Blame view
security/security.c
54.8 KB
1da177e4c
Linux-2.6.12-rc2
|
1 2 3 4 5 6 7 8 9 10 11 12 |
/* * Security plug functions * * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com> * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. */ |
c59ede7b7
[PATCH] move capa...
|
13 |
#include <linux/capability.h> |
d47be3dfe
Security: Add hoo...
|
14 |
#include <linux/dcache.h> |
|
1da177e4c
Linux-2.6.12-rc2
|
15 16 17 |
#include <linux/module.h> #include <linux/init.h> #include <linux/kernel.h> |
3c4ed7bdf
LSM: Split securi...
|
18 |
#include <linux/lsm_hooks.h> |
f381c2722
integrity: move i...
|
19 |
#include <linux/integrity.h> |
|
6c21a7fb4
LSM: imbed ima ca...
|
20 |
#include <linux/ima.h> |
|
3e1be52d6
security: imbed e...
|
21 |
#include <linux/evm.h> |
404015308
security: trim se...
|
22 |
#include <linux/fsnotify.h> |
8b3ec6814
take security_mma...
|
23 24 25 |
#include <linux/mman.h> #include <linux/mount.h> #include <linux/personality.h> |
75331a597
security: Fix nom...
|
26 |
#include <linux/backing-dev.h> |
|
404015308
security: trim se...
|
27 |
#include <net/flow.h> |
|
1da177e4c
Linux-2.6.12-rc2
|
28 |
|
|
823eb1ccd
evm: call evm_ino...
|
29 |
#define MAX_LSM_EVM_XATTR 2 |
|
1da177e4c
Linux-2.6.12-rc2
|
30 |
|
|
b1d9e6b06
LSM: Switch to li...
|
31 32 |
/* Maximum number of letters for an LSM name string */ #define SECURITY_NAME_MAX 10 |
076c54c5b
Security: Introdu...
|
33 |
/* Boot-time LSM user choice */ |
6e65f92ff
Config option to ...
|
34 35 |
static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; |
|
1da177e4c
Linux-2.6.12-rc2
|
36 |
|
|
1da177e4c
Linux-2.6.12-rc2
|
37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
static void __init do_security_initcalls(void)
{
initcall_t *call;
call = __security_initcall_start;
while (call < __security_initcall_end) {
(*call) ();
call++;
}
}
/**
* security_init - initializes the security framework
*
* This should be called early in the kernel initialization sequence.
*/
int __init security_init(void)
{
|
|
b1d9e6b06
LSM: Switch to li...
|
54 55 |
pr_info("Security Framework initialized
");
|
|
1da177e4c
Linux-2.6.12-rc2
|
56 |
|
|
b1d9e6b06
LSM: Switch to li...
|
57 |
/* |
730daa164
Yama: remove need...
|
58 |
* Load minor LSMs, with the capability module always first. |
|
b1d9e6b06
LSM: Switch to li...
|
59 60 |
*/ capability_add_hooks(); |
|
b1d9e6b06
LSM: Switch to li...
|
61 |
yama_add_hooks(); |
|
9b091556a
LSM: LoadPin for ...
|
62 |
loadpin_add_hooks(); |
|
730daa164
Yama: remove need...
|
63 |
|
|
b1d9e6b06
LSM: Switch to li...
|
64 |
/* |
|
730daa164
Yama: remove need...
|
65 |
* Load all the remaining security modules. |
|
b1d9e6b06
LSM: Switch to li...
|
66 |
*/ |
|
1da177e4c
Linux-2.6.12-rc2
|
67 68 69 70 |
do_security_initcalls(); return 0; } |
|
076c54c5b
Security: Introdu...
|
71 72 73 74 75 76 77 78 79 80 |
/* Save user chosen LSM */
static int __init choose_lsm(char *str)
{
strncpy(chosen_lsm, str, SECURITY_NAME_MAX);
return 1;
}
__setup("security=", choose_lsm);
/**
* security_module_enable - Load given security module on boot ?
|
|
b1d9e6b06
LSM: Switch to li...
|
81 |
* @module: the name of the module |
|
076c54c5b
Security: Introdu...
|
82 83 84 |
* * Each LSM must pass this method before registering its own operations * to avoid security registration races. This method may also be used |
7cea51be4
security: fix up ...
|
85 |
* to check if your LSM is currently loaded during kernel initialization. |
|
076c54c5b
Security: Introdu...
|
86 87 88 |
* * Return true if: * -The passed LSM is the one chosen by user at boot time, |
|
6e65f92ff
Config option to ...
|
89 |
* -or the passed LSM is configured as the default and the user did not |
065d78a06
LSM: Fix security...
|
90 |
* choose an alternate LSM at boot time. |
|
076c54c5b
Security: Introdu...
|
91 92 |
* Otherwise, return false. */ |
|
b1d9e6b06
LSM: Switch to li...
|
93 |
int __init security_module_enable(const char *module) |
|
076c54c5b
Security: Introdu...
|
94 |
{
|
|
b1d9e6b06
LSM: Switch to li...
|
95 |
return !strcmp(module, chosen_lsm); |
|
076c54c5b
Security: Introdu...
|
96 |
} |
|
f25fce3e8
LSM: Introduce se...
|
97 |
/* |
|
b1d9e6b06
LSM: Switch to li...
|
98 |
* Hook list operation macros. |
|
1da177e4c
Linux-2.6.12-rc2
|
99 |
* |
|
f25fce3e8
LSM: Introduce se...
|
100 101 |
* call_void_hook: * This is a hook that does not return a value. |
|
1da177e4c
Linux-2.6.12-rc2
|
102 |
* |
|
f25fce3e8
LSM: Introduce se...
|
103 104 |
* call_int_hook: * This is a hook that returns a value. |
|
1da177e4c
Linux-2.6.12-rc2
|
105 |
*/ |
|
1da177e4c
Linux-2.6.12-rc2
|
106 |
|
|
b1d9e6b06
LSM: Switch to li...
|
107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 |
#define call_void_hook(FUNC, ...) \
do { \
struct security_hook_list *P; \
\
list_for_each_entry(P, &security_hook_heads.FUNC, list) \
P->hook.FUNC(__VA_ARGS__); \
} while (0)
#define call_int_hook(FUNC, IRC, ...) ({ \
int RC = IRC; \
do { \
struct security_hook_list *P; \
\
list_for_each_entry(P, &security_hook_heads.FUNC, list) { \
RC = P->hook.FUNC(__VA_ARGS__); \
if (RC != 0) \
break; \
} \
} while (0); \
RC; \
})
|
|
1da177e4c
Linux-2.6.12-rc2
|
128 |
|
|
20510f2f4
security: Convert...
|
129 |
/* Security operations */ |
79af73079
Add security hook...
|
130 131 |
int security_binder_set_context_mgr(struct task_struct *mgr)
{
|
|
f25fce3e8
LSM: Introduce se...
|
132 |
return call_int_hook(binder_set_context_mgr, 0, mgr); |
|
79af73079
Add security hook...
|
133 134 135 136 137 |
}
int security_binder_transaction(struct task_struct *from,
struct task_struct *to)
{
|
|
f25fce3e8
LSM: Introduce se...
|
138 |
return call_int_hook(binder_transaction, 0, from, to); |
|
79af73079
Add security hook...
|
139 140 141 142 143 |
}
int security_binder_transfer_binder(struct task_struct *from,
struct task_struct *to)
{
|
|
f25fce3e8
LSM: Introduce se...
|
144 |
return call_int_hook(binder_transfer_binder, 0, from, to); |
|
79af73079
Add security hook...
|
145 146 147 148 149 |
}
int security_binder_transfer_file(struct task_struct *from,
struct task_struct *to, struct file *file)
{
|
|
f25fce3e8
LSM: Introduce se...
|
150 |
return call_int_hook(binder_transfer_file, 0, from, to, file); |
|
79af73079
Add security hook...
|
151 |
} |
9e48858f7
security: rename ...
|
152 |
int security_ptrace_access_check(struct task_struct *child, unsigned int mode) |
|
20510f2f4
security: Convert...
|
153 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
154 |
return call_int_hook(ptrace_access_check, 0, child, mode); |
5cd9c58fb
security: Fix set...
|
155 156 157 158 |
}
int security_ptrace_traceme(struct task_struct *parent)
{
|
|
f25fce3e8
LSM: Introduce se...
|
159 |
return call_int_hook(ptrace_traceme, 0, parent); |
|
20510f2f4
security: Convert...
|
160 161 162 163 164 165 166 |
}
int security_capget(struct task_struct *target,
kernel_cap_t *effective,
kernel_cap_t *inheritable,
kernel_cap_t *permitted)
{
|
|
f25fce3e8
LSM: Introduce se...
|
167 168 |
return call_int_hook(capget, 0, target, effective, inheritable, permitted); |
|
20510f2f4
security: Convert...
|
169 |
} |
|
d84f4f992
CRED: Inaugurate ...
|
170 171 172 173 |
int security_capset(struct cred *new, const struct cred *old, const kernel_cap_t *effective, const kernel_cap_t *inheritable, const kernel_cap_t *permitted) |
|
20510f2f4
security: Convert...
|
174 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
175 176 |
return call_int_hook(capset, 0, new, old, effective, inheritable, permitted); |
|
20510f2f4
security: Convert...
|
177 |
} |
b7e724d30
capabilities: rev...
|
178 |
int security_capable(const struct cred *cred, struct user_namespace *ns, |
3486740a4
userns: security:...
|
179 |
int cap) |
|
20510f2f4
security: Convert...
|
180 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
181 |
return call_int_hook(capable, 0, cred, ns, cap, SECURITY_CAP_AUDIT); |
|
06112163f
Add a new capable...
|
182 |
} |
|
c7eba4a97
capabilities: int...
|
183 184 |
int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns, int cap) |
|
06112163f
Add a new capable...
|
185 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
186 |
return call_int_hook(capable, 0, cred, ns, cap, SECURITY_CAP_NOAUDIT); |
|
20510f2f4
security: Convert...
|
187 |
} |
|
20510f2f4
security: Convert...
|
188 189 |
int security_quotactl(int cmds, int type, int id, struct super_block *sb)
{
|
|
f25fce3e8
LSM: Introduce se...
|
190 |
return call_int_hook(quotactl, 0, cmds, type, id, sb); |
|
20510f2f4
security: Convert...
|
191 192 193 194 |
}
int security_quota_on(struct dentry *dentry)
{
|
|
f25fce3e8
LSM: Introduce se...
|
195 |
return call_int_hook(quota_on, 0, dentry); |
|
20510f2f4
security: Convert...
|
196 |
} |
|
12b3052c3
capabilities/sysl...
|
197 |
int security_syslog(int type) |
|
20510f2f4
security: Convert...
|
198 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
199 |
return call_int_hook(syslog, 0, type); |
|
20510f2f4
security: Convert...
|
200 |
} |
457db29bf
security: Introdu...
|
201 |
int security_settime64(const struct timespec64 *ts, const struct timezone *tz) |
|
20510f2f4
security: Convert...
|
202 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
203 |
return call_int_hook(settime, 0, ts, tz); |
|
20510f2f4
security: Convert...
|
204 |
} |
|
20510f2f4
security: Convert...
|
205 206 |
int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
{
|
|
b1d9e6b06
LSM: Switch to li...
|
207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 |
struct security_hook_list *hp;
int cap_sys_admin = 1;
int rc;
/*
* The module will respond with a positive value if
* it thinks the __vm_enough_memory() call should be
* made with the cap_sys_admin set. If all of the modules
* agree that it should be set it will. If any module
* thinks it should not be set it won't.
