* Re: [RFC] change format of LSM hooks
2002-10-16 0:07 ` [RFC] change format of LSM hooks Greg KH
@ 2002-10-16 0:03 ` David S. Miller
2002-10-16 8:15 ` Greg KH
` (2 subsequent siblings)
3 siblings, 0 replies; 15+ messages in thread
From: David S. Miller @ 2002-10-16 0:03 UTC (permalink / raw)
To: greg; +Cc: becker, jmorris, kuznet, netdev, linux-security-module, linux-kernel
From: Greg KH <greg@kroah.com>
Date: Tue, 15 Oct 2002 17:07:06 -0700
David, does something like this look acceptable?
Yes.
which I hope are a bit more to your liking :)
It is :-)
The extra #includes are needed as some files were getting
security.h picked up from shed.h in the past.
Ok, I was about to ask about that.
Franks a lot,
David S. Miller
davem@redhat.com
^ permalink raw reply [flat|nested] 15+ messages in thread
* [RFC] change format of LSM hooks
[not found] ` <20021015202828.GG15864@kroah.com>
@ 2002-10-16 0:07 ` Greg KH
2002-10-16 0:03 ` David S. Miller
` (3 more replies)
0 siblings, 4 replies; 15+ messages in thread
From: Greg KH @ 2002-10-16 0:07 UTC (permalink / raw)
To: David S. Miller
Cc: becker, jmorris, kuznet, netdev, linux-security-module, linux-kernel
On Tue, Oct 15, 2002 at 01:28:28PM -0700, Greg KH wrote:
> On Tue, Oct 15, 2002 at 01:10:37PM -0700, David S. Miller wrote:
> >
> > I will not even look at the networking LSM bits until
> > CONFIG_SECURITY=n is available.
>
> Good enough reason for me, I'll start working on this. Help from the
> other LSM developers is appreciated :)
Ok, this wasn't that tough...
Here's a first cut at what will need to be changed. It's a patch
against Linus's latest BK tree. I only converted one hook (the ptrace
one), and this will not link, but will build and gives people an idea of
where I'm heading.
David, does something like this look acceptable?
With it, and CONFIG_SECURITY=n the size of the security/*.o files are
now:
text data bss dec hex filename
138 0 0 138 8a security/built-in.o
which I hope are a bit more to your liking :)
I still need an empty sys_security stub in order to link properly,
that's the only function needed. The extra #includes are needed as
some files were getting security.h picked up from shed.h in the past.
I'll work on fixing up the rest of the hooks, and removing the external
reference to security_ops, and actually test this thing, later this
evening.
thanks,
greg k-h
diff -Naur -X ../dontdiff bleeding_edge-2.5/arch/i386/kernel/ptrace.c lsm-2.5/arch/i386/kernel/ptrace.c
--- bleeding_edge-2.5/arch/i386/kernel/ptrace.c Tue Oct 15 16:47:14 2002
+++ lsm-2.5/arch/i386/kernel/ptrace.c Tue Oct 15 16:41:44 2002
@@ -160,8 +160,7 @@
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
diff -Naur -X ../dontdiff bleeding_edge-2.5/drivers/base/fs/class.c lsm-2.5/drivers/base/fs/class.c
--- bleeding_edge-2.5/drivers/base/fs/class.c Tue Oct 15 16:47:37 2002
+++ lsm-2.5/drivers/base/fs/class.c Tue Oct 15 16:13:11 2002
@@ -7,6 +7,8 @@
#include <linux/init.h>
#include <linux/slab.h>
#include <linux/err.h>
+#include <linux/limits.h>
+#include <linux/stat.h>
#include "fs.h"
static struct driver_dir_entry class_dir;
diff -Naur -X ../dontdiff bleeding_edge-2.5/drivers/base/fs/intf.c lsm-2.5/drivers/base/fs/intf.c
--- bleeding_edge-2.5/drivers/base/fs/intf.c Tue Oct 15 16:47:37 2002
+++ lsm-2.5/drivers/base/fs/intf.c Tue Oct 15 16:14:27 2002
@@ -4,6 +4,8 @@
#include <linux/device.h>
#include <linux/slab.h>
+#include <linux/limits.h>
+#include <linux/errno.h>
#include "fs.h"
/**
diff -Naur -X ../dontdiff bleeding_edge-2.5/fs/exec.c lsm-2.5/fs/exec.c
--- bleeding_edge-2.5/fs/exec.c Tue Oct 15 16:48:19 2002
+++ lsm-2.5/fs/exec.c Tue Oct 15 16:09:05 2002
@@ -43,6 +43,7 @@
#include <linux/namei.h>
#include <linux/proc_fs.h>
#include <linux/ptrace.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
#include <asm/pgalloc.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/fs/locks.c lsm-2.5/fs/locks.c
--- bleeding_edge-2.5/fs/locks.c Tue Oct 15 16:48:19 2002
+++ lsm-2.5/fs/locks.c Tue Oct 15 16:10:52 2002
@@ -122,6 +122,7 @@
#include <linux/timer.h>
#include <linux/time.h>
#include <linux/fs.h>
+#include <linux/security.h>
#include <asm/semaphore.h>
#include <asm/uaccess.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/fs/namespace.c lsm-2.5/fs/namespace.c
--- bleeding_edge-2.5/fs/namespace.c Tue Oct 15 16:48:19 2002
+++ lsm-2.5/fs/namespace.c Tue Oct 15 16:12:00 2002
@@ -19,6 +19,7 @@
#include <linux/seq_file.h>
#include <linux/namespace.h>
#include <linux/namei.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/fs/proc/base.c lsm-2.5/fs/proc/base.c
--- bleeding_edge-2.5/fs/proc/base.c Tue Oct 15 16:48:26 2002
+++ lsm-2.5/fs/proc/base.c Tue Oct 15 16:21:45 2002
@@ -28,6 +28,7 @@
#include <linux/namespace.h>
#include <linux/mm.h>
#include <linux/smp_lock.h>
+#include <linux/security.h>
/*
* For hysterical raisins we keep the same inumbers as in the old procfs.
diff -Naur -X ../dontdiff bleeding_edge-2.5/fs/readdir.c lsm-2.5/fs/readdir.c
--- bleeding_edge-2.5/fs/readdir.c Tue Oct 15 16:48:19 2002
+++ lsm-2.5/fs/readdir.c Tue Oct 15 16:09:51 2002
@@ -11,6 +11,7 @@
#include <linux/file.h>
#include <linux/smp_lock.h>
#include <linux/fs.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/fs/xattr.c lsm-2.5/fs/xattr.c
--- bleeding_edge-2.5/fs/xattr.c Tue Oct 15 16:48:19 2002
+++ lsm-2.5/fs/xattr.c Tue Oct 15 16:13:59 2002
@@ -13,6 +13,7 @@
#include <linux/file.h>
#include <linux/xattr.h>
#include <linux/namei.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
/*
diff -Naur -X ../dontdiff bleeding_edge-2.5/include/linux/sched.h lsm-2.5/include/linux/sched.h
--- bleeding_edge-2.5/include/linux/sched.h Tue Oct 15 16:48:49 2002
+++ lsm-2.5/include/linux/sched.h Tue Oct 15 15:59:24 2002
@@ -600,9 +600,11 @@
unsigned long, const char *, void *);
extern void free_irq(unsigned int, void *);
+
+#ifdef CONFIG_SECURITY
/* capable prototype and code moved to security.[hc] */
#include <linux/security.h>
-#if 0
+#else
static inline int capable(int cap)
{
if (cap_raised(current->cap_effective, cap)) {
@@ -611,7 +613,7 @@
}
return 0;
}
-#endif /* if 0 */
+#endif
/*
* Routines for handling mm_structs
diff -Naur -X ../dontdiff bleeding_edge-2.5/include/linux/security.h lsm-2.5/include/linux/security.h
--- bleeding_edge-2.5/include/linux/security.h Wed Oct 9 08:51:48 2002
+++ lsm-2.5/include/linux/security.h Tue Oct 15 16:40:09 2002
@@ -22,8 +22,6 @@
#ifndef __LINUX_SECURITY_H
#define __LINUX_SECURITY_H
-#ifdef __KERNEL__
-
#include <linux/fs.h>
#include <linux/binfmts.h>
#include <linux/signal.h>
@@ -33,6 +31,7 @@
#include <linux/shm.h>
#include <linux/msg.h>
+
/*
* Values used in the task_security_ops calls
*/
@@ -848,6 +847,16 @@
struct security_operations *ops);
};
+#ifdef CONFIG_SECURITY
+
+/* global variables */
+extern struct security_operations *security_ops;
+
+/* inline stuff */
+static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
+{
+ return security_ops->ptrace (parent, child);
+}
/* prototypes */
extern int security_scaffolding_startup (void);
@@ -857,11 +866,17 @@
extern int mod_unreg_security (const char *name, struct security_operations *ops);
extern int capable (int cap);
-/* global variables */
+
+#endif /* CONFIG_SECURITY */
+
+static inline int security_scaffolding_startup (void) { return 0; }
extern struct security_operations *security_ops;
+static inline int security_ptrace (struct task_struct *parent, struct task_struct * child)
+{
+ return 0;
+}
-#endif /* __KERNEL__ */
#endif /* ! __LINUX_SECURITY_H */
diff -Naur -X ../dontdiff bleeding_edge-2.5/init/do_mounts.c lsm-2.5/init/do_mounts.c
--- bleeding_edge-2.5/init/do_mounts.c Mon Oct 7 13:46:56 2002
+++ lsm-2.5/init/do_mounts.c Tue Oct 15 16:05:18 2002
@@ -12,6 +12,7 @@
#include <linux/init.h>
#include <linux/suspend.h>
#include <linux/root_dev.h>
+#include <linux/security.h>
#include <linux/nfs_fs.h>
#include <linux/nfs_fs_sb.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/kernel/capability.c lsm-2.5/kernel/capability.c
--- bleeding_edge-2.5/kernel/capability.c Tue Oct 15 16:48:52 2002
+++ lsm-2.5/kernel/capability.c Tue Oct 15 16:08:08 2002
@@ -8,6 +8,7 @@
*/
#include <linux/mm.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */
diff -Naur -X ../dontdiff bleeding_edge-2.5/kernel/kmod.c lsm-2.5/kernel/kmod.c
--- bleeding_edge-2.5/kernel/kmod.c Tue Oct 15 16:48:52 2002
+++ lsm-2.5/kernel/kmod.c Tue Oct 15 16:10:50 2002
@@ -29,6 +29,7 @@
#include <linux/completion.h>
#include <linux/file.h>
#include <linux/workqueue.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/kernel/ptrace.c lsm-2.5/kernel/ptrace.c
--- bleeding_edge-2.5/kernel/ptrace.c Tue Oct 15 16:48:52 2002
+++ lsm-2.5/kernel/ptrace.c Tue Oct 15 16:09:07 2002
@@ -14,6 +14,7 @@
#include <linux/pagemap.h>
#include <linux/smp_lock.h>
#include <linux/ptrace.h>
+#include <linux/security.h>
#include <asm/pgtable.h>
#include <asm/uaccess.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/kernel/signal.c lsm-2.5/kernel/signal.c
--- bleeding_edge-2.5/kernel/signal.c Tue Oct 15 16:48:52 2002
+++ lsm-2.5/kernel/signal.c Tue Oct 15 16:09:55 2002
@@ -18,6 +18,7 @@
#include <linux/fs.h>
#include <linux/tty.h>
#include <linux/binfmts.h>
+#include <linux/security.h>
#include <asm/param.h>
#include <asm/uaccess.h>
#include <asm/siginfo.h>
diff -Naur -X ../dontdiff bleeding_edge-2.5/security/Config.in lsm-2.5/security/Config.in
--- bleeding_edge-2.5/security/Config.in Tue Oct 15 16:49:00 2002
+++ lsm-2.5/security/Config.in Tue Oct 15 15:41:13 2002
@@ -3,5 +3,8 @@
#
mainmenu_option next_comment
comment 'Security options'
-define_bool CONFIG_SECURITY_CAPABILITIES y
+bool 'Enable different security models' CONFIG_SECURITY
+if [ "$CONFIG_SECURITY" = "y" ]; then
+ dep_tristate ' Default Linux Capabilities' CONFIG_SECURITY_CAPABILITIES $CONFIG_SECURITY
+fi
endmenu
diff -Naur -X ../dontdiff bleeding_edge-2.5/security/Makefile lsm-2.5/security/Makefile
--- bleeding_edge-2.5/security/Makefile Tue Oct 15 16:49:00 2002
+++ lsm-2.5/security/Makefile Tue Oct 15 16:34:21 2002
@@ -6,8 +6,8 @@
export-objs := security.o
# Object file lists
-obj-y := security.o dummy.o
-
+obj-y += sys_security.o
+obj-$(CONFIG_SECURITY) += security.o dummy.o
obj-$(CONFIG_SECURITY_CAPABILITIES) += capability.o
include $(TOPDIR)/Rules.make
diff -Naur -X ../dontdiff bleeding_edge-2.5/security/sys_security.c lsm-2.5/security/sys_security.c
--- bleeding_edge-2.5/security/sys_security.c Wed Dec 31 16:00:00 1969
+++ lsm-2.5/security/sys_security.c Tue Oct 15 16:34:03 2002
@@ -0,0 +1,45 @@
+/*
+ * Security plug functions
+ *
+ * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
+ * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
+ * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#include <linux/config.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/security.h>
+
+/**
+ * sys_security - security syscall multiplexor.
+ * @id: module id
+ * @call: call identifier
+ * @args: arg list for call
+ *
+ * Similar to sys_socketcall. Can use id to help identify which module user
+ * app is talking to. The recommended convention for creating the
+ * hexadecimal id value is:
+ * 'echo "Name_of_module" | md5sum | cut -c -8'.
+ * By following this convention, there's no need for a central registry.
+ */
+#ifdef CONFIG_SECURITY
+asmlinkage long sys_security (unsigned int id, unsigned int call,
+ unsigned long *args)
+{
+ return security_ops->sys_security (id, call, args);
+}
+#else
+asmlinkage long sys_security (unsigned int id, unsigned int call,
+ unsigned long *args)
+{
+ return -ENOSYS;
+}
+#endif
+
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [RFC] change format of LSM hooks
2002-10-16 0:07 ` [RFC] change format of LSM hooks Greg KH
2002-10-16 0:03 ` David S. Miller
@ 2002-10-16 8:15 ` Greg KH
2002-10-16 18:59 ` Greg KH
2002-10-17 1:41 ` Rusty Russell
2002-10-17 13:21 ` Christoph Hellwig
3 siblings, 1 reply; 15+ messages in thread
From: Greg KH @ 2002-10-16 8:15 UTC (permalink / raw)
To: netdev, linux-security-module, linux-kernel
On Tue, Oct 15, 2002 at 05:07:06PM -0700, Greg KH wrote:
>
> I'll work on fixing up the rest of the hooks, and removing the external
> reference to security_ops, and actually test this thing, later this
> evening.
Here's all the hooks converted over to function calls. Chris Wright
pointed out I need to do some extra work with the existing capabilities
hooks, but I'll do that in the morning.
Thanks to John Levon for pointing out cond_syscall() to me, very cool
function. That removes the need to have a sys_security.c file.
Patch is against 2.5.43, and builds for me, both with and without
CONFIG_SECURITY set. Haven't booted it yet though...
thanks,
greg k-h
===== arch/arm/kernel/ptrace.c 1.14 vs edited =====
--- 1.14/arch/arm/kernel/ptrace.c Sun Oct 13 07:32:28 2002
+++ edited/arch/arm/kernel/ptrace.c Wed Oct 16 00:46:07 2002
@@ -719,8 +719,7 @@
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
===== arch/i386/kernel/ptrace.c 1.13 vs edited =====
--- 1.13/arch/i386/kernel/ptrace.c Fri Jul 19 16:00:55 2002
+++ edited/arch/i386/kernel/ptrace.c Tue Oct 15 22:24:45 2002
@@ -160,8 +160,7 @@
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
===== arch/ia64/kernel/ptrace.c 1.12 vs edited =====
--- 1.12/arch/ia64/kernel/ptrace.c Tue Sep 17 23:22:09 2002
+++ edited/arch/ia64/kernel/ptrace.c Wed Oct 16 00:45:53 2002
@@ -1101,8 +1101,7 @@
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
current->ptrace |= PT_PTRACED;
ret = 0;
===== arch/ppc/kernel/ptrace.c 1.10 vs edited =====
--- 1.10/arch/ppc/kernel/ptrace.c Sun Sep 15 21:51:59 2002
+++ edited/arch/ppc/kernel/ptrace.c Wed Oct 16 00:45:41 2002
@@ -166,8 +166,7 @@
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
===== arch/ppc64/kernel/ptrace.c 1.3 vs edited =====
--- 1.3/arch/ppc64/kernel/ptrace.c Wed Aug 28 23:42:43 2002
+++ edited/arch/ppc64/kernel/ptrace.c Wed Oct 16 00:45:16 2002
@@ -59,8 +59,7 @@
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
===== arch/ppc64/kernel/ptrace32.c 1.5 vs edited =====
--- 1.5/arch/ppc64/kernel/ptrace32.c Wed Aug 28 23:42:43 2002
+++ edited/arch/ppc64/kernel/ptrace32.c Wed Oct 16 00:45:29 2002
@@ -48,8 +48,7 @@
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
===== arch/ppc64/kernel/sys_ppc32.c 1.24 vs edited =====
--- 1.24/arch/ppc64/kernel/sys_ppc32.c Fri Oct 11 19:04:17 2002
+++ edited/arch/ppc64/kernel/sys_ppc32.c Wed Oct 16 00:15:31 2002
@@ -53,6 +53,7 @@
#include <linux/mman.h>
#include <linux/sysctl.h>
#include <linux/binfmts.h>
+#include <linux/security.h>
#include <asm/types.h>
#include <asm/ipc.h>
@@ -3519,8 +3520,7 @@
if ((retval = bprm.envc) < 0)
goto out_mm;
- retval = security_ops->bprm_alloc_security(&bprm);
- if (retval)
+ if ((retval = security_bprm_alloc(&bprm)))
goto out;
retval = prepare_binprm(&bprm);
@@ -3543,7 +3543,7 @@
retval = search_binary_handler(&bprm,regs);
if (retval >= 0) {
/* execve success */
- security_ops->bprm_free_security(&bprm);
+ security_bprm_free(&bprm);
return retval;
}
@@ -3556,7 +3556,7 @@
}
if (bprm.security)
- security_ops->bprm_free_security(&bprm);
+ security_bprm_free(&bprm);
out_mm:
mmdrop(bprm.mm);
===== arch/s390/kernel/ptrace.c 1.9 vs edited =====
--- 1.9/arch/s390/kernel/ptrace.c Fri Oct 4 09:16:18 2002
+++ edited/arch/s390/kernel/ptrace.c Wed Oct 16 00:44:51 2002
@@ -330,8 +330,7 @@
ret = -EPERM;
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
===== arch/s390x/kernel/ptrace.c 1.8 vs edited =====
--- 1.8/arch/s390x/kernel/ptrace.c Fri Oct 4 09:16:18 2002
+++ edited/arch/s390x/kernel/ptrace.c Wed Oct 16 00:44:40 2002
@@ -32,6 +32,7 @@
#include <linux/errno.h>
#include <linux/ptrace.h>
#include <linux/user.h>
+#include <linux/security.h>
#include <asm/segment.h>
#include <asm/page.h>
@@ -568,8 +569,7 @@
ret = -EPERM;
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
===== arch/sparc/kernel/ptrace.c 1.11 vs edited =====
--- 1.11/arch/sparc/kernel/ptrace.c Sat Aug 24 04:08:41 2002
+++ edited/arch/sparc/kernel/ptrace.c Wed Oct 16 00:44:06 2002
@@ -291,8 +291,7 @@
pt_error_return(regs, EPERM);
goto out;
}
- ret = security_ops->ptrace(current->parent, current);
- if (ret) {
+ if ((ret = security_ptrace(current->parent, current))) {
pt_error_return(regs, -ret);
goto out;
}
===== arch/sparc64/kernel/ptrace.c 1.16 vs edited =====
--- 1.16/arch/sparc64/kernel/ptrace.c Sat Aug 24 03:59:14 2002
+++ edited/arch/sparc64/kernel/ptrace.c Wed Oct 16 00:43:53 2002
@@ -140,8 +140,7 @@
pt_error_return(regs, EPERM);
goto out;
}
- ret = security_ops->ptrace(current->parent, current);
- if (ret) {
+ if ((ret = security_ptrace(current->parent, current))) {
pt_error_return(regs, -ret);
goto out;
}
===== arch/sparc64/kernel/sys_sparc32.c 1.39 vs edited =====
--- 1.39/arch/sparc64/kernel/sys_sparc32.c Mon Oct 14 05:17:46 2002
+++ edited/arch/sparc64/kernel/sys_sparc32.c Wed Oct 16 00:14:27 2002
@@ -2972,8 +2972,7 @@
if ((retval = bprm.envc) < 0)
goto out_mm;
- retval = security_ops->bprm_alloc_security(&bprm);
- if (retval)
+ if ((retval = security_bprm_alloc(&bprm)))
goto out;
retval = prepare_binprm(&bprm);
@@ -2996,7 +2995,7 @@
retval = search_binary_handler(&bprm, regs);
if (retval >= 0) {
/* execve success */
- security_ops->bprm_free_security(&bprm);
+ security_bprm_free(&bprm);
return retval;
}
@@ -3009,7 +3008,7 @@
}
if (bprm.security)
- security_ops->bprm_free_security(&bprm);
+ security_bprm_free(&bprm);
out_mm:
mmdrop(bprm.mm);
===== arch/um/kernel/ptrace.c 1.1 vs edited =====
--- 1.1/arch/um/kernel/ptrace.c Fri Sep 6 10:50:31 2002
+++ edited/arch/um/kernel/ptrace.c Wed Oct 16 00:43:41 2002
@@ -33,8 +33,7 @@
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if(ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
===== arch/x86_64/kernel/ptrace.c 1.4 vs edited =====
--- 1.4/arch/x86_64/kernel/ptrace.c Fri Oct 11 16:52:38 2002
+++ edited/arch/x86_64/kernel/ptrace.c Wed Oct 16 00:43:30 2002
@@ -178,8 +178,7 @@
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
===== drivers/base/fs/class.c 1.2 vs edited =====
--- 1.2/drivers/base/fs/class.c Mon Aug 26 08:39:22 2002
+++ edited/drivers/base/fs/class.c Tue Oct 15 22:24:45 2002
@@ -7,6 +7,8 @@
#include <linux/init.h>
#include <linux/slab.h>
#include <linux/err.h>
+#include <linux/limits.h>
+#include <linux/stat.h>
#include "fs.h"
static struct driver_dir_entry class_dir;
===== drivers/base/fs/intf.c 1.2 vs edited =====
--- 1.2/drivers/base/fs/intf.c Mon Aug 26 09:24:18 2002
+++ edited/drivers/base/fs/intf.c Tue Oct 15 22:24:45 2002
@@ -4,6 +4,8 @@
#include <linux/device.h>
#include <linux/slab.h>
+#include <linux/limits.h>
+#include <linux/errno.h>
#include "fs.h"
/**
===== fs/attr.c 1.10 vs edited =====
--- 1.10/fs/attr.c Mon Jul 22 03:12:48 2002
+++ edited/fs/attr.c Tue Oct 15 23:50:23 2002
@@ -153,13 +153,12 @@
}
if (inode->i_op && inode->i_op->setattr) {
- error = security_ops->inode_setattr(dentry, attr);
- if (!error)
+ if (!(error = security_inode_setattr(dentry, attr)))
error = inode->i_op->setattr(dentry, attr);
} else {
error = inode_change_ok(inode, attr);
if (!error)
- error = security_ops->inode_setattr(dentry, attr);
+ error = security_inode_setattr(dentry, attr);
if (!error) {
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))
===== fs/dquot.c 1.48 vs edited =====
--- 1.48/fs/dquot.c Sun Oct 13 08:39:23 2002
+++ edited/fs/dquot.c Tue Oct 15 22:55:27 2002
@@ -69,6 +69,7 @@
#include <linux/init.h>
#include <linux/module.h>
#include <linux/proc_fs.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
@@ -1305,8 +1306,7 @@
error = -EIO;
if (!f->f_op || !f->f_op->read || !f->f_op->write)
goto out_f;
- error = security_ops->quota_on(f);
- if (error)
+ if ((error = security_quota_on(f)))
goto out_f;
inode = f->f_dentry->d_inode;
error = -EACCES;
===== fs/exec.c 1.51 vs edited =====
--- 1.51/fs/exec.c Sun Oct 13 09:32:22 2002
+++ edited/fs/exec.c Tue Oct 15 23:03:20 2002
@@ -43,6 +43,7 @@
#include <linux/namei.h>
#include <linux/proc_fs.h>
#include <linux/ptrace.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
#include <asm/pgalloc.h>
@@ -818,8 +819,7 @@
}
/* fill in binprm security blob */
- retval = security_ops->bprm_set_security(bprm);
- if (retval)
+ if ((retval = security_bprm_set(bprm)))
return retval;
memset(bprm->buf,0,BINPRM_BUF_SIZE);
@@ -867,7 +867,7 @@
if(do_unlock)
unlock_kernel();
- security_ops->bprm_compute_creds(bprm);
+ security_bprm_compute_creds(bprm);
}
void remove_arg_zero(struct linux_binprm *bprm)
@@ -936,8 +936,7 @@
}
}
#endif
- retval = security_ops->bprm_check_security(bprm);
- if (retval)
+ if ((retval = security_bprm_check(bprm)))
return retval;
/* kernel module loader fixup */
@@ -1033,8 +1032,7 @@
if ((retval = bprm.envc) < 0)
goto out_mm;
- retval = security_ops->bprm_alloc_security(&bprm);
- if (retval)
+ if ((retval = security_bprm_alloc(&bprm)))
goto out;
retval = prepare_binprm(&bprm);
@@ -1057,7 +1055,7 @@
retval = search_binary_handler(&bprm,regs);
if (retval >= 0) {
/* execve success */
- security_ops->bprm_free_security(&bprm);
+ security_bprm_free(&bprm);
return retval;
}
@@ -1070,7 +1068,7 @@
}
if (bprm.security)
- security_ops->bprm_free_security(&bprm);
+ security_bprm_free(&bprm);
out_mm:
mmdrop(bprm.mm);
===== fs/fcntl.c 1.20 vs edited =====
--- 1.20/fs/fcntl.c Sun Oct 13 08:39:40 2002
+++ edited/fs/fcntl.c Wed Oct 16 00:04:50 2002
@@ -274,8 +274,7 @@
{
int err;
- err = security_ops->file_set_fowner(filp);
- if (err)
+ if ((err = security_file_set_fowner(filp)))
return err;
f_modown(filp, arg, current->uid, current->euid, force);
@@ -368,8 +367,7 @@
if (!filp)
goto out;
- err = security_ops->file_fcntl(filp, cmd, arg);
- if (err) {
+ if ((err = security_file_fcntl(filp, cmd, arg))) {
fput(filp);
return err;
}
@@ -392,8 +390,7 @@
if (!filp)
goto out;
- err = security_ops->file_fcntl(filp, cmd, arg);
- if (err) {
+ if ((err = security_file_fcntl(filp, cmd, arg))) {
fput(filp);
return err;
}
@@ -444,7 +441,7 @@
if (!sigio_perm(p, fown))
return;
- if (security_ops->file_send_sigiotask(p, fown, fd, reason))
+ if (security_file_send_sigiotask(p, fown, fd, reason))
return;
switch (fown->signum) {
===== fs/file_table.c 1.13 vs edited =====
--- 1.13/fs/file_table.c Sun Oct 13 08:39:40 2002
+++ edited/fs/file_table.c Wed Oct 16 00:04:27 2002
@@ -46,7 +46,7 @@
files_stat.nr_free_files--;
new_one:
memset(f, 0, sizeof(*f));
- if (security_ops->file_alloc_security(f)) {
+ if (security_file_alloc(f)) {
list_add(&f->f_list, &free_list);
files_stat.nr_free_files++;
file_list_unlock();
@@ -127,7 +127,7 @@
if (file->f_op && file->f_op->release)
file->f_op->release(inode, file);
- security_ops->file_free_security(file);
+ security_file_free(file);
fops_put(file->f_op);
if (file->f_mode & FMODE_WRITE)
put_write_access(inode);
@@ -160,7 +160,7 @@
void put_filp(struct file *file)
{
if(atomic_dec_and_test(&file->f_count)) {
- security_ops->file_free_security(file);
+ security_file_free(file);
file_list_lock();
list_del(&file->f_list);
list_add(&file->f_list, &free_list);
===== fs/inode.c 1.74 vs edited =====
--- 1.74/fs/inode.c Sun Oct 13 08:39:23 2002
+++ edited/fs/inode.c Tue Oct 15 23:49:49 2002
@@ -120,7 +120,7 @@
inode->i_bdev = NULL;
inode->i_cdev = NULL;
inode->i_security = NULL;
- if (security_ops->inode_alloc_security(inode)) {
+ if (security_inode_alloc(inode)) {
if (inode->i_sb->s_op->destroy_inode)
inode->i_sb->s_op->destroy_inode(inode);
else
@@ -146,7 +146,7 @@
{
if (inode_has_buffers(inode))
BUG();
- security_ops->inode_free_security(inode);
+ security_inode_free(inode);
if (inode->i_sb->s_op->destroy_inode) {
inode->i_sb->s_op->destroy_inode(inode);
} else {
@@ -922,7 +922,7 @@
if (inode->i_data.nrpages)
truncate_inode_pages(&inode->i_data, 0);
- security_ops->inode_delete(inode);
+ security_inode_delete(inode);
if (op && op->delete_inode) {
void (*delete)(struct inode *) = op->delete_inode;
===== fs/ioctl.c 1.5 vs edited =====
--- 1.5/fs/ioctl.c Mon Jul 22 03:12:48 2002
+++ edited/fs/ioctl.c Wed Oct 16 00:06:16 2002
@@ -59,8 +59,7 @@
goto out;
error = 0;
- error = security_ops->file_ioctl(filp, cmd, arg);
- if (error) {
+ if ((error = security_file_ioctl(filp, cmd, arg))) {
fput(filp);
goto out;
}
===== fs/locks.c 1.30 vs edited =====
--- 1.30/fs/locks.c Thu Sep 26 10:36:16 2002
+++ edited/fs/locks.c Wed Oct 16 00:06:00 2002
@@ -122,6 +122,7 @@
#include <linux/timer.h>
#include <linux/time.h>
#include <linux/fs.h>
+#include <linux/security.h>
#include <asm/semaphore.h>
#include <asm/uaccess.h>
@@ -1170,8 +1171,7 @@
return -EACCES;
if (!S_ISREG(inode->i_mode))
return -EINVAL;
- error = security_ops->file_lock(filp, arg);
- if (error)
+ if ((error = security_file_lock(filp, arg)))
return error;
lock_kernel();
@@ -1284,8 +1284,7 @@
if (error)
goto out_putf;
- error = security_ops->file_lock(filp, cmd);
- if (error)
+ if ((error = security_file_lock(filp, cmd)))
goto out_free;
for (;;) {
@@ -1434,8 +1433,7 @@
goto out;
}
- error = security_ops->file_lock(filp, file_lock->fl_type);
- if (error)
+ if ((error = security_file_lock(filp, file_lock->fl_type)))
goto out;
if (filp->f_op && filp->f_op->lock != NULL) {
@@ -1574,8 +1572,7 @@
goto out;
}
- error = security_ops->file_lock(filp, file_lock->fl_type);
- if (error)
+ if ((error = security_file_lock(filp, file_lock->fl_type)))
goto out;
if (filp->f_op && filp->f_op->lock != NULL) {
===== fs/namei.c 1.56 vs edited =====
--- 1.56/fs/namei.c Tue Sep 17 12:52:27 2002
+++ edited/fs/namei.c Tue Oct 15 23:47:28 2002
@@ -218,7 +218,7 @@
if (retval)
return retval;
- return security_ops->inode_permission(inode, mask);
+ return security_inode_permission(inode, mask);
}
/*
@@ -340,7 +340,7 @@
return -EACCES;
ok:
- return security_ops->inode_permission_lite(inode, MAY_EXEC);
+ return security_inode_permission_lite(inode, MAY_EXEC);
}
/*
@@ -374,7 +374,7 @@
dput(dentry);
else {
result = dentry;
- security_ops->inode_post_lookup(dir, result);
+ security_inode_post_lookup(dir, result);
}
}
up(&dir->i_sem);
@@ -413,8 +413,7 @@
current->state = TASK_RUNNING;
schedule();
}
- err = security_ops->inode_follow_link(dentry, nd);
- if (err)
+ if ((err = security_inode_follow_link(dentry, nd)))
goto loop;
current->link_count++;
current->total_link_count++;
@@ -918,7 +917,7 @@
dentry = inode->i_op->lookup(inode, new);
if (!dentry) {
dentry = new;
- security_ops->inode_post_lookup(inode, dentry);
+ security_inode_post_lookup(inode, dentry);
} else
dput(new);
}
@@ -1125,14 +1124,13 @@
return -EACCES; /* shouldn't it be ENOSYS? */
mode &= S_IALLUGO;
mode |= S_IFREG;
- error = security_ops->inode_create(dir, dentry, mode);
- if (error)
+ if ((error = security_inode_create(dir, dentry, mode)))
return error;
DQUOT_INIT(dir);
error = dir->i_op->create(dir, dentry, mode);
if (!error) {
inode_dir_notify(dir, DN_CREATE);
- security_ops->inode_post_create(dir, dentry, mode);
+ security_inode_post_create(dir, dentry, mode);
}
return error;
}
@@ -1344,8 +1342,7 @@
* stored in nd->last.name and we will have to putname() it when we
* are done. Procfs-like symlinks just set LAST_BIND.
