diff options
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 66 |
1 files changed, 37 insertions, 29 deletions
diff --git a/security/security.c b/security/security.c index c53949f17d9e..7b7308ace8c5 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -89,20 +89,12 @@ __setup("security=", choose_lsm); | |||
| 89 | * Return true if: | 89 | * Return true if: |
| 90 | * -The passed LSM is the one chosen by user at boot time, | 90 | * -The passed LSM is the one chosen by user at boot time, |
| 91 | * -or the passed LSM is configured as the default and the user did not | 91 | * -or the passed LSM is configured as the default and the user did not |
| 92 | * choose an alternate LSM at boot time, | 92 | * choose an alternate LSM at boot time. |
| 93 | * -or there is no default LSM set and the user didn't specify a | ||
| 94 | * specific LSM and we're the first to ask for registration permission, | ||
| 95 | * -or the passed LSM is currently loaded. | ||
| 96 | * Otherwise, return false. | 93 | * Otherwise, return false. |
| 97 | */ | 94 | */ |
| 98 | int __init security_module_enable(struct security_operations *ops) | 95 | int __init security_module_enable(struct security_operations *ops) |
| 99 | { | 96 | { |
| 100 | if (!*chosen_lsm) | 97 | return !strcmp(ops->name, chosen_lsm); |
| 101 | strncpy(chosen_lsm, ops->name, SECURITY_NAME_MAX); | ||
| 102 | else if (strncmp(ops->name, chosen_lsm, SECURITY_NAME_MAX)) | ||
| 103 | return 0; | ||
| 104 | |||
| 105 | return 1; | ||
| 106 | } | 98 | } |
| 107 | 99 | ||
| 108 | /** | 100 | /** |
| @@ -162,10 +154,9 @@ int security_capset(struct cred *new, const struct cred *old, | |||
| 162 | effective, inheritable, permitted); | 154 | effective, inheritable, permitted); |
| 163 | } | 155 | } |
| 164 | 156 | ||
| 165 | int security_capable(int cap) | 157 | int security_capable(const struct cred *cred, int cap) |
| 166 | { | 158 | { |
| 167 | return security_ops->capable(current, current_cred(), cap, | 159 | return security_ops->capable(current, cred, cap, SECURITY_CAP_AUDIT); |
| 168 | SECURITY_CAP_AUDIT); | ||
| 169 | } | 160 | } |
| 170 | 161 | ||
| 171 | int security_real_capable(struct task_struct *tsk, int cap) | 162 | int security_real_capable(struct task_struct *tsk, int cap) |
| @@ -205,9 +196,9 @@ int security_quota_on(struct dentry *dentry) | |||
| 205 | return security_ops->quota_on(dentry); | 196 | return security_ops->quota_on(dentry); |
| 206 | } | 197 | } |
| 207 | 198 | ||
| 208 | int security_syslog(int type, bool from_file) | 199 | int security_syslog(int type) |
| 209 | { | 200 | { |
| 210 | return security_ops->syslog(type, from_file); | 201 | return security_ops->syslog(type); |
| 211 | } | 202 | } |
| 212 | 203 | ||
| 213 | int security_settime(struct timespec *ts, struct timezone *tz) | 204 | int security_settime(struct timespec *ts, struct timezone *tz) |
| @@ -333,16 +324,8 @@ EXPORT_SYMBOL(security_sb_parse_opts_str); | |||
| 333 | 324 | ||
| 334 | int security_inode_alloc(struct inode *inode) | 325 | int security_inode_alloc(struct inode *inode) |
| 335 | { | 326 | { |
| 336 | int ret; | ||
| 337 | |||
| 338 | inode->i_security = NULL; | 327 | inode->i_security = NULL; |
| 339 | ret = security_ops->inode_alloc_security(inode); | 328 | return security_ops->inode_alloc_security(inode); |
| 340 | if (ret) | ||
| 341 | return ret; | ||
| 342 | ret = ima_inode_alloc(inode); | ||
| 343 | if (ret) | ||
| 344 | security_inode_free(inode); | ||