*/
list_for_each_entry(hp, &security_hook_heads.vm_enough_memory, list) {
rc = hp->hook.vm_enough_memory(mm, pages);
if (rc <= 0) {
cap_sys_admin = 0;
break;
}
}
return __vm_enough_memory(mm, pages, cap_sys_admin);
|
|
20510f2f4
security: Convert...
|
226 |
} |
|
a6f76f23d
CRED: Make execve...
|
227 |
int security_bprm_set_creds(struct linux_binprm *bprm) |
|
20510f2f4
security: Convert...
|
228 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
229 |
return call_int_hook(bprm_set_creds, 0, bprm); |
|
20510f2f4
security: Convert...
|
230 |
} |
|
a6f76f23d
CRED: Make execve...
|
231 |
int security_bprm_check(struct linux_binprm *bprm) |
|
20510f2f4
security: Convert...
|
232 |
{
|
|
6c21a7fb4
LSM: imbed ima ca...
|
233 |
int ret; |
|
f25fce3e8
LSM: Introduce se...
|
234 |
ret = call_int_hook(bprm_check_security, 0, bprm); |
|
6c21a7fb4
LSM: imbed ima ca...
|
235 236 237 |
if (ret) return ret; return ima_bprm_check(bprm); |
|
20510f2f4
security: Convert...
|
238 |
} |
|
a6f76f23d
CRED: Make execve...
|
239 |
void security_bprm_committing_creds(struct linux_binprm *bprm) |
|
20510f2f4
security: Convert...
|
240 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
241 |
call_void_hook(bprm_committing_creds, bprm); |
|
20510f2f4
security: Convert...
|
242 |
} |
|
a6f76f23d
CRED: Make execve...
|
243 |
void security_bprm_committed_creds(struct linux_binprm *bprm) |
|
20510f2f4
security: Convert...
|
244 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
245 |
call_void_hook(bprm_committed_creds, bprm); |
|
20510f2f4
security: Convert...
|
246 247 248 249 |
}
int security_bprm_secureexec(struct linux_binprm *bprm)
{
|
|
f25fce3e8
LSM: Introduce se...
|
250 |
return call_int_hook(bprm_secureexec, 0, bprm); |
|
20510f2f4
security: Convert...
|
251 252 253 254 |
}
int security_sb_alloc(struct super_block *sb)
{
|
|
f25fce3e8
LSM: Introduce se...
|
255 |
return call_int_hook(sb_alloc_security, 0, sb); |
|
20510f2f4
security: Convert...
|
256 257 258 259 |
}
void security_sb_free(struct super_block *sb)
{
|
|
f25fce3e8
LSM: Introduce se...
|
260 |
call_void_hook(sb_free_security, sb); |
|
20510f2f4
security: Convert...
|
261 |
} |
|
e00075298
LSM/SELinux: Inte...
|
262 |
int security_sb_copy_data(char *orig, char *copy) |
|
20510f2f4
security: Convert...
|
263 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
264 |
return call_int_hook(sb_copy_data, 0, orig, copy); |
|
20510f2f4
security: Convert...
|
265 |
} |
|
e00075298
LSM/SELinux: Inte...
|
266 |
EXPORT_SYMBOL(security_sb_copy_data); |
|
20510f2f4
security: Convert...
|
267 |
|
|
ff36fe2c8
LSM: Pass -o remo...
|
268 269 |
int security_sb_remount(struct super_block *sb, void *data)
{
|
|
f25fce3e8
LSM: Introduce se...
|
270 |
return call_int_hook(sb_remount, 0, sb, data); |
|
ff36fe2c8
LSM: Pass -o remo...
|
271 |
} |
|
12204e24b
security: pass mo...
|
272 |
int security_sb_kern_mount(struct super_block *sb, int flags, void *data) |
|
20510f2f4
security: Convert...
|
273 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
274 |
return call_int_hook(sb_kern_mount, 0, sb, flags, data); |
|
20510f2f4
security: Convert...
|
275 |
} |
|
2069f4578
LSM/SELinux: show...
|
276 277 |
int security_sb_show_options(struct seq_file *m, struct super_block *sb)
{
|
|
f25fce3e8
LSM: Introduce se...
|
278 |
return call_int_hook(sb_show_options, 0, m, sb); |
|
2069f4578
LSM/SELinux: show...
|
279 |
} |
|
20510f2f4
security: Convert...
|
280 281 |
int security_sb_statfs(struct dentry *dentry)
{
|
|
f25fce3e8
LSM: Introduce se...
|
282 |
return call_int_hook(sb_statfs, 0, dentry); |
|
20510f2f4
security: Convert...
|
283 |
} |
|
8a04c43b8
constify security...
|
284 |
int security_sb_mount(const char *dev_name, const struct path *path, |
|
808d4e3cf
consitify do_moun...
|
285 |
const char *type, unsigned long flags, void *data) |
|
20510f2f4
security: Convert...
|
286 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
287 |
return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data); |
|
20510f2f4
security: Convert...
|
288 |
} |
|
20510f2f4
security: Convert...
|
289 290 |
int security_sb_umount(struct vfsmount *mnt, int flags)
{
|
|
f25fce3e8
LSM: Introduce se...
|
291 |
return call_int_hook(sb_umount, 0, mnt, flags); |
|
20510f2f4
security: Convert...
|
292 |
} |
|
3b73b68c0
constify security...
|
293 |
int security_sb_pivotroot(const struct path *old_path, const struct path *new_path) |
|
20510f2f4
security: Convert...
|
294 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
295 |
return call_int_hook(sb_pivotroot, 0, old_path, new_path); |
|
20510f2f4
security: Convert...
|
296 |
} |
|
c9180a57a
Security: add get...
|
297 |
int security_sb_set_mnt_opts(struct super_block *sb, |
|
649f6e771
LSM: Add flags fi...
|
298 299 300 |
struct security_mnt_opts *opts, unsigned long kern_flags, unsigned long *set_kern_flags) |
|
c9180a57a
Security: add get...
|
301 |
{
|
|
b1d9e6b06
LSM: Switch to li...
|
302 303 304 |
return call_int_hook(sb_set_mnt_opts, opts->num_mnt_opts ? -EOPNOTSUPP : 0, sb, opts, kern_flags, set_kern_flags); |
|
c9180a57a
Security: add get...
|
305 |
} |
|
e00075298
LSM/SELinux: Inte...
|
306 |
EXPORT_SYMBOL(security_sb_set_mnt_opts); |
|
c9180a57a
Security: add get...
|
307 |
|
094f7b69e
selinux: make sec...
|
308 |
int security_sb_clone_mnt_opts(const struct super_block *oldsb, |
|
c9180a57a
Security: add get...
|
309 310 |
struct super_block *newsb)
{
|
|
f25fce3e8
LSM: Introduce se...
|
311 |
return call_int_hook(sb_clone_mnt_opts, 0, oldsb, newsb); |
|
c9180a57a
Security: add get...
|
312 |
} |
|
e00075298
LSM/SELinux: Inte...
|
313 314 315 316 |
EXPORT_SYMBOL(security_sb_clone_mnt_opts);
int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
{
|
|
f25fce3e8
LSM: Introduce se...
|
317 |
return call_int_hook(sb_parse_opts_str, 0, options, opts); |
|
e00075298
LSM/SELinux: Inte...
|
318 319 |
} EXPORT_SYMBOL(security_sb_parse_opts_str); |
|
c9180a57a
Security: add get...
|
320 |
|
|
20510f2f4
security: Convert...
|
321 322 323 |
int security_inode_alloc(struct inode *inode)
{
inode->i_security = NULL;
|
|
f25fce3e8
LSM: Introduce se...
|
324 |
return call_int_hook(inode_alloc_security, 0, inode); |
|
20510f2f4
security: Convert...
|
325 326 327 328 |
}
void security_inode_free(struct inode *inode)
{
|
|
f381c2722
integrity: move i...
|
329 |
integrity_inode_free(inode); |
|
f25fce3e8
LSM: Introduce se...
|
330 |
call_void_hook(inode_free_security, inode); |
|
20510f2f4
security: Convert...
|
331 |
} |
|
d47be3dfe
Security: Add hoo...
|
332 |
int security_dentry_init_security(struct dentry *dentry, int mode, |
|
4f3ccd765
qstr: constify de...
|
333 |
const struct qstr *name, void **ctx, |
|
d47be3dfe
Security: Add hoo...
|
334 335 |
u32 *ctxlen)
{
|
|
b1d9e6b06
LSM: Switch to li...
|
336 337 |
return call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode, name, ctx, ctxlen); |
|
d47be3dfe
Security: Add hoo...
|
338 339 |
} EXPORT_SYMBOL(security_dentry_init_security); |
2602625b7
security, overlay...
|
340 341 342 343 344 345 346 347 |
int security_dentry_create_files_as(struct dentry *dentry, int mode,
struct qstr *name,
const struct cred *old, struct cred *new)
{
return call_int_hook(dentry_create_files_as, 0, dentry, mode,
name, old, new);
}
EXPORT_SYMBOL(security_dentry_create_files_as);
|
|
20510f2f4
security: Convert...
|
348 |
int security_inode_init_security(struct inode *inode, struct inode *dir, |
|
9d8f13ba3
security: new sec...
|
349 350 |
const struct qstr *qstr, const initxattrs initxattrs, void *fs_data) |
|
20510f2f4
security: Convert...
|
351 |
{
|
|
823eb1ccd
evm: call evm_ino...
|
352 353 |
struct xattr new_xattrs[MAX_LSM_EVM_XATTR + 1]; struct xattr *lsm_xattr, *evm_xattr, *xattr; |
|
9d8f13ba3
security: new sec...
|
354 |
int ret; |
|
20510f2f4
security: Convert...
|
355 |
if (unlikely(IS_PRIVATE(inode))) |
|
fb88c2b6c
evm: fix security...
|
356 |
return 0; |
|
9d8f13ba3
security: new sec...
|
357 |
|
|
9d8f13ba3
security: new sec...
|
358 |
if (!initxattrs) |
e308fd3bb
LSM: restore cert...
|
359 360 |
return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr, NULL, NULL, NULL); |
|
9548906b2
xattr: Constify -...
|
361 |
memset(new_xattrs, 0, sizeof(new_xattrs)); |
|
9d8f13ba3
security: new sec...
|
362 |
lsm_xattr = new_xattrs; |
|
b1d9e6b06
LSM: Switch to li...
|
363 |
ret = call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr, |
|
9d8f13ba3
security: new sec...
|
364 365 366 367 368 |
&lsm_xattr->name, &lsm_xattr->value, &lsm_xattr->value_len); if (ret) goto out; |
|
823eb1ccd
evm: call evm_ino...
|
369 370 371 372 373 |
evm_xattr = lsm_xattr + 1; ret = evm_inode_init_security(inode, lsm_xattr, evm_xattr); if (ret) goto out; |
|
9d8f13ba3
security: new sec...
|
374 375 |
ret = initxattrs(inode, new_xattrs, fs_data); out: |
|
9548906b2
xattr: Constify -...
|
376 |
for (xattr = new_xattrs; xattr->value != NULL; xattr++) |
|
823eb1ccd
evm: call evm_ino...
|
377 |
kfree(xattr->value); |
|
9d8f13ba3
security: new sec...
|
378 379 380 381 382 |
return (ret == -EOPNOTSUPP) ? 0 : ret; } EXPORT_SYMBOL(security_inode_init_security); int security_old_inode_init_security(struct inode *inode, struct inode *dir, |
|
9548906b2
xattr: Constify -...
|
383 |
const struct qstr *qstr, const char **name, |
|
9d8f13ba3
security: new sec...
|
384 |
void **value, size_t *len) |
|
20510f2f4
security: Convert...
|
385 386 |
{
if (unlikely(IS_PRIVATE(inode)))
|
30e053248
security: Fix sec...
|
387 |
return -EOPNOTSUPP; |
|
e308fd3bb
LSM: restore cert...
|
388 389 |
return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr, name, value, len); |
|
20510f2f4
security: Convert...
|
390 |
} |
|
9d8f13ba3
security: new sec...
|
391 |
EXPORT_SYMBOL(security_old_inode_init_security); |
|
20510f2f4
security: Convert...
|
392 |
|
be6d3e56a
introduce new LSM...
|
393 |
#ifdef CONFIG_SECURITY_PATH |
|
d36077521
constify security...
|
394 |
int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, |
|
be6d3e56a
introduce new LSM...
|
395 396 |
unsigned int dev)
{
|
|
c6f493d63
VFS: security/: d...
|
397 |
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) |
|
be6d3e56a
introduce new LSM...
|
398 |
return 0; |
|
f25fce3e8
LSM: Introduce se...
|
399 |
return call_int_hook(path_mknod, 0, dir, dentry, mode, dev); |
|
be6d3e56a
introduce new LSM...
|
400 401 |
} EXPORT_SYMBOL(security_path_mknod); |
|
d36077521
constify security...
|
402 |
int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode) |
|
be6d3e56a
introduce new LSM...
|
403 |
{
|
|
c6f493d63
VFS: security/: d...
|
404 |
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) |
|
be6d3e56a
introduce new LSM...
|
405 |
return 0; |
|
f25fce3e8
LSM: Introduce se...
|
406 |
return call_int_hook(path_mkdir, 0, dir, dentry, mode); |
|
be6d3e56a
introduce new LSM...
|
407 |
} |
|
821404434
CacheFiles: Add c...
|
408 |
EXPORT_SYMBOL(security_path_mkdir); |
|
be6d3e56a
introduce new LSM...
|
409 |
|
|
989f74e05
constify security...
|
410 |
int security_path_rmdir(const struct path *dir, struct dentry *dentry) |
|
be6d3e56a
introduce new LSM...
|
411 |
{
|
|
c6f493d63
VFS: security/: d...
|
412 |
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) |
|
be6d3e56a
introduce new LSM...
|
413 |
return 0; |
|
f25fce3e8
LSM: Introduce se...
|
414 |
return call_int_hook(path_rmdir, 0, dir, dentry); |
|
be6d3e56a
introduce new LSM...
|
415 |
} |
|
989f74e05
constify security...
|
416 |
int security_path_unlink(const struct path *dir, struct dentry *dentry) |
|
be6d3e56a
introduce new LSM...
|
417 |
{
|
|
c6f493d63
VFS: security/: d...
|
418 |
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) |
|
be6d3e56a
introduce new LSM...
|
419 |
return 0; |
|
f25fce3e8
LSM: Introduce se...
|
420 |
return call_int_hook(path_unlink, 0, dir, dentry); |
|
be6d3e56a
introduce new LSM...
|
421 |
} |
|
821404434
CacheFiles: Add c...
|
422 |
EXPORT_SYMBOL(security_path_unlink); |
|
be6d3e56a
introduce new LSM...
|
423 |
|
|
d36077521
constify security...
|
424 |
int security_path_symlink(const struct path *dir, struct dentry *dentry, |
|
be6d3e56a
introduce new LSM...
|
425 426 |
const char *old_name)
{
|
|
c6f493d63
VFS: security/: d...
|
427 |
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) |
|
be6d3e56a
introduce new LSM...
|
428 |
return 0; |
|
f25fce3e8
LSM: Introduce se...
|
429 |
return call_int_hook(path_symlink, 0, dir, dentry, old_name); |
|
be6d3e56a
introduce new LSM...
