diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/smack/smack_access.c | 4 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 52 | ||||
-rw-r--r-- | security/smack/smackfs.c | 15 |
3 files changed, 34 insertions, 37 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 2e0b83e77ffe..cfa19ca125e3 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c | |||
@@ -162,8 +162,8 @@ int smk_access(char *subject_label, char *object_label, int request) | |||
162 | 162 | ||
163 | /** | 163 | /** |
164 | * smk_curacc - determine if current has a specific access to an object | 164 | * smk_curacc - determine if current has a specific access to an object |
165 | * @object_label: a pointer to the object's Smack label | 165 | * @obj_label: a pointer to the object's Smack label |
166 | * @request: the access requested, in "MAY" format | 166 | * @mode: the access requested, in "MAY" format |
167 | * | 167 | * |
168 | * This function checks the current subject label/object label pair | 168 | * This function checks the current subject label/object label pair |
169 | * in the access rule list and returns 0 if the access is permitted, | 169 | * in the access rule list and returns 0 if the access is permitted, |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 0278bc083044..4f48da5b08cb 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -91,6 +91,7 @@ struct inode_smack *new_inode_smack(char *smack) | |||
91 | /** | 91 | /** |
92 | * smack_ptrace_may_access - Smack approval on PTRACE_ATTACH | 92 | * smack_ptrace_may_access - Smack approval on PTRACE_ATTACH |
93 | * @ctp: child task pointer | 93 | * @ctp: child task pointer |
94 | * @mode: ptrace attachment mode | ||
94 | * | 95 | * |
95 | * Returns 0 if access is OK, an error code otherwise | 96 | * Returns 0 if access is OK, an error code otherwise |
96 | * | 97 | * |
@@ -203,9 +204,8 @@ static void smack_sb_free_security(struct super_block *sb) | |||
203 | 204 | ||
204 | /** | 205 | /** |
205 | * smack_sb_copy_data - copy mount options data for processing | 206 | * smack_sb_copy_data - copy mount options data for processing |
206 | * @type: file system type | ||
207 | * @orig: where to start | 207 | * @orig: where to start |
208 | * @smackopts | 208 | * @smackopts: mount options string |
209 | * | 209 | * |
210 | * Returns 0 on success or -ENOMEM on error. | 210 | * Returns 0 on success or -ENOMEM on error. |
211 | * | 211 | * |
@@ -331,7 +331,7 @@ static int smack_sb_statfs(struct dentry *dentry) | |||
331 | /** | 331 | /** |
332 | * smack_sb_mount - Smack check for mounting | 332 | * smack_sb_mount - Smack check for mounting |
333 | * @dev_name: unused | 333 | * @dev_name: unused |
334 | * @nd: mount point | 334 | * @path: mount point |
335 | * @type: unused | 335 | * @type: unused |
336 | * @flags: unused | 336 | * @flags: unused |
337 | * @data: unused | 337 | * @data: unused |
@@ -370,7 +370,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags) | |||
370 | 370 | ||
371 | /** | 371 | /** |
372 | * smack_inode_alloc_security - allocate an inode blob | 372 | * smack_inode_alloc_security - allocate an inode blob |
373 | * @inode - the inode in need of a blob | 373 | * @inode: the inode in need of a blob |
374 | * | 374 | * |
375 | * Returns 0 if it gets a blob, -ENOMEM otherwise | 375 | * Returns 0 if it gets a blob, -ENOMEM otherwise |
376 | */ | 376 | */ |
@@ -384,7 +384,7 @@ static int smack_inode_alloc_security(struct inode *inode) | |||
384 | 384 | ||
385 | /** | 385 | /** |
386 | * smack_inode_free_security - free an inode blob | 386 | * smack_inode_free_security - free an inode blob |
387 | * @inode - the inode with a blob | 387 | * @inode: the inode with a blob |
388 | * | 388 | * |
389 | * Clears the blob pointer in inode | 389 | * Clears the blob pointer in inode |
390 | */ | 390 | */ |
@@ -538,7 +538,6 @@ static int smack_inode_rename(struct inode *old_inode, | |||
538 | * smack_inode_permission - Smack version of permission() | 538 | * smack_inode_permission - Smack version of permission() |
539 | * @inode: the inode in question | 539 | * @inode: the inode in question |
540 | * @mask: the access requested | 540 | * @mask: the access requested |
