* [PATCH 0/5] LSM hook updates
@ 2005-08-25 1:20 Chris Wright
2005-08-25 1:20 ` [PATCH 1/5] Use capabilities as default w/ and w/out CONFIG_SECURITY Chris Wright
` (6 more replies)
0 siblings, 7 replies; 36+ messages in thread
From: Chris Wright @ 2005-08-25 1:20 UTC (permalink / raw)
To: linux-security-module; +Cc: linux-kernel, Kurt Garloff
This is based on Kurt's original work. The net effect is that
LSM hooks are called conditionally, and in all cases capabilities
provide the defaults. I've done some basic performance testing, and
found nothing surprising. I'm interested to see numbers from others
before I push this up. These are against Linus' current git tree (they
will clash with the -mm tree).
security/dummy.c | 996 ----------------------------
include/linux/security.h | 1665 ++++++++++++++++++++--------------------------- security/Makefile | 9
security/commoncap.c | 160 ++--
security/root_plug.c | 14
security/security.c | 62 -
6 files changed, 839 insertions(+), 2067 deletions(-)
thanks,
-chris
--
^ permalink raw reply [flat|nested] 36+ messages in thread
* [PATCH 1/5] Use capabilities as default w/ and w/out CONFIG_SECURITY.
2005-08-25 1:20 [PATCH 0/5] LSM hook updates Chris Wright
@ 2005-08-25 1:20 ` Chris Wright
2005-08-25 1:20 ` [PATCH 2/5] Rework stubs in security.h Chris Wright
` (5 subsequent siblings)
6 siblings, 0 replies; 36+ messages in thread
From: Chris Wright @ 2005-08-25 1:20 UTC (permalink / raw)
To: linux-security-module; +Cc: linux-kernel, Kurt Garloff, Chris Wright
[-- Attachment #1: security-cap-def.patch --]
[-- Type: text/plain, Size: 54688 bytes --]
If a kernel is compiled with CONFIG_SECURITY to enable LSM, the
default behaviour changes unless the admin loads capability.
This is undesirable. This patch makes capability the default.
capability can still be compiled as module and be loaded as LSM.
If loaded as primary LSM, it won't change anything. But it may
also be loaded as secondary LSM and stacked on top of another
LSM (if the other LSM allows this or if stacker is used).
Based on original patch from Kurt Garloff <garloff@suse.de>.
Signed-off-by: Chris Wright <chrisw@osdl.org>
---
security/dummy.c | 996 ---------------------------------------------------
security/Makefile | 9
security/commoncap.c | 977 +++++++++++++++++++++++++++++++++++++++++++++-----
security/security.c | 22 -
4 files changed, 912 insertions(+), 1092 deletions(-)
Index: lsm-hooks-2.6/security/Makefile
===================================================================
--- lsm-hooks-2.6.orig/security/Makefile
+++ lsm-hooks-2.6/security/Makefile
@@ -5,15 +5,12 @@
obj-$(CONFIG_KEYS) += keys/
subdir-$(CONFIG_SECURITY_SELINUX) += selinux
-# if we don't select a security model, use the default capabilities
-ifneq ($(CONFIG_SECURITY),y)
obj-y += commoncap.o
-endif
# Object file lists
-obj-$(CONFIG_SECURITY) += security.o dummy.o
+obj-$(CONFIG_SECURITY) += security.o
# Must precede capability.o in order to stack properly.
obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
-obj-$(CONFIG_SECURITY_CAPABILITIES) += commoncap.o capability.o
-obj-$(CONFIG_SECURITY_ROOTPLUG) += commoncap.o root_plug.o
+obj-$(CONFIG_SECURITY_CAPABILITIES) += capability.o
+obj-$(CONFIG_SECURITY_ROOTPLUG) += root_plug.o
obj-$(CONFIG_SECURITY_SECLVL) += seclvl.o
Index: lsm-hooks-2.6/security/commoncap.c
===================================================================
--- lsm-hooks-2.6.orig/security/commoncap.c
+++ lsm-hooks-2.6/security/commoncap.c
@@ -8,7 +8,6 @@
*/
#include <linux/config.h>
-#include <linux/module.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/security.h>
@@ -23,38 +22,7 @@
#include <linux/ptrace.h>
#include <linux/xattr.h>
#include <linux/hugetlb.h>
-
-int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
-{
- NETLINK_CB(skb).eff_cap = current->cap_effective;
- return 0;
-}
-
-EXPORT_SYMBOL(cap_netlink_send);
-
-int cap_netlink_recv(struct sk_buff *skb)
-{
- if (!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN))
- return -EPERM;
- return 0;
-}
-
-EXPORT_SYMBOL(cap_netlink_recv);
-
-int cap_capable (struct task_struct *tsk, int cap)
-{
- /* Derived from include/linux/sched.h:capable. */
- if (cap_raised(tsk->cap_effective, cap))
- return 0;
- return -EPERM;
-}
-
-int cap_settime(struct timespec *ts, struct timezone *tz)
-{
- if (!capable(CAP_SYS_TIME))
- return -EPERM;
- return 0;
-}
+#include <linux/sysctl.h>
int cap_ptrace (struct task_struct *parent, struct task_struct *child)
{
@@ -64,6 +32,7 @@ int cap_ptrace (struct task_struct *pare
return -EPERM;
return 0;
}
+EXPORT_SYMBOL(cap_ptrace);
int cap_capget (struct task_struct *target, kernel_cap_t *effective,
kernel_cap_t *inheritable, kernel_cap_t *permitted)
@@ -74,6 +43,7 @@ int cap_capget (struct task_struct *targ
*permitted = cap_t (target->cap_permitted);
return 0;
}
+EXPORT_SYMBOL(cap_capget);
int cap_capset_check (struct task_struct *target, kernel_cap_t *effective,
kernel_cap_t *inheritable, kernel_cap_t *permitted)
@@ -100,6 +70,7 @@ int cap_capset_check (struct task_struct
return 0;
}
+EXPORT_SYMBOL(cap_capset_check);
void cap_capset_set (struct task_struct *target, kernel_cap_t *effective,
kernel_cap_t *inheritable, kernel_cap_t *permitted)
@@ -108,34 +79,42 @@ void cap_capset_set (struct task_struct
target->cap_inheritable = *inheritable;
target->cap_permitted = *permitted;
}
+EXPORT_SYMBOL(cap_capset_set);
-int cap_bprm_set_security (struct linux_binprm *bprm)
+int cap_capable (struct task_struct *tsk, int cap)
{
- /* Copied from fs/exec.c:prepare_binprm. */
-
- /* We don't have VFS support for capabilities yet */
- cap_clear (bprm->cap_inheritable);
- cap_clear (bprm->cap_permitted);
- cap_clear (bprm->cap_effective);
+ /* Derived from include/linux/sched.h:capable. */
+ if (cap_raised(tsk->cap_effective, cap))
+ return 0;
+ return -EPERM;
+}
+EXPORT_SYMBOL(cap_capable);
- /* To support inheritance of root-permissions and suid-root
- * executables under compatibility mode, we raise all three
- * capability sets for the file.
- *
- * If only the real uid is 0, we only raise the inheritable
- * and permitted sets of the executable file.
- */
+int cap_syslog (int type)
+{
+ if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN))
+ return -EPERM;
+ return 0;
+}
+EXPORT_SYMBOL(cap_syslog);
- if (!issecure (SECURE_NOROOT)) {
- if (bprm->e_uid == 0 || current->uid == 0) {
- cap_set_full (bprm->cap_inheritable);
- cap_set_full (bprm->cap_permitted);
- }
- if (bprm->e_uid == 0)
- cap_set_full (bprm->cap_effective);
- }
+int cap_settime(struct timespec *ts, struct timezone *tz)
+{
+ if (!capable(CAP_SYS_TIME))
+ return -EPERM;
return 0;
}
+EXPORT_SYMBOL(cap_settime);
+
+int cap_vm_enough_memory(long pages)
+{
+ int cap_sys_admin = 0;
+
+ if (cap_capable(current, CAP_SYS_ADMIN) == 0)
+ cap_sys_admin = 1;
+ return __vm_enough_memory(pages, cap_sys_admin);
+}
+EXPORT_SYMBOL(cap_vm_enough_memory);
void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
{
@@ -179,6 +158,36 @@ void cap_bprm_apply_creds (struct linux_
current->keep_capabilities = 0;
}
+EXPORT_SYMBOL(cap_bprm_apply_creds);
+
+int cap_bprm_set_security (struct linux_binprm *bprm)
+{
+ /* Copied from fs/exec.c:prepare_binprm. */
+
+ /* We don't have VFS support for capabilities yet */
+ cap_clear (bprm->cap_inheritable);
+ cap_clear (bprm->cap_permitted);
+ cap_clear (bprm->cap_effective);
+
+ /* To support inheritance of root-permissions and suid-root
+ * executables under compatibility mode, we raise all three
+ * capability sets for the file.
+ *
+ * If only the real uid is 0, we only raise the inheritable
+ * and permitted sets of the executable file.
+ */
+
+ if (!issecure (SECURE_NOROOT)) {
+ if (bprm->e_uid == 0 || current->uid == 0) {
+ cap_set_full (bprm->cap_inheritable);
+ cap_set_full (bprm->cap_permitted);
+ }
+ if (bprm->e_uid == 0)
+ cap_set_full (bprm->cap_effective);
+ }
+ return 0;
+}
+EXPORT_SYMBOL(cap_bprm_set_security);
int cap_bprm_secureexec (struct linux_binprm *bprm)
{
@@ -190,6 +199,7 @@ int cap_bprm_secureexec (struct linux_bi
return (current->euid != current->uid ||
current->egid != current->gid);
}
+EXPORT_SYMBOL(cap_bprm_secureexec);
int cap_inode_setxattr(struct dentry *dentry, char *name, void *value,
size_t size, int flags)
@@ -200,6 +210,7 @@ int cap_inode_setxattr(struct dentry *de
return -EPERM;
return 0;
}
+EXPORT_SYMBOL(cap_inode_setxattr);
int cap_inode_removexattr(struct dentry *dentry, char *name)
{
@@ -209,6 +220,7 @@ int cap_inode_removexattr(struct dentry
return -EPERM;
return 0;
}
+EXPORT_SYMBOL(cap_inode_removexattr);
/* moved from kernel/sys.c. */
/*
@@ -299,6 +311,7 @@ int cap_task_post_setuid (uid_t old_ruid
return 0;
}
+EXPORT_SYMBOL(cap_task_post_setuid);
void cap_task_reparent_to_init (struct task_struct *p)
{
@@ -308,38 +321,844 @@ void cap_task_reparent_to_init (struct t
p->keep_capabilities = 0;
return;
}
+EXPORT_SYMBOL(cap_task_reparent_to_init);
-int cap_syslog (int type)
+int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
{
- if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN))
+ NETLINK_CB(skb).eff_cap = current->cap_effective;
+ return 0;
+}
+EXPORT_SYMBOL(cap_netlink_send);
+
+int cap_netlink_recv(struct sk_buff *skb)
+{
+ if (!cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN))
return -EPERM;
return 0;
}
+EXPORT_SYMBOL(cap_netlink_recv);
-int cap_vm_enough_memory(long pages)
+#ifdef CONFIG_SECURITY
+
+static int cap_acct (struct file *file)
{
- int cap_sys_admin = 0;
+ return 0;
+}
- if (cap_capable(current, CAP_SYS_ADMIN) == 0)
- cap_sys_admin = 1;
- return __vm_enough_memory(pages, cap_sys_admin);
+static int cap_sysctl (ctl_table * table, int op)
+{
+ return 0;
}
-EXPORT_SYMBOL(cap_capable);
-EXPORT_SYMBOL(cap_settime);
-EXPORT_SYMBOL(cap_ptrace);
-EXPORT_SYMBOL(cap_capget);
-EXPORT_SYMBOL(cap_capset_check);
-EXPORT_SYMBOL(cap_capset_set);
-EXPORT_SYMBOL(cap_bprm_set_security);
-EXPORT_SYMBOL(cap_bprm_apply_creds);
-EXPORT_SYMBOL(cap_bprm_secureexec);
-EXPORT_SYMBOL(cap_inode_setxattr);
-EXPORT_SYMBOL(cap_inode_removexattr);
-EXPORT_SYMBOL(cap_task_post_setuid);
-EXPORT_SYMBOL(cap_task_reparent_to_init);
-EXPORT_SYMBOL(cap_syslog);
-EXPORT_SYMBOL(cap_vm_enough_memory);
+static int cap_quotactl (int cmds, int type, int id, struct super_block *sb)
+{
+ return 0;
+}
+
+static int cap_quota_on (struct dentry *dentry)
+{
+ return 0;
+}
+
+static int cap_bprm_alloc_security (struct linux_binprm *bprm)
+{
+ return 0;
+}
+
+static void cap_bprm_free_security (struct linux_binprm *bprm)
+{
+ return;
+}
+
+static void cap_bprm_post_apply_creds (struct linux_binprm *bprm)
+{
+ return;
+}
+
+static int cap_bprm_check_security (struct linux_binprm *bprm)
+{
+ return 0;
+}
+
+static int cap_sb_alloc_security (struct super_block *sb)
+{
+ return 0;
+}
+
+static void cap_sb_free_security (struct super_block *sb)
+{
+ return;
+}
+
+static int cap_sb_copy_data (struct file_system_type *type,
+ void *orig, void *copy)
+{
+ return 0;
+}
+
+static int cap_sb_kern_mount (struct super_block *sb, void *data)
+{
+ return 0;
+}
+
+static int cap_sb_statfs (struct super_block *sb)
+{
+ return 0;
+}
+
+static int cap_sb_mount (char *dev_name, struct nameidata *nd, char *type,
+ unsigned long flags, void *data)
+{
+ return 0;
+}
+
+static int cap_sb_check_sb (struct vfsmount *mnt, struct nameidata *nd)
+{
+ return 0;
+}
+
+static int cap_sb_umount (struct vfsmount *mnt, int flags)
+{
+ return 0;
+}
+
+static void cap_sb_umount_close (struct vfsmount *mnt)
+{
+ return;
+}
+
+static void cap_sb_umount_busy (struct vfsmount *mnt)
+{
+ return;
+}
+
+static void cap_sb_post_remount (struct vfsmount *mnt, unsigned long flags,
+ void *data)
+{
+ return;
+}
+
+
+static void cap_sb_post_mountroot (void)
+{
+ return;
+}
+
+static void cap_sb_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
+{
+ return;
+}
+
+static int cap_sb_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
+{
+ return 0;
+}
+
+static void cap_sb_post_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
+{
+ return;
+}
+
+static int cap_inode_alloc_security (struct inode *inode)
+{
+ return 0;
+}
+
+static void cap_inode_free_security (struct inode *inode)
+{
+ return;
+}
+
+static int cap_inode_create (struct inode *inode, struct dentry *dentry,
+ int mask)
+{
+ return 0;
+}
+
+static void cap_inode_post_create (struct inode *inode, struct dentry *dentry,
+ int mask)
+{
+ return;
+}
+
+static int cap_inode_link (struct dentry *old_dentry, struct inode *inode,
+ struct dentry *new_dentry)
+{
+ return 0;
+}
+
+static void cap_inode_post_link (struct dentry *old_dentry,
+ struct inode *inode,
+ struct dentry *new_dentry)
+{
+ return;
+}
+
+static int cap_inode_unlink (struct inode *inode, struct dentry *dentry)
+{
+ return 0;
+}
+
+static int cap_inode_symlink (struct inode *inode, struct dentry *dentry,
+ const char *name)
+{
+ return 0;
+}
+
+static void cap_inode_post_symlink (struct inode *inode,
+ struct dentry *dentry, const char *name)
+{
+ return;
+}
+
+static int cap_inode_mkdir (struct inode *inode, struct dentry *dentry,
+ int mask)
+{
+ return 0;
+}
+
+static void cap_inode_post_mkdir (struct inode *inode, struct dentry *dentry,
+ int mask)
+{
+ return;
+}
+
+static int cap_inode_rmdir (struct inode *inode, struct dentry *dentry)
+{
+ return 0;
+}
+
+static int cap_inode_mknod (struct inode *inode, struct dentry *dentry,
+ int mode, dev_t dev)
+{
+ return 0;
+}
+
+static void cap_inode_post_mknod (struct inode *inode, struct dentry *dentry,
+ int mode, dev_t dev)
+{
+ return;
+}
+
+static int cap_inode_rename (struct inode *old_inode,
+ struct dentry *old_dentry,
+ struct inode *new_inode,
+ struct dentry *new_dentry)
+{
+ return 0;
+}
+
+static void cap_inode_post_rename (struct inode *old_inode,
+ struct dentry *old_dentry,
+ struct inode *new_inode,
+ struct dentry *new_dentry)
+{
+ return;
+}
+
+static int cap_inode_readlink (struct dentry *dentry)
+{
+ return 0;
+}
+
+static int cap_inode_follow_link (struct dentry *dentry,
+ struct nameidata *nameidata)
+{
+ return 0;
+}
+
+static int cap_inode_permission (struct inode *inode, int mask, struct nameidata *nd)
+{
+ return 0;
+}
+
+static int cap_inode_setattr (struct dentry *dentry, struct iattr *iattr)
+{
+ return 0;
+}
+
+static int cap_inode_getattr (struct vfsmount *mnt, struct dentry *dentry)
+{
+ return 0;
+}
+
+static void cap_inode_delete (struct inode *ino)
+{
+ return;
+}
+
+static void cap_inode_post_setxattr (struct dentry *dentry, char *name, void *value,
+ size_t size, int flags)
+{
+ return;
+}
+
+static int cap_inode_getxattr (struct dentry *dentry, char *name)
+{
+ return 0;
+}
+
+static int cap_inode_listxattr (struct dentry *dentry)
