Blame view
security/security.c
45.2 KB
1da177e4c Linux-2.6.12-rc2 |
1 2 3 4 5 6 |
/* * Security plug functions * * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com> * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> |
d291f1a65 IB/core: Enforce ... |
7 |
* Copyright (C) 2016 Mellanox Technologies |
1da177e4c Linux-2.6.12-rc2 |
8 9 10 11 12 13 |
* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. */ |
afdb09c72 security: bpf: Ad... |
14 |
#include <linux/bpf.h> |
c59ede7b7 [PATCH] move capa... |
15 |
#include <linux/capability.h> |
d47be3dfe Security: Add hoo... |
16 |
#include <linux/dcache.h> |
1da177e4c Linux-2.6.12-rc2 |
17 18 19 |
#include <linux/module.h> #include <linux/init.h> #include <linux/kernel.h> |
3c4ed7bdf LSM: Split securi... |
20 |
#include <linux/lsm_hooks.h> |
f381c2722 integrity: move i... |
21 |
#include <linux/integrity.h> |
6c21a7fb4 LSM: imbed ima ca... |
22 |
#include <linux/ima.h> |
3e1be52d6 security: imbed e... |
23 |
#include <linux/evm.h> |
404015308 security: trim se... |
24 |
#include <linux/fsnotify.h> |
8b3ec6814 take security_mma... |
25 26 27 |
#include <linux/mman.h> #include <linux/mount.h> #include <linux/personality.h> |
75331a597 security: Fix nom... |
28 |
#include <linux/backing-dev.h> |
3bb857e47 LSM: Enable multi... |
29 |
#include <linux/string.h> |
404015308 security: trim se... |
30 |
#include <net/flow.h> |
1da177e4c Linux-2.6.12-rc2 |
31 |
|
58eacfffc init, tracing: in... |
32 |
#include <trace/events/initcall.h> |
823eb1ccd evm: call evm_ino... |
33 |
#define MAX_LSM_EVM_XATTR 2 |
1da177e4c Linux-2.6.12-rc2 |
34 |
|
b1d9e6b06 LSM: Switch to li... |
35 36 |
/* Maximum number of letters for an LSM name string */ #define SECURITY_NAME_MAX 10 |
3dfc9b028 LSM: Initialize s... |
37 |
struct security_hook_heads security_hook_heads __lsm_ro_after_init; |
8f408ab64 selinux lsm IB/co... |
38 |
static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain); |
d69dece5f LSM: Add /sys/ker... |
39 |
char *lsm_names; |
076c54c5b Security: Introdu... |
40 |
/* Boot-time LSM user choice */ |
6e65f92ff Config option to ... |
41 42 |
static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; |
1da177e4c Linux-2.6.12-rc2 |
43 |
|
1da177e4c Linux-2.6.12-rc2 |
44 45 |
static void __init do_security_initcalls(void) { |
58eacfffc init, tracing: in... |
46 |
int ret; |
1b1eeca7e init: allow initc... |
47 48 49 50 |
initcall_t call; initcall_entry_t *ce; ce = __security_initcall_start; |
58eacfffc init, tracing: in... |
51 |
trace_initcall_level("security"); |
1b1eeca7e init: allow initc... |
52 53 54 55 56 57 |
while (ce < __security_initcall_end) { call = initcall_from_entry(ce); trace_initcall_start(call); ret = call(); trace_initcall_finish(call, ret); ce++; |
1da177e4c Linux-2.6.12-rc2 |
58 59 60 61 62 63 64 65 66 67 |
} } /** * security_init - initializes the security framework * * This should be called early in the kernel initialization sequence. */ int __init security_init(void) { |
3dfc9b028 LSM: Initialize s... |
68 |
int i; |
df0ce1733 security: convert... |
69 |
struct hlist_head *list = (struct hlist_head *) &security_hook_heads; |
3dfc9b028 LSM: Initialize s... |
70 |
|
df0ce1733 security: convert... |
71 |
for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct hlist_head); |
3dfc9b028 LSM: Initialize s... |
72 |
i++) |
df0ce1733 security: convert... |
73 |
INIT_HLIST_HEAD(&list[i]); |
b1d9e6b06 LSM: Switch to li... |
74 75 |
pr_info("Security Framework initialized "); |
1da177e4c Linux-2.6.12-rc2 |
76 |
|
b1d9e6b06 LSM: Switch to li... |
77 |
/* |
730daa164 Yama: remove need... |
78 |
* Load minor LSMs, with the capability module always first. |
b1d9e6b06 LSM: Switch to li... |
79 80 |
*/ capability_add_hooks(); |
b1d9e6b06 LSM: Switch to li... |
81 |
yama_add_hooks(); |
9b091556a LSM: LoadPin for ... |
82 |
loadpin_add_hooks(); |
730daa164 Yama: remove need... |
83 |
|
b1d9e6b06 LSM: Switch to li... |
84 |
/* |
730daa164 Yama: remove need... |
85 |
* Load all the remaining security modules. |
b1d9e6b06 LSM: Switch to li... |
86 |
*/ |
1da177e4c Linux-2.6.12-rc2 |
87 88 89 90 |
do_security_initcalls(); return 0; } |
076c54c5b Security: Introdu... |
91 92 93 94 95 96 97 |
/* Save user chosen LSM */ static int __init choose_lsm(char *str) { strncpy(chosen_lsm, str, SECURITY_NAME_MAX); return 1; } __setup("security=", choose_lsm); |
3bb857e47 LSM: Enable multi... |
98 99 100 101 102 103 104 105 106 107 108 109 110 111 |
static bool match_last_lsm(const char *list, const char *lsm) { const char *last; if (WARN_ON(!list || !lsm)) return false; last = strrchr(list, ','); if (last) /* Pass the comma, strcmp() will check for '\0' */ last++; else last = list; return !strcmp(last, lsm); } |
d69dece5f LSM: Add /sys/ker... |
112 113 114 115 116 117 |
static int lsm_append(char *new, char **result) { char *cp; if (*result == NULL) { *result = kstrdup(new, GFP_KERNEL); |
87ea58433 security: check f... |
118 119 |
if (*result == NULL) return -ENOMEM; |
d69dece5f LSM: Add /sys/ker... |
120 |
} else { |
3bb857e47 LSM: Enable multi... |
121 122 123 |
/* Check if it is the last registered name */ if (match_last_lsm(*result, new)) return 0; |
d69dece5f LSM: Add /sys/ker... |
124 125 126 127 128 129 130 131 |
cp = kasprintf(GFP_KERNEL, "%s,%s", *result, new); if (cp == NULL) return -ENOMEM; kfree(*result); *result = cp; } return 0; } |
076c54c5b Security: Introdu... |
132 133 |
/** * security_module_enable - Load given security module on boot ? |
b1d9e6b06 LSM: Switch to li... |
134 |
* @module: the name of the module |
076c54c5b Security: Introdu... |
135 136 137 |
* * Each LSM must pass this method before registering its own operations * to avoid security registration races. This method may also be used |
7cea51be4 security: fix up ... |
138 |
* to check if your LSM is currently loaded during kernel initialization. |
076c54c5b Security: Introdu... |
139 |
* |
0e056eb55 kernel-api.rst: f... |
140 141 142 143 144 145 146 147 |
* Returns: * * true if: * * - The passed LSM is the one chosen by user at boot time, * - or the passed LSM is configured as the default and the user did not * choose an alternate LSM at boot time. * |
076c54c5b Security: Introdu... |
148 149 |
* Otherwise, return false. */ |
b1d9e6b06 LSM: Switch to li... |
150 |
int __init security_module_enable(const char *module) |
076c54c5b Security: Introdu... |
151 |
{ |
b1d9e6b06 LSM: Switch to li... |
152 |
return !strcmp(module, chosen_lsm); |
076c54c5b Security: Introdu... |
153 |
} |
d69dece5f LSM: Add /sys/ker... |
154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 |
/** * security_add_hooks - Add a modules hooks to the hook lists. * @hooks: the hooks to add * @count: the number of hooks to add * @lsm: the name of the security module * * Each LSM has to register its hooks with the infrastructure. */ void __init security_add_hooks(struct security_hook_list *hooks, int count, char *lsm) { int i; for (i = 0; i < count; i++) { hooks[i].lsm = lsm; |
df0ce1733 security: convert... |
169 |
hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); |
d69dece5f LSM: Add /sys/ker... |
170 171 172 173 174 |
} if (lsm_append(lsm, &lsm_names) < 0) panic("%s - Cannot get early memory. ", __func__); } |
8f408ab64 selinux lsm IB/co... |
175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 |
int call_lsm_notifier(enum lsm_event event, void *data) { return atomic_notifier_call_chain(&lsm_notifier_chain, event, data); } EXPORT_SYMBOL(call_lsm_notifier); int register_lsm_notifier(struct notifier_block *nb) { return atomic_notifier_chain_register(&lsm_notifier_chain, nb); } EXPORT_SYMBOL(register_lsm_notifier); int unregister_lsm_notifier(struct notifier_block *nb) { return atomic_notifier_chain_unregister(&lsm_notifier_chain, nb); } EXPORT_SYMBOL(unregister_lsm_notifier); |
f25fce3e8 LSM: Introduce se... |
192 |
/* |
b1d9e6b06 LSM: Switch to li... |
193 |
* Hook list operation macros. |
1da177e4c Linux-2.6.12-rc2 |
194 |
* |
f25fce3e8 LSM: Introduce se... |
195 196 |
* call_void_hook: * This is a hook that does not return a value. |
1da177e4c Linux-2.6.12-rc2 |
197 |
* |
f25fce3e8 LSM: Introduce se... |
198 199 |
* call_int_hook: * This is a hook that returns a value. |
1da177e4c Linux-2.6.12-rc2 |
200 |
*/ |
1da177e4c Linux-2.6.12-rc2 |
201 |
|
b1d9e6b06 LSM: Switch to li... |
202 203 204 205 |
#define call_void_hook(FUNC, ...) \ do { \ struct security_hook_list *P; \ \ |
df0ce1733 security: convert... |
206 |
hlist_for_each_entry(P, &security_hook_heads.FUNC, list) \ |
b1d9e6b06 LSM: Switch to li... |
207 208 209 210 211 212 213 214 |
P->hook.FUNC(__VA_ARGS__); \ } while (0) #define call_int_hook(FUNC, IRC, ...) ({ \ int RC = IRC; \ do { \ struct security_hook_list *P; \ \ |
df0ce1733 security: convert... |
215 |
hlist_for_each_entry(P, &security_hook_heads.FUNC, list) { \ |
b1d9e6b06 LSM: Switch to li... |
216 217 218 219 220 221 222 |
RC = P->hook.FUNC(__VA_ARGS__); \ if (RC != 0) \ break; \ } \ } while (0); \ RC; \ }) |
1da177e4c Linux-2.6.12-rc2 |
223 |
|
20510f2f4 security: Convert... |
224 |
/* Security operations */ |
79af73079 Add security hook... |
225 226 |
int security_binder_set_context_mgr(struct task_struct *mgr) { |
f25fce3e8 LSM: Introduce se... |
227 |
return call_int_hook(binder_set_context_mgr, 0, mgr); |
79af73079 Add security hook... |
228 229 230 231 232 |
} int security_binder_transaction(struct task_struct *from, struct task_struct *to) { |
f25fce3e8 LSM: Introduce se... |
233 |
return call_int_hook(binder_transaction, 0, from, to); |
79af73079 Add security hook... |
234 235 236 237 238 |
} int security_binder_transfer_binder(struct task_struct *from, struct task_struct *to) { |
f25fce3e8 LSM: Introduce se... |
239 |
return call_int_hook(binder_transfer_binder, 0, from, to); |
79af73079 Add security hook... |
240 241 242 243 244 |
} int security_binder_transfer_file(struct task_struct *from, struct task_struct *to, struct file *file) { |
f25fce3e8 LSM: Introduce se... |
245 |
return call_int_hook(binder_transfer_file, 0, from, to, file); |
79af73079 Add security hook... |
246 |
} |
9e48858f7 security: rename ... |
247 |
int security_ptrace_access_check(struct task_struct *child, unsigned int mode) |
20510f2f4 security: Convert... |
248 |
{ |
f25fce3e8 LSM: Introduce se... |
249 |
