aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/linux/security.h1190
1 files changed, 206 insertions, 984 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 928d4793c6f4..a300a3f2fe68 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -54,7 +54,7 @@ extern int cap_inode_removexattr(struct dentry *dentry, char *name);
54extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); 54extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
55extern void cap_task_reparent_to_init (struct task_struct *p); 55extern void cap_task_reparent_to_init (struct task_struct *p);
56extern int cap_syslog (int type); 56extern int cap_syslog (int type);
57extern int cap_vm_enough_memory (struct mm_struct *mm, long pages); 57extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
58 58
59struct msghdr; 59struct msghdr;
60struct sk_buff; 60struct sk_buff;
@@ -1409,742 +1409,6 @@ struct security_operations {
1409 1409
1410}; 1410};
1411 1411
1412/* global variables */
1413extern struct security_operations *security_ops;
1414
1415/* inline stuff */
1416static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
1417{
1418 return security_ops->ptrace (parent, child);
1419}
1420
1421static inline int security_capget (struct task_struct *target,
1422 kernel_cap_t *effective,
1423 kernel_cap_t *inheritable,
1424 kernel_cap_t *permitted)
1425{
1426 return security_ops->capget (target, effective, inheritable, permitted);
1427}
1428
1429static inline int security_capset_check (struct task_struct *target,
1430 kernel_cap_t *effective,
1431 kernel_cap_t *inheritable,
1432 kernel_cap_t *permitted)
1433{
1434 return security_ops->capset_check (target, effective, inheritable, permitted);
1435}
1436
1437static inline void security_capset_set (struct task_struct *target,
1438 kernel_cap_t *effective,
1439 kernel_cap_t *inheritable,
1440 kernel_cap_t *permitted)
1441{
1442 security_ops->capset_set (target, effective, inheritable, permitted);
1443}
1444
1445static inline int security_capable(struct task_struct *tsk, int cap)
1446{
1447 return security_ops->capable(tsk, cap);
1448}
1449
1450static inline int security_acct (struct file *file)
1451{
1452 return security_ops->acct (file);
1453}
1454
1455static inline int security_sysctl(struct ctl_table *table, int op)
1456{
1457 return security_ops->sysctl(table, op);
1458}
1459
1460static inline int security_quotactl (int cmds, int type, int id,
1461 struct super_block *sb)
1462{
1463 return security_ops->quotactl (cmds, type, id, sb);
1464}
1465
1466static inline int security_quota_on (struct dentry * dentry)
1467{
1468 return security_ops->quota_on (dentry);
1469}
1470
1471static inline int security_syslog(int type)
1472{
1473 return security_ops->syslog(type);
1474}
1475
1476static inline int security_settime(struct timespec *ts, struct timezone *tz)
1477{
1478 return security_ops->settime(ts, tz);
1479}
1480
1481static inline int security_vm_enough_memory(long pages)
1482{
1483 return security_ops->vm_enough_memory(current->mm, pages);
1484}
1485
1486static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
1487{
1488 return security_ops->vm_enough_memory(mm, pages);
1489}
1490
1491static inline int security_bprm_alloc (struct linux_binprm *bprm)
1492{
1493 return security_ops->bprm_alloc_security (bprm);
1494}
1495static inline void security_bprm_free (struct linux_binprm *bprm)
1496{
1497 security_ops->bprm_free_security (bprm);
1498}
1499static inline void security_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
1500{
1501 security_ops->bprm_apply_creds (bprm, unsafe);
1502}
1503static inline void security_bprm_post_apply_creds (struct linux_binprm *bprm)
1504{
1505 security_ops->bprm_post_apply_creds (bprm);
1506}
1507static inline int security_bprm_set (struct linux_binprm *bprm)
1508{
1509 return security_ops->bprm_set_security (bprm);
1510}
1511
1512static inline int security_bprm_check (struct linux_binprm *bprm)
1513{
1514 return security_ops->bprm_check_security (bprm);
1515}
1516
1517static inline int security_bprm_secureexec (struct linux_binprm *bprm)
1518{
1519 return security_ops->bprm_secureexec (bprm);
1520}
1521
1522static inline int security_sb_alloc (struct super_block *sb)
1523{
1524 return security_ops->sb_alloc_security (sb);
1525}
1526
1527static inline void security_sb_free (struct super_block *sb)
1528{
1529 security_ops->sb_free_security (sb);
1530}
1531
1532static inline int security_sb_copy_data (struct file_system_type *type,
1533 void *orig, void *copy)
1534{
1535 return security_ops->sb_copy_data (type, orig, copy);
1536}
1537
1538static inline int security_sb_kern_mount (struct super_block *sb, void *data)
1539{
1540 return security_ops->sb_kern_mount (sb, data);
1541}
1542
1543static inline int security_sb_statfs (struct dentry *dentry)
1544{
1545 return security_ops->sb_statfs (dentry);
1546}
1547
1548static inline int security_sb_mount (char *dev_name, struct nameidata *nd,
1549 char *type, unsigned long flags,
1550 void *data)
1551{
1552 return security_ops->sb_mount (dev_name, nd, type, flags, data);
1553}
1554
1555static inline int security_sb_check_sb (struct vfsmount *mnt,
1556 struct nameidata *nd)
1557{
1558 return security_ops->sb_check_sb (mnt, nd);
1559}
1560
1561static inline int security_sb_umount (struct vfsmount *mnt, int flags)
1562{
1563 return security_ops->sb_umount (mnt, flags);
1564}
1565