+{
+ return 0;
+}
+
+static int cap_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size)
+{
+ return -EOPNOTSUPP;
+}
+
+static int cap_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
+{
+ return -EOPNOTSUPP;
+}
+
+static int cap_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
+{
+ return 0;
+}
+
+static int cap_file_permission (struct file *file, int mask)
+{
+ return 0;
+}
+
+static int cap_file_alloc_security (struct file *file)
+{
+ return 0;
+}
+
+static void cap_file_free_security (struct file *file)
+{
+ return;
+}
+
+static int cap_file_ioctl (struct file *file, unsigned int command,
+ unsigned long arg)
+{
+ return 0;
+}
+
+static int cap_file_mmap (struct file *file, unsigned long reqprot,
+ unsigned long prot,
+ unsigned long flags)
+{
+ return 0;
+}
+
+static int cap_file_mprotect (struct vm_area_struct *vma,
+ unsigned long reqprot,
+ unsigned long prot)
+{
+ return 0;
+}
+
+static int cap_file_lock (struct file *file, unsigned int cmd)
+{
+ return 0;
+}
+
+static int cap_file_fcntl (struct file *file, unsigned int cmd,
+ unsigned long arg)
+{
+ return 0;
+}
+
+static int cap_file_set_fowner (struct file *file)
+{
+ return 0;
+}
+
+static int cap_file_send_sigiotask (struct task_struct *tsk,
+ struct fown_struct *fown, int sig)
+{
+ return 0;
+}
+
+static int cap_file_receive (struct file *file)
+{
+ return 0;
+}
+
+static int cap_task_create (unsigned long clone_flags)
+{
+ return 0;
+}
+
+static int cap_task_alloc_security (struct task_struct *p)
+{
+ return 0;
+}
+
+static void cap_task_free_security (struct task_struct *p)
+{
+ return;
+}
+
+static int cap_task_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
+{
+ return 0;
+}
+
+static int cap_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags)
+{
+ return 0;
+}
+
+static int cap_task_setpgid (struct task_struct *p, pid_t pgid)
+{
+ return 0;
+}
+
+static int cap_task_getpgid (struct task_struct *p)
+{
+ return 0;
+}
+
+static int cap_task_getsid (struct task_struct *p)
+{
+ return 0;
+}
+
+static int cap_task_setgroups (struct group_info *group_info)
+{
+ return 0;
+}
+
+static int cap_task_setnice (struct task_struct *p, int nice)
+{
+ return 0;
+}
+
+static int cap_task_setrlimit (unsigned int resource, struct rlimit *new_rlim)
+{
+ return 0;
+}
+
+static int cap_task_setscheduler (struct task_struct *p, int policy,
+ struct sched_param *lp)
+{
+ return 0;
+}
+
+static int cap_task_getscheduler (struct task_struct *p)
+{
+ return 0;
+}
+
+static int cap_task_wait (struct task_struct *p)
+{
+ return 0;
+}
+
+static int cap_task_kill (struct task_struct *p, struct siginfo *info,
+ int sig)
+{
+ return 0;
+}
+
+static int cap_task_prctl (int option, unsigned long arg2, unsigned long arg3,
+ unsigned long arg4, unsigned long arg5)
+{
+ return 0;
+}
+
+static void cap_task_to_inode(struct task_struct *p, struct inode *inode)
+{
+ return;
+}
+
+static int cap_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
+{
+ return 0;
+}
+
+static int cap_msg_msg_alloc_security (struct msg_msg *msg)
+{
+ return 0;
+}
+
+static void cap_msg_msg_free_security (struct msg_msg *msg)
+{
+ return;
+}
+
+static int cap_msg_queue_alloc_security (struct msg_queue *msq)
+{
+ return 0;
+}
+
+static void cap_msg_queue_free_security (struct msg_queue *msq)
+{
+ return;
+}
+
+static int cap_msg_queue_associate (struct msg_queue *msq,
+ int msqflg)
+{
+ return 0;
+}
+
+static int cap_msg_queue_msgctl (struct msg_queue *msq, int cmd)
+{
+ return 0;
+}
+
+static int cap_msg_queue_msgsnd (struct msg_queue *msq, struct msg_msg *msg,
+ int msgflg)
+{
+ return 0;
+}
+
+static int cap_msg_queue_msgrcv (struct msg_queue *msq, struct msg_msg *msg,
+ struct task_struct *target, long type,
+ int mode)
+{
+ return 0;
+}
+
+static int cap_shm_alloc_security (struct shmid_kernel *shp)
+{
+ return 0;
+}
+
+static void cap_shm_free_security (struct shmid_kernel *shp)
+{
+ return;
+}
+
+static int cap_shm_associate (struct shmid_kernel *shp, int shmflg)
+{
+ return 0;
+}
+
+static int cap_shm_shmctl (struct shmid_kernel *shp, int cmd)
+{
+ return 0;
+}
+
+static int cap_shm_shmat (struct shmid_kernel *shp, char __user *shmaddr,
+ int shmflg)
+{
+ return 0;
+}
+
+static int cap_sem_alloc_security (struct sem_array *sma)
+{
+ return 0;
+}
+
+static void cap_sem_free_security (struct sem_array *sma)
+{
+ return;
+}
+
+static int cap_sem_associate (struct sem_array *sma, int semflg)
+{
+ return 0;
+}
+
+static int cap_sem_semctl (struct sem_array *sma, int cmd)
+{
+ return 0;
+}
+
+static int cap_sem_semop (struct sem_array *sma,
+ struct sembuf *sops, unsigned nsops, int alter)
+{
+ return 0;
+}
+
+#ifdef CONFIG_SECURITY_NETWORK
+static int cap_unix_stream_connect (struct socket *sock,
+ struct socket *other,
+ struct sock *newsk)
+{
+ return 0;
+}
+
+static int cap_unix_may_send (struct socket *sock,
+ struct socket *other)
+{
+ return 0;
+}
+
+static int cap_socket_create (int family, int type,
+ int protocol, int kern)
+{
+ return 0;
+}
+
+static void cap_socket_post_create (struct socket *sock, int family, int type,
+ int protocol, int kern)
+{
+ return;
+}
+
+static int cap_socket_bind (struct socket *sock, struct sockaddr *address,
+ int addrlen)
+{
+ return 0;
+}
+
+static int cap_socket_connect (struct socket *sock, struct sockaddr *address,
+ int addrlen)
+{
+ return 0;
+}
+
+static int cap_socket_listen (struct socket *sock, int backlog)
+{
+ return 0;
+}
+
+static int cap_socket_accept (struct socket *sock, struct socket *newsock)
+{
+ return 0;
+}
+
+static void cap_socket_post_accept (struct socket *sock,
+ struct socket *newsock)
+{
+ return;
+}
+
+static int cap_socket_sendmsg (struct socket *sock, struct msghdr *msg,
+ int size)
+{
+ return 0;
+}
+
+static int cap_socket_recvmsg (struct socket *sock, struct msghdr *msg,
+ int size, int flags)
+{
+ return 0;
+}
+
+static int cap_socket_getsockname (struct socket *sock)
+{
+ return 0;
+}
+
+static int cap_socket_getpeername (struct socket *sock)
+{
+ return 0;
+}
+
+static int cap_socket_setsockopt (struct socket *sock, int level, int optname)
+{
+ return 0;
+}
+
+static int cap_socket_getsockopt (struct socket *sock, int level, int optname)
+{
+ return 0;
+}
+
+static int cap_socket_shutdown (struct socket *sock, int how)
+{
+ return 0;
+}
+
+static int cap_socket_sock_rcv_skb (struct sock *sk, struct sk_buff *skb)
+{
+ return 0;
+}
+
+static int cap_socket_getpeersec(struct socket *sock, char __user *optval,
+ int __user *optlen, unsigned len)
+{
+ return -ENOPROTOOPT;
+}
+
+static inline int cap_sk_alloc_security (struct sock *sk, int family, int priority)
+{
+ return 0;
+}
+
+static inline void cap_sk_free_security (struct sock *sk)
+{
+}
+#endif /* CONFIG_SECURITY_NETWORK */
+
+static int cap_register_security (const char *name, struct security_operations *ops)
+{
+ return -EINVAL;
+}
+
+static int cap_unregister_security (const char *name, struct security_operations *ops)
+{
+ return -EINVAL;
+}
+
+static void cap_d_instantiate (struct dentry *dentry, struct inode *inode)
+{
+ return;
+}
+
+static int cap_getprocattr(struct task_struct *p, char *name, void *value, size_t size)
+{
+ return -EINVAL;
+}
+
+static int cap_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
+{
+ return -EINVAL;
+}
+
+#define set_to_default_if_null(ops, function) \
+ do { \
+ if (!ops->function) { \
+ ops->function = cap_##function; \
+ pr_debug("Had to override with " #function \
+ " security op with the default one.\n");\
+ } \
+ } while (0)
+
+void security_fixup_ops (struct security_operations *ops)
+{
+ set_to_default_if_null(ops, ptrace);
+ set_to_default_if_null(ops, capget);
+ set_to_default_if_null(ops, capset_check);
+ set_to_default_if_null(ops, capset_set);
+ set_to_default_if_null(ops, acct);
+ set_to_default_if_null(ops, capable);
+ set_to_default_if_null(ops, quotactl);
+ set_to_default_if_null(ops, quota_on);
+ set_to_default_if_null(ops, sysctl);
+ set_to_default_if_null(ops, syslog);
+ set_to_default_if_null(ops, settime);
+ set_to_default_if_null(ops, vm_enough_memory);
+ set_to_default_if_null(ops, bprm_alloc_security);
+ set_to_default_if_null(ops, bprm_free_security);
+ set_to_default_if_null(ops, bprm_apply_creds);
+ set_to_default_if_null(ops, bprm_post_apply_creds);
+ set_to_default_if_null(ops, bprm_set_security);
+ set_to_default_if_null(ops, bprm_check_security);
+ set_to_default_if_null(ops, bprm_secureexec);
+ set_to_default_if_null(ops, sb_alloc_security);
+ set_to_default_if_null(ops, sb_free_security);
+ set_to_default_if_null(ops, sb_copy_data);
+ set_to_default_if_null(ops, sb_kern_mount);
+ set_to_default_if_null(ops, sb_statfs);
+ set_to_default_if_null(ops, sb_mount);
+ set_to_default_if_null(ops, sb_check_sb);
+ set_to_default_if_null(ops, sb_umount);
+ set_to_default_if_null(ops, sb_umount_close);
+ set_to_default_if_null(ops, sb_umount_busy);
+ set_to_default_if_null(ops, sb_post_remount);
+ set_to_default_if_null(ops, sb_post_mountroot);
+ set_to_default_if_null(ops, sb_post_addmount);
+ set_to_default_if_null(ops, sb_pivotroot);
+ set_to_default_if_null(ops, sb_post_pivotroot);
+ set_to_default_if_null(ops, inode_alloc_security);
+ set_to_default_if_null(ops, inode_free_security);
+ set_to_default_if_null(ops, inode_create);
+ set_to_default_if_null(ops, inode_post_create);
+ set_to_default_if_null(ops, inode_link);
+ set_to_default_if_null(ops, inode_post_link);
+ set_to_default_if_null(ops, inode_unlink);
+ set_to_default_if_null(ops, inode_symlink);
+ set_to_default_if_null(ops, inode_post_symlink);
+ set_to_default_if_null(ops, inode_mkdir);
+ set_to_default_if_null(ops, inode_post_mkdir);
+ set_to_default_if_null(ops, inode_rmdir);
+ set_to_default_if_null(ops, inode_mknod);
+ set_to_default_if_null(ops, inode_post_mknod);
+ set_to_default_if_null(ops, inode_rename);
+ set_to_default_if_null(ops, inode_post_rename);
+ set_to_default_if_null(ops, inode_readlink);
+ set_to_default_if_null(ops, inode_follow_link);
+ set_to_default_if_null(ops, inode_permission);
+ set_to_default_if_null(ops, inode_setattr);
+ set_to_default_if_null(ops, inode_getattr);
+ set_to_default_if_null(ops, inode_delete);
+ set_to_default_if_null(ops, inode_setxattr);
+ set_to_default_if_null(ops, inode_post_setxattr);
+ set_to_default_if_null(ops, inode_getxattr);
+ set_to_default_if_null(ops, inode_listxattr);
+ set_to_default_if_null(ops, inode_removexattr);
+ set_to_default_if_null(ops, inode_getsecurity);
+ set_to_default_if_null(ops, inode_setsecurity);
+ set_to_default_if_null(ops, inode_listsecurity);
+ set_to_default_if_null(ops, file_permission);
+ set_to_default_if_null(ops, file_alloc_security);
+ set_to_default_if_null(ops, file_free_security);
+ set_to_default_if_null(ops, file_ioctl);
+ set_to_default_if_null(ops, file_mmap);
+ set_to_default_if_null(ops, file_mprotect);
+ set_to_default_if_null(ops, file_lock);
+ set_to_default_if_null(ops, file_fcntl);
+ set_to_default_if_null(ops, file_set_fowner);
+ set_to_default_if_null(ops, file_send_sigiotask);
+ set_to_default_if_null(ops, file_receive);
+ set_to_default_if_null(ops, task_create);
+ set_to_default_if_null(ops, task_alloc_security);
+ set_to_default_if_null(ops, task_free_security);
+ set_to_default_if_null(ops, task_setuid);
+ set_to_default_if_null(ops, task_post_setuid);
+ set_to_default_if_null(ops, task_setgid);
+ set_to_default_if_null(ops, task_setpgid);
+ set_to_default_if_null(ops, task_getpgid);
+ set_to_default_if_null(ops, task_getsid);
+ set_to_default_if_null(ops, task_setgroups);
+ set_to_default_if_null(ops, task_setnice);
+ set_to_default_if_null(ops, task_setrlimit);
+ set_to_default_if_null(ops, task_setscheduler);
+ set_to_default_if_null(ops, task_getscheduler);
+ set_to_default_if_null(ops, task_wait);
+ set_to_default_if_null(ops, task_kill);
+ set_to_default_if_null(ops, task_prctl);
+ set_to_default_if_null(ops, task_reparent_to_init);
+ set_to_default_if_null(ops, task_to_inode);
+ set_to_default_if_null(ops, ipc_permission);
+ set_to_default_if_null(ops, msg_msg_alloc_security);
+ set_to_default_if_null(ops, msg_msg_free_security);
+ set_to_default_if_null(ops, msg_queue_alloc_security);
+ set_to_default_if_null(ops, msg_queue_free_security);
+ set_to_default_if_null(ops, msg_queue_associate);
+ set_to_default_if_null(ops, msg_queue_msgctl);
+ set_to_default_if_null(ops, msg_queue_msgsnd);
+ set_to_default_if_null(ops, msg_queue_msgrcv);
+ set_to_default_if_null(ops, shm_alloc_security);
+ set_to_default_if_null(ops, shm_free_security);
+ set_to_default_if_null(ops, shm_associate);
+ set_to_default_if_null(ops, shm_shmctl);
+ set_to_default_if_null(ops, shm_shmat);
+ set_to_default_if_null(ops, sem_alloc_security);
+ set_to_default_if_null(ops, sem_free_security);
+ set_to_default_if_null(ops, sem_associate);
+ set_to_default_if_null(ops, sem_semctl);
+ set_to_default_if_null(ops, sem_semop);
+ set_to_default_if_null(ops, netlink_send);
+ set_to_default_if_null(ops, netlink_recv);
+ set_to_default_if_null(ops, register_security);
+ set_to_default_if_null(ops, unregister_security);
+ set_to_default_if_null(ops, d_instantiate);
+ set_to_default_if_null(ops, getprocattr);
+ set_to_default_if_null(ops, setprocattr);
+#ifdef CONFIG_SECURITY_NETWORK
+ set_to_default_if_null(ops, unix_stream_connect);
+ set_to_default_if_null(ops, unix_may_send);
+ set_to_default_if_null(ops, socket_create);
+ set_to_default_if_null(ops, socket_post_create);
+ set_to_default_if_null(ops, socket_bind);
+ set_to_default_if_null(ops, socket_connect);
+ set_to_default_if_null(ops, socket_listen);
+ set_to_default_if_null(ops, socket_accept);
+ set_to_default_if_null(ops, socket_post_accept);
+ set_to_default_if_null(ops, socket_sendmsg);
+ set_to_default_if_null(ops, socket_recvmsg);
+ set_to_default_if_null(ops, socket_getsockname);
+ set_to_default_if_null(ops, socket_getpeername);
+ set_to_default_if_null(ops, socket_setsockopt);
+ set_to_default_if_null(ops, socket_getsockopt);
+ set_to_default_if_null(ops, socket_shutdown);
+ set_to_default_if_null(ops, socket_sock_rcv_skb);
+ set_to_default_if_null(ops, socket_getpeersec);
+ set_to_default_if_null(ops, sk_alloc_security);
+ set_to_default_if_null(ops, sk_free_security);
+#endif /* CONFIG_SECURITY_NETWORK */
+}
-MODULE_DESCRIPTION("Standard Linux Common Capabilities Security Module");
-MODULE_LICENSE("GPL");
+#endif /* CONFIG_SECURITY */
Index: lsm-hooks-2.6/security/dummy.c
===================================================================
--- lsm-hooks-2.6.orig/security/dummy.c
+++ /dev/null
@@ -1,996 +0,0 @@
-/*
- * Stub functions for the default security function pointers in case no
- * security model is loaded.
