aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/linux/security.h59
1 files changed, 46 insertions, 13 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 0f6afc657f77..eee7478cda70 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -989,17 +989,29 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
989 * tells the LSM to decrement the number of secmark labeling rules loaded 989 * tells the LSM to decrement the number of secmark labeling rules loaded
990 * @req_classify_flow: 990 * @req_classify_flow:
991 * Sets the flow's sid to the openreq sid. 991 * Sets the flow's sid to the openreq sid.
992 * @tun_dev_alloc_security:
993 * This hook allows a module to allocate a security structure for a TUN
994 * device.
995 * @security pointer to a security structure pointer.
996 * Returns a zero on success, negative values on failure.
997 * @tun_dev_free_security:
998 * This hook allows a module to free the security structure for a TUN
999 * device.
1000 * @security pointer to the TUN device's security structure
992 * @tun_dev_create: 1001 * @tun_dev_create:
993 * Check permissions prior to creating a new TUN device. 1002 * Check permissions prior to creating a new TUN device.
994 * @tun_dev_post_create: 1003 * @tun_dev_attach_queue:
995 * This hook allows a module to update or allocate a per-socket security 1004 * Check permissions prior to attaching to a TUN device queue.
996 * structure. 1005 * @security pointer to the TUN device's security structure.
997 * @sk contains the newly created sock structure.
998 * @tun_dev_attach: 1006 * @tun_dev_attach:
999 * Check permissions prior to attaching to a persistent TUN device. This 1007 * This hook can be used by the module to update any security state
1000 * hook can also be used by the module to update any security state
1001 * associated with the TUN device's sock structure. 1008 * associated with the TUN device's sock structure.
1002 * @sk contains the existing sock structure. 1009 * @sk contains the existing sock structure.
1010 * @security pointer to the TUN device's security structure.
1011 * @tun_dev_open:
1012 * This hook can be used by the module to update any security state
1013 * associated with the TUN device's security structure.
1014 * @security pointer to the TUN devices's security structure.
1003 * 1015 *
1004 * Security hooks for XFRM operations. 1016 * Security hooks for XFRM operations.
1005 * 1017 *
@@ -1620,9 +1632,12 @@ struct security_operations {
1620 void (*secmark_refcount_inc) (void); 1632 void (*secmark_refcount_inc) (void);
1621 void (*secmark_refcount_dec) (void); 1633 void (*secmark_refcount_dec) (void);
1622 void (*req_classify_flow) (const struct request_sock *req, struct flowi *fl); 1634 void (*req_classify_flow) (const struct request_sock *req, struct flowi *fl);
1623 int (*tun_dev_create)(void); 1635 int (*tun_dev_alloc_security) (void **security);
1624 void (*tun_dev_post_create)(struct sock *sk); 1636 void (*tun_dev_free_security) (void *security);
1625 int (*tun_dev_attach)(struct sock *sk); 1637 int (*tun_dev_create) (void);
1638 int (*tun_dev_attach_queue) (void *security);
1639 int (*tun_dev_attach) (struct sock *sk, void *security);
1640 int (*tun_dev_open) (void *security);
1626#endif /* CONFIG_SECURITY_NETWORK */ 1641#endif /* CONFIG_SECURITY_NETWORK */
1627 1642
1628#ifdef CONFIG_SECURITY_NETWORK_XFRM 1643#ifdef CONFIG_SECURITY_NETWORK_XFRM
@@ -2566,9 +2581,12 @@ void security_inet_conn_established(struct sock *sk,
2566int security_secmark_relabel_packet(u32 secid); 2581int security_secmark_relabel_packet(u32 secid);
2567void security_secmark_refcount_inc(void); 2582void security_secmark_refcount_inc(void);
2568void security_secmark_refcount_dec(void); 2583void security_secmark_refcount_dec(void);
2584int security_tun_dev_alloc_security(void **security);
2585void security_tun_dev_free_security(void *security);
2569int security_tun_dev_create(void); 2586int security_tun_dev_create(void);
2570void security_tun_dev_post_create(struct sock *sk); 2587int security_tun_dev_attach_queue(void *security);
2571int security_tun_dev_attach(struct sock *sk); 2588int security_tun_dev_attach(struct sock *sk, void *security);
2589int security_tun_dev_open(void *security);
2572 2590
2573#else /* CONFIG_SECURITY_NETWORK */ 2591#else /* CONFIG_SECURITY_NETWORK */
2574static inline int security_unix_stream_connect(struct sock *sock, 2592static inline int security_unix_stream_connect(struct sock *sock,
@@ -2733,16 +2751,31 @@ static inline void security_secmark_refcount_dec(void)
2733{ 2751{
2734} 2752}
2735 2753
2754static inline int security_tun_dev_alloc_security(void **security)
2755{
2756 return 0;
2757}
2758
2759static inline void security_tun_dev_free_security(void *security)
2760{
2761}
2762
2736static inline int security_tun_dev_create(void) 2763static inline int security_tun_dev_create(void)
2737{ 2764{
2738 return 0; 2765 return 0;
2739} 2766}
2740 2767
2741static inline void security_tun_dev_post_create(struct sock *sk) 2768static inline int security_tun_dev_attach_queue(void *security)
2769{
2770 return 0;
2771}
2772
2773static inline int security_tun_dev_attach(struct sock *sk, void *security)
2742{ 2774{
2775 return 0;
2743} 2776}
2744 2777
2745static inline int security_tun_dev_attach(struct sock *sk) 2778static inline int security_tun_dev_open(void *security)
2746{ 2779{
2747 return 0; 2780 return 0;
2748} 2781}