|
430 |
} |
|
3ccee46ab
constify security...
|
431 |
int security_path_link(struct dentry *old_dentry, const struct path *new_dir, |
|
be6d3e56a
introduce new LSM...
|
432 433 |
struct dentry *new_dentry)
{
|
|
c6f493d63
VFS: security/: d...
|
434 |
if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)))) |
|
be6d3e56a
introduce new LSM...
|
435 |
return 0; |
|
f25fce3e8
LSM: Introduce se...
|
436 |
return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry); |
|
be6d3e56a
introduce new LSM...
|
437 |
} |
|
3ccee46ab
constify security...
|
438 439 |
int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry, |
0b3974eb0
security: add fla...
|
440 |
unsigned int flags) |
|
be6d3e56a
introduce new LSM...
|
441 |
{
|
|
c6f493d63
VFS: security/: d...
|
442 443 |
if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) || (d_is_positive(new_dentry) && IS_PRIVATE(d_backing_inode(new_dentry))))) |
|
be6d3e56a
introduce new LSM...
|
444 |
return 0; |
|
da1ce0670
vfs: add cross-re...
|
445 446 |
if (flags & RENAME_EXCHANGE) {
|
|
f25fce3e8
LSM: Introduce se...
|
447 448 |
int err = call_int_hook(path_rename, 0, new_dir, new_dentry, old_dir, old_dentry); |
|
da1ce0670
vfs: add cross-re...
|
449 450 451 |
if (err) return err; } |
|
f25fce3e8
LSM: Introduce se...
|
452 453 |
return call_int_hook(path_rename, 0, old_dir, old_dentry, new_dir, new_dentry); |
|
be6d3e56a
introduce new LSM...
|
454 |
} |
|
821404434
CacheFiles: Add c...
|
455 |
EXPORT_SYMBOL(security_path_rename); |
|
be6d3e56a
introduce new LSM...
|
456 |
|
|
81f4c5060
constify security...
|
457 |
int security_path_truncate(const struct path *path) |
|
be6d3e56a
introduce new LSM...
|
458 |
{
|
|
c6f493d63
VFS: security/: d...
|
459 |
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) |
|
be6d3e56a
introduce new LSM...
|
460 |
return 0; |
|
f25fce3e8
LSM: Introduce se...
|
461 |
return call_int_hook(path_truncate, 0, path); |
|
be6d3e56a
introduce new LSM...
|
462 |
} |
|
89eda0683
LSM: Add security...
|
463 |
|
|
be01f9f28
constify chmod_co...
|
464 |
int security_path_chmod(const struct path *path, umode_t mode) |
|
89eda0683
LSM: Add security...
|
465 |
{
|
|
c6f493d63
VFS: security/: d...
|
466 |
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) |
|
89eda0683
LSM: Add security...
|
467 |
return 0; |
|
f25fce3e8
LSM: Introduce se...
|
468 |
return call_int_hook(path_chmod, 0, path, mode); |
|
89eda0683
LSM: Add security...
|
469 |
} |
|
7fd25dac9
constify chown_co...
|
470 |
int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) |
|
89eda0683
LSM: Add security...
|
471 |
{
|
|
c6f493d63
VFS: security/: d...
|
472 |
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) |
|
89eda0683
LSM: Add security...
|
473 |
return 0; |
|
f25fce3e8
LSM: Introduce se...
|
474 |
return call_int_hook(path_chown, 0, path, uid, gid); |
|
89eda0683
LSM: Add security...
|
475 |
} |
|
8b8efb440
LSM: Add security...
|
476 |
|
|
77b286c0d
constify security...
|
477 |
int security_path_chroot(const struct path *path) |
|
8b8efb440
LSM: Add security...
|
478 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
479 |
return call_int_hook(path_chroot, 0, path); |
|
8b8efb440
LSM: Add security...
|
480 |
} |
|
be6d3e56a
introduce new LSM...
|
481 |
#endif |
|
4acdaf27e
switch ->create()...
|
482 |
int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode) |
|
20510f2f4
security: Convert...
|
483 484 485 |
{
if (unlikely(IS_PRIVATE(dir)))
return 0;
|
|
f25fce3e8
LSM: Introduce se...
|
486 |
return call_int_hook(inode_create, 0, dir, dentry, mode); |
|
20510f2f4
security: Convert...
|
487 |
} |
|
800a96478
CacheFiles: Expor...
|
488 |
EXPORT_SYMBOL_GPL(security_inode_create); |
|
20510f2f4
security: Convert...
|
489 490 491 492 |
int security_inode_link(struct dentry *old_dentry, struct inode *dir,
struct dentry *new_dentry)
{
|
|
c6f493d63
VFS: security/: d...
|
493 |
if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)))) |
|
20510f2f4
security: Convert...
|
494 |
return 0; |
|
f25fce3e8
LSM: Introduce se...
|
495 |
return call_int_hook(inode_link, 0, old_dentry, dir, new_dentry); |
|
20510f2f4
security: Convert...
|
496 497 498 499 |
}
int security_inode_unlink(struct inode *dir, struct dentry *dentry)
{
|
|
c6f493d63
VFS: security/: d...
|
500 |
if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) |
|
20510f2f4
security: Convert...
|
501 |
return 0; |
|
f25fce3e8
LSM: Introduce se...
|
502 |
return call_int_hook(inode_unlink, 0, dir, dentry); |
|
20510f2f4
security: Convert...
|
503 504 505 506 507 508 509 |
}
int security_inode_symlink(struct inode *dir, struct dentry *dentry,
const char *old_name)
{
if (unlikely(IS_PRIVATE(dir)))
return 0;
|
|
f25fce3e8
LSM: Introduce se...
|
510 |
return call_int_hook(inode_symlink, 0, dir, dentry, old_name); |
|
20510f2f4
security: Convert...
|
511 |
} |
|
18bb1db3e
switch vfs_mkdir(...
|
512 |
int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) |
|
20510f2f4
security: Convert...
|
513 514 515 |
{
if (unlikely(IS_PRIVATE(dir)))
return 0;
|
|
f25fce3e8
LSM: Introduce se...
|
516 |
return call_int_hook(inode_mkdir, 0, dir, dentry, mode); |
|
20510f2f4
security: Convert...
|
517 |
} |
|
800a96478
CacheFiles: Expor...
|
518 |
EXPORT_SYMBOL_GPL(security_inode_mkdir); |
|
20510f2f4
security: Convert...
|
519 520 521 |
int security_inode_rmdir(struct inode *dir, struct dentry *dentry)
{
|
|
c6f493d63
VFS: security/: d...
|
522 |
if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) |
|
20510f2f4
security: Convert...
|
523 |
return 0; |
|
f25fce3e8
LSM: Introduce se...
|
524 |
return call_int_hook(inode_rmdir, 0, dir, dentry); |
|
20510f2f4
security: Convert...
|
525 |
} |
|
1a67aafb5
switch ->mknod() ...
|
526 |
int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) |
|
20510f2f4
security: Convert...
|
527 528 529 |
{
if (unlikely(IS_PRIVATE(dir)))
return 0;
|
|
f25fce3e8
LSM: Introduce se...
|
530 |
return call_int_hook(inode_mknod, 0, dir, dentry, mode, dev); |
|
20510f2f4
security: Convert...
|
531 532 533 |
} int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, |
|
0b3974eb0
security: add fla...
|
534 535 |
struct inode *new_dir, struct dentry *new_dentry, unsigned int flags) |
|
20510f2f4
security: Convert...
|
536 |
{
|
|
c6f493d63
VFS: security/: d...
|
537 538 |
if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) ||
(d_is_positive(new_dentry) && IS_PRIVATE(d_backing_inode(new_dentry)))))
|
|
20510f2f4
security: Convert...
|
539 |
return 0; |
|
da1ce0670
vfs: add cross-re...
|
540 541 |
if (flags & RENAME_EXCHANGE) {
|
|
f25fce3e8
LSM: Introduce se...
|
542 |
int err = call_int_hook(inode_rename, 0, new_dir, new_dentry, |
|
da1ce0670
vfs: add cross-re...
|
543 544 545 546 |
old_dir, old_dentry); if (err) return err; } |
|
f25fce3e8
LSM: Introduce se...
|
547 |
return call_int_hook(inode_rename, 0, old_dir, old_dentry, |
|
20510f2f4
security: Convert...
|
548 549 550 551 552 |
new_dir, new_dentry);
}
int security_inode_readlink(struct dentry *dentry)
{
|
|
c6f493d63
VFS: security/: d...
|
553 |
if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) |
|
20510f2f4
security: Convert...
|
554 |
return 0; |
|
f25fce3e8
LSM: Introduce se...
|
555 |
return call_int_hook(inode_readlink, 0, dentry); |
|
20510f2f4
security: Convert...
|
556 |
} |
bda0be7ad
security: make in...
|
557 558 |
int security_inode_follow_link(struct dentry *dentry, struct inode *inode, bool rcu) |
|
20510f2f4
security: Convert...
|
559 |
{
|
|
bda0be7ad
security: make in...
|
560 |
if (unlikely(IS_PRIVATE(inode))) |
|
20510f2f4
security: Convert...
|
561 |
return 0; |
e22619a29
Merge branch 'nex...
|
562 |
return call_int_hook(inode_follow_link, 0, dentry, inode, rcu); |
|
20510f2f4
security: Convert...
|
563 |
} |
|
b77b0646e
[PATCH] pass MAY_...
|
564 |
int security_inode_permission(struct inode *inode, int mask) |
|
20510f2f4
security: Convert...
|
565 566 567 |
{
if (unlikely(IS_PRIVATE(inode)))
return 0;
|
|
f25fce3e8
LSM: Introduce se...
|
568 |
return call_int_hook(inode_permission, 0, inode, mask); |
|
20510f2f4
security: Convert...
|
569 570 571 572 |
}
int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
{
|
|
817b54aa4
evm: add evm_inod...
|
573 |
int ret; |
|
c6f493d63
VFS: security/: d...
|
574 |
if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) |
|
20510f2f4
security: Convert...
|
575 |
return 0; |
|
f25fce3e8
LSM: Introduce se...
|
576 |
ret = call_int_hook(inode_setattr, 0, dentry, attr); |
|
817b54aa4
evm: add evm_inod...
|
577 578 579 |
if (ret) return ret; return evm_inode_setattr(dentry, attr); |
|
20510f2f4
security: Convert...
|
580 |
} |
|
b1da47e29
[patch 3/4] fat: ...
|
581 |
EXPORT_SYMBOL_GPL(security_inode_setattr); |
|
20510f2f4
security: Convert...
|
582 |
|
|
3f7036a07
switch security_i...
|
583 |
int security_inode_getattr(const struct path *path) |
|
20510f2f4
security: Convert...
|
584 |
{
|
|
c6f493d63
VFS: security/: d...
|
585 |
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) |
|
20510f2f4
security: Convert...
|
586 |
return 0; |
|
f25fce3e8
LSM: Introduce se...
|
587 |
return call_int_hook(inode_getattr, 0, path); |
|
20510f2f4
security: Convert...
|
588 |
} |
|
8f0cfa52a
xattr: add missin...
|
589 590 |
int security_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) |
|
20510f2f4
security: Convert...
|
591 |
{
|
|
3e1be52d6
security: imbed e...
|
592 |
int ret; |
|
c6f493d63
VFS: security/: d...
|
593 |
if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) |
|
20510f2f4
security: Convert...
|
594 |
return 0; |
|
b1d9e6b06
LSM: Switch to li...
|
595 596 597 598 599 |
/* * SELinux and Smack integrate the cap call, * so assume that all LSMs supplying this call do so. */ ret = call_int_hook(inode_setxattr, 1, dentry, name, value, size, |
|
f25fce3e8
LSM: Introduce se...
|
600 |
flags); |
|
b1d9e6b06
LSM: Switch to li...
|
601 602 603 |
if (ret == 1) ret = cap_inode_setxattr(dentry, name, value, size, flags); |
|
3e1be52d6
security: imbed e...
|
604 605 |
if (ret) return ret; |
|
42c63330f
ima: add ima_inod...
|
606 607 608 |
ret = ima_inode_setxattr(dentry, name, value, size); if (ret) return ret; |
|
3e1be52d6
security: imbed e...
|
609 |
return evm_inode_setxattr(dentry, name, value, size); |
|
20510f2f4
security: Convert...
|
610 |
} |
|
8f0cfa52a
xattr: add missin...
|
611 612 |
void security_inode_post_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) |
|
20510f2f4
security: Convert...
|
613 |
{
|
|
c6f493d63
VFS: security/: d...
|
614 |
if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) |
|
20510f2f4
security: Convert...
|
615 |
return; |
|
f25fce3e8
LSM: Introduce se...
|
616 |
call_void_hook(inode_post_setxattr, dentry, name, value, size, flags); |
|
3e1be52d6
security: imbed e...
|
617 |
evm_inode_post_setxattr(dentry, name, value, size); |
|
20510f2f4
security: Convert...
|
618 |
} |
|
8f0cfa52a
xattr: add missin...
|
619 |
int security_inode_getxattr(struct dentry *dentry, const char *name) |
|
20510f2f4
security: Convert...
|
620 |
{
|
|
c6f493d63
VFS: security/: d...
|
621 |
if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) |
|
20510f2f4
security: Convert...
|
622 |
return 0; |
|
f25fce3e8
LSM: Introduce se...
|
623 |
return call_int_hook(inode_getxattr, 0, dentry, name); |
|
20510f2f4
security: Convert...