return call_int_hook(ptrace_access_check, 0, child, mode); |
5cd9c58fb security: Fix set... |
250 251 252 253 |
} int security_ptrace_traceme(struct task_struct *parent) { |
f25fce3e8 LSM: Introduce se... |
254 |
return call_int_hook(ptrace_traceme, 0, parent); |
20510f2f4 security: Convert... |
255 256 257 258 259 260 261 |
} int security_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted) { |
f25fce3e8 LSM: Introduce se... |
262 263 |
return call_int_hook(capget, 0, target, effective, inheritable, permitted); |
20510f2f4 security: Convert... |
264 |
} |
d84f4f992 CRED: Inaugurate ... |
265 266 267 268 |
int security_capset(struct cred *new, const struct cred *old, const kernel_cap_t *effective, const kernel_cap_t *inheritable, const kernel_cap_t *permitted) |
20510f2f4 security: Convert... |
269 |
{ |
f25fce3e8 LSM: Introduce se... |
270 271 |
return call_int_hook(capset, 0, new, old, effective, inheritable, permitted); |
20510f2f4 security: Convert... |
272 |
} |
b7e724d30 capabilities: rev... |
273 |
int security_capable(const struct cred *cred, struct user_namespace *ns, |
3486740a4 userns: security:... |
274 |
int cap) |
20510f2f4 security: Convert... |
275 |
{ |
f25fce3e8 LSM: Introduce se... |
276 |
return call_int_hook(capable, 0, cred, ns, cap, SECURITY_CAP_AUDIT); |
06112163f Add a new capable... |
277 |
} |
c7eba4a97 capabilities: int... |
278 279 |
int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns, int cap) |
06112163f Add a new capable... |
280 |
{ |
f25fce3e8 LSM: Introduce se... |
281 |
return call_int_hook(capable, 0, cred, ns, cap, SECURITY_CAP_NOAUDIT); |
20510f2f4 security: Convert... |
282 |
} |
20510f2f4 security: Convert... |
283 284 |
int security_quotactl(int cmds, int type, int id, struct super_block *sb) { |
f25fce3e8 LSM: Introduce se... |
285 |
return call_int_hook(quotactl, 0, cmds, type, id, sb); |
20510f2f4 security: Convert... |
286 287 288 289 |
} int security_quota_on(struct dentry *dentry) { |
f25fce3e8 LSM: Introduce se... |
290 |
return call_int_hook(quota_on, 0, dentry); |
20510f2f4 security: Convert... |
291 |
} |
12b3052c3 capabilities/sysl... |
292 |
int security_syslog(int type) |
20510f2f4 security: Convert... |
293 |
{ |
f25fce3e8 LSM: Introduce se... |
294 |
return call_int_hook(syslog, 0, type); |
20510f2f4 security: Convert... |
295 |
} |
457db29bf security: Introdu... |
296 |
int security_settime64(const struct timespec64 *ts, const struct timezone *tz) |
20510f2f4 security: Convert... |
297 |
{ |
f25fce3e8 LSM: Introduce se... |
298 |
return call_int_hook(settime, 0, ts, tz); |
20510f2f4 security: Convert... |
299 |
} |
20510f2f4 security: Convert... |
300 301 |
int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) { |
b1d9e6b06 LSM: Switch to li... |
302 303 304 305 306 307 308 309 310 311 312 |
struct security_hook_list *hp; int cap_sys_admin = 1; int rc; /* * The module will respond with a positive value if * it thinks the __vm_enough_memory() call should be * made with the cap_sys_admin set. If all of the modules * agree that it should be set it will. If any module * thinks it should not be set it won't. */ |
df0ce1733 security: convert... |
313 |
hlist_for_each_entry(hp, &security_hook_heads.vm_enough_memory, list) { |
b1d9e6b06 LSM: Switch to li... |
314 315 316 317 318 319 320 |
rc = hp->hook.vm_enough_memory(mm, pages); if (rc <= 0) { cap_sys_admin = 0; break; } } return __vm_enough_memory(mm, pages, cap_sys_admin); |
20510f2f4 security: Convert... |
321 |
} |
a6f76f23d CRED: Make execve... |
322 |
int security_bprm_set_creds(struct linux_binprm *bprm) |
20510f2f4 security: Convert... |
323 |
{ |
f25fce3e8 LSM: Introduce se... |
324 |
return call_int_hook(bprm_set_creds, 0, bprm); |
20510f2f4 security: Convert... |
325 |
} |
a6f76f23d CRED: Make execve... |
326 |
int security_bprm_check(struct linux_binprm *bprm) |
20510f2f4 security: Convert... |
327 |
{ |
6c21a7fb4 LSM: imbed ima ca... |
328 |
int ret; |
f25fce3e8 LSM: Introduce se... |
329 |
ret = call_int_hook(bprm_check_security, 0, bprm); |
6c21a7fb4 LSM: imbed ima ca... |
330 331 332 |
if (ret) return ret; return ima_bprm_check(bprm); |
20510f2f4 security: Convert... |
333 |
} |
a6f76f23d CRED: Make execve... |
334 |
void security_bprm_committing_creds(struct linux_binprm *bprm) |
20510f2f4 security: Convert... |
335 |
{ |
f25fce3e8 LSM: Introduce se... |
336 |
call_void_hook(bprm_committing_creds, bprm); |
20510f2f4 security: Convert... |
337 |
} |
a6f76f23d CRED: Make execve... |
338 |
void security_bprm_committed_creds(struct linux_binprm *bprm) |
20510f2f4 security: Convert... |
339 |
{ |
f25fce3e8 LSM: Introduce se... |
340 |
call_void_hook(bprm_committed_creds, bprm); |
20510f2f4 security: Convert... |
341 |
} |
20510f2f4 security: Convert... |
342 343 |
int security_sb_alloc(struct super_block *sb) { |
f25fce3e8 LSM: Introduce se... |
344 |
return call_int_hook(sb_alloc_security, 0, sb); |
20510f2f4 security: Convert... |
345 346 347 348 |
} void security_sb_free(struct super_block *sb) { |
f25fce3e8 LSM: Introduce se... |
349 |
call_void_hook(sb_free_security, sb); |
20510f2f4 security: Convert... |
350 |
} |
e00075298 LSM/SELinux: Inte... |
351 |
int security_sb_copy_data(char *orig, char *copy) |
20510f2f4 security: Convert... |
352 |
{ |
f25fce3e8 LSM: Introduce se... |
353 |
return call_int_hook(sb_copy_data, 0, orig, copy); |
20510f2f4 security: Convert... |
354 |
} |
e00075298 LSM/SELinux: Inte... |
355 |
EXPORT_SYMBOL(security_sb_copy_data); |
20510f2f4 security: Convert... |
356 |
|
ff36fe2c8 LSM: Pass -o remo... |
357 358 |
int security_sb_remount(struct super_block *sb, void *data) { |
f25fce3e8 LSM: Introduce se... |
359 |
return call_int_hook(sb_remount, 0, sb, data); |
ff36fe2c8 LSM: Pass -o remo... |
360 |
} |
12204e24b security: pass mo... |
361 |
int security_sb_kern_mount(struct super_block *sb, int flags, void *data) |
20510f2f4 security: Convert... |
362 |
{ |
f25fce3e8 LSM: Introduce se... |
363 |
return call_int_hook(sb_kern_mount, 0, sb, flags, data); |
20510f2f4 security: Convert... |
364 |
} |
2069f4578 LSM/SELinux: show... |
365 366 |
int security_sb_show_options(struct seq_file *m, struct super_block *sb) { |
f25fce3e8 LSM: Introduce se... |
367 |
return call_int_hook(sb_show_options, 0, m, sb); |
2069f4578 LSM/SELinux: show... |
368 |
} |
20510f2f4 security: Convert... |
369 370 |
int security_sb_statfs(struct dentry *dentry) { |
f25fce3e8 LSM: Introduce se... |
371 |
return call_int_hook(sb_statfs, 0, dentry); |
20510f2f4 security: Convert... |
372 |
} |
8a04c43b8 constify security... |
373 |
int security_sb_mount(const char *dev_name, const struct path *path, |
808d4e3cf consitify do_moun... |
374 |
const char *type, unsigned long flags, void *data) |
20510f2f4 security: Convert... |
375 |
{ |
f25fce3e8 LSM: Introduce se... |
376 |
return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data); |
20510f2f4 security: Convert... |
377 |
} |
20510f2f4 security: Convert... |
378 379 |
int security_sb_umount(struct vfsmount *mnt, int flags) { |
f25fce3e8 LSM: Introduce se... |
380 |
return call_int_hook(sb_umount, 0, mnt, flags); |
20510f2f4 security: Convert... |
381 |
} |
3b73b68c0 constify security... |
382 |
int security_sb_pivotroot(const struct path *old_path, const struct path *new_path) |
20510f2f4 security: Convert... |
383 |
{ |
f25fce3e8 LSM: Introduce se... |
384 |
return call_int_hook(sb_pivotroot, 0, old_path, new_path); |
20510f2f4 security: Convert... |
385 |
} |
c9180a57a Security: add get... |
386 |
int security_sb_set_mnt_opts(struct super_block *sb, |
649f6e771 LSM: Add flags fi... |
387 388 389 |
struct security_mnt_opts *opts, unsigned long kern_flags, unsigned long *set_kern_flags) |
c9180a57a Security: add get... |
390 |
{ |
b1d9e6b06 LSM: Switch to li... |
391 392 393 |
return call_int_hook(sb_set_mnt_opts, opts->num_mnt_opts ? -EOPNOTSUPP : 0, sb, opts, kern_flags, set_kern_flags); |
c9180a57a Security: add get... |
394 |
} |
e00075298 LSM/SELinux: Inte... |
395 |
EXPORT_SYMBOL(security_sb_set_mnt_opts); |
c9180a57a Security: add get... |
396 |
|
094f7b69e selinux: make sec... |
397 |
int security_sb_clone_mnt_opts(const struct super_block *oldsb, |
0b4d3452b security/selinux:... |
398 399 400 |
struct super_block *newsb, unsigned long kern_flags, unsigned long *set_kern_flags) |
c9180a57a Security: add get... |
401 |
{ |
0b4d3452b security/selinux:... |
402 403 |
return call_int_hook(sb_clone_mnt_opts, 0, oldsb, newsb, kern_flags, set_kern_flags); |
c9180a57a Security: add get... |
404 |
} |
e00075298 LSM/SELinux: Inte... |
405 406 407 408 |
EXPORT_SYMBOL(security_sb_clone_mnt_opts); int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts) { |
f25fce3e8 LSM: Introduce se... |
409 |
return call_int_hook(sb_parse_opts_str, 0, options, opts); |
e00075298 LSM/SELinux: Inte... |
410 411 |
} EXPORT_SYMBOL(security_sb_parse_opts_str); |
c9180a57a Security: add get... |
412 |
|
20510f2f4 security: Convert... |
413 414 415 |
int security_inode_alloc(struct inode *inode) { inode->i_security = NULL; |
f25fce3e8 LSM: Introduce se... |
416 |
return call_int_hook(inode_alloc_security, 0, inode); |
20510f2f4 security: Convert... |
417 418 419 420 |
} void security_inode_free(struct inode *inode) { |
f381c2722 integrity: move i... |
421 |
integrity_inode_free(inode); |
f25fce3e8 LSM: Introduce se... |
422 |
call_void_hook(inode_free_security, inode); |
20510f2f4 security: Convert... |
423 |
} |
d47be3dfe Security: Add hoo... |
424 |
int security_dentry_init_security(struct dentry *dentry, int mode, |
4f3ccd765 qstr: constify de... |
425 |
const struct qstr *name, void **ctx, |
d47be3dfe Security: Add hoo... |
426 427 |
u32 *ctxlen) { |
b1d9e6b06 LSM: Switch to li... |
428 429 |
return call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode, name, ctx, ctxlen); |
d47be3dfe Security: Add hoo... |
430 431 |
} EXPORT_SYMBOL(security_dentry_init_security); |
2602625b7 security, overlay... |
432 433 434 435 436 437 438 439 |
int security_dentry_create_files_as(struct dentry *dentry, int mode, struct qstr *name, const struct cred *old, struct cred *new) { return call_int_hook(dentry_create_files_as, 0, dentry, mode, name, old, new); } EXPORT_SYMBOL(security_dentry_create_files_as); |
20510f2f4 security: Convert... |
440 |
