diff options
59 files changed, 1380 insertions, 401 deletions
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c index 8e4b131eff89..9a4dda519f43 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c @@ -719,8 +719,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data) /* are we already being traced? */ if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); - if (ret) + if ((ret = security_ptrace(current->parent, current))) goto out; /* set the ptrace bit in the process flags. */ current->ptrace |= PT_PTRACED; diff --git a/arch/i386/kernel/ptrace.c b/arch/i386/kernel/ptrace.c index a10602335c56..77dff5fa499f 100644 --- a/arch/i386/kernel/ptrace.c +++ b/arch/i386/kernel/ptrace.c @@ -160,8 +160,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data) /* are we already being traced? */ if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); - if (ret) + if ((ret = security_ptrace(current->parent, current))) goto out; /* set the ptrace bit in the process flags. */ current->ptrace |= PT_PTRACED; diff --git a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c index 82a38bf8a64a..4bfc8c0df0be 100644 --- a/arch/ia64/kernel/ptrace.c +++ b/arch/ia64/kernel/ptrace.c @@ -1101,8 +1101,7 @@ sys_ptrace (long request, pid_t pid, unsigned long addr, unsigned long data, /* are we already being traced? */ if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); - if (ret) + if ((ret = security_ptrace(current->parent, current))) goto out; current->ptrace |= PT_PTRACED; ret = 0; diff --git a/arch/ppc/kernel/ptrace.c b/arch/ppc/kernel/ptrace.c index b82ce7958d46..9ad34990c732 100644 --- a/arch/ppc/kernel/ptrace.c +++ b/arch/ppc/kernel/ptrace.c @@ -166,8 +166,7 @@ int sys_ptrace(long request, long pid, long addr, long data) /* are we already being traced? */ if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); - if (ret) + if ((ret = security_ptrace(current->parent, current))) goto out; /* set the ptrace bit in the process flags. */ current->ptrace |= PT_PTRACED; diff --git a/arch/ppc64/kernel/ptrace.c b/arch/ppc64/kernel/ptrace.c index add21192e105..05e36a4f08ae 100644 --- a/arch/ppc64/kernel/ptrace.c +++ b/arch/ppc64/kernel/ptrace.c @@ -59,8 +59,7 @@ int sys_ptrace(long request, long pid, long addr, long data) /* are we already being traced? */ if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); - if (ret) + if ((ret = security_ptrace(current->parent, current))) goto out; /* set the ptrace bit in the process flags. */ current->ptrace |= PT_PTRACED; diff --git a/arch/ppc64/kernel/ptrace32.c b/arch/ppc64/kernel/ptrace32.c index c89062ce3874..0f97f90e1d3d 100644 --- a/arch/ppc64/kernel/ptrace32.c +++ b/arch/ppc64/kernel/ptrace32.c @@ -48,8 +48,7 @@ int sys32_ptrace(long request, long pid, unsigned long addr, unsigned long data) /* are we already being traced? */ if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); - if (ret) + if ((ret = security_ptrace(current->parent, current))) goto out; /* set the ptrace bit in the process flags. */ current->ptrace |= PT_PTRACED; diff --git a/arch/ppc64/kernel/sys_ppc32.c b/arch/ppc64/kernel/sys_ppc32.c index 045ddbe964f0..7d63831bc18e 100644 --- a/arch/ppc64/kernel/sys_ppc32.c +++ b/arch/ppc64/kernel/sys_ppc32.c @@ -53,6 +53,7 @@ #include <linux/mman.h> #include <linux/sysctl.h> #include <linux/binfmts.h> +#include <linux/security.h> #include <asm/types.h> #include <asm/ipc.h> @@ -3520,8 +3521,7 @@ static int do_execve32(char * filename, u32 * argv, u32 * envp, struct pt_regs * if ((retval = bprm.envc) < 0) goto out_mm; - retval = security_ops->bprm_alloc_security(&bprm); - if (retval) + if ((retval = security_bprm_alloc(&bprm))) goto out; retval = prepare_binprm(&bprm); @@ -3544,7 +3544,7 @@ static int do_execve32(char * filename, u32 * argv, u32 * envp, struct pt_regs * retval = search_binary_handler(&bprm,regs); if (retval >= 0) { /* execve success */ - security_ops->bprm_free_security(&bprm); + security_bprm_free(&bprm); return retval; } @@ -3557,7 +3557,7 @@ out: } if (bprm.security) - security_ops->bprm_free_security(&bprm); + security_bprm_free(&bprm); out_mm: mmdrop(bprm.mm); diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c index c1a2508cfb96..f4d6cadf12cd 100644 --- a/arch/s390/kernel/ptrace.c +++ b/arch/s390/kernel/ptrace.c @@ -330,8 +330,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data) ret = -EPERM; if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); - if (ret) + if ((ret = security_ptrace(current->parent, current))) goto out; /* set the ptrace bit in the process flags. */ current->ptrace |= PT_PTRACED; diff --git a/arch/s390x/kernel/ptrace.c b/arch/s390x/kernel/ptrace.c index f6ee9655d457..cea1ddca4e79 100644 --- a/arch/s390x/kernel/ptrace.c +++ b/arch/s390x/kernel/ptrace.c @@ -32,6 +32,7 @@ #include <linux/errno.h> #include <linux/ptrace.h> #include <linux/user.h> +#include <linux/security.h> #include <asm/segment.h> #include <asm/page.h> @@ -568,8 +569,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data) ret = -EPERM; if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); - if (ret) + if ((ret = security_ptrace(current->parent, current))) goto out; /* set the ptrace bit in the process flags. */ current->ptrace |= PT_PTRACED; diff --git a/arch/sparc/kernel/ptrace.c b/arch/sparc/kernel/ptrace.c index e7daf14ea25d..bf3c418d712d 100644 --- a/arch/sparc/kernel/ptrace.c +++ b/arch/sparc/kernel/ptrace.c @@ -291,8 +291,7 @@ asmlinkage void do_ptrace(struct pt_regs *regs) pt_error_return(regs, EPERM); goto out; } - ret = security_ops->ptrace(current->parent, current); - if (ret) { + if ((ret = security_ptrace(current->parent, current))) { pt_error_return(regs, -ret); goto out; } diff --git a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c index c1ef6e0c2b4c..bdb13e4f6a2d 100644 --- a/arch/sparc64/kernel/ptrace.c +++ b/arch/sparc64/kernel/ptrace.c @@ -140,8 +140,7 @@ asmlinkage void do_ptrace(struct pt_regs *regs) pt_error_return(regs, EPERM); goto out; } - ret = security_ops->ptrace(current->parent, current); - if (ret) { + if ((ret = security_ptrace(current->parent, current))) { pt_error_return(regs, -ret); goto out; } diff --git a/arch/sparc64/kernel/sys_sparc32.c b/arch/sparc64/kernel/sys_sparc32.c index 388b557b015c..8b8d4fb9ad7e 100644 --- a/arch/sparc64/kernel/sys_sparc32.c +++ b/arch/sparc64/kernel/sys_sparc32.c @@ -2967,8 +2967,7 @@ do_execve32(char * filename, u32 * argv, u32 * envp, struct pt_regs * regs) if ((retval = bprm.envc) < 0) goto out_mm; - retval = security_ops->bprm_alloc_security(&bprm); - if (retval) + if ((retval = security_bprm_alloc(&bprm))) goto out; retval = prepare_binprm(&bprm); @@ -2991,7 +2990,7 @@ do_execve32(char * filename, u32 * argv, u32 * envp, struct pt_regs * regs) retval = search_binary_handler(&bprm, regs); if (retval >= 0) { /* execve success */ - security_ops->bprm_free_security(&bprm); + security_bprm_free(&bprm); return retval; } @@ -3004,7 +3003,7 @@ out: } if (bprm.security) - security_ops->bprm_free_security(&bprm); + security_bprm_free(&bprm); out_mm: mmdrop(bprm.mm); diff --git a/arch/um/kernel/ptrace.c b/arch/um/kernel/ptrace.c index c47bc17fdecf..ffcd37877457 100644 --- a/arch/um/kernel/ptrace.c +++ b/arch/um/kernel/ptrace.c @@ -33,8 +33,7 @@ int sys_ptrace(long request, long pid, long addr, long data) if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); - if(ret) + if ((ret = security_ptrace(current->parent, current))) goto out; /* set the ptrace bit in the process flags. */ diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c index 83f48031d3e8..7032e0104377 100644 --- a/arch/x86_64/kernel/ptrace.c +++ b/arch/x86_64/kernel/ptrace.c @@ -178,8 +178,7 @@ asmlinkage long sys_ptrace(long request, long pid, long addr, long data) /* are we already being traced? */ if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); - if (ret) + if ((ret = security_ptrace(current->parent, current))) goto out; /* set the ptrace bit in the process flags. */ current->ptrace |= PT_PTRACED; diff --git a/drivers/base/fs/class.c b/drivers/base/fs/class.c index 1713000f0c37..f1179368176d 100644 --- a/drivers/base/fs/class.c +++ b/drivers/base/fs/class.c @@ -7,6 +7,8 @@ #include <linux/init.h> #include <linux/slab.h> #include <linux/err.h> +#include <linux/limits.h> +#include <linux/stat.h> #include "fs.h" static struct driver_dir_entry class_dir; diff --git a/drivers/base/fs/intf.c b/drivers/base/fs/intf.c index 151f60d42b73..5781b2496a82 100644 --- a/drivers/base/fs/intf.c +++ b/drivers/base/fs/intf.c @@ -4,6 +4,8 @@ #include <linux/device.h> #include <linux/slab.h> +#include <linux/limits.h> +#include <linux/errno.h> #include "fs.h" /** diff --git a/fs/attr.c b/fs/attr.c index c65e0f33643f..57fc85a7687f 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -153,13 +153,12 @@ int notify_change(struct dentry * dentry, struct iattr * attr) } if (inode->i_op && inode->i_op->setattr) { - error = security_ops->inode_setattr(dentry, attr); - if (!error) + if (!(error = security_inode_setattr(dentry, attr))) error = inode->i_op->setattr(dentry, attr); } else { error = inode_change_ok(inode, attr); if (!error) - error = security_ops->inode_setattr(dentry, attr); + error = security_inode_setattr(dentry, attr); if (!error) { if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) diff --git a/fs/dquot.c b/fs/dquot.c index 24d50ae34824..82756bec8d91 100644 --- a/fs/dquot.c +++ b/fs/dquot.c @@ -69,6 +69,7 @@ #include <linux/init.h> #include <linux/module.h> #include <linux/proc_fs.h> +#include <linux/security.h> #include <asm/uaccess.h> @@ -1305,8 +1306,7 @@ int vfs_quota_on(struct super_block *sb, int type, int format_id, char *path) error = -EIO; if (!f->f_op || !f->f_op->read || !f->f_op->write) goto out_f; - error = security_ops->quota_on(f); - if (error) + if ((error = security_quota_on(f))) goto out_f; inode = f->f_dentry->d_inode; error = -EACCES; diff --git a/fs/exec.c b/fs/exec.c index eef86f55c0cb..26a485d62ce9 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -43,6 +43,7 @@ #include <linux/namei.h> #include <linux/proc_fs.h> #include <linux/ptrace.h> +#include <linux/security.h> #include <asm/uaccess.h> #include <asm/pgalloc.h> @@ -818,8 +819,7 @@ int prepare_binprm(struct linux_binprm *bprm) } /* fill in binprm security blob */ - retval = security_ops->bprm_set_security(bprm); - if (retval) + if ((retval = security_bprm_set(bprm))) return retval; memset(bprm->buf,0,BINPRM_BUF_SIZE); @@ -867,7 +867,7 @@ void compute_creds(struct linux_binprm *bprm) if(do_unlock) unlock_kernel(); - security_ops->bprm_compute_creds(bprm); + security_bprm_compute_creds(bprm); } void remove_arg_zero(struct linux_binprm *bprm) @@ -936,8 +936,7 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) } } #endif - retval = security_ops->bprm_check_security(bprm); - if (retval) + if ((retval = security_bprm_check(bprm))) return retval; /* kernel module loader fixup */ @@ -1033,8 +1032,7 @@ int do_execve(char * filename, char ** argv, char ** envp, struct pt_regs * regs if ((retval = bprm.envc) < 0) goto out_mm; - retval = security_ops->bprm_alloc_security(&bprm); - if (retval) + if ((retval = security_bprm_alloc(&bprm))) goto out; retval = prepare_binprm(&bprm); @@ -1057,7 +1055,7 @@ int do_execve(char * filename, char ** argv, char ** envp, struct pt_regs * regs retval = search_binary_handler(&bprm,regs); if (retval >= 0) { /* execve success */ - security_ops->bprm_free_security(&bprm); + security_bprm_free(&bprm); return retval; } @@ -1070,7 +1068,7 @@ out: } if (bprm.security) - security_ops->bprm_free_security(&bprm); + security_bprm_free(&bprm); out_mm: mmdrop(bprm.mm); diff --git a/fs/fcntl.c b/fs/fcntl.c index c2fc83cdfed6..90900d2188a0 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -274,8 +274,7 @@ int f_setown(struct file *filp, unsigned long arg, int force) { int err; - err = security_ops->file_set_fowner(filp); - if (err) + if ((err = security_file_set_fowner(filp))) return err; f_modown(filp, arg, current->uid, current->euid, force); @@ -368,8 +367,7 @@ asmlinkage long sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg) if (!filp) goto out; - err = security_ops->file_fcntl(filp, cmd, arg); - if (err) { + if ((err = security_file_fcntl(filp, cmd, arg))) { fput(filp); return err; } @@ -392,8 +390,7 @@ asmlinkage long sys_fcntl64(unsigned int fd, unsigned int cmd, unsigned long arg if (!filp) goto out; - err = security_ops->file_fcntl(filp, cmd, arg); - if (err) { + if ((err = security_file_fcntl(filp, cmd, arg))) { fput(filp); return err; } @@ -444,7 +441,7 @@ static void send_sigio_to_task(struct task_struct *p, if (!sigio_perm(p, fown)) return; - if (security_ops->file_send_sigiotask(p, fown, fd, reason)) + if (security_file_send_sigiotask(p, fown, fd, reason)) return; switch (fown->signum) { diff --git a/fs/file_table.c b/fs/file_table.c index fe6c048c2bab..57765820047c 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -46,7 +46,7 @@ struct file * get_empty_filp(void) files_stat.nr_free_files--; new_one: memset(f, 0, sizeof(*f)); - if (security_ops->file_alloc_security(f)) { + if (security_file_alloc(f)) { list_add(&f->f_list, &free_list); files_stat.nr_free_files++; file_list_unlock(); @@ -127,7 +127,7 @@ void __fput(struct file * file) if (file->f_op && file->f_op->release) file->f_op->release(inode, file); - security_ops->file_free_security(file); + security_file_free(file); fops_put(file->f_op); if (file->f_mode & FMODE_WRITE) put_write_access(inode); @@ -160,7 +160,7 @@ struct file * fget(unsigned int fd) void put_filp(struct file *file) { if(atomic_dec_and_test(&file->f_count)) { - security_ops->file_free_security(file); + security_file_free(file); file_list_lock(); list_del(&file->f_list); list_add(&file->f_list, &free_list); diff --git a/fs/inode.c b/fs/inode.c index 4f56d96031ea..bf67998c45e4 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -120,7 +120,7 @@ static struct inode *alloc_inode(struct super_block *sb) inode->i_bdev = NULL; inode->i_cdev = NULL; inode->i_security = NULL; - if (security_ops->inode_alloc_security(inode)) { + if (security_inode_alloc(inode)) { if (inode->i_sb->s_op->destroy_inode) inode->i_sb->s_op->destroy_inode(inode); else @@ -146,7 +146,7 @@ static void destroy_inode(struct inode *inode) { if (inode_has_buffers(inode)) BUG(); - security_ops->inode_free_security(inode); + security_inode_free(inode); if (inode->i_sb->s_op->destroy_inode) { inode->i_sb->s_op->destroy_inode(inode); } else { @@ -922,7 +922,7 @@ void generic_delete_inode(struct inode *inode) if (inode->i_data.nrpages) truncate_inode_pages(&inode->i_data, 0); - security_ops->inode_delete(inode); + security_inode_delete(inode); if (op && op->delete_inode) { void (*delete)(struct inode *) = op->delete_inode; diff --git a/fs/ioctl.c b/fs/ioctl.c index 8f2d67ade88e..b0b6b2ed4c3b 100644 --- a/fs/ioctl.c +++ b/fs/ioctl.c @@ -59,8 +59,7 @@ asmlinkage long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) goto out; error = 0; - error = security_ops->file_ioctl(filp, cmd, arg); - if (error) { + if ((error = security_file_ioctl(filp, cmd, arg))) { fput(filp); goto out; } diff --git a/fs/locks.c b/fs/locks.c index c723de3be272..1257f3711e45 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -122,6 +122,7 @@ #include <linux/timer.h> #include <linux/time.h> #include <linux/fs.h> +#include <linux/security.h> #include <asm/semaphore.h> #include <asm/uaccess.h> @@ -1174,8 +1175,7 @@ int fcntl_setlease(unsigned int fd, struct file *filp, long arg) return -EACCES; if (!S_ISREG(inode->i_mode)) return -EINVAL; - error = security_ops->file_lock(filp, arg); - if (error) + if ((error = security_file_lock(filp, arg))) return error; lock_kernel(); @@ -1288,8 +1288,7 @@ asmlinkage long sys_flock(unsigned int fd, unsigned int cmd) if (error) goto out_putf; - error = security_ops->file_lock(filp, cmd); - if (error) + if ((error = security_file_lock(filp, cmd))) goto out_free; for (;;) { @@ -1438,8 +1437,7 @@ int fcntl_setlk(struct file *filp, unsigned int cmd, struct flock *l) goto out; } - error = security_ops->file_lock(filp, file_lock->fl_type); - if (error) + if ((error = security_file_lock(filp, file_lock->fl_type))) goto out; if (filp->f_op && filp->f_op->lock != NULL) { @@ -1578,8 +1576,7 @@ int fcntl_setlk64(struct file *filp, unsigned int cmd, struct flock64 *l) goto out; } - error = security_ops->file_lock(filp, file_lock->fl_type); - if (error) + if ((error = security_file_lock(filp, file_lock->fl_type))) goto out; if (filp->f_op && filp->f_op->lock != NULL) { diff --git a/fs/namei.c b/fs/namei.c index d198ee69aa6f..e300498a6b08 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -218,7 +218,7 @@ int permission(struct inode * inode,int mask) if (retval) return retval; - return security_ops->inode_permission(inode, mask); + return security_inode_permission(inode, mask); } /* @@ -340,7 +340,7 @@ static inline int exec_permission_lite(struct inode *inode) return -EACCES; ok: - return security_ops->inode_permission_lite(inode, MAY_EXEC); + return security_inode_permission_lite(inode, MAY_EXEC); } /* @@ -374,7 +374,7 @@ static struct dentry * real_lookup(struct dentry * parent, struct qstr * name, i dput(dentry); else { result = dentry; - security_ops->inode_post_lookup(dir, result); + security_inode_post_lookup(dir, result); } } up(&dir->i_sem); @@ -413,8 +413,7 @@ static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd) current->state = TASK_RUNNING; schedule(); } - err = security_ops->inode_follow_link(dentry, nd); - if (err) + if ((err = security_inode_follow_link(dentry, nd))) goto loop; current->link_count++; current->total_link_count++; @@ -918,7 +917,7 @@ struct dentry * lookup_hash(struct qstr *name, struct dentry * base) dentry = inode->i_op->lookup(inode, new); if (!dentry) { dentry = new; - security_ops->inode_post_lookup(inode, dentry); + security_inode_post_lookup(inode, dentry); } else dput(new); } @@ -1125,14 +1124,13 @@ int vfs_create(struct inode *dir, struct dentry *dentry, int mode) return -EACCES; /* shouldn't it be ENOSYS? */ mode &= S_IALLUGO; mode |= S_IFREG; - error = security_ops->inode_create(dir, dentry, mode); - if (error) + if ((error = security_inode_create(dir, dentry, mode))) return error; DQUOT_INIT(dir); error = dir->i_op->create(dir, dentry, mode); if (!error) { inode_dir_notify(dir, DN_CREATE); - security_ops->inode_post_create(dir, dentry, mode); + security_inode_post_create(dir, dentry, mode); } return error; } @@ -1344,8 +1342,7 @@ do_link: * stored in nd->last.name and we will have to putname() it when we * are done. Procfs-like symlinks just set LAST_BIND. */ - error = security_ops->inode_follow_link(dentry, nd); - if (error) + if ((error = security_inode_follow_link(dentry, nd))) goto exit_dput; UPDATE_ATIME(dentry->d_inode); error = dentry->d_inode->i_op->follow_link(dentry, nd); @@ -1410,15 +1407,14 @@ int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) if (!dir->i_op || !dir->i_op->mknod) return -EPERM; - error = security_ops->inode_mknod(dir, dentry, mode, dev); - if (error) + if ((error = security_inode_mknod(dir, dentry, mode, dev))) return error; DQUOT_INIT(dir); error = dir->i_op->mknod(dir, dentry, mode, dev); if (!error) { inode_dir_notify(dir, DN_CREATE); - security_ops->inode_post_mknod(dir, dentry, mode, dev); + security_inode_post_mknod(dir, dentry, mode, dev); } return error; } @@ -1478,15 +1474,14 @@ int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) return -EPERM; mode &= (S_IRWXUGO|S_ISVTX); - error = security_ops->inode_mkdir(dir, dentry, mode); - if (error) + if ((error = security_inode_mkdir(dir, dentry, mode))) return error; DQUOT_INIT(dir); error = dir->i_op->mkdir(dir, dentry, mode); if (!error) { inode_dir_notify(dir, DN_CREATE); - security_ops->inode_post_mkdir(dir,dentry, mode); + security_inode_post_mkdir(dir,dentry, mode); } return error; } @@ -1570,8 +1565,7 @@ int vfs_rmdir(struct inode *dir, struct dentry *dentry) if (d_mountpoint(dentry)) error = -EBUSY; else { - error = security_ops->inode_rmdir(dir, dentry); - if (!error) { + if (!(error = security_inode_rmdir(dir, dentry))) { error = dir->i_op->rmdir(dir, dentry); if (!error) dentry->d_inode->i_flags |= S_DEAD; @@ -1644,10 +1638,8 @@ int vfs_unlink(struct inode *dir, struct dentry *dentry) if (d_mountpoint(dentry)) error = -EBUSY; else { - error = security_ops->inode_unlink(dir, dentry); - if (!error) { + if (!(error = security_inode_unlink(dir, dentry))) error = dir->i_op->unlink(dir, dentry); - } } up(&dentry->d_inode->i_sem); if (!error) { @@ -1709,15 +1701,14 @@ int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname) if (!dir->i_op || !dir->i_op->symlink) return -EPERM; - error = security_ops->inode_symlink(dir, dentry, oldname); - if (error) + if ((error = security_inode_symlink(dir, dentry, oldname))) return error; DQUOT_INIT(dir); error = dir->i_op->symlink(dir, dentry, oldname); if (!error) { inode_dir_notify(dir, DN_CREATE); - security_ops->inode_post_symlink(dir, dentry, oldname); + security_inode_post_symlink(dir, dentry, oldname); } return error; } @@ -1780,8 +1771,7 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de if (S_ISDIR(old_dentry->d_inode->i_mode)) return -EPERM; - error = security_ops->inode_link(old_dentry, dir, new_dentry); - if (error) + if ((error = security_inode_link(old_dentry, dir, new_dentry))) return error; down(&old_dentry->d_inode->i_sem); @@ -1790,7 +1780,7 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de up(&old_dentry->d_inode->i_sem); if (!error) { inode_dir_notify(dir, DN_CREATE); - security_ops->inode_post_link(old_dentry, dir, new_dentry); + security_inode_post_link(old_dentry, dir, new_dentry); } return error; } @@ -1889,8 +1879,7 @@ int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry, return error; } - error = security_ops->inode_rename(old_dir, old_dentry, new_dir, new_dentry); - if (error) + if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry))) return error; target = new_dentry->d_inode; @@ -1912,8 +1901,8 @@ int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry, } if (!error) { d_move(old_dentry,new_dentry); - security_ops->inode_post_rename(old_dir, old_dentry, - new_dir, new_dentry); + security_inode_post_rename(old_dir, old_dentry, + new_dir, new_dentry); } return error; } @@ -1924,8 +1913,7 @@ int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry, struct inode *target; int error; - error = security_ops->inode_rename(old_dir, old_dentry, new_dir, new_dentry); - if (error) + if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry))) return error; dget(new_dentry); @@ -1940,7 +1928,7 @@ int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry, /* The following d_move() should become unconditional */ if (!