|
624 625 626 627 |
}
int security_inode_listxattr(struct dentry *dentry)
{
|
|
c6f493d63
VFS: security/: d...
|
628 |
if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) |
|
20510f2f4
security: Convert...
|
629 |
return 0; |
|
f25fce3e8
LSM: Introduce se...
|
630 |
return call_int_hook(inode_listxattr, 0, dentry); |
|
20510f2f4
security: Convert...
|
631 |
} |
|
8f0cfa52a
xattr: add missin...
|
632 |
int security_inode_removexattr(struct dentry *dentry, const char *name) |
|
20510f2f4
security: Convert...
|
633 |
{
|
|
3e1be52d6
security: imbed e...
|
634 |
int ret; |
|
c6f493d63
VFS: security/: d...
|
635 |
if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) |
|
20510f2f4
security: Convert...
|
636 |
return 0; |
|
b1d9e6b06
LSM: Switch to li...
|
637 638 639 640 641 642 643 |
/* * SELinux and Smack integrate the cap call, * so assume that all LSMs supplying this call do so. */ ret = call_int_hook(inode_removexattr, 1, dentry, name); if (ret == 1) ret = cap_inode_removexattr(dentry, name); |
|
3e1be52d6
security: imbed e...
|
644 645 |
if (ret) return ret; |
|
42c63330f
ima: add ima_inod...
|
646 647 648 |
ret = ima_inode_removexattr(dentry, name); if (ret) return ret; |
|
3e1be52d6
security: imbed e...
|
649 |
return evm_inode_removexattr(dentry, name); |
|
20510f2f4
security: Convert...
|
650 |
} |
b53767719
Implement file po...
|
651 652 |
int security_inode_need_killpriv(struct dentry *dentry)
{
|
|
f25fce3e8
LSM: Introduce se...
|
653 |
return call_int_hook(inode_need_killpriv, 0, dentry); |
|
b53767719
Implement file po...
|
654 655 656 657 |
}
int security_inode_killpriv(struct dentry *dentry)
{
|
|
f25fce3e8
LSM: Introduce se...
|
658 |
return call_int_hook(inode_killpriv, 0, dentry); |
|
b53767719
Implement file po...
|
659 |
} |
ea861dfd9
security: Make in...
|
660 |
int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc) |
|
20510f2f4
security: Convert...
|
661 |
{
|
|
2885c1e3e
LSM: Fix for secu...
|
662 663 |
struct security_hook_list *hp; int rc; |
|
20510f2f4
security: Convert...
|
664 |
if (unlikely(IS_PRIVATE(inode))) |
|
8d9525048
security: correct...
|
665 |
return -EOPNOTSUPP; |
|
2885c1e3e
LSM: Fix for secu...
|
666 667 668 669 670 671 672 673 674 |
/*
* Only one module will provide an attribute with a given name.
*/
list_for_each_entry(hp, &security_hook_heads.inode_getsecurity, list) {
rc = hp->hook.inode_getsecurity(inode, name, buffer, alloc);
if (rc != -EOPNOTSUPP)
return rc;
}
return -EOPNOTSUPP;
|
|
20510f2f4
security: Convert...
|
675 676 677 678 |
}
int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
{
|
|
2885c1e3e
LSM: Fix for secu...
|
679 680 |
struct security_hook_list *hp; int rc; |
|
20510f2f4
security: Convert...
|
681 |
if (unlikely(IS_PRIVATE(inode))) |
|
8d9525048
security: correct...
|
682 |
return -EOPNOTSUPP; |
|
2885c1e3e
LSM: Fix for secu...
|
683 684 685 686 687 688 689 690 691 692 |
/*
* Only one module will provide an attribute with a given name.
*/
list_for_each_entry(hp, &security_hook_heads.inode_setsecurity, list) {
rc = hp->hook.inode_setsecurity(inode, name, value, size,
flags);
if (rc != -EOPNOTSUPP)
return rc;
}
return -EOPNOTSUPP;
|
|
20510f2f4
security: Convert...
|
693 694 695 696 697 698 |
}
int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
{
if (unlikely(IS_PRIVATE(inode)))
return 0;
|
|
f25fce3e8
LSM: Introduce se...
|
699 |
return call_int_hook(inode_listsecurity, 0, inode, buffer, buffer_size); |
|
20510f2f4
security: Convert...
|
700 |
} |
|
c9bccef6b
NFS: Extend NFS x...
|
701 |
EXPORT_SYMBOL(security_inode_listsecurity); |
|
20510f2f4
security: Convert...
|
702 |
|
|
d6335d77a
security: Make in...
|
703 |
void security_inode_getsecid(struct inode *inode, u32 *secid) |
|
8a076191f
LSM: Introduce in...
|
704 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
705 |
call_void_hook(inode_getsecid, inode, secid); |
|
8a076191f
LSM: Introduce in...
|
706 |
} |
|
d8ad8b496
security, overlay...
|
707 708 709 710 711 |
int security_inode_copy_up(struct dentry *src, struct cred **new)
{
return call_int_hook(inode_copy_up, 0, src, new);
}
EXPORT_SYMBOL(security_inode_copy_up);
|
|
121ab822e
security,overlayf...
|
712 713 714 715 716 |
int security_inode_copy_up_xattr(const char *name)
{
return call_int_hook(inode_copy_up_xattr, -EOPNOTSUPP, name);
}
EXPORT_SYMBOL(security_inode_copy_up_xattr);
|
|
20510f2f4
security: Convert...
|
717 718 |
int security_file_permission(struct file *file, int mask)
{
|
|
c4ec54b40
fsnotify: new fsn...
|
719 |
int ret; |
|
f25fce3e8
LSM: Introduce se...
|
720 |
ret = call_int_hook(file_permission, 0, file, mask); |
|
c4ec54b40
fsnotify: new fsn...
|
721 722 723 724 |
if (ret) return ret; return fsnotify_perm(file, mask); |
|
20510f2f4
security: Convert...
|
725 726 727 728 |
}
int security_file_alloc(struct file *file)
{
|
|
f25fce3e8
LSM: Introduce se...
|
729 |
return call_int_hook(file_alloc_security, 0, file); |
|
20510f2f4
security: Convert...
|
730 731 732 733 |
}
void security_file_free(struct file *file)
{
|
|
f25fce3e8
LSM: Introduce se...
|
734 |
call_void_hook(file_free_security, file); |
|
20510f2f4
security: Convert...
|
735 736 737 738 |
}
int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{
|
|
f25fce3e8
LSM: Introduce se...
|
739 |
return call_int_hook(file_ioctl, 0, file, cmd, arg); |
|
20510f2f4
security: Convert...
|
740 |
} |
|
98de59bfe
take calculation ...
|
741 |
static inline unsigned long mmap_prot(struct file *file, unsigned long prot) |
|
20510f2f4
security: Convert...
|
742 |
{
|
|
8b3ec6814
take security_mma...
|
743 |
/* |
|
98de59bfe
take calculation ...
|
744 745 |
* Does we have PROT_READ and does the application expect * it to imply PROT_EXEC? If not, nothing to talk about... |
|
8b3ec6814
take security_mma...
|
746 |
*/ |
|
98de59bfe
take calculation ...
|
747 748 |
if ((prot & (PROT_READ | PROT_EXEC)) != PROT_READ) return prot; |
|
8b3ec6814
take security_mma...
|
749 |
if (!(current->personality & READ_IMPLIES_EXEC)) |
|
98de59bfe
take calculation ...
|
750 751 752 753 754 755 756 757 |
return prot; /* * if that's an anonymous mapping, let it. */ if (!file) return prot | PROT_EXEC; /* * ditto if it's not on noexec mount, except that on !MMU we need |
b4caecd48
fs: introduce f_o...
|
758 |
* NOMMU_MAP_EXEC (== VM_MAYEXEC) in this case |
|
98de59bfe
take calculation ...
|
759 |
*/ |
90f8572b0
vfs: Commit to ne...
|
760 |
if (!path_noexec(&file->f_path)) {
|
|
8b3ec6814
take security_mma...
|
761 |
#ifndef CONFIG_MMU |
|
b4caecd48
fs: introduce f_o...
|
762 763 764 765 766 |
if (file->f_op->mmap_capabilities) {
unsigned caps = file->f_op->mmap_capabilities(file);
if (!(caps & NOMMU_MAP_EXEC))
return prot;
}
|
|
8b3ec6814
take security_mma...
|
767 |
#endif |
|
98de59bfe
take calculation ...
|
768 |
return prot | PROT_EXEC; |
|
8b3ec6814
take security_mma...
|
769 |
} |
|
98de59bfe
take calculation ...
|
770 771 772 773 774 775 776 777 |
/* anything on noexec mount won't get PROT_EXEC */
return prot;
}
int security_mmap_file(struct file *file, unsigned long prot,
unsigned long flags)
{
int ret;
|
|
f25fce3e8
LSM: Introduce se...
|
778 |
ret = call_int_hook(mmap_file, 0, file, prot, |
|
98de59bfe
take calculation ...
|
779 |
mmap_prot(file, prot), flags); |
|
6c21a7fb4
LSM: imbed ima ca...
|
780 781 782 |
if (ret) return ret; return ima_file_mmap(file, prot); |
|
20510f2f4
security: Convert...
|
783 |
} |
|
e5467859f
split ->file_mmap...
|
784 785 |
int security_mmap_addr(unsigned long addr)
{
|
|
f25fce3e8
LSM: Introduce se...
|
786 |
return call_int_hook(mmap_addr, 0, addr); |
|
e5467859f
split ->file_mmap...
|
787 |
} |
|
20510f2f4
security: Convert...
|
788 789 790 |
int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
unsigned long prot)
{
|
|
f25fce3e8
LSM: Introduce se...
|
791 |
return call_int_hook(file_mprotect, 0, vma, reqprot, prot); |
|
20510f2f4
security: Convert...
|
792 793 794 795 |
}
int security_file_lock(struct file *file, unsigned int cmd)
{
|
|
f25fce3e8
LSM: Introduce se...
|
796 |
return call_int_hook(file_lock, 0, file, cmd); |
|
20510f2f4
security: Convert...
|
797 798 799 800 |
}
int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
{
|
|
f25fce3e8
LSM: Introduce se...
|
801 |
return call_int_hook(file_fcntl, 0, file, cmd, arg); |
|
20510f2f4
security: Convert...
|
802 |
} |
e0b93eddf
security: make se...
|
803 |
void security_file_set_fowner(struct file *file) |
|
20510f2f4
security: Convert...
|
804 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
805 |
call_void_hook(file_set_fowner, file); |
|
20510f2f4
security: Convert...
|
806 807 808 809 810 |
}
int security_file_send_sigiotask(struct task_struct *tsk,
struct fown_struct *fown, int sig)
{
|
|
f25fce3e8
LSM: Introduce se...
|
811 |
return call_int_hook(file_send_sigiotask, 0, tsk, fown, sig); |
|
20510f2f4
security: Convert...
|
812 813 814 815 |
}
int security_file_receive(struct file *file)
{
|
|
f25fce3e8
LSM: Introduce se...
|
816 |
return call_int_hook(file_receive, 0, file); |
|
20510f2f4
security: Convert...
|
817 |
} |
|
83d498569
SELinux: rename d...
|
818 |
int security_file_open(struct file *file, const struct cred *cred) |
|
20510f2f4
security: Convert...
|
819 |
{
|
|
c4ec54b40
fsnotify: new fsn...
|
820 |
int ret; |
|
f25fce3e8
LSM: Introduce se...
|
821 |
ret = call_int_hook(file_open, 0, file, cred); |
|
c4ec54b40
fsnotify: new fsn...
|
822 823 824 825 |
if (ret) return ret; return fsnotify_perm(file, MAY_OPEN); |
|
20510f2f4
security: Convert...
|
826 827 828 829 |
}
int security_task_create(unsigned long clone_flags)
{
|
|
f25fce3e8
LSM: Introduce se...
|
830 |
return call_int_hook(task_create, 0, clone_flags); |
|
20510f2f4
security: Convert...
|
831 |
} |
|
1a2a4d06e
security: create ...
|
832 833 |
void security_task_free(struct task_struct *task)
{
|
|
f25fce3e8
LSM: Introduce se...
|
834 |
call_void_hook(task_free, task); |
|
1a2a4d06e
security: create ...
|
835 |
} |
|
ee18d64c1
KEYS: Add a keyct...
|
836 837 |
int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
{
|
|
f25fce3e8
LSM: Introduce se...
|
838 |
return call_int_hook(cred_alloc_blank, 0, cred, gfp); |
|
ee18d64c1
KEYS: Add a keyct...
|
839 |
} |
|
d84f4f992
CRED: Inaugurate ...
|
840 |
void security_cred_free(struct cred *cred) |
|
20510f2f4
security: Convert...
|
841 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
842 |
call_void_hook(cred_free, cred); |
|
20510f2f4
security: Convert...
|
843 |
} |
|
d84f4f992
CRED: Inaugurate ...
|
844 |
int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp) |
|
20510f2f4
security: Convert...
|
845 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
846 |
return call_int_hook(cred_prepare, 0, new, old, gfp); |
|
d84f4f992
CRED: Inaugurate ...
|
847 |
} |
|
ee18d64c1
KEYS: Add a keyct...
|
848 849 |
void security_transfer_creds(struct cred *new, const struct cred *old)
{
|
|
f25fce3e8
LSM: Introduce se...