| 345 | return ret; | ||
| 346 | } | 329 | } |
| 347 | 330 | ||
| 348 | void security_inode_free(struct inode *inode) | 331 | void security_inode_free(struct inode *inode) |
| @@ -529,6 +512,15 @@ int security_inode_permission(struct inode *inode, int mask) | |||
| 529 | return security_ops->inode_permission(inode, mask); | 512 | return security_ops->inode_permission(inode, mask); |
| 530 | } | 513 | } |
| 531 | 514 | ||
| 515 | int security_inode_exec_permission(struct inode *inode, unsigned int flags) | ||
| 516 | { | ||
| 517 | if (unlikely(IS_PRIVATE(inode))) | ||
| 518 | return 0; | ||
| 519 | if (flags) | ||
| 520 | return -ECHILD; | ||
| 521 | return security_ops->inode_permission(inode, MAY_EXEC); | ||
| 522 | } | ||
| 523 | |||
| 532 | int security_inode_setattr(struct dentry *dentry, struct iattr *attr) | 524 | int security_inode_setattr(struct dentry *dentry, struct iattr *attr) |
| 533 | { | 525 | { |
| 534 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | 526 | if (unlikely(IS_PRIVATE(dentry->d_inode))) |
| @@ -786,10 +778,9 @@ int security_task_setrlimit(struct task_struct *p, unsigned int resource, | |||
| 786 | return security_ops->task_setrlimit(p, resource, new_rlim); | 778 | return security_ops->task_setrlimit(p, resource, new_rlim); |
| 787 | } | 779 | } |
| 788 | 780 | ||
| 789 | int security_task_setscheduler(struct task_struct *p, | 781 | int security_task_setscheduler(struct task_struct *p) |
| 790 | int policy, struct sched_param *lp) | ||
| 791 | { | 782 | { |
| 792 | return security_ops->task_setscheduler(p, policy, lp); | 783 | return security_ops->task_setscheduler(p); |
| 793 | } | 784 | } |
| 794 | 785 | ||
| 795 | int security_task_getscheduler(struct task_struct *p) | 786 | int security_task_getscheduler(struct task_struct *p) |
| @@ -994,8 +985,7 @@ EXPORT_SYMBOL(security_inode_getsecctx); | |||
| 994 | 985 | ||
| 995 | #ifdef CONFIG_SECURITY_NETWORK | 986 | #ifdef CONFIG_SECURITY_NETWORK |
| 996 | 987 | ||
| 997 | int security_unix_stream_connect(struct socket *sock, struct socket *other, | 988 | int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk) |
| 998 | struct sock *newsk) | ||
| 999 | { | 989 | { |
| 1000 | return security_ops->unix_stream_connect(sock, other, newsk); | 990 | return security_ops->unix_stream_connect(sock, other, newsk); |
| 1001 | } | 991 | } |
| @@ -1145,6 +1135,24 @@ void security_inet_conn_established(struct sock *sk, | |||
| 1145 | security_ops->inet_conn_established(sk, skb); | 1135 | security_ops->inet_conn_established(sk, skb); |
| 1146 | } | 1136 | } |
| 1147 | 1137 | ||
| 1138 | int security_secmark_relabel_packet(u32 secid) | ||
| 1139 | { | ||
| 1140 | return security_ops->secmark_relabel_packet(secid); | ||
| 1141 | } | ||
| 1142 | EXPORT_SYMBOL(security_secmark_relabel_packet); | ||
| 1143 | |||
| 1144 | void security_secmark_refcount_inc(void) | ||
| 1145 | { | ||
| 1146 | security_ops->secmark_refcount_inc(); | ||
| 1147 | } | ||
| 1148 | EXPORT_SYMBOL(security_secmark_refcount_inc); | ||
| 1149 | |||
| 1150 | void security_secmark_refcount_dec(void) | ||
| 1151 | { | ||
| 1152 | security_ops->secmark_refcount_dec(); | ||
| 1153 | } | ||
| 1154 | EXPORT_SYMBOL(security_secmark_refcount_dec); | ||
| 1155 | |||
| 1148 | int security_tun_dev_create(void) | 1156 | int security_tun_dev_create(void) |
| 1149 | { | 1157 | { |
| 1150 | return security_ops->tun_dev_create(); | 1158 | return security_ops->tun_dev_create(); |