(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME)) d_move(old_dentry, new_dentry); - security_ops->inode_post_rename(old_dir, old_dentry, new_dir, new_dentry); + security_inode_post_rename(old_dir, old_dentry, new_dir, new_dentry); } if (target) up(&target->i_sem); diff --git a/fs/namespace.c b/fs/namespace.c index 57d6c0d6a5c5..e3bc142c1c88 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -19,6 +19,7 @@ #include <linux/seq_file.h> #include <linux/namespace.h> #include <linux/namei.h> +#include <linux/security.h> #include <asm/uaccess.h> @@ -288,8 +289,7 @@ static int do_umount(struct vfsmount *mnt, int flags) struct super_block * sb = mnt->mnt_sb; int retval = 0; - retval = security_ops->sb_umount(mnt, flags); - if (retval) + if ((retval = security_sb_umount(mnt, flags))) return retval; /* @@ -341,7 +341,7 @@ static int do_umount(struct vfsmount *mnt, int flags) DQUOT_OFF(sb); acct_auto_close(sb); unlock_kernel(); - security_ops->sb_umount_close(mnt); + security_sb_umount_close(mnt); spin_lock(&dcache_lock); } retval = -EBUSY; @@ -352,7 +352,7 @@ static int do_umount(struct vfsmount *mnt, int flags) } spin_unlock(&dcache_lock); if (retval) - security_ops->sb_umount_busy(mnt); + security_sb_umount_busy(mnt); up_write(¤t->namespace->sem); return retval; } @@ -470,8 +470,7 @@ static int graft_tree(struct vfsmount *mnt, struct nameidata *nd) if (IS_DEADDIR(nd->dentry->d_inode)) goto out_unlock; - err = security_ops->sb_check_sb(mnt, nd); - if (err) + if ((err = security_sb_check_sb(mnt, nd))) goto out_unlock; spin_lock(&dcache_lock); @@ -487,7 +486,7 @@ static int graft_tree(struct vfsmount *mnt, struct nameidata *nd) out_unlock: up(&nd->dentry->d_inode->i_sem); if (!err) - security_ops->sb_post_addmount(mnt, nd); + security_sb_post_addmount(mnt, nd); return err; } @@ -558,7 +557,7 @@ static int do_remount(struct nameidata *nd,int flags,int mnt_flags,void *data) nd->mnt->mnt_flags=mnt_flags; up_write(&sb->s_umount); if (!err) - security_ops->sb_post_remount(nd->mnt, flags, data); + security_sb_post_remount(nd->mnt, flags, data); return err; } @@ -741,8 +740,7 @@ long do_mount(char * dev_name, char * dir_name, char *type_page, if (retval) return retval; - retval = security_ops->sb_mount(dev_name, &nd, type_page, flags, data_page); - if (retval) + if ((retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page))) goto dput_out; if (flags & MS_REMOUNT) @@ -939,8 +937,7 @@ asmlinkage long sys_pivot_root(const char *new_root, const char *put_old) if (error) goto out1; - error = security_ops->sb_pivotroot(&old_nd, &new_nd); - if (error) { + if ((error = security_sb_pivotroot(&old_nd, &new_nd))) { path_release(&old_nd); goto out1; } @@ -989,7 +986,7 @@ asmlinkage long sys_pivot_root(const char *new_root, const char *put_old) attach_mnt(new_nd.mnt, &root_parent); spin_unlock(&dcache_lock); chroot_fs_refs(&user_nd, &new_nd); - security_ops->sb_post_pivotroot(&user_nd, &new_nd); + security_sb_post_pivotroot(&user_nd, &new_nd); error = 0; path_release(&root_parent); path_release(&parent_nd); diff --git a/fs/open.c b/fs/open.c index 3e690b0cd50d..ddc36d3d705c 100644 --- a/fs/open.c +++ b/fs/open.c @@ -30,8 +30,7 @@ int vfs_statfs(struct super_block *sb, struct statfs *buf) retval = -ENOSYS; if (sb->s_op && sb->s_op->statfs) { memset(buf, 0, sizeof(struct statfs)); - retval = security_ops->sb_statfs(sb); - if (retval) + if ((retval = security_sb_statfs(sb))) return retval; retval = sb->s_op->statfs(sb, buf); } diff --git a/fs/proc/base.c b/fs/proc/base.c index fdf6a5afec94..45bd3e2e01b7 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -28,6 +28,7 @@ #include <linux/namespace.h> #include <linux/mm.h> #include <linux/smp_lock.h> +#include <linux/security.h> /* * For hysterical raisins we keep the same inumbers as in the old procfs. @@ -394,7 +395,7 @@ static struct file_operations proc_info_file_operations = { }; #define MAY_PTRACE(p) \ -(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ops->ptrace(current,p)==0)) +(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ptrace(current,p)==0)) static int mem_open(struct inode* inode, struct file* file) diff --git a/fs/quota.c b/fs/quota.c index 0cc95fe48a91..600765da6ecb 100644 --- a/fs/quota.c +++ b/fs/quota.c @@ -98,7 +98,7 @@ static int check_quotactl_valid(struct super_block *sb, int type, int cmd, qid_t if (!capable(CAP_SYS_ADMIN)) return -EPERM; - return security_ops->quotactl (cmd, type, id, sb); + return security_quotactl (cmd, type, id, sb); } /* Resolve device pathname to superblock */ diff --git a/fs/read_write.c b/fs/read_write.c index a8b23e6367ee..a7fc9459f172 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -193,8 +193,7 @@ ssize_t vfs_read(struct file *file, char *buf, size_t count, loff_t *pos) ret = locks_verify_area(FLOCK_VERIFY_READ, inode, file, *pos, count); if (!ret) { - ret = security_ops->file_permission (file, MAY_READ); - if (!ret) { + if (!(ret = security_file_permission (file, MAY_READ))) { if (file->f_op->read) ret = file->f_op->read(file, buf, count, pos); else @@ -233,8 +232,7 @@ ssize_t vfs_write(struct file *file, const char *buf, size_t count, loff_t *pos) ret = locks_verify_area(FLOCK_VERIFY_WRITE, inode, file, *pos, count); if (!ret) { - ret = security_ops->file_permission (file, MAY_WRITE); - if (!ret) { + if (!(ret = security_file_permission (file, MAY_WRITE))) { if (file->f_op->write) ret = file->f_op->write(file, buf, count, pos); else @@ -465,8 +463,7 @@ sys_readv(unsigned long fd, const struct iovec *vector, unsigned long nr_segs) goto bad_file; if (file->f_op && (file->f_mode & FMODE_READ) && (file->f_op->readv || file->f_op->read)) { - ret = security_ops->file_permission (file, MAY_READ); - if (!ret) + if (!(ret = security_file_permission (file, MAY_READ))) ret = do_readv_writev(READ, file, vector, nr_segs); } fput(file); @@ -488,8 +485,7 @@ sys_writev(unsigned long fd, const struct iovec * vector, unsigned long nr_segs) goto bad_file; if (file->f_op && (file->f_mode & FMODE_WRITE) && (file->f_op->writev || file->f_op->write)) { - ret = security_ops->file_permission (file, MAY_WRITE); - if (!ret) + if (!(ret = security_file_permission (file, MAY_WRITE))) ret = do_readv_writev(WRITE, file, vector, nr_segs); } fput(file); diff --git a/fs/readdir.c b/fs/readdir.c index 24e91a059be5..31c6298d6202 100644 --- a/fs/readdir.c +++ b/fs/readdir.c @@ -11,6 +11,7 @@ #include <linux/file.h> #include <linux/smp_lock.h> #include <linux/fs.h> +#include <linux/security.h> #include <asm/uaccess.h> @@ -21,8 +22,7 @@ int vfs_readdir(struct file *file, filldir_t filler, void *buf) if (!file->f_op || !file->f_op->readdir) goto out; - res = security_ops->file_permission(file, MAY_READ); - if (res) + if ((res = security_file_permission(file, MAY_READ))) goto out; down(&inode->i_sem); diff --git a/fs/stat.c b/fs/stat.c index 727a854fd0af..80a321930de9 100644 --- a/fs/stat.c +++ b/fs/stat.c @@ -39,8 +39,7 @@ int vfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) struct inode *inode = dentry->d_inode; int retval; - retval = security_ops->inode_getattr(mnt, dentry); - if (retval) + if ((retval = security_inode_getattr(mnt, dentry))) return retval; if (inode->i_op->getattr) @@ -238,8 +237,7 @@ asmlinkage long sys_readlink(const char * path, char * buf, int bufsiz) error = -EINVAL; if (inode->i_op && inode->i_op->readlink) { - error = security_ops->inode_readlink(nd.dentry); - if (!error) { + if (!(error = security_inode_readlink(nd.dentry))) { UPDATE_ATIME(inode); error = inode->i_op->readlink(nd.dentry, buf, bufsiz); } diff --git a/fs/super.c b/fs/super.c index ef1e9cfebb50..741c079f31bc 100644 --- a/fs/super.c +++ b/fs/super.c @@ -29,9 +29,9 @@ #include <linux/quotaops.h> #include <linux/namei.h> #include <linux/buffer_head.h> /* for fsync_super() */ +#include <linux/security.h> #include <asm/uaccess.h> -#include <linux/security.h> void get_filesystem(struct file_system_type *fs); void put_filesystem(struct file_system_type *fs); @@ -51,7 +51,7 @@ static struct super_block *alloc_super(void) struct super_block *s = kmalloc(sizeof(struct super_block), GFP_USER); if (s) { memset(s, 0, sizeof(struct super_block)); - if (security_ops->sb_alloc_security(s)) { + if (security_sb_alloc(s)) { kfree(s); s = NULL; goto out; @@ -85,7 +85,7 @@ out: */ static inline void destroy_super(struct super_block *s) { - security_ops->sb_free_security(s); + security_sb_free(s); kfree(s); } diff --git a/fs/xattr.c b/fs/xattr.c index d878ebb317bd..933a94031f5b 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -13,6 +13,7 @@ #include <linux/file.h> #include <linux/xattr.h> #include <linux/namei.h> +#include <linux/security.h> #include <asm/uaccess.h> /* @@ -85,9 +86,7 @@ setxattr(struct dentry *d, char *name, void *value, size_t size, int flags) error = -EOPNOTSUPP; if (d->d_inode->i_op && d->d_inode->i_op->setxattr) { - error = security_ops->inode_setxattr(d, kname, kvalue, - size, flags); - if (error) + if ((error = security_inode_setxattr(d, kname, kvalue, size, flags))) goto out; down(&d->d_inode->i_sem); error = d->d_inode->i_op->setxattr(d, kname, kvalue, size, flags); @@ -163,8 +162,7 @@ getxattr(struct dentry *d, char *name, void *value, size_t size) error = -EOPNOTSUPP; if (d->d_inode->i_op && d->d_inode->i_op->getxattr) { - error = security_ops->inode_getxattr(d, kname); - if (error) + if ((error = security_inode_getxattr(d, kname))) goto out; down(&d->d_inode->i_sem); error = d->d_inode->i_op->getxattr(d, kname, kvalue, size); @@ -236,8 +234,7 @@ listxattr(struct dentry *d, char *list, size_t size) error = -EOPNOTSUPP; if (d->d_inode->i_op && d->d_inode->i_op->listxattr) { - error = security_ops->inode_listxattr(d); - if (error) + if ((error = security_inode_listxattr(d))) goto out; down(&d->d_inode->i_sem); error = d->d_inode->i_op->listxattr(d, klist, size); @@ -311,8 +308,7 @@ removexattr(struct dentry *d, char *name) error = -EOPNOTSUPP; if (d->d_inode->i_op && d->d_inode->i_op->removexattr) { - error = security_ops->inode_removexattr(d, kname); - if (error) + if ((error = security_inode_removexattr(d, kname))) goto out; down(&d->d_inode->i_sem); error = d->d_inode->i_op->removexattr(d, kname); diff --git a/include/linux/sched.h b/include/linux/sched.h index b5e63d8ade25..6a7d0105a336 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -586,9 +586,9 @@ extern int request_irq(unsigned int, unsigned long, const char *, void *); extern void free_irq(unsigned int, void *); -/* capable prototype and code moved to security.[hc] */ -#include <linux/security.h> -#if 0 + +#ifndef CONFIG_SECURITY +/* capable prototype and code are in security.