summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2008-04-18 18:18:30 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2008-04-18 18:18:30 -0700
commit3925e6fc1f774048404fdd910b0345b06c699eb4 (patch)
treec9a58417d9492f39f7fe81d4721d674c34dd8be2 /include
parent334d094504c2fe1c44211ecb49146ae6bca8c321 (diff)
parent7cea51be4e91edad05bd834f3235b45c57783f0d (diff)
downloadlinux-stable-3925e6fc1f774048404fdd910b0345b06c699eb4.tar.gz
linux-stable-3925e6fc1f774048404fdd910b0345b06c699eb4.tar.bz2
linux-stable-3925e6fc1f774048404fdd910b0345b06c699eb4.zip
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: security: fix up documentation for security_module_enable Security: Introduce security= boot parameter Audit: Final renamings and cleanup SELinux: use new audit hooks, remove redundant exports Audit: internally use the new LSM audit hooks LSM/Audit: Introduce generic Audit LSM hooks SELinux: remove redundant exports Netlink: Use generic LSM hook Audit: use new LSM hooks instead of SELinux exports SELinux: setup new inode/ipc getsecid hooks LSM: Introduce inode_getsecid and ipc_getsecid hooks
Diffstat (limited to 'include')
-rw-r--r--include/linux/audit.h29
-rw-r--r--include/linux/security.h114
-rw-r--r--include/linux/selinux.h134
3 files changed, 142 insertions, 135 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 2af9ec025015..4ccb048cae1d 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -353,6 +353,33 @@ struct netlink_skb_parms;
struct linux_binprm;
struct mq_attr;
struct mqstat;
+struct audit_watch;
+struct audit_tree;
+
+struct audit_krule {
+ int vers_ops;
+ u32 flags;
+ u32 listnr;
+ u32 action;
+ u32 mask[AUDIT_BITMASK_SIZE];
+ u32 buflen; /* for data alloc on list rules */
+ u32 field_count;
+ char *filterkey; /* ties events to rules */
+ struct audit_field *fields;
+ struct audit_field *arch_f; /* quick access to arch field */
+ struct audit_field *inode_f; /* quick access to an inode field */
+ struct audit_watch *watch; /* associated watch */
+ struct audit_tree *tree; /* associated watched tree */
+ struct list_head rlist; /* entry in audit_{watch,tree}.rules list */
+};
+
+struct audit_field {
+ u32 type;
+ u32 val;
+ u32 op;
+ char *lsm_str;
+ void *lsm_rule;
+};
#define AUDITSC_INVALID 0
#define AUDITSC_SUCCESS 1
@@ -536,6 +563,8 @@ extern void audit_log_d_path(struct audit_buffer *ab,
const char *prefix,
struct path *path);
extern void audit_log_lost(const char *message);
+extern int audit_update_lsm_rules(void);
+
/* Private API (for audit.c only) */
extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
extern int audit_filter_type(int type);
diff --git a/include/linux/security.h b/include/linux/security.h
index f5eb9ff47ac5..fea1f4aa4dd5 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -36,7 +36,11 @@
extern unsigned securebits;
+/* Maximum number of letters for an LSM name string */
+#define SECURITY_NAME_MAX 10
+
struct ctl_table;
+struct audit_krule;
/*
* These functions are in security/capability.c and are used
@@ -136,6 +140,12 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
/**
* struct security_operations - main security structure
*
+ * Security module identifier.
+ *
+ * @name:
+ * A string that acts as a unique identifeir for the LSM with max number
+ * of characters = SECURITY_NAME_MAX.
+ *
* Security hooks for program execution operations.
*
* @bprm_alloc_security:
@@ -468,6 +478,11 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* @dentry is the dentry being changed.
* Return 0 on success. If error is returned, then the operation
* causing setuid bit removal is failed.
+ * @inode_getsecid:
+ * Get the secid associated with the node.
+ * @inode contains a pointer to the inode.
+ * @secid contains a pointer to the location where result will be saved.
+ * In case of failure, @secid will be set to zero.
*
* Security hooks for file operations
*
@@ -636,6 +651,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* @task_getsecid:
* Retrieve the security identifier of the process @p.
* @p contains the task_struct for the process and place is into @secid.
+ * In case of failure, @secid will be set to zero.
+ *
* @task_setgroups:
* Check permission before setting the supplementary group set of the
* current process.
@@ -997,6 +1014,11 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* @ipcp contains the kernel IPC permission structure
* @flag contains the desired (requested) permission set
* Return 0 if permission is granted.
+ * @ipc_getsecid:
+ * Get the secid associated with the ipc object.
+ * @ipcp contains the kernel IPC permission structure.
+ * @secid contains a pointer to the location where result will be saved.
+ * In case of failure, @secid will be set to zero.
*
* Security hooks for individual messages held in System V IPC message queues
* @msg_msg_alloc_security:
@@ -1223,9 +1245,42 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* @secdata contains the security context.
* @seclen contains the length of the security context.
*
+ * Security hooks for Audit
+ *
+ * @audit_rule_init:
+ * Allocate and initialize an LSM audit rule structure.
