Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (90 commits) AppArmor: fix build warnings for non-const use of get_task_cred selinux: convert the policy type_attr_map to flex_array AppArmor: Enable configuring and building of the AppArmor security module TOMOYO: Use pathname specified by policy rather than execve() AppArmor: update path_truncate method to latest version AppArmor: core policy routines AppArmor: policy routines for loading and unpacking policy AppArmor: mediation of non file objects AppArmor: LSM interface, and security module initialization AppArmor: Enable configuring and building of the AppArmor security module AppArmor: update Maintainer and Documentation AppArmor: functions for domain transitions AppArmor: file enforcement routines AppArmor: userspace interfaces AppArmor: dfa match engine AppArmor: contexts used in attaching policy to system objects AppArmor: basic auditing infrastructure. AppArmor: misc. base functions and defines TOMOYO: Update version to 2.3.0 TOMOYO: Fix quota check. ...
This commit is contained in:
@@ -49,9 +49,6 @@ typedef struct __user_cap_data_struct {
|
||||
} __user *cap_user_data_t;
|
||||
|
||||
|
||||
#define XATTR_CAPS_SUFFIX "capability"
|
||||
#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
|
||||
|
||||
#define VFS_CAP_REVISION_MASK 0xFF000000
|
||||
#define VFS_CAP_REVISION_SHIFT 24
|
||||
#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK
|
||||
|
||||
@@ -53,6 +53,7 @@ struct inodes_stat_t {
|
||||
#define MAY_APPEND 8
|
||||
#define MAY_ACCESS 16
|
||||
#define MAY_OPEN 32
|
||||
#define MAY_CHDIR 64
|
||||
|
||||
/*
|
||||
* flags in file.f_mode. Note that FMODE_READ and FMODE_WRITE must correspond
|
||||
|
||||
@@ -90,9 +90,41 @@ struct common_audit_data {
|
||||
u32 requested;
|
||||
u32 audited;
|
||||
u32 denied;
|
||||
/*
|
||||
* auditdeny is a bit tricky and unintuitive. See the
|
||||
* comments in avc.c for it's meaning and usage.
|
||||
*/
|
||||
u32 auditdeny;
|
||||
struct av_decision *avd;
|
||||
int result;
|
||||
} selinux_audit_data;
|
||||
#endif
|
||||
#ifdef CONFIG_SECURITY_APPARMOR
|
||||
struct {
|
||||
int error;
|
||||
int op;
|
||||
int type;
|
||||
void *profile;
|
||||
const char *name;
|
||||
const char *info;
|
||||
union {
|
||||
void *target;
|
||||
struct {
|
||||
long pos;
|
||||
void *target;
|
||||
} iface;
|
||||
struct {
|
||||
int rlim;
|
||||
unsigned long max;
|
||||
} rlim;
|
||||
struct {
|
||||
const char *target;
|
||||
u32 request;
|
||||
u32 denied;
|
||||
uid_t ouid;
|
||||
} fs;
|
||||
};
|
||||
} apparmor_audit_data;
|
||||
#endif
|
||||
};
|
||||
/* these callback will be implemented by a specific LSM */
|
||||
|
||||
@@ -470,8 +470,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
|
||||
* @path_truncate:
|
||||
* Check permission before truncating a file.
|
||||
* @path contains the path structure for the file.
|
||||
* @length is the new length of the file.
|
||||
* @time_attrs is the flags passed to do_truncate().
|
||||
* Return 0 if permission is granted.
|
||||
* @inode_getattr:
|
||||
* Check permission before obtaining file attributes.
|
||||
@@ -1412,8 +1410,7 @@ struct security_operations {
|
||||
int (*path_rmdir) (struct path *dir, struct dentry *dentry);
|
||||
int (*path_mknod) (struct path *dir, struct dentry *dentry, int mode,
|
||||
unsigned int dev);
|
||||
int (*path_truncate) (struct path *path, loff_t length,
|
||||
unsigned int time_attrs);
|
||||
int (*path_truncate) (struct path *path);
|
||||
int (*path_symlink) (struct path *dir, struct dentry *dentry,
|
||||
const char *old_name);
|
||||
int (*path_link) (struct dentry *old_dentry, struct path *new_dir,
|
||||
@@ -2806,8 +2803,7 @@ int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode);
|
||||
int security_path_rmdir(struct path *dir, struct dentry *dentry);
|
||||
int security_path_mknod(struct path *dir, struct dentry *dentry, int mode,
|
||||
unsigned int dev);
|
||||
int security_path_truncate(struct path *path, loff_t length,
|
||||
unsigned int time_attrs);
|
||||
int security_path_truncate(struct path *path);
|
||||
int security_path_symlink(struct path *dir, struct dentry *dentry,
|
||||
const char *old_name);
|
||||
int security_path_link(struct dentry *old_dentry, struct path *new_dir,
|
||||
@@ -2841,8 +2837,7 @@ static inline int security_path_mknod(struct path *dir, struct dentry *dentry,
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int security_path_truncate(struct path *path, loff_t length,
|
||||
unsigned int time_attrs)
|
||||
static inline int security_path_truncate(struct path *path)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -33,6 +33,20 @@
|
||||
#define XATTR_USER_PREFIX "user."
|
||||
#define XATTR_USER_PREFIX_LEN (sizeof (XATTR_USER_PREFIX) - 1)
|
||||
|
||||
/* Security namespace */
|
||||
#define XATTR_SELINUX_SUFFIX "selinux"
|
||||
#define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
|
||||
|
||||
#define XATTR_SMACK_SUFFIX "SMACK64"
|
||||
#define XATTR_SMACK_IPIN "SMACK64IPIN"
|
||||
#define XATTR_SMACK_IPOUT "SMACK64IPOUT"
|
||||
#define XATTR_NAME_SMACK XATTR_SECURITY_PREFIX XATTR_SMACK_SUFFIX
|
||||
#define XATTR_NAME_SMACKIPIN XATTR_SECURITY_PREFIX XATTR_SMACK_IPIN
|
||||
#define XATTR_NAME_SMACKIPOUT XATTR_SECURITY_PREFIX XATTR_SMACK_IPOUT
|
||||
|
||||
#define XATTR_CAPS_SUFFIX "capability"
|
||||
#define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX
|
||||
|
||||
struct inode;
|
||||
struct dentry;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user