int (*bprm_check_security) (struct linux_binprm *bprm); |
@@ -1405,11 +1394,13 @@ struct security_operations { | |||
1405 | int (*dentry_open) (struct file *file, const struct cred *cred); | 1394 | int (*dentry_open) (struct file *file, const struct cred *cred); |
1406 | 1395 | ||
1407 | int (*task_create) (unsigned long clone_flags); | 1396 | int (*task_create) (unsigned long clone_flags); |
1408 | int (*cred_alloc_security) (struct cred *cred); | ||
1409 | void (*cred_free) (struct cred *cred); | 1397 | void (*cred_free) (struct cred *cred); |
1398 | int (*cred_prepare)(struct cred *new, const struct cred *old, | ||
1399 | gfp_t gfp); | ||
1400 | void (*cred_commit)(struct cred *new, const struct cred *old); | ||
1410 | int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); | 1401 | int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); |
1411 | int (*task_post_setuid) (uid_t old_ruid /* or fsuid */ , | 1402 | int (*task_fix_setuid) (struct cred *new, const struct cred *old, |
1412 | uid_t old_euid, uid_t old_suid, int flags); | 1403 | int flags); |
1413 | int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); | 1404 | int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); |
1414 | int (*task_setpgid) (struct task_struct *p, pid_t pgid); | 1405 | int (*task_setpgid) (struct task_struct *p, pid_t pgid); |
1415 | int (*task_getpgid) (struct task_struct *p); | 1406 | int (*task_getpgid) (struct task_struct *p); |
@@ -1429,8 +1420,7 @@ struct security_operations { | |||
1429 | int (*task_wait) (struct task_struct *p); | 1420 | int (*task_wait) (struct task_struct *p); |
1430 | int (*task_prctl) (int option, unsigned long arg2, | 1421 | int (*task_prctl) (int option, unsigned long arg2, |
1431 | unsigned long arg3, unsigned long arg4, | 1422 | unsigned long arg3, unsigned long arg4, |
1432 | unsigned long arg5, long *rc_p); | 1423 | unsigned long arg5); |
1433 | void (*task_reparent_to_init) (struct task_struct *p); | ||
1434 | void (*task_to_inode) (struct task_struct *p, struct inode *inode); | 1424 | void (*task_to_inode) (struct task_struct *p, struct inode *inode); |
1435 | 1425 | ||
1436 | int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag); | 1426 | int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag); |
@@ -1535,10 +1525,10 @@ struct security_operations { | |||
1535 | 1525 | ||
1536 | /* key management security hooks */ | 1526 | /* key management security hooks */ |
1537 | #ifdef CONFIG_KEYS | 1527 | #ifdef CONFIG_KEYS |
1538 | int (*key_alloc) (struct key *key, struct task_struct *tsk, unsigned long flags); | 1528 | int (*key_alloc) (struct key *key, const struct cred *cred, unsigned long flags); |
1539 | void (*key_free) (struct key *key); | 1529 | void (*key_free) (struct key *key); |
1540 | int (*key_permission) (key_ref_t key_ref, | 1530 | int (*key_permission) (key_ref_t key_ref, |
1541 | struct task_struct *context, | 1531 | const struct cred *cred, |
1542 | key_perm_t perm); | 1532 | key_perm_t perm); |
1543 | int (*key_getsecurity)(struct key *key, char **_buffer); | 1533 | int (*key_getsecurity)(struct key *key, char **_buffer); |
1544 | #endif /* CONFIG_KEYS */ | 1534 | #endif /* CONFIG_KEYS */ |
@@ -1564,12 +1554,10 @@ int security_capget(struct task_struct *target, | |||
1564 | kernel_cap_t *effective, | 1554 | kernel_cap_t *effective, |
1565 | kernel_cap_t *inheritable, | 1555 | kernel_cap_t *inheritable, |
1566 | kernel_cap_t *permitted); | 1556 | kernel_cap_t *permitted); |
1567 | int security_capset_check(const kernel_cap_t *effective, | 1557 | int security_capset(struct cred *new, const struct cred *old, |
1568 | const kernel_cap_t *inheritable, | 1558 | const kernel_cap_t *effective, |
1569 | const kernel_cap_t *permitted); | 1559 | const kernel_cap_t *inheritable, |
1570 | void security_capset_set(const kernel_cap_t *effective, | 1560 | const kernel_cap_t *permitted); |
1571 | const kernel_cap_t *inheritable, | ||
1572 | const kernel_cap_t *permitted); | ||
1573 | int security_capable(struct task_struct *tsk, int cap); | 1561 | int security_capable(struct task_struct *tsk, int cap); |
1574 | int security_capable_noaudit(struct task_struct *tsk, int cap); | 1562 | int security_capable_noaudit(struct task_struct *tsk, int cap); |
1575 | int security_acct(struct file *file); | 1563 | int security_acct(struct file *file); |
@@ -1583,7 +1571,7 @@ int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); | |||
1583 | int security_vm_enough_memory_kern(long pages); | 1571 | int security_vm_enough_memory_kern(long pages); |
1584 | int security_bprm_alloc(struct linux_binprm *bprm); | 1572 | int security_bprm_alloc(struct linux_binprm *bprm); |
1585 | void security_bprm_free(struct linux_binprm *bprm); | 1573 | void security_bprm_free(struct linux_binprm *bprm); |