- *
- * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
- * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com>
- * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- */
-
-#undef DEBUG
-
-#include <linux/config.h>
-#include <linux/module.h>
-#include <linux/kernel.h>
-#include <linux/mman.h>
-#include <linux/pagemap.h>
-#include <linux/swap.h>
-#include <linux/security.h>
-#include <linux/skbuff.h>
-#include <linux/netlink.h>
-#include <net/sock.h>
-#include <linux/xattr.h>
-#include <linux/hugetlb.h>
-#include <linux/ptrace.h>
-#include <linux/file.h>
-
-static int dummy_ptrace (struct task_struct *parent, struct task_struct *child)
-{
- return 0;
-}
-
-static int dummy_capget (struct task_struct *target, kernel_cap_t * effective,
- kernel_cap_t * inheritable, kernel_cap_t * permitted)
-{
- *effective = *inheritable = *permitted = 0;
- if (!issecure(SECURE_NOROOT)) {
- if (target->euid == 0) {
- *permitted |= (~0 & ~CAP_FS_MASK);
- *effective |= (~0 & ~CAP_TO_MASK(CAP_SETPCAP) & ~CAP_FS_MASK);
- }
- if (target->fsuid == 0) {
- *permitted |= CAP_FS_MASK;
- *effective |= CAP_FS_MASK;
- }
- }
- return 0;
-}
-
-static int dummy_capset_check (struct task_struct *target,
- kernel_cap_t * effective,
- kernel_cap_t * inheritable,
- kernel_cap_t * permitted)
-{
- return -EPERM;
-}
-
-static void dummy_capset_set (struct task_struct *target,
- kernel_cap_t * effective,
- kernel_cap_t * inheritable,
- kernel_cap_t * permitted)
-{
- return;
-}
-
-static int dummy_acct (struct file *file)
-{
- return 0;
-}
-
-static int dummy_capable (struct task_struct *tsk, int cap)
-{
- if (cap_raised (tsk->cap_effective, cap))
- return 0;
- return -EPERM;
-}
-
-static int dummy_sysctl (ctl_table * table, int op)
-{
- return 0;
-}
-
-static int dummy_quotactl (int cmds, int type, int id, struct super_block *sb)
-{
- return 0;
-}
-
-static int dummy_quota_on (struct dentry *dentry)
-{
- return 0;
-}
-
-static int dummy_syslog (int type)
-{
- if ((type != 3 && type != 10) && current->euid)
- return -EPERM;
- return 0;
-}
-
-static int dummy_settime(struct timespec *ts, struct timezone *tz)
-{
- if (!capable(CAP_SYS_TIME))
- return -EPERM;
- return 0;
-}
-
-static int dummy_vm_enough_memory(long pages)
-{
- int cap_sys_admin = 0;
-
- if (dummy_capable(current, CAP_SYS_ADMIN) == 0)
- cap_sys_admin = 1;
- return __vm_enough_memory(pages, cap_sys_admin);
-}
-
-static int dummy_bprm_alloc_security (struct linux_binprm *bprm)
-{
- return 0;
-}
-
-static void dummy_bprm_free_security (struct linux_binprm *bprm)
-{
- return;
-}
-
-static void dummy_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
-{
- if (bprm->e_uid != current->uid || bprm->e_gid != current->gid) {
- current->mm->dumpable = suid_dumpable;
-
- if ((unsafe & ~LSM_UNSAFE_PTRACE_CAP) && !capable(CAP_SETUID)) {
- bprm->e_uid = current->uid;
- bprm->e_gid = current->gid;
- }
- }
-
- current->suid = current->euid = current->fsuid = bprm->e_uid;
- current->sgid = current->egid = current->fsgid = bprm->e_gid;
-
- dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted);
-}
-
-static void dummy_bprm_post_apply_creds (struct linux_binprm *bprm)
-{
- return;
-}
-
-static int dummy_bprm_set_security (struct linux_binprm *bprm)
-{
- return 0;
-}
-
-static int dummy_bprm_check_security (struct linux_binprm *bprm)
-{
- return 0;
-}
-
-static int dummy_bprm_secureexec (struct linux_binprm *bprm)
-{
- /* The new userland will simply use the value provided
- in the AT_SECURE field to decide whether secure mode
- is required. Hence, this logic is required to preserve
- the legacy decision algorithm used by the old userland. */
- return (current->euid != current->uid ||
- current->egid != current->gid);
-}
-
-static int dummy_sb_alloc_security (struct super_block *sb)
-{
- return 0;
-}
-
-static void dummy_sb_free_security (struct super_block *sb)
-{
- return;
-}
-
-static int dummy_sb_copy_data (struct file_system_type *type,
- void *orig, void *copy)
-{
- return 0;
-}
-
-static int dummy_sb_kern_mount (struct super_block *sb, void *data)
-{
- return 0;
-}
-
-static int dummy_sb_statfs (struct super_block *sb)
-{
- return 0;
-}
-
-static int dummy_sb_mount (char *dev_name, struct nameidata *nd, char *type,
- unsigned long flags, void *data)
-{
- return 0;
-}
-
-static int dummy_sb_check_sb (struct vfsmount *mnt, struct nameidata *nd)
-{
- return 0;
-}
-
-static int dummy_sb_umount (struct vfsmount *mnt, int flags)
-{
- return 0;
-}
-
-static void dummy_sb_umount_close (struct vfsmount *mnt)
-{
- return;
-}
-
-static void dummy_sb_umount_busy (struct vfsmount *mnt)
-{
- return;
-}
-
-static void dummy_sb_post_remount (struct vfsmount *mnt, unsigned long flags,
- void *data)
-{
- return;
-}
-
-
-static void dummy_sb_post_mountroot (void)
-{
- return;
-}
-
-static void dummy_sb_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
-{
- return;
-}
-
-static int dummy_sb_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
-{
- return 0;
-}
-
-static void dummy_sb_post_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
-{
- return;
-}
-
-static int dummy_inode_alloc_security (struct inode *inode)
-{
- return 0;
-}
-
-static void dummy_inode_free_security (struct inode *inode)
-{
- return;
-}
-
-static int dummy_inode_create (struct inode *inode, struct dentry *dentry,
- int mask)
-{
- return 0;
-}
-
-static void dummy_inode_post_create (struct inode *inode, struct dentry *dentry,
- int mask)
-{
- return;
-}
-
-static int dummy_inode_link (struct dentry *old_dentry, struct inode *inode,
- struct dentry *new_dentry)
-{
- return 0;
-}
-
-static void dummy_inode_post_link (struct dentry *old_dentry,
- struct inode *inode,
- struct dentry *new_dentry)
-{
- return;
-}
-
-static int dummy_inode_unlink (struct inode *inode, struct dentry *dentry)
-{
- return 0;
-}
-
-static int dummy_inode_symlink (struct inode *inode, struct dentry *dentry,
- const char *name)
-{
- return 0;
-}
-
-static void dummy_inode_post_symlink (struct inode *inode,
- struct dentry *dentry, const char *name)
-{
- return;
-}
-
-static int dummy_inode_mkdir (struct inode *inode, struct dentry *dentry,
- int mask)
-{
- return 0;
-}
-
-static void dummy_inode_post_mkdir (struct inode *inode, struct dentry *dentry,
- int mask)
-{
- return;
-}
-
-static int dummy_inode_rmdir (struct inode *inode, struct dentry *dentry)
-{
- return 0;
-}
-
-static int dummy_inode_mknod (struct inode *inode, struct dentry *dentry,
- int mode, dev_t dev)
-{
- return 0;
-}
-
-static void dummy_inode_post_mknod (struct inode *inode, struct dentry *dentry,
- int mode, dev_t dev)
-{
- return;
-}
-
-static int dummy_inode_rename (struct inode *old_inode,
- struct dentry *old_dentry,
- struct inode *new_inode,
- struct dentry *new_dentry)
-{
- return 0;
-}
-
-static void dummy_inode_post_rename (struct inode *old_inode,
- struct dentry *old_dentry,
- struct inode *new_inode,
- struct dentry *new_dentry)
-{
- return;
-}
-
-static int dummy_inode_readlink (struct dentry *dentry)
-{
- return 0;
-}
-
-static int dummy_inode_follow_link (struct dentry *dentry,
- struct nameidata *nameidata)
-{
- return 0;
-}
-
-static int dummy_inode_permission (struct inode *inode, int mask, struct nameidata *nd)
-{
- return 0;
-}
-
-static int dummy_inode_setattr (struct dentry *dentry, struct iattr *iattr)
-{
- return 0;
-}
-
-static int dummy_inode_getattr (struct vfsmount *mnt, struct dentry *dentry)
-{
- return 0;
-}
-
-static void dummy_inode_delete (struct inode *ino)
-{
- return;
-}
-
-static int dummy_inode_setxattr (struct dentry *dentry, char *name, void *value,
- size_t size, int flags)
-{
- if (!strncmp(name, XATTR_SECURITY_PREFIX,
- sizeof(XATTR_SECURITY_PREFIX) - 1) &&
- !capable(CAP_SYS_ADMIN))
- return -EPERM;
- return 0;
-}
-
-static void dummy_inode_post_setxattr (struct dentry *dentry, char *name, void *value,
- size_t size, int flags)
-{
-}
-
-static int dummy_inode_getxattr (struct dentry *dentry, char *name)
-{
- return 0;
-}
-
-static int dummy_inode_listxattr (struct dentry *dentry)
-{
- return 0;
-}
-
-static int dummy_inode_removexattr (struct dentry *dentry, char *name)
-{
- if (!strncmp(name, XATTR_SECURITY_PREFIX,
- sizeof(XATTR_SECURITY_PREFIX) - 1) &&
- !capable(CAP_SYS_ADMIN))
- return -EPERM;
- return 0;
-}
-
-static int dummy_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size)
-{
- return -EOPNOTSUPP;
-}
-
-static int dummy_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
-{
- return -EOPNOTSUPP;
-}
-
-static int dummy_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
-{
- return 0;
-}
-
-static int dummy_file_permission (struct file *file, int mask)
-{
- return 0;
-}
-
-static int dummy_file_alloc_security (struct file *file)
-{
- return 0;
-}
-
-static void dummy_file_free_security (struct file *file)
-{
- return;
-}
-
-static int dummy_file_ioctl (struct file *file, unsigned int command,
- unsigned long arg)
-{
- return 0;
-}
-
-static int dummy_file_mmap (struct file *file, unsigned long reqprot,
- unsigned long prot,
- unsigned long flags)
-{
- return 0;
-}
-
-static int dummy_file_mprotect (struct vm_area_struct *vma,
- unsigned long reqprot,
- unsigned long prot)
-{
- return 0;
-}
-
-static int dummy_file_lock (struct file *file, unsigned int cmd)
-{
- return 0;
-}
-
-static int dummy_file_fcntl (struct file *file, unsigned int cmd,
- unsigned long arg)
-{
- return 0;
-}
-
-static int dummy_file_set_fowner (struct file *file)
-{
- return 0;
-}
-
-static int dummy_file_send_sigiotask (struct task_struct *tsk,
- struct fown_struct *fown, int sig)
-{
- return 0;
-}
-
-static int dummy_file_receive (struct file *file)
-{
- return 0;
-}
-
-static int dummy_task_create (unsigned long clone_flags)
-{
- return 0;
-}
-
-static int dummy_task_alloc_security (struct task_struct *p)
-{
- return 0;
-}
-
-static void dummy_task_free_security (struct task_struct *p)
-{
- return;
-}
-
-static int dummy_task_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
-{
- return 0;
-}
-
-static int dummy_task_post_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
-{
- dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted);
- return 0;
-}
-
-static int dummy_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags)
-{
- return 0;
-}
-
-static int dummy_task_setpgid (struct task_struct *p, pid_t pgid)
-{
- return 0;
-}
-
-static int dummy_task_getpgid (struct task_struct *p)
-{
- return 0;
-}
-
-static int dummy_task_getsid (struct task_struct *p)
-{
- return 0;
-}
-
-static int dummy_task_setgroups (struct group_info *group_info)
-{
- return 0;
-}
-
-static int dummy_task_setnice (struct task_struct *p, int nice)
-{
- return 0;
-}
-
-static int dummy_task_setrlimit (unsigned int resource, struct rlimit *new_rlim)
-{
- return 0;
-}
-
-static int dummy_task_setscheduler (struct task_struct *p, int policy,
- struct sched_param *lp)
-{
- return 0;
-}
-
-static int dummy_task_getscheduler (struct task_struct *p)
-{
- return 0;
-}
-
-static int dummy_task_wait (struct task_struct *p)
-{
- return 0;
-}
-
-static int dummy_task_kill (struct task_struct *p, struct siginfo *info,
- int sig)
-{
- return 0;
-}
-
-static int dummy_task_prctl (int option, unsigned long arg2, unsigned long arg3,
- unsigned long arg4, unsigned long arg5)
-{
- return 0;
-}
-
-static void dummy_task_reparent_to_init (struct task_struct *p)
-{
- p->euid = p->fsuid = 0;
- return;
-}
-
-static void dummy_task_to_inode(struct task_struct *p, struct inode *inode)
-{ }
-
-static int dummy_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
-{
- return 0;
-}
-
-static int dummy_msg_msg_alloc_security (struct msg_msg *msg)
-{
- return 0;
-}
-
-static void dummy_msg_msg_free_security (struct msg_msg *msg)
-{
- return;
-}
-
-static int dummy_msg_queue_alloc_security (struct msg_queue *msq)
-{
- return 0;
-}
-
-static void dummy_msg_queue_free_security (struct msg_queue *msq)
-{
- return;
-}
-
-static int dummy_msg_queue_associate (struct msg_queue *msq,
- int msqflg)
-{
- return 0;
-}
-
-static int dummy_msg_queue_msgctl (struct msg_queue *msq, int cmd)
-{
- return 0;
-}
-
-static int dummy_msg_queue_msgsnd (struct msg_queue *msq, struct msg_msg *msg,
- int msgflg)
-{
- return 0;
-}
-
-static int dummy_msg_queue_msgrcv (struct msg_queue *msq, struct msg_msg *msg,
- struct task_struct *target, long type,
- int mode)
-{
- return 0;
-}
-
-static int dummy_shm_alloc_security (struct shmid_kernel *shp)
-{
- return 0;
-}
-
-static void dummy_shm_free_security (struct shmid_kernel *shp)
-{
- return;
-}
-
-static int dummy_shm_associate (struct shmid_kernel *shp, int shmflg)
-{
- return 0;
-}
-
-static int dummy_shm_shmctl (struct shmid_kernel *shp, int cmd)
-{
- return 0;
-}
-
-static int dummy_shm_shmat (struct shmid_kernel *shp, char __user *shmaddr,
- int shmflg)
-{
- return 0;
-}
-
-static int dummy_sem_alloc_security (struct sem_array *sma)
-{
- return 0;
-}
-
-static void dummy_sem_free_security (struct sem_array *sma)
-{
- return;
-}
-
-static int dummy_sem_associate (struct sem_array *sma, int semflg)
-{
- return 0;
