aboutsummaryrefslogtreecommitdiffstats
path: root/security/capability.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/capability.c')
-rw-r--r--security/capability.c35
1 files changed, 28 insertions, 7 deletions
diff --git a/security/capability.c b/security/capability.c
index 95a6599a37bb..bbb51156261b 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -12,7 +12,7 @@
12 12
13#include <linux/security.h> 13#include <linux/security.h>
14 14
15static int cap_sysctl(ctl_table *table, int op) 15static int cap_syslog(int type)
16{ 16{
17 return 0; 17 return 0;
18} 18}
@@ -54,6 +54,11 @@ static int cap_sb_copy_data(char *orig, char *copy)
54 return 0; 54 return 0;
55} 55}
56 56
57static int cap_sb_remount(struct super_block *sb, void *data)
58{
59 return 0;
60}
61
57static int cap_sb_kern_mount(struct super_block *sb, int flags, void *data) 62static int cap_sb_kern_mount(struct super_block *sb, int flags, void *data)
58{ 63{
59 return 0; 64 return 0;
@@ -113,7 +118,8 @@ static void cap_inode_free_security(struct inode *inode)
113} 118}
114 119
115static int cap_inode_init_security(struct inode *inode, struct inode *dir, 120static int cap_inode_init_security(struct inode *inode, struct inode *dir,
116 char **name, void **value, size_t *len) 121 const struct qstr *qstr, char **name,
122 void **value, size_t *len)
117{ 123{
118 return -EOPNOTSUPP; 124 return -EOPNOTSUPP;
119} 125}
@@ -175,7 +181,7 @@ static int cap_inode_follow_link(struct dentry *dentry,
175 return 0; 181 return 0;
176} 182}
177 183
178static int cap_inode_permission(struct inode *inode, int mask) 184static int cap_inode_permission(struct inode *inode, int mask, unsigned flags)
179{ 185{
180 return 0; 186 return 0;
181} 187}
@@ -543,7 +549,7 @@ static int cap_sem_semop(struct sem_array *sma, struct sembuf *sops,
543} 549}
544 550
545#ifdef CONFIG_SECURITY_NETWORK 551#ifdef CONFIG_SECURITY_NETWORK
546static int cap_unix_stream_connect(struct socket *sock, struct socket *other, 552static int cap_unix_stream_connect(struct sock *sock, struct sock *other,
547 struct sock *newsk) 553 struct sock *newsk)
548{ 554{
549 return 0; 555 return 0;
@@ -677,7 +683,18 @@ static void cap_inet_conn_established(struct sock *sk, struct sk_buff *skb)
677{ 683{
678} 684}
679 685
686static int cap_secmark_relabel_packet(u32 secid)
687{
688 return 0;
689}
680 690
691static void cap_secmark_refcount_inc(void)
692{
693}
694
695static void cap_secmark_refcount_dec(void)
696{
697}
681 698
682static void cap_req_classify_flow(const struct request_sock *req, 699static void cap_req_classify_flow(const struct request_sock *req,
683 struct flowi *fl) 700 struct flowi *fl)
@@ -744,7 +761,7 @@ static int cap_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 sk_sid, u8 dir)
744 761
745static int cap_xfrm_state_pol_flow_match(struct xfrm_state *x, 762static int cap_xfrm_state_pol_flow_match(struct xfrm_state *x,
746 struct xfrm_policy *xp, 763 struct xfrm_policy *xp,
747 struct flowi *fl) 764 const struct flowi *fl)
748{ 765{
749 return 1; 766 return 1;
750} 767}
@@ -777,7 +794,8 @@ static int cap_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
777 794
778static int cap_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 795static int cap_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
779{ 796{
780 return -EOPNOTSUPP; 797 *secid = 0;
798 return 0;
781} 799}
782 800
783static void cap_release_secctx(char *secdata, u32 seclen) 801static void cap_release_secctx(char *secdata, u32 seclen)
@@ -863,7 +881,6 @@ void __init security_fixup_ops(struct security_operations *ops)
863 set_to_cap_if_null(ops, capable); 881 set_to_cap_if_null(ops, capable);
864 set_to_cap_if_null(ops, quotactl); 882 set_to_cap_if_null(ops, quotactl);
865 set_to_cap_if_null(ops, quota_on); 883 set_to_cap_if_null(ops, quota_on);
866 set_to_cap_if_null(ops, sysctl);
867 set_to_cap_if_null(ops, syslog); 884 set_to_cap_if_null(ops, syslog);
868 set_to_cap_if_null(ops, settime); 885 set_to_cap_if_null(ops, settime);
869 set_to_cap_if_null(ops, vm_enough_memory); 886 set_to_cap_if_null(ops, vm_enough_memory);
@@ -875,6 +892,7 @@ void __init security_fixup_ops(struct security_operations *ops)
875 set_to_cap_if_null(ops, sb_alloc_security); 892 set_to_cap_if_null(ops, sb_alloc_security);
876 set_to_cap_if_null(ops, sb_free_security); 893 set_to_cap_if_null(ops, sb_free_security);
877 set_to_cap_if_null(ops, sb_copy_data); 894 set_to_cap_if_null(ops, sb_copy_data);
895 set_to_cap_if_null(ops, sb_remount);
878 set_to_cap_if_null(ops, sb_kern_mount); 896 set_to_cap_if_null(ops, sb_kern_mount);
879 set_to_cap_if_null(ops, sb_show_options); 897 set_to_cap_if_null(ops, sb_show_options);
880 set_to_cap_if_null(ops, sb_statfs); 898 set_to_cap_if_null(ops, sb_statfs);
@@ -1018,6 +1036,9 @@ void __init security_fixup_ops(struct security_operations *ops)
1018 set_to_cap_if_null(ops, inet_conn_request); 1036 set_to_cap_if_null(ops, inet_conn_request);
1019 set_to_cap_if_null(ops, inet_csk_clone); 1037 set_to_cap_if_null(ops, inet_csk_clone);
1020 set_to_cap_if_null(ops, inet_conn_established); 1038 set_to_cap_if_null(ops, inet_conn_established);
1039 set_to_cap_if_null(ops, secmark_relabel_packet);
1040 set_to_cap_if_null(ops, secmark_refcount_inc);
1041 set_to_cap_if_null(ops, secmark_refcount_dec);
1021 set_to_cap_if_null(ops, req_classify_flow); 1042 set_to_cap_if_null(ops, req_classify_flow);
1022 set_to_cap_if_null(ops, tun_dev_create); 1043 set_to_cap_if_null(ops, tun_dev_create);
1023 set_to_cap_if_null(ops, tun_dev_post_create); 1044 set_to_cap_if_null(ops, tun_dev_post_create);
generated by cgit v1.2.2 (git 2.25.0) at 2025-07-03 08:37:00 -0400