X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=include%2Flinux%2Fsecurity.h;h=2b048ec62e9c169e1908a04c9acff2c7c2de44bf;hb=6a77f38946aaee1cd85eeec6cf4229b204c15071;hp=983d7c2265bcd9bc33b0460d0ceab41f2d6a4309;hpb=87fc8d1bb10cd459024a742c6a10961fefcef18f;p=linux-2.6.git diff --git a/include/linux/security.h b/include/linux/security.h index 983d7c226..2b048ec62 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -27,18 +27,18 @@ #include #include #include -#include #include #include #include -#include -#include + +struct ctl_table; /* * These functions are in security/capability.c and are used * as the default capabilities functions */ extern int cap_capable (struct task_struct *tsk, int cap); +extern int cap_settime (struct timespec *ts, struct timezone *tz); extern int cap_ptrace (struct task_struct *parent, struct task_struct *child); extern int cap_capget (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); extern int cap_capset_check (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); @@ -53,18 +53,14 @@ extern void cap_task_reparent_to_init (struct task_struct *p); extern int cap_syslog (int type); extern int cap_vm_enough_memory (long pages); -static inline int cap_netlink_send (struct sock *sk, struct sk_buff *skb) -{ - NETLINK_CB (skb).eff_cap = current->cap_effective; - return 0; -} +struct msghdr; +struct sk_buff; +struct sock; +struct sockaddr; +struct socket; -static inline int cap_netlink_recv (struct sk_buff *skb) -{ - if (!cap_raised (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN)) - return -EPERM; - return 0; -} +extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); +extern int cap_netlink_recv(struct sk_buff *skb); /* * Values used in the task_security_ops calls @@ -113,13 +109,20 @@ struct swap_info_struct; * and the information saved in @bprm->security by the set_security hook. * Since this hook function (and its caller) are void, this hook can not * return an error. However, it can leave the security attributes of the - * process unchanged if an access failure occurs at this point. It can - * also perform other state changes on the process (e.g. closing open - * file descriptors to which access is no longer granted if the attributes - * were changed). + * process unchanged if an access failure occurs at this point. * bprm_apply_creds is called under task_lock. @unsafe indicates various * reasons why it may be unsafe to change security state. * @bprm contains the linux_binprm structure. + * @bprm_post_apply_creds: + * Runs after bprm_apply_creds with the task_lock dropped, so that + * functions which cannot be called safely under the task_lock can + * be used. This hook is a good place to perform state changes on + * the process such as closing open file descriptors to which access + * is no longer granted if the attributes were changed. + * Note that a security module might need to save state between + * bprm_apply_creds and bprm_post_apply_creds to store the decision + * on whether the process may proceed. + * @bprm contains the linux_binprm structure. * @bprm_set_security: * Save security information in the bprm->security field, typically based * on information about the bprm->file, for later use by the apply_creds @@ -395,13 +398,13 @@ struct swap_info_struct; * Return 0 if permission is granted. * @inode_getsecurity: * Copy the extended attribute representation of the security label - * associated with @name for @dentry into @buffer. @buffer may be + * associated with @name for @inode into @buffer. @buffer may be * NULL to request the size of the buffer required. @size indicates * the size of @buffer in bytes. Note that @name is the remainder * of the attribute name after the security. prefix has been removed. * Return number of bytes used/required on success. * @inode_setsecurity: - * Set the security label associated with @name for @dentry from the + * Set the security label associated with @name for @inode from the * extended attribute value @value. @size indicates the size of the * @value in bytes. @flags may be XATTR_CREATE, XATTR_REPLACE, or 0. * Note that @name is the remainder of the attribute name after the @@ -409,8 +412,9 @@ struct swap_info_struct; * Return 0 on success. * @inode_listsecurity: * Copy the extended attribute names for the security labels - * associated with @dentry into @buffer. @buffer may be NULL to - * request the size of the buffer required. + * associated with @inode into @buffer. The maximum size of @buffer + * is specified by @buffer_size. @buffer may be NULL to request + * the size of the buffer required. * Returns number of bytes used/required on success. * * Security hooks for file operations @@ -485,16 +489,15 @@ struct swap_info_struct; * @file contains the file structure to update. * Return 0 on success. * @file_send_sigiotask: - * Check permission for the file owner @fown to send SIGIO to the process - * @tsk. Note that this hook is always called from interrupt. Note that - * the fown_struct, @fown, is never outside the context of a struct file, - * so the file structure (and associated security information) can always - * be obtained: + * Check permission for the file owner @fown to send SIGIO or SIGURG to the + * process @tsk. Note that this hook is sometimes called from interrupt. + * Note that the fown_struct, @fown, is never outside the context of a + * struct file, so the file structure (and associated security information) + * can always be obtained: * (struct file *)((long)fown - offsetof(struct file,f_owner)); * @tsk contains the structure of task receiving signal. * @fown contains the file owner information. - * @fd contains the file descriptor. - * @reason contains the operational flags. + * @sig is the signal that will be sent. When 0, kernel sends SIGIO. * Return 0 if permission is granted. * @file_receive: * This hook allows security modules to control the ability of a process @@ -582,7 +585,7 @@ struct swap_info_struct; * @task_setrlimit: * Check permission before setting the resource limits of the current * process for @resource to @new_rlim. The old resource limit values can - * be examined by dereferencing (current->rlim + resource). + * be examined by dereferencing (current->signal->rlim + resource). * @resource contains the resource whose limit is being set. * @new_rlim contains the new limits for @resource. * Return 0 if permission is granted. @@ -999,6 +1002,12 @@ struct swap_info_struct; * See the syslog(2) manual page for an explanation of the @type values. * @type contains the type of action. * Return 0 if permission is granted. + * @settime: + * Check permission to change the system time. + * struct timespec and timezone are defined in include/linux/time.h + * @ts contains new time + * @tz contains new timezone + * Return 0 if permission is granted. * @vm_enough_memory: * Check permissions for allocating a new virtual mapping. * @pages contains the number of pages. @@ -1029,16 +1038,18 @@ struct security_operations { kernel_cap_t * inheritable, kernel_cap_t * permitted); int (*acct) (struct file * file); - int (*sysctl) (ctl_table * table, int op); + int (*sysctl) (struct ctl_table * table, int op); int (*capable) (struct task_struct * tsk, int cap); int (*quotactl) (int cmds, int type, int id, struct super_block * sb); - int (*quota_on) (struct file * f); + int (*quota_on) (struct dentry * dentry); int (*syslog) (int type); + int (*settime) (struct timespec *ts, struct timezone *tz); int (*vm_enough_memory) (long pages); int (*bprm_alloc_security) (struct linux_binprm * bprm); void (*bprm_free_security) (struct linux_binprm * bprm); void (*bprm_apply_creds) (struct linux_binprm * bprm, int unsafe); + void (*bprm_post_apply_creds) (struct linux_binprm * bprm); int (*bprm_set_security) (struct linux_binprm * bprm); int (*bprm_check_security) (struct linux_binprm * bprm); int (*bprm_secureexec) (struct linux_binprm * bprm); @@ -1108,9 +1119,9 @@ struct security_operations { int (*inode_getxattr) (struct dentry *dentry, char *name); int (*inode_listxattr) (struct dentry *dentry); int (*inode_removexattr) (struct dentry *dentry, char *name); - int (*inode_getsecurity)(struct dentry *dentry, const char *name, void *buffer, size_t size); - int (*inode_setsecurity)(struct dentry *dentry, const char *name, const void *value, size_t size, int flags); - int (*inode_listsecurity)(struct dentry *dentry, char *buffer); + int (*inode_getsecurity)(struct inode *inode, const char *name, void *buffer, size_t size); + int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); + int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); int (*file_permission) (struct file * file, int mask); int (*file_alloc_security) (struct file * file); @@ -1125,8 +1136,7 @@ struct security_operations { unsigned long arg); int (*file_set_fowner) (struct file * file); int (*file_send_sigiotask) (struct task_struct * tsk, - struct fown_struct * fown, - int fd, int reason); + struct fown_struct * fown, int sig); int (*file_receive) (struct file * file); int (*task_create) (unsigned long clone_flags); @@ -1268,7 +1278,7 @@ static inline int security_acct (struct file *file) return security_ops->acct (file); } -static inline int security_sysctl(ctl_table * table, int op) +static inline int security_sysctl(struct ctl_table *table, int op) { return security_ops->sysctl(table, op); } @@ -1279,9 +1289,9 @@ static inline int security_quotactl (int cmds, int type, int id, return security_ops->quotactl (cmds, type, id, sb); } -static inline int security_quota_on (struct file * file) +static inline int security_quota_on (struct dentry * dentry) { - return security_ops->quota_on (file); + return security_ops->quota_on (dentry); } static inline int security_syslog(int type) @@ -1289,6 +1299,12 @@ static inline int security_syslog(int type) return security_ops->syslog(type); } +static inline int security_settime(struct timespec *ts, struct timezone *tz) +{ + return security_ops->settime(ts, tz); +} + + static inline int security_vm_enough_memory(long pages) { return security_ops->vm_enough_memory(pages); @@ -1306,6 +1322,10 @@ static inline void