int security_inode_init_security(struct inode *inode, struct inode *dir, |
9d8f13ba3 security: new sec... |
441 442 |
const struct qstr *qstr, const initxattrs initxattrs, void *fs_data) |
20510f2f4 security: Convert... |
443 |
{ |
823eb1ccd evm: call evm_ino... |
444 445 |
struct xattr new_xattrs[MAX_LSM_EVM_XATTR + 1]; struct xattr *lsm_xattr, *evm_xattr, *xattr; |
9d8f13ba3 security: new sec... |
446 |
int ret; |
20510f2f4 security: Convert... |
447 |
if (unlikely(IS_PRIVATE(inode))) |
fb88c2b6c evm: fix security... |
448 |
return 0; |
9d8f13ba3 security: new sec... |
449 |
|
9d8f13ba3 security: new sec... |
450 |
if (!initxattrs) |
e308fd3bb LSM: restore cert... |
451 452 |
return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr, NULL, NULL, NULL); |
9548906b2 xattr: Constify -... |
453 |
memset(new_xattrs, 0, sizeof(new_xattrs)); |
9d8f13ba3 security: new sec... |
454 |
lsm_xattr = new_xattrs; |
b1d9e6b06 LSM: Switch to li... |
455 |
ret = call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr, |
9d8f13ba3 security: new sec... |
456 457 458 459 460 |
&lsm_xattr->name, &lsm_xattr->value, &lsm_xattr->value_len); if (ret) goto out; |
823eb1ccd evm: call evm_ino... |
461 462 463 464 465 |
evm_xattr = lsm_xattr + 1; ret = evm_inode_init_security(inode, lsm_xattr, evm_xattr); if (ret) goto out; |
9d8f13ba3 security: new sec... |
466 467 |
ret = initxattrs(inode, new_xattrs, fs_data); out: |
9548906b2 xattr: Constify -... |
468 |
for (xattr = new_xattrs; xattr->value != NULL; xattr++) |
823eb1ccd evm: call evm_ino... |
469 |
kfree(xattr->value); |
9d8f13ba3 security: new sec... |
470 471 472 473 474 |
return (ret == -EOPNOTSUPP) ? 0 : ret; } EXPORT_SYMBOL(security_inode_init_security); int security_old_inode_init_security(struct inode *inode, struct inode *dir, |
9548906b2 xattr: Constify -... |
475 |
const struct qstr *qstr, const char **name, |
9d8f13ba3 security: new sec... |
476 |
void **value, size_t *len) |
20510f2f4 security: Convert... |
477 478 |
{ if (unlikely(IS_PRIVATE(inode))) |
30e053248 security: Fix sec... |
479 |
return -EOPNOTSUPP; |
e308fd3bb LSM: restore cert... |
480 481 |
return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr, name, value, len); |
20510f2f4 security: Convert... |
482 |
} |
9d8f13ba3 security: new sec... |
483 |
EXPORT_SYMBOL(security_old_inode_init_security); |
20510f2f4 security: Convert... |
484 |
|
be6d3e56a introduce new LSM... |
485 |
#ifdef CONFIG_SECURITY_PATH |
d36077521 constify security... |
486 |
int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, |
be6d3e56a introduce new LSM... |
487 488 |
unsigned int dev) { |
c6f493d63 VFS: security/: d... |
489 |
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) |
be6d3e56a introduce new LSM... |
490 |
return 0; |
f25fce3e8 LSM: Introduce se... |
491 |
return call_int_hook(path_mknod, 0, dir, dentry, mode, dev); |
be6d3e56a introduce new LSM... |
492 493 |
} EXPORT_SYMBOL(security_path_mknod); |
d36077521 constify security... |
494 |
int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode) |
be6d3e56a introduce new LSM... |
495 |
{ |
c6f493d63 VFS: security/: d... |
496 |
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) |
be6d3e56a introduce new LSM... |
497 |
return 0; |
f25fce3e8 LSM: Introduce se... |
498 |
return call_int_hook(path_mkdir, 0, dir, dentry, mode); |
be6d3e56a introduce new LSM... |
499 |
} |
821404434 CacheFiles: Add c... |
500 |
EXPORT_SYMBOL(security_path_mkdir); |
be6d3e56a introduce new LSM... |
501 |
|
989f74e05 constify security... |
502 |
int security_path_rmdir(const struct path *dir, struct dentry *dentry) |
be6d3e56a introduce new LSM... |
503 |
{ |
c6f493d63 VFS: security/: d... |
504 |
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) |
be6d3e56a introduce new LSM... |
505 |
return 0; |
f25fce3e8 LSM: Introduce se... |
506 |
return call_int_hook(path_rmdir, 0, dir, dentry); |
be6d3e56a introduce new LSM... |
507 |
} |
989f74e05 constify security... |
508 |
int security_path_unlink(const struct path *dir, struct dentry *dentry) |
be6d3e56a introduce new LSM... |
509 |
{ |
c6f493d63 VFS: security/: d... |
510 |
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) |
be6d3e56a introduce new LSM... |
511 |
return 0; |
f25fce3e8 LSM: Introduce se... |
512 |
return call_int_hook(path_unlink, 0, dir, dentry); |
be6d3e56a introduce new LSM... |
513 |
} |
821404434 CacheFiles: Add c... |
514 |
EXPORT_SYMBOL(security_path_unlink); |
be6d3e56a introduce new LSM... |
515 |
|
d36077521 constify security... |
516 |
int security_path_symlink(const struct path *dir, struct dentry *dentry, |
be6d3e56a introduce new LSM... |
517 518 |
const char *old_name) { |
c6f493d63 VFS: security/: d... |
519 |
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) |
be6d3e56a introduce new LSM... |
520 |
return 0; |
f25fce3e8 LSM: Introduce se... |
521 |
return call_int_hook(path_symlink, 0, dir, dentry, old_name); |
be6d3e56a introduce new LSM... |
522 |
} |
3ccee46ab constify security... |
523 |
int security_path_link(struct dentry *old_dentry, const struct path *new_dir, |
be6d3e56a introduce new LSM... |
524 525 |
struct dentry *new_dentry) { |
c6f493d63 VFS: security/: d... |
526 |
if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)))) |
be6d3e56a introduce new LSM... |
527 |
return 0; |
f25fce3e8 LSM: Introduce se... |
528 |
return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry); |
be6d3e56a introduce new LSM... |
529 |
} |
3ccee46ab constify security... |
530 531 |
int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry, |
0b3974eb0 security: add fla... |
532 |
unsigned int flags) |
be6d3e56a introduce new LSM... |
533 |
{ |
c6f493d63 VFS: security/: d... |
534 535 |
if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) || (d_is_positive(new_dentry) && IS_PRIVATE(d_backing_inode(new_dentry))))) |
be6d3e56a introduce new LSM... |
536 |
return 0; |
da1ce0670 vfs: add cross-re... |
537 538 |
if (flags & RENAME_EXCHANGE) { |
f25fce3e8 LSM: Introduce se... |
539 540 |
int err = call_int_hook(path_rename, 0, new_dir, new_dentry, old_dir, old_dentry); |
da1ce0670 vfs: add cross-re... |
541 542 543 |
if (err) return err; } |
f25fce3e8 LSM: Introduce se... |
544 545 |
return call_int_hook(path_rename, 0, old_dir, old_dentry, new_dir, new_dentry); |
be6d3e56a introduce new LSM... |
546 |
} |
821404434 CacheFiles: Add c... |
547 |
EXPORT_SYMBOL(security_path_rename); |
be6d3e56a introduce new LSM... |
548 |
|
81f4c5060 constify security... |
549 |
int security_path_truncate(const struct path *path) |
be6d3e56a introduce new LSM... |
550 |
{ |
c6f493d63 VFS: security/: d... |
551 |
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) |
be6d3e56a introduce new LSM... |
552 |
return 0; |
f25fce3e8 LSM: Introduce se... |
553 |
return call_int_hook(path_truncate, 0, path); |
be6d3e56a introduce new LSM... |
554 |
} |
89eda0683 LSM: Add security... |
555 |
|
be01f9f28 constify chmod_co... |
556 |
int security_path_chmod(const struct path *path, umode_t mode) |
89eda0683 LSM: Add security... |
557 |
{ |
c6f493d63 VFS: security/: d... |
558 |
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) |
89eda0683 LSM: Add security... |
559 |
return 0; |
f25fce3e8 LSM: Introduce se... |
560 |
return call_int_hook(path_chmod, 0, path, mode); |
89eda0683 LSM: Add security... |
561 |
} |
7fd25dac9 constify chown_co... |
562 |
int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) |
89eda0683 LSM: Add security... |
563 |
{ |
c6f493d63 VFS: security/: d... |
564 |
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) |
89eda0683 LSM: Add security... |
565 |
return 0; |
f25fce3e8 LSM: Introduce se... |
566 |
return call_int_hook(path_chown, 0, path, uid, gid); |
89eda0683 LSM: Add security... |
567 |
} |
8b8efb440 LSM: Add security... |
568 |
|
77b286c0d constify security... |
569 |
int security_path_chroot(const struct path *path) |
8b8efb440 LSM: Add security... |
570 |
{ |
f25fce3e8 LSM: Introduce se... |
571 |
return call_int_hook(path_chroot, 0, path); |
8b8efb440 LSM: Add security... |
572 |
} |
be6d3e56a introduce new LSM... |
573 |
#endif |
4acdaf27e switch ->create()... |
574 |
int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode) |
20510f2f4 security: Convert... |
575 576 577 |
{ if (unlikely(IS_PRIVATE(dir))) return 0; |
f25fce3e8 LSM: Introduce se... |
578 |
return call_int_hook(inode_create, 0, dir, dentry, mode); |
20510f2f4 security: Convert... |
579 |
} |
800a96478 CacheFiles: Expor... |
580 |
EXPORT_SYMBOL_GPL(security_inode_create); |
20510f2f4 security: Convert... |
581 582 583 584 |
int security_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) { |
c6f493d63 VFS: security/: d... |
585 |
if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)))) |
20510f2f4 security: Convert... |
586 |
return 0; |
f25fce3e8 LSM: Introduce se... |
587 |
return call_int_hook(inode_link, 0, old_dentry, dir, new_dentry); |
20510f2f4 security: Convert... |
588 589 590 591 |
} int security_inode_unlink(struct inode *dir, struct dentry *dentry) { |
c6f493d63 VFS: security/: d... |
592 |
if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) |
20510f2f4 security: Convert... |
593 |
return 0; |
f25fce3e8 LSM: Introduce se... |
594 |
return call_int_hook(inode_unlink, 0, dir, dentry); |
20510f2f4 security: Convert... |
595 596 597 598 599 600 601 |
} int security_inode_symlink(struct inode *dir, struct dentry *dentry, const char *old_name) { if (unlikely(IS_PRIVATE(dir))) return 0; |
f25fce3e8 LSM: Introduce se... |
602 |
return call_int_hook(inode_symlink, 0, dir, dentry, old_name); |
20510f2f4 security: Convert... |
603 |
} |
18bb1db3e switch vfs_mkdir(... |
604 |
int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) |
20510f2f4 security: Convert... |
605 606 607 |
{ if (unlikely(IS_PRIVATE(dir))) return 0; |
f25fce3e8 LSM: Introduce se... |
608 |
return call_int_hook(inode_mkdir, 0, dir, dentry, mode); |
20510f2f4 security: Convert... |
609 |
} |
800a96478 CacheFiles: Expor... |
610 |
EXPORT_SYMBOL_GPL(security_inode_mkdir); |
20510f2f4 security: Convert... |
611 612 613 |
int security_inode_rmdir(struct inode *dir, struct dentry *dentry) { |
c6f493d63 VFS: security/: d... |
614 |
if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) |
20510f2f4 security: Convert... |