-}
-
-static int dummy_sem_semctl (struct sem_array *sma, int cmd)
-{
- return 0;
-}
-
-static int dummy_sem_semop (struct sem_array *sma,
- struct sembuf *sops, unsigned nsops, int alter)
-{
- return 0;
-}
-
-static int dummy_netlink_send (struct sock *sk, struct sk_buff *skb)
-{
- NETLINK_CB(skb).eff_cap = current->cap_effective;
- return 0;
-}
-
-static int dummy_netlink_recv (struct sk_buff *skb)
-{
- if (!cap_raised (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN))
- return -EPERM;
- return 0;
-}
-
-#ifdef CONFIG_SECURITY_NETWORK
-static int dummy_unix_stream_connect (struct socket *sock,
- struct socket *other,
- struct sock *newsk)
-{
- return 0;
-}
-
-static int dummy_unix_may_send (struct socket *sock,
- struct socket *other)
-{
- return 0;
-}
-
-static int dummy_socket_create (int family, int type,
- int protocol, int kern)
-{
- return 0;
-}
-
-static void dummy_socket_post_create (struct socket *sock, int family, int type,
- int protocol, int kern)
-{
- return;
-}
-
-static int dummy_socket_bind (struct socket *sock, struct sockaddr *address,
- int addrlen)
-{
- return 0;
-}
-
-static int dummy_socket_connect (struct socket *sock, struct sockaddr *address,
- int addrlen)
-{
- return 0;
-}
-
-static int dummy_socket_listen (struct socket *sock, int backlog)
-{
- return 0;
-}
-
-static int dummy_socket_accept (struct socket *sock, struct socket *newsock)
-{
- return 0;
-}
-
-static void dummy_socket_post_accept (struct socket *sock,
- struct socket *newsock)
-{
- return;
-}
-
-static int dummy_socket_sendmsg (struct socket *sock, struct msghdr *msg,
- int size)
-{
- return 0;
-}
-
-static int dummy_socket_recvmsg (struct socket *sock, struct msghdr *msg,
- int size, int flags)
-{
- return 0;
-}
-
-static int dummy_socket_getsockname (struct socket *sock)
-{
- return 0;
-}
-
-static int dummy_socket_getpeername (struct socket *sock)
-{
- return 0;
-}
-
-static int dummy_socket_setsockopt (struct socket *sock, int level, int optname)
-{
- return 0;
-}
-
-static int dummy_socket_getsockopt (struct socket *sock, int level, int optname)
-{
- return 0;
-}
-
-static int dummy_socket_shutdown (struct socket *sock, int how)
-{
- return 0;
-}
-
-static int dummy_socket_sock_rcv_skb (struct sock *sk, struct sk_buff *skb)
-{
- return 0;
-}
-
-static int dummy_socket_getpeersec(struct socket *sock, char __user *optval,
- int __user *optlen, unsigned len)
-{
- return -ENOPROTOOPT;
-}
-
-static inline int dummy_sk_alloc_security (struct sock *sk, int family, int priority)
-{
- return 0;
-}
-
-static inline void dummy_sk_free_security (struct sock *sk)
-{
-}
-#endif /* CONFIG_SECURITY_NETWORK */
-
-static int dummy_register_security (const char *name, struct security_operations *ops)
-{
- return -EINVAL;
-}
-
-static int dummy_unregister_security (const char *name, struct security_operations *ops)
-{
- return -EINVAL;
-}
-
-static void dummy_d_instantiate (struct dentry *dentry, struct inode *inode)
-{
- return;
-}
-
-static int dummy_getprocattr(struct task_struct *p, char *name, void *value, size_t size)
-{
- return -EINVAL;
-}
-
-static int dummy_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
-{
- return -EINVAL;
-}
-
-
-struct security_operations dummy_security_ops;
-
-#define set_to_dummy_if_null(ops, function) \
- do { \
- if (!ops->function) { \
- ops->function = dummy_##function; \
- pr_debug("Had to override the " #function \
- " security operation with the dummy one.\n");\
- } \
- } while (0)
-
-void security_fixup_ops (struct security_operations *ops)
-{
- set_to_dummy_if_null(ops, ptrace);
- set_to_dummy_if_null(ops, capget);
- set_to_dummy_if_null(ops, capset_check);
- set_to_dummy_if_null(ops, capset_set);
- set_to_dummy_if_null(ops, acct);
- set_to_dummy_if_null(ops, capable);
- set_to_dummy_if_null(ops, quotactl);
- set_to_dummy_if_null(ops, quota_on);
- set_to_dummy_if_null(ops, sysctl);
- set_to_dummy_if_null(ops, syslog);
- set_to_dummy_if_null(ops, settime);
- set_to_dummy_if_null(ops, vm_enough_memory);
- set_to_dummy_if_null(ops, bprm_alloc_security);
- set_to_dummy_if_null(ops, bprm_free_security);
- set_to_dummy_if_null(ops, bprm_apply_creds);
- set_to_dummy_if_null(ops, bprm_post_apply_creds);
- set_to_dummy_if_null(ops, bprm_set_security);
- set_to_dummy_if_null(ops, bprm_check_security);
- set_to_dummy_if_null(ops, bprm_secureexec);
- set_to_dummy_if_null(ops, sb_alloc_security);
- set_to_dummy_if_null(ops, sb_free_security);
- set_to_dummy_if_null(ops, sb_copy_data);
- set_to_dummy_if_null(ops, sb_kern_mount);
- set_to_dummy_if_null(ops, sb_statfs);
- set_to_dummy_if_null(ops, sb_mount);
- set_to_dummy_if_null(ops, sb_check_sb);
- set_to_dummy_if_null(ops, sb_umount);
- set_to_dummy_if_null(ops, sb_umount_close);
- set_to_dummy_if_null(ops, sb_umount_busy);
- set_to_dummy_if_null(ops, sb_post_remount);
- set_to_dummy_if_null(ops, sb_post_mountroot);
- set_to_dummy_if_null(ops, sb_post_addmount);
- set_to_dummy_if_null(ops, sb_pivotroot);
- set_to_dummy_if_null(ops, sb_post_pivotroot);
- set_to_dummy_if_null(ops, inode_alloc_security);
- set_to_dummy_if_null(ops, inode_free_security);
- set_to_dummy_if_null(ops, inode_create);
- set_to_dummy_if_null(ops, inode_post_create);
- set_to_dummy_if_null(ops, inode_link);
- set_to_dummy_if_null(ops, inode_post_link);
- set_to_dummy_if_null(ops, inode_unlink);
- set_to_dummy_if_null(ops, inode_symlink);
- set_to_dummy_if_null(ops, inode_post_symlink);
- set_to_dummy_if_null(ops, inode_mkdir);
- set_to_dummy_if_null(ops, inode_post_mkdir);
- set_to_dummy_if_null(ops, inode_rmdir);
- set_to_dummy_if_null(ops, inode_mknod);
- set_to_dummy_if_null(ops, inode_post_mknod);
- set_to_dummy_if_null(ops, inode_rename);
- set_to_dummy_if_null(ops, inode_post_rename);
- set_to_dummy_if_null(ops, inode_readlink);
- set_to_dummy_if_null(ops, inode_follow_link);
- set_to_dummy_if_null(ops, inode_permission);
- set_to_dummy_if_null(ops, inode_setattr);
- set_to_dummy_if_null(ops, inode_getattr);
- set_to_dummy_if_null(ops, inode_delete);
- set_to_dummy_if_null(ops, inode_setxattr);
- set_to_dummy_if_null(ops, inode_post_setxattr);
- set_to_dummy_if_null(ops, inode_getxattr);
- set_to_dummy_if_null(ops, inode_listxattr);
- set_to_dummy_if_null(ops, inode_removexattr);
- set_to_dummy_if_null(ops, inode_getsecurity);
- set_to_dummy_if_null(ops, inode_setsecurity);
- set_to_dummy_if_null(ops, inode_listsecurity);
- set_to_dummy_if_null(ops, file_permission);
- set_to_dummy_if_null(ops, file_alloc_security);
- set_to_dummy_if_null(ops, file_free_security);
- set_to_dummy_if_null(ops, file_ioctl);
- set_to_dummy_if_null(ops, file_mmap);
- set_to_dummy_if_null(ops, file_mprotect);
- set_to_dummy_if_null(ops, file_lock);
- set_to_dummy_if_null(ops, file_fcntl);
- set_to_dummy_if_null(ops, file_set_fowner);
- set_to_dummy_if_null(ops, file_send_sigiotask);
- set_to_dummy_if_null(ops, file_receive);
- set_to_dummy_if_null(ops, task_create);
- set_to_dummy_if_null(ops, task_alloc_security);
- set_to_dummy_if_null(ops, task_free_security);
- set_to_dummy_if_null(ops, task_setuid);
- set_to_dummy_if_null(ops, task_post_setuid);
- set_to_dummy_if_null(ops, task_setgid);
- set_to_dummy_if_null(ops, task_setpgid);
- set_to_dummy_if_null(ops, task_getpgid);
- set_to_dummy_if_null(ops, task_getsid);
- set_to_dummy_if_null(ops, task_setgroups);
- set_to_dummy_if_null(ops, task_setnice);
- set_to_dummy_if_null(ops, task_setrlimit);
- set_to_dummy_if_null(ops, task_setscheduler);
- set_to_dummy_if_null(ops, task_getscheduler);
- set_to_dummy_if_null(ops, task_wait);
- set_to_dummy_if_null(ops, task_kill);
- set_to_dummy_if_null(ops, task_prctl);
- set_to_dummy_if_null(ops, task_reparent_to_init);
- set_to_dummy_if_null(ops, task_to_inode);
- set_to_dummy_if_null(ops, ipc_permission);
- set_to_dummy_if_null(ops, msg_msg_alloc_security);
- set_to_dummy_if_null(ops, msg_msg_free_security);
- set_to_dummy_if_null(ops, msg_queue_alloc_security);
- set_to_dummy_if_null(ops, msg_queue_free_security);
- set_to_dummy_if_null(ops, msg_queue_associate);
- set_to_dummy_if_null(ops, msg_queue_msgctl);
- set_to_dummy_if_null(ops, msg_queue_msgsnd);
- set_to_dummy_if_null(ops, msg_queue_msgrcv);
- set_to_dummy_if_null(ops, shm_alloc_security);
- set_to_dummy_if_null(ops, shm_free_security);
- set_to_dummy_if_null(ops, shm_associate);
- set_to_dummy_if_null(ops, shm_shmctl);
- set_to_dummy_if_null(ops, shm_shmat);
- set_to_dummy_if_null(ops, sem_alloc_security);
- set_to_dummy_if_null(ops, sem_free_security);
- set_to_dummy_if_null(ops, sem_associate);
- set_to_dummy_if_null(ops, sem_semctl);
- set_to_dummy_if_null(ops, sem_semop);
- set_to_dummy_if_null(ops, netlink_send);
- set_to_dummy_if_null(ops, netlink_recv);
- set_to_dummy_if_null(ops, register_security);
- set_to_dummy_if_null(ops, unregister_security);
- set_to_dummy_if_null(ops, d_instantiate);
- set_to_dummy_if_null(ops, getprocattr);
- set_to_dummy_if_null(ops, setprocattr);
-#ifdef CONFIG_SECURITY_NETWORK
- set_to_dummy_if_null(ops, unix_stream_connect);
- set_to_dummy_if_null(ops, unix_may_send);
- set_to_dummy_if_null(ops, socket_create);
- set_to_dummy_if_null(ops, socket_post_create);
- set_to_dummy_if_null(ops, socket_bind);
- set_to_dummy_if_null(ops, socket_connect);
- set_to_dummy_if_null(ops, socket_listen);
- set_to_dummy_if_null(ops, socket_accept);
- set_to_dummy_if_null(ops, socket_post_accept);
- set_to_dummy_if_null(ops, socket_sendmsg);
- set_to_dummy_if_null(ops, socket_recvmsg);
- set_to_dummy_if_null(ops, socket_getsockname);
- set_to_dummy_if_null(ops, socket_getpeername);
- set_to_dummy_if_null(ops, socket_setsockopt);
- set_to_dummy_if_null(ops, socket_getsockopt);
- set_to_dummy_if_null(ops, socket_shutdown);
- set_to_dummy_if_null(ops, socket_sock_rcv_skb);
- set_to_dummy_if_null(ops, socket_getpeersec);
- set_to_dummy_if_null(ops, sk_alloc_security);
- set_to_dummy_if_null(ops, sk_free_security);
-#endif /* CONFIG_SECURITY_NETWORK */
-}
-
Index: lsm-hooks-2.6/security/security.c
===================================================================
--- lsm-hooks-2.6.orig/security/security.c
+++ lsm-hooks-2.6/security/security.c
@@ -20,12 +20,12 @@
#define SECURITY_FRAMEWORK_VERSION "1.0.0"
-/* things that live in dummy.c */
-extern struct security_operations dummy_security_ops;
-extern void security_fixup_ops(struct security_operations *ops);
-
struct security_operations *security_ops; /* Initialized to NULL */
+static struct security_operations default_security_ops;
+
+extern void security_fixup_ops (struct security_operations *ops);
+
static inline int verify(struct security_operations *ops)
{
/* verify the security_operations structure exists */
@@ -55,13 +55,13 @@ int __init security_init(void)
printk(KERN_INFO "Security Framework v" SECURITY_FRAMEWORK_VERSION
" initialized\n");
- if (verify(&dummy_security_ops)) {
+ if (verify(&default_security_ops)) {
printk(KERN_ERR "%s could not verify "
- "dummy_security_ops structure.\n", __FUNCTION__);
+ "default_security_ops structure.\n", __FUNCTION__);
return -EIO;
}
- security_ops = &dummy_security_ops;
+ security_ops = &default_security_ops;
do_security_initcalls();
return 0;
@@ -87,7 +87,7 @@ int register_security(struct security_op
return -EINVAL;
}
- if (security_ops != &dummy_security_ops)
+ if (security_ops != &default_security_ops)
return -EAGAIN;
security_ops = ops;
@@ -102,9 +102,9 @@ int register_security(struct security_op
* This function removes a struct security_operations variable that had
* previously been registered with a successful call to register_security().
*
- * If @ops does not match the valued previously passed to register_security()
+ * If @ops does not match the value previously passed to register_security()
* an error is returned. Otherwise the default security options is set to the
- * the dummy_security_ops structure, and 0 is returned.
+ * the default_security_ops structure, and 0 is returned.
*/
int unregister_security(struct security_operations *ops)
{
@@ -115,7 +115,7 @@ int unregister_security(struct security_
return -EINVAL;
}
- security_ops = &dummy_security_ops;
+ security_ops = &default_security_ops;
return 0;
}
--
^ permalink raw reply [flat|nested] 36+ messages in thread
* [PATCH 2/5] Rework stubs in security.h
2005-08-25 1:20 [PATCH 0/5] LSM hook updates Chris Wright
2005-08-25 1:20 ` [PATCH 1/5] Use capabilities as default w/ and w/out CONFIG_SECURITY Chris Wright
@ 2005-08-25 1:20 ` Chris Wright
2005-08-26 17:31 ` Tony Jones
2005-08-25 1:20 ` [PATCH 3/5] Call security hooks conditionally if the security_op is filled out Chris Wright
` (4 subsequent siblings)
6 siblings, 1 reply; 36+ messages in thread
From: Chris Wright @ 2005-08-25 1:20 UTC (permalink / raw)
To: linux-security-module; +Cc: linux-kernel, Kurt Garloff, Chris Wright
[-- Attachment #1: security-reorder-stubs.patch --]
[-- Type: text/plain, Size: 51416 bytes --]
Collapse security stubs so that the def'n is done in one spot with ifdef
in function body rather than two separately defined functions.