*/
- error = security_ops->inode_follow_link(dentry, nd);
- if (error)
+ if ((error = security_inode_follow_link(dentry, nd)))
goto exit_dput;
UPDATE_ATIME(dentry->d_inode);
error = dentry->d_inode->i_op->follow_link(dentry, nd);
@@ -1410,15 +1407,14 @@
if (!dir->i_op || !dir->i_op->mknod)
return -EPERM;
- error = security_ops->inode_mknod(dir, dentry, mode, dev);
- if (error)
+ if ((error = security_inode_mknod(dir, dentry, mode, dev)))
return error;
DQUOT_INIT(dir);
error = dir->i_op->mknod(dir, dentry, mode, dev);
if (!error) {
inode_dir_notify(dir, DN_CREATE);
- security_ops->inode_post_mknod(dir, dentry, mode, dev);
+ security_inode_post_mknod(dir, dentry, mode, dev);
}
return error;
}
@@ -1478,15 +1474,14 @@
return -EPERM;
mode &= (S_IRWXUGO|S_ISVTX);
- error = security_ops->inode_mkdir(dir, dentry, mode);
- if (error)
+ if ((error = security_inode_mkdir(dir, dentry, mode)))
return error;
DQUOT_INIT(dir);
error = dir->i_op->mkdir(dir, dentry, mode);
if (!error) {
inode_dir_notify(dir, DN_CREATE);
- security_ops->inode_post_mkdir(dir,dentry, mode);
+ security_inode_post_mkdir(dir,dentry, mode);
}
return error;
}
@@ -1570,8 +1565,7 @@
if (d_mountpoint(dentry))
error = -EBUSY;
else {
- error = security_ops->inode_rmdir(dir, dentry);
- if (!error) {
+ if (!(error = security_inode_rmdir(dir, dentry))) {
error = dir->i_op->rmdir(dir, dentry);
if (!error)
dentry->d_inode->i_flags |= S_DEAD;
@@ -1644,10 +1638,8 @@
if (d_mountpoint(dentry))
error = -EBUSY;
else {
- error = security_ops->inode_unlink(dir, dentry);
- if (!error) {
+ if (!(error = security_inode_unlink(dir, dentry)))
error = dir->i_op->unlink(dir, dentry);
- }
}
up(&dentry->d_inode->i_sem);
if (!error) {
@@ -1709,15 +1701,14 @@
if (!dir->i_op || !dir->i_op->symlink)
return -EPERM;
- error = security_ops->inode_symlink(dir, dentry, oldname);
- if (error)
+ if ((error = security_inode_symlink(dir, dentry, oldname)))
return error;
DQUOT_INIT(dir);
error = dir->i_op->symlink(dir, dentry, oldname);
if (!error) {
inode_dir_notify(dir, DN_CREATE);
- security_ops->inode_post_symlink(dir, dentry, oldname);
+ security_inode_post_symlink(dir, dentry, oldname);
}
return error;
}
@@ -1780,8 +1771,7 @@
if (S_ISDIR(old_dentry->d_inode->i_mode))
return -EPERM;
- error = security_ops->inode_link(old_dentry, dir, new_dentry);
- if (error)
+ if ((error = security_inode_link(old_dentry, dir, new_dentry)))
return error;
down(&old_dentry->d_inode->i_sem);
@@ -1790,7 +1780,7 @@
up(&old_dentry->d_inode->i_sem);
if (!error) {
inode_dir_notify(dir, DN_CREATE);
- security_ops->inode_post_link(old_dentry, dir, new_dentry);
+ security_inode_post_link(old_dentry, dir, new_dentry);
}
return error;
}
@@ -1889,8 +1879,7 @@
return error;
}
- error = security_ops->inode_rename(old_dir, old_dentry, new_dir, new_dentry);
- if (error)
+ if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry)))
return error;
target = new_dentry->d_inode;
@@ -1912,8 +1901,8 @@
}
if (!error) {
d_move(old_dentry,new_dentry);
- security_ops->inode_post_rename(old_dir, old_dentry,
- new_dir, new_dentry);
+ security_inode_post_rename(old_dir, old_dentry,
+ new_dir, new_dentry);
}
return error;
}
@@ -1924,8 +1913,7 @@
struct inode *target;
int error;
- error = security_ops->inode_rename(old_dir, old_dentry, new_dir, new_dentry);
- if (error)
+ if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry)))
return error;
dget(new_dentry);
@@ -1940,7 +1928,7 @@
/* The following d_move() should become unconditional */
if (!(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME))
d_move(old_dentry, new_dentry);
- security_ops->inode_post_rename(old_dir, old_dentry, new_dir, new_dentry);
+ security_inode_post_rename(old_dir, old_dentry, new_dir, new_dentry);
}
if (target)
up(&target->i_sem);
===== fs/namespace.c 1.29 vs edited =====
--- 1.29/fs/namespace.c Tue Sep 17 12:52:27 2002
+++ edited/fs/namespace.c Tue Oct 15 23:17:32 2002
@@ -19,6 +19,7 @@
#include <linux/seq_file.h>
#include <linux/namespace.h>
#include <linux/namei.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
@@ -288,8 +289,7 @@
struct super_block * sb = mnt->mnt_sb;
int retval = 0;
- retval = security_ops->sb_umount(mnt, flags);
- if (retval)
+ if ((retval = security_sb_umount(mnt, flags)))
return retval;
/*
@@ -341,7 +341,7 @@
DQUOT_OFF(sb);
acct_auto_close(sb);
unlock_kernel();
- security_ops->sb_umount_close(mnt);
+ security_sb_umount_close(mnt);
spin_lock(&dcache_lock);
}
retval = -EBUSY;
@@ -352,7 +352,7 @@
}
spin_unlock(&dcache_lock);
if (retval)
- security_ops->sb_umount_busy(mnt);
+ security_sb_umount_busy(mnt);
up_write(¤t->namespace->sem);
return retval;
}
@@ -470,8 +470,7 @@
if (IS_DEADDIR(nd->dentry->d_inode))
goto out_unlock;
- err = security_ops->sb_check_sb(mnt, nd);
- if (err)
+ if ((err = security_sb_check_sb(mnt, nd)))
goto out_unlock;
spin_lock(&dcache_lock);
@@ -487,7 +486,7 @@
out_unlock:
up(&nd->dentry->d_inode->i_sem);
if (!err)
- security_ops->sb_post_addmount(mnt, nd);
+ security_sb_post_addmount(mnt, nd);
return err;
}
@@ -558,7 +557,7 @@
nd->mnt->mnt_flags=mnt_flags;
up_write(&sb->s_umount);
if (!err)
- security_ops->sb_post_remount(nd->mnt, flags, data);
+ security_sb_post_remount(nd->mnt, flags, data);
return err;
}
@@ -741,8 +740,7 @@
if (retval)
return retval;
- retval = security_ops->sb_mount(dev_name, &nd, type_page, flags, data_page);
- if (retval)
+ if ((retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page)))
goto dput_out;
if (flags & MS_REMOUNT)
@@ -939,8 +937,7 @@
if (error)
goto out1;
- error = security_ops->sb_pivotroot(&old_nd, &new_nd);
- if (error) {
+ if ((error = security_sb_pivotroot(&old_nd, &new_nd))) {
path_release(&old_nd);
goto out1;
}
@@ -989,7 +986,7 @@
attach_mnt(new_nd.mnt, &root_parent);
spin_unlock(&dcache_lock);
chroot_fs_refs(&user_nd, &new_nd);
- security_ops->sb_post_pivotroot(&user_nd, &new_nd);
+ security_sb_post_pivotroot(&user_nd, &new_nd);
error = 0;
path_release(&root_parent);
path_release(&parent_nd);
===== fs/open.c 1.28 vs edited =====
--- 1.28/fs/open.c Sun Oct 13 08:39:40 2002
+++ edited/fs/open.c Tue Oct 15 23:19:46 2002
@@ -30,8 +30,7 @@
retval = -ENOSYS;
if (sb->s_op && sb->s_op->statfs) {
memset(buf, 0, sizeof(struct statfs));
- retval = security_ops->sb_statfs(sb);
- if (retval)
+ if ((retval = security_sb_statfs(sb)))
return retval;
retval = sb->s_op->statfs(sb, buf);
}
===== fs/quota.c 1.8 vs edited =====
--- 1.8/fs/quota.c Mon Jul 22 03:12:48 2002
+++ edited/fs/quota.c Tue Oct 15 22:54:46 2002
@@ -98,7 +98,7 @@
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
- return security_ops->quotactl (cmd, type, id, sb);
+ return security_quotactl (cmd, type, id, sb);
}
/* Resolve device pathname to superblock */
===== fs/read_write.c 1.19 vs edited =====
--- 1.19/fs/read_write.c Thu Oct 10 14:36:26 2002
+++ edited/fs/read_write.c Wed Oct 16 00:08:14 2002
@@ -121,8 +121,7 @@
if (!file)
goto bad;
- retval = security_ops->file_llseek(file);
- if (retval) {
+ if ((retval = security_file_llseek(file))) {
fput(file);
goto bad;
}
@@ -153,8 +152,7 @@
if (!file)
goto bad;
- retval = security_ops->file_llseek(file);
- if (retval)
+ if ((retval = security_file_llseek(file)))
goto out_putf;
retval = -EINVAL;
@@ -203,8 +201,7 @@
ret = locks_verify_area(FLOCK_VERIFY_READ, inode, file, *pos, count);
if (!ret) {
- ret = security_ops->file_permission (file, MAY_READ);
- if (!ret) {
+ if (!(ret = security_file_permission (file, MAY_READ))) {
if (file->f_op->read)
ret = file->f_op->read(file, buf, count, pos);
else
@@ -243,8 +240,7 @@
ret = locks_verify_area(FLOCK_VERIFY_WRITE, inode, file, *pos, count);
if (!ret) {
- ret = security_ops->file_permission (file, MAY_WRITE);
- if (!ret) {
+ if (!(ret = security_file_permission (file, MAY_WRITE))) {
if (file->f_op->write)
ret = file->f_op->write(file, buf, count, pos);
else
@@ -475,8 +471,7 @@
goto bad_file;
if (file->f_op && (file->f_mode & FMODE_READ) &&
(file->f_op->readv || file->f_op->read)) {
- ret = security_ops->file_permission (file, MAY_READ);
- if (!ret)
+ if (!(ret = security_file_permission (file, MAY_READ)))
ret = do_readv_writev(READ, file, vector, nr_segs);
}
fput(file);
@@ -498,8 +493,7 @@
goto bad_file;
if (file->f_op && (file->f_mode & FMODE_WRITE) &&
(file->f_op->writev || file->f_op->write)) {
- ret = security_ops->file_permission (file, MAY_WRITE);
- if (!ret)
+ if (!(ret = security_file_permission (file, MAY_WRITE)))
ret = do_readv_writev(WRITE, file, vector, nr_segs);
}
fput(file);
===== fs/readdir.c 1.9 vs edited =====
--- 1.9/fs/readdir.c Mon Jul 22 03:12:48 2002
+++ edited/fs/readdir.c Wed Oct 16 00:06:40 2002
@@ -11,6 +11,7 @@
#include <linux/file.h>
#include <linux/smp_lock.h>
#include <linux/fs.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
@@ -21,8 +22,7 @@
if (!file->f_op || !file->f_op->readdir)
goto out;
- res = security_ops->file_permission(file, MAY_READ);
- if (res)
+ if ((res = security_file_permission(file, MAY_READ)))
goto out;
down(&inode->i_sem);
===== fs/stat.c 1.13 vs edited =====
--- 1.13/fs/stat.c Mon Jul 22 03:12:48 2002
+++ edited/fs/stat.c Tue Oct 15 23:49:19 2002
@@ -39,8 +39,7 @@
struct inode *inode = dentry->d_inode;
int retval;
- retval = security_ops->inode_getattr(mnt, dentry);
- if (retval)
+ if ((retval = security_inode_getattr(mnt, dentry)))
return retval;
if (inode->i_op->getattr)
@@ -238,8 +237,7 @@
error = -EINVAL;
if (inode->i_op && inode->i_op->readlink) {
- error = security_ops->inode_readlink(nd.dentry);
- if (!error) {
+ if (!(error = security_inode_readlink(nd.dentry))) {
UPDATE_ATIME(inode);
error = inode->i_op->readlink(nd.dentry, buf, bufsiz);
}
===== fs/super.c 1.83 vs edited =====
--- 1.83/fs/super.c Mon Sep 9 14:00:57 2002
+++ edited/fs/super.c Tue Oct 15 23:18:44 2002
@@ -29,9 +29,9 @@
#include <linux/quotaops.h>
#include <linux/namei.h>
#include <linux/buffer_head.h> /* for fsync_super() */
+#include <linux/security.h>
#include <asm/uaccess.h>
-#include <linux/security.h>
void get_filesystem(struct file_system_type *fs);
void put_filesystem(struct file_system_type *fs);
@@ -51,7 +51,7 @@
struct super_block *s = kmalloc(sizeof(struct super_block), GFP_USER);
if (s) {
memset(s, 0, sizeof(struct super_block));
- if (security_ops->sb_alloc_security(s)) {
+ if (security_sb_alloc(s)) {
kfree(s);
s = NULL;
goto out;
@@ -85,7 +85,7 @@
*/
static inline void destroy_super(struct super_block *s)
{
- security_ops->sb_free_security(s);
+ security_sb_free(s);
kfree(s);
}
===== fs/xattr.c 1.7 vs edited =====
--- 1.7/fs/xattr.c Mon Jul 22 03:12:48 2002
+++ edited/fs/xattr.c Tue Oct 15 23:51:34 2002
@@ -13,6 +13,7 @@
#include <linux/file.h>
#include <linux/xattr.h>
#include <linux/namei.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
/*
@@ -85,9 +86,7 @@
error = -EOPNOTSUPP;
if (d->d_inode->i_op && d->d_inode->i_op->setxattr) {
- error = security_ops->inode_setxattr(d, kname, kvalue,
- size, flags);
- if (error)
+ if ((error = security_inode_setxattr(d, kname, kvalue, size, flags)))
goto out;
down(&d->d_inode->i_sem);
error = d->d_inode->i_op->setxattr(d, kname, kvalue, size, flags);
@@ -163,8 +162,7 @@
error = -EOPNOTSUPP;
if (d->d_inode->i_op && d->d_inode->i_op->getxattr) {
- error = security_ops->inode_getxattr(d, kname);
- if (error)
+ if ((error = security_inode_getxattr(d, kname)))
goto out;
down(&d->d_inode->i_sem);
error = d->d_inode->i_op->getxattr(d, kname, kvalue, size);
@@ -236,8 +234,7 @@
error = -EOPNOTSUPP;
if (d->d_inode->i_op && d->d_inode->i_op->listxattr) {
- error = security_ops->inode_listxattr(d);
- if (error)
+ if ((error = security_inode_listxattr(d)))
goto out;
down(&d->d_inode->i_sem);
error = d->d_inode->i_op->listxattr(d, klist, size);
@@ -311,8 +308,7 @@
error = -EOPNOTSUPP;
if (d->d_inode->i_op && d->d_inode->i_op->removexattr) {
- error = security_ops->inode_removexattr(d, kname);
- if (error)
+ if ((error = security_inode_removexattr(d, kname)))
goto out;
down(&d->d_inode->i_sem);
error = d->d_inode->i_op->removexattr(d, kname);
===== fs/proc/base.c 1.31 vs edited =====
--- 1.31/fs/proc/base.c Sat Sep 28 08:36:29 2002
+++ edited/fs/proc/base.c Tue Oct 15 23:22:02 2002
@@ -28,6 +28,7 @@
#include <linux/namespace.h>
#include <linux/mm.h>
#include <linux/smp_lock.h>
+#include <linux/security.h>
/*
* For hysterical raisins we keep the same inumbers as in the old procfs.