1566static inline void security_sb_umount_close (struct vfsmount *mnt)
1567{
1568 security_ops->sb_umount_close (mnt);
1569}
1570
1571static inline void security_sb_umount_busy (struct vfsmount *mnt)
1572{
1573 security_ops->sb_umount_busy (mnt);
1574}
1575
1576static inline void security_sb_post_remount (struct vfsmount *mnt,
1577 unsigned long flags, void *data)
1578{
1579 security_ops->sb_post_remount (mnt, flags, data);
1580}
1581
1582static inline void security_sb_post_mountroot (void)
1583{
1584 security_ops->sb_post_mountroot ();
1585}
1586
1587static inline void security_sb_post_addmount (struct vfsmount *mnt,
1588 struct nameidata *mountpoint_nd)
1589{
1590 security_ops->sb_post_addmount (mnt, mountpoint_nd);
1591}
1592
1593static inline int security_sb_pivotroot (struct nameidata *old_nd,
1594 struct nameidata *new_nd)
1595{
1596 return security_ops->sb_pivotroot (old_nd, new_nd);
1597}
1598
1599static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
1600 struct nameidata *new_nd)
1601{
1602 security_ops->sb_post_pivotroot (old_nd, new_nd);
1603}
1604
1605static inline int security_inode_alloc (struct inode *inode)
1606{
1607 inode->i_security = NULL;
1608 return security_ops->inode_alloc_security (inode);
1609}
1610
1611static inline void security_inode_free (struct inode *inode)
1612{
1613 security_ops->inode_free_security (inode);
1614}
1615
1616static inline int security_inode_init_security (struct inode *inode,
1617 struct inode *dir,
1618 char **name,
1619 void **value,
1620 size_t *len)
1621{
1622 if (unlikely (IS_PRIVATE (inode)))
1623 return -EOPNOTSUPP;
1624 return security_ops->inode_init_security (inode, dir, name, value, len);
1625}
1626
1627static inline int security_inode_create (struct inode *dir,
1628 struct dentry *dentry,
1629 int mode)
1630{
1631 if (unlikely (IS_PRIVATE (dir)))
1632 return 0;
1633 return security_ops->inode_create (dir, dentry, mode);
1634}
1635
1636static inline int security_inode_link (struct dentry *old_dentry,
1637 struct inode *dir,
1638 struct dentry *new_dentry)
1639{
1640 if (unlikely (IS_PRIVATE (old_dentry->d_inode)))
1641 return 0;
1642 return security_ops->inode_link (old_dentry, dir, new_dentry);
1643}
1644
1645static inline int security_inode_unlink (struct inode *dir,
1646 struct dentry *dentry)
1647{
1648 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1649 return 0;
1650 return security_ops->inode_unlink (dir, dentry);
1651}
1652
1653static inline int security_inode_symlink (struct inode *dir,
1654 struct dentry *dentry,
1655 const char *old_name)
1656{
1657 if (unlikely (IS_PRIVATE (dir)))
1658 return 0;
1659 return security_ops->inode_symlink (dir, dentry, old_name);
1660}
1661
1662static inline int security_inode_mkdir (struct inode *dir,
1663 struct dentry *dentry,
1664 int mode)
1665{
1666 if (unlikely (IS_PRIVATE (dir)))
1667 return 0;
1668 return security_ops->inode_mkdir (dir, dentry, mode);
1669}
1670
1671static inline int security_inode_rmdir (struct inode *dir,
1672 struct dentry *dentry)
1673{
1674 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1675 return 0;
1676 return security_ops->inode_rmdir (dir, dentry);
1677}
1678
1679static inline int security_inode_mknod (struct inode *dir,
1680 struct dentry *dentry,
1681 int mode, dev_t dev)
1682{
1683 if (unlikely (IS_PRIVATE (dir)))
1684 return 0;
1685 return security_ops->inode_mknod (dir, dentry, mode, dev);
1686}
1687
1688static inline int security_inode_rename (struct inode *old_dir,
1689 struct dentry *old_dentry,
1690 struct inode *new_dir,
1691 struct dentry *new_dentry)
1692{
1693 if (unlikely (IS_PRIVATE (old_dentry->d_inode) ||
1694 (new_dentry->d_inode && IS_PRIVATE (new_dentry->d_inode))))
1695 return 0;
1696 return security_ops->inode_rename (old_dir, old_dentry,
1697 new_dir, new_dentry);
1698}
1699
1700static inline int security_inode_readlink (struct dentry *dentry)
1701{
1702 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1703 return 0;
1704 return security_ops->inode_readlink (dentry);
1705}
1706
1707static inline int security_inode_follow_link (struct dentry *dentry,
1708 struct nameidata *nd)
1709{
1710 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1711 return 0;
1712 return security_ops->inode_follow_link (dentry, nd);
1713}
1714
1715static inline int security_inode_permission (struct inode *inode, int mask,
1716 struct nameidata *nd)
1717{
1718 if (unlikely (IS_PRIVATE (inode)))
1719 return 0;
1720 return security_ops->inode_permission (inode, mask, nd);
1721}
1722
1723static inline int security_inode_setattr (struct dentry *dentry,
1724 struct iattr *attr)
1725{
1726 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1727 return 0;
1728 return security_ops->inode_setattr (dentry, attr);
1729}
1730
1731static inline int security_inode_getattr (struct vfsmount *mnt,
1732 struct dentry *dentry)
1733{
1734 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1735 return 0;
1736 return security_ops->inode_getattr (mnt, dentry);
1737}
1738
1739static inline void security_inode_delete (struct inode *inode)
1740{
1741 if (unlikely (IS_PRIVATE (inode)))
1742 return;
1743 security_ops->inode_delete (inode);
1744}
1745
1746static inline int security_inode_setxattr (struct dentry *dentry, char *name,
1747 void *value, size_t size, int flags)
1748{
1749 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1750 return 0;
1751 return security_ops->inode_setxattr (dentry, name, value, size, flags);