Patch from Kurt Garloff <garloff@suse.de>, and slightly altered by me to
make all ifdef sites consistent and move the prototype decl's to a sane
spot.
Signed-off-by: Kurt Garloff <garloff@suse.de>
Signed-off-by: Chris Wright <chrisw@osdl.org>
---
include/linux/security.h | 1410 ++++++++++++++++++++---------------------------
1 files changed, 609 insertions(+), 801 deletions(-)
Index: lsm-hooks-2.6/include/linux/security.h
===================================================================
--- lsm-hooks-2.6.orig/include/linux/security.h
+++ lsm-hooks-2.6/include/linux/security.h
@@ -1248,10 +1248,27 @@ struct security_operations {
/* global variables */
extern struct security_operations *security_ops;
-/* inline stuff */
+/* prototypes */
+extern int security_init (void);
+extern int register_security (struct security_operations *ops);
+extern int unregister_security (struct security_operations *ops);
+extern int mod_reg_security (const char *name, struct security_operations *ops);
+extern int mod_unreg_security (const char *name, struct security_operations *ops);
+#else
+static inline int security_init(void)
+{
+ return 0;
+}
+#endif /* CONFIG_SECURITY */
+
static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
{
+#ifdef CONFIG_SECURITY
return security_ops->ptrace (parent, child);
+#else
+ return cap_ptrace (parent, child);
+#endif
+
}
static inline int security_capget (struct task_struct *target,
@@ -1259,7 +1281,11 @@ static inline int security_capget (struc
kernel_cap_t *inheritable,
kernel_cap_t *permitted)
{
+#ifdef CONFIG_SECURITY
return security_ops->capget (target, effective, inheritable, permitted);
+#else
+ return cap_capget (target, effective, inheritable, permitted);
+#endif
}
static inline int security_capset_check (struct task_struct *target,
@@ -1267,7 +1293,11 @@ static inline int security_capset_check
kernel_cap_t *inheritable,
kernel_cap_t *permitted)
{
+#ifdef CONFIG_SECURITY
return security_ops->capset_check (target, effective, inheritable, permitted);
+#else
+ return cap_capset_check (target, effective, inheritable, permitted);
+#endif
}
static inline void security_capset_set (struct task_struct *target,
@@ -1275,278 +1305,457 @@ static inline void security_capset_set (
kernel_cap_t *inheritable,
kernel_cap_t *permitted)
{
+#ifdef CONFIG_SECURITY
security_ops->capset_set (target, effective, inheritable, permitted);
+#else
+ cap_capset_set (target, effective, inheritable, permitted);
+#endif
}
static inline int security_acct (struct file *file)
{
+#ifdef CONFIG_SECURITY
return security_ops->acct (file);
+#else
+ return 0;
+#endif
}
static inline int security_sysctl(struct ctl_table *table, int op)
{
+#ifdef CONFIG_SECURITY
return security_ops->sysctl(table, op);
+#else
+ return 0;
+#endif
}
static inline int security_quotactl (int cmds, int type, int id,
struct super_block *sb)
{
+#ifdef CONFIG_SECURITY
return security_ops->quotactl (cmds, type, id, sb);
+#else
+ return 0;
+#endif
}
static inline int security_quota_on (struct dentry * dentry)
{
+#ifdef CONFIG_SECURITY
return security_ops->quota_on (dentry);
+#else
+ return 0;
+#endif
}
static inline int security_syslog(int type)
{
+#ifdef CONFIG_SECURITY
return security_ops->syslog(type);
+#else
+ return cap_syslog(type);
+#endif
}
static inline int security_settime(struct timespec *ts, struct timezone *tz)
{
+#ifdef CONFIG_SECURITY
return security_ops->settime(ts, tz);
+#else
+ return cap_settime(ts, tz);
+#endif
}
-
static inline int security_vm_enough_memory(long pages)
{
+#ifdef CONFIG_SECURITY
return security_ops->vm_enough_memory(pages);
+#else
+ return cap_vm_enough_memory(pages);
+#endif
}
static inline int security_bprm_alloc (struct linux_binprm *bprm)
{
+#ifdef CONFIG_SECURITY
return security_ops->bprm_alloc_security (bprm);
+#else
+ return 0;
+#endif
}
+
static inline void security_bprm_free (struct linux_binprm *bprm)
{
+#ifdef CONFIG_SECURITY
security_ops->bprm_free_security (bprm);
+#else
+ return;
+#endif
}
+
static inline void security_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
{
+#ifdef CONFIG_SECURITY
security_ops->bprm_apply_creds (bprm, unsafe);
+#else
+ cap_bprm_apply_creds (bprm, unsafe);
+#endif
}
+
static inline void security_bprm_post_apply_creds (struct linux_binprm *bprm)
{
+#ifdef CONFIG_SECURITY
security_ops->bprm_post_apply_creds (bprm);
+#else
+ return;
+#endif
}
+
static inline int security_bprm_set (struct linux_binprm *bprm)
{
+#ifdef CONFIG_SECURITY
return security_ops->bprm_set_security (bprm);
+#else
+ return cap_bprm_set_security (bprm);
+#endif
}
static inline int security_bprm_check (struct linux_binprm *bprm)
{
+#ifdef CONFIG_SECURITY
return security_ops->bprm_check_security (bprm);
+#else
+ return 0;
+#endif
}
static inline int security_bprm_secureexec (struct linux_binprm *bprm)
{
+#ifdef CONFIG_SECURITY
return security_ops->bprm_secureexec (bprm);
+#else
+ return cap_bprm_secureexec(bprm);
+#endif
}
static inline int security_sb_alloc (struct super_block *sb)
{
+#ifdef CONFIG_SECURITY
return security_ops->sb_alloc_security (sb);
+#else
+ return 0;
+#endif
}
static inline void security_sb_free (struct super_block *sb)
{
+#ifdef CONFIG_SECURITY
security_ops->sb_free_security (sb);
+#else
+ return;
+#endif
}
static inline int security_sb_copy_data (struct file_system_type *type,
void *orig, void *copy)
{
+#ifdef CONFIG_SECURITY
return security_ops->sb_copy_data (type, orig, copy);
+#else
+ return 0;
+#endif
}
static inline int security_sb_kern_mount (struct super_block *sb, void *data)
{
+#ifdef CONFIG_SECURITY
return security_ops->sb_kern_mount (sb, data);
+#else
+ return 0;
+#endif
}
static inline int security_sb_statfs (struct super_block *sb)
{
+#ifdef CONFIG_SECURITY
return security_ops->sb_statfs (sb);
+#else
+ return 0;
+#endif
}
static inline int security_sb_mount (char *dev_name, struct nameidata *nd,
char *type, unsigned long flags,
void *data)
{
+#ifdef CONFIG_SECURITY
return security_ops->sb_mount (dev_name, nd, type, flags, data);
+#else
+ return 0;
+#endif
}
static inline int security_sb_check_sb (struct vfsmount *mnt,
struct nameidata *nd)
{
+#ifdef CONFIG_SECURITY
return security_ops->sb_check_sb (mnt, nd);
+#else
+ return 0;
+#endif
}
static inline int security_sb_umount (struct vfsmount *mnt, int flags)
{
+#ifdef CONFIG_SECURITY
return security_ops->sb_umount (mnt, flags);
+#else
+ return 0;
+#endif
}
static inline void security_sb_umount_close (struct vfsmount *mnt)
{
+#ifdef CONFIG_SECURITY
security_ops->sb_umount_close (mnt);
+#else
+ return;
+#endif
}
static inline void security_sb_umount_busy (struct vfsmount *mnt)
{
+#ifdef CONFIG_SECURITY
security_ops->sb_umount_busy (mnt);
+#else
+ return;
+#endif
}
static inline void security_sb_post_remount (struct vfsmount *mnt,
unsigned long flags, void *data)
{
+#ifdef CONFIG_SECURITY
security_ops->sb_post_remount (mnt, flags, data);
+#else
+ return;
+#endif
}
static inline void security_sb_post_mountroot (void)
{
+#ifdef CONFIG_SECURITY
security_ops->sb_post_mountroot ();
+#else
+ return;
+#endif
}
static inline void security_sb_post_addmount (struct vfsmount *mnt,
struct nameidata *mountpoint_nd)
{
+#ifdef CONFIG_SECURITY
security_ops->sb_post_addmount (mnt, mountpoint_nd);
+#else
+ return;
+#endif
}
static inline int security_sb_pivotroot (struct nameidata *old_nd,
struct nameidata *new_nd)
{
+#ifdef CONFIG_SECURITY
return security_ops->sb_pivotroot (old_nd, new_nd);
+#else
+ return 0;
+#endif
}
static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
struct nameidata *new_nd)
{
+#ifdef CONFIG_SECURITY
security_ops->sb_post_pivotroot (old_nd, new_nd);
+#else
+ return;
+#endif
}
static inline int security_inode_alloc (struct inode *inode)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (inode)))
return 0;
return security_ops->inode_alloc_security (inode);
+#else
+ return 0;
+#endif
}
static inline void security_inode_free (struct inode *inode)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (inode)))
return;
security_ops->inode_free_security (inode);
+#else
+ return;
+#endif
}
static inline int security_inode_create (struct inode *dir,
struct dentry *dentry,
int mode)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dir)))
return 0;
return security_ops->inode_create (dir, dentry, mode);
+#else
+ return 0;
+#endif
}
static inline void security_inode_post_create (struct inode *dir,
struct dentry *dentry,
int mode)
{
+#ifdef CONFIG_SECURITY
if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
return;
security_ops->inode_post_create (dir, dentry, mode);
+#else
+ return;
+#endif
}
static inline int security_inode_link (struct dentry *old_dentry,
struct inode *dir,
struct dentry *new_dentry)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (old_dentry->d_inode)))
return 0;
return security_ops->inode_link (old_dentry, dir, new_dentry);
+#else
+ return 0;
+#endif
}
static inline void security_inode_post_link (struct dentry *old_dentry,
struct inode *dir,
struct dentry *new_dentry)
{
+#ifdef CONFIG_SECURITY
if (new_dentry->d_inode && unlikely (IS_PRIVATE (new_dentry->d_inode)))
return;
security_ops->inode_post_link (old_dentry, dir, new_dentry);
+#else
+ return;
+#endif
}
static inline int security_inode_unlink (struct inode *dir,
struct dentry *dentry)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
return security_ops->inode_unlink (dir, dentry);
+#else
+ return 0;
+#endif
}
static inline int security_inode_symlink (struct inode *dir,
struct dentry *dentry,
const char *old_name)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dir)))
return 0;
return security_ops->inode_symlink (dir, dentry, old_name);
+#else
+ return 0;
+#endif
}
static inline void security_inode_post_symlink (struct inode *dir,
struct dentry *dentry,
const char *old_name)
{
+#ifdef CONFIG_SECURITY
if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
return;
security_ops->inode_post_symlink (dir, dentry, old_name);
+#else
+ return;
+#endif
}
static inline int security_inode_mkdir (struct inode *dir,
struct dentry *dentry,
int mode)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dir)))
return 0;
return security_ops->inode_mkdir (dir, dentry, mode);
+#else
+ return 0;
+#endif
}
static inline void security_inode_post_mkdir (struct inode *dir,
struct dentry *dentry,
int mode)
{
+#ifdef CONFIG_SECURITY
if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
return;
security_ops->inode_post_mkdir (dir, dentry, mode);
+#else
+ return;
+#endif
}
static inline int security_inode_rmdir (struct inode *dir,
struct dentry *dentry)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
return security_ops->inode_rmdir (dir, dentry);
+#else
+ return 0;
+#endif
}
static inline int security_inode_mknod (struct inode *dir,
struct dentry *dentry,
int mode, dev_t dev)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dir)))
return 0;
return security_ops->inode_mknod (dir, dentry, mode, dev);
+#else
+ return 0;
+#endif
}
static inline void security_inode_post_mknod (struct inode *dir,
struct dentry *dentry,
int mode, dev_t dev)
{
+#ifdef CONFIG_SECURITY
if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
return;
security_ops->inode_post_mknod (dir, dentry, mode, dev);
+#else
+ return;
+#endif
}
static inline int security_inode_rename (struct inode *old_dir,
@@ -1554,11 +1763,15 @@ static inline int security_inode_rename
struct inode *new_dir,
struct dentry *new_dentry)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (old_dentry->d_inode) ||
(new_dentry->d_inode && IS_PRIVATE (new_dentry->d_inode))))
return 0;
return security_ops->inode_rename (old_dir, old_dentry,
new_dir, new_dentry);
+#else
+ return 0;
+#endif
}
static inline void security_inode_post_rename (struct inode *old_dir,
@@ -1566,265 +1779,433 @@ static inline void security_inode_post_r
struct inode *new_dir,
struct dentry *new_dentry)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (old_dentry->d_inode) ||
(new_dentry->d_inode && IS_PRIVATE (new_dentry->d_inode))))
return;
security_ops->inode_post_rename (old_dir, old_dentry,
new_dir, new_dentry);
+#else
+ return;
+#endif
}
static inline int security_inode_readlink (struct dentry *dentry)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
return security_ops->inode_readlink (dentry);
+#else
+ return 0;
+#endif
}
static inline int security_inode_follow_link (struct dentry *dentry,
struct nameidata *nd)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
return security_ops->inode_follow_link (dentry, nd);
+#else
+ return 0;
+#endif
}
static inline int security_inode_permission (struct inode *inode, int mask,
struct nameidata *nd)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (inode)))
return 0;
return security_ops->inode_permission (inode, mask, nd);
+#else
+ return 0;
+#endif
}
static inline int security_inode_setattr (struct dentry *dentry,
struct iattr *attr)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
return security_ops->inode_setattr (dentry, attr);
+#else
+ return 0;
+#endif
}
static inline int security_inode_getattr (struct vfsmount *mnt,
struct dentry *dentry)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
return security_ops->inode_getattr (mnt, dentry);
+#else
+ return 0;
+#endif
}
static inline void security_inode_delete (struct inode *inode)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (inode)))
return;
security_ops->inode_delete (inode);
+#else
+ return;
+#endif
}
static inline int security_inode_setxattr (struct dentry *dentry, char *name,
void *value, size_t size, int flags)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
return security_ops->inode_setxattr (dentry, name, value, size, flags);
+#else
+ return cap_inode_setxattr(dentry, name, value, size, flags);
+#endif
}
static inline void security_inode_post_setxattr (struct dentry *dentry, char *name,
void *value, size_t size, int flags)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return;
security_ops->inode_post_setxattr (dentry, name, value, size, flags);
+#else
+ return;
+#endif
}
static inline int security_inode_getxattr (struct dentry *dentry, char *name)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
return security_ops->inode_getxattr (dentry, name);
+#else
+ return 0;
+#endif
}
static inline int security_inode_listxattr (struct dentry *dentry)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
return security_ops->inode_listxattr (dentry);
+#else
+ return 0;
+#endif
}
static inline int security_inode_removexattr (struct dentry *dentry, char *name)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
return security_ops->inode_removexattr (dentry, name);
+#else
+ return cap_inode_removexattr(dentry, name);
+#endif
}
static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (inode)))
return 0;
return security_ops->inode_getsecurity(inode, name, buffer, size);
+#else
+ return -EOPNOTSUPP;
+#endif
}
static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (inode)))
return 0;
return security_ops->inode_setsecurity(inode, name, value, size, flags);
+#else
+ return -EOPNOTSUPP;
+#endif
}
static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
{
+#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (inode)))
return 0;
return security_ops->inode_listsecurity(inode, buffer, buffer_size);
+#else
+ return 0;
+#endif
}
static inline int security_file_permission (struct file *file, int mask)
{
+#ifdef CONFIG_SECURITY
return security_ops->file_permission (file, mask);
+#else
+ return 0;
+#endif
}
static inline int security_file_alloc (struct file *file)
{
+#ifdef CONFIG_SECURITY
return security_ops->file_alloc_security (file);
+#else
+ return 0;
+#endif
}
static inline void security_file_free (struct file *file)
{
+#ifdef CONFIG_SECURITY
security_ops->file_free_security (file);
+#else
+ return;
+#endif
}
static inline int security_file_ioctl (struct file *file, unsigned int cmd,
unsigned long arg)
{