615 |
return 0; |
f25fce3e8 LSM: Introduce se... |
616 |
return call_int_hook(inode_rmdir, 0, dir, dentry); |
20510f2f4 security: Convert... |
617 |
} |
1a67aafb5 switch ->mknod() ... |
618 |
int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) |
20510f2f4 security: Convert... |
619 620 621 |
{ if (unlikely(IS_PRIVATE(dir))) return 0; |
f25fce3e8 LSM: Introduce se... |
622 |
return call_int_hook(inode_mknod, 0, dir, dentry, mode, dev); |
20510f2f4 security: Convert... |
623 624 625 |
} int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, |
0b3974eb0 security: add fla... |
626 627 |
struct inode *new_dir, struct dentry *new_dentry, unsigned int flags) |
20510f2f4 security: Convert... |
628 |
{ |
c6f493d63 VFS: security/: d... |
629 630 |
if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) || (d_is_positive(new_dentry) && IS_PRIVATE(d_backing_inode(new_dentry))))) |
20510f2f4 security: Convert... |
631 |
return 0; |
da1ce0670 vfs: add cross-re... |
632 633 |
if (flags & RENAME_EXCHANGE) { |
f25fce3e8 LSM: Introduce se... |
634 |
int err = call_int_hook(inode_rename, 0, new_dir, new_dentry, |
da1ce0670 vfs: add cross-re... |
635 636 637 638 |
old_dir, old_dentry); if (err) return err; } |
f25fce3e8 LSM: Introduce se... |
639 |
return call_int_hook(inode_rename, 0, old_dir, old_dentry, |
20510f2f4 security: Convert... |
640 641 642 643 644 |
new_dir, new_dentry); } int security_inode_readlink(struct dentry *dentry) { |
c6f493d63 VFS: security/: d... |
645 |
if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) |
20510f2f4 security: Convert... |
646 |
return 0; |
f25fce3e8 LSM: Introduce se... |
647 |
return call_int_hook(inode_readlink, 0, dentry); |
20510f2f4 security: Convert... |
648 |
} |
bda0be7ad security: make in... |
649 650 |
int security_inode_follow_link(struct dentry *dentry, struct inode *inode, bool rcu) |
20510f2f4 security: Convert... |
651 |
{ |
bda0be7ad security: make in... |
652 |
if (unlikely(IS_PRIVATE(inode))) |
20510f2f4 security: Convert... |
653 |
return 0; |
e22619a29 Merge branch 'nex... |
654 |
return call_int_hook(inode_follow_link, 0, dentry, inode, rcu); |
20510f2f4 security: Convert... |
655 |
} |
b77b0646e [PATCH] pass MAY_... |
656 |
int security_inode_permission(struct inode *inode, int mask) |
20510f2f4 security: Convert... |
657 658 659 |
{ if (unlikely(IS_PRIVATE(inode))) return 0; |
f25fce3e8 LSM: Introduce se... |
660 |
return call_int_hook(inode_permission, 0, inode, mask); |
20510f2f4 security: Convert... |
661 662 663 664 |
} int security_inode_setattr(struct dentry *dentry, struct iattr *attr) { |
817b54aa4 evm: add evm_inod... |
665 |
int ret; |
c6f493d63 VFS: security/: d... |
666 |
if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) |
20510f2f4 security: Convert... |
667 |
return 0; |
f25fce3e8 LSM: Introduce se... |
668 |
ret = call_int_hook(inode_setattr, 0, dentry, attr); |
817b54aa4 evm: add evm_inod... |
669 670 671 |
if (ret) return ret; return evm_inode_setattr(dentry, attr); |
20510f2f4 security: Convert... |
672 |
} |
b1da47e29 [patch 3/4] fat: ... |
673 |
EXPORT_SYMBOL_GPL(security_inode_setattr); |
20510f2f4 security: Convert... |
674 |
|
3f7036a07 switch security_i... |
675 |
int security_inode_getattr(const struct path *path) |
20510f2f4 security: Convert... |
676 |
{ |
c6f493d63 VFS: security/: d... |
677 |
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) |
20510f2f4 security: Convert... |
678 |
return 0; |
f25fce3e8 LSM: Introduce se... |
679 |
return call_int_hook(inode_getattr, 0, path); |
20510f2f4 security: Convert... |
680 |
} |
8f0cfa52a xattr: add missin... |
681 682 |
int security_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) |
20510f2f4 security: Convert... |
683 |
{ |
3e1be52d6 security: imbed e... |
684 |
int ret; |
c6f493d63 VFS: security/: d... |
685 |
if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) |
20510f2f4 security: Convert... |
686 |
return 0; |
b1d9e6b06 LSM: Switch to li... |
687 688 689 690 691 |
/* * SELinux and Smack integrate the cap call, * so assume that all LSMs supplying this call do so. */ ret = call_int_hook(inode_setxattr, 1, dentry, name, value, size, |
f25fce3e8 LSM: Introduce se... |
692 |
flags); |
b1d9e6b06 LSM: Switch to li... |
693 694 695 |
if (ret == 1) ret = cap_inode_setxattr(dentry, name, value, size, flags); |
3e1be52d6 security: imbed e... |
696 697 |
if (ret) return ret; |
42c63330f ima: add ima_inod... |
698 699 700 |
ret = ima_inode_setxattr(dentry, name, value, size); if (ret) return ret; |
3e1be52d6 security: imbed e... |
701 |
return evm_inode_setxattr(dentry, name, value, size); |
20510f2f4 security: Convert... |
702 |
} |
8f0cfa52a xattr: add missin... |
703 704 |
void security_inode_post_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) |
20510f2f4 security: Convert... |
705 |
{ |
c6f493d63 VFS: security/: d... |
706 |
if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) |
20510f2f4 security: Convert... |
707 |
return; |
f25fce3e8 LSM: Introduce se... |
708 |
call_void_hook(inode_post_setxattr, dentry, name, value, size, flags); |
3e1be52d6 security: imbed e... |
709 |
evm_inode_post_setxattr(dentry, name, value, size); |
20510f2f4 security: Convert... |
710 |
} |
8f0cfa52a xattr: add missin... |
711 |
int security_inode_getxattr(struct dentry *dentry, const char *name) |
20510f2f4 security: Convert... |
712 |
{ |
c6f493d63 VFS: security/: d... |
713 |
if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) |
20510f2f4 security: Convert... |
714 |
return 0; |
f25fce3e8 LSM: Introduce se... |
715 |
return call_int_hook(inode_getxattr, 0, dentry, name); |
20510f2f4 security: Convert... |
716 717 718 719 |
} int security_inode_listxattr(struct dentry *dentry) { |
c6f493d63 VFS: security/: d... |
720 |
if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) |
20510f2f4 security: Convert... |
721 |
return 0; |
f25fce3e8 LSM: Introduce se... |
722 |
return call_int_hook(inode_listxattr, 0, dentry); |
20510f2f4 security: Convert... |
723 |
} |
8f0cfa52a xattr: add missin... |
724 |
int security_inode_removexattr(struct dentry *dentry, const char *name) |
20510f2f4 security: Convert... |
725 |
{ |
3e1be52d6 security: imbed e... |
726 |
int ret; |
c6f493d63 VFS: security/: d... |
727 |
if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) |
20510f2f4 security: Convert... |
728 |
return 0; |
b1d9e6b06 LSM: Switch to li... |
729 730 731 732 733 734 735 |
/* * SELinux and Smack integrate the cap call, * so assume that all LSMs supplying this call do so. */ ret = call_int_hook(inode_removexattr, 1, dentry, name); if (ret == 1) ret = cap_inode_removexattr(dentry, name); |
3e1be52d6 security: imbed e... |
736 737 |
if (ret) return ret; |
42c63330f ima: add ima_inod... |
738 739 740 |
ret = ima_inode_removexattr(dentry, name); if (ret) return ret; |
3e1be52d6 security: imbed e... |
741 |
return evm_inode_removexattr(dentry, name); |
20510f2f4 security: Convert... |
742 |
} |
b53767719 Implement file po... |
743 744 |
int security_inode_need_killpriv(struct dentry *dentry) { |
f25fce3e8 LSM: Introduce se... |
745 |
return call_int_hook(inode_need_killpriv, 0, dentry); |
b53767719 Implement file po... |
746 747 748 749 |
} int security_inode_killpriv(struct dentry *dentry) { |
f25fce3e8 LSM: Introduce se... |
750 |
return call_int_hook(inode_killpriv, 0, dentry); |
b53767719 Implement file po... |
751 |
} |
ea861dfd9 security: Make in... |
752 |
int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc) |
20510f2f4 security: Convert... |
753 |
{ |
2885c1e3e LSM: Fix for secu... |
754 755 |
struct security_hook_list *hp; int rc; |
20510f2f4 security: Convert... |
756 |
if (unlikely(IS_PRIVATE(inode))) |
8d9525048 security: correct... |
757 |
return -EOPNOTSUPP; |
2885c1e3e LSM: Fix for secu... |
758 759 760 |
/* * Only one module will provide an attribute with a given name. */ |
df0ce1733 security: convert... |
761 |
hlist_for_each_entry(hp, &security_hook_heads.inode_getsecurity, list) { |
2885c1e3e LSM: Fix for secu... |
762 763 764 765 766 |
rc = hp->hook.inode_getsecurity(inode, name, buffer, alloc); if (rc != -EOPNOTSUPP) return rc; } return -EOPNOTSUPP; |
20510f2f4 security: Convert... |
767 768 769 770 |
} int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) { |
2885c1e3e LSM: Fix for secu... |
771 772 |
struct security_hook_list *hp; int rc; |
20510f2f4 security: Convert... |
773 |
if (unlikely(IS_PRIVATE(inode))) |
8d9525048 security: correct... |
774 |
return -EOPNOTSUPP; |
2885c1e3e LSM: Fix for secu... |
775 776 777 |
/* * Only one module will provide an attribute with a given name. */ |
df0ce1733 security: convert... |
778 |
hlist_for_each_entry(hp, &security_hook_heads.inode_setsecurity, list) { |
2885c1e3e LSM: Fix for secu... |
779 780 781 782 783 784 |
rc = hp->hook.inode_setsecurity(inode, name, value, size, flags); if (rc != -EOPNOTSUPP) return rc; } return -EOPNOTSUPP; |
20510f2f4 security: Convert... |
785 786 787 788 789 790 |
} int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) { if (unlikely(IS_PRIVATE(inode))) return 0; |
f25fce3e8 LSM: Introduce se... |
791 |
return call_int_hook(inode_listsecurity, 0, inode, buffer, buffer_size); |
20510f2f4 security: Convert... |
792 |
} |
c9bccef6b NFS: Extend NFS x... |
793 |
EXPORT_SYMBOL(security_inode_listsecurity); |
20510f2f4 security: Convert... |
794 |
|
d6335d77a security: Make in... |
795 |
void security_inode_getsecid(struct inode *inode, u32 *secid) |
8a076191f LSM: Introduce in... |
796 |
{ |
f25fce3e8 LSM: Introduce se... |
797 |
call_void_hook(inode_getsecid, inode, secid); |
8a076191f LSM: Introduce in... |
798 |
} |
d8ad8b496 security, overlay... |
799 800 801 802 803 |
int security_inode_copy_up(struct dentry *src, struct cred **new) { return call_int_hook(inode_copy_up, 0, src, new); } EXPORT_SYMBOL(security_inode_copy_up); |
121ab822e security,overlayf... |
804 805 806 807 808 |
int security_inode_copy_up_xattr(const char *name) { return call_int_hook(inode_copy_up_xattr, -EOPNOTSUPP, name); } EXPORT_SYMBOL(security_inode_copy_up_xattr); |
20510f2f4 security: Convert... |
809 810 |
int security_file_permission(struct file *file, int mask) { |
c4ec54b40 fsnotify: new fsn... |
811 |
int ret; |
f25fce3e8 LSM: Introduce se... |
812 |