1752}
1753
1754static inline void security_inode_post_setxattr (struct dentry *dentry, char *name,
1755 void *value, size_t size, int flags)
1756{
1757 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1758 return;
1759 security_ops->inode_post_setxattr (dentry, name, value, size, flags);
1760}
1761
1762static inline int security_inode_getxattr (struct dentry *dentry, char *name)
1763{
1764 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1765 return 0;
1766 return security_ops->inode_getxattr (dentry, name);
1767}
1768
1769static inline int security_inode_listxattr (struct dentry *dentry)
1770{
1771 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1772 return 0;
1773 return security_ops->inode_listxattr (dentry);
1774}
1775
1776static inline int security_inode_removexattr (struct dentry *dentry, char *name)
1777{
1778 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1779 return 0;
1780 return security_ops->inode_removexattr (dentry, name);
1781}
1782
1783static inline const char *security_inode_xattr_getsuffix(void)
1784{
1785 return security_ops->inode_xattr_getsuffix();
1786}
1787
1788static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
1789{
1790 if (unlikely (IS_PRIVATE (inode)))
1791 return 0;
1792 return security_ops->inode_getsecurity(inode, name, buffer, size, err);
1793}
1794
1795static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
1796{
1797 if (unlikely (IS_PRIVATE (inode)))
1798 return 0;
1799 return security_ops->inode_setsecurity(inode, name, value, size, flags);
1800}
1801
1802static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
1803{
1804 if (unlikely (IS_PRIVATE (inode)))
1805 return 0;
1806 return security_ops->inode_listsecurity(inode, buffer, buffer_size);
1807}
1808
1809static inline int security_file_permission (struct file *file, int mask)
1810{
1811 return security_ops->file_permission (file, mask);
1812}
1813
1814static inline int security_file_alloc (struct file *file)
1815{
1816 return security_ops->file_alloc_security (file);
1817}
1818
1819static inline void security_file_free (struct file *file)
1820{
1821 security_ops->file_free_security (file);
1822}
1823
1824static inline int security_file_ioctl (struct file *file, unsigned int cmd,
1825 unsigned long arg)
1826{
1827 return security_ops->file_ioctl (file, cmd, arg);
1828}
1829
1830static inline int security_file_mmap (struct file *file, unsigned long reqprot,
1831 unsigned long prot,
1832 unsigned long flags,
1833 unsigned long addr,
1834 unsigned long addr_only)
1835{
1836 return security_ops->file_mmap (file, reqprot, prot, flags, addr,
1837 addr_only);
1838}
1839
1840static inline int security_file_mprotect (struct vm_area_struct *vma,
1841 unsigned long reqprot,
1842 unsigned long prot)
1843{
1844 return security_ops->file_mprotect (vma, reqprot, prot);
1845}
1846
1847static inline int security_file_lock (struct file *file, unsigned int cmd)
1848{
1849 return security_ops->file_lock (file, cmd);
1850}
1851
1852static inline int security_file_fcntl (struct file *file, unsigned int cmd,
1853 unsigned long arg)
1854{
1855 return security_ops->file_fcntl (file, cmd, arg);
1856}
1857
1858static inline int security_file_set_fowner (struct file *file)
1859{
1860 return security_ops->file_set_fowner (file);
1861}
1862
1863static inline int security_file_send_sigiotask (struct task_struct *tsk,
1864 struct fown_struct *fown,
1865 int sig)
1866{
1867 return security_ops->file_send_sigiotask (tsk, fown, sig);
1868}
1869
1870static inline int security_file_receive (struct file *file)
1871{
1872 return security_ops->file_receive (file);
1873}
1874
1875static inline int security_dentry_open (struct file *file)
1876{
1877 return security_ops->dentry_open (file);
1878}
1879
1880static inline int security_task_create (unsigned long clone_flags)
1881{
1882 return security_ops->task_create (clone_flags);
1883}
1884
1885static inline int security_task_alloc (struct task_struct *p)
1886{
1887 return security_ops->task_alloc_security (p);
1888}
1889
1890static inline void security_task_free (struct task_struct *p)
1891{
1892 security_ops->task_free_security (p);
1893}
1894
1895static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2,
1896 int flags)
1897{
1898 return security_ops->task_setuid (id0, id1, id2, flags);
1899}
1900
1901static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid,
1902 uid_t old_suid, int flags)
1903{
1904 return security_ops->task_post_setuid (old_ruid, old_euid, old_suid, flags);
1905}
1906
1907static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2,
1908 int flags)
1909{
1910 return security_ops->task_setgid (id0, id1, id2, flags);
1911}
1912
1913static inline int security_task_setpgid (struct task_struct *p, pid_t pgid)
1914{
1915 return security_ops->task_setpgid (p, pgid);
1916}
1917
1918static inline int security_task_getpgid (struct task_struct *p)
1919{
1920 return security_ops->task_getpgid (p);
1921}
1922
1923static inline int security_task_getsid (struct task_struct *p)
1924{
1925 return security_ops->task_getsid (p);
1926}
1927
1928static inline void security_task_getsecid (struct task_struct *p, u32 *secid)
1929{
1930 security_ops->task_getsecid (p, secid);
1931}
1932
1933static inline int security_task_setgroups (struct group_info *group_info)
1934{
1935 return security_ops->task_setgroups (group_info);
1936}
1937