[hc] if CONFIG_SECURITY */ static inline int capable(int cap) { if (cap_raised(current->cap_effective, cap)) { @@ -597,7 +597,7 @@ static inline int capable(int cap) } return 0; } -#endif /* if 0 */ +#endif /* * Routines for handling mm_structs diff --git a/include/linux/security.h b/include/linux/security.h index e2f80f6a9dba..2777948a807e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -22,8 +22,6 @@ #ifndef __LINUX_SECURITY_H #define __LINUX_SECURITY_H -#ifdef __KERNEL__ - #include <linux/fs.h> #include <linux/binfmts.h> #include <linux/signal.h> @@ -32,6 +30,23 @@ #include <linux/sysctl.h> #include <linux/shm.h> #include <linux/msg.h> +#include <linux/sched.h> + + +/* + * These functions are in security/capability.c and are used + * as the default capabilities functions + */ +extern int cap_capable (struct task_struct *tsk, int cap); +extern int cap_ptrace (struct task_struct *parent, struct task_struct *child); +extern int cap_capget (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); +extern int cap_capset_check (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); +extern void cap_capset_set (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); +extern int cap_bprm_set_security (struct linux_binprm *bprm); +extern void cap_bprm_compute_creds (struct linux_binprm *bprm); +extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); +extern void cap_task_kmod_set_label (void); +extern void cap_task_reparent_to_init (struct task_struct *p); /* * Values used in the task_security_ops calls @@ -48,6 +63,9 @@ /* setfsuid or setfsgid, id0 == fsuid or fsgid */ #define LSM_SETID_FS 8 + +#ifdef CONFIG_SECURITY + /* forward declares to avoid warnings */ struct sk_buff; struct net_device; @@ -843,6 +861,526 @@ struct security_operations { struct security_operations *ops); }; +/* global variables */ +extern struct security_operations *security_ops; + +/* inline stuff */ +static inline int security_ptrace (struct task_struct * parent, struct task_struct * child) +{ + return security_ops->ptrace (parent, child); +} + +static inline int security_capget (struct task_struct *target, + kernel_cap_t *effective, + kernel_cap_t *inheritable, + kernel_cap_t *permitted) +{ + return security_ops->capget (target, effective, inheritable, permitted); +} + +static inline int security_capset_check (struct task_struct *target, + kernel_cap_t *effective, + kernel_cap_t *inheritable, + kernel_cap_t *permitted) +{ + return security_ops->capset_check (target, effective, inheritable, permitted); +} + +static inline void security_capset_set (struct task_struct *target, + kernel_cap_t *effective, + kernel_cap_t *inheritable, + kernel_cap_t *permitted) +{ + security_ops->capset_set (target, effective, inheritable, permitted); +} + +static inline int security_acct (struct file *file) +{ + return security_ops->acct (file); +} + +static inline int security_quotactl (int cmds, int type, int id, + struct super_block *sb) +{ + return security_ops->quotactl (cmds, type, id, sb); +} + +static inline int security_quota_on (struct file * file) +{ + return security_ops->quota_on (file); +} + +static inline int security_bprm_alloc (struct linux_binprm *bprm) +{ + return security_ops->bprm_alloc_security (bprm); +} +static inline void security_bprm_free (struct linux_binprm *bprm) +{ + security_ops->bprm_free_security (bprm); +} +static inline void security_bprm_compute_creds (struct linux_binprm *bprm) +{ + security_ops->bprm_compute_creds (bprm); +} +static inline int security_bprm_set (struct linux_binprm *bprm) +{ + return security_ops->bprm_set_security (bprm); +} +static inline int security_bprm_check (struct linux_binprm *bprm) +{ + return security_ops->bprm_check_security (bprm); +} + +static inline int security_sb_alloc (struct super_block *sb) +{ + return security_ops->sb_alloc_security (sb); +} + +static inline void security_sb_free (struct super_block *sb) +{ + security_ops->sb_free_security (sb); +} + +static inline int security_sb_statfs (struct super_block *sb) +{ + return security_ops->sb_statfs (sb); +} + +static inline int security_sb_mount (char *dev_name, struct nameidata *nd, + char *type, unsigned long flags, + void *data) +{ + return security_ops->sb_mount (dev_name, nd, type, flags, data); +} + +static inline int security_sb_check_sb (struct vfsmount *mnt, + struct nameidata *nd) +{ + return security_ops->sb_check_sb (mnt, nd); +} + +static inline int security_sb_umount (struct vfsmount *mnt, int flags) +{ + return security_ops->sb_umount (mnt, flags); +} + +static inline void security_sb_umount_close (struct vfsmount *mnt) +{ + security_ops->sb_umount_close (mnt); +} + +static inline void security_sb_umount_busy (struct vfsmount *mnt) +{ + security_ops->sb_umount_busy (mnt); +} + +static inline void security_sb_post_remount (struct vfsmount *mnt, + unsigned long flags, void *data) +{ + security_ops->sb_post_remount (mnt, flags, data); +} + +static inline void security_sb_post_mountroot (void) +{ + security_ops->sb_post_mountroot (); +} + +static inline void security_sb_post_addmount (struct vfsmount *mnt, + struct nameidata *mountpoint_nd) +{ + security_ops->sb_post_addmount (mnt, mountpoint_nd); +} + +static inline int security_sb_pivotroot (struct nameidata *old_nd, + struct nameidata *new_nd) +{ + return security_ops->sb_pivotroot (old_nd, new_nd); +} + +static inline void security_sb_post_pivotroot (struct nameidata *old_nd, + struct nameidata *new_nd) +{ + security_ops->sb_post_pivotroot (old_nd, new_nd); +} + +static inline int security_inode_alloc (struct inode *inode) +{ + return security_ops->inode_alloc_security (inode); +} + +static inline void security_inode_free (struct inode *inode) +{ + security_ops->inode_free_security (inode); +} + +static inline int security_inode_create (struct inode *dir, + struct dentry *dentry, + int mode) +{ + return security_ops->inode_create (dir, dentry, mode); +} + +static inline void security_inode_post_create (struct inode *dir, + struct dentry *dentry, + int mode) +{ + security_ops->inode_post_create (dir, dentry, mode); +} + +static inline int security_inode_link (struct dentry *old_dentry, + struct inode *dir, + struct dentry *new_dentry) +{ + return security_ops->inode_link (old_dentry, dir, new_dentry); +} + +static inline void security_inode_post_link (struct dentry *old_dentry, + struct inode *dir, + struct dentry *new_dentry) +{ + security_ops->inode_post_link (old_dentry, dir, new_dentry); +} + +static inline int security_inode_unlink (struct inode *dir, + struct dentry *dentry) +{ + return security_ops->inode_unlink (dir, dentry); +} + +static inline int security_inode_symlink (struct inode *dir, + struct dentry *dentry, + const char *old_name) +{ + return security_ops->inode_symlink (dir, dentry, old_name); +} + +static inline void security_inode_post_symlink (struct inode *dir, + struct dentry *dentry, + const char *old_name) +{ + security_ops->inode_post_symlink (dir, dentry, old_name); +} + +static inline int security_inode_mkdir (struct inode *dir, + struct dentry *dentry, + int mode) +{ + return security_ops->inode_mkdir (dir, dentry, mode); +} + +static inline void security_inode_post_mkdir (struct inode *dir, + struct dentry *dentry, + int mode) +{ + security_ops->inode_post_mkdir (dir, dentry, mode); +} + +static inline int security_inode_rmdir (struct inode *dir, + struct dentry *dentry) +{ + return security_ops->inode_rmdir (dir, dentry); +} + +static inline int security_inode_mknod (struct inode *dir, + struct dentry *dentry, + int mode, dev_t dev) +{ + return security_ops->inode_mknod (dir, dentry, mode, dev); +} + +static inline void security_inode_post_mknod (struct inode *dir, + struct dentry *dentry, + int mode, dev_t dev) +{ + security_ops->inode_post_mknod (dir, dentry, mode, dev); +} + +static inline int security_inode_rename (struct inode *old_dir, + struct dentry *old_dentry, + struct inode *new_dir, + struct dentry *new_dentry) +{ + return security_ops->inode_rename (old_dir, old_dentry, + new_dir, new_dentry); +} + +static inline void security_inode_post_rename (struct inode *old_dir, + struct dentry *old_dentry, + struct inode *new_dir, + struct dentry *new_dentry) +{ + security_ops->inode_post_rename (old_dir, old_dentry, + new_dir, new_dentry); +} + +static inline int security_inode_readlink (struct dentry *dentry) +{ + return security_ops->inode_readlink (dentry); +} + +static inline int security_inode_follow_link (struct dentry *dentry, + struct nameidata *nd) +{ + return security_ops->inode_follow_link (dentry, nd); +} + +static inline int security_inode_permission (struct inode *inode, int mask) +{ + return security_ops->inode_permission (inode, mask); +} + +static inline int security_inode_permission_lite (struct inode *inode, + int mask) +{ + return security_ops->inode_permission_lite (inode, mask); +} + +static inline int security_inode_setattr (struct dentry *dentry, + struct iattr *attr) +{ + return security_ops->inode_setattr (dentry, attr); +} + +static inline int security_inode_getattr (struct vfsmount *mnt, + struct dentry *dentry) +{ + return security_ops->inode_getattr (mnt, dentry); +} + +static inline void security_inode_post_lookup (struct inode *inode, + struct dentry *dentry) +{ + security_ops->inode_post_lookup (inode, dentry); +} + +static inline void security_inode_delete (struct inode *inode) +{ + security_ops->inode_delete (inode); +} + +static inline int security_inode_setxattr (struct dentry *dentry, char *name, + void *value, size_t size, int flags) +{ + return security_ops->inode_setxattr (dentry, name, value, size, flags); +} + +static inline int security_inode_getxattr (struct dentry *dentry, char *name) +{ + return security_ops->inode_getxattr (dentry, name); +} + +static inline int security_inode_listxattr (struct dentry *dentry) +{ + return security_ops->inode_listxattr (dentry); +} + +static inline int security_inode_removexattr (struct dentry *dentry, char *name) +{ + return security_ops->inode_removexattr (dentry, name); +} + +static inline int security_file_permission (struct file *file, int mask) +{ + return security_ops->file_permission (file, mask); +} + +static inline int security_file_alloc (struct file *file) +{ + return security_ops->file_alloc_security (file); +} + +static inline void security_file_free (struct file *file) +{ + security_ops->file_free_security (file); +} + +static inline int security_file_ioctl (struct file *file, unsigned int cmd, + unsigned long arg) +{ + return security_ops->file_ioctl (file, cmd, arg); +} + +static inline int security_file_mmap (struct file *file, unsigned long prot, + unsigned long flags) +{ + return security_ops->file_mmap (file, prot, flags); +} + +static inline int security_file_mprotect (struct vm_area_struct *vma, + unsigned long prot) +{ + return security_ops->file_mprotect (vma, prot); +} + +static inline int security_file_lock (struct file *file, unsigned int cmd) +{ + return security_ops->file_lock (file, cmd); +} + +static inline int security_file_fcntl (struct file *file, unsigned int cmd, + unsigned long arg) +{ + return security_ops->file_fcntl (file, cmd, arg); +} + +static inline int security_file_set_fowner (struct file *file) +{ + return security_ops->file_set_fowner (file); +} + +static inline int security_file_send_sigiotask (struct task_struct *tsk, + struct fown_struct *fown, + int fd, int reason) +{ + return security_ops->file_send_sigiotask (tsk, fown, fd, reason); +} + +static inline int security_file_receive (struct file *file) +{ + return security_ops->file_receive (file); +} + +static inline int security_task_create (unsigned long clone_flags) +{ + return security_ops->task_create (clone_flags); +} + +static inline int security_task_alloc (struct task_struct *p) +{ + return security_ops->task_alloc_security (p); +} + +static inline void security_task_free (struct task_struct *p) +{ + security_ops->task_free_security (p); +} + +static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2, + int flags) +{ + return security_ops->task_setuid (id0, id1, id2, flags); +} + +static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid, + uid_t old_suid, int flags) +{ + return security_ops->task_post_setuid (old_ruid, old_euid, old_suid, flags); +} + +static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2, + int flags) +{ + return security_ops->task_setgid (id0, id1, id2, flags); +} + +static inline int security_task_setpgid (struct task_struct *p, pid_t pgid) +{ + return security_ops->task_setpgid (p, pgid); +} + +static inline int security_task_getpgid (struct task_struct *p) +{ + return security_ops->task_getpgid (p); +} + +static inline int security_task_getsid (struct task_struct *p) +{ + return security_ops->task_getsid (p); +} + +static inline int security_task_setgroups (int gidsetsize, gid_t *grouplist) +{ + return security_ops->task_setgroups (gidsetsize, grouplist); +} + +static inline int security_task_setnice (struct task_struct *p, int nice) +{ + return security_ops->task_setnice (p, nice); +} + +static inline int security_task_setrlimit (unsigned int resource, + struct rlimit *new_rlim) +{ + return security_ops->task_setrlimit (resource, new_rlim); +} + +static inline int security_task_setscheduler (struct task_struct *p, + int policy, + struct sched_param *lp) +{ + return security_ops->task_setscheduler (p, policy, lp); +} + +static inline int security_task_getscheduler (struct task_struct *p) +{ + return security_ops->task_getscheduler (p); +} + +static inline int security_task_kill (struct task_struct *p, + struct siginfo *info, int sig) +{ + return security_ops->task_kill (p, info, sig); +} + +static inline int security_task_wait (struct task_struct *p) +{ + return security_ops->task_wait (p); +} + +static inline int security_task_prctl (int option, unsigned long arg2, + unsigned long arg3, + unsigned long arg4, + unsigned long arg5) +{ + return security_ops->task_prctl (option, arg2, arg3, arg4, arg5); +} + +static inline void security_task_kmod_set_label (void) +{ + security_ops->task_kmod_set_label (); +} + +static inline void security_task_reparent_to_init (struct task_struct *p) +{ + security_ops->task_reparent_to_init (p); +} + +static inline int security_ipc_permission (struct kern_ipc_perm *ipcp, + short flag) +{ + return security_ops->ipc_permission (ipcp, flag); +} + +static inline int security_msg_queue_alloc (struct msg_queue *msq) +{ + return security_ops->msg_queue_alloc_security (msq); +} + +static inline void security_msg_queue_free (struct msg_queue *msq) +{ + security_ops->msg_queue_free_security (msq); +} + +static inline int security_shm_alloc (struct shmid_kernel *shp) +{ + return security_ops->shm_alloc_security (shp); +} + +static inline void security_shm_free (struct shmid_kernel *shp) +{ + security_ops->shm_free_security (shp); +} + +static inline int security_sem_alloc (struct sem_array *sma) +{ + return security_ops->sem_alloc_security (sma); +} + +static inline void security_sem_free (struct sem_array *sma) +{ + security_ops->sem_free_security (sma); +} + /* prototypes */ extern int security_scaffolding_startup (void); @@ -852,11 +1390,495 @@ extern int mod_reg_security (const char *name, struct security_operations *ops); extern int mod_unreg_security (const char *name, struct security_operations *ops); extern int capable (int cap); -/* global variables */ -extern struct security_operations *security_ops; + +#else /* CONFIG_SECURITY */ + +/* + * This is the default capabilities functionality. Most of these functions + * are just stubbed out, but a few must call the proper capable code. + */ + +static inline int security_scaffolding_startup (void) +{ + return 0; +} + +static inline int security_ptrace (struct task_struct *parent, struct task_struct * child) +{ + return cap_ptrace (parent, child); +} + +static inline int security_capget (struct task_struct *target, + kernel_cap_t *effective, + kernel_cap_t *inheritable, + kernel_cap_t *permitted) +{ + return cap_capget (target, effective, inheritable, permitted); +} + +static inline int security_capset_check (struct task_struct *target, + kernel_cap_t *effective, + kernel_cap_t *inheritable, + kernel_cap_t *permitted) +{ + return cap_capset_check (target, effective, inheritable, permitted); +} + +static inline void security_capset_set (struct task_struct *target, + kernel_cap_t *effective, + kernel_cap_t *inheritable, + kernel_cap_t *permitted) +{ + cap_capset_set (target, effective, inheritable, permitted); +} + +static inline int security_acct (struct file *file) +{ + return 0; +} + +static inline int security_quotactl (int cmds, int type, int id, + struct super_block * sb) +{ + return 0; +} + +static inline int security_quota_on (struct file * file) +{ + return 0; +} + +static inline int security_bprm_alloc (struct linux_binprm *bprm) +{ + return 0; +} + +static inline void security_bprm_free (struct linux_binprm *bprm) +{ } + +static inline void security_bprm_compute_creds (struct linux_binprm *bprm) +{ + cap_bprm_compute_creds (bprm); +} + +static inline int security_bprm_set (struct linux_binprm *bprm) +{ + return cap_bprm_set_security (bprm); +} + +static inline int security_bprm_check (struct linux_binprm *bprm) +{ + return 0; +} + +static inline int security_sb_alloc (struct super_block *sb) +{ + return 0; +} + +static inline void security_sb_free (struct super_block *sb) +{ } + +static inline int security_sb_statfs (struct super_block *sb) +{ + return 0; +} + +static inline int security_sb_mount (char *dev_name, struct nameidata *nd, + char *type, unsigned long flags, + void *data) +{ + return 0; +} + +static inline int security_sb_check_sb (struct vfsmount *mnt, + struct nameidata *nd) +{ + return 0; +} + +static inline int security_sb_umount (struct vfsmount *mnt, int flags) +{ + return 0; +} + +static inline void security_sb_umount_close (struct vfsmount *mnt) +{ } + +static inline void security_sb_umount_busy (struct vfsmount *mnt) +{ } + +static inline void security_sb_post_remount (struct vfsmount *mnt, + unsigned long flags, void *data) +{ } + +static inline void security_sb_post_mountroot (void) +{ } + +static inline void security_sb_post_addmount (struct vfsmount *mnt, + struct nameidata *mountpoint_nd) +{ } + +static inline int security_sb_pivotroot (struct nameidata *old_nd, + struct nameidata *new_nd) +{ + return 0; +} + +static inline void security_sb_post_pivotroot (struct nameidata *old_nd, + struct nameidata *new_nd) +{ } + +static inline int security_inode_alloc (struct inode *inode) +{ + return 0; +} + +static inline void security_inode_free (struct inode *inode) +{ } + +static inline int security_inode_create (struct inode *dir, + struct dentry *dentry, + int mode) +{ + return 0; +} + +static inline void security_inode_post_create (struct inode *dir, + struct dentry *dentry, + int mode) +{ } + +static inline int security_inode_link (struct dentry *old_dentry, + struct inode *dir, + struct dentry *new_dentry) +{ + return 0; +} + +static inline void security_inode_post_link (struct dentry *old_dentry, + struct inode *dir, + struct dentry *new_dentry) +{ } + +static inline int security_inode_unlink (struct inode *dir, + struct dentry *dentry) +{ + return 0; +} + +static inline int security_inode_symlink (struct inode *dir, + struct dentry *dentry, + const char *old_name) +{ + return 0; +} + +static inline void security_inode_post_symlink (struct inode *dir, + struct dentry *dentry, + const char *old_name) +{ } + +static inline int security_inode_mkdir (struct inode *dir, + struct dentry *dentry, + int mode) +{ + return 0; +} + +static inline void security_inode_post_mkdir (struct inode *dir, + struct dentry *dentry, + int mode) +{ } + +static inline int security_inode_rmdir (struct inode *dir, + struct dentry *dentry) +{ + return 0; +} + +static inline int security_inode_mknod (struct inode *dir, + struct dentry *dentry, + int mode, dev_t dev) +{ + return 0; +} + +static inline void security_inode_post_mknod (struct inode *dir, + struct dentry *dentry, + int mode, dev_t dev) +{ } + +static inline int security_inode_rename (struct inode *old_dir, + struct dentry *old_dentry, + struct inode *new_dir, + struct dentry *new_dentry) +{ + return 0; +} + +static inline void security_inode_post_rename (struct inode *old_dir, + struct dentry *old_dentry, + struct inode *new_dir, + struct dentry *new_dentry) +{ } + +static inline int security_inode_readlink (struct dentry *dentry) +{ + return 0; +} + +static inline int security_inode_follow_link (struct dentry *dentry, + struct nameidata *nd) +{ + return 0; +} + +static inline int security_inode_permission (struct inode *inode, int mask) +{ + return 0; +} + +static inline int security_inode_permission_lite (struct inode *inode, + int mask) +{ + return 0; +} + +static inline int security_inode_setattr (struct dentry *dentry, + struct iattr *attr) +{ + return 0; +} + +static inline int security_inode_getattr (struct vfsmount *mnt, + struct dentry *dentry) +{ + return 0; +} + +static inline void security_inode_post_lookup (struct inode *inode, + struct dentry *dentry) +{ } + +static inline void security_inode_delete (struct inode *inode) +{ } + +static inline int security_inode_setxattr (struct dentry *dentry, char *name, + void *value, size_t size, int flags) +{ + return 0; +} + +static inline int security_inode_getxattr (struct dentry *dentry, char *name) +{ + return 0; +} + +static inline int security_inode_listxattr (struct dentry *dentry) +{ + return 0; +} + +static inline int security_inode_removexattr (struct dentry *dentry, char *name) +{ + return 0; +} + +static inline int security_file_permission (struct file *file, int mask) +{ + return 0; +} + +static inline int security_file_alloc (struct file *file) +{ + return 0; +} + +static inline void security_file_free (struct file *file) +{ } + +static inline int security_file_ioctl (struct file *file, unsigned int cmd, + unsigned long arg) +{ + return 0; +} + +static inline int security_file_mmap (struct file *file, unsigned long prot, + unsigned long flags) +{ + return 0; +} + +static inline int security_file_mprotect (struct vm_area_struct *vma, + unsigned long prot) +{ + return 0; +} + +static inline int security_file_lock (struct file *file, unsigned int cmd) +{ + return 0; +} + +static inline int security_file_fcntl (struct file *file, unsigned int cmd, + unsigned long arg) +{ + return 0; +} + +static inline int security_file_set_fowner (struct file *file) +{ + return 0; +} + +static inline int security_file_send_sigiotask (struct task_struct *tsk, + struct fown_struct *fown, + int fd, int reason) +{ + return 0; +} + +static inline int security_file_receive (struct file *file) +{ + return 0; +} + +static inline int security_task_create (unsigned long clone_flags) +{ + return 0; +} + +static inline int security_task_alloc (struct task_struct *p) +{ + return 0; +} + +static inline void security_task_free (struct task_struct *p) +{ } + +static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2, + int flags) +{ + return 0; +} + +static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid, + uid_t old_suid, int flags) +{ + return cap_task_post_setuid (old_ruid, old_euid, old_suid, flags); +} + +static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2, + int flags) +{ + return 0; +} + +static inline int security_task_setpgid (struct task_struct *p, pid_t pgid) +{ + return 0; +} + +static inline int security_task_getpgid (struct task_struct *p) +{ + return 0; +} + +static inline int security_task_getsid (struct task_struct *p) +{ + return 0; +} + +static inline int security_task_setgroups (int gidsetsize, gid_t *grouplist) +{ + return 0; +} + +static inline int security_task_setnice (struct task_struct *p, int nice) +{ + return 0; +} + +static inline int security_task_setrlimit (unsigned int resource, + struct rlimit *new_rlim) +{ + return 0; +} + +static inline int security_task_setscheduler (struct task_struct *p, + int policy, + struct sched_param *lp) +{ + return 0; +} + +static inline int security_task_getscheduler (struct task_struct *p) +{ + return 0; +} + +static inline int security_task_kill (struct task_struct *p, + struct siginfo *info, int sig) +{ + return 0; +} + +static inline int security_task_wait (struct task_struct *p) +{ + return 0; +} + +static inline int security_task_prctl (int option, unsigned long arg2, + unsigned long arg3, + unsigned long arg4, + unsigned long arg5) +{ + return 0; +} + +static inline void security_task_kmod_set_label (void) +{ + cap_task_kmod_set_label (); +} + +static inline void security_task_reparent_to_init (struct task_struct *p) +{ + cap_task_reparent_to_init (p); +} + +static inline int security_ipc_permission (struct kern_ipc_perm *ipcp, + short flag) +{ + return 0; +} + +static inline int security_msg_queue_alloc (struct msg_queue *msq) +{ + return 0; +} + +static inline void security_msg_queue_free (struct msg_queue *msq) +{ } + +static inline int security_shm_alloc (struct shmid_kernel *shp) +{ + return 0; +} + +static inline void security_shm_free (struct shmid_kernel *shp) +{ } + +static inline int security_sem_alloc (struct sem_array *sma) +{ + return 0; +} + +static inline void security_sem_free (struct sem_array *sma) +{ } -#endif /* __KERNEL__ */ +#endif /* CONFIG_SECURITY */ #endif /* ! __LINUX_SECURITY_H */ diff --git a/init/do_mounts.c b/init/do_mounts.c index 1e4fe1ed4439..cf268dba3628 100644 --- a/init/do_mounts.c +++ b/init/do_mounts.c @@ -12,6 +12,7 @@ #include <linux/init.h> #include <linux/suspend.h> #include <linux/root_dev.h> +#include <linux/security.h> #include <linux/nfs_fs.h> #include <linux/nfs_fs_sb.h> @@ -799,7 +800,7 @@ out: sys_umount("/dev", 0); sys_mount(".", "/", NULL, MS_MOVE, NULL); sys_chroot("."); - security_ops->sb_post_mountroot(); + security_sb_post_mountroot(); mount_devfs_fs (); } diff --git a/ipc/msg.c b/ipc/msg.c index 7f9b534961a4..5a061e90ec2f 100644 --- a/ipc/msg.c +++ b/ipc/msg.c @@ -101,15 +101,14 @@ static int newque (key_t key, int msgflg) msq->q_perm.key = key; msq->q_perm.security = NULL; - retval = security_ops->msg_queue_alloc_security(msq); - if (retval) { + if ((retval = security_msg_queue_alloc(msq))) { kfree(msq); return retval; } id = ipc_addid(&msg_ids, &msq->q_perm, msg_ctlmni); if(id == -1) { - security_ops->msg_queue_free_security(msq); + security_msg_queue_free(msq); kfree(msq); return -ENOSPC; } @@ -281,7 +280,7 @@ static void freeque (int id) free_msg(msg); } atomic_sub(msq->q_cbytes, &msg_bytes); - security_ops->msg_queue_free_security(msq); + security_msg_queue_free(msq); kfree(msq); } diff --git a/ipc/sem.c b/ipc/sem.c index 506d60f345c8..841467fd4337 100644 --- a/ipc/sem.c +++ b/ipc/sem.c @@ -136,15 +136,14 @@ static int newary (key_t key, int nsems, int semflg) sma->sem_perm.key = key; sma->sem_perm.security = NULL; - retval = security_ops->sem_alloc_security(sma); - if (retval) { + if ((retval = security_sem_alloc(sma))) { ipc_free(sma, size); return retval; } id = ipc_addid(&sem_ids, &sma->sem_perm, sc_semmni); if(id == -1) { - security_ops->sem_free_security(sma); + security_sem_free(sma); ipc_free(sma, size); return -ENOSPC; } @@ -427,7 +426,7 @@ static void freeary (int id) used_sems -= sma->sem_nsems; size = sizeof (*sma) + sma->sem_nsems * sizeof (struct sem); - security_ops->sem_free_security(sma); + security_sem_free(sma); ipc_free(sma, size); } diff --git a/ipc/shm.c b/ipc/shm.c index f8af4e51fb5c..1acbcbc37a0f 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -116,7 +116,7 @@ static void shm_destroy (struct shmid_kernel *shp) shm_unlock(shp->id); shmem_lock(shp->shm_file, 0); fput (shp->shm_file); - security_ops->shm_free_security(shp); + security_shm_free(shp); kfree (shp); } @@ -188,8 +188,7 @@ static int newseg (key_t key, int shmflg, size_t size) shp->shm_flags = (shmflg & S_IRWXUGO); shp->shm_perm.security = NULL; - error = security_ops->shm_alloc_security(shp); - if (error) { + if ((error = security_shm_alloc(shp))) { kfree(shp); return error; } @@ -222,7 +221,7 @@ static int newseg (key_t key, int shmflg, size_t size) no_id: fput(file); no_file: - security_ops->shm_free_security(shp); + security_shm_free(shp); kfree(shp); return error; } diff --git a/ipc/util.c b/ipc/util.c index 73b978baa1ec..e6510c962e1c 100644 --- a/ipc/util.c +++ b/ipc/util.c @@ -264,7 +264,7 @@ int ipcperms (struct kern_ipc_perm *ipcp, short flag) !capable(CAP_IPC_OWNER)) return -1; - return security_ops->ipc_permission(ipcp, flag); + return security_ipc_permission(ipcp, flag); } /* diff --git a/kernel/acct.c b/kernel/acct.c index 20973f3ed6e4..1a5a5a3532ab 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -49,6 +49,7 @@ #include <linux/acct.h> #include <linux/file.h> #include <linux/tty.h> +#include <linux/security.h> #include <asm/uaccess.h> /* @@ -222,8 +223,7 @@ asmlinkage long sys_acct(const char *name) } } - error = security_ops->acct(file); - if (error) + if ((error = security_acct(file))) return error; spin_lock(&acct_globals.lock); diff --git a/kernel/capability.c b/kernel/capability.c index 774cf612d8c5..6ced2afcc509 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -8,6 +8,7 @@ */ #include <linux/mm.h> +#include <linux/security.h> #include <asm/uaccess.h> unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */ @@ -63,7 +64,7 @@ asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) data.permitted = cap_t(target->cap_permitted); data.inheritable = cap_t(target->cap_inheritable); data.effective = cap_t(target->cap_effective); - ret = security_ops->capget(target, &data.effective, &data.inheritable, &data.permitted); + ret = security_capget(target, &data.effective, &data.inheritable, &data.permitted); out: read_unlock(&tasklist_lock); @@ -88,7 +89,7 @@ static inline void cap_set_pg(int pgrp, kernel_cap_t *effective, do_each_thread(g, target) { if (target->pgrp != pgrp) continue; - security_ops->capset_set(target, effective, inheritable, permitted); + security_capset_set(target, effective, inheritable, permitted); } while_each_thread(g, target); } @@ -105,7 +106,7 @@ static inline void cap_set_all(kernel_cap_t *effective, do_each_thread(g, target) { if (target == current || target->pid == 1) continue; - security_ops->capset_set(target, effective, inheritable, permitted); + security_capset_set(target, effective, inheritable, permitted); } while_each_thread(g, target); } @@ -163,7 +164,7 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) ret = -EPERM; - if (security_ops->capset_check(target, &effective, &inheritable, &permitted)) + if (security_capset_check(target, &effective, &inheritable, &permitted)) goto out; if (!cap_issubset(inheritable, cap_combine(target->cap_inheritable, @@ -190,7 +191,7 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) else /* all procs in process group */ cap_set_pg(-pid, &effective, &inheritable, &permitted); } else { - security_ops->capset_set(target, &effective, &inheritable, &permitted); + security_capset_set(target, &effective, &inheritable, &permitted); } out: diff --git a/kernel/exit.c b/kernel/exit.c index c2b0f6eeff0f..35415c7fd1f9 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -67,7 +67,7 @@ void release_task(struct task_struct * p) wait_task_inactive(p); atomic_dec(&p->user->processes); - security_ops->task_free_security(p); + security_task_free(p); free_uid(p->user); write_lock_irq(&tasklist_lock); if (unlikely(p->ptrace)) @@ -248,7 +248,7 @@ void reparent_to_init(void) /* cpus_allowed? */ /* rt_priority? */ /* signals? */ - security_ops->task_reparent_to_init(current); + security_task_reparent_to_init(current); memcpy(current->rlim, init_task.rlim, sizeof(*(current->rlim))); current->user = INIT_USER; @@ -774,7 +774,7 @@ static int eligible_child(pid_t pid, int options, task_t *p) if (current->tgid != p->tgid && delay_group_leader(p)) return 2; - if (security_ops->task_wait(p)) + if (security_task_wait(p)) return 0; return 1; diff --git a/kernel/fork.c b/kernel/fork.c index f8620b82f8f5..cac0d734c4a3 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -682,8 +682,7 @@ static struct task_struct *copy_process(unsigned long clone_flags, if ((clone_flags & CLONE_DETACHED) && !(clone_flags & CLONE_THREAD)) return ERR_PTR(-EINVAL); - retval = security_ops->task_create(clone_flags); - if (retval) + if ((retval = security_task_create(clone_flags))) goto fork_out; retval = -ENOMEM; @@ -772,7 +771,7 @@ static struct task_struct *copy_process(unsigned long clone_flags, INIT_LIST_HEAD(&p->local_pages); retval = -ENOMEM; - if (security_ops->task_alloc_security(p)) + if (security_task_alloc(p)) goto bad_fork_cleanup; /* copy all the process information */ if (copy_semundo(clone_flags, p)) @@ -922,7 +921,7 @@ bad_fork_cleanup_files: bad_fork_cleanup_semundo: exit_semundo(p); bad_fork_cleanup_security: - security_ops->task_free_security(p); + security_task_free(p); bad_fork_cleanup: if (p->pid > 0) free_pidmap(p->pid); diff --git a/kernel/kmod.c b/kernel/kmod.c index 755e5807e815..bf013083b24f 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c @@ -29,6 +29,7 @@ #include <linux/completion.h> #include <linux/file.h> #include <linux/workqueue.h> +#include <linux/security.h> #include <asm/uaccess.h> @@ -134,7 +135,7 @@ int exec_usermodehelper(char *program_path, char *argv[], char *envp[]) /* Give kmod all effective privileges.. */ curtask->euid = curtask->fsuid = 0; curtask->egid = curtask->fsgid = 0; - security_ops->task_kmod_set_label(); + security_task_kmod_set_label(); /* Allow execve args to be in kernel space. */ set_fs(KERNEL_DS); diff --git a/kernel/ptrace.c b/kernel/ptrace.c index cc7a76bb65b7..1b7b46a8ea84 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c @@ -14,6 +14,7 @@ #include <linux/pagemap.h> #include <linux/smp_lock.h> #include <linux/ptrace.h> +#include <linux/security.h> #include <asm/pgtable.h> #include <asm/uaccess.h> @@ -100,8 +101,7 @@ int ptrace_attach(struct task_struct *task) /* the same process cannot be attached many times */ if (task->ptrace & PT_PTRACED) goto bad; - retval = security_ops->ptrace(current, task); - if (retval) + if ((retval = security_ptrace(current, task))) goto bad; /* Go */ diff --git a/kernel/sched.c b/kernel/sched.c index 20d2854c0bc6..9c160cda97e9 100644 --- a/kernel/sched.c +++ b/kernel/sched.c @@ -1329,8 +1329,7 @@ asmlinkage long sys_nice(int increment) if (nice > 19) nice = 19; - retval = security_ops->task_setnice(current, nice); - if (retval) + if ((retval = security_task_setnice(current, nice))) return retval; set_user_nice(current, nice); @@ -1451,8 +1450,7 @@ static int setscheduler(pid_t pid, int policy, struct sched_param *param) !capable(CAP_SYS_NICE)) goto out_unlock; - retval = security_ops->task_setscheduler(p, policy, &lp); - if (retval) + if ((retval = security_task_setscheduler(p, policy, &lp))) goto out_unlock; array = p->array; @@ -1515,8 +1513,7 @@ asmlinkage long sys_sched_getscheduler(pid_t pid) read_lock(&tasklist_lock); p = find_process_by_pid(pid); if (p) { - retval = security_ops->task_getscheduler(p); - if (!retval) + if (!