@@ -394,7 +395,7 @@
};
#define MAY_PTRACE(p) \
-(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ops->ptrace(current,p)==0))
+(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ptrace(current,p)==0))
static int mem_open(struct inode* inode, struct file* file)
===== include/linux/sched.h 1.107 vs edited =====
--- 1.107/include/linux/sched.h Tue Oct 15 15:32:40 2002
+++ edited/include/linux/sched.h Tue Oct 15 22:24:46 2002
@@ -596,9 +596,11 @@
unsigned long, const char *, void *);
extern void free_irq(unsigned int, void *);
+
+#ifdef CONFIG_SECURITY
/* capable prototype and code moved to security.[hc] */
#include <linux/security.h>
-#if 0
+#else
static inline int capable(int cap)
{
if (cap_raised(current->cap_effective, cap)) {
@@ -607,7 +609,7 @@
}
return 0;
}
-#endif /* if 0 */
+#endif
/*
* Routines for handling mm_structs
===== include/linux/security.h 1.4 vs edited =====
--- 1.4/include/linux/security.h Tue Oct 8 02:20:18 2002
+++ edited/include/linux/security.h Wed Oct 16 01:03:50 2002
@@ -22,8 +22,6 @@
#ifndef __LINUX_SECURITY_H
#define __LINUX_SECURITY_H
-#ifdef __KERNEL__
-
#include <linux/fs.h>
#include <linux/binfmts.h>
#include <linux/signal.h>
@@ -33,6 +31,7 @@
#include <linux/shm.h>
#include <linux/msg.h>
+
/*
* Values used in the task_security_ops calls
*/
@@ -848,6 +847,533 @@
struct security_operations *ops);
};
+#ifdef CONFIG_SECURITY
+
+/* global variables */
+extern struct security_operations *security_ops;
+
+/* inline stuff */
+static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
+{
+ return security_ops->ptrace (parent, child);
+}
+
+static inline int security_capget (struct task_struct *target,
+ kernel_cap_t *effective,
+ kernel_cap_t *inheritable,
+ kernel_cap_t *permitted)
+{
+ return security_ops->capget (target, effective, inheritable, permitted);
+}
+
+static inline int security_capset_check (struct task_struct *target,
+ kernel_cap_t *effective,
+ kernel_cap_t *inheritable,
+ kernel_cap_t *permitted)
+{
+ return security_ops->capset_check (target, effective, inheritable, permitted);
+}
+
+static inline void security_capset_set (struct task_struct *target,
+ kernel_cap_t *effective,
+ kernel_cap_t *inheritable,
+ kernel_cap_t *permitted)
+{
+ security_ops->capset_set (target, effective, inheritable, permitted);
+}
+
+static inline int security_acct (struct file *file)
+{
+ return security_ops->acct (file);
+}
+
+static inline int security_quotactl (int cmds, int type, int id,
+ struct super_block *sb)
+{
+ return security_ops->quotactl (cmds, type, id, sb);
+}
+
+static inline int security_quota_on (struct file * file)
+{
+ return security_ops->quota_on (file);
+}
+
+static inline int security_bprm_alloc (struct linux_binprm *bprm)
+{
+ return security_ops->bprm_alloc_security (bprm);
+}
+static inline void security_bprm_free (struct linux_binprm *bprm)
+{
+ security_ops->bprm_free_security (bprm);
+}
+static inline void security_bprm_compute_creds (struct linux_binprm *bprm)
+{
+ security_ops->bprm_compute_creds (bprm);
+}
+static inline int security_bprm_set (struct linux_binprm *bprm)
+{
+ return security_ops->bprm_set_security (bprm);
+}
+static inline int security_bprm_check (struct linux_binprm *bprm)
+{
+ return security_ops->bprm_check_security (bprm);
+}
+
+static inline int security_sb_alloc (struct super_block *sb)
+{
+ return security_ops->sb_alloc_security (sb);
+}
+
+static inline void security_sb_free (struct super_block *sb)
+{
+ security_ops->sb_free_security (sb);
+}
+
+static inline int security_sb_statfs (struct super_block *sb)
+{
+ return security_ops->sb_statfs (sb);
+}
+
+static inline int security_sb_mount (char *dev_name, struct nameidata *nd,
+ char *type, unsigned long flags,
+ void *data)
+{
+ return security_ops->sb_mount (dev_name, nd, type, flags, data);
+}
+
+static inline int security_sb_check_sb (struct vfsmount *mnt,
+ struct nameidata *nd)
+{
+ return security_ops->sb_check_sb (mnt, nd);
+}
+
+static inline int security_sb_umount (struct vfsmount *mnt, int flags)
+{
+ return security_ops->sb_umount (mnt, flags);
+}
+
+static inline void security_sb_umount_close (struct vfsmount *mnt)
+{
+ security_ops->sb_umount_close (mnt);
+}
+
+static inline void security_sb_umount_busy (struct vfsmount *mnt)
+{
+ security_ops->sb_umount_busy (mnt);
+}
+
+static inline void security_sb_post_remount (struct vfsmount *mnt,
+ unsigned long flags, void *data)
+{
+ security_ops->sb_post_remount (mnt, flags, data);
+}
+
+static inline void security_sb_post_mountroot (void)
+{
+ security_ops->sb_post_mountroot ();
+}
+
+static inline void security_sb_post_addmount (struct vfsmount *mnt,
+ struct nameidata *mountpoint_nd)
+{
+ security_ops->sb_post_addmount (mnt, mountpoint_nd);
+}
+
+static inline int security_sb_pivotroot (struct nameidata *old_nd,
+ struct nameidata *new_nd)
+{
+ return security_ops->sb_pivotroot (old_nd, new_nd);
+}
+
+static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
+ struct nameidata *new_nd)
+{
+ security_ops->sb_post_pivotroot (old_nd, new_nd);
+}
+
+static inline int security_inode_alloc (struct inode *inode)
+{
+ return security_ops->inode_alloc_security (inode);
+}
+
+static inline void security_inode_free (struct inode *inode)
+{
+ security_ops->inode_free_security (inode);
+}
+
+static inline int security_inode_create (struct inode *dir,
+ struct dentry *dentry,
+ int mode)
+{
+ return security_ops->inode_create (dir, dentry, mode);
+}
+
+static inline void security_inode_post_create (struct inode *dir,
+ struct dentry *dentry,
+ int mode)
+{
+ security_ops->inode_post_create (dir, dentry, mode);
+}
+
+static inline int security_inode_link (struct dentry *old_dentry,
+ struct inode *dir,
+ struct dentry *new_dentry)
+{
+ return security_ops->inode_link (old_dentry, dir, new_dentry);
+}
+
+static inline void security_inode_post_link (struct dentry *old_dentry,
+ struct inode *dir,
+ struct dentry *new_dentry)
+{
+ security_ops->inode_post_link (old_dentry, dir, new_dentry);
+}
+
+static inline int security_inode_unlink (struct inode *dir,
+ struct dentry *dentry)
+{
+ return security_ops->inode_unlink (dir, dentry);
+}
+
+static inline int security_inode_symlink (struct inode *dir,
+ struct dentry *dentry,
+ const char *old_name)
+{
+ return security_ops->inode_symlink (dir, dentry, old_name);
+}
+
+static inline void security_inode_post_symlink (struct inode *dir,
+ struct dentry *dentry,
+ const char *old_name)
+{
+ security_ops->inode_post_symlink (dir, dentry, old_name);
+}
+
+static inline int security_inode_mkdir (struct inode *dir,
+ struct dentry *dentry,
+ int mode)
+{
+ return security_ops->inode_mkdir (dir, dentry, mode);
+}
+
+static inline void security_inode_post_mkdir (struct inode *dir,
+ struct dentry *dentry,
+ int mode)
+{
+ security_ops->inode_post_mkdir (dir, dentry, mode);
+}
+
+static inline int security_inode_rmdir (struct inode *dir,
+ struct dentry *dentry)
+{
+ return security_ops->inode_rmdir (dir, dentry);
+}
+
+static inline int security_inode_mknod (struct inode *dir,
+ struct dentry *dentry,
+ int mode, dev_t dev)
+{
+ return security_ops->inode_mknod (dir, dentry, mode, dev);
+}
+
+static inline void security_inode_post_mknod (struct inode *dir,
+ struct dentry *dentry,
+ int mode, dev_t dev)
+{
+ security_ops->inode_post_mknod (dir, dentry, mode, dev);
+}
+
+static inline int security_inode_rename (struct inode *old_dir,
+ struct dentry *old_dentry,
+ struct inode *new_dir,
+ struct dentry *new_dentry)
+{
+ return security_ops->inode_rename (old_dir, old_dentry,
+ new_dir, new_dentry);
+}
+
+static inline void security_inode_post_rename (struct inode *old_dir,
+ struct dentry *old_dentry,
+ struct inode *new_dir,
+ struct dentry *new_dentry)
+{
+ security_ops->inode_post_rename (old_dir, old_dentry,
+ new_dir, new_dentry);
+}
+
+static inline int security_inode_readlink (struct dentry *dentry)
+{
+ return security_ops->inode_readlink (dentry);
+}
+
+static inline int security_inode_follow_link (struct dentry *dentry,
+ struct nameidata *nd)
+{
+ return security_ops->inode_follow_link (dentry, nd);
+}
+
+static inline int security_inode_permission (struct inode *inode, int mask)
+{
+ return security_ops->inode_permission (inode, mask);
+}
+
+static inline int security_inode_permission_lite (struct inode *inode,
+ int mask)
+{
+ return security_ops->inode_permission_lite (inode, mask);
+}
+
+static inline int security_inode_setattr (struct dentry *dentry,
+ struct iattr *attr)
+{
+ return security_ops->inode_setattr (dentry, attr);
+}
+
+static inline int security_inode_getattr (struct vfsmount *mnt,
+ struct dentry *dentry)
+{
+ return security_ops->inode_getattr (mnt, dentry);
+}
+
+static inline void security_inode_post_lookup (struct inode *inode,
+ struct dentry *dentry)
+{
+ security_ops->inode_post_lookup (inode, dentry);
+}
+
+static inline void security_inode_delete (struct inode *inode)
+{
+ security_ops->inode_delete (inode);
+}
+
+static inline int security_inode_setxattr (struct dentry *dentry, char *name,
+ void *value, size_t size, int flags)
+{
+ return security_ops->inode_setxattr (dentry, name, value, size, flags);
+}
+
+static inline int security_inode_getxattr (struct dentry *dentry, char *name)
+{
+ return security_ops->inode_getxattr (dentry, name);
+}
+
+static inline int security_inode_listxattr (struct dentry *dentry)
+{
+ return security_ops->inode_listxattr (dentry);
+}
+
+static inline int security_inode_removexattr (struct dentry *dentry, char *name)
+{
+ return security_ops->inode_removexattr (dentry, name);
+}
+
+static inline int security_file_permission (struct file *file, int mask)
+{
+ return security_ops->file_permission (file, mask);
+}
+
+static inline int security_file_alloc (struct file *file)
+{
+ return security_ops->file_alloc_security (file);
+}
+
+static inline void security_file_free (struct file *file)
+{
+ security_ops->file_free_security (file);
+}
+
+static inline int security_file_llseek (struct file *file)
+{
+ return security_ops->file_llseek (file);
+}
+
+static inline int security_file_ioctl (struct file *file, unsigned int cmd,
+ unsigned long arg)
+{
+ return security_ops->file_ioctl (file, cmd, arg);
+}
+
+static inline int security_file_mmap (struct file *file, unsigned long prot,
+ unsigned long flags)
+{
+ return security_ops->file_mmap (file, prot, flags);
+}
+
+static inline int security_file_mprotect (struct vm_area_struct *vma,
+ unsigned long prot)
+{
+ return security_ops->file_mprotect (vma, prot);
+}
+
+static inline int security_file_lock (struct file *file, unsigned int cmd)
+{
+ return security_ops->file_lock (file, cmd);
+}
+
+static inline int security_file_fcntl (struct file *file, unsigned int cmd,
+ unsigned long arg)
+{
+ return security_ops->file_fcntl (file, cmd, arg);
+}
+
+static inline int security_file_set_fowner (struct file *file)
+{
+ return security_ops->file_set_fowner (file);
+}
+
+static inline int security_file_send_sigiotask (struct task_struct *tsk,
+ struct fown_struct *fown,
+ int fd, int reason)
+{
+ return security_ops->file_send_sigiotask (tsk, fown, fd, reason);
+}
+
+static inline int security_file_receive (struct file *file)
+{
+ return security_ops->file_receive (file);
+}
+
+static inline int security_task_create (unsigned long clone_flags)
+{
+ return security_ops->task_create (clone_flags);
+}
+
+static inline int security_task_alloc (struct task_struct *p)
+{
+ return security_ops->task_alloc_security (p);
+}
+
+static inline void security_task_free (struct task_struct *p)
+{
+ security_ops->task_free_security (p);
+}
+
+static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2,
+ int flags)
+{
+ return security_ops->task_setuid (id0, id1, id2, flags);
+}
+
+static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid,
+ uid_t old_suid, int flags)
+{
+ return security_ops->task_post_setuid (old_ruid, old_euid, old_suid, flags);
+}
+
+static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2,
+ int flags)
+{
+ return security_ops->task_setgid (id0, id1, id2, flags);
+}
+
+static inline int security_task_setpgid (struct task_struct *p, pid_t pgid)
+{
+ return security_ops->task_setpgid (p, pgid);
+}
+
+static inline int security_task_getpgid (struct task_struct *p)
+{
+ return security_ops->task_getpgid (p);
+}
+
+static inline int security_task_getsid (struct task_struct *p)
+{
+ return security_ops->task_getsid (p);
+}
+
+static inline int security_task_setgroups (int gidsetsize, gid_t *grouplist)
+{
+ return security_ops->task_setgroups (gidsetsize, grouplist);
+}
+
+static inline int security_task_setnice (struct task_struct *p, int nice)
+{
+ return security_ops->task_setnice (p, nice);
+}
+
+static inline int security_task_setrlimit (unsigned int resource,
+ struct rlimit *new_rlim)
+{
+ return security_ops->task_setrlimit (resource, new_rlim);
+}
+
+static inline int security_task_setscheduler (struct task_struct *p,
+ int policy,
+ struct sched_param *lp)
+{
+ return security_ops->task_setscheduler (p, policy, lp);
+}
+
+static inline int security_task_getscheduler (struct task_struct *p)
+{
+ return security_ops->task_getscheduler (p);
+}
+
+static inline int security_task_kill (struct task_struct *p,
+ struct siginfo *info, int sig)
+{
+ return security_ops->task_kill (p, info, sig);
+}
+
+static inline int security_task_wait (struct task_struct *p)
+{
+ return security_ops->task_wait (p);
+}
+
+static inline int security_task_prctl (int option, unsigned long arg2,
+ unsigned long arg3,
+ unsigned long arg4,
+ unsigned long arg5)
+{
+ return security_ops->task_prctl (option, arg2, arg3, arg4, arg5);
+}
+
+static inline void security_task_kmod_set_label (void)
+{
+ security_ops->task_kmod_set_label ();
+}
+
+static inline void security_task_reparent_to_init (struct task_struct *p)
+{
+ security_ops->task_reparent_to_init (p);
+}
+
+static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
+ short flag)
+{
+ return security_ops->ipc_permission (ipcp, flag);
+}
+
+static inline int security_msg_queue_alloc (struct msg_queue *msq)
+{
+ return security_ops->msg_queue_alloc_security (msq);
+}
+
+static inline void security_msg_queue_free (struct msg_queue *msq)
+{
+ security_ops->msg_queue_free_security (msq);
+}
+
+static inline int security_shm_alloc (struct shmid_kernel *shp)
+{
+ return security_ops->shm_alloc_security (shp);
+}
+
+static inline void security_shm_free (struct shmid_kernel *shp)
+{
+ security_ops->shm_free_security (shp);
+}
+
+static inline int security_sem_alloc (struct sem_array *sma)
+{
+ return security_ops->sem_alloc_security (sma);
+}
+
+static inline void security_sem_free (struct sem_array *sma)
+{
+ security_ops->sem_free_security (sma);
+}
+
/* prototypes */
extern int security_scaffolding_startup (void);
@@ -857,11 +1383,481 @@
extern int mod_unreg_security (const char *name, struct security_operations *ops);
extern int capable (int cap);
-/* global variables */
-extern struct security_operations *security_ops;
+#else /* CONFIG_SECURITY */
+
+static inline int security_scaffolding_startup (void) { return 0; }
+
+static inline int security_ptrace (struct task_struct *parent, struct task_struct * child)
+{
+ return 0;
+}
+
+static inline int security_capget (struct task_struct *target,
+ kernel_cap_t *effective,
+ kernel_cap_t *inheritable,
+ kernel_cap_t *permitted)
+{
+ return 0;
+}
+
+static inline int security_capset_check (struct task_struct *target,
+ kernel_cap_t *effective,
+ kernel_cap_t *inheritable,
+ kernel_cap_t *permitted)
+{
+ return 0;
+}
+
+static inline void security_capset_set (struct task_struct *target,
+ kernel_cap_t *effective,
+ kernel_cap_t *inheritable,
+ kernel_cap_t *permitted)
+{ }
+
+static inline int security_acct (struct file *file)
+{
+ return 0;
+}
+
+static inline int security_quotactl (int cmds, int type, int id,
+ struct super_block * sb)
+{
+ return 0;
+}
+
+static inline int security_quota_on (struct file * file)
+{
+ return 0;
+}
+
+static inline int security_bprm_alloc (struct linux_binprm *bprm)
+{
+ return 0;
+}
+static inline void security_bprm_free (struct linux_binprm *bprm)
+{ }
+static inline void security_bprm_compute_creds (struct linux_binprm *bprm)
+{ }
+static inline int security_bprm_set (struct linux_binprm *bprm)
+{
+ return 0;
+}
+static inline int security_bprm_check (struct linux_binprm *bprm)
+{
+ return 0;
+}
+
+static inline int security_sb_alloc (struct super_block *sb)
+{
+ return 0;
+}
+
+static inline void security_sb_free (struct super_block *sb)
+{ }
+
+static inline int security_sb_statfs (struct super_block *sb)
+{
+ return 0;
+}
+
+static inline int security_sb_mount (char *dev_name, struct nameidata *nd,
+ char *type, unsigned long flags,
+ void *data)
+{
+ return 0;
+}
+
+static inline int security_sb_check_sb (struct vfsmount *mnt,
+ struct nameidata *nd)
+{
+ return 0;
+}
+
+static inline int security_sb_umount (struct vfsmount *mnt, int flags)
+{
+ return 0;
+}
+
+static inline void security_sb_umount_close (struct vfsmount *mnt)
+{ }
+
+static inline void security_sb_umount_busy (struct vfsmount *mnt)
+{ }
+
+static inline void security_sb_post_remount (struct vfsmount *mnt,
+ unsigned long flags, void *data)
+{ }
+
+static inline void security_sb_post_mountroot (void)
+{ }
+
+static inline void security_sb_post_addmount (struct vfsmount *mnt,
+ struct nameidata *mountpoint_nd)
+{ }
+
+static inline int security_sb_pivotroot (struct nameidata *old_nd,
+ struct nameidata *new_nd)
+{
+ return 0;
+}
+
+static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
+ struct nameidata *new_nd)
+{ }
+
+static inline int security_inode_alloc (struct inode *inode)
+{
+ return 0;
+}
+
+static inline void security_inode_free (struct inode *inode)
+{ }
+
+static inline int security_inode_create (struct inode *dir,
+ struct dentry *dentry,
+ int mode)
+{
+ return 0;
+}
+
+static inline void security_inode_post_create (struct inode *dir,
+ struct dentry *dentry,
+ int mode)
+{ }
+
+static inline int security_inode_link (struct dentry *old_dentry,
+ struct inode *dir,
+ struct dentry *new_dentry)
+{
+ return 0;
+}
+
+static inline void security_inode_post_link (struct dentry *old_dentry,
+ struct inode *dir,
+ struct dentry *new_dentry)
+{ }
+
+static inline int security_inode_unlink (struct inode *dir,
+ struct dentry *dentry)
+{
+ return 0;
+}
+
+static inline int security_inode_symlink (struct inode *dir,
+ struct dentry *dentry,
+ const char *old_name)
+{
+ return 0;
+}
+
+static inline void security_inode_post_symlink (struct inode *dir,
+ struct dentry *dentry,
+ const char *old_name)
+{ }
+
+static inline int security_inode_mkdir (struct inode *dir,
+ struct dentry *dentry,
+ int mode)
+{
+ return 0;
+}
+
+static inline void security_inode_post_mkdir (struct inode *dir,
+ struct dentry *dentry,
+ int mode)
+{ }
+
+static inline int security_inode_rmdir (struct inode *dir,
+ struct dentry *dentry)
+{
+ return 0;
+}
+
+static inline int security_inode_mknod (struct inode *dir,
+ struct dentry *dentry,
+ int mode, dev_t dev)
+{
+ return 0;
+}
+
+static inline void security_inode_post_mknod (struct inode *dir,
+ struct dentry *dentry,
+ int mode, dev_t dev)
+{ }
+
+static inline int security_inode_rename (struct inode *old_dir,
+ struct dentry *old_dentry,
+ struct inode *new_dir,
+ struct dentry *new_dentry)
+{
+ return 0;
+}
+
+static inline void security_inode_post_rename (struct inode *old_dir,
+ struct dentry *old_dentry,
+ struct inode *new_dir,
+ struct dentry *new_dentry)
+{ }
+
+static inline int security_inode_readlink (struct dentry *dentry)
+{
+ return 0;
+}
+
+static inline int security_inode_follow_link (struct dentry *dentry,
+ struct nameidata *nd)
+{
+ return 0;
+}
+
+static inline int security_inode_permission (struct inode *inode, int mask)
+{
+ return 0;
+}
+
+static inline int security_inode_permission_lite (struct inode *inode,
+ int mask)
+{
+ return 0;
+}
+
+static inline int security_inode_setattr (struct dentry *dentry,
+ struct iattr *attr)
+{
+ return 0;
+}
+
+static inline int security_inode_getattr (struct vfsmount *mnt,
+ struct dentry *dentry)
+{
+ return 0;
+}
+
+static inline void security_inode_post_lookup (struct inode *inode,
+ struct dentry *dentry)
+{ }
+
+static inline void security_inode_delete (struct inode *inode)
+{ }
+
+static inline int security_inode_setxattr (struct dentry *dentry, char *name,
+ void *value, size_t size, int flags)
+{
+ return 0;
+}
+
+static inline int security_inode_getxattr (struct dentry *dentry, char *name)
+{
+ return 0;
+}
+
+static inline int security_inode_listxattr (struct dentry *dentry)
+{
+ return 0;
+}
+
+static inline int security_inode_removexattr (struct dentry *dentry, char *name)
+{
+ return 0;
+}
+
+static inline int security_file_permission (struct file *file, int mask)
+{
+ return 0;
+}
+
+static inline int security_file_alloc (struct file *file)
+{
+ return 0;
+}
+
+static inline void security_file_free (struct file *file)
+{ }
+
+static inline int security_file_llseek (struct file *file)
+{
+ return 0;
+}
+
+static inline int security_file_ioctl (struct file *file, unsigned int cmd,
+ unsigned long arg)
+{
+ return 0;
+}
+
+static inline int security_file_mmap (struct file *file, unsigned long prot,
+ unsigned long flags)
+{
+ return 0;
+}
+
+static inline int security_file_mprotect (struct vm_area_struct *vma,
+ unsigned long prot)
+{
+ return 0;
+}
+
+static inline int security_file_lock (struct file *file, unsigned int cmd)
+{
+ return 0;
+}
+
+static inline int security_file_fcntl (struct file *file, unsigned int cmd,
+ unsigned long arg)
+{
+ return 0;
+}
+
+static inline int security_file_set_fowner (struct file *file)
+{
+ return 0;
+}
+
+static inline int security_file_send_sigiotask (struct task_struct *tsk,
+ struct fown_struct *fown,
+ int fd, int reason)
+{
+ return 0;
+}
+
+static inline int security_file_receive (struct file *file)
+{
+ return 0;
+}
+
+static inline int security_task_create (unsigned long clone_flags)
+{
+ return 0;
+}
+
+static inline int security_task_alloc (struct task_struct *p)
+{
+ return 0;
+}
+
+static inline void security_task_free (struct task_struct *p)
+{ }
+
+static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2,
+ int flags)
+{
+ return 0;
+}
+
+static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid,
+ uid_t old_suid, int flags)
+{
+ return 0;
+}
+
+static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2,
+ int flags)
+{
+ return 0;
+}
+
+static inline int security_task_setpgid (struct task_struct *p, pid_t pgid)
+{
+ return 0;
+}
+
+static inline int security_task_getpgid (struct task_struct *p)
+{
+ return 0;
+}
+
+static inline int security_task_getsid (struct task_struct *p)
+{
+ return 0;
+}
+
+static inline int security_task_setgroups (int gidsetsize, gid_t *grouplist)
+{
+ return 0;
+}
+
+static inline int security_task_setnice (struct task_struct *p, int nice)
+{
+ return 0;
+}
+
+static inline int security_task_setrlimit (unsigned int resource,
+ struct rlimit *new_rlim)
+{
+ return 0;
+}
+
+static inline int security_task_setscheduler (struct task_struct *p,
+ int policy,
+ struct sched_param *lp)
+{
+ return 0;
+}
+
+static inline int security_task_getscheduler (struct task_struct *p)
+{
+ return 0;
+}
+
+static inline int security_task_kill (struct task_struct *p,
+ struct siginfo *info, int sig)
+{
+ return 0;
+}
+
+static inline int security_task_wait (struct task_struct *p)
+{
+ return 0;
+}
+
+static inline int security_task_prctl (int option, unsigned long arg2,
+ unsigned long arg3,
+ unsigned long arg4,
+ unsigned long arg5)
+{
+ return 0;
+}
+
+static inline void security_task_kmod_set_label (void)
+{ }
+
+static inline void security_task_reparent_to_init (struct task_struct *p)
+{ }
+
+static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
+ short flag)
+{
+ return 0;
+}
+
+static inline int security_msg_queue_alloc (struct msg_queue *msq)
+{
+ return 0;
+}
+
+static inline void security_msg_queue_free (struct msg_queue *msq)
+{ }
+
+static inline int security_shm_alloc (struct shmid_kernel *shp)
+{
+ return 0;
+}
+
+static inline void security_shm_free (struct shmid_kernel *shp)
+{ }
+
+static inline int security_sem_alloc (struct sem_array *sma)
+{
+ return 0;
+}
+
+static inline void security_sem_free (struct sem_array *sma)
+{ }
+
+
+#endif /* CONFIG_SECURITY */
-#endif /* __KERNEL__ */
#endif /* ! __LINUX_SECURITY_H */
===== init/do_mounts.c 1.25 vs edited =====
--- 1.25/init/do_mounts.c Fri Oct 4 13:51:37 2002
+++ edited/init/do_mounts.c Wed Oct 16 00:36:15 2002
@@ -12,6 +12,7 @@
#include <linux/init.h>
#include <linux/suspend.h>
#include <linux/root_dev.h>
+#include <linux/security.h>
#include <linux/nfs_fs.h>
#include <linux/nfs_fs_sb.h>
@@ -799,7 +800,7 @@
sys_umount("/dev", 0);
sys_mount(".", "/", NULL, MS_MOVE, NULL);
sys_chroot(".");
- security_ops->sb_post_mountroot();
+ security_sb_post_mountroot();
mount_devfs_fs ();
}
===== ipc/msg.c 1.7 vs edited =====
--- 1.7/ipc/msg.c Tue Oct 8 02:20:42 2002
+++ edited/ipc/msg.c Wed Oct 16 00:37:48 2002
@@ -101,15 +101,14 @@
msq->q_perm.key = key;
msq->q_perm.security = NULL;
- retval = security_ops->msg_queue_alloc_security(msq);
- if (retval) {
+ if ((retval = security_msg_queue_alloc(msq))) {
kfree(msq);
return retval;
}
id = ipc_addid(&msg_ids, &msq->q_perm, msg_ctlmni);
if(id == -1) {
- security_ops->msg_queue_free_security(msq);
+ security_msg_queue_free(msq);
kfree(msq);
return -ENOSPC;
}
@@ -281,7 +280,7 @@
free_msg(msg);
}
atomic_sub(msq->q_cbytes, &msg_bytes);
- security_ops->msg_queue_free_security(msq);
+ security_msg_queue_free(msq);
kfree(msq);
}
===== ipc/sem.c 1.12 vs edited =====
--- 1.12/ipc/sem.c Tue Oct 8 02:20:46 2002
+++ edited/ipc/sem.c Wed Oct 16 00:38:28 2002
@@ -136,15 +136,14 @@
sma->sem_perm.key = key;
sma->sem_perm.security = NULL;
- retval = security_ops->sem_alloc_security(sma);
- if (retval) {
+ if ((retval = security_sem_alloc(sma))) {
ipc_free(sma, size);
return retval;
}
id = ipc_addid(&sem_ids, &sma->sem_perm, sc_semmni);
if(id == -1) {
- security_ops->sem_free_security(sma);
+ security_sem_free(sma);
ipc_free(sma, size);
return -ENOSPC;
}
@@ -427,7 +426,7 @@
used_sems -= sma->sem_nsems;
size = sizeof (*sma) + sma->sem_nsems * sizeof (struct sem);
- security_ops->sem_free_security(sma);
+ security_sem_free(sma);
ipc_free(sma, size);
}
===== ipc/shm.c 1.18 vs edited =====
--- 1.18/ipc/shm.c Tue Oct 8 02:29:20 2002
+++ edited/ipc/shm.c Wed Oct 16 00:39:00 2002
@@ -116,7 +116,7 @@
shm_unlock(shp->id);
shmem_lock(shp->shm_file, 0);
fput (shp->shm_file);
- security_ops->shm_free_security(shp);
+ security_shm_free(shp);
kfree (shp);
}
@@ -188,8 +188,7 @@
shp->shm_flags = (shmflg & S_IRWXUGO);
shp->shm_perm.security = NULL;
- error = security_ops->shm_alloc_security(shp);
- if (error) {
+ if ((error = security_shm_alloc(shp))) {
kfree(shp);
return error;
}
@@ -222,7 +221,7 @@
no_id:
fput(file);
no_file:
- security_ops->shm_free_security(shp);
+ security_shm_free(shp);
kfree(shp);
return error;
}
===== ipc/util.c 1.6 vs edited =====
--- 1.6/ipc/util.c Tue Oct 8 02:01:30 2002
+++ edited/ipc/util.c Wed Oct 16 00:39:12 2002
@@ -264,7 +264,7 @@
!capable(CAP_IPC_OWNER))
return -1;
- return security_ops->ipc_permission(ipcp, flag);
+ return security_ipc_permission(ipcp, flag);
}
/*
===== kernel/acct.c 1.12 vs edited =====
--- 1.12/kernel/acct.c Mon Jul 22 03:12:48 2002
+++ edited/kernel/acct.c Tue Oct 15 22:53:28 2002
@@ -49,6 +49,7 @@
#include <linux/acct.h>
#include <linux/file.h>
#include <linux/tty.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
/*
@@ -222,8 +223,7 @@
}
}
- error = security_ops->acct(file);
- if (error)
+ if ((error = security_acct(file)))
return error;
spin_lock(&acct_globals.lock);
===== kernel/capability.c 1.6 vs edited =====
--- 1.6/kernel/capability.c Sat Sep 14 06:18:49 2002
+++ edited/kernel/capability.c Tue Oct 15 22:34:12 2002
@@ -8,6 +8,7 @@
*/
#include <linux/mm.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */
@@ -63,7 +64,7 @@
data.permitted = cap_t(target->cap_permitted);
data.inheritable = cap_t(target->cap_inheritable);
data.effective = cap_t(target->cap_effective);
- ret = security_ops->capget(target, &data.effective, &data.inheritable, &data.permitted);
+ ret = security_capget(target, &data.effective, &data.inheritable, &data.permitted);
out:
read_unlock(&tasklist_lock);
@@ -88,7 +89,7 @@
do_each_thread(g, target) {
if (target->pgrp != pgrp)
continue;
- security_ops->capset_set(target, effective, inheritable, permitted);
+ security_capset_set(target, effective, inheritable, permitted);
} while_each_thread(g, target);
}
@@ -105,7 +106,7 @@
do_each_thread(g, target) {
if (target == current || target->pid == 1)
continue;
- security_ops->capset_set(target, effective, inheritable, permitted);
+ security_capset_set(target, effective, inheritable, permitted);
} while_each_thread(g, target);
}
@@ -163,7 +164,7 @@
ret = -EPERM;
- if (security_ops->capset_check(target, &effective, &inheritable, &permitted))
+ if (security_capset_check(target, &effective, &inheritable, &permitted))
goto out;
if (!cap_issubset(inheritable, cap_combine(target->cap_inheritable,
@@ -190,7 +191,7 @@
else /* all procs in process group */
cap_set_pg(-pid, &effective, &inheritable, &permitted);
} else {
- security_ops->capset_set(target, &effective, &inheritable, &permitted);
+ security_capset_set(target, &effective, &inheritable, &permitted);
}
out:
===== kernel/exit.c 1.72 vs edited =====
--- 1.72/kernel/exit.c Tue Oct 15 15:08:06 2002
+++ edited/kernel/exit.c Wed Oct 16 00:35:10 2002
@@ -67,7 +67,7 @@
wait_task_inactive(p);
atomic_dec(&p->user->processes);
- security_ops->task_free_security(p);
+ security_task_free(p);
free_uid(p->user);
write_lock_irq(&tasklist_lock);
if (unlikely(p->ptrace))
@@ -248,7 +248,7 @@
/* cpus_allowed? */
/* rt_priority? */
/* signals? */
- security_ops->task_reparent_to_init(current);
+ security_task_reparent_to_init(current);
memcpy(current->rlim, init_task.rlim, sizeof(*(current->rlim)));
current->user = INIT_USER;
@@ -774,7 +774,7 @@
if (current->tgid != p->tgid && delay_group_leader(p))
return 2;
- if (security_ops->task_wait(p))
+ if (security_task_wait(p))
return 0;
return 1;
===== kernel/fork.c 1.87 vs edited =====
--- 1.87/kernel/fork.c Mon Oct 7 15:17:19 2002
+++ edited/kernel/fork.c Wed Oct 16 00:28:30 2002
@@ -682,8 +682,7 @@
if ((clone_flags & CLONE_DETACHED) && !(clone_flags & CLONE_THREAD))
return ERR_PTR(-EINVAL);
- retval = security_ops->task_create(clone_flags);
- if (retval)
+ if ((retval = security_task_create(clone_flags)))
goto fork_out;
retval = -ENOMEM;
@@ -772,7 +771,7 @@
INIT_LIST_HEAD(&p->local_pages);
retval = -ENOMEM;
- if (security_ops->task_alloc_security(p))
+ if (security_task_alloc(p))
goto bad_fork_cleanup;
/* copy all the process information */
if (copy_semundo(clone_flags, p))
@@ -922,7 +921,7 @@
bad_fork_cleanup_semundo:
exit_semundo(p);
bad_fork_cleanup_security:
- security_ops->task_free_security(p);
+ security_task_free(p);
bad_fork_cleanup:
if (p->pid > 0)
free_pidmap(p->pid);
===== kernel/kmod.c 1.15 vs edited =====
--- 1.15/kernel/kmod.c Tue Oct 1 01:54:49 2002
+++ edited/kernel/kmod.c Wed Oct 16 00:28:59 2002
@@ -29,6 +29,7 @@
#include <linux/completion.h>
#include <linux/file.h>
#include <linux/workqueue.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
@@ -134,7 +135,7 @@
/* Give kmod all effective privileges.. */
curtask->euid = curtask->fsuid = 0;
curtask->egid = curtask->fsgid = 0;
- security_ops->task_kmod_set_label();
+ security_task_kmod_set_label();
/* Allow execve args to be in kernel space. */
set_fs(KERNEL_DS);
===== kernel/ptrace.c 1.18 vs edited =====
--- 1.18/kernel/ptrace.c Sun Sep 15 19:57:15 2002
+++ edited/kernel/ptrace.c Wed Oct 16 00:11:10 2002
@@ -14,6 +14,7 @@
#include <linux/pagemap.h>
#include <linux/smp_lock.h>
#include <linux/ptrace.h>
+#include <linux/security.h>
#include <asm/pgtable.h>
#include <asm/uaccess.h>
@@ -100,8 +101,7 @@
/* the same process cannot be attached many times */
if (task->ptrace & PT_PTRACED)
goto bad;
- retval = security_ops->ptrace(current, task);
- if (retval)
+ if ((retval = security_ptrace(current, task)))
goto bad;
/* Go */
===== kernel/sched.c 1.140 vs edited =====
--- 1.140/kernel/sched.c Mon Oct 14 05:30:06 2002
+++ edited/kernel/sched.c Wed Oct 16 00:29:50 2002
@@ -1329,8 +1329,7 @@
if (nice > 19)
nice = 19;
- retval = security_ops->task_setnice(current, nice);
- if (retval)
+ if ((retval = security_task_setnice(current, nice)))
return retval;
set_user_nice(current, nice);
@@ -1451,8 +1450,7 @@
!capable(CAP_SYS_NICE))
goto out_unlock;
- retval = security_ops->task_setscheduler(p, policy, &lp);
- if (retval)
+ if ((retval = security_task_setscheduler(p, policy, &lp)))
goto out_unlock;
array = p->array;
@@ -1515,8 +1513,7 @@
read_lock(&tasklist_lock);
p = find_process_by_pid(pid);
if (p) {
- retval = security_ops->task_getscheduler(p);
- if (!retval)
+ if (!(retval = security_task_getscheduler(p)))
retval = p->policy;
}
read_unlock(&tasklist_lock);
@@ -1545,8 +1542,7 @@
if (!p)
goto out_unlock;
- retval = security_ops->task_getscheduler(p);
- if (retval)
+ if ((retval = security_task_getscheduler(p)))
goto out_unlock;
lp.sched_priority = p->rt_priority;
@@ -1778,8 +1774,7 @@
if (!p)
goto out_unlock;
- retval = security_ops->task_getscheduler(p);
- if (retval)
+ if ((retval = security_task_getscheduler(p)))
goto out_unlock;
jiffies_to_timespec(p->policy & SCHED_FIFO ?