ret = call_int_hook(file_permission, 0, file, mask); |
c4ec54b40 fsnotify: new fsn... |
813 814 815 816 |
if (ret) return ret; return fsnotify_perm(file, mask); |
20510f2f4 security: Convert... |
817 818 819 820 |
} int security_file_alloc(struct file *file) { |
f25fce3e8 LSM: Introduce se... |
821 |
return call_int_hook(file_alloc_security, 0, file); |
20510f2f4 security: Convert... |
822 823 824 825 |
} void security_file_free(struct file *file) { |
f25fce3e8 LSM: Introduce se... |
826 |
call_void_hook(file_free_security, file); |
20510f2f4 security: Convert... |
827 828 829 830 |
} int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) { |
f25fce3e8 LSM: Introduce se... |
831 |
return call_int_hook(file_ioctl, 0, file, cmd, arg); |
20510f2f4 security: Convert... |
832 |
} |
98de59bfe take calculation ... |
833 |
static inline unsigned long mmap_prot(struct file *file, unsigned long prot) |
20510f2f4 security: Convert... |
834 |
{ |
8b3ec6814 take security_mma... |
835 |
/* |
98de59bfe take calculation ... |
836 837 |
* Does we have PROT_READ and does the application expect * it to imply PROT_EXEC? If not, nothing to talk about... |
8b3ec6814 take security_mma... |
838 |
*/ |
98de59bfe take calculation ... |
839 840 |
if ((prot & (PROT_READ | PROT_EXEC)) != PROT_READ) return prot; |
8b3ec6814 take security_mma... |
841 |
if (!(current->personality & READ_IMPLIES_EXEC)) |
98de59bfe take calculation ... |
842 843 844 845 846 847 848 849 |
return prot; /* * if that's an anonymous mapping, let it. */ if (!file) return prot | PROT_EXEC; /* * ditto if it's not on noexec mount, except that on !MMU we need |
b4caecd48 fs: introduce f_o... |
850 |
* NOMMU_MAP_EXEC (== VM_MAYEXEC) in this case |
98de59bfe take calculation ... |
851 |
*/ |
90f8572b0 vfs: Commit to ne... |
852 |
if (!path_noexec(&file->f_path)) { |
8b3ec6814 take security_mma... |
853 |
#ifndef CONFIG_MMU |
b4caecd48 fs: introduce f_o... |
854 855 856 857 858 |
if (file->f_op->mmap_capabilities) { unsigned caps = file->f_op->mmap_capabilities(file); if (!(caps & NOMMU_MAP_EXEC)) return prot; } |
8b3ec6814 take security_mma... |
859 |
#endif |
98de59bfe take calculation ... |
860 |
return prot | PROT_EXEC; |
8b3ec6814 take security_mma... |
861 |
} |
98de59bfe take calculation ... |
862 863 864 865 866 867 868 869 |
/* anything on noexec mount won't get PROT_EXEC */ return prot; } int security_mmap_file(struct file *file, unsigned long prot, unsigned long flags) { int ret; |
f25fce3e8 LSM: Introduce se... |
870 |
ret = call_int_hook(mmap_file, 0, file, prot, |
98de59bfe take calculation ... |
871 |
mmap_prot(file, prot), flags); |
6c21a7fb4 LSM: imbed ima ca... |
872 873 874 |
if (ret) return ret; return ima_file_mmap(file, prot); |
20510f2f4 security: Convert... |
875 |
} |
e5467859f split ->file_mmap... |
876 877 |
int security_mmap_addr(unsigned long addr) { |
f25fce3e8 LSM: Introduce se... |
878 |
return call_int_hook(mmap_addr, 0, addr); |
e5467859f split ->file_mmap... |
879 |
} |
20510f2f4 security: Convert... |
880 881 882 |
int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, unsigned long prot) { |
f25fce3e8 LSM: Introduce se... |
883 |
return call_int_hook(file_mprotect, 0, vma, reqprot, prot); |
20510f2f4 security: Convert... |
884 885 886 887 |
} int security_file_lock(struct file *file, unsigned int cmd) { |
f25fce3e8 LSM: Introduce se... |
888 |
return call_int_hook(file_lock, 0, file, cmd); |
20510f2f4 security: Convert... |
889 890 891 892 |
} int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg) { |
f25fce3e8 LSM: Introduce se... |
893 |
return call_int_hook(file_fcntl, 0, file, cmd, arg); |
20510f2f4 security: Convert... |
894 |
} |
e0b93eddf security: make se... |
895 |
void security_file_set_fowner(struct file *file) |
20510f2f4 security: Convert... |
896 |
{ |
f25fce3e8 LSM: Introduce se... |
897 |
call_void_hook(file_set_fowner, file); |
20510f2f4 security: Convert... |
898 899 900 901 902 |
} int security_file_send_sigiotask(struct task_struct *tsk, struct fown_struct *fown, int sig) { |
f25fce3e8 LSM: Introduce se... |
903 |
return call_int_hook(file_send_sigiotask, 0, tsk, fown, sig); |
20510f2f4 security: Convert... |
904 905 906 907 |
} int security_file_receive(struct file *file) { |
f25fce3e8 LSM: Introduce se... |
908 |
return call_int_hook(file_receive, 0, file); |
20510f2f4 security: Convert... |
909 |
} |
e3f20ae21 security_file_ope... |
910 |
int security_file_open(struct file *file) |
20510f2f4 security: Convert... |
911 |
{ |
c4ec54b40 fsnotify: new fsn... |
912 |
int ret; |
948176920 ->file_open(): lo... |
913 |
ret = call_int_hook(file_open, 0, file); |
c4ec54b40 fsnotify: new fsn... |
914 915 916 917 |
if (ret) return ret; return fsnotify_perm(file, MAY_OPEN); |
20510f2f4 security: Convert... |
918 |
} |
e4e55b47e LSM: Revive secur... |
919 920 921 922 |
int security_task_alloc(struct task_struct *task, unsigned long clone_flags) { return call_int_hook(task_alloc, 0, task, clone_flags); } |
1a2a4d06e security: create ... |
923 924 |
void security_task_free(struct task_struct *task) { |
f25fce3e8 LSM: Introduce se... |
925 |
call_void_hook(task_free, task); |
1a2a4d06e security: create ... |
926 |
} |
ee18d64c1 KEYS: Add a keyct... |
927 928 |
int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) { |
f25fce3e8 LSM: Introduce se... |
929 |
return call_int_hook(cred_alloc_blank, 0, cred, gfp); |
ee18d64c1 KEYS: Add a keyct... |
930 |
} |
d84f4f992 CRED: Inaugurate ... |
931 |
void security_cred_free(struct cred *cred) |
20510f2f4 security: Convert... |
932 |
{ |
a19aedf1a LSM: Check for NU... |
933 934 935 936 937 938 |
/* * There is a failure case in prepare_creds() that * may result in a call here with ->security being NULL. */ if (unlikely(cred->security == NULL)) return; |
f25fce3e8 LSM: Introduce se... |
939 |
call_void_hook(cred_free, cred); |
20510f2f4 security: Convert... |
940 |
} |
d84f4f992 CRED: Inaugurate ... |
941 |
int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp) |
20510f2f4 security: Convert... |
942 |
{ |
f25fce3e8 LSM: Introduce se... |
943 |
return call_int_hook(cred_prepare, 0, new, old, gfp); |
d84f4f992 CRED: Inaugurate ... |
944 |
} |
ee18d64c1 KEYS: Add a keyct... |
945 946 |
void security_transfer_creds(struct cred *new, const struct cred *old) { |
f25fce3e8 LSM: Introduce se... |
947 |
call_void_hook(cred_transfer, new, old); |
ee18d64c1 KEYS: Add a keyct... |
948 |
} |
3ec301132 security: Add a c... |
949 950 951 952 953 954 |
void security_cred_getsecid(const struct cred *c, u32 *secid) { *secid = 0; call_void_hook(cred_getsecid, c, secid); } EXPORT_SYMBOL(security_cred_getsecid); |
3a3b7ce93 CRED: Allow kerne... |
955 956 |
int security_kernel_act_as(struct cred *new, u32 secid) { |
f25fce3e8 LSM: Introduce se... |
957 |
return call_int_hook(kernel_act_as, 0, new, secid); |
3a3b7ce93 CRED: Allow kerne... |
958 959 960 961 |
} int security_kernel_create_files_as(struct cred *new, struct inode *inode) { |
f25fce3e8 LSM: Introduce se... |
962 |
return call_int_hook(kernel_create_files_as, 0, new, inode); |
3a3b7ce93 CRED: Allow kerne... |
963 |
} |
dd8dbf2e6 security: report ... |
964 |
int security_kernel_module_request(char *kmod_name) |
9188499cd security: introdu... |
965 |
{ |
6eb864c1d integrity: preven... |
966 967 968 969 970 971 |
int ret; ret = call_int_hook(kernel_module_request, 0, kmod_name); if (ret) return ret; return integrity_kernel_module_request(kmod_name); |
9188499cd security: introdu... |
972 |
} |
39eeb4fb9 security: define ... |
973 974 975 976 977 978 979 980 981 982 |
int security_kernel_read_file(struct file *file, enum kernel_read_file_id id) { int ret; ret = call_int_hook(kernel_read_file, 0, file, id); if (ret) return ret; return ima_read_file(file, id); } EXPORT_SYMBOL_GPL(security_kernel_read_file); |
bc8ca5b92 vfs: define kerne... |
983 984 |
int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, enum kernel_read_file_id id) |
b44a7dfc6 vfs: define a gen... |
985 |
{ |
cf2222178 ima: define a new... |
986 987 988 989 990 991 |
int ret; ret = call_int_hook(kernel_post_read_file, 0, file, buf, size, id); if (ret) return ret; return ima_post_read_file(file, buf, size, id); |
b44a7dfc6 vfs: define a gen... |
992 993 |
} EXPORT_SYMBOL_GPL(security_kernel_post_read_file); |
377179cd2 security: define ... |
994 995 |
int security_kernel_load_data(enum kernel_load_data_id id) { |
16c267aac ima: based on pol... |
996 997 998 999 1000 1001 |
int ret; ret = call_int_hook(kernel_load_data, 0, id); if (ret) return ret; return ima_load_data(id); |
377179cd2 security: define ... |
1002 |
} |
83a68a067 security: export ... |
1003 |
EXPORT_SYMBOL_GPL(security_kernel_load_data); |
377179cd2 security: define ... |
1004 |
|
d84f4f992 CRED: Inaugurate ... |
1005 1006 |
int security_task_fix_setuid(struct cred *new, const struct cred *old, int flags) |
20510f2f4 security: Convert... |
1007 |
{ |
f25fce3e8 LSM: Introduce se... |
1008 |
return call_int_hook(task_fix_setuid, 0, new, old, flags); |
20510f2f4 security: Convert... |
1009 |
} |
20510f2f4 security: Convert... |
1010 1011 |
int security_task_setpgid(struct task_struct *p, pid_t pgid) { |
f25fce3e8 LSM: Introduce se... |
1012 |
return call_int_hook(task_setpgid, 0, p, pgid); |
20510f2f4 security: Convert... |
1013 1014 1015 1016 |
} int security_task_getpgid(struct task_struct *p) { |
f25fce3e8 LSM: Introduce se... |
1017 |
return call_int_hook(task_getpgid, 0, p); |
20510f2f4 security: Convert... |
1018 1019 1020 1021 |
} int security_task_getsid(struct task_struct *p) { |
f25fce3e8 LSM: Introduce se... |
1022 |
return call_int_hook(task_getsid, 0, p); |
20510f2f4 security: Convert... |
1023 1024 1025 1026 |
} void security_task_getsecid(struct task_struct *p, u32 *secid) { |
b1d9e6b06 LSM: Switch to li... |
1027 |
*secid = 0; |
f25fce3e8 LSM: Introduce se... |
1028 |
call_void_hook(task_getsecid, p, secid); |
20510f2f4 security: Convert... |
1029 1030 |
} EXPORT_SYMBOL(security_task_getsecid); |
20510f2f4 security: Convert... |
1031 1032 |
int security_task_setnice(struct task_struct *p, int nice) { |
f25fce3e8 LSM: Introduce se... |
1033 |
return call_int_hook(task_setnice, 0, p, nice); |
20510f2f4 security: Convert... |
1034 1035 1036 1037 |
} int security_task_setioprio(struct task_struct *p, int ioprio) { |