1938static inline int security_task_setnice (struct task_struct *p, int nice)
1939{
1940 return security_ops->task_setnice (p, nice);
1941}
1942
1943static inline int security_task_setioprio (struct task_struct *p, int ioprio)
1944{
1945 return security_ops->task_setioprio (p, ioprio);
1946}
1947
1948static inline int security_task_getioprio (struct task_struct *p)
1949{
1950 return security_ops->task_getioprio (p);
1951}
1952
1953static inline int security_task_setrlimit (unsigned int resource,
1954 struct rlimit *new_rlim)
1955{
1956 return security_ops->task_setrlimit (resource, new_rlim);
1957}
1958
1959static inline int security_task_setscheduler (struct task_struct *p,
1960 int policy,
1961 struct sched_param *lp)
1962{
1963 return security_ops->task_setscheduler (p, policy, lp);
1964}
1965
1966static inline int security_task_getscheduler (struct task_struct *p)
1967{
1968 return security_ops->task_getscheduler (p);
1969}
1970
1971static inline int security_task_movememory (struct task_struct *p)
1972{
1973 return security_ops->task_movememory (p);
1974}
1975
1976static inline int security_task_kill (struct task_struct *p,
1977 struct siginfo *info, int sig,
1978 u32 secid)
1979{
1980 return security_ops->task_kill (p, info, sig, secid);
1981}
1982
1983static inline int security_task_wait (struct task_struct *p)
1984{
1985 return security_ops->task_wait (p);
1986}
1987
1988static inline int security_task_prctl (int option, unsigned long arg2,
1989 unsigned long arg3,
1990 unsigned long arg4,
1991 unsigned long arg5)
1992{
1993 return security_ops->task_prctl (option, arg2, arg3, arg4, arg5);
1994}
1995
1996static inline void security_task_reparent_to_init (struct task_struct *p)
1997{
1998 security_ops->task_reparent_to_init (p);
1999}
2000
2001static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
2002{
2003 security_ops->task_to_inode(p, inode);
2004}
2005
2006static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
2007 short flag)
2008{
2009 return security_ops->ipc_permission (ipcp, flag);
2010}
2011
2012static inline int security_msg_msg_alloc (struct msg_msg * msg)
2013{
2014 return security_ops->msg_msg_alloc_security (msg);
2015}
2016
2017static inline void security_msg_msg_free (struct msg_msg * msg)
2018{
2019 security_ops->msg_msg_free_security(msg);
2020}
2021
2022static inline int security_msg_queue_alloc (struct msg_queue *msq)
2023{
2024 return security_ops->msg_queue_alloc_security (msq);
2025}
2026
2027static inline void security_msg_queue_free (struct msg_queue *msq)
2028{
2029 security_ops->msg_queue_free_security (msq);
2030}
2031
2032static inline int security_msg_queue_associate (struct msg_queue * msq,
2033 int msqflg)
2034{
2035 return security_ops->msg_queue_associate (msq, msqflg);
2036}
2037
2038static inline int security_msg_queue_msgctl (struct msg_queue * msq, int cmd)
2039{
2040 return security_ops->msg_queue_msgctl (msq, cmd);
2041}
2042
2043static inline int security_msg_queue_msgsnd (struct msg_queue * msq,
2044 struct msg_msg * msg, int msqflg)
2045{
2046 return security_ops->msg_queue_msgsnd (msq, msg, msqflg);
2047}
2048
2049static inline int security_msg_queue_msgrcv (struct msg_queue * msq,
2050 struct msg_msg * msg,
2051 struct task_struct * target,
2052 long type, int mode)
2053{
2054 return security_ops->msg_queue_msgrcv (msq, msg, target, type, mode);
2055}
2056
2057static inline int security_shm_alloc (struct shmid_kernel *shp)
2058{
2059 return security_ops->shm_alloc_security (shp);
2060}
2061
2062static inline void security_shm_free (struct shmid_kernel *shp)
2063{
2064 security_ops->shm_free_security (shp);
2065}
2066
2067static inline int security_shm_associate (struct shmid_kernel * shp,
2068 int shmflg)
2069{
2070 return security_ops->shm_associate(shp, shmflg);
2071}
2072
2073static inline int security_shm_shmctl (struct shmid_kernel * shp, int cmd)
2074{
2075 return security_ops->shm_shmctl (shp, cmd);
2076}
2077
2078static inline int security_shm_shmat (struct shmid_kernel * shp,
2079 char __user *shmaddr, int shmflg)
2080{
2081 return security_ops->shm_shmat(shp, shmaddr, shmflg);
2082}
2083
2084static inline int security_sem_alloc (struct sem_array *sma)
2085{
2086 return security_ops->sem_alloc_security (sma);
2087}
2088
2089static inline void security_sem_free (struct sem_array *sma)
2090{
2091 security_ops->sem_free_security (sma);
2092}
2093
2094static inline int security_sem_associate (struct sem_array * sma, int semflg)
2095{
2096 return security_ops->sem_associate (sma, semflg);
2097}
2098
2099static inline int security_sem_semctl (struct sem_array * sma, int cmd)
2100{
2101 return security_ops->sem_semctl(sma, cmd);
2102}
2103
2104static inline int security_sem_semop (struct sem_array * sma,
2105 struct sembuf * sops, unsigned nsops,
2106 int alter)
2107{
2108 return security_ops->sem_semop(sma, sops, nsops, alter);
2109}
2110
2111static inline void security_d_instantiate (struct dentry *dentry, struct inode *inode)
2112{
2113 if (unlikely (inode && IS_PRIVATE (inode)))
2114 return;
2115 security_ops->d_instantiate (dentry, inode);
2116}
2117
2118static inline int security_getprocattr(struct task_struct *p, char *name, char **value)
2119{
2120 return security_ops->getprocattr(p, name, value);
2121}
2122
2123static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
2124{
2125 return security_ops->setprocattr(p, name, value, size);
2126}