===== kernel/signal.c 1.48 vs edited =====
--- 1.48/kernel/signal.c Thu Oct 3 02:26:00 2002
+++ edited/kernel/signal.c Wed Oct 16 00:30:19 2002
@@ -18,6 +18,7 @@
#include <linux/fs.h>
#include <linux/tty.h>
#include <linux/binfmts.h>
+#include <linux/security.h>
#include <asm/param.h>
#include <asm/uaccess.h>
#include <asm/siginfo.h>
@@ -706,8 +707,7 @@
ret = -EPERM;
if (bad_signal(sig, info, t))
goto out;
- ret = security_ops->task_kill(t, info, sig);
- if (ret)
+ if ((ret = security_task_kill(t, info, sig)))
goto out;
/* The null signal is a permissions and process existence probe.
===== kernel/sys.c 1.30 vs edited =====
--- 1.30/kernel/sys.c Tue Oct 15 14:45:52 2002
+++ edited/kernel/sys.c Wed Oct 16 00:33:50 2002
@@ -204,6 +204,7 @@
cond_syscall(sys_quotactl)
cond_syscall(sys_acct)
cond_syscall(sys_lookup_dcookie)
+cond_syscall(sys_security)
static int set_one_prio(struct task_struct *p, int niceval, int error)
{
@@ -479,8 +480,7 @@
int new_egid = old_egid;
int retval;
- retval = security_ops->task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE);
- if (retval)
+ if ((retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE)))
return retval;
if (rgid != (gid_t) -1) {
@@ -525,8 +525,7 @@
int old_egid = current->egid;
int retval;
- retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID);
- if (retval)
+ if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID)))
return retval;
if (capable(CAP_SETGID))
@@ -599,8 +598,7 @@
int old_ruid, old_euid, old_suid, new_ruid, new_euid;
int retval;
- retval = security_ops->task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE);
- if (retval)
+ if ((retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE)))
return retval;
new_ruid = old_ruid = current->uid;
@@ -638,7 +636,7 @@
current->suid = current->euid;
current->fsuid = current->euid;
- return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
+ return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
}
@@ -660,8 +658,7 @@
int old_ruid, old_suid, new_ruid, new_suid;
int retval;
- retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID);
- if (retval)
+ if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID)))
return retval;
old_ruid = new_ruid = current->uid;
@@ -683,7 +680,7 @@
current->fsuid = current->euid = uid;
current->suid = new_suid;
- return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID);
+ return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID);
}
@@ -698,8 +695,7 @@
int old_suid = current->suid;
int retval;
- retval = security_ops->task_setuid(ruid, euid, suid, LSM_SETID_RES);
- if (retval)
+ if ((retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES)))
return retval;
if (!capable(CAP_SETUID)) {
@@ -729,7 +725,7 @@
if (suid != (uid_t) -1)
current->suid = suid;
- return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES);
+ return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES);
}
asmlinkage long sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid)
@@ -750,8 +746,7 @@
{
int retval;
- retval = security_ops->task_setgid(rgid, egid, sgid, LSM_SETID_RES);
- if (retval)
+ if ((retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES)))
return retval;
if (!capable(CAP_SETGID)) {
@@ -804,8 +799,7 @@
int old_fsuid;
int retval;
- retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
- if (retval)
+ if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)))
return retval;
old_fsuid = current->fsuid;
@@ -821,8 +815,7 @@
current->fsuid = uid;
}
- retval = security_ops->task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
- if (retval)
+ if ((retval = security_task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)))
return retval;
return old_fsuid;
@@ -836,8 +829,7 @@
int old_fsgid;
int retval;
- retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS);
- if (retval)
+ if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS)))
return retval;
old_fsgid = current->fsgid;
@@ -962,8 +954,7 @@
retval = -ESRCH;
if (p) {
- retval = security_ops->task_getpgid(p);
- if (!retval)
+ if (!(retval = security_task_getpgid(p)))
retval = p->pgrp;
}
read_unlock(&tasklist_lock);
@@ -990,8 +981,7 @@
retval = -ESRCH;
if(p) {
- retval = security_ops->task_getsid(p);
- if (!retval)
+ if (!(retval = security_task_getsid(p)))
retval = p->session;
}
read_unlock(&tasklist_lock);
@@ -1072,8 +1062,7 @@
return -EINVAL;
if(copy_from_user(groups, grouplist, gidsetsize * sizeof(gid_t)))
return -EFAULT;
- retval = security_ops->task_setgroups(gidsetsize, groups);
- if (retval)
+ if ((retval = security_task_setgroups(gidsetsize, groups)))
return retval;
memcpy(current->groups, groups, gidsetsize * sizeof(gid_t));
current->ngroups = gidsetsize;
@@ -1236,8 +1225,7 @@
return -EPERM;
}
- retval = security_ops->task_setrlimit(resource, &new_rlim);
- if (retval)
+ if ((retval = security_task_setrlimit(resource, &new_rlim)))
return retval;
*old_rlim = new_rlim;
@@ -1311,8 +1299,7 @@
int error = 0;
int sig;
- error = security_ops->task_prctl(option, arg2, arg3, arg4, arg5);
- if (error)
+ if ((error = security_task_prctl(option, arg2, arg3, arg4, arg5)))
return error;
switch (option) {
===== kernel/uid16.c 1.2 vs edited =====
--- 1.2/kernel/uid16.c Fri Jul 19 16:00:55 2002
+++ edited/kernel/uid16.c Wed Oct 16 00:30:43 2002
@@ -140,8 +140,7 @@
return -EFAULT;
for (i = 0 ; i < gidsetsize ; i++)
new_groups[i] = (gid_t)groups[i];
- i = security_ops->task_setgroups(gidsetsize, new_groups);
- if (i)
+ if ((i = security_task_setgroups(gidsetsize, new_groups)))
return i;
memcpy(current->groups, new_groups, gidsetsize * sizeof(gid_t));
current->ngroups = gidsetsize;
===== mm/mmap.c 1.53 vs edited =====
--- 1.53/mm/mmap.c Tue Oct 15 15:08:06 2002
+++ edited/mm/mmap.c Wed Oct 16 00:36:48 2002
@@ -498,8 +498,7 @@
}
}
- error = security_ops->file_mmap(file, prot, flags);
- if (error)
+ if ((error = security_file_mmap(file, prot, flags)))
return error;
/* Clear old maps */
===== mm/mprotect.c 1.19 vs edited =====
--- 1.19/mm/mprotect.c Tue Oct 1 16:43:14 2002
+++ edited/mm/mprotect.c Wed Oct 16 00:36:58 2002
@@ -262,8 +262,7 @@
goto out;
}
- error = security_ops->file_mprotect(vma, prot);
- if (error)
+ if ((error = security_file_mprotect(vma, prot)))
goto out;
if (vma->vm_end > end) {
===== net/core/scm.c 1.3 vs edited =====
--- 1.3/net/core/scm.c Mon Jul 22 03:12:48 2002
+++ edited/net/core/scm.c Wed Oct 16 00:41:37 2002
@@ -217,8 +217,7 @@
for (i=0, cmfptr=(int*)CMSG_DATA(cm); i<fdmax; i++, cmfptr++)
{
int new_fd;
- err = security_ops->file_receive(fp[i]);
- if (err)
+ if ((err = security_file_receive(fp[i])))
break;
err = get_unused_fd();
if (err < 0)
===== net/decnet/af_decnet.c 1.18 vs edited =====
--- 1.18/net/decnet/af_decnet.c Tue Oct 8 07:02:41 2002
+++ edited/net/decnet/af_decnet.c Wed Oct 16 00:42:30 2002
@@ -113,6 +113,7 @@
#include <linux/inet.h>
#include <linux/route.h>
#include <linux/netfilter.h>
+#include <linux/security.h>
#include <net/sock.h>
#include <net/tcp.h>
#include <asm/system.h>
@@ -794,7 +795,7 @@
* dn_prot_sock ? Would be nice if the capable call would go there
* too.
*/
- if (security_ops->dn_prot_sock(saddr) &&
+ if (security_dn_prot_sock(saddr) &&
!capable(CAP_NET_BIND_SERVICE) ||
saddr->sdn_objnum || (saddr->sdn_flags & SDF_WILD))
return -EACCES;
===== security/Config.in 1.3 vs edited =====
--- 1.3/security/Config.in Sat Jul 20 12:05:09 2002
+++ edited/security/Config.in Tue Oct 15 22:24:46 2002
@@ -3,5 +3,8 @@
#
mainmenu_option next_comment
comment 'Security options'
-define_bool CONFIG_SECURITY_CAPABILITIES y
+bool 'Enable different security models' CONFIG_SECURITY
+if [ "$CONFIG_SECURITY" = "y" ]; then
+ dep_tristate ' Default Linux Capabilities' CONFIG_SECURITY_CAPABILITIES $CONFIG_SECURITY
+fi
endmenu
===== security/Makefile 1.1 vs edited =====
--- 1.1/security/Makefile Fri Jul 19 15:55:56 2002
+++ edited/security/Makefile Tue Oct 15 22:26:19 2002
@@ -6,8 +6,7 @@
export-objs := security.o
# Object file lists
-obj-y := security.o dummy.o
-
+obj-$(CONFIG_SECURITY) += security.o dummy.o
obj-$(CONFIG_SECURITY_CAPABILITIES) += capability.o
include $(TOPDIR)/Rules.make
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [RFC] change format of LSM hooks
2002-10-16 18:59 ` Greg KH
@ 2002-10-16 16:33 ` joe perches
2002-10-16 23:46 ` Greg KH
2002-10-16 19:07 ` Greg KH
1 sibling, 1 reply; 15+ messages in thread
From: joe perches @ 2002-10-16 16:33 UTC (permalink / raw)
To: greg, linux-kernel
On Wed, 2002-10-16 at 14:59, Greg KH wrote:
I think something like:
#define check_security(type,args...) security_##type(##args)
would be cleaner and would prefer not collapsing the
ret = check_security()
if (ret)
function use
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [RFC] change format of LSM hooks
2002-10-16 8:15 ` Greg KH
@ 2002-10-16 18:59 ` Greg KH
2002-10-16 16:33 ` joe perches
2002-10-16 19:07 ` Greg KH
0 siblings, 2 replies; 15+ messages in thread
From: Greg KH @ 2002-10-16 18:59 UTC (permalink / raw)
To: netdev, linux-security-module, linux-kernel
On Wed, Oct 16, 2002 at 01:15:40AM -0700, Greg KH wrote:
> On Tue, Oct 15, 2002 at 05:07:06PM -0700, Greg KH wrote:
> >
> > I'll work on fixing up the rest of the hooks, and removing the external
> > reference to security_ops, and actually test this thing, later this
> > evening.
>
> Here's all the hooks converted over to function calls. Chris Wright
> pointed out I need to do some extra work with the existing capabilities
> hooks, but I'll do that in the morning.
Ok, here's a working version (I'm typing from it right now), with all of
the capability logic working again. This does make the
security/built-in.o file this size with CONFIG_SECURITY=y
text data bss dec hex filename
1611 0 0 1611 64b security/built-in.o
But this is due to the code there being moved from other parts of the
kernel in the initial LSM merge, so there is no real increased code
size.
It's also now pretty easy to tweak things to drop capability support
alltogether, which should save the above space, and make the embedded
people happy. If we ever end up with a CONFIG_REALLY_SMALL option, I'll
make those changes.
Could people please look this over and offer any comments? I'm
especially interested in comments regarding the changes I've made to
security/Config.in, security/Makefile, include/linux/security.h and
security/capability.c. Again, this is against 2.5.43.
If no one has any problems with this, I'll send it on to Linus later
this evening.