|
850 |
call_void_hook(cred_transfer, new, old); |
|
ee18d64c1
KEYS: Add a keyct...
|
851 |
} |
|
3a3b7ce93
CRED: Allow kerne...
|
852 853 |
int security_kernel_act_as(struct cred *new, u32 secid)
{
|
|
f25fce3e8
LSM: Introduce se...
|
854 |
return call_int_hook(kernel_act_as, 0, new, secid); |
|
3a3b7ce93
CRED: Allow kerne...
|
855 856 857 858 |
}
int security_kernel_create_files_as(struct cred *new, struct inode *inode)
{
|
|
f25fce3e8
LSM: Introduce se...
|
859 |
return call_int_hook(kernel_create_files_as, 0, new, inode); |
|
3a3b7ce93
CRED: Allow kerne...
|
860 |
} |
|
dd8dbf2e6
security: report ...
|
861 |
int security_kernel_module_request(char *kmod_name) |
|
9188499cd
security: introdu...
|
862 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
863 |
return call_int_hook(kernel_module_request, 0, kmod_name); |
|
9188499cd
security: introdu...
|
864 |
} |
|
39eeb4fb9
security: define ...
|
865 866 867 868 869 870 871 872 873 874 |
int security_kernel_read_file(struct file *file, enum kernel_read_file_id id)
{
int ret;
ret = call_int_hook(kernel_read_file, 0, file, id);
if (ret)
return ret;
return ima_read_file(file, id);
}
EXPORT_SYMBOL_GPL(security_kernel_read_file);
|
|
bc8ca5b92
vfs: define kerne...
|
875 876 |
int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, enum kernel_read_file_id id) |
|
b44a7dfc6
vfs: define a gen...
|
877 |
{
|
|
cf2222178
ima: define a new...
|
878 879 880 881 882 883 |
int ret; ret = call_int_hook(kernel_post_read_file, 0, file, buf, size, id); if (ret) return ret; return ima_post_read_file(file, buf, size, id); |
|
b44a7dfc6
vfs: define a gen...
|
884 885 |
} EXPORT_SYMBOL_GPL(security_kernel_post_read_file); |
|
d84f4f992
CRED: Inaugurate ...
|
886 887 |
int security_task_fix_setuid(struct cred *new, const struct cred *old, int flags) |
|
20510f2f4
security: Convert...
|
888 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
889 |
return call_int_hook(task_fix_setuid, 0, new, old, flags); |
|
20510f2f4
security: Convert...
|
890 |
} |
|
20510f2f4
security: Convert...
|
891 892 |
int security_task_setpgid(struct task_struct *p, pid_t pgid)
{
|
|
f25fce3e8
LSM: Introduce se...
|
893 |
return call_int_hook(task_setpgid, 0, p, pgid); |
|
20510f2f4
security: Convert...
|
894 895 896 897 |
}
int security_task_getpgid(struct task_struct *p)
{
|
|
f25fce3e8
LSM: Introduce se...
|
898 |
return call_int_hook(task_getpgid, 0, p); |
|
20510f2f4
security: Convert...
|
899 900 901 902 |
}
int security_task_getsid(struct task_struct *p)
{
|
|
f25fce3e8
LSM: Introduce se...
|
903 |
return call_int_hook(task_getsid, 0, p); |
|
20510f2f4
security: Convert...
|
904 905 906 907 |
}
void security_task_getsecid(struct task_struct *p, u32 *secid)
{
|
|
b1d9e6b06
LSM: Switch to li...
|
908 |
*secid = 0; |
|
f25fce3e8
LSM: Introduce se...
|
909 |
call_void_hook(task_getsecid, p, secid); |
|
20510f2f4
security: Convert...
|
910 911 |
} EXPORT_SYMBOL(security_task_getsecid); |
|
20510f2f4
security: Convert...
|
912 913 |
int security_task_setnice(struct task_struct *p, int nice)
{
|
|
f25fce3e8
LSM: Introduce se...
|
914 |
return call_int_hook(task_setnice, 0, p, nice); |
|
20510f2f4
security: Convert...
|
915 916 917 918 |
}
int security_task_setioprio(struct task_struct *p, int ioprio)
{
|
|
f25fce3e8
LSM: Introduce se...
|
919 |
return call_int_hook(task_setioprio, 0, p, ioprio); |
|
20510f2f4
security: Convert...
|
920 921 922 923 |
}
int security_task_getioprio(struct task_struct *p)
{
|
|
f25fce3e8
LSM: Introduce se...
|
924 |
return call_int_hook(task_getioprio, 0, p); |
|
20510f2f4
security: Convert...
|
925 |
} |
8fd00b4d7
rlimits: security...
|
926 927 |
int security_task_setrlimit(struct task_struct *p, unsigned int resource, struct rlimit *new_rlim) |
|
20510f2f4
security: Convert...
|
928 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
929 |
return call_int_hook(task_setrlimit, 0, p, resource, new_rlim); |
|
20510f2f4
security: Convert...
|
930 |
} |
b0ae19811
security: remove ...
|
931 |
int security_task_setscheduler(struct task_struct *p) |
|
20510f2f4
security: Convert...
|
932 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
933 |
return call_int_hook(task_setscheduler, 0, p); |
|
20510f2f4
security: Convert...
|
934 935 936 937 |
}
int security_task_getscheduler(struct task_struct *p)
{
|
|
f25fce3e8
LSM: Introduce se...
|
938 |
return call_int_hook(task_getscheduler, 0, p); |
|
20510f2f4
security: Convert...
|
939 940 941 942 |
}
int security_task_movememory(struct task_struct *p)
{
|
|
f25fce3e8
LSM: Introduce se...
|
943 |
return call_int_hook(task_movememory, 0, p); |
|
20510f2f4
security: Convert...
|
944 945 946 947 948 |
}
int security_task_kill(struct task_struct *p, struct siginfo *info,
int sig, u32 secid)
{
|
|
f25fce3e8
LSM: Introduce se...
|
949 |
return call_int_hook(task_kill, 0, p, info, sig, secid); |
|
20510f2f4
security: Convert...
|
950 951 952 953 |
}
int security_task_wait(struct task_struct *p)
{
|
|
f25fce3e8
LSM: Introduce se...
|
954 |
return call_int_hook(task_wait, 0, p); |
|
20510f2f4
security: Convert...
|
955 956 957 |
} int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
|
d84f4f992
CRED: Inaugurate ...
|
958 |
unsigned long arg4, unsigned long arg5) |
|
20510f2f4
security: Convert...
|
959 |
{
|
|
b1d9e6b06
LSM: Switch to li...
|
960 961 962 963 964 965 966 967 968 969 970 971 972 |
int thisrc;
int rc = -ENOSYS;
struct security_hook_list *hp;
list_for_each_entry(hp, &security_hook_heads.task_prctl, list) {
thisrc = hp->hook.task_prctl(option, arg2, arg3, arg4, arg5);
if (thisrc != -ENOSYS) {
rc = thisrc;
if (thisrc != 0)
break;
}
}
return rc;
|
|
20510f2f4
security: Convert...
|
973 974 975 976 |
}
void security_task_to_inode(struct task_struct *p, struct inode *inode)
{
|
|
f25fce3e8
LSM: Introduce se...
|
977 |
call_void_hook(task_to_inode, p, inode); |
|
20510f2f4
security: Convert...
|
978 979 980 981 |
}
int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
{
|
|
f25fce3e8
LSM: Introduce se...
|
982 |
return call_int_hook(ipc_permission, 0, ipcp, flag); |
|
20510f2f4
security: Convert...
|
983 |
} |
|
8a076191f
LSM: Introduce in...
|
984 985 |
void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
{
|
|
b1d9e6b06
LSM: Switch to li...
|
986 |
*secid = 0; |
|
f25fce3e8
LSM: Introduce se...
|
987 |
call_void_hook(ipc_getsecid, ipcp, secid); |
|
8a076191f
LSM: Introduce in...
|
988 |
} |
|
20510f2f4
security: Convert...
|
989 990 |
int security_msg_msg_alloc(struct msg_msg *msg)
{
|
|
f25fce3e8
LSM: Introduce se...
|
991 |
return call_int_hook(msg_msg_alloc_security, 0, msg); |
|
20510f2f4
security: Convert...
|
992 993 994 995 |
}
void security_msg_msg_free(struct msg_msg *msg)
{
|
|
f25fce3e8
LSM: Introduce se...
|
996 |
call_void_hook(msg_msg_free_security, msg); |
|
20510f2f4
security: Convert...
|
997 998 999 1000 |
}
int security_msg_queue_alloc(struct msg_queue *msq)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1001 |
return call_int_hook(msg_queue_alloc_security, 0, msq); |
|
20510f2f4
security: Convert...
|
1002 1003 1004 1005 |
}
void security_msg_queue_free(struct msg_queue *msq)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1006 |
call_void_hook(msg_queue_free_security, msq); |
|
20510f2f4
security: Convert...
|
1007 1008 1009 1010 |
}
int security_msg_queue_associate(struct msg_queue *msq, int msqflg)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1011 |
return call_int_hook(msg_queue_associate, 0, msq, msqflg); |
|
20510f2f4
security: Convert...
|
1012 1013 1014 1015 |
}
int security_msg_queue_msgctl(struct msg_queue *msq, int cmd)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1016 |
return call_int_hook(msg_queue_msgctl, 0, msq, cmd); |
|
20510f2f4
security: Convert...
|
1017 1018 1019 1020 1021 |
}
int security_msg_queue_msgsnd(struct msg_queue *msq,
struct msg_msg *msg, int msqflg)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1022 |
return call_int_hook(msg_queue_msgsnd, 0, msq, msg, msqflg); |
|
20510f2f4
security: Convert...
|
1023 1024 1025 1026 1027 |
}
int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
struct task_struct *target, long type, int mode)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1028 |
return call_int_hook(msg_queue_msgrcv, 0, msq, msg, target, type, mode); |
|
20510f2f4
security: Convert...
|
1029 1030 1031 1032 |
}
int security_shm_alloc(struct shmid_kernel *shp)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1033 |
return call_int_hook(shm_alloc_security, 0, shp); |
|
20510f2f4
security: Convert...
|
1034 1035 1036 1037 |
}
void security_shm_free(struct shmid_kernel *shp)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1038 |
call_void_hook(shm_free_security, shp); |
|
20510f2f4
security: Convert...
|
1039 1040 1041 1042 |
}
int security_shm_associate(struct shmid_kernel *shp, int shmflg)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1043 |
return call_int_hook(shm_associate, 0, shp, shmflg); |
|
20510f2f4
security: Convert...
|
1044 1045 1046 1047 |
}
int security_shm_shmctl(struct shmid_kernel *shp, int cmd)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1048 |
return call_int_hook(shm_shmctl, 0, shp, cmd); |
|
20510f2f4
security: Convert...
|
1049 1050 1051 1052 |
}
int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1053 |
return call_int_hook(shm_shmat, 0, shp, shmaddr, shmflg); |
|
20510f2f4
security: Convert...
|
1054 1055 1056 1057 |
}
int security_sem_alloc(struct sem_array *sma)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1058 |
return call_int_hook(sem_alloc_security, 0, sma); |
|
20510f2f4
security: Convert...
|
1059 1060 1061 1062 |
}
void security_sem_free(struct sem_array *sma)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1063 |
call_void_hook(sem_free_security, sma); |
|
20510f2f4
security: Convert...
|
1064 1065 1066 1067 |
}
int security_sem_associate(struct sem_array *sma, int semflg)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1068 |
return call_int_hook(sem_associate, 0, sma, semflg); |
|
20510f2f4
security: Convert...
|
1069 1070 1071 1072 |
}
int security_sem_semctl(struct sem_array *sma, int cmd)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1073 |
return call_int_hook(sem_semctl, 0, sma, cmd); |
|
20510f2f4
security: Convert...
|
1074 1075 1076 1077 1078 |
}
int security_sem_semop(struct sem_array *sma, struct sembuf *sops,
unsigned nsops, int alter)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1079 |
return call_int_hook(sem_semop, 0, sma, sops, nsops, alter); |
|
20510f2f4
security: Convert...
|
1080 1081 1082 1083 1084 1085 |
}
void security_d_instantiate(struct dentry *dentry, struct inode *inode)
{
if (unlikely(inode && IS_PRIVATE(inode)))
return;
|
|
f25fce3e8
LSM: Introduce se...
|
1086 |
call_void_hook(d_instantiate, dentry, inode); |
|
20510f2f4
security: Convert...
|
1087 1088 1089 1090 1091 |
}
EXPORT_SYMBOL(security_d_instantiate);
int security_getprocattr(struct task_struct *p, char *name, char **value)
{
|
|
b1d9e6b06
LSM: Switch to li...
|
1092 |
return call_int_hook(getprocattr, -EINVAL, p, name, value); |
|
20510f2f4
security: Convert...
|
1093 1094 1095 1096 |
}
int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
{
|
|
b1d9e6b06
LSM: Switch to li...
|
1097 |
return call_int_hook(setprocattr, -EINVAL, p, name, value, size); |
|
20510f2f4
security: Convert...
|
1098 1099 1100 1101 |
}
int security_netlink_send(struct sock *sk, struct sk_buff *skb)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1102 |
return call_int_hook(netlink_send, 0, sk, skb); |
|
20510f2f4
security: Convert...
|
1103 |
} |
|
20510f2f4
security: Convert...
|
1104 |
|
|
746df9b59
Security: Add Hoo...