2127
2128static inline int security_netlink_send(struct sock *sk, struct sk_buff * skb)
2129{
2130 return security_ops->netlink_send(sk, skb);
2131}
2132
2133static inline int security_netlink_recv(struct sk_buff * skb, int cap)
2134{
2135 return security_ops->netlink_recv(skb, cap);
2136}
2137
2138static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
2139{
2140 return security_ops->secid_to_secctx(secid, secdata, seclen);
2141}
2142
2143static inline void security_release_secctx(char *secdata, u32 seclen)
2144{
2145 return security_ops->release_secctx(secdata, seclen);
2146}
2147
2148/* prototypes */ 1412/* prototypes */
2149extern int security_init (void); 1413extern int security_init (void);
2150extern int register_security (struct security_operations *ops); 1414extern int register_security (struct security_operations *ops);
@@ -2158,6 +1422,157 @@ extern struct dentry *securityfs_create_dir(const char *name, struct dentry *par
2158extern void securityfs_remove(struct dentry *dentry); 1422extern void securityfs_remove(struct dentry *dentry);
2159 1423
2160 1424
1425/* Security operations */
1426int security_ptrace(struct task_struct *parent, struct task_struct *child);
1427int security_capget(struct task_struct *target,
1428 kernel_cap_t *effective,
1429 kernel_cap_t *inheritable,
1430 kernel_cap_t *permitted);
1431int security_capset_check(struct task_struct *target,
1432 kernel_cap_t *effective,
1433 kernel_cap_t *inheritable,
1434 kernel_cap_t *permitted);
1435void security_capset_set(struct task_struct *target,
1436 kernel_cap_t *effective,
1437 kernel_cap_t *inheritable,
1438 kernel_cap_t *permitted);
1439int security_capable(struct task_struct *tsk, int cap);
1440int security_acct(struct file *file);
1441int security_sysctl(struct ctl_table *table, int op);
1442int security_quotactl(int cmds, int type, int id, struct super_block *sb);
1443int security_quota_on(struct dentry *dentry);
1444int security_syslog(int type);
1445int security_settime(struct timespec *ts, struct timezone *tz);
1446int security_vm_enough_memory(long pages);
1447int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
1448int security_bprm_alloc(struct linux_binprm *bprm);
1449void security_bprm_free(struct linux_binprm *bprm);
1450void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe);
1451void security_bprm_post_apply_creds(struct linux_binprm *bprm);
1452int security_bprm_set(struct linux_binprm *bprm);
1453int security_bprm_check(struct linux_binprm *bprm);
1454int security_bprm_secureexec(struct linux_binprm *bprm);
1455int security_sb_alloc(struct super_block *sb);
1456void security_sb_free(struct super_block *sb);
1457int security_sb_copy_data(struct file_system_type *type, void *orig, void *copy);
1458int security_sb_kern_mount(struct super_block *sb, void *data);
1459int security_sb_statfs(struct dentry *dentry);
1460int security_sb_mount(char *dev_name, struct nameidata *nd,
1461 char *type, unsigned long flags, void *data);
1462int security_sb_check_sb(struct vfsmount *mnt, struct nameidata *nd);
1463int security_sb_umount(struct vfsmount *mnt, int flags);
1464void security_sb_umount_close(struct vfsmount *mnt);
1465void security_sb_umount_busy(struct vfsmount *mnt);
1466void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data);
1467void security_sb_post_mountroot(void);
1468void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd);
1469int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);
1470void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);
1471int security_inode_alloc(struct inode *inode);
1472void security_inode_free(struct inode *inode);
1473int security_inode_init_security(struct inode *inode, struct inode *dir,
1474 char **name, void **value, size_t *len);
1475int security_inode_create(struct inode *dir, struct dentry *dentry, int mode);
1476int security_inode_link(struct dentry *old_dentry, struct inode *dir,
1477 struct dentry *new_dentry);
1478int security_inode_unlink(struct inode *dir, struct dentry *dentry);
1479int security_inode_symlink(struct inode *dir, struct dentry *dentry,
1480 const char *old_name);
1481int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode);
1482int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
1483int security_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev);
1484int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
1485 struct inode *new_dir, struct dentry *new_dentry);
1486int security_inode_readlink(struct dentry *dentry);
1487int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd);
1488int security_inode_permission(struct inode *inode, int mask, struct nameidata *nd);
1489int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
1490int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry);
1491void security_inode_delete(struct inode *inode);
1492int security_inode_setxattr(struct dentry *dentry, char *name,
1493 void *value, size_t size, int flags);
1494void security_inode_post_setxattr(struct dentry *dentry, char *name,
1495 void *value, size_t size, int flags);
1496int security_inode_getxattr(struct dentry *dentry, char *name);
1497int security_inode_listxattr(struct dentry *dentry);
1498int security_inode_removexattr(struct dentry *dentry, char *name);
1499const char *security_inode_xattr_getsuffix(void);
1500int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err);
1501int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