security_bprm_apply_creds (struct linux_binprm *bprm, int uns { security_ops->bprm_apply_creds (bprm, unsafe); } +static inline void security_bprm_post_apply_creds (struct linux_binprm *bprm) +{ + security_ops->bprm_post_apply_creds (bprm); +} static inline int security_bprm_set (struct linux_binprm *bprm) { return security_ops->bprm_set_security (bprm); @@ -1575,19 +1595,19 @@ static inline int security_inode_removexattr (struct dentry *dentry, char *name) return security_ops->inode_removexattr (dentry, name); } -static inline int security_inode_getsecurity(struct dentry *dentry, const char *name, void *buffer, size_t size) +static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size) { - return security_ops->inode_getsecurity(dentry, name, buffer, size); + return security_ops->inode_getsecurity(inode, name, buffer, size); } -static inline int security_inode_setsecurity(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) +static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) { - return security_ops->inode_setsecurity(dentry, name, value, size, flags); + return security_ops->inode_setsecurity(inode, name, value, size, flags); } -static inline int security_inode_listsecurity(struct dentry *dentry, char *buffer) +static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) { - return security_ops->inode_listsecurity(dentry, buffer); + return security_ops->inode_listsecurity(inode, buffer, buffer_size); } static inline int security_file_permission (struct file *file, int mask) @@ -1641,9 +1661,9 @@ static inline int security_file_set_fowner (struct file *file) static inline int security_file_send_sigiotask (struct task_struct *tsk, struct fown_struct *fown, - int fd, int reason) + int sig) { - return security_ops->file_send_sigiotask (tsk, fown, fd, reason); + return security_ops->file_send_sigiotask (tsk, fown, sig); } static inline int security_file_receive (struct file *file) @@ -1887,7 +1907,7 @@ static inline int security_netlink_recv(struct sk_buff * skb) } /* prototypes */ -extern int security_scaffolding_startup (void); +extern int security_init (void); extern int register_security (struct security_operations *ops); extern int unregister_security (struct security_operations *ops); extern int mod_reg_security (const char *name, struct security_operations *ops); @@ -1901,7 +1921,7 @@ extern int mod_unreg_security (const char *name, struct security_operations *ops * are just stubbed out, but a few must call the proper capable code. */ -static inline int security_scaffolding_startup (void) +static inline int security_init(void) { return 0; } @@ -1940,7 +1960,7 @@ static inline int security_acct (struct file *file) return 0; } -static inline int security_sysctl(ctl_table * table, int op) +static inline int security_sysctl(struct ctl_table *table, int op) { return 0; } @@ -1951,7 +1971,7 @@ static inline int security_quotactl (int cmds, int type, int id, return 0; } -static inline int security_quota_on (struct file * file) +static inline int security_quota_on (struct dentry * dentry) { return 0; } @@ -1961,6 +1981,11 @@ static inline int security_syslog(int type) return cap_syslog(type); } +static inline int security_settime(struct timespec *ts, struct timezone *tz) +{ + return cap_settime(ts, tz); +} + static inline int security_vm_enough_memory(long pages) { return cap_vm_enough_memory(pages); @@ -1979,6 +2004,11 @@ static inline void security_bprm_apply_creds (struct linux_binprm *bprm, int uns cap_bprm_apply_creds (bprm, unsafe); } +static inline void security_bprm_post_apply_creds (struct linux_binprm *bprm) +{ + return; +} + static inline int security_bprm_set (struct linux_binprm *bprm) { return cap_bprm_set_security (bprm); @@ -2214,17 +2244,17 @@ static inline int security_inode_removexattr (struct dentry *dentry, char *name) return cap_inode_removexattr(dentry, name); } -static inline int security_inode_getsecurity(struct dentry *dentry, const char *name, void *buffer, size_t size) +static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size) { return -EOPNOTSUPP; } -static inline int security_inode_setsecurity(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) +static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) { return -EOPNOTSUPP; } -static inline int security_inode_listsecurity(struct dentry *dentry, char *buffer) +static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) { return 0; } @@ -2278,7 +2308,7 @@ static inline int security_file_set_fowner (struct file *file) static inline int security_file_send_sigiotask (struct task_struct *tsk, struct fown_struct *fown, - int fd, int reason) + int sig) { return 0; } @@ -2499,11 +2529,6 @@ static inline int security_setprocattr(struct task_struct *p, char *name, void * return -EINVAL; } -/* - * The netlink capability defaults need to be used inline by default - * (rather than hooking into the capability module) to reduce overhead - * in the networking code. - */ static inline int security_netlink_send (struct sock *sk, struct sk_buff *skb) { return cap_netlink_send (sk, skb);