541 | * @nd: unused | ||
542 | * | 541 | * |
543 | * This is the important Smack hook. | 542 | * This is the important Smack hook. |
544 | * | 543 | * |
@@ -701,8 +700,7 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) | |||
701 | * @inode: the object | 700 | * @inode: the object |
702 | * @name: attribute name | 701 | * @name: attribute name |
703 | * @buffer: where to put the result | 702 | * @buffer: where to put the result |
704 | * @size: size of the buffer | 703 | * @alloc: unused |
705 | * @err: unused | ||
706 | * | 704 | * |
707 | * Returns the size of the attribute or an error code | 705 | * Returns the size of the attribute or an error code |
708 | */ | 706 | */ |
@@ -864,7 +862,7 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd, | |||
864 | /** | 862 | /** |
865 | * smack_file_lock - Smack check on file locking | 863 | * smack_file_lock - Smack check on file locking |
866 | * @file: the object | 864 | * @file: the object |
867 | * @cmd unused | 865 | * @cmd: unused |
868 | * | 866 | * |
869 | * Returns 0 if current has write access, error code otherwise | 867 | * Returns 0 if current has write access, error code otherwise |
870 | */ | 868 | */ |
@@ -1003,8 +1001,8 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old, | |||
1003 | return 0; | 1001 | return 0; |
1004 | } | 1002 | } |
1005 | 1003 | ||
1006 | /* | 1004 | /** |
1007 | * commit new credentials | 1005 | * smack_cred_commit - commit new credentials |
1008 | * @new: the new credentials | 1006 | * @new: the new credentials |
1009 | * @old: the original credentials | 1007 | * @old: the original credentials |
1010 | */ | 1008 | */ |
@@ -1014,8 +1012,8 @@ static void smack_cred_commit(struct cred *new, const struct cred *old) | |||
1014 | 1012 | ||
1015 | /** | 1013 | /** |
1016 | * smack_kernel_act_as - Set the subjective context in a set of credentials | 1014 | * smack_kernel_act_as - Set the subjective context in a set of credentials |
1017 | * @new points to the set of credentials to be modified. | 1015 | * @new: points to the set of credentials to be modified. |
1018 | * @secid specifies the security ID to be set | 1016 | * @secid: specifies the security ID to be set |
1019 | * | 1017 | * |
1020 | * Set the security data for a kernel service. | 1018 | * Set the security data for a kernel service. |
1021 | */ | 1019 | */ |
@@ -1032,8 +1030,8 @@ static int smack_kernel_act_as(struct cred *new, u32 secid) | |||
1032 | 1030 | ||
1033 | /** | 1031 | /** |
1034 | * smack_kernel_create_files_as - Set the file creation label in a set of creds | 1032 | * smack_kernel_create_files_as - Set the file creation label in a set of creds |
1035 | * @new points to the set of credentials to be modified | 1033 | * @new: points to the set of credentials to be modified |
1036 | * @inode points to the inode to use as a reference | 1034 | * @inode: points to the inode to use as a reference |
1037 | * | 1035 | * |
1038 | * Set the file creation context in a set of credentials to the same | 1036 | * Set the file creation context in a set of credentials to the same |
1039 | * as the objective context of the specified inode | 1037 | * as the objective context of the specified inode |
@@ -1242,7 +1240,7 @@ static int smack_task_wait(struct task_struct *p) | |||
1242 | /** | 1240 | /** |
1243 | * smack_task_to_inode - copy task smack into the inode blob | 1241 | * smack_task_to_inode - copy task smack into the inode blob |
1244 | * @p: task to copy from | 1242 | * @p: task to copy from |
1245 | * inode: inode to copy to | 1243 | * @inode: inode to copy to |
1246 | * | 1244 | * |
1247 | * Sets the smack pointer in the inode security blob | 1245 | * Sets the smack pointer in the inode security blob |
1248 | */ | 1246 | */ |
@@ -1260,7 +1258,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode) | |||
1260 | * smack_sk_alloc_security - Allocate a socket blob | 1258 | * smack_sk_alloc_security - Allocate a socket blob |
1261 | * @sk: the socket | 1259 | * @sk: the socket |
1262 | * @family: unused | 1260 | * @family: unused |
1263 | * @priority: memory allocation priority | 1261 | * @gfp_flags: memory allocation flags |