(retval = security_task_getscheduler(p))) retval = p->policy; } read_unlock(&tasklist_lock); @@ -1545,8 +1542,7 @@ asmlinkage long sys_sched_getparam(pid_t pid, struct sched_param *param) if (!p) goto out_unlock; - retval = security_ops->task_getscheduler(p); - if (retval) + if ((retval = security_task_getscheduler(p))) goto out_unlock; lp.sched_priority = p->rt_priority; @@ -1778,8 +1774,7 @@ asmlinkage long sys_sched_rr_get_interval(pid_t pid, struct timespec *interval) if (!p) goto out_unlock; - retval = security_ops->task_getscheduler(p); - if (retval) + if ((retval = security_task_getscheduler(p))) goto out_unlock; jiffies_to_timespec(p->policy & SCHED_FIFO ? diff --git a/kernel/signal.c b/kernel/signal.c index 17ba94f17942..738f15377092 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -18,6 +18,7 @@ #include <linux/fs.h> #include <linux/tty.h> #include <linux/binfmts.h> +#include <linux/security.h> #include <asm/param.h> #include <asm/uaccess.h> #include <asm/siginfo.h> @@ -706,8 +707,7 @@ specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t, int ret = -EPERM; if (bad_signal(sig, info, t)) goto out; - ret = security_ops->task_kill(t, info, sig); - if (ret) + if ((ret = security_task_kill(t, info, sig))) goto out; /* The null signal is a permissions and process existence probe. diff --git a/kernel/sys.c b/kernel/sys.c index 3c2992ac68f2..0a9d75f8a739 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -204,6 +204,7 @@ cond_syscall(sys_nfsservctl) cond_syscall(sys_quotactl) cond_syscall(sys_acct) cond_syscall(sys_lookup_dcookie) +cond_syscall(sys_security) static int set_one_prio(struct task_struct *p, int niceval, int error) { @@ -479,8 +480,7 @@ asmlinkage long sys_setregid(gid_t rgid, gid_t egid) int new_egid = old_egid; int retval; - retval = security_ops->task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE); - if (retval) + if ((retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE))) return retval; if (rgid != (gid_t) -1) { @@ -525,8 +525,7 @@ asmlinkage long sys_setgid(gid_t gid) int old_egid = current->egid; int retval; - retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID); - if (retval) + if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID))) return retval; if (capable(CAP_SETGID)) @@ -599,8 +598,7 @@ asmlinkage long sys_setreuid(uid_t ruid, uid_t euid) int old_ruid, old_euid, old_suid, new_ruid, new_euid; int retval; - retval = security_ops->task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE); - if (retval) + if ((retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE))) return retval; new_ruid = old_ruid = current->uid; @@ -638,7 +636,7 @@ asmlinkage long sys_setreuid(uid_t ruid, uid_t euid) current->suid = current->euid; current->fsuid = current->euid; - return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE); + return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE); } @@ -660,8 +658,7 @@ asmlinkage long sys_setuid(uid_t uid) int old_ruid, old_suid, new_ruid, new_suid; int retval; - retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID); - if (retval) + if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID))) return retval; old_ruid = new_ruid = current->uid; @@ -683,7 +680,7 @@ asmlinkage long sys_setuid(uid_t uid) current->fsuid = current->euid = uid; current->suid = new_suid; - return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID); + return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID); } @@ -698,8 +695,7 @@ asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) int old_suid = current->suid; int retval; - retval = security_ops->task_setuid(ruid, euid, suid, LSM_SETID_RES); - if (retval) + if ((retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES))) return retval; if (!capable(CAP_SETUID)) { @@ -729,7 +725,7 @@ asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid) if (suid != (uid_t) -1) current->suid = suid; - return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES); + return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES); } asmlinkage long sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid) @@ -750,8 +746,7 @@ asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid) { int retval; - retval = security_ops->task_setgid(rgid, egid, sgid, LSM_SETID_RES); - if (retval) + if ((retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES))) return retval; if (!capable(CAP_SETGID)) { @@ -804,8 +799,7 @@ asmlinkage long sys_setfsuid(uid_t uid) int old_fsuid; int retval; - retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS); - if (retval) + if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS))) return retval; old_fsuid = current->fsuid; @@ -821,8 +815,7 @@ asmlinkage long sys_setfsuid(uid_t uid) current->fsuid = uid; } - retval = security_ops->task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS); - if (retval) + if ((retval = security_task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS))) return retval; return old_fsuid; @@ -836,8 +829,7 @@ asmlinkage long sys_setfsgid(gid_t gid) int old_fsgid; int retval; - retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS); - if (retval) + if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS))) return retval; old_fsgid = current->fsgid; @@ -962,8 +954,7 @@ asmlinkage long sys_getpgid(pid_t pid) retval = -ESRCH; if (p) { - retval = security_ops->task_getpgid(p); - if (!retval) + if (!(retval = security_task_getpgid(p))) retval = p->pgrp; } read_unlock(&tasklist_lock); @@ -990,8 +981,7 @@ asmlinkage long sys_getsid(pid_t pid) retval = -ESRCH; if(p) { - retval = security_ops->task_getsid(p); - if (!retval) + if (!(retval = security_task_getsid(p))) retval = p->session; } read_unlock(&tasklist_lock); @@ -1072,8 +1062,7 @@ asmlinkage long sys_setgroups(int gidsetsize, gid_t *grouplist) return -EINVAL; if(copy_from_user(groups, grouplist, gidsetsize * sizeof(gid_t))) return -EFAULT; - retval = security_ops->task_setgroups(gidsetsize, groups); - if (retval) + if ((retval = security_task_setgroups(gidsetsize, groups))) return retval; memcpy(current->groups, groups, gidsetsize * sizeof(gid_t)); current->ngroups = gidsetsize; @@ -1236,8 +1225,7 @@ asmlinkage long sys_setrlimit(unsigned int resource, struct rlimit *rlim) return -EPERM; } - retval = security_ops->task_setrlimit(resource, &new_rlim); - if (retval) + if ((retval = security_task_setrlimit(resource, &new_rlim))) return retval; *old_rlim = new_rlim; @@ -1311,8 +1299,7 @@ asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3, int error = 0; int sig; - error = security_ops->task_prctl(option, arg2, arg3, arg4, arg5); - if (error) + if ((error = security_task_prctl(option, arg2, arg3, arg4, arg5))) return error; switch (option) { diff --git a/kernel/uid16.c b/kernel/uid16.c index 63b24096f8c3..53d054061dad 100644 --- a/kernel/uid16.c +++ b/kernel/uid16.c @@ -140,8 +140,7 @@ asmlinkage long sys_setgroups16(int gidsetsize, old_gid_t *grouplist) return -EFAULT; for (i = 0 ; i < gidsetsize ; i++) new_groups[i] = (gid_t)groups[i]; - i = security_ops->task_setgroups(gidsetsize, new_groups); - if (i) + if ((i = security_task_setgroups(gidsetsize, new_groups))) return i; memcpy(current->groups, new_groups, gidsetsize * sizeof(gid_t)); current->ngroups = gidsetsize; diff --git a/mm/mmap.c b/mm/mmap.c index 90ae8b22ab96..91949e47d62b 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -498,8 +498,7 @@ unsigned long do_mmap_pgoff(struct file * file, unsigned long addr, } } - error = security_ops->file_mmap(file, prot, flags); - if (error) + if ((error = security_file_mmap(file, prot, flags))) return error; /* Clear old maps */ diff --git a/mm/mprotect.c b/mm/mprotect.c index d14c2354b7b8..f4db864ee553 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -262,8 +262,7 @@ sys_mprotect(unsigned long start, size_t len, unsigned long prot) goto out; } - error = security_ops->file_mprotect(vma, prot); - if (error) + if ((error = security_file_mprotect(vma, prot))) goto out; if (vma->vm_end > end) { diff --git a/net/core/scm.c b/net/core/scm.c index 560e82576ff4..2a51809ce125 100644 --- a/net/core/scm.c +++ b/net/core/scm.c @@ -217,8 +217,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) for (i=0, cmfptr=(int*)CMSG_DATA(cm); i<fdmax; i++, cmfptr++) { int new_fd; - err = security_ops->file_receive(fp[i]); - if (err) + if ((err = security_file_receive(fp[i]))) break; err = get_unused_fd(); if (err < 0) diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c index 852942cc7fc8..6c86196027a0 100644 --- a/net/decnet/af_decnet.c +++ b/net/decnet/af_decnet.c @@ -797,7 +797,7 @@ static int dn_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) * dn_prot_sock ? Would be nice if the capable call would go there * too. */ - if (security_ops->dn_prot_sock(saddr) && + if (security_dn_prot_sock(saddr) && !capable(CAP_NET_BIND_SERVICE) || saddr->sdn_objnum || (saddr->sdn_flags & SDF_WILD)) return -EACCES; diff --git a/security/Config.help b/security/Config.help index e2934a0871e0..541545417b50 100644 --- a/security/Config.help +++ b/security/Config.help @@ -1,3 +1,10 @@ +CONFIG_SECURITY + This enables the ability to have different security modules + in the kernel. If this option is not selected, the default + capabilities functionality will be enabled. + + If you are unsure how to answer this questions, answer N. + CONFIG_SECURITY_CAPABILITIES This enables the "default" Linux capabilities functionality. If you are unsure how to answer this question, answer Y. diff --git a/security/Config.in b/security/Config.in index 5b1c0ca26d29..acd2c35b42fc 100644 --- a/security/Config.in +++ b/security/Config.in @@ -3,5 +3,5 @@ # mainmenu_option next_comment comment 'Security options' -define_bool CONFIG_SECURITY_CAPABILITIES y +define_bool CONFIG_SECURITY n endmenu diff --git a/security/Makefile b/security/Makefile index 9349c307504d..50a295118b2b 100644 --- a/security/Makefile +++ b/security/Makefile @@ -3,11 +3,15 @@ # # Objects that export symbols -export-objs := security.o +export-objs := security.o capability.o -# Object file lists -obj-y := security.o dummy.o +# if we don't select a security model, use the default capabilities +ifneq ($(CONFIG_SECURITY),y) +obj-y += capability.o +endif +# Object file lists +obj-$(CONFIG_SECURITY) += security.o dummy.o obj-$(CONFIG_SECURITY_CAPABILITIES) += capability.o include $(TOPDIR)/Rules.make diff --git a/security/capability.c b/security/capability.c index 809fac9a470b..4c9df92fc130 100644 --- a/security/capability.c +++ b/security/capability.c @@ -19,10 +19,7 @@ #include <linux/skbuff.h> #include <linux/netlink.h> -/* flag to keep track of how we were registered */ -static int secondary; - -static int cap_capable (struct task_struct *tsk, int cap) +int cap_capable (struct task_struct *tsk, int cap) { /* Derived from include/linux/sched.h:capable. */ if (cap_raised (tsk->cap_effective, cap)) @@ -31,23 +28,7 @@ static int cap_capable (struct task_struct *tsk, int cap) return -EPERM; } -static int cap_sys_security (unsigned int id, unsigned int call, - unsigned long *args) -{ - return -ENOSYS; -} - -static int cap_quotactl (int cmds, int type, int id, struct super_block *sb) -{ - return 0; -} - -static int cap_quota_on (struct file *f) -{ - return 0; -} - -static int cap_ptrace (struct task_struct *parent, struct task_struct *child) +int cap_ptrace (struct task_struct *parent, struct task_struct *child) { /* Derived from arch/i386/kernel/ptrace.c:sys_ptrace. */ if (!cap_issubset (child->cap_permitted, current->cap_permitted) && @@ -57,8 +38,8 @@ static int cap_ptrace (struct task_struct *parent, struct task_struct *child) return 0; } -static int cap_capget (struct task_struct *target, kernel_cap_t * effective, - kernel_cap_t * inheritable, kernel_cap_t * permitted) +int cap_capget (struct task_struct *target, kernel_cap_t *effective, + kernel_cap_t *inheritable, kernel_cap_t *permitted) { /* Derived from kernel/capability.c:sys_capget. */ *effective = cap_t (target->cap_effective); @@ -67,10 +48,8 @@ static int cap_capget (struct task_struct *target, kernel_cap_t * effective, return 0; } -static int cap_capset_check (struct task_struct *target, - kernel_cap_t * effective, - kernel_cap_t * inheritable, - kernel_cap_t * permitted) +int cap_capset_check (struct task_struct *target, kernel_cap_t *effective, + kernel_cap_t *inheritable, kernel_cap_t *permitted) { /* Derived from kernel/capability.c:sys_capset. */ /* verify restrictions on target's new Inheritable set */ @@ -95,27 +74,15 @@ static int cap_capset_check (struct task_struct *target, return 0; } -static void cap_capset_set (struct task_struct *target, - kernel_cap_t * effective, - kernel_cap_t * inheritable, - kernel_cap_t * permitted) +void cap_capset_set (struct task_struct *target, kernel_cap_t *effective, + kernel_cap_t *inheritable, kernel_cap_t *permitted) { target->cap_effective = *effective; target->cap_inheritable = *inheritable; target->cap_permitted = *permitted; } -static int cap_acct (struct file *file) -{ - return 0; -} - -static int cap_bprm_alloc_security (struct linux_binprm *bprm) -{ - return 0; -} - -static int cap_bprm_set_security (struct linux_binprm *bprm) +int cap_bprm_set_security (struct linux_binprm *bprm) { /* Copied from fs/exec.c:prepare_binprm. */ @@ -143,23 +110,13 @@ static int cap_bprm_set_security (struct linux_binprm *bprm) return 0; } -static int cap_bprm_check_security (struct linux_binprm *bprm) -{ - return 0; -} - -static void cap_bprm_free_security (struct linux_binprm *bprm) -{ - return; -} - /* Copied from fs/exec.c */ static inline int must_not_trace_exec (struct task_struct *p) { return (p->ptrace & PT_PTRACED) && !(p->ptrace & PT_PTRACE_CAP); } -static void cap_bprm_compute_creds (struct linux_binprm *bprm) +void cap_bprm_compute_creds (struct linux_binprm *bprm) { /* Derived from fs/exec.c:compute_creds. */ kernel_cap_t new_permitted, working; @@ -204,6 +161,160 @@ static void cap_bprm_compute_creds (struct linux_binprm *bprm) current->keep_capabilities = 0; } +/* moved from kernel/sys.c. */ +/* + * cap_emulate_setxuid() fixes the effective / permitted capabilities of + * a process after a call to setuid, setreuid, or setresuid. + * + * 1) When set*uiding _from_ one of {r,e,s}uid == 0 _to_ all of + * {r,e,s}uid != 0, the permitted and effective capabilities are + * cleared. + * + * 2) When set*uiding _from_ euid == 0 _to_ euid != 0, the effective + * capabilities of the process are cleared. + * + * 3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective + * capabilities are set to the permitted capabilities. + * + * fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should + * never happen. + * + * -astor + * + * cevans - New behaviour, Oct '99 + * A process may, via prctl(), elect to keep its capabilities when it + * calls setuid() and switches away from uid==0. Both permitted and + * effective sets will be retained. + * Without this change, it was impossible for a daemon to drop only some + * of its privilege. The call to setuid(!=0) would drop all privileges! + * Keeping uid 0 is not an option because uid 0 owns too many vital + * files.. + * Thanks to Olaf Kirch and Peter Benie for spotting this. + */ +static inline void cap_emulate_setxuid (int old_ruid, int old_euid, + int old_suid) +{ + if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) && + (current->uid != 0 && current->euid != 0 && current->suid != 0) && + !current->keep_capabilities) { + cap_clear (current->cap_permitted); + cap_clear (current->cap_effective); + } + if (old_euid == 0 && current->euid != 0) { + cap_clear (current->cap_effective); + } + if (old_euid != 0 && current->euid == 0) { + current->cap_effective = current->cap_permitted; + } +} + +int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, + int flags) +{ + switch (flags) { + case LSM_SETID_RE: + case LSM_SETID_ID: + case LSM_SETID_RES: + /* Copied from kernel/sys.c:setreuid/setuid/setresuid. */ + if (!issecure (SECURE_NO_SETUID_FIXUP)) { + cap_emulate_setxuid (old_ruid, old_euid, old_suid); + } + break; + case LSM_SETID_FS: + { + uid_t old_fsuid = old_ruid; + + /* Copied from kernel/sys.c:setfsuid. */ + + /* + * FIXME - is fsuser used for all CAP_FS_MASK capabilities? + * if not, we might be a bit too harsh here. + */ + + if (!issecure (SECURE_NO_SETUID_FIXUP)) { + if (old_fsuid == 0 && current->fsuid != 0) { + cap_t (current->cap_effective) &= + ~CAP_FS_MASK; + } + if (old_fsuid != 0 && current->fsuid == 0) { + cap_t (current->cap_effective) |= + (cap_t (current->cap_permitted) & + CAP_FS_MASK); + } + } + break; + } + default: + return -EINVAL; + } + + return 0; +} + +void cap_task_kmod_set_label (void) +{ + cap_set_full (current->cap_effective); + return; +} + +void cap_task_reparent_to_init (struct task_struct *p) +{ + p->cap_effective = CAP_INIT_EFF_SET; + p->cap_inheritable = CAP_INIT_INH_SET; + p->cap_permitted = CAP_FULL_SET; + p->keep_capabilities = 0; + return; +} + +EXPORT_SYMBOL(cap_capable); +EXPORT_SYMBOL(cap_ptrace); +EXPORT_SYMBOL(cap_capget); +EXPORT_SYMBOL(cap_capset_check); +EXPORT_SYMBOL(cap_capset_set); +EXPORT_SYMBOL(cap_bprm_set_security); +EXPORT_SYMBOL(cap_bprm_compute_creds); +EXPORT_SYMBOL(cap_task_post_setuid); +EXPORT_SYMBOL(cap_task_kmod_set_label); +EXPORT_SYMBOL(cap_task_reparent_to_init); + +#ifdef CONFIG_SECURITY + +static int cap_sys_security (unsigned int id, unsigned int call, + unsigned long *args) +{ + return -ENOSYS; +} + +static int cap_quotactl (int cmds, int type, int id, struct super_block *sb) +{ + return 0; +} + +static int cap_quota_on (struct file *f) +{ + return 0; +} + +static int cap_acct (struct file *file) +{ + return 0; +} + +static int cap_bprm_alloc_security (struct linux_binprm *bprm) +{ + return 0; +} + +static int cap_bprm_check_security (struct linux_binprm *bprm) +{ + return 0; +} + +static void cap_bprm_free_security (struct linux_binprm *bprm) +{ + return; +} + static int cap_sb_alloc_security (struct super_block *sb) { return 0; @@ -507,96 +618,6 @@ static int cap_task_setuid (uid_t id0, uid_t id1, uid_t id2, int flags) return 0; } -/* moved from kernel/sys.c. */ -/* - * cap_emulate_setxuid() fixes the effective / permitted capabilities of - * a process after a call to setuid, setreuid, or setresuid. - * - * 1) When set*uiding _from_ one of {r,e,s}uid == 0 _to_ all of - * {r,e,s}uid != 0, the permitted and effective capabilities are - * cleared. - * - * 2) When set*uiding _from_ euid == 0 _to_ euid != 0, the effective - * capabilities of the process are cleared. - * - * 3) When set*uiding _from_ euid != 0 _to_ euid == 0, the effective - * capabilities are set to the permitted capabilities. - * - * fsuid is handled elsewhere. fsuid == 0 and {r,e,s}uid!= 0 should - * never happen. - * - * -astor - * - * cevans - New behaviour, Oct '99 - * A process may, via prctl(), elect to keep its capabilities when it - * calls setuid() and switches away from uid==0. Both permitted and - * effective sets will be retained. - * Without this change, it was impossible for a daemon to drop only some - * of its privilege. The call to setuid(!=0) would drop all privileges! - * Keeping uid 0 is not an option because uid 0 owns too many vital - * files.. - * Thanks to Olaf Kirch and Peter Benie for spotting this. - */ -static inline void cap_emulate_setxuid (int old_ruid, int old_euid, - int old_suid) -{ - if ((old_ruid == 0 || old_euid == 0 || old_suid == 0) && - (current->uid != 0 && current->euid != 0 && current->suid != 0) && - !current->keep_capabilities) { - cap_clear (current->cap_permitted); - cap_clear (current->cap_effective); - } - if (old_euid == 0 && current->euid != 0) { - cap_clear (current->cap_effective); - } - if (old_euid != 0 && current->euid == 0) { - current->cap_effective = current->cap_permitted; - } -} - -static int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, - int flags) -{ - switch (flags) { - case LSM_SETID_RE: - case LSM_SETID_ID: - case LSM_SETID_RES: - /* Copied from kernel/sys.c:setreuid/setuid/setresuid. */ - if (!issecure (SECURE_NO_SETUID_FIXUP)) { - cap_emulate_setxuid (old_ruid, old_euid, old_suid); - } - break; - case LSM_SETID_FS: - { - uid_t old_fsuid = old_ruid; - - /* Copied from kernel/sys.c:setfsuid. */ - - /* - * FIXME - is fsuser used for all CAP_FS_MASK capabilities? - * if not, we might be a bit too harsh here. - */ - - if (!issecure (SECURE_NO_SETUID_FIXUP)) { - if (old_fsuid == 0 && current->fsuid != 0) { - cap_t (current->cap_effective) &= - ~CAP_FS_MASK; - } - if (old_fsuid != 0 && current->fsuid == 0) { - cap_t (current->cap_effective) |= - (cap_t (current->cap_permitted) & - CAP_FS_MASK); - } - } - break; - } - default: - return -EINVAL; - } - - return 0; -} - static int cap_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags) { return 0; @@ -659,21 +680,6 @@ static int cap_task_prctl (int option, unsigned long arg2, unsigned long arg3, return 0; } -static void cap_task_kmod_set_label (void) -{ - cap_set_full (current->cap_effective); - return; -} - -static void cap_task_reparent_to_init (struct task_struct *p) -{ - p->cap_effective = CAP_INIT_EFF_SET; - p->cap_inheritable = CAP_INIT_INH_SET; - p->cap_permitted = CAP_FULL_SET; - p->keep_capabilities = 0; - return; -} - static int cap_ipc_permission (struct kern_ipc_perm *ipcp, short flag) { return 0; @@ -832,6 +838,10 @@ static struct security_operations capability_ops = { #define MY_NAME "capability" #endif +/* flag to keep track of how we were registered */ +static int secondary; + + static int __init capability_init (void) { /* register ourselves with the security framework */ @@ -871,3 +881,5 @@ module_exit (capability_exit); MODULE_DESCRIPTION("Standard Linux Capabilities Security Module"); MODULE_LICENSE("GPL"); + +#endif /* CONFIG_SECURITY */ |