← Back to branch summary

~ubuntu-branches/ubuntu/precise/linux-ti-omap4/precise-security

« back to all changes in this revision

Viewing changes to security/security.c

  • Committer: Package Import Robot
  • Author(s): Paolo Pisati, Paolo Pisati
  • Date: 2011-12-06 15:56:07 UTC
  • Revision ID: package-import@ubuntu.com-20111206155607-pcf44kv5fmhk564f
Tags: 3.2.0-1401.1
[ Paolo Pisati ]

* Rebased on top of Ubuntu-3.2.0-3.8
* Tilt-tracking @ ef2487af4bb15bdd0689631774b5a5e3a59f74e2
* Delete debian.ti-omap4/control, it shoudln't be tracked
* Fix architecture spelling (s/armel/armhf/)
* [Config] Update configs following 3.2 import
* [Config] Fix compilation: disable CODA and ARCH_OMAP3
* [Config] Fix compilation: disable Ethernet Faraday
* Update series to precise

Show diffs side-by-side

added added

removed removed

Lines of Context:
security/security.c
16
16
#include <linux/init.h>
17
17
#include <linux/kernel.h>
18
18
#include <linux/security.h>
 
19
#include <linux/integrity.h>
19
20
#include <linux/ima.h>
 
21
#include <linux/evm.h>
 
22
 
 
23
#define MAX_LSM_EVM_XATTR       2
20
24
 
21
25
/* Boot-time LSM user choice */
22
26
static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
352
356
 
353
357
void security_inode_free(struct inode *inode)
354
358
{
355
 
        ima_inode_free(inode);
 
359
        integrity_inode_free(inode);
356
360
        security_ops->inode_free_security(inode);
357
361
}
358
362
 
359
363
int security_inode_init_security(struct inode *inode, struct inode *dir,
360
 
                                 const struct qstr *qstr, char **name,
361
 
                                 void **value, size_t *len)
362
 
{
363
 
        if (unlikely(IS_PRIVATE(inode)))
364
 
                return -EOPNOTSUPP;
 
364
                                 const struct qstr *qstr,
 
365
                                 const initxattrs initxattrs, void *fs_data)
 
366
{
 
367
        struct xattr new_xattrs[MAX_LSM_EVM_XATTR + 1];
 
368
        struct xattr *lsm_xattr, *evm_xattr, *xattr;
 
369
        int ret;
 
370
 
 
371
        if (unlikely(IS_PRIVATE(inode)))
 
372
                return 0;
 
373
 
 
374
        memset(new_xattrs, 0, sizeof new_xattrs);
 
375
        if (!initxattrs)
 
376
                return security_ops->inode_init_security(inode, dir, qstr,
 
377
                                                         NULL, NULL, NULL);
 
378
        lsm_xattr = new_xattrs;
 
379
        ret = security_ops->inode_init_security(inode, dir, qstr,
 
380
                                                &lsm_xattr->name,
 
381
                                                &lsm_xattr->value,
 
382
                                                &lsm_xattr->value_len);
 
383
        if (ret)
 
384
                goto out;
 
385
 
 
386
        evm_xattr = lsm_xattr + 1;
 
387
        ret = evm_inode_init_security(inode, lsm_xattr, evm_xattr);
 
388
        if (ret)
 
389
                goto out;
 
390
        ret = initxattrs(inode, new_xattrs, fs_data);
 
391
out:
 
392
        for (xattr = new_xattrs; xattr->name != NULL; xattr++) {
 
393
                kfree(xattr->name);
 
394
                kfree(xattr->value);
 
395
        }
 
396
        return (ret == -EOPNOTSUPP) ? 0 : ret;
 
397
}
 
398
EXPORT_SYMBOL(security_inode_init_security);
 
399
 
 
400
int security_old_inode_init_security(struct inode *inode, struct inode *dir,
 
401
                                     const struct qstr *qstr, char **name,
 
402
                                     void **value, size_t *len)
 
403
{
 
404
        if (unlikely(IS_PRIVATE(inode)))
 
405
                return 0;
365
406
        return security_ops->inode_init_security(inode, dir, qstr, name, value,
366
407
                                                 len);
367
408
}
368
 
EXPORT_SYMBOL(security_inode_init_security);
 
409
EXPORT_SYMBOL(security_old_inode_init_security);
369
410
 
370
411
#ifdef CONFIG_SECURITY_PATH
371
412
int security_path_mknod(struct path *dir, struct dentry *dentry, int mode,
553
594
{
554
595
        if (unlikely(IS_PRIVATE(inode)))
555
596
                return 0;
556
 
        return security_ops->inode_permission(inode, mask, 0);
 
597
        return security_ops->inode_permission(inode, mask);
557
598
}
558
599
EXPORT_SYMBOL(security_inode_permission);
559
600
 
560
 
int security_inode_exec_permission(struct inode *inode, unsigned int flags)
561
 
{
562
 
        if (unlikely(IS_PRIVATE(inode)))
563
 
                return 0;
564
 
        return security_ops->inode_permission(inode, MAY_EXEC, flags);
565
 
}
566
 
 
567
601
int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
568
602
{
 
603
        int ret;
 
604
 
569
605
        if (unlikely(IS_PRIVATE(dentry->d_inode)))
570
606
                return 0;
571
 
        return security_ops->inode_setattr(dentry, attr);
 
607
        ret = security_ops->inode_setattr(dentry, attr);
 
608
        if (ret)
 
609
                return ret;
 
610
        return evm_inode_setattr(dentry, attr);
572
611
}
573
612
EXPORT_SYMBOL_GPL(security_inode_setattr);
574
613
 
582
621
int security_inode_setxattr(struct dentry *dentry, const char *name,
583
622
                            const void *value, size_t size, int flags)
584
623
{
 
624
        int ret;
 
625
 
585
626
        if (unlikely(IS_PRIVATE(dentry->d_inode)))
586
627
                return 0;
587
 
        return security_ops->inode_setxattr(dentry, name, value, size, flags);
 
628
        ret = security_ops->inode_setxattr(dentry, name, value, size, flags);
 
629
        if (ret)
 
630
                return ret;
 
631
        return evm_inode_setxattr(dentry, name, value, size);
588
632
}
589
633
 
590
634
void security_inode_post_setxattr(struct dentry *dentry, const char *name,
593
637
        if (unlikely(IS_PRIVATE(dentry->d_inode)))
594
638
                return;
595
639
        security_ops->inode_post_setxattr(dentry, name, value, size, flags);
 
640
        evm_inode_post_setxattr(dentry, name, value, size);
596
641
}
597
642
 
598
643
int security_inode_getxattr(struct dentry *dentry, const char *name)
611
656
 
612
657
int security_inode_removexattr(struct dentry *dentry, const char *name)
613
658
{
 
659
        int ret;
 
660
 
614
661
        if (unlikely(IS_PRIVATE(dentry->d_inode)))
615
662
                return 0;
616
 
        return security_ops->inode_removexattr(dentry, name);
 
663
        ret = security_ops->inode_removexattr(dentry, name);
 
664
        if (ret)
 
665
                return ret;
 
666
        return evm_inode_removexattr(dentry, name);
617
667
}
618
668
 
619
669
int security_inode_need_killpriv(struct dentry *dentry)
1158
1208
{
1159
1209
        security_ops->sk_clone_security(sk, newsk);
1160
1210
}
 
1211
EXPORT_SYMBOL(security_sk_clone);
1161
1212
 
1162
1213
void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
1163
1214
{