+ * @field contains the required Audit action. Fields flags are defined in include/linux/audit.h
+ * @op contains the operator the rule uses.
+ * @rulestr contains the context where the rule will be applied to.
+ * @lsmrule contains a pointer to receive the result.
+ * Return 0 if @lsmrule has been successfully set,
+ * -EINVAL in case of an invalid rule.
+ *
+ * @audit_rule_known:
+ * Specifies whether given @rule contains any fields related to current LSM.
+ * @rule contains the audit rule of interest.
+ * Return 1 in case of relation found, 0 otherwise.
+ *
+ * @audit_rule_match:
+ * Determine if given @secid matches a rule previously approved
+ * by @audit_rule_known.
+ * @secid contains the security id in question.
+ * @field contains the field which relates to current LSM.
+ * @op contains the operator that will be used for matching.
+ * @rule points to the audit rule that will be checked against.
+ * @actx points to the audit context associated with the check.
+ * Return 1 if secid matches the rule, 0 if it does not, -ERRNO on failure.
+ *
+ * @audit_rule_free:
+ * Deallocate the LSM audit rule structure previously allocated by
+ * audit_rule_init.
+ * @rule contains the allocated rule
+ *
* This is the main security structure.
*/
struct security_operations {
+ char name[SECURITY_NAME_MAX + 1];
+
int (*ptrace) (struct task_struct * parent, struct task_struct * child);
int (*capget) (struct task_struct * target,
kernel_cap_t * effective,
@@ -1317,6 +1372,7 @@ struct security_operations {
int (*inode_getsecurity)(const struct inode *inode, const char *name, void **buffer, bool alloc);
int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags);
int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size);
+ void (*inode_getsecid)(const struct inode *inode, u32 *secid);
int (*file_permission) (struct file * file, int mask);
int (*file_alloc_security) (struct file * file);
@@ -1369,6 +1425,7 @@ struct security_operations {
void (*task_to_inode)(struct task_struct *p, struct inode *inode);
int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag);
+ void (*ipc_getsecid) (struct kern_ipc_perm *ipcp, u32 *secid);
int (*msg_msg_alloc_security) (struct msg_msg * msg);
void (*msg_msg_free_security) (struct msg_msg * msg);
@@ -1480,10 +1537,18 @@ struct security_operations {
#endif /* CONFIG_KEYS */
+#ifdef CONFIG_AUDIT
+ int (*audit_rule_init)(u32 field, u32 op, char *rulestr, void **lsmrule);
+ int (*audit_rule_known)(struct audit_krule *krule);
+ int (*audit_rule_match)(u32 secid, u32 field, u32 op, void *lsmrule,
+ struct audit_context *actx);
+ void (*audit_rule_free)(void *lsmrule);
+#endif /* CONFIG_AUDIT */
};
/* prototypes */
extern int security_init (void);
+extern int security_module_enable(struct security_operations *ops);
extern int register_security (struct security_operations *ops);
extern int mod_reg_security (const char *name, struct security_operations *ops);
extern struct dentry *securityfs_create_file(const char *name, mode_t mode,
@@ -1578,6 +1643,7 @@ int security_inode_killpriv(struct dentry *dentry);
int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc);
int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
+void security_inode_getsecid(const struct inode *inode, u32 *secid);
int security_file_permission(struct file *file, int mask);
int security_file_alloc(struct file *file);
void security_file_free(struct file *file);
@@ -1622,6 +1688,7 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
void security_task_reparent_to_init(struct task_struct *p);
void security_task_to_inode(struct task_struct *p, struct inode *inode);
int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
+void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
int security_msg_msg_alloc(struct msg_msg *msg);
void security_msg_msg_free(struct msg_msg *msg);
int security_msg_queue_alloc(struct msg_queue *msq);
@@ -2022,6 +2089,11 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer,
return 0;
}
+static inline void security_inode_getsecid(const struct inode *inode, u32 *secid)
+{
+ *secid = 0;
+}
+
static inline int security_file_permission (struct file *file, int mask)
{
return 0;
@@ -2137,7 +2209,9 @@ static inline int security_task_getsid (struct task_struct *p)
}
static inline void security_task_getsecid (struct task_struct *p, u32 *secid)
-{ }
+{
+ *secid = 0;
+}
static inline int security_task_setgroups (struct group_info *group_info)
{
@@ -2216,6 +2290,11 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
return 0;
}
+static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
+{
+ *secid = 0;
+}
+
static inline int security_msg_msg_alloc (struct msg_msg * msg)
{
return 0;
@@ -2672,5 +2751,38 @@ static inline int security_key_permission(key_ref_t key_ref,
#endif
#endif /* CONFIG_KEYS */
+#ifdef CONFIG_AUDIT
+#ifdef CONFIG_SECURITY
+int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
+int security_audit_rule_known(struct audit_krule *krule);
+int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
+ struct audit_context *actx);
+void security_audit_rule_free(void *lsmrule);
+
+#else
+
+static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr,
+ void **lsmrule)
+{
+ return 0;
+}
+
+static inline int security_audit_rule_known(struct audit_krule *krule)
+{
+ return 0;
+}
+
+static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
+ void *lsmrule, struct audit_context *actx)
+{
+ return 0;
+}
+
+static inline void security_audit_rule_free(void *lsmrule)
+{ }
+
+#endif /* CONFIG_SECURITY */
+#endif /* CONFIG_AUDIT */
+
#endif /* ! __LINUX_SECURITY_H */
diff --git a/include/linux/selinux.h b/include/linux/selinux.h
index 8c2cc4c02526..20f965d4b041 100644
--- a/include/linux/selinux.h
+++ b/include/linux/selinux.h
@@ -16,99 +16,11 @@
struct selinux_audit_rule;
struct audit_context;
-struct inode;
struct kern_ipc_perm;
#ifdef CONFIG_SECURITY_SELINUX
/**
- * selinux_audit_rule_init - alloc/init an selinux audit rule structure.
