From: Baolin Wang <baolin.wang@linaro.org>
To: serge.hallyn@canonical.com
Cc: arnd@arndb.de, gregkh@linuxfoundation.org,
linux-kernel@vger.kernel.org, james.l.morris@oracle.com,
serge@hallyn.com, pmoore@redhat.com, tiwai@suse.de,
jeffv@google.com, jlayton@primarydata.com, keescook@chromium.org,
sds@tycho.nsa.gov, mark.d.rustad@intel.com,
linux-security-module@vger.kernel.org, baolin.wang@linaro.org,
y2038@lists.linaro.org
Subject: [PATCH v4 04/25] security/security: Introduce security_settime64() function with timespec64 type
Date: Mon, 1 Jun 2015 19:52:35 +0800 [thread overview]
Message-ID: <1433159555-4704-1-git-send-email-baolin.wang@linaro.org> (raw)
For introducing the do_sys_settimeofday64() function with
timespec64 type to make it ready for 2038 issue, it need to
introduce the security_settime64() function with timespec64
type firstly.
Also introduce a default security_settime64() function with
timespec64 type when it hasn't defined the CONFIG_SECURITY macro.
Also this patch changes the "settime" pointer's argument with
timespec64 type in security_operations structure for introducing
the the security_settime64() function.
Meanwhile moves the security_settime() defined in
security/security.c file to include/linux/security.h file as a
static function, that makes it convenient to delete the
security_settime() later.
And change the cap_settime() function's argument with timespec64
type to make it ready for 2038 issue, which is only used by
security_settime64()/security_settime() function.
Signed-off-by: Baolin Wang <baolin.wang@linaro.org>
---
include/linux/security.h | 25 ++++++++++++++++++++-----
security/commoncap.c | 2 +-
security/security.c | 2 +-
3 files changed, 22 insertions(+), 7 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index a1b7dbd..5288794 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -75,7 +75,7 @@ struct timezone;
*/
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
int cap, int audit);
-extern int cap_settime(const struct timespec *ts, const struct timezone *tz);
+extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz);
extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
extern int cap_ptrace_traceme(struct task_struct *parent);
extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
@@ -1353,7 +1353,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* Return 0 if permission is granted.
* @settime:
* Check permission to change the system time.
- * struct timespec and timezone are defined in include/linux/time.h
+ * struct timespec64 is defined in include/linux/time64.h and timezone is
+ * defined in include/linux/time.h
* @ts contains new time
* @tz contains new timezone
* Return 0 if permission is granted.
@@ -1483,7 +1484,7 @@ struct security_operations {
int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
int (*quota_on) (struct dentry *dentry);
int (*syslog) (int type);
- int (*settime) (const struct timespec *ts, const struct timezone *tz);
+ int (*settime) (const struct timespec64 *ts, const struct timezone *tz);
int (*vm_enough_memory) (struct mm_struct *mm, long pages);
int (*bprm_set_creds) (struct linux_binprm *bprm);
@@ -1790,7 +1791,13 @@ int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
int security_quotactl(int cmds, int type, int id, struct super_block *sb);
int security_quota_on(struct dentry *dentry);
int security_syslog(int type);
-int security_settime(const struct timespec *ts, const struct timezone *tz);
+int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
+static int security_settime(const struct timespec *ts, const struct timezone *tz)
+{
+ struct timespec64 ts64 = timespec_to_timespec64(*ts);
+
+ return security_settime64(&ts64, tz);
+}
int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
int security_bprm_set_creds(struct linux_binprm *bprm);
int security_bprm_check(struct linux_binprm *bprm);
@@ -2040,10 +2047,18 @@ static inline int security_syslog(int type)
return 0;
}
+static inline int security_settime64(const struct timespec64 *ts,
+ const struct timezone *tz)
+{
+ return cap_settime(ts, tz);
+}
+
static inline int security_settime(const struct timespec *ts,
const struct timezone *tz)
{
- return cap_settime(ts, tz);
+ struct timsepc64 ts64 = timespec_to_timespec64(*ts);
+
+ return cap_settime(&ts64, tz);
}
static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
diff --git a/security/commoncap.c b/security/commoncap.c
index f66713b..bdb8ec0 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -116,7 +116,7 @@ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
* Determine whether the current process may set the system clock and timezone
* information, returning 0 if permission granted, -ve if denied.
*/
-int cap_settime(const struct timespec *ts, const struct timezone *tz)
+int cap_settime(const struct timespec64 *ts, const struct timezone *tz)
{
if (!capable(CAP_SYS_TIME))
return -EPERM;
diff --git a/security/security.c b/security/security.c
index e81d5bb..0be5032 100644
--- a/security/security.c
+++ b/security/security.c
@@ -224,7 +224,7 @@ int security_syslog(int type)
return security_ops->syslog(type);
}
-int security_settime(const struct timespec *ts, const struct timezone *tz)
+int security_settime64(const struct timespec64 *ts, const struct timezone *tz)
{
return security_ops->settime(ts, tz);
}
--
1.7.9.5
next reply other threads:[~2015-06-01 11:53 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-01 11:52 Baolin Wang [this message]
2015-06-05 20:04 ` [PATCH v4 04/25] security/security: Introduce security_settime64() function with timespec64 type Kees Cook
[not found] ` <CAMz4kuL_Q0Z4+GFp9H3v5qT3afLEwMFMJEQyrwrbhi_GV2yx8A@mail.gmail.com>
[not found] ` <CAMz4ku+YxPuMuxbFsVhwzEPVvGojdT469n5rZKeimuEPu03Bvg@mail.gmail.com>
2015-06-10 19:30 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1433159555-4704-1-git-send-email-baolin.wang@linaro.org \
--to=baolin.wang@linaro.org \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=james.l.morris@oracle.com \
--cc=jeffv@google.com \
--cc=jlayton@primarydata.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mark.d.rustad@intel.com \
--cc=pmoore@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=serge.hallyn@canonical.com \
--cc=serge@hallyn.com \
--cc=tiwai@suse.de \
--cc=y2038@lists.linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).