1502int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
1503int security_file_permission(struct file *file, int mask);
1504int security_file_alloc(struct file *file);
1505void security_file_free(struct file *file);
1506int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
1507int security_file_mmap(struct file *file, unsigned long reqprot,
1508 unsigned long prot, unsigned long flags,
1509 unsigned long addr, unsigned long addr_only);
1510int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
1511 unsigned long prot);
1512int security_file_lock(struct file *file, unsigned int cmd);
1513int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
1514int security_file_set_fowner(struct file *file);
1515int security_file_send_sigiotask(struct task_struct *tsk,
1516 struct fown_struct *fown, int sig);
1517int security_file_receive(struct file *file);
1518int security_dentry_open(struct file *file);
1519int security_task_create(unsigned long clone_flags);
1520int security_task_alloc(struct task_struct *p);
1521void security_task_free(struct task_struct *p);
1522int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags);
1523int security_task_post_setuid(uid_t old_ruid, uid_t old_euid,
1524 uid_t old_suid, int flags);
1525int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags);
1526int security_task_setpgid(struct task_struct *p, pid_t pgid);
1527int security_task_getpgid(struct task_struct *p);
1528int security_task_getsid(struct task_struct *p);
1529void security_task_getsecid(struct task_struct *p, u32 *secid);
1530int security_task_setgroups(struct group_info *group_info);
1531int security_task_setnice(struct task_struct *p, int nice);
1532int security_task_setioprio(struct task_struct *p, int ioprio);
1533int security_task_getioprio(struct task_struct *p);
1534int security_task_setrlimit(unsigned int resource, struct rlimit *new_rlim);
1535int security_task_setscheduler(struct task_struct *p,
1536 int policy, struct sched_param *lp);
1537int security_task_getscheduler(struct task_struct *p);
1538int security_task_movememory(struct task_struct *p);
1539int security_task_kill(struct task_struct *p, struct siginfo *info,
1540 int sig, u32 secid);
1541int security_task_wait(struct task_struct *p);
1542int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
1543 unsigned long arg4, unsigned long arg5);
1544void security_task_reparent_to_init(struct task_struct *p);
1545void security_task_to_inode(struct task_struct *p, struct inode *inode);
1546int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
1547int security_msg_msg_alloc(struct msg_msg *msg);
1548void security_msg_msg_free(struct msg_msg *msg);
1549int security_msg_queue_alloc(struct msg_queue *msq);
1550void security_msg_queue_free(struct msg_queue *msq);
1551int security_msg_queue_associate(struct msg_queue *msq, int msqflg);
1552int security_msg_queue_msgctl(struct msg_queue *msq, int cmd);
1553int security_msg_queue_msgsnd(struct msg_queue *msq,
1554 struct msg_msg *msg, int msqflg);
1555int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
1556 struct task_struct *target, long type, int mode);
1557int security_shm_alloc(struct shmid_kernel *shp);
1558void security_shm_free(struct shmid_kernel *shp);
1559int security_shm_associate(struct shmid_kernel *shp, int shmflg);
1560int security_shm_shmctl(struct shmid_kernel *shp, int cmd);
1561int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg);
1562int security_sem_alloc(struct sem_array *sma);
1563void security_sem_free(struct sem_array *sma);
1564int security_sem_associate(struct sem_array *sma, int semflg);
1565int security_sem_semctl(struct sem_array *sma, int cmd);
1566int security_sem_semop(struct sem_array *sma, struct sembuf *sops,
1567 unsigned nsops, int alter);
1568void security_d_instantiate (struct dentry *dentry, struct inode *inode);
1569int security_getprocattr(struct task_struct *p, char *name, char **value);
1570int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size);
1571int security_netlink_send(struct sock *sk, struct sk_buff *skb);
1572int security_netlink_recv(struct sk_buff *skb, int cap);
1573int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
1574void security_release_secctx(char *secdata, u32 seclen);
1575
2161#else /* CONFIG_SECURITY */ 1576#else /* CONFIG_SECURITY */
2162 1577
2163/* 1578/*
@@ -2834,170 +2249,43 @@ static inline void security_release_secctx(char *secdata, u32 seclen)
2834#endif /* CONFIG_SECURITY */ 2249#endif /* CONFIG_SECURITY */
2835 2250
2836#ifdef CONFIG_SECURITY_NETWORK 2251#ifdef CONFIG_SECURITY_NETWORK
2837static inline int security_unix_stream_connect(struct socket * sock,
2838 struct socket * other,
2839 struct sock * newsk)
2840{
2841 return security_ops->unix_stream_connect(sock, other, newsk);
2842}
2843
2844
2845static inline int security_unix_may_send(struct socket * sock,
2846 struct socket * other)
2847{
2848 return security_ops->unix_may_send(sock, other);
2849}
2850
2851static inline int security_socket_create (int family, int type,
2852 int protocol, int kern)
2853{
2854 return security_ops->socket_create(family, type, protocol, kern);
2855}
2856
2857static inline int security_socket_post_create(struct socket * sock,
2858 int family,
2859 int type,
2860 int protocol, int kern)
2861{
2862 return security_ops->socket_post_create(sock, family, type,
2863 protocol, kern);
2864}
2865