- * @field: the field this rule refers to
- * @op: the operater the rule uses
- * @rulestr: the text "target" of the rule
- * @rule: pointer to the new rule structure returned via this
- *
- * Returns 0 if successful, -errno if not. On success, the rule structure
- * will be allocated internally. The caller must free this structure with
- * selinux_audit_rule_free() after use.
- */
-int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
- struct selinux_audit_rule **rule);
-
-/**
- * selinux_audit_rule_free - free an selinux audit rule structure.
- * @rule: pointer to the audit rule to be freed
- *
- * This will free all memory associated with the given rule.
- * If @rule is NULL, no operation is performed.
- */
-void selinux_audit_rule_free(struct selinux_audit_rule *rule);
-
-/**
- * selinux_audit_rule_match - determine if a context ID matches a rule.
- * @sid: the context ID to check
- * @field: the field this rule refers to
- * @op: the operater the rule uses
- * @rule: pointer to the audit rule to check against
- * @actx: the audit context (can be NULL) associated with the check
- *
- * Returns 1 if the context id matches the rule, 0 if it does not, and
- * -errno on failure.
- */
-int selinux_audit_rule_match(u32 sid, u32 field, u32 op,
- struct selinux_audit_rule *rule,
- struct audit_context *actx);
-
-/**
- * selinux_audit_set_callback - set the callback for policy reloads.
- * @callback: the function to call when the policy is reloaded
- *
- * This sets the function callback function that will update the rules
- * upon policy reloads. This callback should rebuild all existing rules
- * using selinux_audit_rule_init().
- */
-void selinux_audit_set_callback(int (*callback)(void));
-
-/**
- * selinux_sid_to_string - map a security context ID to a string
- * @sid: security context ID to be converted.
- * @ctx: address of context string to be returned
- * @ctxlen: length of returned context string.
- *
- * Returns 0 if successful, -errno if not. On success, the context
- * string will be allocated internally, and the caller must call
- * kfree() on it after use.
- */
-int selinux_sid_to_string(u32 sid, char **ctx, u32 *ctxlen);
-
-/**
- * selinux_get_inode_sid - get the inode's security context ID
- * @inode: inode structure to get the sid from.
- * @sid: pointer to security context ID to be filled in.
- *
- * Returns nothing
- */
-void selinux_get_inode_sid(const struct inode *inode, u32 *sid);
-
-/**
- * selinux_get_ipc_sid - get the ipc security context ID
- * @ipcp: ipc structure to get the sid from.
- * @sid: pointer to security context ID to be filled in.
- *
- * Returns nothing
- */
-void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid);
-
-/**
- * selinux_get_task_sid - return the SID of task
- * @tsk: the task whose SID will be returned
- * @sid: pointer to security context ID to be filled in.
- *
- * Returns nothing
- */
-void selinux_get_task_sid(struct task_struct *tsk, u32 *sid);
-
-/**
* selinux_string_to_sid - map a security context string to a security ID
* @str: the security context string to be mapped
* @sid: ID value returned via this.
@@ -151,52 +63,6 @@ void selinux_secmark_refcount_inc(void);
void selinux_secmark_refcount_dec(void);
#else
-static inline int selinux_audit_rule_init(u32 field, u32 op,
- char *rulestr,
- struct selinux_audit_rule **rule)
-{
- return -EOPNOTSUPP;
-}
-
-static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule)
-{
- return;
-}
-
-static inline int selinux_audit_rule_match(u32 sid, u32 field, u32 op,
- struct selinux_audit_rule *rule,
- struct audit_context *actx)
-{
- return 0;
-}
-
-static inline void selinux_audit_set_callback(int (*callback)(void))
-{
- return;
-}
-
-static inline int selinux_sid_to_string(u32 sid, char **ctx, u32 *ctxlen)
-{
- *ctx = NULL;
- *ctxlen = 0;
- return 0;
-}
-
-static inline void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
-{
- *sid = 0;
-}
-
-static inline void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)
-{
- *sid = 0;
-}
-
-static inline void selinux_get_task_sid(struct task_struct *tsk, u32 *sid)
-{
- *sid = 0;
-}
-
static inline int selinux_string_to_sid(const char *str, u32 *sid)
{
*sid = 0;