thanks,
greg k-h
===== arch/arm/kernel/ptrace.c 1.14 vs edited =====
--- 1.14/arch/arm/kernel/ptrace.c Sun Oct 13 07:32:28 2002
+++ edited/arch/arm/kernel/ptrace.c Wed Oct 16 00:46:07 2002
@@ -719,8 +719,7 @@
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
===== arch/i386/kernel/ptrace.c 1.13 vs edited =====
--- 1.13/arch/i386/kernel/ptrace.c Fri Jul 19 16:00:55 2002
+++ edited/arch/i386/kernel/ptrace.c Tue Oct 15 22:24:45 2002
@@ -160,8 +160,7 @@
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
===== arch/ia64/kernel/ptrace.c 1.12 vs edited =====
--- 1.12/arch/ia64/kernel/ptrace.c Tue Sep 17 23:22:09 2002
+++ edited/arch/ia64/kernel/ptrace.c Wed Oct 16 00:45:53 2002
@@ -1101,8 +1101,7 @@
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
current->ptrace |= PT_PTRACED;
ret = 0;
===== arch/ppc/kernel/ptrace.c 1.10 vs edited =====
--- 1.10/arch/ppc/kernel/ptrace.c Sun Sep 15 21:51:59 2002
+++ edited/arch/ppc/kernel/ptrace.c Wed Oct 16 00:45:41 2002
@@ -166,8 +166,7 @@
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
===== arch/ppc64/kernel/ptrace.c 1.3 vs edited =====
--- 1.3/arch/ppc64/kernel/ptrace.c Wed Aug 28 23:42:43 2002
+++ edited/arch/ppc64/kernel/ptrace.c Wed Oct 16 00:45:16 2002
@@ -59,8 +59,7 @@
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
===== arch/ppc64/kernel/ptrace32.c 1.5 vs edited =====
--- 1.5/arch/ppc64/kernel/ptrace32.c Wed Aug 28 23:42:43 2002
+++ edited/arch/ppc64/kernel/ptrace32.c Wed Oct 16 00:45:29 2002
@@ -48,8 +48,7 @@
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
===== arch/ppc64/kernel/sys_ppc32.c 1.24 vs edited =====
--- 1.24/arch/ppc64/kernel/sys_ppc32.c Fri Oct 11 19:04:17 2002
+++ edited/arch/ppc64/kernel/sys_ppc32.c Wed Oct 16 00:15:31 2002
@@ -53,6 +53,7 @@
#include <linux/mman.h>
#include <linux/sysctl.h>
#include <linux/binfmts.h>
+#include <linux/security.h>
#include <asm/types.h>
#include <asm/ipc.h>
@@ -3519,8 +3520,7 @@
if ((retval = bprm.envc) < 0)
goto out_mm;
- retval = security_ops->bprm_alloc_security(&bprm);
- if (retval)
+ if ((retval = security_bprm_alloc(&bprm)))
goto out;
retval = prepare_binprm(&bprm);
@@ -3543,7 +3543,7 @@
retval = search_binary_handler(&bprm,regs);
if (retval >= 0) {
/* execve success */
- security_ops->bprm_free_security(&bprm);
+ security_bprm_free(&bprm);
return retval;
}
@@ -3556,7 +3556,7 @@
}
if (bprm.security)
- security_ops->bprm_free_security(&bprm);
+ security_bprm_free(&bprm);
out_mm:
mmdrop(bprm.mm);
===== arch/s390/kernel/ptrace.c 1.9 vs edited =====
--- 1.9/arch/s390/kernel/ptrace.c Fri Oct 4 09:16:18 2002
+++ edited/arch/s390/kernel/ptrace.c Wed Oct 16 00:44:51 2002
@@ -330,8 +330,7 @@
ret = -EPERM;
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
===== arch/s390x/kernel/ptrace.c 1.8 vs edited =====
--- 1.8/arch/s390x/kernel/ptrace.c Fri Oct 4 09:16:18 2002
+++ edited/arch/s390x/kernel/ptrace.c Wed Oct 16 00:44:40 2002
@@ -32,6 +32,7 @@
#include <linux/errno.h>
#include <linux/ptrace.h>
#include <linux/user.h>
+#include <linux/security.h>
#include <asm/segment.h>
#include <asm/page.h>
@@ -568,8 +569,7 @@
ret = -EPERM;
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
===== arch/sparc/kernel/ptrace.c 1.11 vs edited =====
--- 1.11/arch/sparc/kernel/ptrace.c Sat Aug 24 04:08:41 2002
+++ edited/arch/sparc/kernel/ptrace.c Wed Oct 16 00:44:06 2002
@@ -291,8 +291,7 @@
pt_error_return(regs, EPERM);
goto out;
}
- ret = security_ops->ptrace(current->parent, current);
- if (ret) {
+ if ((ret = security_ptrace(current->parent, current))) {
pt_error_return(regs, -ret);
goto out;
}
===== arch/sparc64/kernel/ptrace.c 1.16 vs edited =====
--- 1.16/arch/sparc64/kernel/ptrace.c Sat Aug 24 03:59:14 2002
+++ edited/arch/sparc64/kernel/ptrace.c Wed Oct 16 00:43:53 2002
@@ -140,8 +140,7 @@
pt_error_return(regs, EPERM);
goto out;
}
- ret = security_ops->ptrace(current->parent, current);
- if (ret) {
+ if ((ret = security_ptrace(current->parent, current))) {
pt_error_return(regs, -ret);
goto out;
}
===== arch/sparc64/kernel/sys_sparc32.c 1.39 vs edited =====
--- 1.39/arch/sparc64/kernel/sys_sparc32.c Mon Oct 14 05:17:46 2002
+++ edited/arch/sparc64/kernel/sys_sparc32.c Wed Oct 16 00:14:27 2002
@@ -2972,8 +2972,7 @@
if ((retval = bprm.envc) < 0)
goto out_mm;
- retval = security_ops->bprm_alloc_security(&bprm);
- if (retval)
+ if ((retval = security_bprm_alloc(&bprm)))
goto out;
retval = prepare_binprm(&bprm);
@@ -2996,7 +2995,7 @@
retval = search_binary_handler(&bprm, regs);
if (retval >= 0) {
/* execve success */
- security_ops->bprm_free_security(&bprm);
+ security_bprm_free(&bprm);
return retval;
}
@@ -3009,7 +3008,7 @@
}
if (bprm.security)
- security_ops->bprm_free_security(&bprm);
+ security_bprm_free(&bprm);
out_mm:
mmdrop(bprm.mm);
===== arch/um/kernel/ptrace.c 1.1 vs edited =====
--- 1.1/arch/um/kernel/ptrace.c Fri Sep 6 10:50:31 2002
+++ edited/arch/um/kernel/ptrace.c Wed Oct 16 00:43:41 2002
@@ -33,8 +33,7 @@
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if(ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
===== arch/x86_64/kernel/ptrace.c 1.4 vs edited =====
--- 1.4/arch/x86_64/kernel/ptrace.c Fri Oct 11 16:52:38 2002
+++ edited/arch/x86_64/kernel/ptrace.c Wed Oct 16 00:43:30 2002
@@ -178,8 +178,7 @@
/* are we already being traced? */
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
- if (ret)
+ if ((ret = security_ptrace(current->parent, current)))
goto out;
/* set the ptrace bit in the process flags. */
current->ptrace |= PT_PTRACED;
===== drivers/base/fs/class.c 1.2 vs edited =====
--- 1.2/drivers/base/fs/class.c Mon Aug 26 08:39:22 2002
+++ edited/drivers/base/fs/class.c Tue Oct 15 22:24:45 2002
@@ -7,6 +7,8 @@
#include <linux/init.h>
#include <linux/slab.h>
#include <linux/err.h>
+#include <linux/limits.h>
+#include <linux/stat.h>
#include "fs.h"
static struct driver_dir_entry class_dir;
===== drivers/base/fs/intf.c 1.2 vs edited =====
--- 1.2/drivers/base/fs/intf.c Mon Aug 26 09:24:18 2002
+++ edited/drivers/base/fs/intf.c Tue Oct 15 22:24:45 2002
@@ -4,6 +4,8 @@
#include <linux/device.h>
#include <linux/slab.h>
+#include <linux/limits.h>
+#include <linux/errno.h>
#include "fs.h"
/**
===== fs/attr.c 1.10 vs edited =====
--- 1.10/fs/attr.c Mon Jul 22 03:12:48 2002
+++ edited/fs/attr.c Tue Oct 15 23:50:23 2002
@@ -153,13 +153,12 @@
}
if (inode->i_op && inode->i_op->setattr) {
- error = security_ops->inode_setattr(dentry, attr);
- if (!error)
+ if (!(error = security_inode_setattr(dentry, attr)))
error = inode->i_op->setattr(dentry, attr);
} else {
error = inode_change_ok(inode, attr);
if (!error)
- error = security_ops->inode_setattr(dentry, attr);
+ error = security_inode_setattr(dentry, attr);
if (!error) {
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))
===== fs/dquot.c 1.48 vs edited =====
--- 1.48/fs/dquot.c Sun Oct 13 08:39:23 2002
+++ edited/fs/dquot.c Tue Oct 15 22:55:27 2002
@@ -69,6 +69,7 @@
#include <linux/init.h>
#include <linux/module.h>
#include <linux/proc_fs.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
@@ -1305,8 +1306,7 @@
error = -EIO;
if (!f->f_op || !f->f_op->read || !f->f_op->write)
goto out_f;
- error = security_ops->quota_on(f);
- if (error)
+ if ((error = security_quota_on(f)))
goto out_f;
inode = f->f_dentry->d_inode;
error = -EACCES;
===== fs/exec.c 1.51 vs edited =====
--- 1.51/fs/exec.c Sun Oct 13 09:32:22 2002
+++ edited/fs/exec.c Tue Oct 15 23:03:20 2002
@@ -43,6 +43,7 @@
#include <linux/namei.h>
#include <linux/proc_fs.h>
#include <linux/ptrace.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
#include <asm/pgalloc.h>
@@ -818,8 +819,7 @@
}
/* fill in binprm security blob */
- retval = security_ops->bprm_set_security(bprm);
- if (retval)
+ if ((retval = security_bprm_set(bprm)))
return retval;
memset(bprm->buf,0,BINPRM_BUF_SIZE);
@@ -867,7 +867,7 @@
if(do_unlock)
unlock_kernel();
- security_ops->bprm_compute_creds(bprm);
+ security_bprm_compute_creds(bprm);
}
void remove_arg_zero(struct linux_binprm *bprm)
@@ -936,8 +936,7 @@
}
}
#endif
- retval = security_ops->bprm_check_security(bprm);
- if (retval)
+ if ((retval = security_bprm_check(bprm)))
return retval;
/* kernel module loader fixup */
@@ -1033,8 +1032,7 @@
if ((retval = bprm.envc) < 0)
goto out_mm;
- retval = security_ops->bprm_alloc_security(&bprm);
- if (retval)
+ if ((retval = security_bprm_alloc(&bprm)))
goto out;
retval = prepare_binprm(&bprm);
@@ -1057,7 +1055,7 @@
retval = search_binary_handler(&bprm,regs);
if (retval >= 0) {
/* execve success */
- security_ops->bprm_free_security(&bprm);
+ security_bprm_free(&bprm);
return retval;
}
@@ -1070,7 +1068,7 @@
}
if (bprm.security)
- security_ops->bprm_free_security(&bprm);
+ security_bprm_free(&bprm);
out_mm:
mmdrop(bprm.mm);
===== fs/fcntl.c 1.20 vs edited =====
--- 1.20/fs/fcntl.c Sun Oct 13 08:39:40 2002
+++ edited/fs/fcntl.c Wed Oct 16 00:04:50 2002
@@ -274,8 +274,7 @@
{
int err;
- err = security_ops->file_set_fowner(filp);
- if (err)
+ if ((err = security_file_set_fowner(filp)))
return err;
f_modown(filp, arg, current->uid, current->euid, force);
@@ -368,8 +367,7 @@
if (!filp)
goto out;
- err = security_ops->file_fcntl(filp, cmd, arg);
- if (err) {
+ if ((err = security_file_fcntl(filp, cmd, arg))) {
fput(filp);
return err;
}
@@ -392,8 +390,7 @@
if (!filp)
goto out;
- err = security_ops->file_fcntl(filp, cmd, arg);
- if (err) {
+ if ((err = security_file_fcntl(filp, cmd, arg))) {
fput(filp);
return err;
}
@@ -444,7 +441,7 @@
if (!sigio_perm(p, fown))
return;
- if (security_ops->file_send_sigiotask(p, fown, fd, reason))
+ if (security_file_send_sigiotask(p, fown, fd, reason))
return;
switch (fown->signum) {
===== fs/file_table.c 1.13 vs edited =====
--- 1.13/fs/file_table.c Sun Oct 13 08:39:40 2002
+++ edited/fs/file_table.c Wed Oct 16 00:04:27 2002
@@ -46,7 +46,7 @@
files_stat.nr_free_files--;
new_one:
memset(f, 0, sizeof(*f));
- if (security_ops->file_alloc_security(f)) {
+ if (security_file_alloc(f)) {
list_add(&f->f_list, &free_list);
files_stat.nr_free_files++;
file_list_unlock();
@@ -127,7 +127,7 @@
if (file->f_op && file->f_op->release)
file->f_op->release(inode, file);
- security_ops->file_free_security(file);
+ security_file_free(file);
fops_put(file->f_op);
if (file->f_mode & FMODE_WRITE)
put_write_access(inode);
@@ -160,7 +160,7 @@
void put_filp(struct file *file)
{
if(atomic_dec_and_test(&file->f_count)) {
- security_ops->file_free_security(file);
+ security_file_free(file);
file_list_lock();
list_del(&file->f_list);
list_add(&file->f_list, &free_list);
===== fs/inode.c 1.74 vs edited =====
--- 1.74/fs/inode.c Sun Oct 13 08:39:23 2002
+++ edited/fs/inode.c Tue Oct 15 23:49:49 2002
@@ -120,7 +120,7 @@
inode->i_bdev = NULL;
inode->i_cdev = NULL;
inode->i_security = NULL;
- if (security_ops->inode_alloc_security(inode)) {
+ if (security_inode_alloc(inode)) {
if (inode->i_sb->s_op->destroy_inode)
inode->i_sb->s_op->destroy_inode(inode);
else
@@ -146,7 +146,7 @@
{
if (inode_has_buffers(inode))
BUG();
- security_ops->inode_free_security(inode);
+ security_inode_free(inode);
if (inode->i_sb->s_op->destroy_inode) {
inode->i_sb->s_op->destroy_inode(inode);
} else {
@@ -922,7 +922,7 @@
if (inode->i_data.nrpages)
truncate_inode_pages(&inode->i_data, 0);
- security_ops->inode_delete(inode);
+ security_inode_delete(inode);
if (op && op->delete_inode) {
void (*delete)(struct inode *) = op->delete_inode;
===== fs/ioctl.c 1.5 vs edited =====
--- 1.5/fs/ioctl.c Mon Jul 22 03:12:48 2002
+++ edited/fs/ioctl.c Wed Oct 16 00:06:16 2002
@@ -59,8 +59,7 @@
goto out;
error = 0;
- error = security_ops->file_ioctl(filp, cmd, arg);
- if (error) {
+ if ((error = security_file_ioctl(filp, cmd, arg))) {
fput(filp);
goto out;
}
===== fs/locks.c 1.30 vs edited =====
--- 1.30/fs/locks.c Thu Sep 26 10:36:16 2002
+++ edited/fs/locks.c Wed Oct 16 00:06:00 2002
@@ -122,6 +122,7 @@
#include <linux/timer.h>
#include <linux/time.h>
#include <linux/fs.h>
+#include <linux/security.h>
#include <asm/semaphore.h>
#include <asm/uaccess.h>
@@ -1170,8 +1171,7 @@
return -EACCES;
if (!S_ISREG(inode->i_mode))
return -EINVAL;
- error = security_ops->file_lock(filp, arg);
- if (error)
+ if ((error = security_file_lock(filp, arg)))
return error;
lock_kernel();
@@ -1284,8 +1284,7 @@
if (error)
goto out_putf;
- error = security_ops->file_lock(filp, cmd);
- if (error)
+ if ((error = security_file_lock(filp, cmd)))
goto out_free;
for (;;) {
@@ -1434,8 +1433,7 @@
goto out;
}
- error = security_ops->file_lock(filp, file_lock->fl_type);
- if (error)
+ if ((error = security_file_lock(filp, file_lock->fl_type)))
goto out;
if (filp->f_op && filp->f_op->lock != NULL) {
@@ -1574,8 +1572,7 @@
goto out;
}
- error = security_ops->file_lock(filp, file_lock->fl_type);
- if (error)
+ if ((error = security_file_lock(filp, file_lock->fl_type)))
goto out;
if (filp->f_op && filp->f_op->lock != NULL) {
===== fs/namei.c 1.56 vs edited =====
--- 1.56/fs/namei.c Tue Sep 17 12:52:27 2002
+++ edited/fs/namei.c Tue Oct 15 23:47:28 2002
@@ -218,7 +218,7 @@
if (retval)
return retval;
- return security_ops->inode_permission(inode, mask);
+ return security_inode_permission(inode, mask);
}
/*
@@ -340,7 +340,7 @@
return -EACCES;
ok:
- return security_ops->inode_permission_lite(inode, MAY_EXEC);
+ return security_inode_permission_lite(inode, MAY_EXEC);
}
/*
@@ -374,7 +374,7 @@
dput(dentry);
else {
result = dentry;
- security_ops->inode_post_lookup(dir, result);
+ security_inode_post_lookup(dir, result);
}
}
up(&dir->i_sem);
@@ -413,8 +413,7 @@
current->state = TASK_RUNNING;
schedule();
}
- err = security_ops->inode_follow_link(dentry, nd);
- if (err)
+ if ((err = security_inode_follow_link(dentry, nd)))
goto loop;
current->link_count++;
current->total_link_count++;
@@ -918,7 +917,7 @@
dentry = inode->i_op->lookup(inode, new);
if (!dentry) {
dentry = new;
- security_ops->inode_post_lookup(inode, dentry);
+ security_inode_post_lookup(inode, dentry);
} else
dput(new);
}
@@ -1125,14 +1124,13 @@
return -EACCES; /* shouldn't it be ENOSYS? */
mode &= S_IALLUGO;
mode |= S_IFREG;
- error = security_ops->inode_create(dir, dentry, mode);
- if (error)
+ if ((error = security_inode_create(dir, dentry, mode)))
return error;
DQUOT_INIT(dir);
error = dir->i_op->create(dir, dentry, mode);
if (!error) {
inode_dir_notify(dir, DN_CREATE);
- security_ops->inode_post_create(dir, dentry, mode);
+ security_inode_post_create(dir, dentry, mode);
}
return error;
}
@@ -1344,8 +1342,7 @@
* stored in nd->last.name and we will have to putname() it when we
* are done. Procfs-like symlinks just set LAST_BIND.
*/
- error = security_ops->inode_follow_link(dentry, nd);
- if (error)
+ if ((error = security_inode_follow_link(dentry, nd)))
goto exit_dput;
UPDATE_ATIME(dentry->d_inode);
error = dentry->d_inode->i_op->follow_link(dentry, nd);
@@ -1410,15 +1407,14 @@
if (!dir->i_op || !dir->i_op->mknod)
return -EPERM;
- error = security_ops->inode_mknod(dir, dentry, mode, dev);
- if (error)
+ if ((error = security_inode_mknod(dir, dentry, mode, dev)))
return error;
DQUOT_INIT(dir);
error = dir->i_op->mknod(dir, dentry, mode, dev);
if (!error) {
inode_dir_notify(dir, DN_CREATE);
- security_ops->inode_post_mknod(dir, dentry, mode, dev);
+ security_inode_post_mknod(dir, dentry, mode, dev);
}
return error;
}
@@ -1478,15 +1474,14 @@
return -EPERM;
mode &= (S_IRWXUGO|S_ISVTX);
- error = security_ops->inode_mkdir(dir, dentry, mode);
- if (error)
+ if ((error = security_inode_mkdir(dir, dentry, mode)))
return error;
DQUOT_INIT(dir);
error = dir->i_op->mkdir(dir, dentry, mode);
if (!error) {
inode_dir_notify(dir, DN_CREATE);
- security_ops->inode_post_mkdir(dir,dentry, mode);
+ security_inode_post_mkdir(dir,dentry, mode);
}
return error;
}
@@ -1570,8 +1565,7 @@
if (d_mountpoint(dentry))
error = -EBUSY;
else {
- error = security_ops->inode_rmdir(dir, dentry);
- if (!error) {
+ if (!(error = security_inode_rmdir(dir, dentry))) {
error = dir->i_op->rmdir(dir, dentry);
if (!error)
dentry->d_inode->i_flags |= S_DEAD;
@@ -1644,10 +1638,8 @@
if (d_mountpoint(dentry))
error = -EBUSY;
else {
- error = security_ops->inode_unlink(dir, dentry);
- if (!error) {
+ if (!(error = security_inode_unlink(dir, dentry)))
error = dir->i_op->unlink(dir, dentry);
- }
}
up(&dentry->d_inode->i_sem);
if (!error) {
@@ -1709,15 +1701,14 @@
if (!dir->i_op || !dir->i_op->symlink)
return -EPERM;
- error = security_ops->inode_symlink(dir, dentry, oldname);
- if (error)
+ if ((error = security_inode_symlink(dir, dentry, oldname)))
return error;
DQUOT_INIT(dir);
error = dir->i_op->symlink(dir, dentry, oldname);
if (!error) {
inode_dir_notify(dir, DN_CREATE);
- security_ops->inode_post_symlink(dir, dentry, oldname);
+ security_inode_post_symlink(dir, dentry, oldname);
}
return error;
}
@@ -1780,8 +1771,7 @@
if (S_ISDIR(old_dentry->d_inode->i_mode))
return -EPERM;
- error = security_ops->inode_link(old_dentry, dir, new_dentry);
- if (error)
+ if ((error = security_inode_link(old_dentry, dir, new_dentry)))
return error;
down(&old_dentry->d_inode->i_sem);
@@ -1790,7 +1780,7 @@
up(&old_dentry->d_inode->i_sem);
if (!error) {
inode_dir_notify(dir, DN_CREATE);
- security_ops->inode_post_link(old_dentry, dir, new_dentry);
+ security_inode_post_link(old_dentry, dir, new_dentry);
}
return error;
}
@@ -1889,8 +1879,7 @@
return error;
}
- error = security_ops->inode_rename(old_dir, old_dentry, new_dir, new_dentry);
- if (error)
+ if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry)))
return error;
target = new_dentry->d_inode;
@@ -1912,8 +1901,8 @@
}
if (!error) {
d_move(old_dentry,new_dentry);
- security_ops->inode_post_rename(old_dir, old_dentry,
- new_dir, new_dentry);
+ security_inode_post_rename(old_dir, old_dentry,
+ new_dir, new_dentry);
}
return error;
}
@@ -1924,8 +1913,7 @@
struct inode *target;
int error;
- error = security_ops->inode_rename(old_dir, old_dentry, new_dir, new_dentry);
- if (error)
+ if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry)))
return error;
dget(new_dentry);
@@ -1940,7 +1928,7 @@
/* The following d_move() should become unconditional */
if (!(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME))
d_move(old_dentry, new_dentry);
- security_ops->inode_post_rename(old_dir, old_dentry, new_dir, new_dentry);
+ security_inode_post_rename(old_dir, old_dentry, new_dir, new_dentry);
}
if (target)
up(&target->i_sem);
===== fs/namespace.c 1.29 vs edited =====
--- 1.29/fs/namespace.c Tue Sep 17 12:52:27 2002
+++ edited/fs/namespace.c Tue Oct 15 23:17:32 2002
@@ -19,6 +19,7 @@
#include <linux/seq_file.h>
#include <linux/namespace.h>
#include <linux/namei.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
@@ -288,8 +289,7 @@
struct super_block * sb = mnt->mnt_sb;
int retval = 0;
- retval = security_ops->sb_umount(mnt, flags);
- if (retval)
+ if ((retval = security_sb_umount(mnt, flags)))
return retval;
/*
@@ -341,7 +341,7 @@
DQUOT_OFF(sb);
acct_auto_close(sb);
unlock_kernel();
- security_ops->sb_umount_close(mnt);
+ security_sb_umount_close(mnt);
spin_lock(&dcache_lock);
}
retval = -EBUSY;
@@ -352,7 +352,7 @@
}
spin_unlock(&dcache_lock);
if (retval)
- security_ops->sb_umount_busy(mnt);
+ security_sb_umount_busy(mnt);
up_write(¤t->namespace->sem);
return retval;
}
@@ -470,8 +470,7 @@
if (IS_DEADDIR(nd->dentry->d_inode))
goto out_unlock;
- err = security_ops->sb_check_sb(mnt, nd);
- if (err)
+ if ((err = security_sb_check_sb(mnt, nd)))
goto out_unlock;
spin_lock(&dcache_lock);
@@ -487,7 +486,7 @@
out_unlock:
up(&nd->dentry->d_inode->i_sem);
if (!err)
- security_ops->sb_post_addmount(mnt, nd);
+ security_sb_post_addmount(mnt, nd);
return err;
}
@@ -558,7 +557,7 @@
nd->mnt->mnt_flags=mnt_flags;
up_write(&sb->s_umount);
if (!err)
- security_ops->sb_post_remount(nd->mnt, flags, data);
+ security_sb_post_remount(nd->mnt, flags, data);
return err;
}
@@ -741,8 +740,7 @@
if (retval)
return retval;
- retval = security_ops->sb_mount(dev_name, &nd, type_page, flags, data_page);
- if (retval)
+ if ((retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page)))
goto dput_out;
if (flags & MS_REMOUNT)
@@ -939,8 +937,7 @@
if (error)
goto out1;
- error = security_ops->sb_pivotroot(&old_nd, &new_nd);
- if (error) {
+ if ((error = security_sb_pivotroot(&old_nd, &new_nd))) {
path_release(&old_nd);
goto out1;
}
@@ -989,7 +986,7 @@
attach_mnt(new_nd.mnt, &root_parent);
spin_unlock(&dcache_lock);
chroot_fs_refs(&user_nd, &new_nd);
- security_ops->sb_post_pivotroot(&user_nd, &new_nd);
+ security_sb_post_pivotroot(&user_nd, &new_nd);
error = 0;
path_release(&root_parent);
path_release(&parent_nd);
===== fs/open.c 1.28 vs edited =====
--- 1.28/fs/open.c Sun Oct 13 08:39:40 2002
+++ edited/fs/open.c Tue Oct 15 23:19:46 2002
@@ -30,8 +30,7 @@
retval = -ENOSYS;
if (sb->s_op && sb->s_op->statfs) {
memset(buf, 0, sizeof(struct statfs));
- retval = security_ops->sb_statfs(sb);
- if (retval)
+ if ((retval = security_sb_statfs(sb)))
return retval;
retval = sb->s_op->statfs(sb, buf);
}
===== fs/quota.c 1.8 vs edited =====
--- 1.8/fs/quota.c Mon Jul 22 03:12:48 2002
+++ edited/fs/quota.c Tue Oct 15 22:54:46 2002
@@ -98,7 +98,7 @@
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
- return security_ops->quotactl (cmd, type, id, sb);
+ return security_quotactl (cmd, type, id, sb);
}
/* Resolve device pathname to superblock */
===== fs/read_write.c 1.19 vs edited =====
--- 1.19/fs/read_write.c Thu Oct 10 14:36:26 2002
+++ edited/fs/read_write.c Wed Oct 16 00:08:14 2002
@@ -121,8 +121,7 @@
if (!file)
goto bad;
- retval = security_ops->file_llseek(file);
- if (retval) {
+ if ((retval = security_file_llseek(file))) {
fput(file);
goto bad;
}
@@ -153,8 +152,7 @@
if (!file)
goto bad;
- retval = security_ops->file_llseek(file);
- if (retval)
+ if ((retval = security_file_llseek(file)))
goto out_putf;
retval = -EINVAL;
@@ -203,8 +201,7 @@
ret = locks_verify_area(FLOCK_VERIFY_READ, inode, file, *pos, count);
if (!ret) {
- ret = security_ops->file_permission (file, MAY_READ);
- if (!ret) {
+ if (!(ret = security_file_permission (file, MAY_READ))) {
if (file->f_op->read)
ret = file->f_op->read(file, buf, count, pos);
else
@@ -243,8 +240,7 @@
ret = locks_verify_area(FLOCK_VERIFY_WRITE, inode, file, *pos, count);
if (!ret) {
- ret = security_ops->file_permission (file, MAY_WRITE);
- if (!ret) {
+ if (!(ret = security_file_permission (file, MAY_WRITE))) {
if (file->f_op->write)
ret = file->f_op->write(file, buf, count, pos);
else
@@ -475,8 +471,7 @@
goto bad_file;
if (file->f_op && (file->f_mode & FMODE_READ) &&
(file->f_op->readv || file->f_op->read)) {
- ret = security_ops->file_permission (file, MAY_READ);
- if (!ret)
+ if (!(ret = security_file_permission (file, MAY_READ)))
ret = do_readv_writev(READ, file, vector, nr_segs);
}
fput(file);
@@ -498,8 +493,7 @@
goto bad_file;
if (file->f_op && (file->f_mode & FMODE_WRITE) &&
(file->f_op->writev || file->f_op->write)) {
- ret = security_ops->file_permission (file, MAY_WRITE);
- if (!ret)
+ if (!(ret = security_file_permission (file, MAY_WRITE)))
ret = do_readv_writev(WRITE, file, vector, nr_segs);
}
fput(file);
===== fs/readdir.c 1.9 vs edited =====
--- 1.9/fs/readdir.c Mon Jul 22 03:12:48 2002
+++ edited/fs/readdir.c Wed Oct 16 00:06:40 2002
@@ -11,6 +11,7 @@
#include <linux/file.h>
#include <linux/smp_lock.h>
#include <linux/fs.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
@@ -21,8 +22,7 @@
if (!file->f_op || !file->f_op->readdir)
goto out;
- res = security_ops->file_permission(file, MAY_READ);
- if (res)
+ if ((res = security_file_permission(file, MAY_READ)))
goto out;
down(&inode->i_sem);
===== fs/stat.c 1.13 vs edited =====
--- 1.13/fs/stat.c Mon Jul 22 03:12:48 2002
+++ edited/fs/stat.c Tue Oct 15 23:49:19 2002
@@ -39,8 +39,7 @@
struct inode *inode = dentry->d_inode;
int retval;
- retval = security_ops->inode_getattr(mnt, dentry);
- if (retval)
+ if ((retval = security_inode_getattr(mnt, dentry)))
return retval;
if (inode->i_op->getattr)
@@ -238,8 +237,7 @@
error = -EINVAL;
if (inode->i_op && inode->i_op->readlink) {
- error = security_ops->inode_readlink(nd.dentry);
- if (!error) {
+ if (!(error = security_inode_readlink(nd.dentry))) {
UPDATE_ATIME(inode);
error = inode->i_op->readlink(nd.dentry, buf, bufsiz);
}
===== fs/super.c 1.83 vs edited =====
--- 1.83/fs/super.c Mon Sep 9 14:00:57 2002
+++ edited/fs/super.c Tue Oct 15 23:18:44 2002
@@ -29,9 +29,9 @@
#include <linux/quotaops.h>
#include <linux/namei.h>
#include <linux/buffer_head.h> /* for fsync_super() */
+#include <linux/security.h>
#include <asm/uaccess.h>
-#include <linux/security.h>
void get_filesystem(struct file_system_type *fs);
void put_filesystem(struct file_system_type *fs);
@@ -51,7 +51,7 @@
struct super_block *s = kmalloc(sizeof(struct super_block), GFP_USER);
if (s) {
memset(s, 0, sizeof(struct super_block));
- if (security_ops->sb_alloc_security(s)) {
+ if (security_sb_alloc(s)) {
kfree(s);
s = NULL;
goto out;
@@ -85,7 +85,7 @@
*/
static inline void destroy_super(struct super_block *s)
{
- security_ops->sb_free_security(s);
+ security_sb_free(s);
kfree(s);
}
===== fs/xattr.c 1.7 vs edited =====
--- 1.7/fs/xattr.c Mon Jul 22 03:12:48 2002
+++ edited/fs/xattr.c Tue Oct 15 23:51:34 2002
@@ -13,6 +13,7 @@
#include <linux/file.h>
#include <linux/xattr.h>
#include <linux/namei.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
/*
@@ -85,9 +86,7 @@
error = -EOPNOTSUPP;
if (d->d_inode->i_op && d->d_inode->i_op->setxattr) {
- error = security_ops->inode_setxattr(d, kname, kvalue,
- size, flags);
- if (error)
+ if ((error = security_inode_setxattr(d, kname, kvalue, size, flags)))
goto out;
down(&d->d_inode->i_sem);
error = d->d_inode->i_op->setxattr(d, kname, kvalue, size, flags);
@@ -163,8 +162,7 @@
error = -EOPNOTSUPP;
if (d->d_inode->i_op && d->d_inode->i_op->getxattr) {
- error = security_ops->inode_getxattr(d, kname);
- if (error)
+ if ((error = security_inode_getxattr(d, kname)))
goto out;
down(&d->d_inode->i_sem);
error = d->d_inode->i_op->getxattr(d, kname, kvalue, size);
@@ -236,8 +234,7 @@
error = -EOPNOTSUPP;
if (d->d_inode->i_op && d->d_inode->i_op->listxattr) {
- error = security_ops->inode_listxattr(d);
- if (error)
+ if ((error = security_inode_listxattr(d)))
goto out;
down(&d->d_inode->i_sem);
error = d->d_inode->i_op->listxattr(d, klist, size);
@@ -311,8 +308,7 @@
error = -EOPNOTSUPP;
if (d->d_inode->i_op && d->d_inode->i_op->removexattr) {
- error = security_ops->inode_removexattr(d, kname);
- if (error)
+ if ((error = security_inode_removexattr(d, kname)))
goto out;
down(&d->d_inode->i_sem);
error = d->d_inode->i_op->removexattr(d, kname);
===== fs/proc/base.c 1.31 vs edited =====
--- 1.31/fs/proc/base.c Sat Sep 28 08:36:29 2002
+++ edited/fs/proc/base.c Tue Oct 15 23:22:02 2002
@@ -28,6 +28,7 @@
#include <linux/namespace.h>
#include <linux/mm.h>
#include <linux/smp_lock.h>
+#include <linux/security.h>
/*
* For hysterical raisins we keep the same inumbers as in the old procfs.