2866static inline int security_socket_bind(struct socket * sock,
2867 struct sockaddr * address,
2868 int addrlen)
2869{
2870 return security_ops->socket_bind(sock, address, addrlen);
2871}
2872
2873static inline int security_socket_connect(struct socket * sock,
2874 struct sockaddr * address,
2875 int addrlen)
2876{
2877 return security_ops->socket_connect(sock, address, addrlen);
2878}
2879
2880static inline int security_socket_listen(struct socket * sock, int backlog)
2881{
2882 return security_ops->socket_listen(sock, backlog);
2883}
2884
2885static inline int security_socket_accept(struct socket * sock,
2886 struct socket * newsock)
2887{
2888 return security_ops->socket_accept(sock, newsock);
2889}
2890
2891static inline void security_socket_post_accept(struct socket * sock,
2892 struct socket * newsock)
2893{
2894 security_ops->socket_post_accept(sock, newsock);
2895}
2896
2897static inline int security_socket_sendmsg(struct socket * sock,
2898 struct msghdr * msg, int size)
2899{
2900 return security_ops->socket_sendmsg(sock, msg, size);
2901}
2902
2903static inline int security_socket_recvmsg(struct socket * sock,
2904 struct msghdr * msg, int size,
2905 int flags)
2906{
2907 return security_ops->socket_recvmsg(sock, msg, size, flags);
2908}
2909
2910static inline int security_socket_getsockname(struct socket * sock)
2911{
2912 return security_ops->socket_getsockname(sock);
2913}
2914
2915static inline int security_socket_getpeername(struct socket * sock)
2916{
2917 return security_ops->socket_getpeername(sock);
2918}
2919
2920static inline int security_socket_getsockopt(struct socket * sock,
2921 int level, int optname)
2922{
2923 return security_ops->socket_getsockopt(sock, level, optname);
2924}
2925 2252
2926static inline int security_socket_setsockopt(struct socket * sock, 2253int security_unix_stream_connect(struct socket *sock, struct socket *other,
2927 int level, int optname) 2254 struct sock *newsk);
2928{ 2255int security_unix_may_send(struct socket *sock, struct socket *other);
2929 return security_ops->socket_setsockopt(sock, level, optname); 2256int security_socket_create(int family, int type, int protocol, int kern);
2930} 2257int security_socket_post_create(struct socket *sock, int family,
2258 int type, int protocol, int kern);
2259int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen);
2260int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen);
2261int security_socket_listen(struct socket *sock, int backlog);
2262int security_socket_accept(struct socket *sock, struct socket *newsock);
2263void security_socket_post_accept(struct socket *sock, struct socket *newsock);
2264int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size);
2265int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
2266 int size, int flags);
2267int security_socket_getsockname(struct socket *sock);
2268int security_socket_getpeername(struct socket *sock);
2269int security_socket_getsockopt(struct socket *sock, int level, int optname);
2270int security_socket_setsockopt(struct socket *sock, int level, int optname);
2271int security_socket_shutdown(struct socket *sock, int how);
2272int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
2273int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
2274 int __user *optlen, unsigned len);
2275int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid);
2276int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
2277void security_sk_free(struct sock *sk);
2278void security_sk_clone(const struct sock *sk, struct sock *newsk);
2279void security_sk_classify_flow(struct sock *sk, struct flowi *fl);
2280void security_req_classify_flow(const struct request_sock *req, struct flowi *fl);
2281void security_sock_graft(struct sock*sk, struct socket *parent);
2282int security_inet_conn_request(struct sock *sk,
2283 struct sk_buff *skb, struct request_sock *req);
2284void security_inet_csk_clone(struct sock *newsk,
2285 const struct request_sock *req);
2286void security_inet_conn_established(struct sock *sk,
2287 struct sk_buff *skb);
2931 2288
2932static inline int security_socket_shutdown(struct socket * sock, int how)
2933{
2934 return security_ops->socket_shutdown(sock, how);
2935}
2936
2937static inline int security_sock_rcv_skb (struct sock * sk,
2938 struct sk_buff * skb)
2939{
2940 return security_ops->socket_sock_rcv_skb (sk, skb);
2941}
2942
2943static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
2944 int __user *optlen, unsigned len)
2945{
2946 return security_ops->socket_getpeersec_stream(sock, optval, optlen, len);
2947}
2948
2949static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
2950{
2951 return security_ops->socket_getpeersec_dgram(sock, skb, secid);
2952}
2953
2954static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
2955{
2956 return security_ops->sk_alloc_security(sk, family, priority);
2957}
2958
2959static inline void security_sk_free(struct sock *sk)
2960{
2961 return security_ops->sk_free_security(sk);
2962}
2963
2964static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
2965{
2966 return security_ops->sk_clone_security(sk, newsk);
2967}
2968
2969static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
2970{
2971 security_ops->sk_getsecid(sk, &fl->secid);
2972}
2973
2974static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
2975{
2976 security_ops->req_classify_flow(req, fl);
2977}
2978
