aboutsummaryrefslogtreecommitdiffstats
path: root/security/capability.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/capability.c')
-rw-r--r--security/capability.c58
1 files changed, 33 insertions, 25 deletions
diff --git a/security/capability.c b/security/capability.c
index 245874819036..2dce66fcb992 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -32,24 +32,19 @@ static int cap_quota_on(struct dentry *dentry)
32 return 0; 32 return 0;
33} 33}
34 34
35static int cap_bprm_alloc_security(struct linux_binprm *bprm) 35static int cap_bprm_check_security (struct linux_binprm *bprm)
36{ 36{
37 return 0; 37 return 0;
38} 38}
39 39
40static void cap_bprm_free_security(struct linux_binprm *bprm) 40static void cap_bprm_committing_creds(struct linux_binprm *bprm)
41{ 41{
42} 42}
43 43
44static void cap_bprm_post_apply_creds(struct linux_binprm *bprm) 44static void cap_bprm_committed_creds(struct linux_binprm *bprm)
45{ 45{
46} 46}
47 47
48static int cap_bprm_check_security(struct linux_binprm *bprm)
49{
50 return 0;
51}
52
53static int cap_sb_alloc_security(struct super_block *sb) 48static int cap_sb_alloc_security(struct super_block *sb)
54{ 49{
55 return 0; 50 return 0;
@@ -64,7 +59,7 @@ static int cap_sb_copy_data(char *orig, char *copy)
64 return 0; 59 return 0;
65} 60}
66 61
67static int cap_sb_kern_mount(struct super_block *sb, void *data) 62static int cap_sb_kern_mount(struct super_block *sb, int flags, void *data)
68{ 63{
69 return 0; 64 return 0;
70} 65}
@@ -330,7 +325,7 @@ static int cap_file_receive(struct file *file)
330 return 0; 325 return 0;
331} 326}
332 327
333static int cap_dentry_open(struct file *file) 328static int cap_dentry_open(struct file *file, const struct cred *cred)
334{ 329{
335 return 0; 330 return 0;
336} 331}
@@ -340,15 +335,29 @@ static int cap_task_create(unsigned long clone_flags)
340 return 0; 335 return 0;
341} 336}
342 337
343static int cap_task_alloc_security(struct task_struct *p) 338static void cap_cred_free(struct cred *cred)
339{
340}
341
342static int cap_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp)
344{ 343{
345 return 0; 344 return 0;
346} 345}
347 346
348static void cap_task_free_security(struct task_struct *p) 347static void cap_cred_commit(struct cred *new, const struct cred *old)
349{ 348{
350} 349}
351 350
351static int cap_kernel_act_as(struct cred *new, u32 secid)
352{
353 return 0;
354}
355
356static int cap_kernel_create_files_as(struct cred *new, struct inode *inode)
357{
358 return 0;
359}
360
352static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) 361static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
353{ 362{
354 return 0; 363 return 0;
@@ -750,7 +759,7 @@ static void cap_release_secctx(char *secdata, u32 seclen)
750} 759}
751 760
752#ifdef CONFIG_KEYS 761#ifdef CONFIG_KEYS
753static int cap_key_alloc(struct key *key, struct task_struct *ctx, 762static int cap_key_alloc(struct key *key, const struct cred *cred,
754 unsigned long flags) 763 unsigned long flags)
755{ 764{
756 return 0; 765 return 0;
@@ -760,7 +769,7 @@ static void cap_key_free(struct key *key)
760{ 769{
761} 770}
762 771
763static int cap_key_permission(key_ref_t key_ref, struct task_struct *context, 772static int cap_key_permission(key_ref_t key_ref, const struct cred *cred,
764 key_perm_t perm) 773 key_perm_t perm)
765{ 774{
766 return 0; 775 return 0;
@@ -814,8 +823,7 @@ void security_fixup_ops(struct security_operations *ops)