@@ -394,7 +395,7 @@
};
#define MAY_PTRACE(p) \
-(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ops->ptrace(current,p)==0))
+(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ptrace(current,p)==0))
static int mem_open(struct inode* inode, struct file* file)
===== include/linux/sched.h 1.107 vs edited =====
--- 1.107/include/linux/sched.h Tue Oct 15 15:32:40 2002
+++ edited/include/linux/sched.h Tue Oct 15 22:24:46 2002
@@ -596,9 +596,11 @@
unsigned long, const char *, void *);
extern void free_irq(unsigned int, void *);
+
+#ifdef CONFIG_SECURITY
/* capable prototype and code moved to security.[hc] */
#include <linux/security.h>
-#if 0
+#else
static inline int capable(int cap)
{
if (cap_raised(current->cap_effective, cap)) {
@@ -607,7 +609,7 @@
}
return 0;
}
-#endif /* if 0 */
+#endif
/*
* Routines for handling mm_structs
===== include/linux/security.h 1.4 vs edited =====
--- 1.4/include/linux/security.h Tue Oct 8 02:20:18 2002
+++ edited/include/linux/security.h Wed Oct 16 10:44:28 2002
@@ -22,8 +22,6 @@
#ifndef __LINUX_SECURITY_H
#define __LINUX_SECURITY_H
-#ifdef __KERNEL__
-
#include <linux/fs.h>
#include <linux/binfmts.h>
#include <linux/signal.h>
@@ -33,6 +31,20 @@
#include <linux/shm.h>
#include <linux/msg.h>
+
+/* These functions are in security/capability.c and are used
+ * as the default capabilities functions */
+extern int cap_capable (struct task_struct *tsk, int cap);
+extern int cap_ptrace (struct task_struct *parent, struct task_struct *child);
+extern int cap_capget (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
+extern int cap_capset_check (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
+extern void cap_capset_set (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
+extern int cap_bprm_set_security (struct linux_binprm *bprm);
+extern void cap_bprm_compute_creds (struct linux_binprm *bprm);
+extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
+extern void cap_task_kmod_set_label (void);
+extern void cap_task_reparent_to_init (struct task_struct *p);
+
/*
* Values used in the task_security_ops calls
*/
@@ -48,6 +60,9 @@
/* setfsuid or setfsgid, id0 == fsuid or fsgid */
#define LSM_SETID_FS 8
+
+#ifdef CONFIG_SECURITY
+
/* forward declares to avoid warnings */
struct sk_buff;
struct net_device;
@@ -848,6 +863,531 @@
struct security_operations *ops);
};
+/* global variables */
+extern struct security_operations *security_ops;
+
+/* inline stuff */
+static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
+{
+ return security_ops->ptrace (parent, child);
+}
+
+static inline int security_capget (struct task_struct *target,
+ kernel_cap_t *effective,
+ kernel_cap_t *inheritable,
+ kernel_cap_t *permitted)
+{
+ return security_ops->capget (target, effective, inheritable, permitted);
+}
+
+static inline int security_capset_check (struct task_struct *target,
+ kernel_cap_t *effective,
+ kernel_cap_t *inheritable,
+ kernel_cap_t *permitted)
+{
+ return security_ops->capset_check (target, effective, inheritable, permitted);
+}
+
+static inline void security_capset_set (struct task_struct *target,
+ kernel_cap_t *effective,
+ kernel_cap_t *inheritable,
+ kernel_cap_t *permitted)
+{
+ security_ops->capset_set (target, effective, inheritable, permitted);
+}
+
+static inline int security_acct (struct file *file)
+{
+ return security_ops->acct (file);
+}
+
+static inline int security_quotactl (int cmds, int type, int id,
+ struct super_block *sb)
+{
+ return security_ops->quotactl (cmds, type, id, sb);
+}
+
+static inline int security_quota_on (struct file * file)
+{
+ return security_ops->quota_on (file);
+}
+
+static inline int security_bprm_alloc (struct linux_binprm *bprm)
+{
+ return security_ops->bprm_alloc_security (bprm);
+}
+static inline void security_bprm_free (struct linux_binprm *bprm)
+{
+ security_ops->bprm_free_security (bprm);
+}
+static inline void security_bprm_compute_creds (struct linux_binprm *bprm)
+{
+ security_ops->bprm_compute_creds (bprm);
+}
+static inline int security_bprm_set (struct linux_binprm *bprm)
+{
+ return security_ops->bprm_set_security (bprm);
+}
+static inline int security_bprm_check (struct linux_binprm *bprm)
+{
+ return security_ops->bprm_check_security (bprm);
+}
+
+static inline int security_sb_alloc (struct super_block *sb)
+{
+ return security_ops->sb_alloc_security (sb);
+}
+
+static inline void security_sb_free (struct super_block *sb)
+{
+ security_ops->sb_free_security (sb);
+}
+
+static inline int security_sb_statfs (struct super_block *sb)
+{
+ return security_ops->sb_statfs (sb);
+}
+
+static inline int security_sb_mount (char *dev_name, struct nameidata *nd,
+ char *type, unsigned long flags,
+ void *data)
+{
+ return security_ops->sb_mount (dev_name, nd, type, flags, data);
+}
+
+static inline int security_sb_check_sb (struct vfsmount *mnt,
+ struct nameidata *nd)
+{
+ return security_ops->sb_check_sb (mnt, nd);
+}
+
+static inline int security_sb_umount (struct vfsmount *mnt, int flags)
+{
+ return security_ops->sb_umount (mnt, flags);
+}
+
+static inline void security_sb_umount_close (struct vfsmount *mnt)
+{
+ security_ops->sb_umount_close (mnt);
+}
+
+static inline void security_sb_umount_busy (struct vfsmount *mnt)
+{
+ security_ops->sb_umount_busy (mnt);
+}
+
+static inline void security_sb_post_remount (struct vfsmount *mnt,
+ unsigned long flags, void *data)
+{
+ security_ops->sb_post_remount (mnt, flags, data);
+}
+
+static inline void security_sb_post_mountroot (void)
+{
+ security_ops->sb_post_mountroot ();
+}
+
+static inline void security_sb_post_addmount (struct vfsmount *mnt,
+ struct nameidata *mountpoint_nd)
+{
+ security_ops->sb_post_addmount (mnt, mountpoint_nd);
+}
+
+static inline int security_sb_pivotroot (struct nameidata *old_nd,
+ struct nameidata *new_nd)
+{
+ return security_ops->sb_pivotroot (old_nd, new_nd);
+}
+
+static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
+ struct nameidata *new_nd)
+{
+ security_ops->sb_post_pivotroot (old_nd, new_nd);
+}
+
+static inline int security_inode_alloc (struct inode *inode)
+{
+ return security_ops->inode_alloc_security (inode);
+}
+
+static inline void security_inode_free (struct inode *inode)
+{
+ security_ops->inode_free_security (inode);
+}
+
+static inline int security_inode_create (struct inode *dir,
+ struct dentry *dentry,
+ int mode)
+{
+ return security_ops->inode_create (dir, dentry, mode);
+}
+
+static inline void security_inode_post_create (struct inode *dir,
+ struct dentry *dentry,
+ int mode)
+{
+ security_ops->inode_post_create (dir, dentry, mode);
+}
+
+static inline int security_inode_link (struct dentry *old_dentry,
+ struct inode *dir,
+ struct dentry *new_dentry)
+{
+ return security_ops->inode_link (old_dentry, dir, new_dentry);
+}
+
+static inline void security_inode_post_link (struct dentry *old_dentry,
+ struct inode *dir,
+ struct dentry *new_dentry)
+{
+ security_ops->inode_post_link (old_dentry, dir, new_dentry);
+}
+
+static inline int security_inode_unlink (struct inode *dir,
+ struct dentry *dentry)
+{
+ return security_ops->inode_unlink (dir, dentry);
+}
+
+static inline int security_inode_symlink (struct inode *dir,
+ struct dentry *dentry,
+ const char *old_name)
+{
+ return security_ops->inode_symlink (dir, dentry, old_name);
+}
+
+static inline void security_inode_post_symlink (struct inode *dir,
+ struct dentry *dentry,
+ const char *old_name)
+{
+ security_ops->inode_post_symlink (dir, dentry, old_name);
+}
+
+static inline int security_inode_mkdir (struct inode *dir,
+ struct dentry *dentry,
+ int mode)
+{
+ return security_ops->inode_mkdir (dir, dentry, mode);
+}
+
+static inline void security_inode_post_mkdir (struct inode *dir,
+ struct dentry *dentry,
+ int mode)
+{
+ security_ops->inode_post_mkdir (dir, dentry, mode);
+}
+
+static inline int security_inode_rmdir (struct inode *dir,
+ struct dentry *dentry)
+{
+ return security_ops->inode_rmdir (dir, dentry);
+}
+
+static inline int security_inode_mknod (struct inode *dir,
+ struct dentry *dentry,
+ int mode, dev_t dev)
+{
+ return security_ops->inode_mknod (dir, dentry, mode, dev);
+}
+
+static inline void security_inode_post_mknod (struct inode *dir,
+ struct dentry *dentry,
+ int mode, dev_t dev)
+{
+ security_ops->inode_post_mknod (dir, dentry, mode, dev);
+}
+
+static inline int security_inode_rename (struct inode *old_dir,
+ struct dentry *old_dentry,
+ struct inode *new_dir,
+ struct dentry *new_dentry)
+{
+ return security_ops->inode_rename (old_dir, old_dentry,
+ new_dir, new_dentry);
+}
+
+static inline void security_inode_post_rename (struct inode *old_dir,
+ struct dentry *old_dentry,
+ struct inode *new_dir,
+ struct dentry *new_dentry)
+{
+ security_ops->inode_post_rename (old_dir, old_dentry,
+ new_dir, new_dentry);
+}
+
+static inline int security_inode_readlink (struct dentry *dentry)
+{
+ return security_ops->inode_readlink (dentry);
+}
+
+static inline int security_inode_follow_link (struct dentry *dentry,
+ struct nameidata *nd)
+{
+ return security_ops->inode_follow_link (dentry, nd);
+}
+
+static inline int security_inode_permission (struct inode *inode, int mask)
+{
+ return security_ops->inode_permission (inode, mask);
+}
+
+static inline int security_inode_permission_lite (struct inode *inode,
+ int mask)
+{
+ return security_ops->inode_permission_lite (inode, mask);
+}
+
+static inline int security_inode_setattr (struct dentry *dentry,
+ struct iattr *attr)
+{
+ return security_ops->inode_setattr (dentry, attr);
+}
+
+static inline int security_inode_getattr (struct vfsmount *mnt,
+ struct dentry *dentry)
+{
+ return security_ops->inode_getattr (mnt, dentry);
+}
+
+static inline void security_inode_post_lookup (struct inode *inode,
+ struct dentry *dentry)
+{
+ security_ops->inode_post_lookup (inode, dentry);
+}
+
+static inline void security_inode_delete (struct inode *inode)
+{
+ security_ops->inode_delete (inode);
+}
+
+static inline int security_inode_setxattr (struct dentry *dentry, char *name,
+ void *value, size_t size, int flags)
+{
+ return security_ops->inode_setxattr (dentry, name, value, size, flags);
+}
+
+static inline int security_inode_getxattr (struct dentry *dentry, char *name)
+{
+ return security_ops->inode_getxattr (dentry, name);
+}
+
+static inline int security_inode_listxattr (struct dentry *dentry)
+{
+ return security_ops->inode_listxattr (dentry);
+}
+
+static inline int security_inode_removexattr (struct dentry *dentry, char *name)
+{
+ return security_ops->inode_removexattr (dentry, name);
+}
+
+static inline int security_file_permission (struct file *file, int mask)
+{
+ return security_ops->file_permission (file, mask);
+}
+
+static inline int security_file_alloc (struct file *file)
+{
+ return security_ops->file_alloc_security (file);
+}
+
+static inline void security_file_free (struct file *file)
+{
+ security_ops->file_free_security (file);
+}
+
+static inline int security_file_llseek (struct file *file)
+{
+ return security_ops->file_llseek (file);
+}
+
+static inline int security_file_ioctl (struct file *file, unsigned int cmd,
+ unsigned long arg)
+{
+ return security_ops->file_ioctl (file, cmd, arg);
+}
+
+static inline int security_file_mmap (struct file *file, unsigned long prot,
+ unsigned long flags)
+{
+ return security_ops->file_mmap (file, prot, flags);
+}
+
+static inline int security_file_mprotect (struct vm_area_struct *vma,
+ unsigned long prot)
+{
+ return security_ops->file_mprotect (vma, prot);
+}
+
+static inline int security_file_lock (struct file *file, unsigned int cmd)
+{
+ return security_ops->file_lock (file, cmd);
+}
+
+static inline int security_file_fcntl (struct file *file, unsigned int cmd,
+ unsigned long arg)
+{
+ return security_ops->file_fcntl (file, cmd, arg);
+}
+
+static inline int security_file_set_fowner (struct file *file)
+{
+ return security_ops->file_set_fowner (file);
+}
+
+static inline int security_file_send_sigiotask (struct task_struct *tsk,
+ struct fown_struct *fown,
+ int fd, int reason)
+{
+ return security_ops->file_send_sigiotask (tsk, fown, fd, reason);
+}
+
+static inline int security_file_receive (struct file *file)
+{
+ return security_ops->file_receive (file);
+}
+
+static inline int security_task_create (unsigned long clone_flags)
+{
+ return security_ops->task_create (clone_flags);
+}
+
+static inline int security_task_alloc (struct task_struct *p)
+{
+ return security_ops->task_alloc_security (p);
+}
+
+static inline void security_task_free (struct task_struct *p)
+{
+ security_ops->task_free_security (p);
+}
+
+static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2,
+ int flags)
+{
+ return security_ops->task_setuid (id0, id1, id2, flags);
+}
+
+static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid,
+ uid_t old_suid, int flags)
+{
+ return security_ops->task_post_setuid (old_ruid, old_euid, old_suid, flags);
+}
+
+static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2,
+ int flags)
+{
+ return security_ops->task_setgid (id0, id1, id2, flags);
+}
+
+static inline int security_task_setpgid (struct task_struct *p, pid_t pgid)
+{
+ return security_ops->task_setpgid (p, pgid);
+}
+
+static inline int security_task_getpgid (struct task_struct *p)
+{
+ return security_ops->task_getpgid (p);
+}
+
+static inline int security_task_getsid (struct task_struct *p)
+{
+ return security_ops->task_getsid (p);
+}
+
+static inline int security_task_setgroups (int gidsetsize, gid_t *grouplist)
+{
+ return security_ops->task_setgroups (gidsetsize, grouplist);
+}
+
+static inline int security_task_setnice (struct task_struct *p, int nice)
+{
+ return security_ops->task_setnice (p, nice);
+}
+
+static inline int security_task_setrlimit (unsigned int resource,
+ struct rlimit *new_rlim)
+{
+ return security_ops->task_setrlimit (resource, new_rlim);
+}
+
+static inline int security_task_setscheduler (struct task_struct *p,
+ int policy,
+ struct sched_param *lp)
+{
+ return security_ops->task_setscheduler (p, policy, lp);
+}
+
+static inline int security_task_getscheduler (struct task_struct *p)
+{
+ return security_ops->task_getscheduler (p);
+}
+
+static inline int security_task_kill (struct task_struct *p,
+ struct siginfo *info, int sig)
+{
+ return security_ops->task_kill (p, info, sig);
+}
+
+static inline int security_task_wait (struct task_struct *p)
+{
+ return security_ops->task_wait (p);
+}
+
+static inline int security_task_prctl (int option, unsigned long arg2,
+ unsigned long arg3,
+ unsigned long arg4,
+ unsigned long arg5)
+{
+ return security_ops->task_prctl (option, arg2, arg3, arg4, arg5);
+}
+
+static inline void security_task_kmod_set_label (void)
+{
+ security_ops->task_kmod_set_label ();
+}
+
+static inline void security_task_reparent_to_init (struct task_struct *p)
+{
+ security_ops->task_reparent_to_init (p);
+}
+
+static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
+ short flag)
+{
+ return security_ops->ipc_permission (ipcp, flag);
+}
+
+static inline int security_msg_queue_alloc (struct msg_queue *msq)
+{
+ return security_ops->msg_queue_alloc_security (msq);
+}
+
+static inline void security_msg_queue_free (struct msg_queue *msq)
+{
+ security_ops->msg_queue_free_security (msq);
+}
+
+static inline int security_shm_alloc (struct shmid_kernel *shp)
+{
+ return security_ops->shm_alloc_security (shp);
+}
+
+static inline void security_shm_free (struct shmid_kernel *shp)
+{
+ security_ops->shm_free_security (shp);
+}
+
+static inline int security_sem_alloc (struct sem_array *sma)
+{
+ return security_ops->sem_alloc_security (sma);
+}
+
+static inline void security_sem_free (struct sem_array *sma)
+{
+ security_ops->sem_free_security (sma);
+}
+
/* prototypes */
extern int security_scaffolding_startup (void);
@@ -857,11 +1397,501 @@
extern int mod_unreg_security (const char *name, struct security_operations *ops);
extern int capable (int cap);
-/* global variables */
-extern struct security_operations *security_ops;
+#else /* CONFIG_SECURITY */
+
+/*
+ * This is the default capabilities functionality. Most of these functions
+ * are just stubbed out, but a few must call the proper capable code.
+ */
+
+static inline int security_scaffolding_startup (void)
+{
+ return 0;
+}
+
+static inline int security_ptrace (struct task_struct *parent, struct task_struct * child)
+{
+ return cap_ptrace (parent, child);
+}
+
+static inline int security_capget (struct task_struct *target,
+ kernel_cap_t *effective,
+ kernel_cap_t *inheritable,
+ kernel_cap_t *permitted)
+{
+ return cap_capget (target, effective, inheritable, permitted);
+}
+
+static inline int security_capset_check (struct task_struct *target,
+ kernel_cap_t *effective,
+ kernel_cap_t *inheritable,
+ kernel_cap_t *permitted)
+{
+ return cap_capset_check (target, effective, inheritable, permitted);
+}
+
+static inline void security_capset_set (struct task_struct *target,
+ kernel_cap_t *effective,
+ kernel_cap_t *inheritable,
+ kernel_cap_t *permitted)
+{
+ cap_capset_set (target, effective, inheritable, permitted);
+}
+
+static inline int security_acct (struct file *file)
+{
+ return 0;
+}
+
+static inline int security_quotactl (int cmds, int type, int id,
+ struct super_block * sb)
+{
+ return 0;
+}
+
+static inline int security_quota_on (struct file * file)
+{
+ return 0;
+}
+
+static inline int security_bprm_alloc (struct linux_binprm *bprm)
+{
+ return 0;
+}
+
+static inline void security_bprm_free (struct linux_binprm *bprm)
+{ }
+
+static inline void security_bprm_compute_creds (struct linux_binprm *bprm)
+{
+ cap_bprm_compute_creds (bprm);
+}
+
+static inline int security_bprm_set (struct linux_binprm *bprm)
+{
+ return cap_bprm_set_security (bprm);
+}
+
+static inline int security_bprm_check (struct linux_binprm *bprm)
+{
+ return 0;
+}
+
+static inline int security_sb_alloc (struct super_block *sb)
+{
+ return 0;
+}
+
+static inline void security_sb_free (struct super_block *sb)
+{ }
+
+static inline int security_sb_statfs (struct super_block *sb)
+{
+ return 0;
+}
+
+static inline int security_sb_mount (char *dev_name, struct nameidata *nd,
+ char *type, unsigned long flags,
+ void *data)
+{
+ return 0;
+}
+
+static inline int security_sb_check_sb (struct vfsmount *mnt,
+ struct nameidata *nd)
+{
+ return 0;
+}
+
+static inline int security_sb_umount (struct vfsmount *mnt, int flags)
+{
+ return 0;
+}
+
+static inline void security_sb_umount_close (struct vfsmount *mnt)
+{ }
+
+static inline void security_sb_umount_busy (struct vfsmount *mnt)
+{ }
+
+static inline void security_sb_post_remount (struct vfsmount *mnt,
+ unsigned long flags, void *data)
+{ }
+
+static inline void security_sb_post_mountroot (void)
+{ }
+
+static inline void security_sb_post_addmount (struct vfsmount *mnt,
+ struct nameidata *mountpoint_nd)
+{ }
+
+static inline int security_sb_pivotroot (struct nameidata *old_nd,
+ struct nameidata *new_nd)
+{
+ return 0;
+}
+
+static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
+ struct nameidata *new_nd)
+{ }
+
+static inline int security_inode_alloc (struct inode *inode)
+{
+ return 0;
+}
+
+static inline void security_inode_free (struct inode *inode)
+{ }
+
+static inline int security_inode_create (struct inode *dir,
+ struct dentry *dentry,
+ int mode)
+{
+ return 0;
+}
+
+static inline void security_inode_post_create (struct inode *dir,
+ struct dentry *dentry,
+ int mode)
+{ }
+
+static inline int security_inode_link (struct dentry *old_dentry,
+ struct inode *dir,
+ struct dentry *new_dentry)
+{
+ return 0;
+}
+
+static inline void security_inode_post_link (struct dentry *old_dentry,
+ struct inode *dir,
+ struct dentry *new_dentry)
+{ }
+
+static inline int security_inode_unlink (struct inode *dir,
+ struct dentry *dentry)
+{
+ return 0;
+}
+
+static inline int security_inode_symlink (struct inode *dir,
+ struct dentry *dentry,
+ const char *old_name)
+{
+ return 0;
+}
+
+static inline void security_inode_post_symlink (struct inode *dir,
+ struct dentry *dentry,
+ const char *old_name)
+{ }
+
+static inline int security_inode_mkdir (struct inode *dir,
+ struct dentry *dentry,
+ int mode)
+{
+ return 0;
+}
+
+static inline void security_inode_post_mkdir (struct inode *dir,
+ struct dentry *dentry,
+ int mode)
+{ }
+
+static inline int security_inode_rmdir (struct inode *dir,
+ struct dentry *dentry)
+{
+ return 0;
+}
+
+static inline int security_inode_mknod (struct inode *dir,
+ struct dentry *dentry,
+ int mode, dev_t dev)
+{
+ return 0;
+}
+
+static inline void security_inode_post_mknod (struct inode *dir,
+ struct dentry *dentry,
+ int mode, dev_t dev)
+{ }
+
+static inline int security_inode_rename (struct inode *old_dir,
+ struct dentry *old_dentry,
+ struct inode *new_dir,
+ struct dentry *new_dentry)
+{
+ return 0;
+}
+
+static inline void security_inode_post_rename (struct inode *old_dir,
+ struct dentry *old_dentry,
+ struct inode *new_dir,
+ struct dentry *new_dentry)
+{ }
+
+static inline int security_inode_readlink (struct dentry *dentry)
+{
+ return 0;
+}
+
+static inline int security_inode_follow_link (struct dentry *dentry,
+ struct nameidata *nd)
+{
+ return 0;
+}
+
+static inline int security_inode_permission (struct inode *inode, int mask)
+{
+ return 0;
+}
+
+static inline int security_inode_permission_lite (struct inode *inode,
+ int mask)
+{
+ return 0;
+}
+
+static inline int security_inode_setattr (struct dentry *dentry,
+ struct iattr *attr)
+{
+ return 0;
+}
+
+static inline int security_inode_getattr (struct vfsmount *mnt,
+ struct dentry *dentry)
+{
+ return 0;
+}
+
+static inline void security_inode_post_lookup (struct inode *inode,
+ struct dentry *dentry)
+{ }
+
+static inline void security_inode_delete (struct inode *inode)
+{ }
+
+static inline int security_inode_setxattr (struct dentry *dentry, char *name,
+ void *value, size_t size, int flags)
+{
+ return 0;
+}
+
+static inline int security_inode_getxattr (struct dentry *dentry, char *name)
+{
+ return 0;
+}
+
+static inline int security_inode_listxattr (struct dentry *dentry)
+{
+ return 0;
+}
+
+static inline int security_inode_removexattr (struct dentry *dentry, char *name)
+{
+ return 0;
+}
+
+static inline int security_file_permission (struct file *file, int mask)
+{
+ return 0;
+}
+
+static inline int security_file_alloc (struct file *file)
+{
+ return 0;
+}
+
+static inline void security_file_free (struct file *file)
+{ }
+
+static inline int security_file_llseek (struct file *file)
+{
+ return 0;
+}
+
+static inline int security_file_ioctl (struct file *file, unsigned int cmd,
+ unsigned long arg)
+{
+ return 0;
+}
+
+static inline int security_file_mmap (struct file *file, unsigned long prot,
+ unsigned long flags)
+{
+ return 0;
+}
+
+static inline int security_file_mprotect (struct vm_area_struct *vma,
+ unsigned long prot)
+{
+ return 0;
+}
+
+static inline int security_file_lock (struct file *file, unsigned int cmd)
+{
+ return 0;
+}
+
+static inline int security_file_fcntl (struct file *file, unsigned int cmd,
+ unsigned long arg)
+{
+ return 0;
+}
+
+static inline int security_file_set_fowner (struct file *file)
+{
+ return 0;
+}
+
+static inline int security_file_send_sigiotask (struct task_struct *tsk,
+ struct fown_struct *fown,
+ int fd, int reason)
+{
+ return 0;
+}
+
+static inline int security_file_receive (struct file *file)
+{
+ return 0;
+}
+
+static inline int security_task_create (unsigned long clone_flags)
+{
+ return 0;
+}
+
+static inline int security_task_alloc (struct task_struct *p)
+{
+ return 0;
+}
+
+static inline void security_task_free (struct task_struct *p)
+{ }
+
+static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2,
+ int flags)
+{
+ return 0;
+}
+
+static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid,