2979static inline void security_sock_graft(struct sock* sk, struct socket *parent)
2980{
2981 security_ops->sock_graft(sk, parent);
2982}
2983
2984static inline int security_inet_conn_request(struct sock *sk,
2985 struct sk_buff *skb, struct request_sock *req)
2986{
2987 return security_ops->inet_conn_request(sk, skb, req);
2988}
2989
2990static inline void security_inet_csk_clone(struct sock *newsk,
2991 const struct request_sock *req)
2992{
2993 security_ops->inet_csk_clone(newsk, req);
2994}
2995
2996static inline void security_inet_conn_established(struct sock *sk,
2997 struct sk_buff *skb)
2998{
2999 security_ops->inet_conn_established(sk, skb);
3000}
3001#else /* CONFIG_SECURITY_NETWORK */ 2289#else /* CONFIG_SECURITY_NETWORK */
3002static inline int security_unix_stream_connect(struct socket * sock, 2290static inline int security_unix_stream_connect(struct socket * sock,
3003 struct socket * other, 2291 struct socket * other,
@@ -3155,77 +2443,24 @@ static inline void security_inet_conn_established(struct sock *sk,
3155#endif /* CONFIG_SECURITY_NETWORK */ 2443#endif /* CONFIG_SECURITY_NETWORK */
3156 2444
3157#ifdef CONFIG_SECURITY_NETWORK_XFRM 2445#ifdef CONFIG_SECURITY_NETWORK_XFRM
3158static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx)
3159{
3160 return security_ops->xfrm_policy_alloc_security(xp, sec_ctx);
3161}
3162 2446
3163static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) 2447int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx);
3164{ 2448int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new);
3165 return security_ops->xfrm_policy_clone_security(old, new); 2449void security_xfrm_policy_free(struct xfrm_policy *xp);
3166} 2450int security_xfrm_policy_delete(struct xfrm_policy *xp);
3167 2451int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx);
3168static inline void security_xfrm_policy_free(struct xfrm_policy *xp) 2452int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
3169{ 2453 struct xfrm_sec_ctx *polsec, u32 secid);
3170 security_ops->xfrm_policy_free_security(xp); 2454int security_xfrm_state_delete(struct xfrm_state *x);
3171} 2455void security_xfrm_state_free(struct xfrm_state *x);
2456int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir);
2457int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
2458 struct xfrm_policy *xp, struct flowi *fl);
2459int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid);
2460void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl);
3172 2461
3173static inline int security_xfrm_policy_delete(struct xfrm_policy *xp)
3174{
3175 return security_ops->xfrm_policy_delete_security(xp);
3176}
3177
3178static inline int security_xfrm_state_alloc(struct xfrm_state *x,
3179 struct xfrm_user_sec_ctx *sec_ctx)
3180{
3181 return security_ops->xfrm_state_alloc_security(x, sec_ctx, 0);
3182}
3183
3184static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
3185 struct xfrm_sec_ctx *polsec, u32 secid)
3186{
3187 if (!polsec)
3188 return 0;
3189 /*
3190 * We want the context to be taken from secid which is usually
3191 * from the sock.
3192 */
3193 return security_ops->xfrm_state_alloc_security(x, NULL, secid);
3194}
3195
3196static inline int security_xfrm_state_delete(struct xfrm_state *x)
3197{
3198 return security_ops->xfrm_state_delete_security(x);
3199}
3200
3201static inline void security_xfrm_state_free(struct xfrm_state *x)
3202{
3203 security_ops->xfrm_state_free_security(x);
3204}
3205
3206static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir)
3207{
3208 return security_ops->xfrm_policy_lookup(xp, fl_secid, dir);
3209}
3210
3211static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
3212 struct xfrm_policy *xp, struct flowi *fl)
3213{
3214 return security_ops->xfrm_state_pol_flow_match(x, xp, fl);
3215}
3216
3217static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
3218{
3219 return security_ops->xfrm_decode_session(skb, secid, 1);
3220}
3221
3222static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
3223{
3224 int rc = security_ops->xfrm_decode_session(skb, &fl->secid, 0);
3225
3226 BUG_ON(rc);
3227}
3228#else /* CONFIG_SECURITY_NETWORK_XFRM */ 2462#else /* CONFIG_SECURITY_NETWORK_XFRM */
2463
3229static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) 2464static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx)
3230{ 2465{
3231 return 0; 2466 return 0;
@@ -3290,24 +2525,11 @@ static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi
3290 2525
3291#ifdef CONFIG_KEYS 2526#ifdef CONFIG_KEYS
3292#ifdef CONFIG_SECURITY 2527#ifdef CONFIG_SECURITY
3293static inline int security_key_alloc(struct key *key,
3294 struct task_struct *tsk,
3295 unsigned long flags)
3296{
3297 return security_ops->key_alloc(key, tsk, flags);
3298}
3299
3300static inline void security_key_free(struct key *key)
3301{
3302 security_ops->key_free(key);
3303}
3304 2528
3305static inline int security_key_permission(key_ref_t key_ref, 2529int security_key_alloc(struct key *key, struct task_struct *tsk, unsigned long flags);
3306 struct task_struct *context, 2530void security_key_free(struct key *key);
3307 key_perm_t perm) 2531int security_key_permission(key_ref_t key_ref,
3308{ 2532 struct task_struct *context, key_perm_t perm);
3309 return security_ops->key_permission(key_ref, context, perm);
3310}
3311 2533
3312#else 2534#else
3313 2535
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-11 09:19:58 -0500