814 set_to_cap_if_null(ops, ptrace_may_access); 823 set_to_cap_if_null(ops, ptrace_may_access);
815 set_to_cap_if_null(ops, ptrace_traceme); 824 set_to_cap_if_null(ops, ptrace_traceme);
816 set_to_cap_if_null(ops, capget); 825 set_to_cap_if_null(ops, capget);
817 set_to_cap_if_null(ops, capset_check); 826 set_to_cap_if_null(ops, capset);
818 set_to_cap_if_null(ops, capset_set);
819 set_to_cap_if_null(ops, acct); 827 set_to_cap_if_null(ops, acct);
820 set_to_cap_if_null(ops, capable); 828 set_to_cap_if_null(ops, capable);
821 set_to_cap_if_null(ops, quotactl); 829 set_to_cap_if_null(ops, quotactl);
@@ -824,11 +832,9 @@ void security_fixup_ops(struct security_operations *ops)
824 set_to_cap_if_null(ops, syslog); 832 set_to_cap_if_null(ops, syslog);
825 set_to_cap_if_null(ops, settime); 833 set_to_cap_if_null(ops, settime);
826 set_to_cap_if_null(ops, vm_enough_memory); 834 set_to_cap_if_null(ops, vm_enough_memory);
827 set_to_cap_if_null(ops, bprm_alloc_security); 835 set_to_cap_if_null(ops, bprm_set_creds);
828 set_to_cap_if_null(ops, bprm_free_security); 836 set_to_cap_if_null(ops, bprm_committing_creds);
829 set_to_cap_if_null(ops, bprm_apply_creds); 837 set_to_cap_if_null(ops, bprm_committed_creds);
830 set_to_cap_if_null(ops, bprm_post_apply_creds);
831 set_to_cap_if_null(ops, bprm_set_security);
832 set_to_cap_if_null(ops, bprm_check_security); 838 set_to_cap_if_null(ops, bprm_check_security);
833 set_to_cap_if_null(ops, bprm_secureexec); 839 set_to_cap_if_null(ops, bprm_secureexec);
834 set_to_cap_if_null(ops, sb_alloc_security); 840 set_to_cap_if_null(ops, sb_alloc_security);
@@ -890,10 +896,13 @@ void security_fixup_ops(struct security_operations *ops)
890 set_to_cap_if_null(ops, file_receive); 896 set_to_cap_if_null(ops, file_receive);
891 set_to_cap_if_null(ops, dentry_open); 897 set_to_cap_if_null(ops, dentry_open);
892 set_to_cap_if_null(ops, task_create); 898 set_to_cap_if_null(ops, task_create);
893 set_to_cap_if_null(ops, task_alloc_security); 899 set_to_cap_if_null(ops, cred_free);
894 set_to_cap_if_null(ops, task_free_security); 900 set_to_cap_if_null(ops, cred_prepare);
901 set_to_cap_if_null(ops, cred_commit);
902 set_to_cap_if_null(ops, kernel_act_as);
903 set_to_cap_if_null(ops, kernel_create_files_as);
895 set_to_cap_if_null(ops, task_setuid); 904 set_to_cap_if_null(ops, task_setuid);
896 set_to_cap_if_null(ops, task_post_setuid); 905 set_to_cap_if_null(ops, task_fix_setuid);
897 set_to_cap_if_null(ops, task_setgid); 906 set_to_cap_if_null(ops, task_setgid);
898 set_to_cap_if_null(ops, task_setpgid); 907 set_to_cap_if_null(ops, task_setpgid);
899 set_to_cap_if_null(ops, task_getpgid); 908 set_to_cap_if_null(ops, task_getpgid);
@@ -910,7 +919,6 @@ void security_fixup_ops(struct security_operations *ops)
910 set_to_cap_if_null(ops, task_wait); 919 set_to_cap_if_null(ops, task_wait);
911 set_to_cap_if_null(ops, task_kill); 920 set_to_cap_if_null(ops, task_kill);
912 set_to_cap_if_null(ops, task_prctl); 921 set_to_cap_if_null(ops, task_prctl);
913 set_to_cap_if_null(ops, task_reparent_to_init);
914 set_to_cap_if_null(ops, task_to_inode); 922 set_to_cap_if_null(ops, task_to_inode);
915 set_to_cap_if_null(ops, ipc_permission); 923 set_to_cap_if_null(ops, ipc_permission);
916 set_to_cap_if_null(ops, ipc_getsecid); 924 set_to_cap_if_null(ops, ipc_getsecid);
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-21 14:21:49 -0500