|
1105 1106 |
int security_ismaclabel(const char *name)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1107 |
return call_int_hook(ismaclabel, 0, name); |
|
746df9b59
Security: Add Hoo...
|
1108 1109 |
} EXPORT_SYMBOL(security_ismaclabel); |
|
20510f2f4
security: Convert...
|
1110 1111 |
int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
{
|
|
b1d9e6b06
LSM: Switch to li...
|
1112 1113 |
return call_int_hook(secid_to_secctx, -EOPNOTSUPP, secid, secdata, seclen); |
|
20510f2f4
security: Convert...
|
1114 1115 |
} EXPORT_SYMBOL(security_secid_to_secctx); |
|
7bf570dc8
Security: Make se...
|
1116 |
int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) |
|
63cb34492
security: add a s...
|
1117 |
{
|
|
b1d9e6b06
LSM: Switch to li...
|
1118 |
*secid = 0; |
|
f25fce3e8
LSM: Introduce se...
|
1119 |
return call_int_hook(secctx_to_secid, 0, secdata, seclen, secid); |
|
63cb34492
security: add a s...
|
1120 1121 |
} EXPORT_SYMBOL(security_secctx_to_secid); |
|
20510f2f4
security: Convert...
|
1122 1123 |
void security_release_secctx(char *secdata, u32 seclen)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1124 |
call_void_hook(release_secctx, secdata, seclen); |
|
20510f2f4
security: Convert...
|
1125 1126 |
} EXPORT_SYMBOL(security_release_secctx); |
|
6f3be9f56
security: Add hoo...
|
1127 1128 1129 1130 1131 |
void security_inode_invalidate_secctx(struct inode *inode)
{
call_void_hook(inode_invalidate_secctx, inode);
}
EXPORT_SYMBOL(security_inode_invalidate_secctx);
|
1ee65e37e
LSM/SELinux: inod...
|
1132 1133 |
int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1134 |
return call_int_hook(inode_notifysecctx, 0, inode, ctx, ctxlen); |
|
1ee65e37e
LSM/SELinux: inod...
|
1135 1136 1137 1138 1139 |
}
EXPORT_SYMBOL(security_inode_notifysecctx);
int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1140 |
return call_int_hook(inode_setsecctx, 0, dentry, ctx, ctxlen); |
|
1ee65e37e
LSM/SELinux: inod...
|
1141 1142 1143 1144 1145 |
}
EXPORT_SYMBOL(security_inode_setsecctx);
int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
{
|
|
b1d9e6b06
LSM: Switch to li...
|
1146 |
return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, ctx, ctxlen); |
|
1ee65e37e
LSM/SELinux: inod...
|
1147 1148 |
} EXPORT_SYMBOL(security_inode_getsecctx); |
|
20510f2f4
security: Convert...
|
1149 |
#ifdef CONFIG_SECURITY_NETWORK |
3610cda53
af_unix: Avoid so...
|
1150 |
int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk) |
|
20510f2f4
security: Convert...
|
1151 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
1152 |
return call_int_hook(unix_stream_connect, 0, sock, other, newsk); |
|
20510f2f4
security: Convert...
|
1153 1154 1155 1156 1157 |
}
EXPORT_SYMBOL(security_unix_stream_connect);
int security_unix_may_send(struct socket *sock, struct socket *other)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1158 |
return call_int_hook(unix_may_send, 0, sock, other); |
|
20510f2f4
security: Convert...
|
1159 1160 1161 1162 1163 |
}
EXPORT_SYMBOL(security_unix_may_send);
int security_socket_create(int family, int type, int protocol, int kern)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1164 |
return call_int_hook(socket_create, 0, family, type, protocol, kern); |
|
20510f2f4
security: Convert...
|
1165 1166 1167 1168 1169 |
}
int security_socket_post_create(struct socket *sock, int family,
int type, int protocol, int kern)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1170 |
return call_int_hook(socket_post_create, 0, sock, family, type, |
|
20510f2f4
security: Convert...
|
1171 1172 1173 1174 1175 |
protocol, kern);
}
int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1176 |
return call_int_hook(socket_bind, 0, sock, address, addrlen); |
|
20510f2f4
security: Convert...
|
1177 1178 1179 1180 |
}
int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1181 |
return call_int_hook(socket_connect, 0, sock, address, addrlen); |
|
20510f2f4
security: Convert...
|
1182 1183 1184 1185 |
}
int security_socket_listen(struct socket *sock, int backlog)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1186 |
return call_int_hook(socket_listen, 0, sock, backlog); |
|
20510f2f4
security: Convert...
|
1187 1188 1189 1190 |
}
int security_socket_accept(struct socket *sock, struct socket *newsock)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1191 |
return call_int_hook(socket_accept, 0, sock, newsock); |
|
20510f2f4
security: Convert...
|
1192 |
} |
|
20510f2f4
security: Convert...
|
1193 1194 |
int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1195 |
return call_int_hook(socket_sendmsg, 0, sock, msg, size); |
|
20510f2f4
security: Convert...
|
1196 1197 1198 1199 1200 |
}
int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
int size, int flags)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1201 |
return call_int_hook(socket_recvmsg, 0, sock, msg, size, flags); |
|
20510f2f4
security: Convert...
|
1202 1203 1204 1205 |
}
int security_socket_getsockname(struct socket *sock)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1206 |
return call_int_hook(socket_getsockname, 0, sock); |
|
20510f2f4
security: Convert...
|
1207 1208 1209 1210 |
}
int security_socket_getpeername(struct socket *sock)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1211 |
return call_int_hook(socket_getpeername, 0, sock); |
|
20510f2f4
security: Convert...
|
1212 1213 1214 1215 |
}
int security_socket_getsockopt(struct socket *sock, int level, int optname)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1216 |
return call_int_hook(socket_getsockopt, 0, sock, level, optname); |
|
20510f2f4
security: Convert...
|
1217 1218 1219 1220 |
}
int security_socket_setsockopt(struct socket *sock, int level, int optname)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1221 |
return call_int_hook(socket_setsockopt, 0, sock, level, optname); |
|
20510f2f4
security: Convert...
|
1222 1223 1224 1225 |
}
int security_socket_shutdown(struct socket *sock, int how)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1226 |
return call_int_hook(socket_shutdown, 0, sock, how); |
|
20510f2f4
security: Convert...
|
1227 1228 1229 1230 |
}
int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1231 |
return call_int_hook(socket_sock_rcv_skb, 0, sk, skb); |
|
20510f2f4
security: Convert...
|
1232 1233 1234 1235 1236 1237 |
}
EXPORT_SYMBOL(security_sock_rcv_skb);
int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
int __user *optlen, unsigned len)
{
|
|
b1d9e6b06
LSM: Switch to li...
|
1238 1239 |
return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock, optval, optlen, len); |
|
20510f2f4
security: Convert...
|
1240 1241 1242 1243 |
}
int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
{
|
|
e308fd3bb
LSM: restore cert...
|
1244 1245 |
return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, skb, secid); |
|
20510f2f4
security: Convert...
|
1246 1247 1248 1249 1250 |
}
EXPORT_SYMBOL(security_socket_getpeersec_dgram);
int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1251 |
return call_int_hook(sk_alloc_security, 0, sk, family, priority); |
|
20510f2f4
security: Convert...
|
1252 1253 1254 1255 |
}
void security_sk_free(struct sock *sk)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1256 |
call_void_hook(sk_free_security, sk); |
|
20510f2f4
security: Convert...
|
1257 1258 1259 1260 |
}
void security_sk_clone(const struct sock *sk, struct sock *newsk)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1261 |
call_void_hook(sk_clone_security, sk, newsk); |
|
20510f2f4
security: Convert...
|
1262 |
} |
6230c9b4f
bluetooth: Proper...
|
1263 |
EXPORT_SYMBOL(security_sk_clone); |
|
20510f2f4
security: Convert...
|
1264 1265 1266 |
void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1267 |
call_void_hook(sk_getsecid, sk, &fl->flowi_secid); |
|
20510f2f4
security: Convert...
|
1268 1269 1270 1271 1272 |
}
EXPORT_SYMBOL(security_sk_classify_flow);
void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1273 |
call_void_hook(req_classify_flow, req, fl); |
|
20510f2f4
security: Convert...
|
1274 1275 1276 1277 1278 |
}
EXPORT_SYMBOL(security_req_classify_flow);
void security_sock_graft(struct sock *sk, struct socket *parent)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1279 |
call_void_hook(sock_graft, sk, parent); |
|
20510f2f4
security: Convert...
|
1280 1281 1282 1283 1284 1285 |
}
EXPORT_SYMBOL(security_sock_graft);
int security_inet_conn_request(struct sock *sk,
struct sk_buff *skb, struct request_sock *req)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1286 |
return call_int_hook(inet_conn_request, 0, sk, skb, req); |
|
20510f2f4
security: Convert...
|
1287 1288 1289 1290 1291 1292 |
}
EXPORT_SYMBOL(security_inet_conn_request);
void security_inet_csk_clone(struct sock *newsk,
const struct request_sock *req)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1293 |
call_void_hook(inet_csk_clone, newsk, req); |
|
20510f2f4
security: Convert...
|
1294 1295 1296 1297 1298 |
}
void security_inet_conn_established(struct sock *sk,
struct sk_buff *skb)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1299 |
call_void_hook(inet_conn_established, sk, skb); |
|
20510f2f4
security: Convert...
|
1300 |
} |
|
2606fd1fa
secmark: make sec...
|
1301 1302 |
int security_secmark_relabel_packet(u32 secid)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1303 |
return call_int_hook(secmark_relabel_packet, 0, secid); |
|
2606fd1fa
secmark: make sec...
|
1304 1305 1306 1307 1308 |
}
EXPORT_SYMBOL(security_secmark_relabel_packet);
void security_secmark_refcount_inc(void)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1309 |
call_void_hook(secmark_refcount_inc); |
|
2606fd1fa
secmark: make sec...
|
1310 1311 1312 1313 1314 |
}
EXPORT_SYMBOL(security_secmark_refcount_inc);
void security_secmark_refcount_dec(void)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1315 |
call_void_hook(secmark_refcount_dec); |
|
2606fd1fa
secmark: make sec...
|
1316 1317 |
} EXPORT_SYMBOL(security_secmark_refcount_dec); |
|
5dbbaf2de
tun: fix LSM/SELi...
|
1318 1319 |
int security_tun_dev_alloc_security(void **security)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1320 |
return call_int_hook(tun_dev_alloc_security, 0, security); |
|
5dbbaf2de
tun: fix LSM/SELi...
|
1321 1322 1323 1324 1325 |
}
EXPORT_SYMBOL(security_tun_dev_alloc_security);
void security_tun_dev_free_security(void *security)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1326 |
call_void_hook(tun_dev_free_security, security); |
|
5dbbaf2de
tun: fix LSM/SELi...
|
1327 1328 |
} EXPORT_SYMBOL(security_tun_dev_free_security); |
2b980dbd7
lsm: Add hooks to...
|
1329 1330 |
int security_tun_dev_create(void)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1331 |
return call_int_hook(tun_dev_create, 0); |
|
2b980dbd7
lsm: Add hooks to...
|
1332 1333 |
} EXPORT_SYMBOL(security_tun_dev_create); |
|
5dbbaf2de
tun: fix LSM/SELi...
|
1334 |
int security_tun_dev_attach_queue(void *security) |
|
2b980dbd7
lsm: Add hooks to...
|
1335 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
1336 |
return call_int_hook(tun_dev_attach_queue, 0, security); |
|
2b980dbd7
lsm: Add hooks to...
|
1337 |
} |
|
5dbbaf2de
tun: fix LSM/SELi...
|
1338 |
EXPORT_SYMBOL(security_tun_dev_attach_queue); |
|
2b980dbd7
lsm: Add hooks to...
|
1339 |
|
|
5dbbaf2de
tun: fix LSM/SELi...
|
1340 |
int security_tun_dev_attach(struct sock *sk, void *security) |
|
2b980dbd7
lsm: Add hooks to...
|
1341 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
1342 |
return call_int_hook(tun_dev_attach, 0, sk, security); |
|
2b980dbd7
lsm: Add hooks to...
|
1343 1344 |
} EXPORT_SYMBOL(security_tun_dev_attach); |
|
5dbbaf2de
tun: fix LSM/SELi...
|
1345 1346 |
int security_tun_dev_open(void *security)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1347 |
return call_int_hook(tun_dev_open, 0, security); |
|
5dbbaf2de
tun: fix LSM/SELi...
|
1348 1349 |
} EXPORT_SYMBOL(security_tun_dev_open); |
|
20510f2f4
security: Convert...
|
1350 1351 1352 |
#endif /* CONFIG_SECURITY_NETWORK */ #ifdef CONFIG_SECURITY_NETWORK_XFRM |
52a4c6404
selinux: add gfp ...
|
1353 1354 1355 |
int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp) |
|
20510f2f4
security: Convert...
|
1356 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
1357 |
return call_int_hook(xfrm_policy_alloc_security, 0, ctxp, sec_ctx, gfp); |
|
20510f2f4
security: Convert...
|
1358 1359 |
} EXPORT_SYMBOL(security_xfrm_policy_alloc); |
|
03e1ad7b5
LSM: Make the Lab...
|
1360 1361 |
int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp) |
|
20510f2f4
security: Convert...
|
1362 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
1363 |
return call_int_hook(xfrm_policy_clone_security, 0, old_ctx, new_ctxp); |
|
20510f2f4
security: Convert...