1264 | * | 1262 | * |
1265 | * Assign Smack pointers to current | 1263 | * Assign Smack pointers to current |
1266 | * | 1264 | * |
@@ -2001,7 +1999,7 @@ static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) | |||
2001 | 1999 | ||
2002 | /** | 2000 | /** |
2003 | * smack_ipc_getsecid - Extract smack security id | 2001 | * smack_ipc_getsecid - Extract smack security id |
2004 | * @ipcp: the object permissions | 2002 | * @ipp: the object permissions |
2005 | * @secid: where result will be saved | 2003 | * @secid: where result will be saved |
2006 | */ | 2004 | */ |
2007 | static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) | 2005 | static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) |
@@ -2278,7 +2276,7 @@ static int smack_unix_may_send(struct socket *sock, struct socket *other) | |||
2278 | /** | 2276 | /** |
2279 | * smack_socket_sendmsg - Smack check based on destination host | 2277 | * smack_socket_sendmsg - Smack check based on destination host |
2280 | * @sock: the socket | 2278 | * @sock: the socket |
2281 | * @msghdr: the message | 2279 | * @msg: the message |
2282 | * @size: the size of the message | 2280 | * @size: the size of the message |
2283 | * | 2281 | * |
2284 | * Return 0 if the current subject can write to the destination | 2282 | * Return 0 if the current subject can write to the destination |
@@ -2319,8 +2317,7 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg, | |||
2319 | 2317 | ||
2320 | 2318 | ||
2321 | /** | 2319 | /** |
2322 | * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat | 2320 | * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack |
2323 | * pair to smack | ||
2324 | * @sap: netlabel secattr | 2321 | * @sap: netlabel secattr |
2325 | * @sip: where to put the result | 2322 | * @sip: where to put the result |
2326 | * | 2323 | * |
@@ -2441,7 +2438,7 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) | |||
2441 | * @sock: the socket | 2438 | * @sock: the socket |
2442 | * @optval: user's destination | 2439 | * @optval: user's destination |
2443 | * @optlen: size thereof | 2440 | * @optlen: size thereof |
2444 | * @len: max thereoe | 2441 | * @len: max thereof |
2445 | * | 2442 | * |
2446 | * returns zero on success, an error code otherwise | 2443 | * returns zero on success, an error code otherwise |
2447 | */ | 2444 | */ |
@@ -2776,7 +2773,7 @@ static void smack_audit_rule_free(void *vrule) | |||
2776 | 2773 | ||
2777 | #endif /* CONFIG_AUDIT */ | 2774 | #endif /* CONFIG_AUDIT */ |
2778 | 2775 | ||
2779 | /* | 2776 | /** |
2780 | * smack_secid_to_secctx - return the smack label for a secid | 2777 | * smack_secid_to_secctx - return the smack label for a secid |
2781 | * @secid: incoming integer | 2778 | * @secid: incoming integer |
2782 | * @secdata: destination | 2779 | * @secdata: destination |
@@ -2793,7 +2790,7 @@ static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) | |||
2793 | return 0; | 2790 | return 0; |
2794 | } | 2791 | } |
2795 | 2792 | ||
2796 | /* | 2793 | /** |
2797 | * smack_secctx_to_secid - return the secid for a smack label | 2794 | * smack_secctx_to_secid - return the secid for a smack label |
2798 | * @secdata: smack label | 2795 | * @secdata: smack label |
2799 | * @seclen: how long result is | 2796 | * @seclen: how long result is |
@@ -2807,11 +2804,10 @@ static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) | |||
2807 | return 0; | 2804 | return 0; |
2808 | } | 2805 | } |
2809 | 2806 | ||
2810 | /* | 2807 | /** |
2811 | * smack_release_secctx - don't do anything. | 2808 | * smack_release_secctx - don't do anything. |
2812 | * @key_ref: unused | 2809 | * @secdata: unused |
2813 | * @context: unused | 2810 | * @seclen: unused |
2814 | * @perm: unused | ||
2815 | * | 2811 | * |
2816 | * Exists to make sure nothing gets done, and properly | 2812 | * Exists to make sure nothing gets done, and properly |
2817 | */ | 2813 | */ |
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 8e42800878f4..fd8d1eb43700 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c | |||
@@ -245,7 +245,7 @@ out: | |||
245 | 245 | ||
246 | /** | 246 | /** |