1586 | void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); | 1574 | int security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); |
1587 | void security_bprm_post_apply_creds(struct linux_binprm *bprm); | 1575 | void security_bprm_post_apply_creds(struct linux_binprm *bprm); |
1588 | int security_bprm_set(struct linux_binprm *bprm); | 1576 | int security_bprm_set(struct linux_binprm *bprm); |
1589 | int security_bprm_check(struct linux_binprm *bprm); | 1577 | int security_bprm_check(struct linux_binprm *bprm); |
@@ -1660,11 +1648,12 @@ int security_file_send_sigiotask(struct task_struct *tsk, | |||
1660 | int security_file_receive(struct file *file); | 1648 | int security_file_receive(struct file *file); |
1661 | int security_dentry_open(struct file *file, const struct cred *cred); | 1649 | int security_dentry_open(struct file *file, const struct cred *cred); |
1662 | int security_task_create(unsigned long clone_flags); | 1650 | int security_task_create(unsigned long clone_flags); |
1663 | int security_cred_alloc(struct cred *cred); | ||
1664 | void security_cred_free(struct cred *cred); | 1651 | void security_cred_free(struct cred *cred); |
1652 | int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); | ||
1653 | void security_commit_creds(struct cred *new, const struct cred *old); | ||
1665 | int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); | 1654 | int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); |
1666 | int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, | 1655 | int security_task_fix_setuid(struct cred *new, const struct cred *old, |
1667 | uid_t old_suid, int flags); | 1656 | int flags); |
1668 | int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); | 1657 | int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); |
1669 | int security_task_setpgid(struct task_struct *p, pid_t pgid); | 1658 | int security_task_setpgid(struct task_struct *p, pid_t pgid); |
1670 | int security_task_getpgid(struct task_struct *p); | 1659 | int security_task_getpgid(struct task_struct *p); |
@@ -1683,8 +1672,7 @@ int security_task_kill(struct task_struct *p, struct siginfo *info, | |||
1683 | int sig, u32 secid); | 1672 | int sig, u32 secid); |
1684 | int security_task_wait(struct task_struct *p); | 1673 | int security_task_wait(struct task_struct *p); |
1685 | int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, | 1674 | int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
1686 | unsigned long arg4, unsigned long arg5, long *rc_p); | 1675 | unsigned long arg4, unsigned long arg5); |
1687 | void security_task_reparent_to_init(struct task_struct *p); | ||
1688 | void security_task_to_inode(struct task_struct *p, struct inode *inode); | 1676 | void security_task_to_inode(struct task_struct *p, struct inode *inode); |
1689 | int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); | 1677 | int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); |
1690 | void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); | 1678 | void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); |
@@ -1759,18 +1747,13 @@ static inline int security_capget(struct task_struct *target, | |||
1759 | return cap_capget(target, effective, inheritable, permitted); | 1747 | return cap_capget(target, effective, inheritable, permitted); |
1760 | } | 1748 | } |
1761 | 1749 | ||
1762 | static inline int security_capset_check(const kernel_cap_t *effective, | 1750 | static inline int security_capset(struct cred *new, |
1763 | const kernel_cap_t *inheritable, | 1751 | const struct cred *old, |
1764 | const kernel_cap_t *permitted) | 1752 | const kernel_cap_t *effective, |
1753 | const kernel_cap_t *inheritable, | ||
1754 | const kernel_cap_t *permitted) | ||
1765 | { | 1755 | { |
1766 | return cap_capset_check(effective, inheritable, permitted); | 1756 | return cap_capset(new, old, effective, inheritable, permitted); |
1767 | } | ||
1768 | |||
1769 | static inline void security_capset_set(const kernel_cap_t *effective, | ||
1770 | const kernel_cap_t *inheritable, | ||
1771 | const kernel_cap_t *permitted) | ||
1772 | { | ||
1773 | cap_capset_set(effective, inheritable, permitted); | ||
1774 | } | 1757 | } |
1775 | 1758 | ||
1776 | static inline int security_capable(struct task_struct *tsk, int cap) | 1759 | static inline int security_capable(struct task_struct *tsk, int cap) |
@@ -1837,9 +1820,9 @@ static inline int security_bprm_alloc(struct linux_binprm *bprm) | |||
1837 | static inline void security_bprm_free(struct linux_binprm *bprm) | 1820 | static inline void security_bprm_free(struct linux_binprm *bprm) |
1838 | { } | 1821 | { } |
1839 | 1822 | ||