|
1364 |
} |
|
03e1ad7b5
LSM: Make the Lab...
|
1365 |
void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx) |
|
20510f2f4
security: Convert...
|
1366 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
1367 |
call_void_hook(xfrm_policy_free_security, ctx); |
|
20510f2f4
security: Convert...
|
1368 1369 |
} EXPORT_SYMBOL(security_xfrm_policy_free); |
|
03e1ad7b5
LSM: Make the Lab...
|
1370 |
int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) |
|
20510f2f4
security: Convert...
|
1371 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
1372 |
return call_int_hook(xfrm_policy_delete_security, 0, ctx); |
|
20510f2f4
security: Convert...
|
1373 |
} |
|
2e5aa8660
lsm: split the xf...
|
1374 1375 |
int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) |
|
20510f2f4
security: Convert...
|
1376 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
1377 |
return call_int_hook(xfrm_state_alloc, 0, x, sec_ctx); |
|
20510f2f4
security: Convert...
|
1378 1379 1380 1381 1382 1383 |
}
EXPORT_SYMBOL(security_xfrm_state_alloc);
int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
struct xfrm_sec_ctx *polsec, u32 secid)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1384 |
return call_int_hook(xfrm_state_alloc_acquire, 0, x, polsec, secid); |
|
20510f2f4
security: Convert...
|
1385 1386 1387 1388 |
}
int security_xfrm_state_delete(struct xfrm_state *x)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1389 |
return call_int_hook(xfrm_state_delete_security, 0, x); |
|
20510f2f4
security: Convert...
|
1390 1391 1392 1393 1394 |
}
EXPORT_SYMBOL(security_xfrm_state_delete);
void security_xfrm_state_free(struct xfrm_state *x)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1395 |
call_void_hook(xfrm_state_free_security, x); |
|
20510f2f4
security: Convert...
|
1396 |
} |
|
03e1ad7b5
LSM: Make the Lab...
|
1397 |
int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) |
|
20510f2f4
security: Convert...
|
1398 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
1399 |
return call_int_hook(xfrm_policy_lookup, 0, ctx, fl_secid, dir); |
|
20510f2f4
security: Convert...
|
1400 1401 1402 |
} int security_xfrm_state_pol_flow_match(struct xfrm_state *x, |
|
e33f77042
xfrm: Mark flowi ...
|
1403 1404 |
struct xfrm_policy *xp, const struct flowi *fl) |
|
20510f2f4
security: Convert...
|
1405 |
{
|
|
b1d9e6b06
LSM: Switch to li...
|
1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 |
struct security_hook_list *hp;
int rc = 1;
/*
* Since this function is expected to return 0 or 1, the judgment
* becomes difficult if multiple LSMs supply this call. Fortunately,
* we can use the first LSM's judgment because currently only SELinux
* supplies this call.
*
* For speed optimization, we explicitly break the loop rather than
* using the macro
*/
list_for_each_entry(hp, &security_hook_heads.xfrm_state_pol_flow_match,
list) {
rc = hp->hook.xfrm_state_pol_flow_match(x, xp, fl);
break;
}
return rc;
|
|
20510f2f4
security: Convert...
|
1424 1425 1426 1427 |
}
int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1428 |
return call_int_hook(xfrm_decode_session, 0, skb, secid, 1); |
|
20510f2f4
security: Convert...
|
1429 1430 1431 1432 |
}
void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1433 1434 |
int rc = call_int_hook(xfrm_decode_session, 0, skb, &fl->flowi_secid, 0); |
|
20510f2f4
security: Convert...
|
1435 1436 1437 1438 1439 1440 1441 1442 |
BUG_ON(rc); } EXPORT_SYMBOL(security_skb_classify_flow); #endif /* CONFIG_SECURITY_NETWORK_XFRM */ #ifdef CONFIG_KEYS |
|
d84f4f992
CRED: Inaugurate ...
|
1443 1444 |
int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags) |
|
20510f2f4
security: Convert...
|
1445 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
1446 |
return call_int_hook(key_alloc, 0, key, cred, flags); |
|
20510f2f4
security: Convert...
|
1447 1448 1449 1450 |
}
void security_key_free(struct key *key)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1451 |
call_void_hook(key_free, key); |
|
20510f2f4
security: Convert...
|
1452 1453 1454 |
} int security_key_permission(key_ref_t key_ref, |
|
f5895943d
KEYS: Move the fl...
|
1455 |
const struct cred *cred, unsigned perm) |
|
20510f2f4
security: Convert...
|
1456 |
{
|
|
f25fce3e8
LSM: Introduce se...
|
1457 |
return call_int_hook(key_permission, 0, key_ref, cred, perm); |
|
20510f2f4
security: Convert...
|
1458 |
} |
|
70a5bb72b
keys: add keyctl ...
|
1459 1460 |
int security_key_getsecurity(struct key *key, char **_buffer)
{
|
|
b1d9e6b06
LSM: Switch to li...
|
1461 |
*_buffer = NULL; |
|
f25fce3e8
LSM: Introduce se...
|
1462 |
return call_int_hook(key_getsecurity, 0, key, _buffer); |
|
70a5bb72b
keys: add keyctl ...
|
1463 |
} |
|
20510f2f4
security: Convert...
|
1464 |
#endif /* CONFIG_KEYS */ |
|
03d37d25e
LSM/Audit: Introd...
|
1465 1466 1467 1468 1469 |
#ifdef CONFIG_AUDIT
int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1470 |
return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule); |
|
03d37d25e
LSM/Audit: Introd...
|
1471 1472 1473 1474 |
}
int security_audit_rule_known(struct audit_krule *krule)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1475 |
return call_int_hook(audit_rule_known, 0, krule); |
|
03d37d25e
LSM/Audit: Introd...
|
1476 1477 1478 1479 |
}
void security_audit_rule_free(void *lsmrule)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1480 |
call_void_hook(audit_rule_free, lsmrule); |
|
03d37d25e
LSM/Audit: Introd...
|
1481 1482 1483 1484 1485 |
}
int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
struct audit_context *actx)
{
|
|
f25fce3e8
LSM: Introduce se...
|
1486 1487 |
return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule, actx); |
|
03d37d25e
LSM/Audit: Introd...
|
1488 |
} |
|
b1d9e6b06
LSM: Switch to li...
|
1489 |
#endif /* CONFIG_AUDIT */ |
|
03d37d25e
LSM/Audit: Introd...
|
1490 |
|
|
b1d9e6b06
LSM: Switch to li...
|
1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 |
struct security_hook_heads security_hook_heads = {
.binder_set_context_mgr =
LIST_HEAD_INIT(security_hook_heads.binder_set_context_mgr),
.binder_transaction =
LIST_HEAD_INIT(security_hook_heads.binder_transaction),
.binder_transfer_binder =
LIST_HEAD_INIT(security_hook_heads.binder_transfer_binder),
.binder_transfer_file =
LIST_HEAD_INIT(security_hook_heads.binder_transfer_file),
.ptrace_access_check =
LIST_HEAD_INIT(security_hook_heads.ptrace_access_check),
.ptrace_traceme =
LIST_HEAD_INIT(security_hook_heads.ptrace_traceme),
.capget = LIST_HEAD_INIT(security_hook_heads.capget),
.capset = LIST_HEAD_INIT(security_hook_heads.capset),
.capable = LIST_HEAD_INIT(security_hook_heads.capable),
.quotactl = LIST_HEAD_INIT(security_hook_heads.quotactl),
.quota_on = LIST_HEAD_INIT(security_hook_heads.quota_on),
.syslog = LIST_HEAD_INIT(security_hook_heads.syslog),
.settime = LIST_HEAD_INIT(security_hook_heads.settime),
.vm_enough_memory =
LIST_HEAD_INIT(security_hook_heads.vm_enough_memory),
.bprm_set_creds =
LIST_HEAD_INIT(security_hook_heads.bprm_set_creds),
.bprm_check_security =
LIST_HEAD_INIT(security_hook_heads.bprm_check_security),
.bprm_secureexec =
LIST_HEAD_INIT(security_hook_heads.bprm_secureexec),
.bprm_committing_creds =
LIST_HEAD_INIT(security_hook_heads.bprm_committing_creds),
.bprm_committed_creds =
LIST_HEAD_INIT(security_hook_heads.bprm_committed_creds),
.sb_alloc_security =
LIST_HEAD_INIT(security_hook_heads.sb_alloc_security),
.sb_free_security =
LIST_HEAD_INIT(security_hook_heads.sb_free_security),
.sb_copy_data = LIST_HEAD_INIT(security_hook_heads.sb_copy_data),
.sb_remount = LIST_HEAD_INIT(security_hook_heads.sb_remount),
.sb_kern_mount =
LIST_HEAD_INIT(security_hook_heads.sb_kern_mount),
.sb_show_options =
LIST_HEAD_INIT(security_hook_heads.sb_show_options),
.sb_statfs = LIST_HEAD_INIT(security_hook_heads.sb_statfs),
.sb_mount = LIST_HEAD_INIT(security_hook_heads.sb_mount),
.sb_umount = LIST_HEAD_INIT(security_hook_heads.sb_umount),
.sb_pivotroot = LIST_HEAD_INIT(security_hook_heads.sb_pivotroot),
.sb_set_mnt_opts =
LIST_HEAD_INIT(security_hook_heads.sb_set_mnt_opts),
.sb_clone_mnt_opts =
LIST_HEAD_INIT(security_hook_heads.sb_clone_mnt_opts),
.sb_parse_opts_str =
LIST_HEAD_INIT(security_hook_heads.sb_parse_opts_str),
.dentry_init_security =
LIST_HEAD_INIT(security_hook_heads.dentry_init_security),
|
|
2602625b7
security, overlay...
|
1546 1547 |
.dentry_create_files_as = LIST_HEAD_INIT(security_hook_heads.dentry_create_files_as), |
|
b1d9e6b06
LSM: Switch to li...
|
1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 |
#ifdef CONFIG_SECURITY_PATH .path_unlink = LIST_HEAD_INIT(security_hook_heads.path_unlink), .path_mkdir = LIST_HEAD_INIT(security_hook_heads.path_mkdir), .path_rmdir = LIST_HEAD_INIT(security_hook_heads.path_rmdir), .path_mknod = LIST_HEAD_INIT(security_hook_heads.path_mknod), .path_truncate = LIST_HEAD_INIT(security_hook_heads.path_truncate), .path_symlink = LIST_HEAD_INIT(security_hook_heads.path_symlink), .path_link = LIST_HEAD_INIT(security_hook_heads.path_link), .path_rename = LIST_HEAD_INIT(security_hook_heads.path_rename), .path_chmod = LIST_HEAD_INIT(security_hook_heads.path_chmod), .path_chown = LIST_HEAD_INIT(security_hook_heads.path_chown), .path_chroot = LIST_HEAD_INIT(security_hook_heads.path_chroot), #endif .inode_alloc_security = LIST_HEAD_INIT(security_hook_heads.inode_alloc_security), .inode_free_security = LIST_HEAD_INIT(security_hook_heads.inode_free_security), .inode_init_security = LIST_HEAD_INIT(security_hook_heads.inode_init_security), .inode_create = LIST_HEAD_INIT(security_hook_heads.inode_create), .inode_link = LIST_HEAD_INIT(security_hook_heads.inode_link), .inode_unlink = LIST_HEAD_INIT(security_hook_heads.inode_unlink), .inode_symlink = LIST_HEAD_INIT(security_hook_heads.inode_symlink), .inode_mkdir = LIST_HEAD_INIT(security_hook_heads.inode_mkdir), .inode_rmdir = LIST_HEAD_INIT(security_hook_heads.inode_rmdir), .inode_mknod = LIST_HEAD_INIT(security_hook_heads.inode_mknod), .inode_rename = LIST_HEAD_INIT(security_hook_heads.inode_rename), .inode_readlink = LIST_HEAD_INIT(security_hook_heads.inode_readlink), .inode_follow_link = LIST_HEAD_INIT(security_hook_heads.inode_follow_link), .inode_permission = LIST_HEAD_INIT(security_hook_heads.inode_permission), .inode_setattr = LIST_HEAD_INIT(security_hook_heads.inode_setattr), .inode_getattr = LIST_HEAD_INIT(security_hook_heads.inode_getattr), .inode_setxattr = LIST_HEAD_INIT(security_hook_heads.inode_setxattr), .inode_post_setxattr = LIST_HEAD_INIT(security_hook_heads.inode_post_setxattr), .inode_getxattr = LIST_HEAD_INIT(security_hook_heads.inode_getxattr), .inode_listxattr = LIST_HEAD_INIT(security_hook_heads.inode_listxattr), .inode_removexattr = LIST_HEAD_INIT(security_hook_heads.inode_removexattr), .inode_need_killpriv = LIST_HEAD_INIT(security_hook_heads.inode_need_killpriv), .inode_killpriv = LIST_HEAD_INIT(security_hook_heads.inode_killpriv), .inode_getsecurity = LIST_HEAD_INIT(security_hook_heads.inode_getsecurity), .inode_setsecurity = LIST_HEAD_INIT(security_hook_heads.inode_setsecurity), .inode_listsecurity = LIST_HEAD_INIT(security_hook_heads.inode_listsecurity), .inode_getsecid = LIST_HEAD_INIT(security_hook_heads.inode_getsecid), |
|
d8ad8b496
security, overlay...