+#ifdef CONFIG_SECURITY
return security_ops->file_ioctl (file, cmd, arg);
+#else
+ return 0;
+#endif
}
static inline int security_file_mmap (struct file *file, unsigned long reqprot,
unsigned long prot,
unsigned long flags)
{
+#ifdef CONFIG_SECURITY
return security_ops->file_mmap (file, reqprot, prot, flags);
+#else
+ return 0;
+#endif
}
static inline int security_file_mprotect (struct vm_area_struct *vma,
unsigned long reqprot,
unsigned long prot)
{
+#ifdef CONFIG_SECURITY
return security_ops->file_mprotect (vma, reqprot, prot);
+#else
+ return 0;
+#endif
}
static inline int security_file_lock (struct file *file, unsigned int cmd)
{
+#ifdef CONFIG_SECURITY
return security_ops->file_lock (file, cmd);
+#else
+ return 0;
+#endif
}
static inline int security_file_fcntl (struct file *file, unsigned int cmd,
unsigned long arg)
{
+#ifdef CONFIG_SECURITY
return security_ops->file_fcntl (file, cmd, arg);
+#else
+ return 0;
+#endif
}
static inline int security_file_set_fowner (struct file *file)
{
+#ifdef CONFIG_SECURITY
return security_ops->file_set_fowner (file);
+#else
+ return 0;
+#endif
}
static inline int security_file_send_sigiotask (struct task_struct *tsk,
struct fown_struct *fown,
int sig)
{
+#ifdef CONFIG_SECURITY
return security_ops->file_send_sigiotask (tsk, fown, sig);
+#else
+ return 0;
+#endif
}
static inline int security_file_receive (struct file *file)
{
+#ifdef CONFIG_SECURITY
return security_ops->file_receive (file);
+#else
+ return 0;
+#endif
}
static inline int security_task_create (unsigned long clone_flags)
{
+#ifdef CONFIG_SECURITY
return security_ops->task_create (clone_flags);
+#else
+ return 0;
+#endif
}
static inline int security_task_alloc (struct task_struct *p)
{
+#ifdef CONFIG_SECURITY
return security_ops->task_alloc_security (p);
+#else
+ return 0;
+#endif
}
static inline void security_task_free (struct task_struct *p)
{
+#ifdef CONFIG_SECURITY
security_ops->task_free_security (p);
+#else
+ return;
+#endif
}
static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2,
int flags)
{
+#ifdef CONFIG_SECURITY
return security_ops->task_setuid (id0, id1, id2, flags);
+#else
+ return 0;
+#endif
}
static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid,
uid_t old_suid, int flags)
{
+#ifdef CONFIG_SECURITY
return security_ops->task_post_setuid (old_ruid, old_euid, old_suid, flags);
+#else
+ return cap_task_post_setuid (old_ruid, old_euid, old_suid, flags);
+#endif
}
static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2,
int flags)
{
+#ifdef CONFIG_SECURITY
return security_ops->task_setgid (id0, id1, id2, flags);
+#else
+ return 0;
+#endif
}
static inline int security_task_setpgid (struct task_struct *p, pid_t pgid)
{
+#ifdef CONFIG_SECURITY
return security_ops->task_setpgid (p, pgid);
+#else
+ return 0;
+#endif
}
static inline int security_task_getpgid (struct task_struct *p)
{
+#ifdef CONFIG_SECURITY
return security_ops->task_getpgid (p);
+#else
+ return 0;
+#endif
}
static inline int security_task_getsid (struct task_struct *p)
{
+#ifdef CONFIG_SECURITY
return security_ops->task_getsid (p);
+#else
+ return 0;
+#endif
}
static inline int security_task_setgroups (struct group_info *group_info)
{
+#ifdef CONFIG_SECURITY
return security_ops->task_setgroups (group_info);
+#else
+ return 0;
+#endif
}
static inline int security_task_setnice (struct task_struct *p, int nice)
{
+#ifdef CONFIG_SECURITY
return security_ops->task_setnice (p, nice);
+#else
+ return 0;
+#endif
}
static inline int security_task_setrlimit (unsigned int resource,
struct rlimit *new_rlim)
{
+#ifdef CONFIG_SECURITY
return security_ops->task_setrlimit (resource, new_rlim);
+#else
+ return 0;
+#endif
}
static inline int security_task_setscheduler (struct task_struct *p,
int policy,
struct sched_param *lp)
{
+#ifdef CONFIG_SECURITY
return security_ops->task_setscheduler (p, policy, lp);
+#else
+ return 0;
+#endif
}
static inline int security_task_getscheduler (struct task_struct *p)
{
+#ifdef CONFIG_SECURITY
return security_ops->task_getscheduler (p);
+#else
+ return 0;
+#endif
}
static inline int security_task_kill (struct task_struct *p,
struct siginfo *info, int sig)
{
+#ifdef CONFIG_SECURITY
return security_ops->task_kill (p, info, sig);
+#else
+ return 0;
+#endif
}
static inline int security_task_wait (struct task_struct *p)
{
+#ifdef CONFIG_SECURITY
return security_ops->task_wait (p);
+#else
+ return 0;
+#endif
}
static inline int security_task_prctl (int option, unsigned long arg2,
@@ -1832,60 +2213,104 @@ static inline int security_task_prctl (i
unsigned long arg4,
unsigned long arg5)
{
+#ifdef CONFIG_SECURITY
return security_ops->task_prctl (option, arg2, arg3, arg4, arg5);
+#else
+ return 0;
+#endif
}
static inline void security_task_reparent_to_init (struct task_struct *p)
{
+#ifdef CONFIG_SECURITY
security_ops->task_reparent_to_init (p);
+#else
+ cap_task_reparent_to_init (p);
+#endif
}
static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
{
+#ifdef CONFIG_SECURITY
security_ops->task_to_inode(p, inode);
+#else
+ return;
+#endif
}
static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
short flag)
{
+#ifdef CONFIG_SECURITY
return security_ops->ipc_permission (ipcp, flag);
+#else
+ return 0;
+#endif
}
static inline int security_msg_msg_alloc (struct msg_msg * msg)
{
+#ifdef CONFIG_SECURITY
return security_ops->msg_msg_alloc_security (msg);
+#else
+ return 0;
+#endif
}
static inline void security_msg_msg_free (struct msg_msg * msg)
{
+#ifdef CONFIG_SECURITY
security_ops->msg_msg_free_security(msg);
+#else
+ return;
+#endif
}
static inline int security_msg_queue_alloc (struct msg_queue *msq)
{
+#ifdef CONFIG_SECURITY
return security_ops->msg_queue_alloc_security (msq);
+#else
+ return 0;
+#endif
}
static inline void security_msg_queue_free (struct msg_queue *msq)
{
+#ifdef CONFIG_SECURITY
security_ops->msg_queue_free_security (msq);
+#else
+ return;
+#endif
}
static inline int security_msg_queue_associate (struct msg_queue * msq,
int msqflg)
{
+#ifdef CONFIG_SECURITY
return security_ops->msg_queue_associate (msq, msqflg);
+#else
+ return 0;
+#endif
}
static inline int security_msg_queue_msgctl (struct msg_queue * msq, int cmd)
{
+#ifdef CONFIG_SECURITY
return security_ops->msg_queue_msgctl (msq, cmd);
+#else
+ return 0;
+#endif
}
static inline int security_msg_queue_msgsnd (struct msg_queue * msq,
struct msg_msg * msg, int msqflg)
{
+#ifdef CONFIG_SECURITY
return security_ops->msg_queue_msgsnd (msq, msg, msqflg);
+#else
+ return 0;
+#endif
}
static inline int security_msg_queue_msgrcv (struct msg_queue * msq,
@@ -1893,966 +2318,354 @@ static inline int security_msg_queue_msg
struct task_struct * target,
long type, int mode)
{
+#ifdef CONFIG_SECURITY
return security_ops->msg_queue_msgrcv (msq, msg, target, type, mode);
+#else
+ return 0;
+#endif
}
static inline int security_shm_alloc (struct shmid_kernel *shp)
{
+#ifdef CONFIG_SECURITY
return security_ops->shm_alloc_security (shp);
+#else
+ return 0;
+#endif
}
static inline void security_shm_free (struct shmid_kernel *shp)
{
+#ifdef CONFIG_SECURITY
security_ops->shm_free_security (shp);
+#else
+ return;
+#endif
}
static inline int security_shm_associate (struct shmid_kernel * shp,
int shmflg)
{
+#ifdef CONFIG_SECURITY
return security_ops->shm_associate(shp, shmflg);
+#else
+ return 0;
+#endif
}
static inline int security_shm_shmctl (struct shmid_kernel * shp, int cmd)
{
+#ifdef CONFIG_SECURITY
return security_ops->shm_shmctl (shp, cmd);
+#else
+ return 0;
+#endif
}
static inline int security_shm_shmat (struct shmid_kernel * shp,
char __user *shmaddr, int shmflg)
{
+#ifdef CONFIG_SECURITY
return security_ops->shm_shmat(shp, shmaddr, shmflg);
+#else
+ return 0;
+#endif
}
static inline int security_sem_alloc (struct sem_array *sma)
{
+#ifdef CONFIG_SECURITY
return security_ops->sem_alloc_security (sma);
+#else
+ return 0;
+#endif
}
static inline void security_sem_free (struct sem_array *sma)
{
+#ifdef CONFIG_SECURITY
security_ops->sem_free_security (sma);
+#else
+ return;
+#endif
}
static inline int security_sem_associate (struct sem_array * sma, int semflg)
{
+#ifdef CONFIG_SECURITY
return security_ops->sem_associate (sma, semflg);
+#else
+ return 0;
+#endif
}
static inline int security_sem_semctl (struct sem_array * sma, int cmd)
{
+#ifdef CONFIG_SECURITY
return security_ops->sem_semctl(sma, cmd);
+#else
+ return 0;
+#endif
}
static inline int security_sem_semop (struct sem_array * sma,
struct sembuf * sops, unsigned nsops,
int alter)
{
+#ifdef CONFIG_SECURITY
return security_ops->sem_semop(sma, sops, nsops, alter);
+#else
+ return 0;
+#endif
}
static inline void security_d_instantiate (struct dentry *dentry, struct inode *inode)
{
+#ifdef CONFIG_SECURITY
if (unlikely (inode && IS_PRIVATE (inode)))
return;
security_ops->d_instantiate (dentry, inode);
+#else
+ return;
+#endif
}
static inline int security_getprocattr(struct task_struct *p, char *name, void *value, size_t size)
{
+#ifdef CONFIG_SECURITY
return security_ops->getprocattr(p, name, value, size);
+#else
+ return -EINVAL;
+#endif
}
static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
{
+#ifdef CONFIG_SECURITY
return security_ops->setprocattr(p, name, value, size);
+#else
+ return -EINVAL;
+#endif
}
static inline int security_netlink_send(struct sock *sk, struct sk_buff * skb)
{
+#ifdef CONFIG_SECURITY
return security_ops->netlink_send(sk, skb);
+#else
+ return cap_netlink_send (sk, skb);
+#endif
}
static inline int security_netlink_recv(struct sk_buff * skb)
{
+#ifdef CONFIG_SECURITY
return security_ops->netlink_recv(skb);
+#else
+ return cap_netlink_recv (skb);
+#endif
}
-/* prototypes */
-extern int security_init (void);
-extern int register_security (struct security_operations *ops);
-extern int unregister_security (struct security_operations *ops);
-extern int mod_reg_security (const char *name, struct security_operations *ops);
-extern int mod_unreg_security (const char *name, struct security_operations *ops);
-
-
-#else /* CONFIG_SECURITY */
-
-/*
- * This is the default capabilities functionality. Most of these functions
- * are just stubbed out, but a few must call the proper capable code.
- */
-
-static inline int security_init(void)
+static inline int security_unix_stream_connect(struct socket * sock,
+ struct socket * other,
+ struct sock * newsk)
{
+#ifdef CONFIG_SECURITY_NETWORK
+ return security_ops->unix_stream_connect(sock, other, newsk);
+#else
return 0;
+#endif
}
-static inline int security_ptrace (struct task_struct *parent, struct task_struct * child)
-{
- return cap_ptrace (parent, child);
-}
-static inline int security_capget (struct task_struct *target,
- kernel_cap_t *effective,
- kernel_cap_t *inheritable,
- kernel_cap_t *permitted)
+static inline int security_unix_may_send(struct socket * sock,
+ struct socket * other)
{
- return cap_capget (target, effective, inheritable, permitted);
+#ifdef CONFIG_SECURITY_NETWORK
+ return security_ops->unix_may_send(sock, other);
+#else
+ return 0;
+#endif
}
-static inline int security_capset_check (struct task_struct *target,
- kernel_cap_t *effective,
- kernel_cap_t *inheritable,
- kernel_cap_t *permitted)
+static inline int security_socket_create (int family, int type,
+ int protocol, int kern)
{
- return cap_capset_check (target, effective, inheritable, permitted);
+#ifdef CONFIG_SECURITY_NETWORK
+ return security_ops->socket_create(family, type, protocol, kern);
+#else
+ return 0;
+#endif
}
-static inline void security_capset_set (struct task_struct *target,
- kernel_cap_t *effective,
- kernel_cap_t *inheritable,
- kernel_cap_t *permitted)
+static inline void security_socket_post_create(struct socket * sock,
+ int family,
+ int type,
+ int protocol, int kern)
{
- cap_capset_set (target, effective, inheritable, permitted);
+#ifdef CONFIG_SECURITY_NETWORK
+ security_ops->socket_post_create(sock, family, type,
+ protocol, kern);
+#else
+ return;
+#endif
}
-static inline int security_acct (struct file *file)
+static inline int security_socket_bind(struct socket * sock,
+ struct sockaddr * address,
+ int addrlen)
{
+#ifdef CONFIG_SECURITY_NETWORK
+ return security_ops->socket_bind(sock, address, addrlen);
+#else
return 0;
+#endif
}
-static inline int security_sysctl(struct ctl_table *table, int op)
+static inline int security_socket_connect(struct socket * sock,
+ struct sockaddr * address,
+ int addrlen)
{
+#ifdef CONFIG_SECURITY_NETWORK
+ return security_ops->socket_connect(sock, address, addrlen);
+#else
return 0;
+#endif
}
-static inline int security_quotactl (int cmds, int type, int id,
- struct super_block * sb)
+static inline int security_socket_listen(struct socket * sock, int backlog)
{
+#ifdef CONFIG_SECURITY_NETWORK
+ return security_ops->socket_listen(sock, backlog);
+#else
return 0;
+#endif
}
-static inline int security_quota_on (struct dentry * dentry)
+static inline int security_socket_accept(struct socket * sock,
+ struct socket * newsock)
{
+#ifdef CONFIG_SECURITY_NETWORK
+ return security_ops->socket_accept(sock, newsock);
+#else
return 0;
+#endif
}
-static inline int security_syslog(int type)
+static inline void security_socket_post_accept(struct socket * sock,
+ struct socket * newsock)
{
- return cap_syslog(type);
+#ifdef CONFIG_SECURITY_NETWORK
+ security_ops->socket_post_accept(sock, newsock);
+#else
+ return;
+#endif
}
-static inline int security_settime(struct timespec *ts, struct timezone *tz)
+static inline int security_socket_sendmsg(struct socket * sock,
+ struct msghdr * msg, int size)
{
- return cap_settime(ts, tz);
+#ifdef CONFIG_SECURITY_NETWORK
+ return security_ops->socket_sendmsg(sock, msg, size);
+#else
+ return 0;
+#endif
}
-static inline int security_vm_enough_memory(long pages)
+static inline int security_socket_recvmsg(struct socket * sock,
+ struct msghdr * msg, int size,
+ int flags)
{
- return cap_vm_enough_memory(pages);
+#ifdef CONFIG_SECURITY_NETWORK
+ return security_ops->socket_recvmsg(sock, msg, size, flags);
+#else
+ return 0;
+#endif
}
-static inline int security_bprm_alloc (struct linux_binprm *bprm)
+static inline int security_socket_getsockname(struct socket * sock)
{
+#ifdef CONFIG_SECURITY_NETWORK
+ return security_ops->socket_getsockname(sock);
+#else
return 0;
+#endif
}
-static inline void security_bprm_free (struct linux_binprm *bprm)
-{ }
-
-static inline void security_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
-{
- cap_bprm_apply_creds (bprm, unsafe);
-}
-
-static inline void security_bprm_post_apply_creds (struct linux_binprm *bprm)
+static inline int security_socket_getpeername(struct socket * sock)
{
- return;
-}
-
-static inline int security_bprm_set (struct linux_binprm *bprm)
-{
- return cap_bprm_set_security (bprm);
-}
-
-static inline int security_bprm_check (struct linux_binprm *bprm)
-{
- return 0;
-}
-
-static inline int security_bprm_secureexec (struct linux_binprm *bprm)
-{
- return cap_bprm_secureexec(bprm);
-}
-
-static inline int security_sb_alloc (struct super_block *sb)
-{
- return 0;
-}
-
-static inline void security_sb_free (struct super_block *sb)
-{ }
-
-static inline int security_sb_copy_data (struct file_system_type *type,
- void *orig, void *copy)
-{
- return 0;
-}
-
-static inline int security_sb_kern_mount (struct super_block *sb, void *data)
-{
- return 0;
-}
-
-static inline int security_sb_statfs (struct super_block *sb)
-{
- return 0;
-}
-
-static inline int security_sb_mount (char *dev_name, struct nameidata *nd,
- char *type, unsigned long flags,
- void *data)
-{
- return 0;
-}
-
-static inline int security_sb_check_sb (struct vfsmount *mnt,
- struct nameidata *nd)
-{
- return 0;
-}
-
-static inline int security_sb_umount (struct vfsmount *mnt, int flags)
-{
- return 0;
-}
-
-static inline void security_sb_umount_close (struct vfsmount *mnt)
-{ }
-
-static inline void security_sb_umount_busy (struct vfsmount *mnt)
-{ }
-