1840 | static inline void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) | 1823 | static inline int security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) |
1841 | { | 1824 | { |
1842 | cap_bprm_apply_creds(bprm, unsafe); | 1825 | return cap_bprm_apply_creds(bprm, unsafe); |
1843 | } | 1826 | } |
1844 | 1827 | ||
1845 | static inline void security_bprm_post_apply_creds(struct linux_binprm *bprm) | 1828 | static inline void security_bprm_post_apply_creds(struct linux_binprm *bprm) |
@@ -2182,13 +2165,20 @@ static inline int security_task_create(unsigned long clone_flags) | |||
2182 | return 0; | 2165 | return 0; |
2183 | } | 2166 | } |
2184 | 2167 | ||
2185 | static inline int security_cred_alloc(struct cred *cred) | 2168 | static inline void security_cred_free(struct cred *cred) |
2169 | { } | ||
2170 | |||
2171 | static inline int security_prepare_creds(struct cred *new, | ||
2172 | const struct cred *old, | ||
2173 | gfp_t gfp) | ||
2186 | { | 2174 | { |
2187 | return 0; | 2175 | return 0; |
2188 | } | 2176 | } |
2189 | 2177 | ||
2190 | static inline void security_cred_free(struct cred *cred) | 2178 | static inline void security_commit_creds(struct cred *new, |
2191 | { } | 2179 | const struct cred *old) |
2180 | { | ||
2181 | } | ||
2192 | 2182 | ||
2193 | static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, | 2183 | static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, |
2194 | int flags) | 2184 | int flags) |
@@ -2196,10 +2186,11 @@ static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, | |||
2196 | return 0; | 2186 | return 0; |
2197 | } | 2187 | } |
2198 | 2188 | ||
2199 | static inline int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, | 2189 | static inline int security_task_fix_setuid(struct cred *new, |
2200 | uid_t old_suid, int flags) | 2190 | const struct cred *old, |
2191 | int flags) | ||
2201 | { | 2192 | { |
2202 | return cap_task_post_setuid(old_ruid, old_euid, old_suid, flags); | 2193 | return cap_task_fix_setuid(new, old, flags); |
2203 | } | 2194 | } |
2204 | 2195 | ||
2205 | static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, | 2196 | static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, |
@@ -2286,14 +2277,9 @@ static inline int security_task_wait(struct task_struct *p) | |||
2286 | static inline int security_task_prctl(int option, unsigned long arg2, | 2277 | static inline int security_task_prctl(int option, unsigned long arg2, |
2287 | unsigned long arg3, | 2278 | unsigned long arg3, |
2288 | unsigned long arg4, | 2279 | unsigned long arg4, |
2289 | unsigned long arg5, long *rc_p) | 2280 | unsigned long arg5) |
2290 | { | ||
2291 | return cap_task_prctl(option, arg2, arg3, arg3, arg5, rc_p); | ||
2292 | } | ||
2293 | |||
2294 | static inline void security_task_reparent_to_init(struct task_struct *p) | ||
2295 | { | 2281 | { |
2296 | cap_task_reparent_to_init(p); | 2282 | return cap_task_prctl(option, arg2, arg3, arg3, arg5); |
2297 | } | 2283 | } |
2298 | 2284 | ||
2299 | static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) | 2285 | static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) |
@@ -2719,16 +2705,16 @@ static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi | |||
2719 | #ifdef CONFIG_KEYS | 2705 | #ifdef CONFIG_KEYS |
2720 | #ifdef CONFIG_SECURITY | 2706 | #ifdef CONFIG_SECURITY |
2721 | 2707 | ||
2722 | int security_key_alloc(struct key *key, struct task_struct *tsk, unsigned long flags); | 2708 | int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags); |
2723 | void security_key_free(struct key *key); | 2709 | void security_key_free(struct key *key); |
2724 | int security_key_permission(key_ref_t key_ref, | 2710 | int security_key_permission(key_ref_t key_ref, |
2725 | struct task_struct *context, key_perm_t perm); | 2711 | const struct cred *cred, key_perm_t perm); |
2726 | int security_key_getsecurity(struct key *key, char **_buffer); | 2712 | int security_key_getsecurity(struct key *key, char **_buffer); |
2727 | 2713 | ||
2728 | #else | 2714 | #else |
2729 | 2715 | ||
2730 | static inline int security_key_alloc(struct key *key, | 2716 | static inline int security_key_alloc(struct key *key, |
2731 | struct task_struct *tsk, | 2717 | const struct cred *cred, |
2732 | unsigned long flags) | 2718 | unsigned long flags) |
2733 | { | 2719 | { |
2734 | return 0; | 2720 | return 0; |
@@ -2739,7 +2725,7 @@ static inline void security_key_free(struct key *key) | |||
2739 | } | 2725 | } |
2740 | 2726 | ||
2741 | static inline int security_key_permission(key_ref_t key_ref, | 2727 | static inline int security_key_permission(key_ref_t key_ref, |
2742 | struct task_struct *context, | 2728 | const struct cred *cred, |
2743 | key_perm_t perm) | 2729 | key_perm_t perm) |
2744 | { | 2730 | { |
2745 | return 0; | 2731 | return 0; |