aboutsummaryrefslogtreecommitdiffstats
path: root/security/security.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c101
1 files changed, 22 insertions, 79 deletions
diff --git a/security/security.c b/security/security.c
index 687c6fd14bb6..c53949f17d9e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -23,14 +23,14 @@ static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
23 CONFIG_DEFAULT_SECURITY; 23 CONFIG_DEFAULT_SECURITY;
24 24
25/* things that live in capability.c */ 25/* things that live in capability.c */
26extern void security_fixup_ops(struct security_operations *ops); 26extern void __init security_fixup_ops(struct security_operations *ops);
27 27
28static struct security_operations *security_ops; 28static struct security_operations *security_ops;
29static struct security_operations default_security_ops = { 29static struct security_operations default_security_ops = {
30 .name = "default", 30 .name = "default",
31}; 31};
32 32
33static inline int verify(struct security_operations *ops) 33static inline int __init verify(struct security_operations *ops)
34{ 34{
35 /* verify the security_operations structure exists */ 35 /* verify the security_operations structure exists */
36 if (!ops) 36 if (!ops)
@@ -117,7 +117,7 @@ int __init security_module_enable(struct security_operations *ops)
117 * If there is already a security module registered with the kernel, 117 * If there is already a security module registered with the kernel,
118 * an error will be returned. Otherwise %0 is returned on success. 118 * an error will be returned. Otherwise %0 is returned on success.
119 */ 119 */
120int register_security(struct security_operations *ops) 120int __init register_security(struct security_operations *ops)
121{ 121{
122 if (verify(ops)) { 122 if (verify(ops)) {
123 printk(KERN_DEBUG "%s could not verify " 123 printk(KERN_DEBUG "%s could not verify "
@@ -190,11 +190,6 @@ int security_real_capable_noaudit(struct task_struct *tsk, int cap)
190 return ret; 190 return ret;
191} 191}
192 192
193int security_acct(struct file *file)
194{
195 return security_ops->acct(file);
196}
197
198int security_sysctl(struct ctl_table *table, int op) 193int security_sysctl(struct ctl_table *table, int op)
199{ 194{
200 return security_ops->sysctl(table, op); 195 return security_ops->sysctl(table, op);
@@ -306,46 +301,16 @@ int security_sb_mount(char *dev_name, struct path *path,
306 return security_ops->sb_mount(dev_name, path, type, flags, data); 301 return security_ops->sb_mount(dev_name, path, type, flags, data);
307} 302}
308 303
309int security_sb_check_sb(struct vfsmount *mnt, struct path *path)
310{
311 return security_ops->sb_check_sb(mnt, path);
312}
313
314int security_sb_umount(struct vfsmount *mnt, int flags) 304int security_sb_umount(struct vfsmount *mnt, int flags)
315{ 305{
316 return security_ops->sb_umount(mnt, flags); 306 return security_ops->sb_umount(mnt, flags);
317} 307}
318 308
319void security_sb_umount_close(struct vfsmount *mnt)
320{
321 security_ops->sb_umount_close(mnt);
322}
323
324void security_sb_umount_busy(struct vfsmount *mnt)
325{
326 security_ops->sb_umount_busy(mnt);
327}
328
329void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data)
330{
331 security_ops->sb_post_remount(mnt, flags, data);
332}
333
334void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint)
335{
336 security_ops->sb_post_addmount(mnt, mountpoint);
337}
338
339int security_sb_pivotroot(struct path *old_path, struct path *new_path) 309int security_sb_pivotroot(struct path *old_path, struct path *new_path)
340{ 310{
341 return security_ops->sb_pivotroot(old_path, new_path); 311 return security_ops->sb_pivotroot(old_path, new_path);
342} 312}
343 313
344void security_sb_post_pivotroot(struct path *old_path, struct path *new_path)
345{
346 security_ops->sb_post_pivotroot(old_path, new_path);
347}
348
349int security_sb_set_mnt_opts(struct super_block *sb, 314int security_sb_set_mnt_opts(struct super_block *sb,
350 struct security_mnt_opts *opts) 315 struct security_mnt_opts *opts)
351{ 316{
@@ -452,12 +417,11 @@ int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
452 new_dentry); 417 new_dentry);
453} 418}
454 419
455int security_path_truncate(struct path *path, loff_t length, 420int security_path_truncate(struct path *path)
456 unsigned int time_attrs)
457{ 421{
458 if (unlikely(IS_PRIVATE(path->dentry->d_inode))) 422 if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
459 return 0; 423 return 0;
460 return security_ops->path_truncate(path, length, time_attrs); 424 return security_ops->path_truncate(path);
461} 425}
462 426
463int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt, 427int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
@@ -580,13 +544,6 @@ int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
580 return security_ops->inode_getattr(mnt, dentry); 544 return security_ops->inode_getattr(mnt, dentry);