+ uid_t old_suid, int flags)
+{
+ return cap_task_post_setuid (old_ruid, old_euid, old_suid, flags);
+}
+
+static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2,
+ int flags)
+{
+ return 0;
+}
+
+static inline int security_task_setpgid (struct task_struct *p, pid_t pgid)
+{
+ return 0;
+}
+
+static inline int security_task_getpgid (struct task_struct *p)
+{
+ return 0;
+}
+
+static inline int security_task_getsid (struct task_struct *p)
+{
+ return 0;
+}
+
+static inline int security_task_setgroups (int gidsetsize, gid_t *grouplist)
+{
+ return 0;
+}
+
+static inline int security_task_setnice (struct task_struct *p, int nice)
+{
+ return 0;
+}
+
+static inline int security_task_setrlimit (unsigned int resource,
+ struct rlimit *new_rlim)
+{
+ return 0;
+}
+
+static inline int security_task_setscheduler (struct task_struct *p,
+ int policy,
+ struct sched_param *lp)
+{
+ return 0;
+}
+
+static inline int security_task_getscheduler (struct task_struct *p)
+{
+ return 0;
+}
+
+static inline int security_task_kill (struct task_struct *p,
+ struct siginfo *info, int sig)
+{
+ return 0;
+}
+
+static inline int security_task_wait (struct task_struct *p)
+{
+ return 0;
+}
+
+static inline int security_task_prctl (int option, unsigned long arg2,
+ unsigned long arg3,
+ unsigned long arg4,
+ unsigned long arg5)
+{
+ return 0;
+}
+
+static inline void security_task_kmod_set_label (void)
+{
+ cap_task_kmod_set_label ();
+}
+
+static inline void security_task_reparent_to_init (struct task_struct *p)
+{
+ cap_task_reparent_to_init (p);
+}
+
+static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
+ short flag)
+{
+ return 0;
+}
+
+static inline int security_msg_queue_alloc (struct msg_queue *msq)
+{
+ return 0;
+}
+
+static inline void security_msg_queue_free (struct msg_queue *msq)
+{ }
+
+static inline int security_shm_alloc (struct shmid_kernel *shp)
+{
+ return 0;
+}
+
+static inline void security_shm_free (struct shmid_kernel *shp)
+{ }
+
+static inline int security_sem_alloc (struct sem_array *sma)
+{
+ return 0;
+}
+
+static inline void security_sem_free (struct sem_array *sma)
+{ }
+
+
+#endif /* CONFIG_SECURITY */
-#endif /* __KERNEL__ */
#endif /* ! __LINUX_SECURITY_H */
===== init/do_mounts.c 1.25 vs edited =====
--- 1.25/init/do_mounts.c Fri Oct 4 13:51:37 2002
+++ edited/init/do_mounts.c Wed Oct 16 00:36:15 2002
@@ -12,6 +12,7 @@
#include <linux/init.h>
#include <linux/suspend.h>
#include <linux/root_dev.h>
+#include <linux/security.h>
#include <linux/nfs_fs.h>
#include <linux/nfs_fs_sb.h>
@@ -799,7 +800,7 @@
sys_umount("/dev", 0);
sys_mount(".", "/", NULL, MS_MOVE, NULL);
sys_chroot(".");
- security_ops->sb_post_mountroot();
+ security_sb_post_mountroot();
mount_devfs_fs ();
}
===== ipc/msg.c 1.7 vs edited =====
--- 1.7/ipc/msg.c Tue Oct 8 02:20:42 2002
+++ edited/ipc/msg.c Wed Oct 16 00:37:48 2002
@@ -101,15 +101,14 @@
msq->q_perm.key = key;
msq->q_perm.security = NULL;
- retval = security_ops->msg_queue_alloc_security(msq);
- if (retval) {
+ if ((retval = security_msg_queue_alloc(msq))) {
kfree(msq);
return retval;
}
id = ipc_addid(&msg_ids, &msq->q_perm, msg_ctlmni);
if(id == -1) {
- security_ops->msg_queue_free_security(msq);
+ security_msg_queue_free(msq);
kfree(msq);
return -ENOSPC;
}
@@ -281,7 +280,7 @@
free_msg(msg);
}
atomic_sub(msq->q_cbytes, &msg_bytes);
- security_ops->msg_queue_free_security(msq);
+ security_msg_queue_free(msq);
kfree(msq);
}
===== ipc/sem.c 1.12 vs edited =====
--- 1.12/ipc/sem.c Tue Oct 8 02:20:46 2002
+++ edited/ipc/sem.c Wed Oct 16 00:38:28 2002
@@ -136,15 +136,14 @@
sma->sem_perm.key = key;
sma->sem_perm.security = NULL;
- retval = security_ops->sem_alloc_security(sma);
- if (retval) {
+ if ((retval = security_sem_alloc(sma))) {
ipc_free(sma, size);
return retval;
}
id = ipc_addid(&sem_ids, &sma->sem_perm, sc_semmni);
if(id == -1) {
- security_ops->sem_free_security(sma);
+ security_sem_free(sma);
ipc_free(sma, size);
return -ENOSPC;
}
@@ -427,7 +426,7 @@
used_sems -= sma->sem_nsems;
size = sizeof (*sma) + sma->sem_nsems * sizeof (struct sem);
- security_ops->sem_free_security(sma);
+ security_sem_free(sma);
ipc_free(sma, size);
}
===== ipc/shm.c 1.18 vs edited =====
--- 1.18/ipc/shm.c Tue Oct 8 02:29:20 2002
+++ edited/ipc/shm.c Wed Oct 16 00:39:00 2002
@@ -116,7 +116,7 @@
shm_unlock(shp->id);
shmem_lock(shp->shm_file, 0);
fput (shp->shm_file);
- security_ops->shm_free_security(shp);
+ security_shm_free(shp);
kfree (shp);
}
@@ -188,8 +188,7 @@
shp->shm_flags = (shmflg & S_IRWXUGO);
shp->shm_perm.security = NULL;
- error = security_ops->shm_alloc_security(shp);
- if (error) {
+ if ((error = security_shm_alloc(shp))) {
kfree(shp);
return error;
}
@@ -222,7 +221,7 @@
no_id:
fput(file);
no_file:
- security_ops->shm_free_security(shp);
+ security_shm_free(shp);
kfree(shp);
return error;
}
===== ipc/util.c 1.6 vs edited =====
--- 1.6/ipc/util.c Tue Oct 8 02:01:30 2002
+++ edited/ipc/util.c Wed Oct 16 00:39:12 2002
@@ -264,7 +264,7 @@
!capable(CAP_IPC_OWNER))
return -1;
- return security_ops->ipc_permission(ipcp, flag);
+ return security_ipc_permission(ipcp, flag);
}
/*
===== kernel/acct.c 1.12 vs edited =====
--- 1.12/kernel/acct.c Mon Jul 22 03:12:48 2002
+++ edited/kernel/acct.c Tue Oct 15 22:53:28 2002
@@ -49,6 +49,7 @@
#include <linux/acct.h>
#include <linux/file.h>
#include <linux/tty.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
/*
@@ -222,8 +223,7 @@
}
}
- error = security_ops->acct(file);
- if (error)
+ if ((error = security_acct(file)))
return error;
spin_lock(&acct_globals.lock);
===== kernel/capability.c 1.6 vs edited =====
--- 1.6/kernel/capability.c Sat Sep 14 06:18:49 2002
+++ edited/kernel/capability.c Tue Oct 15 22:34:12 2002
@@ -8,6 +8,7 @@
*/
#include <linux/mm.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */
@@ -63,7 +64,7 @@
data.permitted = cap_t(target->cap_permitted);
data.inheritable = cap_t(target->cap_inheritable);
data.effective = cap_t(target->cap_effective);
- ret = security_ops->capget(target, &data.effective, &data.inheritable, &data.permitted);
+ ret = security_capget(target, &data.effective, &data.inheritable, &data.permitted);
out:
read_unlock(&tasklist_lock);
@@ -88,7 +89,7 @@
do_each_thread(g, target) {
if (target->pgrp != pgrp)
continue;
- security_ops->capset_set(target, effective, inheritable, permitted);
+ security_capset_set(target, effective, inheritable, permitted);
} while_each_thread(g, target);
}
@@ -105,7 +106,7 @@
do_each_thread(g, target) {
if (target == current || target->pid == 1)
continue;
- security_ops->capset_set(target, effective, inheritable, permitted);
+ security_capset_set(target, effective, inheritable, permitted);
} while_each_thread(g, target);
}
@@ -163,7 +164,7 @@
ret = -EPERM;
- if (security_ops->capset_check(target, &effective, &inheritable, &permitted))
+ if (security_capset_check(target, &effective, &inheritable, &permitted))
goto out;
if (!cap_issubset(inheritable, cap_combine(target->cap_inheritable,
@@ -190,7 +191,7 @@
else /* all procs in process group */
cap_set_pg(-pid, &effective, &inheritable, &permitted);
} else {
- security_ops->capset_set(target, &effective, &inheritable, &permitted);
+ security_capset_set(target, &effective, &inheritable, &permitted);
}
out:
===== kernel/exit.c 1.72 vs edited =====
--- 1.72/kernel/exit.c Tue Oct 15 15:08:06 2002
+++ edited/kernel/exit.c Wed Oct 16 00:35:10 2002
@@ -67,7 +67,7 @@
wait_task_inactive(p);
atomic_dec(&p->user->processes);
- security_ops->task_free_security(p);
+ security_task_free(p);
free_uid(p->user);
write_lock_irq(&tasklist_lock);
if (unlikely(p->ptrace))
@@ -248,7 +248,7 @@
/* cpus_allowed? */
/* rt_priority? */
/* signals? */
- security_ops->task_reparent_to_init(current);
+ security_task_reparent_to_init(current);
memcpy(current->rlim, init_task.rlim, sizeof(*(current->rlim)));
current->user = INIT_USER;
@@ -774,7 +774,7 @@
if (current->tgid != p->tgid && delay_group_leader(p))
return 2;
- if (security_ops->task_wait(p))
+ if (security_task_wait(p))
return 0;
return 1;
===== kernel/fork.c 1.87 vs edited =====
--- 1.87/kernel/fork.c Mon Oct 7 15:17:19 2002
+++ edited/kernel/fork.c Wed Oct 16 00:28:30 2002
@@ -682,8 +682,7 @@
if ((clone_flags & CLONE_DETACHED) && !(clone_flags & CLONE_THREAD))
return ERR_PTR(-EINVAL);
- retval = security_ops->task_create(clone_flags);
- if (retval)
+ if ((retval = security_task_create(clone_flags)))
goto fork_out;
retval = -ENOMEM;
@@ -772,7 +771,7 @@
INIT_LIST_HEAD(&p->local_pages);
retval = -ENOMEM;
- if (security_ops->task_alloc_security(p))
+ if (security_task_alloc(p))
goto bad_fork_cleanup;
/* copy all the process information */
if (copy_semundo(clone_flags, p))
@@ -922,7 +921,7 @@
bad_fork_cleanup_semundo:
exit_semundo(p);
bad_fork_cleanup_security:
- security_ops->task_free_security(p);
+ security_task_free(p);
bad_fork_cleanup:
if (p->pid > 0)
free_pidmap(p->pid);
===== kernel/kmod.c 1.15 vs edited =====
--- 1.15/kernel/kmod.c Tue Oct 1 01:54:49 2002
+++ edited/kernel/kmod.c Wed Oct 16 00:28:59 2002
@@ -29,6 +29,7 @@
#include <linux/completion.h>
#include <linux/file.h>
#include <linux/workqueue.h>
+#include <linux/security.h>
#include <asm/uaccess.h>
@@ -134,7 +135,7 @@
/* Give kmod all effective privileges.. */
curtask->euid = curtask->fsuid = 0;
curtask->egid = curtask->fsgid = 0;
- security_ops->task_kmod_set_label();
+ security_task_kmod_set_label();
/* Allow execve args to be in kernel space. */
set_fs(KERNEL_DS);
===== kernel/ptrace.c 1.18 vs edited =====
--- 1.18/kernel/ptrace.c Sun Sep 15 19:57:15 2002
+++ edited/kernel/ptrace.c Wed Oct 16 00:11:10 2002
@@ -14,6 +14,7 @@
#include <linux/pagemap.h>
#include <linux/smp_lock.h>
#include <linux/ptrace.h>
+#include <linux/security.h>
#include <asm/pgtable.h>
#include <asm/uaccess.h>
@@ -100,8 +101,7 @@
/* the same process cannot be attached many times */
if (task->ptrace & PT_PTRACED)
goto bad;
- retval = security_ops->ptrace(current, task);
- if (retval)
+ if ((retval = security_ptrace(current, task)))
goto bad;
/* Go */
===== kernel/sched.c 1.140 vs edited =====
--- 1.140/kernel/sched.c Mon Oct 14 05:30:06 2002
+++ edited/kernel/sched.c Wed Oct 16 00:29:50 2002
@@ -1329,8 +1329,7 @@
if (nice > 19)
nice = 19;
- retval = security_ops->task_setnice(current, nice);
- if (retval)
+ if ((retval = security_task_setnice(current, nice)))
return retval;
set_user_nice(current, nice);
@@ -1451,8 +1450,7 @@
!capable(CAP_SYS_NICE))
goto out_unlock;
- retval = security_ops->task_setscheduler(p, policy, &lp);
- if (retval)
+ if ((retval = security_task_setscheduler(p, policy, &lp)))
goto out_unlock;
array = p->array;
@@ -1515,8 +1513,7 @@
read_lock(&tasklist_lock);
p = find_process_by_pid(pid);
if (p) {
- retval = security_ops->task_getscheduler(p);
- if (!retval)
+ if (!(retval = security_task_getscheduler(p)))
retval = p->policy;
}
read_unlock(&tasklist_lock);
@@ -1545,8 +1542,7 @@
if (!p)
goto out_unlock;
- retval = security_ops->task_getscheduler(p);
- if (retval)
+ if ((retval = security_task_getscheduler(p)))
goto out_unlock;
lp.sched_priority = p->rt_priority;
@@ -1778,8 +1774,7 @@
if (!p)
goto out_unlock;
- retval = security_ops->task_getscheduler(p);
- if (retval)
+ if ((retval = security_task_getscheduler(p)))
goto out_unlock;
jiffies_to_timespec(p->policy & SCHED_FIFO ?
===== kernel/signal.c 1.48 vs edited =====
--- 1.48/kernel/signal.c Thu Oct 3 02:26:00 2002
+++ edited/kernel/signal.c Wed Oct 16 00:30:19 2002
@@ -18,6 +18,7 @@
#include <linux/fs.h>
#include <linux/tty.h>
#include <linux/binfmts.h>
+#include <linux/security.h>
#include <asm/param.h>
#include <asm/uaccess.h>
#include <asm/siginfo.h>
@@ -706,8 +707,7 @@
ret = -EPERM;
if (bad_signal(sig, info, t))
goto out;
- ret = security_ops->task_kill(t, info, sig);
- if (ret)
+ if ((ret = security_task_kill(t, info, sig)))
goto out;
/* The null signal is a permissions and process existence probe.
===== kernel/sys.c 1.30 vs edited =====
--- 1.30/kernel/sys.c Tue Oct 15 14:45:52 2002
+++ edited/kernel/sys.c Wed Oct 16 00:33:50 2002
@@ -204,6 +204,7 @@
cond_syscall(sys_quotactl)
cond_syscall(sys_acct)
cond_syscall(sys_lookup_dcookie)
+cond_syscall(sys_security)
static int set_one_prio(struct task_struct *p, int niceval, int error)
{
@@ -479,8 +480,7 @@
int new_egid = old_egid;
int retval;
- retval = security_ops->task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE);
- if (retval)
+ if ((retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE)))
return retval;
if (rgid != (gid_t) -1) {
@@ -525,8 +525,7 @@
int old_egid = current->egid;
int retval;
- retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID);
- if (retval)
+ if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID)))
return retval;
if (capable(CAP_SETGID))
@@ -599,8 +598,7 @@
int old_ruid, old_euid, old_suid, new_ruid, new_euid;
int retval;
- retval = security_ops->task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE);
- if (retval)
+ if ((retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE)))
return retval;
new_ruid = old_ruid = current->uid;
@@ -638,7 +636,7 @@
current->suid = current->euid;
current->fsuid = current->euid;
- return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
+ return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
}
@@ -660,8 +658,7 @@
int old_ruid, old_suid, new_ruid, new_suid;
int retval;
- retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID);
- if (retval)
+ if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID)))
return retval;
old_ruid = new_ruid = current->uid;
@@ -683,7 +680,7 @@
current->fsuid = current->euid = uid;
current->suid = new_suid;
- return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID);
+ return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID);
}
@@ -698,8 +695,7 @@
int old_suid = current->suid;
int retval;
- retval = security_ops->task_setuid(ruid, euid, suid, LSM_SETID_RES);
- if (retval)
+ if ((retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES)))
return retval;
if (!capable(CAP_SETUID)) {
@@ -729,7 +725,7 @@
if (suid != (uid_t) -1)
current->suid = suid;
- return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES);
+ return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES);
}
asmlinkage long sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid)
@@ -750,8 +746,7 @@
{
int retval;
- retval = security_ops->task_setgid(rgid, egid, sgid, LSM_SETID_RES);
- if (retval)
+ if ((retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES)))
return retval;
if (!capable(CAP_SETGID)) {
@@ -804,8 +799,7 @@
int old_fsuid;
int retval;
- retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
- if (retval)
+ if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)))
return retval;
old_fsuid = current->fsuid;
@@ -821,8 +815,7 @@
current->fsuid = uid;
}
- retval = security_ops->task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
- if (retval)
+ if ((retval = security_task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)))
return retval;
return old_fsuid;
@@ -836,8 +829,7 @@
int old_fsgid;
int retval;
- retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS);
- if (retval)
+ if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS)))
return retval;
old_fsgid = current->fsgid;
@@ -962,8 +954,7 @@
retval = -ESRCH;
if (p) {
- retval = security_ops->task_getpgid(p);
- if (!retval)
+ if (!(retval = security_task_getpgid(p)))
retval = p->pgrp;
}
read_unlock(&tasklist_lock);
@@ -990,8 +981,7 @@
retval = -ESRCH;
if(p) {
- retval = security_ops->task_getsid(p);
- if (!retval)
+ if (!(retval = security_task_getsid(p)))
retval = p->session;
}
read_unlock(&tasklist_lock);
@@ -1072,8 +1062,7 @@
return -EINVAL;
if(copy_from_user(groups, grouplist, gidsetsize * sizeof(gid_t)))
return -EFAULT;
- retval = security_ops->task_setgroups(gidsetsize, groups);
- if (retval)
+ if ((retval = security_task_setgroups(gidsetsize, groups)))
return retval;
memcpy(current->groups, groups, gidsetsize * sizeof(gid_t));
current->ngroups = gidsetsize;
@@ -1236,8 +1225,7 @@
return -EPERM;
}
- retval = security_ops->task_setrlimit(resource, &new_rlim);
- if (retval)
+ if ((retval = security_task_setrlimit(resource, &new_rlim)))
return retval;
*old_rlim = new_rlim;
@@ -1311,8 +1299,7 @@
int error = 0;
int sig;
- error = security_ops->task_prctl(option, arg2, arg3, arg4, arg5);
- if (error)
+ if ((error = security_task_prctl(option, arg2, arg3, arg4, arg5)))
return error;
switch (option) {
===== kernel/uid16.c 1.2 vs edited =====
--- 1.2/kernel/uid16.c Fri Jul 19 16:00:55 2002
+++ edited/kernel/uid16.c Wed Oct 16 00:30:43 2002
@@ -140,8 +140,7 @@
return -EFAULT;
for (i = 0 ; i < gidsetsize ; i++)
new_groups[i] = (gid_t)groups[i];
- i = security_ops->task_setgroups(gidsetsize, new_groups);
- if (i)
+ if ((i = security_task_setgroups(gidsetsize, new_groups)))
return i;
memcpy(current->groups, new_groups, gidsetsize * sizeof(gid_t));
current->ngroups = gidsetsize;
===== mm/mmap.c 1.53 vs edited =====
--- 1.53/mm/mmap.c Tue Oct 15 15:08:06 2002
+++ edited/mm/mmap.c Wed Oct 16 00:36:48 2002
@@ -498,8 +498,7 @@
}
}
- error = security_ops->file_mmap(file, prot, flags);
- if (error)
+ if ((error = security_file_mmap(file, prot, flags)))
return error;
/* Clear old maps */
===== mm/mprotect.c 1.19 vs edited =====
--- 1.19/mm/mprotect.c Tue Oct 1 16:43:14 2002
+++ edited/mm/mprotect.c Wed Oct 16 00:36:58 2002
@@ -262,8 +262,7 @@
goto out;
}
- error = security_ops->file_mprotect(vma, prot);
- if (error)
+ if ((error = security_file_mprotect(vma, prot)))
goto out;
if (vma->vm_end > end) {
===== net/core/scm.c 1.3 vs edited =====
--- 1.3/net/core/scm.c Mon Jul 22 03:12:48 2002
+++ edited/net/core/scm.c Wed Oct 16 00:41:37 2002
@@ -217,8 +217,7 @@
for (i=0, cmfptr=(int*)CMSG_DATA(cm); i<fdmax; i++, cmfptr++)
{
int new_fd;
- err = security_ops->file_receive(fp[i]);
- if (err)
+ if ((err = security_file_receive(fp[i])))
break;
err = get_unused_fd();
if (err < 0)
===== net/decnet/af_decnet.c 1.18 vs edited =====
--- 1.18/net/decnet/af_decnet.c Tue Oct 8 07:02:41 2002
+++ edited/net/decnet/af_decnet.c Wed Oct 16 00:42:30 2002
@@ -113,6 +113,7 @@
#include <linux/inet.h>
#include <linux/route.h>
#include <linux/netfilter.h>
+#include <linux/security.h>
#include <net/sock.h>
#include <net/tcp.h>
#include <asm/system.h>
@@ -794,7 +795,7 @@
* dn_prot_sock ? Would be nice if the capable call would go there
* too.
*/
- if (security_ops->dn_prot_sock(saddr) &&
+ if (security_dn_prot_sock(saddr) &&
!capable(CAP_NET_BIND_SERVICE) ||
saddr->sdn_objnum || (saddr->sdn_flags & SDF_WILD))
return -EACCES;
===== security/Config.in 1.3 vs edited =====
--- 1.3/security/Config.in Sat Jul 20 12:05:09 2002
+++ edited/security/Config.in Tue Oct 15 22:24:46 2002
@@ -3,5 +3,8 @@
#
mainmenu_option next_comment
comment 'Security options'
-define_bool CONFIG_SECURITY_CAPABILITIES y
+bool 'Enable different security models' CONFIG_SECURITY
+if [ "$CONFIG_SECURITY" = "y" ]; then
+ dep_tristate ' Default Linux Capabilities' CONFIG_SECURITY_CAPABILITIES $CONFIG_SECURITY
+fi
endmenu
===== security/Makefile 1.1 vs edited =====
--- 1.1/security/Makefile Fri Jul 19 15:55:56 2002
+++ edited/security/Makefile Wed Oct 16 11:28:47 2002
@@ -3,11 +3,15 @@
#
# Objects that export symbols
-export-objs := security.o
+export-objs := security.o capability.o
-# Object file lists
-obj-y := security.o dummy.o
+# if we don't select a security model, use the default capabilities
+ifneq ($(CONFIG_SECURITY),y)
+obj-y += capability.o
+endif
+# Object file lists
+obj-$(CONFIG_SECURITY) += security.o dummy.o
obj-$(CONFIG_SECURITY_CAPABILITIES) += capability.o
include $(TOPDIR)/Rules.make
===== security/capability.c 1.6 vs edited =====
--- 1.6/security/capability.c Tue Oct 8 02:01:30 2002
+++ edited/security/capability.c Wed Oct 16 11:30:04 2002
@@ -12,6 +12,7 @@
#include <linux/module.h>
#include <linux/init.h>
#include <linux/kernel.h>
+#include <linux/sched.h>
#include <linux/security.h>
#include <linux/file.h>
#include <linux/mm.h>
@@ -19,10 +20,7 @@
#include <linux/skbuff.h>
#include <linux/netlink.h>
-/* flag to keep track of how we were registered */
-static int secondary;
-
-static int cap_capable (struct task_struct *tsk, int cap)
+int cap_capable (struct task_struct *tsk, int cap)
{
/* Derived from include/linux/sched.h:capable. */
if (cap_raised (tsk->cap_effective, cap))
@@ -31,23 +29,7 @@
return -EPERM;
}
-static int cap_sys_security (unsigned int id, unsigned int call,
- unsigned long *args)
-{
- return -ENOSYS;
-}
-
-static int cap_quotactl (int cmds, int type, int id, struct super_block *sb)
-{
- return 0;
-}
-
-static int cap_quota_on (struct file *f)
-{
- return 0;
-}
-
-static int cap_ptrace (struct task_struct *parent, struct task_struct *child)
+int cap_ptrace (struct task_struct *parent, struct task_struct *child)
{
/* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */
if (!cap_issubset (child->cap_permitted, current->cap_permitted) &&
@@ -57,8 +39,8 @@
return 0;
}
-static int cap_capget (struct task_struct *target, kernel_cap_t * effective,
- kernel_cap_t * inheritable, kernel_cap_t * permitted)
+int cap_capget (struct task_struct *target, kernel_cap_t *effective,
+ kernel_cap_t *inheritable, kernel_cap_t *permitted)
{
/* Derived from kernel/capability.c:sys_capget. */
*effective = cap_t (target->cap_effective);
@@ -67,10 +49,8 @@
return 0;
}
-static int cap_capset_check (struct task_struct *target,
- kernel_cap_t * effective,
- kernel_cap_t * inheritable,
- kernel_cap_t * permitted)
+int cap_capset_check (struct task_struct *target, kernel_cap_t *effective,
+ kernel_cap_t *inheritable, kernel_cap_t *permitted)
{
/* Derived from kernel/capability.c:sys_capset. */
/* verify restrictions on target's new Inheritable set */
@@ -95,27 +75,15 @@
return 0;
}
-static void cap_capset_set (struct task_struct *target,
- kernel_cap_t * effective,
- kernel_cap_t * inheritable,
- kernel_cap_t * permitted)
+void cap_capset_set (struct task_struct *target, kernel_cap_t *effective,
+ kernel_cap_t *inheritable, kernel_cap_t *permitted)
{
target->cap_effective = *effective;
target->cap_inheritable = *inheritable;
target->cap_permitted = *permitted;
}
-static int cap_acct (struct file *file)
-{
- return 0;
-}
-
-static int cap_bprm_alloc_security (struct linux_binprm *bprm)
-{
- return 0;
-}
-
-static int cap_bprm_set_security (struct linux_binprm *bprm)
+int cap_bprm_set_security (struct linux_binprm *bprm)
{
/* Copied from fs/exec.c:prepare_binprm. */
@@ -143,23 +111,13 @@
return 0;
}
-static int cap_bprm_check_security (struct linux_binprm *bprm)
-{
- return 0;
-}
-
-static void cap_bprm_free_security (struct linux_binprm *bprm)
-{
- return;
-}
-
/* Copied from fs/exec.c */
static inline int must_not_trace_exec (struct task_struct *p)
{
return (p->ptrace & PT_PTRACED) && !(p->ptrace & PT_PTRACE_CAP);
}
-static void cap_bprm_compute_creds (struct linux_binprm *bprm)
+void cap_bprm_compute_creds (struct linux_binprm *bprm)
{
/* Derived from fs/exec.c:compute_creds. */
kernel_cap_t new_permitted, working;
@@ -204,6 +162,160 @@
current->keep_capabilities = 0;
}
+/* moved from kernel/sys.c. */
+/*
+ * cap_emulate_setxuid() fixes the effective / permitted capabilities of
+ * a process after a call to setuid, setreuid, or setresuid.
+ *
+ * 1) When set*uiding _from_ one of {r,e,s}uid == 0 _to_ all of
+ * {r,e,s}uid != 0, the permitted and effective capabilities are
+ * cleared.
+ *
+ * 2) When set*uiding _from_ euid == 0 _to_ euid != 0, the effective
+ * capabilities of the process are cleared.
+ *
+ * 3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective
+ * capabilities are set to the permitted capabilities.
+ *
+ * fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should
+ * never happen.
