aboutsummaryrefslogtreecommitdiffstats
path: root/security/capability.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/capability.c')
-rw-r--r--security/capability.c72
1 files changed, 62 insertions, 10 deletions
diff --git a/security/capability.c b/security/capability.c
index 21b6cead6a8e..fce07a7bc825 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -330,15 +330,6 @@ static int cap_file_ioctl(struct file *file, unsigned int command,
330 return 0; 330 return 0;
331} 331}
332 332
333static int cap_file_mmap(struct file *file, unsigned long reqprot,
334 unsigned long prot, unsigned long flags,
335 unsigned long addr, unsigned long addr_only)
336{
337 if ((addr < mmap_min_addr) && !capable(CAP_SYS_RAWIO))
338 return -EACCES;
339 return 0;
340}
341
342static int cap_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, 333static int cap_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
343 unsigned long prot) 334 unsigned long prot)
344{ 335{
@@ -382,6 +373,11 @@ static int cap_task_create(unsigned long clone_flags)
382 return 0; 373 return 0;
383} 374}
384 375
376static int cap_cred_alloc_blank(struct cred *cred, gfp_t gfp)
377{
378 return 0;
379}
380
385static void cap_cred_free(struct cred *cred) 381static void cap_cred_free(struct cred *cred)
386{ 382{
387} 383}
@@ -395,6 +391,10 @@ static void cap_cred_commit(struct cred *new, const struct cred *old)
395{ 391{
396} 392}
397 393
394static void cap_cred_transfer(struct cred *new, const struct cred *old)
395{
396}
397
398static int cap_kernel_act_as(struct cred *new, u32 secid) 398static int cap_kernel_act_as(struct cred *new, u32 secid)
399{ 399{
400 return 0; 400 return 0;
@@ -405,6 +405,11 @@ static int cap_kernel_create_files_as(struct cred *new, struct inode *inode)
405 return 0; 405 return 0;
406} 406}
407 407
408static int cap_kernel_module_request(void)
409{
410 return 0;
411}
412
408static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) 413static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
409{ 414{
410 return 0; 415 return 0;
@@ -710,10 +715,26 @@ static void cap_inet_conn_established(struct sock *sk, struct sk_buff *skb)
710{ 715{
711} 716}
712 717
718
719
713static void cap_req_classify_flow(const struct request_sock *req, 720static void cap_req_classify_flow(const struct request_sock *req,
714 struct flowi *fl) 721 struct flowi *fl)
715{ 722{
716} 723}
724
725static int cap_tun_dev_create(void)
726{
727 return 0;
728}
729
730static void cap_tun_dev_post_create(struct sock *sk)
731{
732}
733
734static int cap_tun_dev_attach(struct sock *sk)
735{
736 return 0;
737}
717#endif /* CONFIG_SECURITY_NETWORK */ 738#endif /* CONFIG_SECURITY_NETWORK */
718 739
719#ifdef CONFIG_SECURITY_NETWORK_XFRM 740#ifdef CONFIG_SECURITY_NETWORK_XFRM
@@ -801,6 +822,20 @@ static void cap_release_secctx(char *secdata, u32 seclen)
801{ 822{
802} 823}
803 824
825static int cap_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
826{
827 return 0;
828}
829
830static int cap_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
831{
832 return 0;
833}
834
835static int cap_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
836{
837 return 0;
838}
804#ifdef CONFIG_KEYS 839#ifdef CONFIG_KEYS
805static int cap_key_alloc(struct key *key, const struct cred *cred, 840static int cap_key_alloc(struct key *key, const struct cred *cred,
806 unsigned long flags) 841 unsigned long flags)
@@ -824,6 +859,13 @@ static int cap_key_getsecurity(struct key *key, char **_buffer)
824 return 0; 859 return 0;
825} 860}
826 861
862static int cap_key_session_to_parent(const struct cred *cred,
863 const struct cred *parent_cred,
864 struct key *key)
865{
866 return 0;
867}
868
827#endif /* CONFIG_KEYS */ 869#endif /* CONFIG_KEYS */
828 870
829#ifdef CONFIG_AUDIT 871#ifdef CONFIG_AUDIT
@@ -863,7 +905,7 @@ struct security_operations default_security_ops = {
863 905