581} 545}
582 546
583void security_inode_delete(struct inode *inode)
584{
585 if (unlikely(IS_PRIVATE(inode)))
586 return;
587 security_ops->inode_delete(inode);
588}
589
590int security_inode_setxattr(struct dentry *dentry, const char *name, 547int security_inode_setxattr(struct dentry *dentry, const char *name,
591 const void *value, size_t size, int flags) 548 const void *value, size_t size, int flags)
592{ 549{
@@ -662,7 +619,13 @@ void security_inode_getsecid(const struct inode *inode, u32 *secid)
662 619
663int security_file_permission(struct file *file, int mask) 620int security_file_permission(struct file *file, int mask)
664{ 621{
665 return security_ops->file_permission(file, mask); 622 int ret;
623
624 ret = security_ops->file_permission(file, mask);
625 if (ret)
626 return ret;
627
628 return fsnotify_perm(file, mask);
666} 629}
667 630
668int security_file_alloc(struct file *file) 631int security_file_alloc(struct file *file)
@@ -726,7 +689,13 @@ int security_file_receive(struct file *file)
726 689
727int security_dentry_open(struct file *file, const struct cred *cred) 690int security_dentry_open(struct file *file, const struct cred *cred)
728{ 691{
729 return security_ops->dentry_open(file, cred); 692 int ret;
693
694 ret = security_ops->dentry_open(file, cred);
695 if (ret)
696 return ret;
697
698 return fsnotify_perm(file, MAY_OPEN);
730} 699}
731 700
732int security_task_create(unsigned long clone_flags) 701int security_task_create(unsigned long clone_flags)
@@ -749,11 +718,6 @@ int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp)
749 return security_ops->cred_prepare(new, old, gfp); 718 return security_ops->cred_prepare(new, old, gfp);
750} 719}
751 720
752void security_commit_creds(struct cred *new, const struct cred *old)
753{
754 security_ops->cred_commit(new, old);
755}
756
757void security_transfer_creds(struct cred *new, const struct cred *old) 721void security_transfer_creds(struct cred *new, const struct cred *old)
758{ 722{
759 security_ops->cred_transfer(new, old); 723 security_ops->cred_transfer(new, old);
@@ -774,22 +738,12 @@ int security_kernel_module_request(char *kmod_name)
774 return security_ops->kernel_module_request(kmod_name); 738 return security_ops->kernel_module_request(kmod_name);
775} 739}
776 740
777int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
778{
779 return security_ops->task_setuid(id0, id1, id2, flags);
780}
781
782int security_task_fix_setuid(struct cred *new, const struct cred *old, 741int security_task_fix_setuid(struct cred *new, const struct cred *old,
783 int flags) 742 int flags)
784{ 743{
785 return security_ops->task_fix_setuid(new, old, flags); 744 return security_ops->task_fix_setuid(new, old, flags);
786} 745}
787 746
788int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
789{
790 return security_ops->task_setgid(id0, id1, id2, flags);
791}
792
793int security_task_setpgid(struct task_struct *p, pid_t pgid) 747int security_task_setpgid(struct task_struct *p, pid_t pgid)
794{ 748{
795 return security_ops->task_setpgid(p, pgid); 749 return security_ops->task_setpgid(p, pgid);
@@ -811,11 +765,6 @@ void security_task_getsecid(struct task_struct *p, u32 *secid)
811} 765}
812EXPORT_SYMBOL(security_task_getsecid); 766EXPORT_SYMBOL(security_task_getsecid);
813 767
814int security_task_setgroups(struct group_info *group_info)
815{
816 return security_ops->task_setgroups(group_info);
817}
818
819int security_task_setnice(struct task_struct *p, int nice) 768int security_task_setnice(struct task_struct *p, int nice)
820{ 769{
821 return security_ops->task_setnice(p, nice); 770 return security_ops->task_setnice(p, nice);
@@ -831,9 +780,10 @@ int security_task_getioprio(struct task_struct *p)
831 return security_ops->task_getioprio(p); 780 return security_ops->task_getioprio(p);
832} 781}
833 782
834int security_task_setrlimit(unsigned int resource, struct rlimit *new_rlim) 783int security_task_setrlimit(struct task_struct *p, unsigned int resource,
784 struct rlimit *new_rlim)
835{ 785{
836 return security_ops->task_setrlimit(resource, new_rlim); 786 return security_ops->task_setrlimit(p, resource, new_rlim);
837} 787}
838 788
839int security_task_setscheduler(struct task_struct *p, 789int security_task_setscheduler(struct task_struct *p,
@@ -1319,13 +1269,6 @@ int security_key_getsecurity(struct key *key, char **_buffer)
1319 return security_ops->key_getsecurity(key, _buffer); 1269 return security_ops->key_getsecurity(key, _buffer);
1320} 1270}
1321 1271
1322int security_key_session_to_parent(const struct cred *cred,
1323 const struct cred *parent_cred,
1324 struct key *key)
1325{
1326 return security_ops->key_session_to_parent(cred, parent_cred, key);
1327}
1328
1329#endif /* CONFIG_KEYS */ 1272#endif /* CONFIG_KEYS */
1330 1273
1331#ifdef CONFIG_AUDIT 1274#ifdef CONFIG_AUDIT
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-19 07:15:29 -0500