+ *
+ * -astor
+ *
+ * cevans - New behaviour, Oct '99
+ * A process may, via prctl(), elect to keep its capabilities when it
+ * calls setuid() and switches away from uid==0. Both permitted and
+ * effective sets will be retained.
+ * Without this change, it was impossible for a daemon to drop only some
+ * of its privilege. The call to setuid(!=0) would drop all privileges!
+ * Keeping uid 0 is not an option because uid 0 owns too many vital
+ * files..
+ * Thanks to Olaf Kirch and Peter Benie for spotting this.
+ */
+static inline void cap_emulate_setxuid (int old_ruid, int old_euid,
+ int old_suid)
+{
+ if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) &&
+ (current->uid != 0 && current->euid != 0 && current->suid != 0) &&
+ !current->keep_capabilities) {
+ cap_clear (current->cap_permitted);
+ cap_clear (current->cap_effective);
+ }
+ if (old_euid == 0 && current->euid != 0) {
+ cap_clear (current->cap_effective);
+ }
+ if (old_euid != 0 && current->euid == 0) {
+ current->cap_effective = current->cap_permitted;
+ }
+}
+
+int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid,
+ int flags)
+{
+ switch (flags) {
+ case LSM_SETID_RE:
+ case LSM_SETID_ID:
+ case LSM_SETID_RES:
+ /* Copied from kernel/sys.c:setreuid/setuid/setresuid. */
+ if (!issecure (SECURE_NO_SETUID_FIXUP)) {
+ cap_emulate_setxuid (old_ruid, old_euid, old_suid);
+ }
+ break;
+ case LSM_SETID_FS:
+ {
+ uid_t old_fsuid = old_ruid;
+
+ /* Copied from kernel/sys.c:setfsuid. */
+
+ /*
+ * FIXME - is fsuser used for all CAP_FS_MASK capabilities?
+ * if not, we might be a bit too harsh here.
+ */
+
+ if (!issecure (SECURE_NO_SETUID_FIXUP)) {
+ if (old_fsuid == 0 && current->fsuid != 0) {
+ cap_t (current->cap_effective) &=
+ ~CAP_FS_MASK;
+ }
+ if (old_fsuid != 0 && current->fsuid == 0) {
+ cap_t (current->cap_effective) |=
+ (cap_t (current->cap_permitted) &
+ CAP_FS_MASK);
+ }
+ }
+ break;
+ }
+ default:
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+void cap_task_kmod_set_label (void)
+{
+ cap_set_full (current->cap_effective);
+ return;
+}
+
+void cap_task_reparent_to_init (struct task_struct *p)
+{
+ p->cap_effective = CAP_INIT_EFF_SET;
+ p->cap_inheritable = CAP_INIT_INH_SET;
+ p->cap_permitted = CAP_FULL_SET;
+ p->keep_capabilities = 0;
+ return;
+}
+
+EXPORT_SYMBOL(cap_capable);
+EXPORT_SYMBOL(cap_ptrace);
+EXPORT_SYMBOL(cap_capget);
+EXPORT_SYMBOL(cap_capset_check);
+EXPORT_SYMBOL(cap_capset_set);
+EXPORT_SYMBOL(cap_bprm_set_security);
+EXPORT_SYMBOL(cap_bprm_compute_creds);
+EXPORT_SYMBOL(cap_task_post_setuid);
+EXPORT_SYMBOL(cap_task_kmod_set_label);
+EXPORT_SYMBOL(cap_task_reparent_to_init);
+
+#ifdef CONFIG_SECURITY
+
+static int cap_sys_security (unsigned int id, unsigned int call,
+ unsigned long *args)
+{
+ return -ENOSYS;
+}
+
+static int cap_quotactl (int cmds, int type, int id, struct super_block *sb)
+{
+ return 0;
+}
+
+static int cap_quota_on (struct file *f)
+{
+ return 0;
+}
+
+static int cap_acct (struct file *file)
+{
+ return 0;
+}
+
+static int cap_bprm_alloc_security (struct linux_binprm *bprm)
+{
+ return 0;
+}
+
+static int cap_bprm_check_security (struct linux_binprm *bprm)
+{
+ return 0;
+}
+
+static void cap_bprm_free_security (struct linux_binprm *bprm)
+{
+ return;
+}
+
static int cap_sb_alloc_security (struct super_block *sb)
{
return 0;
@@ -512,96 +624,6 @@
return 0;
}
-/* moved from kernel/sys.c. */
-/*
- * cap_emulate_setxuid() fixes the effective / permitted capabilities of
- * a process after a call to setuid, setreuid, or setresuid.
- *
- * 1) When set*uiding _from_ one of {r,e,s}uid == 0 _to_ all of
- * {r,e,s}uid != 0, the permitted and effective capabilities are
- * cleared.
- *
- * 2) When set*uiding _from_ euid == 0 _to_ euid != 0, the effective
- * capabilities of the process are cleared.
- *
- * 3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective
- * capabilities are set to the permitted capabilities.
- *
- * fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should
- * never happen.
- *
- * -astor
- *
- * cevans - New behaviour, Oct '99
- * A process may, via prctl(), elect to keep its capabilities when it
- * calls setuid() and switches away from uid==0. Both permitted and
- * effective sets will be retained.
- * Without this change, it was impossible for a daemon to drop only some
- * of its privilege. The call to setuid(!=0) would drop all privileges!
- * Keeping uid 0 is not an option because uid 0 owns too many vital
- * files..
- * Thanks to Olaf Kirch and Peter Benie for spotting this.
- */
-static inline void cap_emulate_setxuid (int old_ruid, int old_euid,
- int old_suid)
-{
- if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) &&
- (current->uid != 0 && current->euid != 0 && current->suid != 0) &&
- !current->keep_capabilities) {
- cap_clear (current->cap_permitted);
- cap_clear (current->cap_effective);
- }
- if (old_euid == 0 && current->euid != 0) {
- cap_clear (current->cap_effective);
- }
- if (old_euid != 0 && current->euid == 0) {
- current->cap_effective = current->cap_permitted;
- }
-}
-
-static int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid,
- int flags)
-{
- switch (flags) {
- case LSM_SETID_RE:
- case LSM_SETID_ID:
- case LSM_SETID_RES:
- /* Copied from kernel/sys.c:setreuid/setuid/setresuid. */
- if (!issecure (SECURE_NO_SETUID_FIXUP)) {
- cap_emulate_setxuid (old_ruid, old_euid, old_suid);
- }
- break;
- case LSM_SETID_FS:
- {
- uid_t old_fsuid = old_ruid;
-
- /* Copied from kernel/sys.c:setfsuid. */
-
- /*
- * FIXME - is fsuser used for all CAP_FS_MASK capabilities?
- * if not, we might be a bit too harsh here.
- */
-
- if (!issecure (SECURE_NO_SETUID_FIXUP)) {
- if (old_fsuid == 0 && current->fsuid != 0) {
- cap_t (current->cap_effective) &=
- ~CAP_FS_MASK;
- }
- if (old_fsuid != 0 && current->fsuid == 0) {
- cap_t (current->cap_effective) |=
- (cap_t (current->cap_permitted) &
- CAP_FS_MASK);
- }
- }
- break;
- }
- default:
- return -EINVAL;
- }
-
- return 0;
-}
-
static int cap_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags)
{
return 0;
@@ -664,21 +686,6 @@
return 0;
}
-static void cap_task_kmod_set_label (void)
-{
- cap_set_full (current->cap_effective);
- return;
-}
-
-static void cap_task_reparent_to_init (struct task_struct *p)
-{
- p->cap_effective = CAP_INIT_EFF_SET;
- p->cap_inheritable = CAP_INIT_INH_SET;
- p->cap_permitted = CAP_FULL_SET;
- p->keep_capabilities = 0;
- return;
-}
-
static int cap_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
{
return 0;
@@ -838,6 +845,10 @@
#define MY_NAME "capability"
#endif
+/* flag to keep track of how we were registered */
+static int secondary;
+
+
static int __init capability_init (void)
{
/* register ourselves with the security framework */
@@ -877,3 +888,5 @@
MODULE_DESCRIPTION("Standard Linux Capabilities Security Module");
MODULE_LICENSE("GPL");
+
+#endif /* CONFIG_SECURITY */
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [RFC] change format of LSM hooks
2002-10-16 18:59 ` Greg KH
2002-10-16 16:33 ` joe perches
@ 2002-10-16 19:07 ` Greg KH
1 sibling, 0 replies; 15+ messages in thread
From: Greg KH @ 2002-10-16 19:07 UTC (permalink / raw)
To: netdev, linux-security-module, linux-kernel
On Wed, Oct 16, 2002 at 11:59:28AM -0700, Greg KH wrote:
>
> Ok, here's a working version (I'm typing from it right now), with all of
> the capability logic working again. This does make the
> security/built-in.o file this size with CONFIG_SECURITY=y
>
> text data bss dec hex filename
> 1611 0 0 1611 64b security/built-in.o
That should have said CONFIG_SECURITY=n
Sorry for any confusion.
greg k-h
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [RFC] change format of LSM hooks
2002-10-16 16:33 ` joe perches
@ 2002-10-16 23:46 ` Greg KH
2002-10-16 23:56 ` David S. Miller
0 siblings, 1 reply; 15+ messages in thread
From: Greg KH @ 2002-10-16 23:46 UTC (permalink / raw)
To: joe perches; +Cc: linux-kernel, linux-security-module
On Wed, Oct 16, 2002 at 12:33:50PM -0400, joe perches wrote:
> On Wed, 2002-10-16 at 14:59, Greg KH wrote:
>
> I think something like:
>
> #define check_security(type,args...) security_##type(##args)
>
> would be cleaner and would prefer not collapsing the
>
> ret = check_security()
> if (ret)
>
> function use
No, I have to collapse the if and assign lines in order to take
advantage of the compiler when CONFIG_SERIAL=n. Then anything within
the if {} will just be compiled away if the return value of a static
inline function is 0.
As for using a macro, that doesn't really have any advantages over the
existing different functions.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [RFC] change format of LSM hooks
2002-10-16 23:46 ` Greg KH
@ 2002-10-16 23:56 ` David S. Miller
0 siblings, 0 replies; 15+ messages in thread
From: David S. Miller @ 2002-10-16 23:56 UTC (permalink / raw)
To: greg; +Cc: joe, linux-kernel, linux-security-module
From: Greg KH <greg@kroah.com>
Date: Wed, 16 Oct 2002 16:46:53 -0700
As for using a macro, that doesn't really have any advantages over the
existing different functions.
GCC compiles it faster :-)
Older GCC's also compile it better, inline processing stunk until the
3.0 era with the tree based inliner.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [RFC] change format of LSM hooks
2002-10-16 0:07 ` [RFC] change format of LSM hooks Greg KH
2002-10-16 0:03 ` David S. Miller
2002-10-16 8:15 ` Greg KH
@ 2002-10-17 1:41 ` Rusty Russell
2002-10-17 3:33 ` Daniel Phillips
2002-10-17 13:21 ` Christoph Hellwig
3 siblings, 1 reply; 15+ messages in thread
From: Rusty Russell @ 2002-10-17 1:41 UTC (permalink / raw)
To: Greg KH
Cc: davem, becker, jmorris, kuznet, netdev, linux-security-module,
linux-kernel
On Tue, 15 Oct 2002 17:07:06 -0700
Greg KH <greg@kroah.com> wrote:
> On Tue, Oct 15, 2002 at 01:28:28PM -0700, Greg KH wrote:
> > On Tue, Oct 15, 2002 at 01:10:37PM -0700, David S. Miller wrote:
> > >
> > > I will not even look at the networking LSM bits until
> > > CONFIG_SECURITY=n is available.
> >
> > Good enough reason for me, I'll start working on this. Help from the
> > other LSM developers is appreciated :)
>
> Ok, this wasn't that tough...
>
> Here's a first cut at what will need to be changed. It's a patch
> against Linus's latest BK tree. I only converted one hook (the ptrace
> one), and this will not link, but will build and gives people an idea of
> where I'm heading.
>
> David, does something like this look acceptable?
>
> With it, and CONFIG_SECURITY=n the size of the security/*.o files are
> now:
> text data bss dec hex filename
> 138 0 0 138 8a security/built-in.o
>
> which I hope are a bit more to your liking :)
> I still need an empty sys_security stub in order to link properly,
> that's the only function needed. The extra #includes are needed as
> some files were getting security.h picked up from shed.h in the past.
>
> I'll work on fixing up the rest of the hooks, and removing the external
> reference to security_ops, and actually test this thing, later this
> evening.
>
> thanks,
>
> greg k-h
>
> diff -Naur -X ../dontdiff bleeding_edge-2.5/arch/i386/kernel/ptrace.c lsm-2.5/arch/i386/kernel/ptrace.c
> --- bleeding_edge-2.5/arch/i386/kernel/ptrace.c Tue Oct 15 16:47:14 2002
> +++ lsm-2.5/arch/i386/kernel/ptrace.c Tue Oct 15 16:41:44 2002
> @@ -160,8 +160,7 @@
> /* are we already being traced? */
> if (current->ptrace & PT_PTRACED)
> goto out;
> - ret = security_ops->ptrace(current->parent, current);
> - if (ret)
> + if ((ret = security_ptrace(current->parent, current)))
Um, rather than one macro per security_ops function, how about:
#ifdef CONFIG_SECURITY
#define security_call(func, default_ret, ...) \
(security_ops->func(__VA_ARGS__))
#else
#define security_call(func, default_ret, ...) \
(default_ret)
#endif
This also allows someone in the future to do:
#define security_call(func, default_ret, ...) \
({ if (try_inc_mod_count(security_ops->owner))
(security_ops->func(__VA_ARGS__));
else
(default_ret);
})
Of course, you could skip the default_ret arg, and use
#ifndef CONFIG_SECURITY
#define security_call(func, ...) \
(security_default_##func)
#endif
Then all the defaults can be in a header somewhere.
Cheers,
Rusty.
--
there are those who do and those who hang on and you don't see too
many doers quoting their contemporaries. -- Larry McVoy
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [RFC] change format of LSM hooks
2002-10-17 1:41 ` Rusty Russell
@ 2002-10-17 3:33 ` Daniel Phillips
0 siblings, 0 replies; 15+ messages in thread
From: Daniel Phillips @ 2002-10-17 3:33 UTC (permalink / raw)
To: Rusty Russell, Greg KH
Cc: davem, becker, jmorris, kuznet, netdev, linux-security-module,
linux-kernel
On Thursday 17 October 2002 03:41, Rusty Russell wrote:
> This also allows someone in the future to do:
>
> #define security_call(func, default_ret, ...) \
> ({ if (try_inc_mod_count(security_ops->owner))
> (security_ops->func(__VA_ARGS__));
> else
> (default_ret);
> })
Hopefully, dec_mod_count as well.
--
Daniel
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [RFC] change format of LSM hooks
2002-10-16 0:07 ` [RFC] change format of LSM hooks Greg KH
` (2 preceding siblings ...)
2002-10-17 1:41 ` Rusty Russell
@ 2002-10-17 13:21 ` Christoph Hellwig
2002-10-17 16:55 ` Greg KH
3 siblings, 1 reply; 15+ messages in thread
From: Christoph Hellwig @ 2002-10-17 13:21 UTC (permalink / raw)
To: Greg KH
Cc: David S. Miller, becker, jmorris, kuznet, netdev,
linux-security-module, linux-kernel
On Tue, Oct 15, 2002 at 05:07:06PM -0700, Greg KH wrote:
> On Tue, Oct 15, 2002 at 01:28:28PM -0700, Greg KH wrote:
> > On Tue, Oct 15, 2002 at 01:10:37PM -0700, David S. Miller wrote:
> > >
> > > I will not even look at the networking LSM bits until
> > > CONFIG_SECURITY=n is available.
BTW, there's another big issues with LSM: so far all those hook
have no user in a mergeable shape. For all other additions
there is a strong need to present something mergable but LSM
doesn't. IMHO we should require a pointer to a module in mergaable
shape (i.e. certainly not selinux) for each new hook addition.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [RFC] change format of LSM hooks
2002-10-17 13:21 ` Christoph Hellwig
@ 2002-10-17 16:55 ` Greg KH
0 siblings, 0 replies; 15+ messages in thread
From: Greg KH @ 2002-10-17 16:55 UTC (permalink / raw)
To: Christoph Hellwig, netdev, linux-security-module, linux-kernel
On Thu, Oct 17, 2002 at 02:21:49PM +0100, Christoph Hellwig wrote:
> On Tue, Oct 15, 2002 at 05:07:06PM -0700, Greg KH wrote:
> > On Tue, Oct 15, 2002 at 01:28:28PM -0700, Greg KH wrote:
> > > On Tue, Oct 15, 2002 at 01:10:37PM -0700, David S. Miller wrote:
> > > >
> > > > I will not even look at the networking LSM bits until
> > > > CONFIG_SECURITY=n is available.
>
> BTW, there's another big issues with LSM: so far all those hook
> have no user in a mergeable shape. For all other additions
> there is a strong need to present something mergable but LSM
> doesn't. IMHO we should require a pointer to a module in mergaable
> shape (i.e. certainly not selinux) for each new hook addition.
Heh, require this, and oops, all of the hooks disappear :)
Seriously, no, I don't agree with this. SELinux is currently being
audited by a number of different companies (include some Linux distros),
and after that happens, and the code is cleaned up, I think they will
probably want their module merged (but I don't speak for them at all.)
As for the other modules, I think the OWL-based one is good enough right
now, and I have a very simple module that is in the November issue of
Linux Journal that is probably clean enough to merge.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [RFC] change format of LSM hooks
2002-10-17 17:20 ` [RFC] change format of LSM hooks Daniel Phillips
@ 2002-10-18 2:04 ` Rusty Russell
0 siblings, 0 replies; 15+ messages in thread
From: Rusty Russell @ 2002-10-18 2:04 UTC (permalink / raw)
To: Daniel Phillips; +Cc: Roman Zippel, linux-kernel
In message <E182EJl-0004Rd-00@starship> you write:
> > The current spinlock is horrible.
>
> Is it? You must be thinking about much more intensive use of the spinlock as
> with per-op calls as opposed to per-attach (mount). I'd planned to make the
> spinlocks per-module, but your per-cpu code looks just fine.
Actually, after I thought about it harder, I was inspired by your
point that the race can be prevented with a spinlock (as currently
done). I spent last night writing a new solution to this (I'm testing
it now), which works as follows:
/* We only need protection against local interrupts. */
#ifndef __HAVE_ARCH_LOCAL_INC
#define local_inc(x) atomic_inc(x)
#define local_dec(x) atomic_dec(x)
#endif
static inline int try_module_get(struct module *module)
{
int ret = 1;
if (module) {
unsigned int cpu = get_cpu();
if (likely(module->live))
local_inc(&module->ref[cpu]);
else
ret = 0;
put_cpu();
}
return ret;
}
static inline void module_put(struct module *module)
{
if (module) {
unsigned int cpu = get_cpu();
local_dec(&module->ref[cpu]);
/* Maybe they're waiting for us to drop reference? */
if (unlikely(!module->live))
wake_up_process(module->waiter);
put_cpu();
}
}
Now, these are both short, sweet, and cache-local. The unload stage
becomes harder. We stop all the reference counts by scheduling a
thread on every cpu, then having them all do a local_irq_disable.
This means we know that the refcounts won't change, and we can safely
sum them. If they're zero (or the non-block flag isn't set), we set
"module->live" to false and release the CPUs.
Now, in the sleeping case, I sleep uninterruptible, but drop the
module mutex first, so other module stuff can happen at the same time.
This completely prevents the spurious unload race.
> > I don't know of any code which does this now, but it is at least a
> > theoretical problem.
>
> To resolve this, start the module in can-increment state, do the module
> initialization, register the notifiers, and finally register the interface.
> In other words, the module never needs to be in can't-increment state at
> initialization. (The module writer must ensure they have the correct,
> raceless initial state of whatever the notifiers are notifying about, which
> strikes me as a little tricky in itself.)
Yes, this basically means two-state init for modules, which I shy
clear of in general. But if any modules care, they can do this
themselves, though, by setting "THIS_MODULE.live = 1;" to activate
the notifiers during their init routine.
Basically, with the other one solved, I'm happy to place this on the
shoulders of any module which really cares.
> > IMHO, the benifits of having it in-kernel outweigh the slight extra
> > size.
>
> I'll cast my vote for your in-kernel linker, in the mistaken belief that
> democracy has anything to do with the question. Does this make progress
> towards eliminating one of create_module or init_module?
Yes, query_module, create_module and /proc/ksyms all gone.
> > > > ...The second is the "die-mother-fucker-die"
>
> I'd use this feature in filesystem development, regardless of the risks,
> since I regularly do worse things to the kernel anyway. But don't you think
> the rmmod parameter should be different for the ask-nicely vs the
> shoot-in-the-head flavor? How about -f -f or -F for the latter?
Yes, currently:
rusty@mingo:~$ /sbin/rmmod
Usage: /sbin/rmmod [--wait|-f] <modulename>
The --wait option begins a module removal even if it is used
and will stop new users from accessing the module (so it
should eventually fall to zero).
The -f option forces a module unload, and may crash your
machine. This requires the Forced Module Removal option
when the kernel was compiled.
Cheers,
Rusty.
--
Anyone who quotes me in their sig is an idiot. -- Rusty Russell.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [RFC] change format of LSM hooks
2002-10-17 7:41 Rusty Russell
2002-10-17 17:20 ` [RFC] change format of LSM hooks Daniel Phillips
@ 2002-10-17 17:25 ` Daniel Phillips
1 sibling, 0 replies; 15+ messages in thread
From: Daniel Phillips @ 2002-10-17 17:25 UTC (permalink / raw)
To: Rusty Russell, S; +Cc: Roman Zippel, linux-kernel
On Thursday 17 October 2002 09:41, Rusty Russell wrote:
> http://www.kernel.org/pub/linux/kernel/people/rusty/patches/Module/forceunload.patch.gz
O_TRUNC in try_force is just a test hack?
--
Daniel
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [RFC] change format of LSM hooks
2002-10-17 7:41 Rusty Russell
@ 2002-10-17 17:20 ` Daniel Phillips
2002-10-18 2:04 ` Rusty Russell
2002-10-17 17:25 ` Daniel Phillips
1 sibling, 1 reply; 15+ messages in thread
From: Daniel Phillips @ 2002-10-17 17:20 UTC (permalink / raw)
To: Rusty Russell, S; +Cc: Roman Zippel, linux-kernel
On Thursday 17 October 2002 09:41, Rusty Russell wrote:
> In message <E181zuY-0004Fl-00@starship> you write:
> > On Thursday 17 October 2002 00:48, Rusty Russell wrote:
> > > > On Wednesday 16 October 2002 08:11, Rusty Russell wrote:
> > > > > It needs to be turned off when dealing with any interface which
> > > > > might be used by one of the hard modules. Which is pretty bad.
> > > >
> > > > As far as I can see, preemption only has to be disabled during the
> > > > synchronize_kernel phase of unloading that one module, and this
> > > > requirement is inherited neither by dependant or depending modules.
> > >
> > > No, someone could already have been preempted before you start
> > > synchronize_kernel().
> >
> > I don't get that. The sequence is:
> >
> > - turn off preemption
> > - unhook call points
> > - synchronize_kernel
> > - ...
> >
> > which doesn't leave any preemption hole that I can see, so I can't comment
> > on a couple of the other points until you clear that one up.
>
> You mean that "turn off preemption" also wakes up anyone currently
> preempted? Otherwise they're preempted just inside one of those call
> points.
Urk, yes, or just those preempted in kernel. Which looks doable and not
intrusive, modulo my limited scheduler knowledge. So synchronize_kernel
isn't dead yet, though it just got a new flesh wound.
> > > Still a race between the zero check and the can't-increment state
> > > setting.
> >
> > But that one is easy: the zero check just takes the same spinlock as
> > TRY_INC_MOD_COUNT, then sets can't-increment only in the case the count
> > is zero, considerably simpler than:
>
> The current spinlock is horrible.
Is it? You must be thinking about much more intensive use of the spinlock as
with per-op calls as opposed to per-attach (mount). I'd planned to make the
spinlocks per-module, but your per-cpu code looks just fine.
> > ...The still-initializing case is also easy, e.g., a filesystem module
> > simply doesn't call register_filesystem until it's completely ready to
> > service calls, so nobody is able to do TRY_INC_MOD_COUNT.
>
> Consider some code which needs to know when cpus go up and down, so
> registers a notifier. If the notifier fires before the init is
> finished, the notifier code will fail to "try_inc_mod_count()" and
> won't call it (it doesn't do try_inc_mod_count at the moment, but
> that's a bug).
>
> I don't know of any code which does this now, but it is at least a
> theoretical problem.
To resolve this, start the module in can-increment state, do the module
initialization, register the notifiers, and finally register the interface.
In other words, the module never needs to be in can't-increment state at
initialization. (The module writer must ensure they have the correct,
raceless initial state of whatever the notifiers are notifying about, which
strikes me as a little tricky in itself.)
> IMHO, the benifits of having it in-kernel outweigh the slight extra
> size.
I'll cast my vote for your in-kernel linker, in the mistaken belief that
democracy has anything to do with the question. Does this make progress
towards eliminating one of create_module or init_module?
> > > ...The second is the "die-mother-fucker-die"
> > > version, which taints the kernel and just removes the damn thing. For
> > > most people, this is better than a reboot, and will usually "work".
> >
> > Is there a case where removing a module would actually help? What is
> > the user going to do next, try to reinsert the same module?
>
> Insert a fixed one, hopefully 8).
I'd use this feature in filesystem development, regardless of the risks,
since I regularly do worse things to the kernel anyway. But don't you think
the rmmod parameter should be different for the ask-nicely vs the
shoot-in-the-head flavor? How about -f -f or -F for the latter?
--
Daniel
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2002-10-18 2:19 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20021015194545.GC15864@kroah.com>
[not found] ` <20021015.124502.130514745.davem@redhat.com>
[not found] ` <20021015201209.GE15864@kroah.com>
[not found] ` <20021015.131037.96602290.davem@redhat.com>
[not found] ` <20021015202828.GG15864@kroah.com>
2002-10-16 0:07 ` [RFC] change format of LSM hooks Greg KH
2002-10-16 0:03 ` David S. Miller
2002-10-16 8:15 ` Greg KH
2002-10-16 18:59 ` Greg KH
2002-10-16 16:33 ` joe perches
2002-10-16 23:46 ` Greg KH
2002-10-16 23:56 ` David S. Miller
2002-10-16 19:07 ` Greg KH
2002-10-17 1:41 ` Rusty Russell
2002-10-17 3:33 ` Daniel Phillips
2002-10-17 13:21 ` Christoph Hellwig
2002-10-17 16:55 ` Greg KH
2002-10-17 7:41 Rusty Russell
2002-10-17 17:20 ` [RFC] change format of LSM hooks Daniel Phillips
2002-10-18 2:04 ` Rusty Russell
2002-10-17 17:25 ` Daniel Phillips
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).