247 | * smk_write_load - write() for /smack/load | 247 | * smk_write_load - write() for /smack/load |
248 | * @filp: file pointer, not actually used | 248 | * @file: file pointer, not actually used |
249 | * @buf: where to get the data from | 249 | * @buf: where to get the data from |
250 | * @count: bytes sent | 250 | * @count: bytes sent |
251 | * @ppos: where to start - must be 0 | 251 | * @ppos: where to start - must be 0 |
@@ -402,6 +402,7 @@ static void smk_cipso_doi(void) | |||
402 | 402 | ||
403 | /** | 403 | /** |
404 | * smk_unlbl_ambient - initialize the unlabeled domain | 404 | * smk_unlbl_ambient - initialize the unlabeled domain |
405 | * @oldambient: previous domain string | ||
405 | */ | 406 | */ |
406 | static void smk_unlbl_ambient(char *oldambient) | 407 | static void smk_unlbl_ambient(char *oldambient) |
407 | { | 408 | { |
@@ -513,7 +514,7 @@ static int smk_open_cipso(struct inode *inode, struct file *file) | |||
513 | 514 | ||
514 | /** | 515 | /** |
515 | * smk_write_cipso - write() for /smack/cipso | 516 | * smk_write_cipso - write() for /smack/cipso |
516 | * @filp: file pointer, not actually used | 517 | * @file: file pointer, not actually used |
517 | * @buf: where to get the data from | 518 | * @buf: where to get the data from |
518 | * @count: bytes sent | 519 | * @count: bytes sent |
519 | * @ppos: where to start | 520 | * @ppos: where to start |
@@ -703,7 +704,7 @@ static int smk_open_netlbladdr(struct inode *inode, struct file *file) | |||
703 | 704 | ||
704 | /** | 705 | /** |
705 | * smk_write_netlbladdr - write() for /smack/netlabel | 706 | * smk_write_netlbladdr - write() for /smack/netlabel |
706 | * @filp: file pointer, not actually used | 707 | * @file: file pointer, not actually used |
707 | * @buf: where to get the data from | 708 | * @buf: where to get the data from |
708 | * @count: bytes sent | 709 | * @count: bytes sent |
709 | * @ppos: where to start | 710 | * @ppos: where to start |
@@ -850,7 +851,7 @@ static ssize_t smk_read_doi(struct file *filp, char __user *buf, | |||
850 | 851 | ||
851 | /** | 852 | /** |
852 | * smk_write_doi - write() for /smack/doi | 853 | * smk_write_doi - write() for /smack/doi |
853 | * @filp: file pointer, not actually used | 854 | * @file: file pointer, not actually used |
854 | * @buf: where to get the data from | 855 | * @buf: where to get the data from |
855 | * @count: bytes sent | 856 | * @count: bytes sent |
856 | * @ppos: where to start | 857 | * @ppos: where to start |
@@ -915,7 +916,7 @@ static ssize_t smk_read_direct(struct file *filp, char __user *buf, | |||
915 | 916 | ||
916 | /** | 917 | /** |
917 | * smk_write_direct - write() for /smack/direct | 918 | * smk_write_direct - write() for /smack/direct |
918 | * @filp: file pointer, not actually used | 919 | * @file: file pointer, not actually used |
919 | * @buf: where to get the data from | 920 | * @buf: where to get the data from |
920 | * @count: bytes sent | 921 | * @count: bytes sent |
921 | * @ppos: where to start | 922 | * @ppos: where to start |
@@ -990,7 +991,7 @@ static ssize_t smk_read_ambient(struct file *filp, char __user *buf, | |||
990 | 991 | ||
991 | /** | 992 | /** |
992 | * smk_write_ambient - write() for /smack/ambient | 993 | * smk_write_ambient - write() for /smack/ambient |
993 | * @filp: file pointer, not actually used | 994 | * @file: file pointer, not actually used |
994 | * @buf: where to get the data from | 995 | * @buf: where to get the data from |
995 | * @count: bytes sent | 996 | * @count: bytes sent |
996 | * @ppos: where to start | 997 | * @ppos: where to start |
@@ -1065,7 +1066,7 @@ static ssize_t smk_read_onlycap(struct file *filp, char __user *buf, | |||
1065 | 1066 | ||
1066 | /** | 1067 | /** |
1067 | * smk_write_onlycap - write() for /smack/onlycap | 1068 | * smk_write_onlycap - write() for /smack/onlycap |
1068 | * @filp: file pointer, not actually used | 1069 | * @file: file pointer, not actually used |
1069 | * @buf: where to get the data from | 1070 | * @buf: where to get the data from |
1070 | * @count: bytes sent | 1071 | * @count: bytes sent |
1071 | * @ppos: where to start | 1072 | * @ppos: where to start |