-static inline void security_sb_post_remount (struct vfsmount *mnt,
- unsigned long flags, void *data)
-{ }
-
-static inline void security_sb_post_mountroot (void)
-{ }
-
-static inline void security_sb_post_addmount (struct vfsmount *mnt,
- struct nameidata *mountpoint_nd)
-{ }
-
-static inline int security_sb_pivotroot (struct nameidata *old_nd,
- struct nameidata *new_nd)
-{
- return 0;
-}
-
-static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
- struct nameidata *new_nd)
-{ }
-
-static inline int security_inode_alloc (struct inode *inode)
-{
- return 0;
-}
-
-static inline void security_inode_free (struct inode *inode)
-{ }
-
-static inline int security_inode_create (struct inode *dir,
- struct dentry *dentry,
- int mode)
-{
- return 0;
-}
-
-static inline void security_inode_post_create (struct inode *dir,
- struct dentry *dentry,
- int mode)
-{ }
-
-static inline int security_inode_link (struct dentry *old_dentry,
- struct inode *dir,
- struct dentry *new_dentry)
-{
- return 0;
-}
-
-static inline void security_inode_post_link (struct dentry *old_dentry,
- struct inode *dir,
- struct dentry *new_dentry)
-{ }
-
-static inline int security_inode_unlink (struct inode *dir,
- struct dentry *dentry)
-{
- return 0;
-}
-
-static inline int security_inode_symlink (struct inode *dir,
- struct dentry *dentry,
- const char *old_name)
-{
- return 0;
-}
-
-static inline void security_inode_post_symlink (struct inode *dir,
- struct dentry *dentry,
- const char *old_name)
-{ }
-
-static inline int security_inode_mkdir (struct inode *dir,
- struct dentry *dentry,
- int mode)
-{
- return 0;
-}
-
-static inline void security_inode_post_mkdir (struct inode *dir,
- struct dentry *dentry,
- int mode)
-{ }
-
-static inline int security_inode_rmdir (struct inode *dir,
- struct dentry *dentry)
-{
- return 0;
-}
-
-static inline int security_inode_mknod (struct inode *dir,
- struct dentry *dentry,
- int mode, dev_t dev)
-{
- return 0;
-}
-
-static inline void security_inode_post_mknod (struct inode *dir,
- struct dentry *dentry,
- int mode, dev_t dev)
-{ }
-
-static inline int security_inode_rename (struct inode *old_dir,
- struct dentry *old_dentry,
- struct inode *new_dir,
- struct dentry *new_dentry)
-{
- return 0;
-}
-
-static inline void security_inode_post_rename (struct inode *old_dir,
- struct dentry *old_dentry,
- struct inode *new_dir,
- struct dentry *new_dentry)
-{ }
-
-static inline int security_inode_readlink (struct dentry *dentry)
-{
- return 0;
-}
-
-static inline int security_inode_follow_link (struct dentry *dentry,
- struct nameidata *nd)
-{
- return 0;
-}
-
-static inline int security_inode_permission (struct inode *inode, int mask,
- struct nameidata *nd)
-{
- return 0;
-}
-
-static inline int security_inode_setattr (struct dentry *dentry,
- struct iattr *attr)
-{
- return 0;
-}
-
-static inline int security_inode_getattr (struct vfsmount *mnt,
- struct dentry *dentry)
-{
- return 0;
-}
-
-static inline void security_inode_delete (struct inode *inode)
-{ }
-
-static inline int security_inode_setxattr (struct dentry *dentry, char *name,
- void *value, size_t size, int flags)
-{
- return cap_inode_setxattr(dentry, name, value, size, flags);
-}
-
-static inline void security_inode_post_setxattr (struct dentry *dentry, char *name,
- void *value, size_t size, int flags)
-{ }
-
-static inline int security_inode_getxattr (struct dentry *dentry, char *name)
-{
- return 0;
-}
-
-static inline int security_inode_listxattr (struct dentry *dentry)
-{
- return 0;
-}
-
-static inline int security_inode_removexattr (struct dentry *dentry, char *name)
-{
- return cap_inode_removexattr(dentry, name);
-}
-
-static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size)
-{
- return -EOPNOTSUPP;
-}
-
-static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
-{
- return -EOPNOTSUPP;
-}
-
-static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
-{
- return 0;
-}
-
-static inline int security_file_permission (struct file *file, int mask)
-{
- return 0;
-}
-
-static inline int security_file_alloc (struct file *file)
-{
- return 0;
-}
-
-static inline void security_file_free (struct file *file)
-{ }
-
-static inline int security_file_ioctl (struct file *file, unsigned int cmd,
- unsigned long arg)
-{
- return 0;
-}
-
-static inline int security_file_mmap (struct file *file, unsigned long reqprot,
- unsigned long prot,
- unsigned long flags)
-{
- return 0;
-}
-
-static inline int security_file_mprotect (struct vm_area_struct *vma,
- unsigned long reqprot,
- unsigned long prot)
-{
- return 0;
-}
-
-static inline int security_file_lock (struct file *file, unsigned int cmd)
-{
- return 0;
-}
-
-static inline int security_file_fcntl (struct file *file, unsigned int cmd,
- unsigned long arg)
-{
- return 0;
-}
-
-static inline int security_file_set_fowner (struct file *file)
-{
- return 0;
-}
-
-static inline int security_file_send_sigiotask (struct task_struct *tsk,
- struct fown_struct *fown,
- int sig)
-{
- return 0;
-}
-
-static inline int security_file_receive (struct file *file)
-{
- return 0;
-}
-
-static inline int security_task_create (unsigned long clone_flags)
-{
- return 0;
-}
-
-static inline int security_task_alloc (struct task_struct *p)
-{
- return 0;
-}
-
-static inline void security_task_free (struct task_struct *p)
-{ }
-
-static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2,
- int flags)
-{
- return 0;
-}
-
-static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid,
- uid_t old_suid, int flags)
-{
- return cap_task_post_setuid (old_ruid, old_euid, old_suid, flags);
-}
-
-static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2,
- int flags)
-{
- return 0;
-}
-
-static inline int security_task_setpgid (struct task_struct *p, pid_t pgid)
-{
- return 0;
-}
-
-static inline int security_task_getpgid (struct task_struct *p)
-{
- return 0;
-}
-
-static inline int security_task_getsid (struct task_struct *p)
-{
- return 0;
-}
-
-static inline int security_task_setgroups (struct group_info *group_info)
-{
- return 0;
-}
-
-static inline int security_task_setnice (struct task_struct *p, int nice)
-{
- return 0;
-}
-
-static inline int security_task_setrlimit (unsigned int resource,
- struct rlimit *new_rlim)
-{
- return 0;
-}
-
-static inline int security_task_setscheduler (struct task_struct *p,
- int policy,
- struct sched_param *lp)
-{
- return 0;
-}
-
-static inline int security_task_getscheduler (struct task_struct *p)
-{
- return 0;
-}
-
-static inline int security_task_kill (struct task_struct *p,
- struct siginfo *info, int sig)
-{
- return 0;
-}
-
-static inline int security_task_wait (struct task_struct *p)
-{
- return 0;
-}
-
-static inline int security_task_prctl (int option, unsigned long arg2,
- unsigned long arg3,
- unsigned long arg4,
- unsigned long arg5)
-{
- return 0;
-}
-
-static inline void security_task_reparent_to_init (struct task_struct *p)
-{
- cap_task_reparent_to_init (p);
-}
-
-static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
-{ }
-
-static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
- short flag)
-{
- return 0;
-}
-
-static inline int security_msg_msg_alloc (struct msg_msg * msg)
-{
- return 0;
-}
-
-static inline void security_msg_msg_free (struct msg_msg * msg)
-{ }
-
-static inline int security_msg_queue_alloc (struct msg_queue *msq)
-{
- return 0;
-}
-
-static inline void security_msg_queue_free (struct msg_queue *msq)
-{ }
-
-static inline int security_msg_queue_associate (struct msg_queue * msq,
- int msqflg)
-{
- return 0;
-}
-
-static inline int security_msg_queue_msgctl (struct msg_queue * msq, int cmd)
-{
- return 0;
-}
-
-static inline int security_msg_queue_msgsnd (struct msg_queue * msq,
- struct msg_msg * msg, int msqflg)
-{
- return 0;
-}
-
-static inline int security_msg_queue_msgrcv (struct msg_queue * msq,
- struct msg_msg * msg,
- struct task_struct * target,
- long type, int mode)
-{
- return 0;
-}
-
-static inline int security_shm_alloc (struct shmid_kernel *shp)
-{
- return 0;
-}
-
-static inline void security_shm_free (struct shmid_kernel *shp)
-{ }
-
-static inline int security_shm_associate (struct shmid_kernel * shp,
- int shmflg)
-{
- return 0;
-}
-
-static inline int security_shm_shmctl (struct shmid_kernel * shp, int cmd)
-{
- return 0;
-}
-
-static inline int security_shm_shmat (struct shmid_kernel * shp,
- char __user *shmaddr, int shmflg)
-{
- return 0;
-}
-
-static inline int security_sem_alloc (struct sem_array *sma)
-{
- return 0;
-}
-
-static inline void security_sem_free (struct sem_array *sma)
-{ }
-
-static inline int security_sem_associate (struct sem_array * sma, int semflg)
-{
- return 0;
-}
-
-static inline int security_sem_semctl (struct sem_array * sma, int cmd)
-{
- return 0;
-}
-
-static inline int security_sem_semop (struct sem_array * sma,
- struct sembuf * sops, unsigned nsops,
- int alter)
-{
- return 0;
-}
-
-static inline void security_d_instantiate (struct dentry *dentry, struct inode *inode)
-{ }
-
-static inline int security_getprocattr(struct task_struct *p, char *name, void *value, size_t size)
-{
- return -EINVAL;
-}
-
-static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
-{
- return -EINVAL;
-}
-
-static inline int security_netlink_send (struct sock *sk, struct sk_buff *skb)
-{
- return cap_netlink_send (sk, skb);
-}
-
-static inline int security_netlink_recv (struct sk_buff *skb)
-{
- return cap_netlink_recv (skb);
-}
-
-#endif /* CONFIG_SECURITY */
-
-#ifdef CONFIG_SECURITY_NETWORK
-static inline int security_unix_stream_connect(struct socket * sock,
- struct socket * other,
- struct sock * newsk)
-{
- return security_ops->unix_stream_connect(sock, other, newsk);
-}
-
-
-static inline int security_unix_may_send(struct socket * sock,
- struct socket * other)
-{
- return security_ops->unix_may_send(sock, other);
-}
-
-static inline int security_socket_create (int family, int type,
- int protocol, int kern)
-{
- return security_ops->socket_create(family, type, protocol, kern);
-}
-
-static inline void security_socket_post_create(struct socket * sock,
- int family,
- int type,
- int protocol, int kern)
-{
- security_ops->socket_post_create(sock, family, type,
- protocol, kern);
-}
-
-static inline int security_socket_bind(struct socket * sock,
- struct sockaddr * address,
- int addrlen)
-{
- return security_ops->socket_bind(sock, address, addrlen);
-}
-
-static inline int security_socket_connect(struct socket * sock,
- struct sockaddr * address,
- int addrlen)
-{
- return security_ops->socket_connect(sock, address, addrlen);
-}
-
-static inline int security_socket_listen(struct socket * sock, int backlog)
-{
- return security_ops->socket_listen(sock, backlog);
-}
-
-static inline int security_socket_accept(struct socket * sock,
- struct socket * newsock)
-{
- return security_ops->socket_accept(sock, newsock);
-}
-
-static inline void security_socket_post_accept(struct socket * sock,
- struct socket * newsock)
-{
- security_ops->socket_post_accept(sock, newsock);
-}
-
-static inline int security_socket_sendmsg(struct socket * sock,
- struct msghdr * msg, int size)
-{
- return security_ops->socket_sendmsg(sock, msg, size);
-}
-
-static inline int security_socket_recvmsg(struct socket * sock,
- struct msghdr * msg, int size,
- int flags)
-{
- return security_ops->socket_recvmsg(sock, msg, size, flags);
-}
-
-static inline int security_socket_getsockname(struct socket * sock)
-{
- return security_ops->socket_getsockname(sock);
-}
-
-static inline int security_socket_getpeername(struct socket * sock)
-{
- return security_ops->socket_getpeername(sock);
+#ifdef CONFIG_SECURITY_NETWORK
+ return security_ops->socket_getpeername(sock);
+#else
+ return 0;
+#endif
}
static inline int security_socket_getsockopt(struct socket * sock,
int level, int optname)
{
+#ifdef CONFIG_SECURITY_NETWORK
return security_ops->socket_getsockopt(sock, level, optname);
+#else
+ return 0;
+#endif
}
static inline int security_socket_setsockopt(struct socket * sock,
int level, int optname)
{
+#ifdef CONFIG_SECURITY_NETWORK
return security_ops->socket_setsockopt(sock, level, optname);
+#else
+ return 0;
+#endif
}
static inline int security_socket_shutdown(struct socket * sock, int how)
{
+#ifdef CONFIG_SECURITY_NETWORK
return security_ops->socket_shutdown(sock, how);
-}
-
-static inline int security_sock_rcv_skb (struct sock * sk,
- struct sk_buff * skb)
-{
- return security_ops->socket_sock_rcv_skb (sk, skb);
-}
-
-static inline int security_socket_getpeersec(struct socket *sock, char __user *optval,
- int __user *optlen, unsigned len)
-{
- return security_ops->socket_getpeersec(sock, optval, optlen, len);
-}
-
-static inline int security_sk_alloc(struct sock *sk, int family, int priority)
-{
- return security_ops->sk_alloc_security(sk, family, priority);
-}
-
-static inline void security_sk_free(struct sock *sk)
-{
- return security_ops->sk_free_security(sk);
-}
-#else /* CONFIG_SECURITY_NETWORK */
-static inline int security_unix_stream_connect(struct socket * sock,
- struct socket * other,
- struct sock * newsk)
-{
- return 0;
-}
-
-static inline int security_unix_may_send(struct socket * sock,
- struct socket * other)
-{
- return 0;
-}
-
-static inline int security_socket_create (int family, int type,
- int protocol, int kern)
-{
- return 0;
-}
-
-static inline void security_socket_post_create(struct socket * sock,
- int family,
- int type,
- int protocol, int kern)
-{
-}
-
-static inline int security_socket_bind(struct socket * sock,
- struct sockaddr * address,
- int addrlen)
-{
- return 0;
-}
-
-static inline int security_socket_connect(struct socket * sock,
- struct sockaddr * address,
- int addrlen)
-{
- return 0;
-}
-
-static inline int security_socket_listen(struct socket * sock, int backlog)
-{
- return 0;
-}
-
-static inline int security_socket_accept(struct socket * sock,
- struct socket * newsock)
-{
- return 0;
-}
-
-static inline void security_socket_post_accept(struct socket * sock,
- struct socket * newsock)
-{
-}
-
-static inline int security_socket_sendmsg(struct socket * sock,
- struct msghdr * msg, int size)
-{
- return 0;
-}
-
-static inline int security_socket_recvmsg(struct socket * sock,
- struct msghdr * msg, int size,
- int flags)
-{
- return 0;
-}
-
-static inline int security_socket_getsockname(struct socket * sock)
-{
- return 0;
-}
-
-static inline int security_socket_getpeername(struct socket * sock)
-{
- return 0;
-}
-
-static inline int security_socket_getsockopt(struct socket * sock,
- int level, int optname)
-{
- return 0;
-}
-
-static inline int security_socket_setsockopt(struct socket * sock,
- int level, int optname)
-{
+#else
return 0;
+#endif
}
-static inline int security_socket_shutdown(struct socket * sock, int how)
-{
- return 0;
-}
static inline int security_sock_rcv_skb (struct sock * sk,
struct sk_buff * skb)
{
+#ifdef CONFIG_SECURITY_NETWORK
+ return security_ops->socket_sock_rcv_skb (sk, skb);
+#else
return 0;
+#endif
}
static inline int security_socket_getpeersec(struct socket *sock, char __user *optval,
int __user *optlen, unsigned len)
{
+#ifdef CONFIG_SECURITY_NETWORK
+ return security_ops->socket_getpeersec(sock, optval, optlen, len);
+#else
return -ENOPROTOOPT;
+#endif
}
static inline int security_sk_alloc(struct sock *sk, int family, int priority)
{
+#ifdef CONFIG_SECURITY_NETWORK
+ return security_ops->sk_alloc_security(sk, family, priority);
+#else
return 0;
+#endif
}
static inline void security_sk_free(struct sock *sk)
{
+#ifdef CONFIG_SECURITY_NETWORK
+ return security_ops->sk_free_security(sk);
+#else
+ return;
+#endif
}
-#endif /* CONFIG_SECURITY_NETWORK */
-
-#endif /* ! __LINUX_SECURITY_H */
+#endif /* __LINUX_SECURITY_H */
--
^ permalink raw reply [flat|nested] 36+ messages in thread
* [PATCH 3/5] Call security hooks conditionally if the security_op is filled out.