864void security_fixup_ops(struct security_operations *ops) 906void security_fixup_ops(struct security_operations *ops)
865{ 907{
866 set_to_cap_if_null(ops, ptrace_may_access); 908 set_to_cap_if_null(ops, ptrace_access_check);
867 set_to_cap_if_null(ops, ptrace_traceme); 909 set_to_cap_if_null(ops, ptrace_traceme);
868 set_to_cap_if_null(ops, capget); 910 set_to_cap_if_null(ops, capget);
869 set_to_cap_if_null(ops, capset); 911 set_to_cap_if_null(ops, capset);
@@ -949,11 +991,14 @@ void security_fixup_ops(struct security_operations *ops)
949 set_to_cap_if_null(ops, file_receive); 991 set_to_cap_if_null(ops, file_receive);
950 set_to_cap_if_null(ops, dentry_open); 992 set_to_cap_if_null(ops, dentry_open);
951 set_to_cap_if_null(ops, task_create); 993 set_to_cap_if_null(ops, task_create);
994 set_to_cap_if_null(ops, cred_alloc_blank);
952 set_to_cap_if_null(ops, cred_free); 995 set_to_cap_if_null(ops, cred_free);
953 set_to_cap_if_null(ops, cred_prepare); 996 set_to_cap_if_null(ops, cred_prepare);
954 set_to_cap_if_null(ops, cred_commit); 997 set_to_cap_if_null(ops, cred_commit);
998 set_to_cap_if_null(ops, cred_transfer);
955 set_to_cap_if_null(ops, kernel_act_as); 999 set_to_cap_if_null(ops, kernel_act_as);
956 set_to_cap_if_null(ops, kernel_create_files_as); 1000 set_to_cap_if_null(ops, kernel_create_files_as);
1001 set_to_cap_if_null(ops, kernel_module_request);
957 set_to_cap_if_null(ops, task_setuid); 1002 set_to_cap_if_null(ops, task_setuid);
958 set_to_cap_if_null(ops, task_fix_setuid); 1003 set_to_cap_if_null(ops, task_fix_setuid);
959 set_to_cap_if_null(ops, task_setgid); 1004 set_to_cap_if_null(ops, task_setgid);
@@ -1001,6 +1046,9 @@ void security_fixup_ops(struct security_operations *ops)
1001 set_to_cap_if_null(ops, secid_to_secctx); 1046 set_to_cap_if_null(ops, secid_to_secctx);
1002 set_to_cap_if_null(ops, secctx_to_secid); 1047 set_to_cap_if_null(ops, secctx_to_secid);
1003 set_to_cap_if_null(ops, release_secctx); 1048 set_to_cap_if_null(ops, release_secctx);
1049 set_to_cap_if_null(ops, inode_notifysecctx);
1050 set_to_cap_if_null(ops, inode_setsecctx);
1051 set_to_cap_if_null(ops, inode_getsecctx);
1004#ifdef CONFIG_SECURITY_NETWORK 1052#ifdef CONFIG_SECURITY_NETWORK
1005 set_to_cap_if_null(ops, unix_stream_connect); 1053 set_to_cap_if_null(ops, unix_stream_connect);
1006 set_to_cap_if_null(ops, unix_may_send); 1054 set_to_cap_if_null(ops, unix_may_send);
@@ -1029,6 +1077,9 @@ void security_fixup_ops(struct security_operations *ops)
1029 set_to_cap_if_null(ops, inet_csk_clone); 1077 set_to_cap_if_null(ops, inet_csk_clone);
1030 set_to_cap_if_null(ops, inet_conn_established); 1078 set_to_cap_if_null(ops, inet_conn_established);
1031 set_to_cap_if_null(ops, req_classify_flow); 1079 set_to_cap_if_null(ops, req_classify_flow);
1080 set_to_cap_if_null(ops, tun_dev_create);
1081 set_to_cap_if_null(ops, tun_dev_post_create);
1082 set_to_cap_if_null(ops, tun_dev_attach);
1032#endif /* CONFIG_SECURITY_NETWORK */ 1083#endif /* CONFIG_SECURITY_NETWORK */
1033#ifdef CONFIG_SECURITY_NETWORK_XFRM 1084#ifdef CONFIG_SECURITY_NETWORK_XFRM
1034 set_to_cap_if_null(ops, xfrm_policy_alloc_security); 1085 set_to_cap_if_null(ops, xfrm_policy_alloc_security);
@@ -1047,6 +1098,7 @@ void security_fixup_ops(struct security_operations *ops)
1047 set_to_cap_if_null(ops, key_free); 1098 set_to_cap_if_null(ops, key_free);
1048 set_to_cap_if_null(ops, key_permission); 1099 set_to_cap_if_null(ops, key_permission);
1049 set_to_cap_if_null(ops, key_getsecurity); 1100 set_to_cap_if_null(ops, key_getsecurity);
1101 set_to_cap_if_null(ops, key_session_to_parent);
1050#endif /* CONFIG_KEYS */ 1102#endif /* CONFIG_KEYS */
1051#ifdef CONFIG_AUDIT 1103#ifdef CONFIG_AUDIT
1052 set_to_cap_if_null(ops, audit_rule_init); 1104 set_to_cap_if_null(ops, audit_rule_init);
generated by cgit v1.2.2 (git 2.25.0) at 2025-10-01 17:11:04 -0400