f25fce3e8 LSM: Introduce se... |
1038 |
return call_int_hook(task_setioprio, 0, p, ioprio); |
20510f2f4 security: Convert... |
1039 1040 1041 1042 |
} int security_task_getioprio(struct task_struct *p) { |
f25fce3e8 LSM: Introduce se... |
1043 |
return call_int_hook(task_getioprio, 0, p); |
20510f2f4 security: Convert... |
1044 |
} |
791ec491c prlimit,security,... |
1045 1046 1047 1048 1049 |
int security_task_prlimit(const struct cred *cred, const struct cred *tcred, unsigned int flags) { return call_int_hook(task_prlimit, 0, cred, tcred, flags); } |
8fd00b4d7 rlimits: security... |
1050 1051 |
int security_task_setrlimit(struct task_struct *p, unsigned int resource, struct rlimit *new_rlim) |
20510f2f4 security: Convert... |
1052 |
{ |
f25fce3e8 LSM: Introduce se... |
1053 |
return call_int_hook(task_setrlimit, 0, p, resource, new_rlim); |
20510f2f4 security: Convert... |
1054 |
} |
b0ae19811 security: remove ... |
1055 |
int security_task_setscheduler(struct task_struct *p) |
20510f2f4 security: Convert... |
1056 |
{ |
f25fce3e8 LSM: Introduce se... |
1057 |
return call_int_hook(task_setscheduler, 0, p); |
20510f2f4 security: Convert... |
1058 1059 1060 1061 |
} int security_task_getscheduler(struct task_struct *p) { |
f25fce3e8 LSM: Introduce se... |
1062 |
return call_int_hook(task_getscheduler, 0, p); |
20510f2f4 security: Convert... |
1063 1064 1065 1066 |
} int security_task_movememory(struct task_struct *p) { |
f25fce3e8 LSM: Introduce se... |
1067 |
return call_int_hook(task_movememory, 0, p); |
20510f2f4 security: Convert... |
1068 1069 1070 |
} int security_task_kill(struct task_struct *p, struct siginfo *info, |
6b4f3d010 usb, signal, secu... |
1071 |
int sig, const struct cred *cred) |
20510f2f4 security: Convert... |
1072 |
{ |
6b4f3d010 usb, signal, secu... |
1073 |
return call_int_hook(task_kill, 0, p, info, sig, cred); |
20510f2f4 security: Convert... |
1074 |
} |
20510f2f4 security: Convert... |
1075 |
int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
d84f4f992 CRED: Inaugurate ... |
1076 |
unsigned long arg4, unsigned long arg5) |
20510f2f4 security: Convert... |
1077 |
{ |
b1d9e6b06 LSM: Switch to li... |
1078 1079 1080 |
int thisrc; int rc = -ENOSYS; struct security_hook_list *hp; |
df0ce1733 security: convert... |
1081 |
hlist_for_each_entry(hp, &security_hook_heads.task_prctl, list) { |
b1d9e6b06 LSM: Switch to li... |
1082 1083 1084 1085 1086 1087 1088 1089 |
thisrc = hp->hook.task_prctl(option, arg2, arg3, arg4, arg5); if (thisrc != -ENOSYS) { rc = thisrc; if (thisrc != 0) break; } } return rc; |
20510f2f4 security: Convert... |
1090 1091 1092 1093 |
} void security_task_to_inode(struct task_struct *p, struct inode *inode) { |
f25fce3e8 LSM: Introduce se... |
1094 |
call_void_hook(task_to_inode, p, inode); |
20510f2f4 security: Convert... |
1095 1096 1097 1098 |
} int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag) { |
f25fce3e8 LSM: Introduce se... |
1099 |
return call_int_hook(ipc_permission, 0, ipcp, flag); |
20510f2f4 security: Convert... |
1100 |
} |
8a076191f LSM: Introduce in... |
1101 1102 |
void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) { |
b1d9e6b06 LSM: Switch to li... |
1103 |
*secid = 0; |
f25fce3e8 LSM: Introduce se... |
1104 |
call_void_hook(ipc_getsecid, ipcp, secid); |
8a076191f LSM: Introduce in... |
1105 |
} |
20510f2f4 security: Convert... |
1106 1107 |
int security_msg_msg_alloc(struct msg_msg *msg) { |
f25fce3e8 LSM: Introduce se... |
1108 |
return call_int_hook(msg_msg_alloc_security, 0, msg); |
20510f2f4 security: Convert... |
1109 1110 1111 1112 |
} void security_msg_msg_free(struct msg_msg *msg) { |
f25fce3e8 LSM: Introduce se... |
1113 |
call_void_hook(msg_msg_free_security, msg); |
20510f2f4 security: Convert... |
1114 |
} |
d8c6e8543 msg/security: Pas... |
1115 |
int security_msg_queue_alloc(struct kern_ipc_perm *msq) |
20510f2f4 security: Convert... |
1116 |
{ |
f25fce3e8 LSM: Introduce se... |
1117 |
return call_int_hook(msg_queue_alloc_security, 0, msq); |
20510f2f4 security: Convert... |
1118 |
} |
d8c6e8543 msg/security: Pas... |
1119 |
void security_msg_queue_free(struct kern_ipc_perm *msq) |
20510f2f4 security: Convert... |
1120 |
{ |
f25fce3e8 LSM: Introduce se... |
1121 |
call_void_hook(msg_queue_free_security, msq); |
20510f2f4 security: Convert... |
1122 |
} |
d8c6e8543 msg/security: Pas... |
1123 |
int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg) |
20510f2f4 security: Convert... |
1124 |
{ |
f25fce3e8 LSM: Introduce se... |
1125 |
return call_int_hook(msg_queue_associate, 0, msq, msqflg); |
20510f2f4 security: Convert... |
1126 |
} |
d8c6e8543 msg/security: Pas... |
1127 |
int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd) |
20510f2f4 security: Convert... |
1128 |
{ |
f25fce3e8 LSM: Introduce se... |
1129 |
return call_int_hook(msg_queue_msgctl, 0, msq, cmd); |
20510f2f4 security: Convert... |
1130 |
} |
d8c6e8543 msg/security: Pas... |
1131 |
int security_msg_queue_msgsnd(struct kern_ipc_perm *msq, |
20510f2f4 security: Convert... |
1132 1133 |
struct msg_msg *msg, int msqflg) { |
f25fce3e8 LSM: Introduce se... |
1134 |
return call_int_hook(msg_queue_msgsnd, 0, msq, msg, msqflg); |
20510f2f4 security: Convert... |
1135 |
} |
d8c6e8543 msg/security: Pas... |
1136 |
int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg, |
20510f2f4 security: Convert... |
1137 1138 |
struct task_struct *target, long type, int mode) { |
f25fce3e8 LSM: Introduce se... |
1139 |
return call_int_hook(msg_queue_msgrcv, 0, msq, msg, target, type, mode); |
20510f2f4 security: Convert... |
1140 |
} |
7191adff2 shm/security: Pas... |
1141 |
int security_shm_alloc(struct kern_ipc_perm *shp) |
20510f2f4 security: Convert... |
1142 |
{ |
f25fce3e8 LSM: Introduce se... |
1143 |
return call_int_hook(shm_alloc_security, 0, shp); |
20510f2f4 security: Convert... |
1144 |
} |
7191adff2 shm/security: Pas... |
1145 |
void security_shm_free(struct kern_ipc_perm *shp) |
20510f2f4 security: Convert... |
1146 |
{ |
f25fce3e8 LSM: Introduce se... |
1147 |
call_void_hook(shm_free_security, shp); |
20510f2f4 security: Convert... |
1148 |
} |
7191adff2 shm/security: Pas... |
1149 |
int security_shm_associate(struct kern_ipc_perm *shp, int shmflg) |
20510f2f4 security: Convert... |
1150 |
{ |
f25fce3e8 LSM: Introduce se... |
1151 |
return call_int_hook(shm_associate, 0, shp, shmflg); |
20510f2f4 security: Convert... |
1152 |
} |
7191adff2 shm/security: Pas... |
1153 |
int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd) |
20510f2f4 security: Convert... |
1154 |
{ |
f25fce3e8 LSM: Introduce se... |
1155 |
return call_int_hook(shm_shmctl, 0, shp, cmd); |
20510f2f4 security: Convert... |
1156 |
} |
7191adff2 shm/security: Pas... |
1157 |
int security_shm_shmat(struct kern_ipc_perm *shp, char __user *shmaddr, int shmflg) |
20510f2f4 security: Convert... |
1158 |
{ |
f25fce3e8 LSM: Introduce se... |
1159 |
return call_int_hook(shm_shmat, 0, shp, shmaddr, shmflg); |
20510f2f4 security: Convert... |
1160 |
} |
aefad9593 sem/security: Pas... |
1161 |
int security_sem_alloc(struct kern_ipc_perm *sma) |
20510f2f4 security: Convert... |
1162 |
{ |
f25fce3e8 LSM: Introduce se... |
1163 |
return call_int_hook(sem_alloc_security, 0, sma); |
20510f2f4 security: Convert... |
1164 |
} |
aefad9593 sem/security: Pas... |
1165 |
void security_sem_free(struct kern_ipc_perm *sma) |
20510f2f4 security: Convert... |
1166 |
{ |
f25fce3e8 LSM: Introduce se... |
1167 |
call_void_hook(sem_free_security, sma); |
20510f2f4 security: Convert... |
1168 |
} |
aefad9593 sem/security: Pas... |
1169 |
int security_sem_associate(struct kern_ipc_perm *sma, int semflg) |
20510f2f4 security: Convert... |
1170 |
{ |
f25fce3e8 LSM: Introduce se... |
1171 |
return call_int_hook(sem_associate, 0, sma, semflg); |
20510f2f4 security: Convert... |
1172 |
} |
aefad9593 sem/security: Pas... |
1173 |
int security_sem_semctl(struct kern_ipc_perm *sma, int cmd) |
20510f2f4 security: Convert... |
1174 |
{ |
f25fce3e8 LSM: Introduce se... |
1175 |
return call_int_hook(sem_semctl, 0, sma, cmd); |
20510f2f4 security: Convert... |
1176 |
} |
aefad9593 sem/security: Pas... |
1177 |
int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops, |
20510f2f4 security: Convert... |
1178 1179 |
unsigned nsops, int alter) { |
f25fce3e8 LSM: Introduce se... |
1180 |
return call_int_hook(sem_semop, 0, sma, sops, nsops, alter); |
20510f2f4 security: Convert... |
1181 1182 1183 1184 1185 1186 |
} void security_d_instantiate(struct dentry *dentry, struct inode *inode) { if (unlikely(inode && IS_PRIVATE(inode))) return; |
f25fce3e8 LSM: Introduce se... |
1187 |
call_void_hook(d_instantiate, dentry, inode); |
20510f2f4 security: Convert... |
1188 1189 1190 1191 1192 |
} EXPORT_SYMBOL(security_d_instantiate); int security_getprocattr(struct task_struct *p, char *name, char **value) { |
b1d9e6b06 LSM: Switch to li... |
1193 |
return call_int_hook(getprocattr, -EINVAL, p, name, value); |
20510f2f4 security: Convert... |
1194 |
} |
b21507e27 proc,security: mo... |
1195 |
int security_setprocattr(const char *name, void *value, size_t size) |
20510f2f4 security: Convert... |
1196 |
{ |
b21507e27 proc,security: mo... |
1197 |
return call_int_hook(setprocattr, -EINVAL, name, value, size); |
20510f2f4 security: Convert... |
1198 1199 1200 1201 |
} int security_netlink_send(struct sock *sk, struct sk_buff *skb) { |
f25fce3e8 LSM: Introduce se... |
1202 |
return call_int_hook(netlink_send, 0, sk, skb); |
20510f2f4 security: Convert... |
1203 |
} |
20510f2f4 security: Convert... |
1204 |
|
746df9b59 Security: Add Hoo... |
1205 1206 |
int security_ismaclabel(const char *name) { |
f25fce3e8 LSM: Introduce se... |
1207 |
return call_int_hook(ismaclabel, 0, name); |
746df9b59 Security: Add Hoo... |
1208 1209 |
} EXPORT_SYMBOL(security_ismaclabel); |
20510f2f4 security: Convert... |
1210 1211 |
int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) { |
b1d9e6b06 LSM: Switch to li... |
1212 1213 |
return call_int_hook(secid_to_secctx, -EOPNOTSUPP, secid, secdata, seclen); |
20510f2f4 security: Convert... |
1214 1215 |
} EXPORT_SYMBOL(security_secid_to_secctx); |
7bf570dc8 Security: Make se... |
1216 |
int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) |
63cb34492 security: add a s... |
1217 |
{ |