|
1609 1610 |
.inode_copy_up = LIST_HEAD_INIT(security_hook_heads.inode_copy_up), |
|
121ab822e
security,overlayf...
|
1611 1612 |
.inode_copy_up_xattr = LIST_HEAD_INIT(security_hook_heads.inode_copy_up_xattr), |
|
b1d9e6b06
LSM: Switch to li...
|
1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 |
.file_permission = LIST_HEAD_INIT(security_hook_heads.file_permission), .file_alloc_security = LIST_HEAD_INIT(security_hook_heads.file_alloc_security), .file_free_security = LIST_HEAD_INIT(security_hook_heads.file_free_security), .file_ioctl = LIST_HEAD_INIT(security_hook_heads.file_ioctl), .mmap_addr = LIST_HEAD_INIT(security_hook_heads.mmap_addr), .mmap_file = LIST_HEAD_INIT(security_hook_heads.mmap_file), .file_mprotect = LIST_HEAD_INIT(security_hook_heads.file_mprotect), .file_lock = LIST_HEAD_INIT(security_hook_heads.file_lock), .file_fcntl = LIST_HEAD_INIT(security_hook_heads.file_fcntl), .file_set_fowner = LIST_HEAD_INIT(security_hook_heads.file_set_fowner), .file_send_sigiotask = LIST_HEAD_INIT(security_hook_heads.file_send_sigiotask), .file_receive = LIST_HEAD_INIT(security_hook_heads.file_receive), .file_open = LIST_HEAD_INIT(security_hook_heads.file_open), .task_create = LIST_HEAD_INIT(security_hook_heads.task_create), .task_free = LIST_HEAD_INIT(security_hook_heads.task_free), .cred_alloc_blank = LIST_HEAD_INIT(security_hook_heads.cred_alloc_blank), .cred_free = LIST_HEAD_INIT(security_hook_heads.cred_free), .cred_prepare = LIST_HEAD_INIT(security_hook_heads.cred_prepare), .cred_transfer = LIST_HEAD_INIT(security_hook_heads.cred_transfer), .kernel_act_as = LIST_HEAD_INIT(security_hook_heads.kernel_act_as), .kernel_create_files_as = LIST_HEAD_INIT(security_hook_heads.kernel_create_files_as), |
|
b1d9e6b06
LSM: Switch to li...
|
1644 1645 |
.kernel_module_request = LIST_HEAD_INIT(security_hook_heads.kernel_module_request), |
|
39eeb4fb9
security: define ...
|
1646 1647 |
.kernel_read_file = LIST_HEAD_INIT(security_hook_heads.kernel_read_file), |
|
b44a7dfc6
vfs: define a gen...
|
1648 1649 |
.kernel_post_read_file = LIST_HEAD_INIT(security_hook_heads.kernel_post_read_file), |
|
b1d9e6b06
LSM: Switch to li...
|
1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 |
.task_fix_setuid = LIST_HEAD_INIT(security_hook_heads.task_fix_setuid), .task_setpgid = LIST_HEAD_INIT(security_hook_heads.task_setpgid), .task_getpgid = LIST_HEAD_INIT(security_hook_heads.task_getpgid), .task_getsid = LIST_HEAD_INIT(security_hook_heads.task_getsid), .task_getsecid = LIST_HEAD_INIT(security_hook_heads.task_getsecid), .task_setnice = LIST_HEAD_INIT(security_hook_heads.task_setnice), .task_setioprio = LIST_HEAD_INIT(security_hook_heads.task_setioprio), .task_getioprio = LIST_HEAD_INIT(security_hook_heads.task_getioprio), .task_setrlimit = LIST_HEAD_INIT(security_hook_heads.task_setrlimit), .task_setscheduler = LIST_HEAD_INIT(security_hook_heads.task_setscheduler), .task_getscheduler = LIST_HEAD_INIT(security_hook_heads.task_getscheduler), .task_movememory = LIST_HEAD_INIT(security_hook_heads.task_movememory), .task_kill = LIST_HEAD_INIT(security_hook_heads.task_kill), .task_wait = LIST_HEAD_INIT(security_hook_heads.task_wait), .task_prctl = LIST_HEAD_INIT(security_hook_heads.task_prctl), .task_to_inode = LIST_HEAD_INIT(security_hook_heads.task_to_inode), .ipc_permission = LIST_HEAD_INIT(security_hook_heads.ipc_permission), .ipc_getsecid = LIST_HEAD_INIT(security_hook_heads.ipc_getsecid), .msg_msg_alloc_security = LIST_HEAD_INIT(security_hook_heads.msg_msg_alloc_security), .msg_msg_free_security = LIST_HEAD_INIT(security_hook_heads.msg_msg_free_security), .msg_queue_alloc_security = LIST_HEAD_INIT(security_hook_heads.msg_queue_alloc_security), .msg_queue_free_security = LIST_HEAD_INIT(security_hook_heads.msg_queue_free_security), .msg_queue_associate = LIST_HEAD_INIT(security_hook_heads.msg_queue_associate), .msg_queue_msgctl = LIST_HEAD_INIT(security_hook_heads.msg_queue_msgctl), .msg_queue_msgsnd = LIST_HEAD_INIT(security_hook_heads.msg_queue_msgsnd), .msg_queue_msgrcv = LIST_HEAD_INIT(security_hook_heads.msg_queue_msgrcv), .shm_alloc_security = LIST_HEAD_INIT(security_hook_heads.shm_alloc_security), .shm_free_security = LIST_HEAD_INIT(security_hook_heads.shm_free_security), .shm_associate = LIST_HEAD_INIT(security_hook_heads.shm_associate), .shm_shmctl = LIST_HEAD_INIT(security_hook_heads.shm_shmctl), .shm_shmat = LIST_HEAD_INIT(security_hook_heads.shm_shmat), .sem_alloc_security = LIST_HEAD_INIT(security_hook_heads.sem_alloc_security), .sem_free_security = LIST_HEAD_INIT(security_hook_heads.sem_free_security), .sem_associate = LIST_HEAD_INIT(security_hook_heads.sem_associate), .sem_semctl = LIST_HEAD_INIT(security_hook_heads.sem_semctl), .sem_semop = LIST_HEAD_INIT(security_hook_heads.sem_semop), .netlink_send = LIST_HEAD_INIT(security_hook_heads.netlink_send), .d_instantiate = LIST_HEAD_INIT(security_hook_heads.d_instantiate), .getprocattr = LIST_HEAD_INIT(security_hook_heads.getprocattr), .setprocattr = LIST_HEAD_INIT(security_hook_heads.setprocattr), .ismaclabel = LIST_HEAD_INIT(security_hook_heads.ismaclabel), .secid_to_secctx = LIST_HEAD_INIT(security_hook_heads.secid_to_secctx), .secctx_to_secid = LIST_HEAD_INIT(security_hook_heads.secctx_to_secid), .release_secctx = LIST_HEAD_INIT(security_hook_heads.release_secctx), |
|
6f3be9f56
security: Add hoo...
|
1722 1723 |
.inode_invalidate_secctx = LIST_HEAD_INIT(security_hook_heads.inode_invalidate_secctx), |
|
b1d9e6b06
LSM: Switch to li...
|
1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 |
.inode_notifysecctx = LIST_HEAD_INIT(security_hook_heads.inode_notifysecctx), .inode_setsecctx = LIST_HEAD_INIT(security_hook_heads.inode_setsecctx), .inode_getsecctx = LIST_HEAD_INIT(security_hook_heads.inode_getsecctx), #ifdef CONFIG_SECURITY_NETWORK .unix_stream_connect = LIST_HEAD_INIT(security_hook_heads.unix_stream_connect), .unix_may_send = LIST_HEAD_INIT(security_hook_heads.unix_may_send), .socket_create = LIST_HEAD_INIT(security_hook_heads.socket_create), .socket_post_create = LIST_HEAD_INIT(security_hook_heads.socket_post_create), .socket_bind = LIST_HEAD_INIT(security_hook_heads.socket_bind), .socket_connect = LIST_HEAD_INIT(security_hook_heads.socket_connect), .socket_listen = LIST_HEAD_INIT(security_hook_heads.socket_listen), .socket_accept = LIST_HEAD_INIT(security_hook_heads.socket_accept), .socket_sendmsg = LIST_HEAD_INIT(security_hook_heads.socket_sendmsg), .socket_recvmsg = LIST_HEAD_INIT(security_hook_heads.socket_recvmsg), .socket_getsockname = LIST_HEAD_INIT(security_hook_heads.socket_getsockname), .socket_getpeername = LIST_HEAD_INIT(security_hook_heads.socket_getpeername), .socket_getsockopt = LIST_HEAD_INIT(security_hook_heads.socket_getsockopt), .socket_setsockopt = LIST_HEAD_INIT(security_hook_heads.socket_setsockopt), .socket_shutdown = LIST_HEAD_INIT(security_hook_heads.socket_shutdown), .socket_sock_rcv_skb = LIST_HEAD_INIT(security_hook_heads.socket_sock_rcv_skb), .socket_getpeersec_stream = LIST_HEAD_INIT(security_hook_heads.socket_getpeersec_stream), .socket_getpeersec_dgram = LIST_HEAD_INIT(security_hook_heads.socket_getpeersec_dgram), .sk_alloc_security = LIST_HEAD_INIT(security_hook_heads.sk_alloc_security), .sk_free_security = LIST_HEAD_INIT(security_hook_heads.sk_free_security), .sk_clone_security = LIST_HEAD_INIT(security_hook_heads.sk_clone_security), .sk_getsecid = LIST_HEAD_INIT(security_hook_heads.sk_getsecid), .sock_graft = LIST_HEAD_INIT(security_hook_heads.sock_graft), .inet_conn_request = LIST_HEAD_INIT(security_hook_heads.inet_conn_request), .inet_csk_clone = LIST_HEAD_INIT(security_hook_heads.inet_csk_clone), .inet_conn_established = LIST_HEAD_INIT(security_hook_heads.inet_conn_established), .secmark_relabel_packet = LIST_HEAD_INIT(security_hook_heads.secmark_relabel_packet), .secmark_refcount_inc = LIST_HEAD_INIT(security_hook_heads.secmark_refcount_inc), .secmark_refcount_dec = LIST_HEAD_INIT(security_hook_heads.secmark_refcount_dec), .req_classify_flow = LIST_HEAD_INIT(security_hook_heads.req_classify_flow), .tun_dev_alloc_security = LIST_HEAD_INIT(security_hook_heads.tun_dev_alloc_security), .tun_dev_free_security = LIST_HEAD_INIT(security_hook_heads.tun_dev_free_security), .tun_dev_create = LIST_HEAD_INIT(security_hook_heads.tun_dev_create), .tun_dev_attach_queue = LIST_HEAD_INIT(security_hook_heads.tun_dev_attach_queue), .tun_dev_attach = LIST_HEAD_INIT(security_hook_heads.tun_dev_attach), .tun_dev_open = LIST_HEAD_INIT(security_hook_heads.tun_dev_open), |
|
b1d9e6b06
LSM: Switch to li...
|
1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 |
#endif /* CONFIG_SECURITY_NETWORK */ #ifdef CONFIG_SECURITY_NETWORK_XFRM .xfrm_policy_alloc_security = LIST_HEAD_INIT(security_hook_heads.xfrm_policy_alloc_security), .xfrm_policy_clone_security = LIST_HEAD_INIT(security_hook_heads.xfrm_policy_clone_security), .xfrm_policy_free_security = LIST_HEAD_INIT(security_hook_heads.xfrm_policy_free_security), .xfrm_policy_delete_security = LIST_HEAD_INIT(security_hook_heads.xfrm_policy_delete_security), .xfrm_state_alloc = LIST_HEAD_INIT(security_hook_heads.xfrm_state_alloc), .xfrm_state_alloc_acquire = LIST_HEAD_INIT(security_hook_heads.xfrm_state_alloc_acquire), .xfrm_state_free_security = LIST_HEAD_INIT(security_hook_heads.xfrm_state_free_security), .xfrm_state_delete_security = LIST_HEAD_INIT(security_hook_heads.xfrm_state_delete_security), .xfrm_policy_lookup = LIST_HEAD_INIT(security_hook_heads.xfrm_policy_lookup), .xfrm_state_pol_flow_match = LIST_HEAD_INIT(security_hook_heads.xfrm_state_pol_flow_match), .xfrm_decode_session = LIST_HEAD_INIT(security_hook_heads.xfrm_decode_session), #endif /* CONFIG_SECURITY_NETWORK_XFRM */ #ifdef CONFIG_KEYS .key_alloc = LIST_HEAD_INIT(security_hook_heads.key_alloc), .key_free = LIST_HEAD_INIT(security_hook_heads.key_free), .key_permission = LIST_HEAD_INIT(security_hook_heads.key_permission), .key_getsecurity = LIST_HEAD_INIT(security_hook_heads.key_getsecurity), #endif /* CONFIG_KEYS */ #ifdef CONFIG_AUDIT .audit_rule_init = LIST_HEAD_INIT(security_hook_heads.audit_rule_init), .audit_rule_known = LIST_HEAD_INIT(security_hook_heads.audit_rule_known), .audit_rule_match = LIST_HEAD_INIT(security_hook_heads.audit_rule_match), .audit_rule_free = LIST_HEAD_INIT(security_hook_heads.audit_rule_free), |
|
03d37d25e
LSM/Audit: Introd...
|
1841 |
#endif /* CONFIG_AUDIT */ |
|
b1d9e6b06
LSM: Switch to li...
|
1842 |
}; |