X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=security%2Fsecurity.c;h=ee4e0701b6e0bbfb431c5d1fa5672ab036492fa0;hb=acc9895b87be4c2aa4b97d610a4a01f012b87c3b;hp=d74f708c520abb713626c95621d270b5e02e2f6f;hpb=daddc0d38b3571bed170afa273a49a0eba090c1e;p=linux-2.6.git diff --git a/security/security.c b/security/security.c index d74f708c5..ee4e0701b 100644 --- a/security/security.c +++ b/security/security.c @@ -11,56 +11,53 @@ * (at your option) any later version. */ -#include +#include #include #include #include #include #include -#define SECURITY_SCAFFOLD_VERSION "1.0.0" +#define SECURITY_FRAMEWORK_VERSION "1.0.0" /* things that live in dummy.c */ extern struct security_operations dummy_security_ops; -extern void security_fixup_ops (struct security_operations *ops); +extern void security_fixup_ops(struct security_operations *ops); struct security_operations *security_ops; /* Initialized to NULL */ -static inline int verify (struct security_operations *ops) +static inline int verify(struct security_operations *ops) { /* verify the security_operations structure exists */ - if (!ops) { - printk (KERN_INFO "Passed a NULL security_operations " - "pointer, %s failed.\n", __FUNCTION__); + if (!ops) return -EINVAL; - } - security_fixup_ops (ops); + security_fixup_ops(ops); return 0; } static void __init do_security_initcalls(void) { initcall_t *call; - call = &__security_initcall_start; - while (call < &__security_initcall_end) { - (*call)(); + call = __security_initcall_start; + while (call < __security_initcall_end) { + (*call) (); call++; } } /** - * security_scaffolding_startup - initialzes the security scaffolding framework + * security_init - initializes the security framework * * This should be called early in the kernel initialization sequence. */ -int __init security_scaffolding_startup (void) +int __init security_init(void) { - printk (KERN_INFO "Security Scaffold v" SECURITY_SCAFFOLD_VERSION - " initialized\n"); + printk(KERN_INFO "Security Framework v" SECURITY_FRAMEWORK_VERSION + " initialized\n"); - if (verify (&dummy_security_ops)) { - printk (KERN_ERR "%s could not verify " - "dummy_security_ops structure.\n", __FUNCTION__); + if (verify(&dummy_security_ops)) { + printk(KERN_ERR "%s could not verify " + "dummy_security_ops structure.\n", __FUNCTION__); return -EIO; } @@ -82,19 +79,16 @@ int __init security_scaffolding_startup (void) * If there is already a security module registered with the kernel, * an error will be returned. Otherwise 0 is returned on success. */ -int register_security (struct security_operations *ops) +int register_security(struct security_operations *ops) { - if (verify (ops)) { - printk (KERN_INFO "%s could not verify " - "security_operations structure.\n", __FUNCTION__); + if (verify(ops)) { + printk(KERN_DEBUG "%s could not verify " + "security_operations structure.\n", __FUNCTION__); return -EINVAL; } - if (security_ops != &dummy_security_ops) { - printk (KERN_INFO "There is already a security " - "framework initialized, %s failed.\n", __FUNCTION__); - return -EINVAL; - } + if (security_ops != &dummy_security_ops) + return -EAGAIN; security_ops = ops; @@ -112,12 +106,12 @@ int register_security (struct security_operations *ops) * an error is returned. Otherwise the default security options is set to the * the dummy_security_ops structure, and 0 is returned. */ -int unregister_security (struct security_operations *ops) +int unregister_security(struct security_operations *ops) { if (ops != security_ops) { - printk (KERN_INFO "%s: trying to unregister " - "a security_opts structure that is not " - "registered, failing.\n", __FUNCTION__); + printk(KERN_INFO "%s: trying to unregister " + "a security_opts structure that is not " + "registered, failing.\n", __FUNCTION__); return -EINVAL; } @@ -138,21 +132,21 @@ int unregister_security (struct security_operations *ops) * The return value depends on the currently loaded security module, with 0 as * success. */ -int mod_reg_security (const char *name, struct security_operations *ops) +int mod_reg_security(const char *name, struct security_operations *ops) { - if (verify (ops)) { - printk (KERN_INFO "%s could not verify " - "security operations.\n", __FUNCTION__); + if (verify(ops)) { + printk(KERN_INFO "%s could not verify " + "security operations.\n", __FUNCTION__); return -EINVAL; } if (ops == security_ops) { - printk (KERN_INFO "%s security operations " - "already registered.\n", __FUNCTION__); + printk(KERN_INFO "%s security operations " + "already registered.\n", __FUNCTION__); return -EINVAL; } - return security_ops->register_security (name, ops); + return security_ops->register_security(name, ops); } /** @@ -168,42 +162,19 @@ int mod_reg_security (const char *name, struct security_operations *ops) * The return value depends on the currently loaded security module, with 0 as * success. */ -int mod_unreg_security (const char *name, struct security_operations *ops) +int mod_unreg_security(const char *name, struct security_operations *ops) { if (ops == security_ops) { - printk (KERN_INFO "%s invalid attempt to unregister " - " primary security ops.\n", __FUNCTION__); + printk(KERN_INFO "%s invalid attempt to unregister " + " primary security ops.\n", __FUNCTION__); return -EINVAL; } - return security_ops->unregister_security (name, ops); -} - -/** - * capable - calls the currently loaded security module's capable() function with the specified capability - * @cap: the requested capability level. - * - * This function calls the currently loaded security module's cabable() - * function with a pointer to the current task and the specified @cap value. - * - * This allows the security module to implement the capable function call - * however it chooses to. - */ -int capable (int cap) -{ - if (security_ops->capable (current, cap)) { - /* capability denied */ - return 0; - } - - /* capability granted */ - current->flags |= PF_SUPERPRIV; - return 1; + return security_ops->unregister_security(name, ops); } EXPORT_SYMBOL_GPL(register_security); EXPORT_SYMBOL_GPL(unregister_security); EXPORT_SYMBOL_GPL(mod_reg_security); EXPORT_SYMBOL_GPL(mod_unreg_security); -EXPORT_SYMBOL(capable); EXPORT_SYMBOL(security_ops);