b1d9e6b06 LSM: Switch to li... |
1218 |
*secid = 0; |
f25fce3e8 LSM: Introduce se... |
1219 |
return call_int_hook(secctx_to_secid, 0, secdata, seclen, secid); |
63cb34492 security: add a s... |
1220 1221 |
} EXPORT_SYMBOL(security_secctx_to_secid); |
20510f2f4 security: Convert... |
1222 1223 |
void security_release_secctx(char *secdata, u32 seclen) { |
f25fce3e8 LSM: Introduce se... |
1224 |
call_void_hook(release_secctx, secdata, seclen); |
20510f2f4 security: Convert... |
1225 1226 |
} EXPORT_SYMBOL(security_release_secctx); |
6f3be9f56 security: Add hoo... |
1227 1228 1229 1230 1231 |
void security_inode_invalidate_secctx(struct inode *inode) { call_void_hook(inode_invalidate_secctx, inode); } EXPORT_SYMBOL(security_inode_invalidate_secctx); |
1ee65e37e LSM/SELinux: inod... |
1232 1233 |
int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) { |
f25fce3e8 LSM: Introduce se... |
1234 |
return call_int_hook(inode_notifysecctx, 0, inode, ctx, ctxlen); |
1ee65e37e LSM/SELinux: inod... |
1235 1236 1237 1238 1239 |
} EXPORT_SYMBOL(security_inode_notifysecctx); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) { |
f25fce3e8 LSM: Introduce se... |
1240 |
return call_int_hook(inode_setsecctx, 0, dentry, ctx, ctxlen); |
1ee65e37e LSM/SELinux: inod... |
1241 1242 1243 1244 1245 |
} EXPORT_SYMBOL(security_inode_setsecctx); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) { |
b1d9e6b06 LSM: Switch to li... |
1246 |
return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, ctx, ctxlen); |
1ee65e37e LSM/SELinux: inod... |
1247 1248 |
} EXPORT_SYMBOL(security_inode_getsecctx); |
20510f2f4 security: Convert... |
1249 |
#ifdef CONFIG_SECURITY_NETWORK |
3610cda53 af_unix: Avoid so... |
1250 |
int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk) |
20510f2f4 security: Convert... |
1251 |
{ |
f25fce3e8 LSM: Introduce se... |
1252 |
return call_int_hook(unix_stream_connect, 0, sock, other, newsk); |
20510f2f4 security: Convert... |
1253 1254 1255 1256 1257 |
} EXPORT_SYMBOL(security_unix_stream_connect); int security_unix_may_send(struct socket *sock, struct socket *other) { |
f25fce3e8 LSM: Introduce se... |
1258 |
return call_int_hook(unix_may_send, 0, sock, other); |
20510f2f4 security: Convert... |
1259 1260 1261 1262 1263 |
} EXPORT_SYMBOL(security_unix_may_send); int security_socket_create(int family, int type, int protocol, int kern) { |
f25fce3e8 LSM: Introduce se... |
1264 |
return call_int_hook(socket_create, 0, family, type, protocol, kern); |
20510f2f4 security: Convert... |
1265 1266 1267 1268 1269 |
} int security_socket_post_create(struct socket *sock, int family, int type, int protocol, int kern) { |
f25fce3e8 LSM: Introduce se... |
1270 |
return call_int_hook(socket_post_create, 0, sock, family, type, |
20510f2f4 security: Convert... |
1271 1272 |
protocol, kern); } |
aae7cfcbb security: add hoo... |
1273 1274 1275 1276 1277 |
int security_socket_socketpair(struct socket *socka, struct socket *sockb) { return call_int_hook(socket_socketpair, 0, socka, sockb); } EXPORT_SYMBOL(security_socket_socketpair); |
20510f2f4 security: Convert... |
1278 1279 |
int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) { |
f25fce3e8 LSM: Introduce se... |
1280 |
return call_int_hook(socket_bind, 0, sock, address, addrlen); |
20510f2f4 security: Convert... |
1281 1282 1283 1284 |
} int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen) { |
f25fce3e8 LSM: Introduce se... |
1285 |
return call_int_hook(socket_connect, 0, sock, address, addrlen); |
20510f2f4 security: Convert... |
1286 1287 1288 1289 |
} int security_socket_listen(struct socket *sock, int backlog) { |
f25fce3e8 LSM: Introduce se... |
1290 |
return call_int_hook(socket_listen, 0, sock, backlog); |
20510f2f4 security: Convert... |
1291 1292 1293 1294 |
} int security_socket_accept(struct socket *sock, struct socket *newsock) { |
f25fce3e8 LSM: Introduce se... |
1295 |
return call_int_hook(socket_accept, 0, sock, newsock); |
20510f2f4 security: Convert... |
1296 |
} |
20510f2f4 security: Convert... |
1297 1298 |
int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) { |
f25fce3e8 LSM: Introduce se... |
1299 |
return call_int_hook(socket_sendmsg, 0, sock, msg, size); |
20510f2f4 security: Convert... |
1300 1301 1302 1303 1304 |
} int security_socket_recvmsg(struct socket *sock, struct msghdr *msg, int size, int flags) { |
f25fce3e8 LSM: Introduce se... |
1305 |
return call_int_hook(socket_recvmsg, 0, sock, msg, size, flags); |
20510f2f4 security: Convert... |
1306 1307 1308 1309 |
} int security_socket_getsockname(struct socket *sock) { |
f25fce3e8 LSM: Introduce se... |
1310 |
return call_int_hook(socket_getsockname, 0, sock); |
20510f2f4 security: Convert... |
1311 1312 1313 1314 |
} int security_socket_getpeername(struct socket *sock) { |
f25fce3e8 LSM: Introduce se... |
1315 |
return call_int_hook(socket_getpeername, 0, sock); |
20510f2f4 security: Convert... |
1316 1317 1318 1319 |
} int security_socket_getsockopt(struct socket *sock, int level, int optname) { |
f25fce3e8 LSM: Introduce se... |
1320 |
return call_int_hook(socket_getsockopt, 0, sock, level, optname); |
20510f2f4 security: Convert... |
1321 1322 1323 1324 |
} int security_socket_setsockopt(struct socket *sock, int level, int optname) { |
f25fce3e8 LSM: Introduce se... |
1325 |
return call_int_hook(socket_setsockopt, 0, sock, level, optname); |
20510f2f4 security: Convert... |
1326 1327 1328 1329 |
} int security_socket_shutdown(struct socket *sock, int how) { |
f25fce3e8 LSM: Introduce se... |
1330 |
return call_int_hook(socket_shutdown, 0, sock, how); |
20510f2f4 security: Convert... |
1331 1332 1333 1334 |
} int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { |
f25fce3e8 LSM: Introduce se... |
1335 |
return call_int_hook(socket_sock_rcv_skb, 0, sk, skb); |
20510f2f4 security: Convert... |
1336 1337 1338 1339 1340 1341 |
} EXPORT_SYMBOL(security_sock_rcv_skb); int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, int __user *optlen, unsigned len) { |
b1d9e6b06 LSM: Switch to li... |
1342 1343 |
return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock, optval, optlen, len); |
20510f2f4 security: Convert... |
1344 1345 1346 1347 |
} int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) { |
e308fd3bb LSM: restore cert... |
1348 1349 |
return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, skb, secid); |
20510f2f4 security: Convert... |
1350 1351 1352 1353 1354 |
} EXPORT_SYMBOL(security_socket_getpeersec_dgram); int security_sk_alloc(struct sock *sk, int family, gfp_t priority) { |
f25fce3e8 LSM: Introduce se... |
1355 |
return call_int_hook(sk_alloc_security, 0, sk, family, priority); |
20510f2f4 security: Convert... |
1356 1357 1358 1359 |
} void security_sk_free(struct sock *sk) { |
f25fce3e8 LSM: Introduce se... |
1360 |
call_void_hook(sk_free_security, sk); |
20510f2f4 security: Convert... |
1361 1362 1363 1364 |
} void security_sk_clone(const struct sock *sk, struct sock *newsk) { |
f25fce3e8 LSM: Introduce se... |
1365 |
call_void_hook(sk_clone_security, sk, newsk); |
20510f2f4 security: Convert... |
1366 |
} |
6230c9b4f bluetooth: Proper... |
1367 |
EXPORT_SYMBOL(security_sk_clone); |
20510f2f4 security: Convert... |
1368 1369 1370 |
void security_sk_classify_flow(struct sock *sk, struct flowi *fl) { |
f25fce3e8 LSM: Introduce se... |
1371 |
call_void_hook(sk_getsecid, sk, &fl->flowi_secid); |
20510f2f4 security: Convert... |
1372 1373 1374 1375 1376 |
} EXPORT_SYMBOL(security_sk_classify_flow); void security_req_classify_flow(const struct request_sock *req, struct flowi *fl) { |
f25fce3e8 LSM: Introduce se... |
1377 |
call_void_hook(req_classify_flow, req, fl); |
20510f2f4 security: Convert... |
1378 1379 1380 1381 1382 |
} EXPORT_SYMBOL(security_req_classify_flow); void security_sock_graft(struct sock *sk, struct socket *parent) { |
f25fce3e8 LSM: Introduce se... |
1383 |
call_void_hook(sock_graft, sk, parent); |
20510f2f4 security: Convert... |
1384 1385 1386 1387 1388 1389 |
} EXPORT_SYMBOL(security_sock_graft); int security_inet_conn_request(struct sock *sk, struct sk_buff *skb, struct request_sock *req) { |
f25fce3e8 LSM: Introduce se... |
1390 |
return call_int_hook(inet_conn_request, 0, sk, skb, req); |
20510f2f4 security: Convert... |
1391 1392 1393 1394 1395 1396 |
} EXPORT_SYMBOL(security_inet_conn_request); void security_inet_csk_clone(struct sock *newsk, const struct request_sock *req) { |
f25fce3e8 LSM: Introduce se... |
1397 |
call_void_hook(inet_csk_clone, newsk, req); |
20510f2f4 security: Convert... |
1398 1399 1400 1401 1402 |
} void security_inet_conn_established(struct sock *sk, struct sk_buff *skb) { |
f25fce3e8 LSM: Introduce se... |
1403 |
call_void_hook(inet_conn_established, sk, skb); |
20510f2f4 security: Convert... |
1404 |
} |
72e89f500 security: Add sup... |
1405 |
EXPORT_SYMBOL(security_inet_conn_established); |
20510f2f4 security: Convert... |
1406 |
|
2606fd1fa secmark: make sec... |
1407 1408 |
int security_secmark_relabel_packet(u32 secid) { |
f25fce3e8 LSM: Introduce se... |
1409 |
return call_int_hook(secmark_relabel_packet, 0, secid); |
2606fd1fa secmark: make sec... |
1410 1411 1412 1413 1414 |
} EXPORT_SYMBOL(security_secmark_relabel_packet); void security_secmark_refcount_inc(void) { |
f25fce3e8 LSM: Introduce se... |
1415 |
call_void_hook(secmark_refcount_inc); |
2606fd1fa secmark: make sec... |
1416 1417 1418 1419 1420 |
} EXPORT_SYMBOL(security_secmark_refcount_inc); void security_secmark_refcount_dec(void) { |
f25fce3e8 LSM: Introduce se... |
1421 |
call_void_hook(secmark_refcount_dec); |
2606fd1fa secmark: make sec... |
1422 1423 |
} EXPORT_SYMBOL(security_secmark_refcount_dec); |
5dbbaf2de tun: fix LSM/SELi... |
1424 1425 |
int security_tun_dev_alloc_security(void **security) { |
f25fce3e8 LSM: Introduce se... |
1426 |
return call_int_hook(tun_dev_alloc_security, 0, security); |
5dbbaf2de tun: fix LSM/SELi... |
1427 1428 1429 1430 1431 |
} EXPORT_SYMBOL(security_tun_dev_alloc_security); void security_tun_dev_free_security(void *security) { |
f25fce3e8 LSM: Introduce se... |
1432 |
call_void_hook(tun_dev_free_security, security); |
5dbbaf2de tun: fix LSM/SELi... |
1433 1434 |
} EXPORT_SYMBOL(security_tun_dev_free_security); |
2b980dbd7 lsm: Add hooks to... |
1435 1436 |
int security_tun_dev_create(void) { |
