diff options
| author | Andrew Morton <akpm@digeo.com> | 2003-05-25 01:11:57 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@home.transmeta.com> | 2003-05-25 01:11:57 -0700 |
| commit | ea7870c8206312a84d65e1bc4bcae7290983597a (patch) | |
| tree | 7ce28477fbc4a0e10db4b0329880f3a4e9ede418 /include/linux/security.h | |
| parent | 6f333c220991f13b40a2bea23987c5954b7245af (diff) | |
[PATCH] Process Attribute API for Security Modules
From: Stephen Smalley <sds@epoch.ncsc.mil>
This updated patch against 2.5.69 merges the readdir and lookup routines
for proc_base and proc_attr, fixes the copy_to_user call in proc_attr_read
and proc_info_read, moves the new data and code within CONFIG_SECURITY, and
uses ARRAY_SIZE, per the comments from Al Viro and Andrew Morton. As
before, this patch implements a process attribute API for security modules
via a set of nodes in a /proc/pid/attr directory. Credit for the idea of
implementing this API via /proc/pid/attr nodes goes to Al Viro. Jan Harkes
provided a nice cleanup of the implementation to reduce the code bloat.
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 6741cc027ceb..faaa1780f93e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1128,6 +1128,9 @@ struct security_operations { void (*d_instantiate) (struct dentry *dentry, struct inode *inode); + int (*getprocattr)(struct task_struct *p, char *name, void *value, size_t size); + int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size); + #ifdef CONFIG_SECURITY_NETWORK int (*unix_stream_connect) (struct socket * sock, struct socket * other, struct sock * newsk); @@ -1766,6 +1769,16 @@ static inline void security_d_instantiate (struct dentry *dentry, struct inode * security_ops->d_instantiate (dentry, inode); } +static inline int security_getprocattr(struct task_struct *p, char *name, void *value, size_t size) +{ + return security_ops->getprocattr(p, name, value, size); +} + +static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size) +{ + return security_ops->setprocattr(p, name, value, size); +} + static inline int security_netlink_send(struct sk_buff * skb) { return security_ops->netlink_send(skb); @@ -2355,6 +2368,16 @@ static inline int security_sem_semop (struct sem_array * sma, static inline void security_d_instantiate (struct dentry *dentry, struct inode *inode) { } +static inline int security_getprocattr(struct task_struct *p, char *name, void *value, size_t size) +{ + return -EINVAL; +} + +static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size) +{ + return -EINVAL; +} + /* * The netlink capability defaults need to be used inline by default * (rather than hooking into the capability module) to reduce overhead |