f25fce3e8 LSM: Introduce se... |
1437 |
return call_int_hook(tun_dev_create, 0); |
2b980dbd7 lsm: Add hooks to... |
1438 1439 |
} EXPORT_SYMBOL(security_tun_dev_create); |
5dbbaf2de tun: fix LSM/SELi... |
1440 |
int security_tun_dev_attach_queue(void *security) |
2b980dbd7 lsm: Add hooks to... |
1441 |
{ |
f25fce3e8 LSM: Introduce se... |
1442 |
return call_int_hook(tun_dev_attach_queue, 0, security); |
2b980dbd7 lsm: Add hooks to... |
1443 |
} |
5dbbaf2de tun: fix LSM/SELi... |
1444 |
EXPORT_SYMBOL(security_tun_dev_attach_queue); |
2b980dbd7 lsm: Add hooks to... |
1445 |
|
5dbbaf2de tun: fix LSM/SELi... |
1446 |
int security_tun_dev_attach(struct sock *sk, void *security) |
2b980dbd7 lsm: Add hooks to... |
1447 |
{ |
f25fce3e8 LSM: Introduce se... |
1448 |
return call_int_hook(tun_dev_attach, 0, sk, security); |
2b980dbd7 lsm: Add hooks to... |
1449 1450 |
} EXPORT_SYMBOL(security_tun_dev_attach); |
5dbbaf2de tun: fix LSM/SELi... |
1451 1452 |
int security_tun_dev_open(void *security) { |
f25fce3e8 LSM: Introduce se... |
1453 |
return call_int_hook(tun_dev_open, 0, security); |
5dbbaf2de tun: fix LSM/SELi... |
1454 1455 |
} EXPORT_SYMBOL(security_tun_dev_open); |
72e89f500 security: Add sup... |
1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 |
int security_sctp_assoc_request(struct sctp_endpoint *ep, struct sk_buff *skb) { return call_int_hook(sctp_assoc_request, 0, ep, skb); } EXPORT_SYMBOL(security_sctp_assoc_request); int security_sctp_bind_connect(struct sock *sk, int optname, struct sockaddr *address, int addrlen) { return call_int_hook(sctp_bind_connect, 0, sk, optname, address, addrlen); } EXPORT_SYMBOL(security_sctp_bind_connect); void security_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk, struct sock *newsk) { call_void_hook(sctp_sk_clone, ep, sk, newsk); } EXPORT_SYMBOL(security_sctp_sk_clone); |
20510f2f4 security: Convert... |
1476 |
#endif /* CONFIG_SECURITY_NETWORK */ |
d291f1a65 IB/core: Enforce ... |
1477 1478 1479 1480 1481 1482 1483 |
#ifdef CONFIG_SECURITY_INFINIBAND int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey) { return call_int_hook(ib_pkey_access, 0, sec, subnet_prefix, pkey); } EXPORT_SYMBOL(security_ib_pkey_access); |
47a2b338f IB/core: Enforce ... |
1484 1485 1486 1487 1488 |
int security_ib_endport_manage_subnet(void *sec, const char *dev_name, u8 port_num) { return call_int_hook(ib_endport_manage_subnet, 0, sec, dev_name, port_num); } EXPORT_SYMBOL(security_ib_endport_manage_subnet); |
d291f1a65 IB/core: Enforce ... |
1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 |
int security_ib_alloc_security(void **sec) { return call_int_hook(ib_alloc_security, 0, sec); } EXPORT_SYMBOL(security_ib_alloc_security); void security_ib_free_security(void *sec) { call_void_hook(ib_free_security, sec); } EXPORT_SYMBOL(security_ib_free_security); #endif /* CONFIG_SECURITY_INFINIBAND */ |
20510f2f4 security: Convert... |
1501 |
#ifdef CONFIG_SECURITY_NETWORK_XFRM |
52a4c6404 selinux: add gfp ... |
1502 1503 1504 |
int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp) |
20510f2f4 security: Convert... |
1505 |
{ |
f25fce3e8 LSM: Introduce se... |
1506 |
return call_int_hook(xfrm_policy_alloc_security, 0, ctxp, sec_ctx, gfp); |
20510f2f4 security: Convert... |
1507 1508 |
} EXPORT_SYMBOL(security_xfrm_policy_alloc); |
03e1ad7b5 LSM: Make the Lab... |
1509 1510 |
int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp) |
20510f2f4 security: Convert... |
1511 |
{ |
f25fce3e8 LSM: Introduce se... |
1512 |
return call_int_hook(xfrm_policy_clone_security, 0, old_ctx, new_ctxp); |
20510f2f4 security: Convert... |
1513 |
} |
03e1ad7b5 LSM: Make the Lab... |
1514 |
void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx) |
20510f2f4 security: Convert... |
1515 |
{ |
f25fce3e8 LSM: Introduce se... |
1516 |
call_void_hook(xfrm_policy_free_security, ctx); |
20510f2f4 security: Convert... |
1517 1518 |
} EXPORT_SYMBOL(security_xfrm_policy_free); |
03e1ad7b5 LSM: Make the Lab... |
1519 |
int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) |
20510f2f4 security: Convert... |
1520 |
{ |
f25fce3e8 LSM: Introduce se... |
1521 |
return call_int_hook(xfrm_policy_delete_security, 0, ctx); |
20510f2f4 security: Convert... |
1522 |
} |
2e5aa8660 lsm: split the xf... |
1523 1524 |
int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) |
20510f2f4 security: Convert... |
1525 |
{ |
f25fce3e8 LSM: Introduce se... |
1526 |
return call_int_hook(xfrm_state_alloc, 0, x, sec_ctx); |
20510f2f4 security: Convert... |
1527 1528 1529 1530 1531 1532 |
} EXPORT_SYMBOL(security_xfrm_state_alloc); int security_xfrm_state_alloc_acquire(struct xfrm_state *x, struct xfrm_sec_ctx *polsec, u32 secid) { |
f25fce3e8 LSM: Introduce se... |
1533 |
return call_int_hook(xfrm_state_alloc_acquire, 0, x, polsec, secid); |
20510f2f4 security: Convert... |
1534 1535 1536 1537 |
} int security_xfrm_state_delete(struct xfrm_state *x) { |
f25fce3e8 LSM: Introduce se... |
1538 |
return call_int_hook(xfrm_state_delete_security, 0, x); |
20510f2f4 security: Convert... |
1539 1540 1541 1542 1543 |
} EXPORT_SYMBOL(security_xfrm_state_delete); void security_xfrm_state_free(struct xfrm_state *x) { |
f25fce3e8 LSM: Introduce se... |
1544 |
call_void_hook(xfrm_state_free_security, x); |
20510f2f4 security: Convert... |
1545 |
} |
03e1ad7b5 LSM: Make the Lab... |
1546 |
int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) |
20510f2f4 security: Convert... |
1547 |
{ |
f25fce3e8 LSM: Introduce se... |
1548 |
return call_int_hook(xfrm_policy_lookup, 0, ctx, fl_secid, dir); |
20510f2f4 security: Convert... |
1549 1550 1551 |
} int security_xfrm_state_pol_flow_match(struct xfrm_state *x, |
e33f77042 xfrm: Mark flowi ... |
1552 1553 |
struct xfrm_policy *xp, const struct flowi *fl) |
20510f2f4 security: Convert... |
1554 |
{ |
b1d9e6b06 LSM: Switch to li... |
1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 |
struct security_hook_list *hp; int rc = 1; /* * Since this function is expected to return 0 or 1, the judgment * becomes difficult if multiple LSMs supply this call. Fortunately, * we can use the first LSM's judgment because currently only SELinux * supplies this call. * * For speed optimization, we explicitly break the loop rather than * using the macro */ |
df0ce1733 security: convert... |
1567 |
hlist_for_each_entry(hp, &security_hook_heads.xfrm_state_pol_flow_match, |
b1d9e6b06 LSM: Switch to li... |
1568 1569 1570 1571 1572 |
list) { rc = hp->hook.xfrm_state_pol_flow_match(x, xp, fl); break; } return rc; |
20510f2f4 security: Convert... |
1573 1574 1575 1576 |
} int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) { |
f25fce3e8 LSM: Introduce se... |
1577 |
return call_int_hook(xfrm_decode_session, 0, skb, secid, 1); |
20510f2f4 security: Convert... |
1578 1579 1580 1581 |
} void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl) { |
f25fce3e8 LSM: Introduce se... |
1582 1583 |
int rc = call_int_hook(xfrm_decode_session, 0, skb, &fl->flowi_secid, 0); |
20510f2f4 security: Convert... |
1584 1585 1586 1587 1588 1589 1590 1591 |
BUG_ON(rc); } EXPORT_SYMBOL(security_skb_classify_flow); #endif /* CONFIG_SECURITY_NETWORK_XFRM */ #ifdef CONFIG_KEYS |
d84f4f992 CRED: Inaugurate ... |
1592 1593 |
int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags) |
20510f2f4 security: Convert... |
1594 |
{ |
f25fce3e8 LSM: Introduce se... |
1595 |
return call_int_hook(key_alloc, 0, key, cred, flags); |
20510f2f4 security: Convert... |
1596 1597 1598 1599 |
} void security_key_free(struct key *key) { |
f25fce3e8 LSM: Introduce se... |
1600 |
call_void_hook(key_free, key); |
20510f2f4 security: Convert... |
1601 1602 1603 |
} int security_key_permission(key_ref_t key_ref, |
f5895943d KEYS: Move the fl... |
1604 |
const struct cred *cred, unsigned perm) |
20510f2f4 security: Convert... |
1605 |
{ |
f25fce3e8 LSM: Introduce se... |
1606 |
return call_int_hook(key_permission, 0, key_ref, cred, perm); |
20510f2f4 security: Convert... |
1607 |
} |
70a5bb72b keys: add keyctl ... |
1608 1609 |
int security_key_getsecurity(struct key *key, char **_buffer) { |
b1d9e6b06 LSM: Switch to li... |
1610 |
*_buffer = NULL; |
f25fce3e8 LSM: Introduce se... |
1611 |
return call_int_hook(key_getsecurity, 0, key, _buffer); |
70a5bb72b keys: add keyctl ... |
1612 |
} |
20510f2f4 security: Convert... |
1613 |
#endif /* CONFIG_KEYS */ |
03d37d25e LSM/Audit: Introd... |
1614 1615 1616 1617 1618 |
#ifdef CONFIG_AUDIT int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) { |
f25fce3e8 LSM: Introduce se... |
1619 |
return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); |
03d37d25e LSM/Audit: Introd... |
1620 1621 1622 1623 |
} int security_audit_rule_known(struct audit_krule *krule) { |
f25fce3e8 LSM: Introduce se... |
1624 |
return call_int_hook(audit_rule_known, 0, krule); |
03d37d25e LSM/Audit: Introd... |
1625 1626 1627 1628 |
} void security_audit_rule_free(void *lsmrule) { |
f25fce3e8 LSM: Introduce se... |
1629 |
call_void_hook(audit_rule_free, lsmrule); |
03d37d25e LSM/Audit: Introd... |
1630 1631 1632 1633 1634 |
} int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, struct audit_context *actx) { |
f25fce3e8 LSM: Introduce se... |
1635 1636 |
return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule, actx); |
03d37d25e LSM/Audit: Introd... |
1637 |
} |
b1d9e6b06 LSM: Switch to li... |
1638 |
#endif /* CONFIG_AUDIT */ |
afdb09c72 security: bpf: Ad... |
1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 |
#ifdef CONFIG_BPF_SYSCALL int security_bpf(int cmd, union bpf_attr *attr, unsigned int size) { return call_int_hook(bpf, 0, cmd, attr, size); } int security_bpf_map(struct bpf_map *map, fmode_t fmode) { return call_int_hook(bpf_map, 0, map, fmode); } int security_bpf_prog(struct bpf_prog *prog) { return call_int_hook(bpf_prog, 0, prog); } int security_bpf_map_alloc(struct bpf_map *map) { return call_int_hook(bpf_map_alloc_security, 0, map); } int security_bpf_prog_alloc(struct bpf_prog_aux *aux) { return call_int_hook(bpf_prog_alloc_security, 0, aux); } void security_bpf_map_free(struct bpf_map *map) { call_void_hook(bpf_map_free_security, map); } void security_bpf_prog_free(struct bpf_prog_aux *aux) { call_void_hook(bpf_prog_free_security, aux); } #endif /* CONFIG_BPF_SYSCALL */ |