2005-08-25 1:20 [PATCH 0/5] LSM hook updates Chris Wright
2005-08-25 1:20 ` [PATCH 1/5] Use capabilities as default w/ and w/out CONFIG_SECURITY Chris Wright
2005-08-25 1:20 ` [PATCH 2/5] Rework stubs in security.h Chris Wright
@ 2005-08-25 1:20 ` Chris Wright
2005-08-25 8:50 ` Kurt Garloff
2005-08-25 1:20 ` [PATCH 4/5] Remove unnecessary default capability callbacks Chris Wright
` (3 subsequent siblings)
6 siblings, 1 reply; 36+ messages in thread
From: Chris Wright @ 2005-08-25 1:20 UTC (permalink / raw)
To: linux-security-module; +Cc: linux-kernel, Kurt Garloff, Chris Wright
[-- Attachment #1: security-clean-stubs.patch --]
[-- Type: text/plain, Size: 47334 bytes --]
Call security hooks conditionally if the security_op is filled out.
Branches can be more efficient than the unconditional indirect function
call. Inspired by patch from Kurt Garloff <garloff@suse.de>.
Signed-off-by: Chris Wright <chrisw@osdl.org>
---
include/linux/security.h | 825 +++++++++++++++++++++++------------------------
1 files changed, 411 insertions(+), 414 deletions(-)
Index: linus-2.6/include/linux/security.h
===================================================================
--- linus-2.6.orig/include/linux/security.h
+++ linus-2.6/include/linux/security.h
@@ -1264,10 +1264,10 @@ static inline int security_init(void)
static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
{
#ifdef CONFIG_SECURITY
- return security_ops->ptrace (parent, child);
-#else
- return cap_ptrace (parent, child);
+ if (security_ops->ptrace)
+ return security_ops->ptrace(parent, child);
#endif
+ return cap_ptrace (parent, child);
}
@@ -1277,10 +1277,10 @@ static inline int security_capget (struc
kernel_cap_t *permitted)
{
#ifdef CONFIG_SECURITY
- return security_ops->capget (target, effective, inheritable, permitted);
-#else
- return cap_capget (target, effective, inheritable, permitted);
+ if (security_ops->capget)
+ return security_ops->capget(target, effective, inheritable, permitted);
#endif
+ return cap_capget (target, effective, inheritable, permitted);
}
static inline int security_capset_check (struct task_struct *target,
@@ -1289,10 +1289,10 @@ static inline int security_capset_check
kernel_cap_t *permitted)
{
#ifdef CONFIG_SECURITY
- return security_ops->capset_check (target, effective, inheritable, permitted);
-#else
+ if (security_ops->capset_check)
+ return security_ops->capset_check(target, effective, inheritable, permitted);
+#endif
return cap_capset_check (target, effective, inheritable, permitted);
-#endif
}
static inline void security_capset_set (struct task_struct *target,
@@ -1301,183 +1301,183 @@ static inline void security_capset_set (
kernel_cap_t *permitted)
{
#ifdef CONFIG_SECURITY
- security_ops->capset_set (target, effective, inheritable, permitted);
-#else
- cap_capset_set (target, effective, inheritable, permitted);
+ if (security_ops->capset_set)
+ return security_ops->capset_set(target, effective, inheritable, permitted);
#endif
+ cap_capset_set (target, effective, inheritable, permitted);
}
static inline int security_acct (struct file *file)
{
#ifdef CONFIG_SECURITY
- return security_ops->acct (file);
-#else
- return 0;
+ if (security_ops->acct)
+ return security_ops->acct(file);
#endif
+ return 0;
}
static inline int security_sysctl(struct ctl_table *table, int op)
{
#ifdef CONFIG_SECURITY
- return security_ops->sysctl(table, op);
-#else
- return 0;
+ if (security_ops->sysctl)
+ return security_ops->sysctl(table, op);
#endif
+ return 0;
}
static inline int security_quotactl (int cmds, int type, int id,
struct super_block *sb)
{
#ifdef CONFIG_SECURITY
- return security_ops->quotactl (cmds, type, id, sb);
-#else
- return 0;
+ if (security_ops->quotactl)
+ return security_ops->quotactl(cmds, type, id, sb);
#endif
+ return 0;
}
static inline int security_quota_on (struct dentry * dentry)
{
#ifdef CONFIG_SECURITY
- return security_ops->quota_on (dentry);
-#else
- return 0;
+ if (security_ops->quota_on)
+ return security_ops->quota_on(dentry);
#endif
+ return 0;
}
static inline int security_syslog(int type)
{
#ifdef CONFIG_SECURITY
- return security_ops->syslog(type);
-#else
- return cap_syslog(type);
+ if (security_ops->syslog)
+ return security_ops->syslog(type);
#endif
+ return cap_syslog(type);
}
static inline int security_settime(struct timespec *ts, struct timezone *tz)
{
#ifdef CONFIG_SECURITY
- return security_ops->settime(ts, tz);
-#else
- return cap_settime(ts, tz);
+ if (security_ops->settime)
+ return security_ops->settime(ts, tz);
#endif
+ return cap_settime(ts, tz);
}
static inline int security_vm_enough_memory(long pages)
{
#ifdef CONFIG_SECURITY
- return security_ops->vm_enough_memory(pages);
-#else
- return cap_vm_enough_memory(pages);
+ if (security_ops->vm_enough_memory)
+ return security_ops->vm_enough_memory(pages);
#endif
+ return cap_vm_enough_memory(pages);
}
static inline int security_bprm_alloc (struct linux_binprm *bprm)
{
#ifdef CONFIG_SECURITY
- return security_ops->bprm_alloc_security (bprm);
-#else
- return 0;
+ if (security_ops->bprm_alloc_security)
+ return security_ops->bprm_alloc_security(bprm);
#endif
+ return 0;
}
static inline void security_bprm_free (struct linux_binprm *bprm)
{
#ifdef CONFIG_SECURITY
- security_ops->bprm_free_security (bprm);
-#else
- return;
+ if (security_ops->bprm_free_security)
+ return security_ops->bprm_free_security(bprm);
#endif
+ return;
}
static inline void security_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
{
#ifdef CONFIG_SECURITY
- security_ops->bprm_apply_creds (bprm, unsafe);
-#else
- cap_bprm_apply_creds (bprm, unsafe);
+ if (security_ops->bprm_apply_creds)
+ return security_ops->bprm_apply_creds(bprm, unsafe);
#endif
+ cap_bprm_apply_creds (bprm, unsafe);
}
static inline void security_bprm_post_apply_creds (struct linux_binprm *bprm)
{
#ifdef CONFIG_SECURITY
- security_ops->bprm_post_apply_creds (bprm);
-#else
- return;
+ if (security_ops->bprm_post_apply_creds)
+ return security_ops->bprm_post_apply_creds(bprm);
#endif
+ return;
}
static inline int security_bprm_set (struct linux_binprm *bprm)
{
#ifdef CONFIG_SECURITY
- return security_ops->bprm_set_security (bprm);
-#else
- return cap_bprm_set_security (bprm);
+ if (security_ops->bprm_set_security)
+ return security_ops->bprm_set_security(bprm);
#endif
+ return cap_bprm_set_security (bprm);
}
static inline int security_bprm_check (struct linux_binprm *bprm)
{
#ifdef CONFIG_SECURITY
- return security_ops->bprm_check_security (bprm);
-#else
- return 0;
+ if (security_ops->bprm_check_security)
+ return security_ops->bprm_check_security(bprm);
#endif
+ return 0;
}
static inline int security_bprm_secureexec (struct linux_binprm *bprm)
{
#ifdef CONFIG_SECURITY
- return security_ops->bprm_secureexec (bprm);
-#else
- return cap_bprm_secureexec(bprm);
+ if (security_ops->bprm_secureexec)
+ return security_ops->bprm_secureexec(bprm);
#endif
+ return cap_bprm_secureexec(bprm);
}
static inline int security_sb_alloc (struct super_block *sb)
{
#ifdef CONFIG_SECURITY
- return security_ops->sb_alloc_security (sb);
-#else
- return 0;
+ if (security_ops->sb_alloc_security)
+ return security_ops->sb_alloc_security(sb);
#endif
+ return 0;
}
static inline void security_sb_free (struct super_block *sb)
{
#ifdef CONFIG_SECURITY
- security_ops->sb_free_security (sb);
-#else
- return;
+ if (security_ops->sb_free_security)
+ return security_ops->sb_free_security(sb);
#endif
+ return;
}
static inline int security_sb_copy_data (struct file_system_type *type,
void *orig, void *copy)
{
#ifdef CONFIG_SECURITY
- return security_ops->sb_copy_data (type, orig, copy);
-#else
- return 0;
+ if (security_ops->sb_copy_data)
+ return security_ops->sb_copy_data(type, orig, copy);
#endif
+ return 0;
}
static inline int security_sb_kern_mount (struct super_block *sb, void *data)
{
#ifdef CONFIG_SECURITY
- return security_ops->sb_kern_mount (sb, data);
-#else
- return 0;
+ if (security_ops->sb_kern_mount)
+ return security_ops->sb_kern_mount(sb, data);
#endif
+ return 0;
}
static inline int security_sb_statfs (struct super_block *sb)
{
#ifdef CONFIG_SECURITY
- return security_ops->sb_statfs (sb);
-#else
- return 0;
+ if (security_ops->sb_statfs)
+ return security_ops->sb_statfs(sb);
#endif
+ return 0;
}
static inline int security_sb_mount (char *dev_name, struct nameidata *nd,
@@ -1485,96 +1485,96 @@ static inline int security_sb_mount (cha
void *data)
{
#ifdef CONFIG_SECURITY
- return security_ops->sb_mount (dev_name, nd, type, flags, data);
-#else
- return 0;
+ if (security_ops->sb_mount)
+ return security_ops->sb_mount(dev_name, nd, type, flags, data);
#endif
+ return 0;
}
static inline int security_sb_check_sb (struct vfsmount *mnt,
struct nameidata *nd)
{
#ifdef CONFIG_SECURITY
- return security_ops->sb_check_sb (mnt, nd);
-#else
- return 0;
+ if (security_ops->sb_check_sb)
+ return security_ops->sb_check_sb(mnt, nd);
#endif
+ return 0;
}
static inline int security_sb_umount (struct vfsmount *mnt, int flags)
{
#ifdef CONFIG_SECURITY
- return security_ops->sb_umount (mnt, flags);
-#else
- return 0;
+ if (security_ops->sb_umount)
+ return security_ops->sb_umount(mnt, flags);
#endif
+ return 0;
}
static inline void security_sb_umount_close (struct vfsmount *mnt)
{
#ifdef CONFIG_SECURITY
- security_ops->sb_umount_close (mnt);
-#else
- return;
+ if (security_ops->sb_umount_close)
+ return security_ops->sb_umount_close(mnt);
#endif
+ return;
}
static inline void security_sb_umount_busy (struct vfsmount *mnt)
{
#ifdef CONFIG_SECURITY
- security_ops->sb_umount_busy (mnt);
-#else
- return;
+ if (security_ops->sb_umount_busy)
+ return security_ops->sb_umount_busy(mnt);
#endif
+ return;
}
static inline void security_sb_post_remount (struct vfsmount *mnt,
unsigned long flags, void *data)
{
#ifdef CONFIG_SECURITY
- security_ops->sb_post_remount (mnt, flags, data);
-#else
- return;
+ if (security_ops->sb_post_remount)
+ return security_ops->sb_post_remount(mnt, flags, data);
#endif
+ return;
}
static inline void security_sb_post_mountroot (void)
{
#ifdef CONFIG_SECURITY
- security_ops->sb_post_mountroot ();
-#else
- return;
+ if (security_ops->sb_post_mountroot)
+ return security_ops->sb_post_mountroot();
#endif
+ return;
}
static inline void security_sb_post_addmount (struct vfsmount *mnt,
struct nameidata *mountpoint_nd)
{
#ifdef CONFIG_SECURITY
- security_ops->sb_post_addmount (mnt, mountpoint_nd);
-#else
- return;
+ if (security_ops->sb_post_addmount)
+ return security_ops->sb_post_addmount(mnt, mountpoint_nd);
#endif
+ return;
}
static inline int security_sb_pivotroot (struct nameidata *old_nd,
struct nameidata *new_nd)
{
#ifdef CONFIG_SECURITY
- return security_ops->sb_pivotroot (old_nd, new_nd);
-#else
- return 0;
+ if (security_ops->sb_pivotroot)
+ return security_ops->sb_pivotroot(old_nd, new_nd);
#endif
+ return 0;
}
static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
struct nameidata *new_nd)
{
#ifdef CONFIG_SECURITY
- security_ops->sb_post_pivotroot (old_nd, new_nd);
-#else
- return;
+ if (security_ops->sb_post_pivotroot)
+ return security_ops->sb_post_pivotroot(old_nd, new_nd);
#endif
+ return;
}
static inline int security_inode_alloc (struct inode *inode)
@@ -1582,10 +1582,10 @@ static inline int security_inode_alloc (
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (inode)))
return 0;
- return security_ops->inode_alloc_security (inode);
-#else
- return 0;
+ if (security_ops->inode_alloc_security)
+ return security_ops->inode_alloc_security(inode);
#endif
+ return 0;
}
static inline void security_inode_free (struct inode *inode)
@@ -1593,10 +1593,10 @@ static inline void security_inode_free (
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (inode)))
return;
- security_ops->inode_free_security (inode);
-#else
- return;
+ if (security_ops->inode_free_security)
+ return security_ops->inode_free_security(inode);
#endif
+ return;
}
static inline int security_inode_create (struct inode *dir,
@@ -1606,10 +1606,10 @@ static inline int security_inode_create
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dir)))
return 0;
- return security_ops->inode_create (dir, dentry, mode);
-#else
- return 0;
+ if (security_ops->inode_create)
+ return security_ops->inode_create(dir, dentry, mode);
#endif
+ return 0;
}
static inline void security_inode_post_create (struct inode *dir,
@@ -1619,10 +1619,10 @@ static inline void security_inode_post_c
#ifdef CONFIG_SECURITY
if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
return;
- security_ops->inode_post_create (dir, dentry, mode);
-#else
- return;
+ if (security_ops->inode_post_create)
+ return security_ops->inode_post_create(dir, dentry, mode);
#endif
+ return;
}
static inline int security_inode_link (struct dentry *old_dentry,
@@ -1632,10 +1632,10 @@ static inline int security_inode_link (s
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (old_dentry->d_inode)))
return 0;
- return security_ops->inode_link (old_dentry, dir, new_dentry);
-#else
- return 0;
+ if (security_ops->inode_link)
+ return security_ops->inode_link(old_dentry, dir, new_dentry);
#endif
+ return 0;
}
static inline void security_inode_post_link (struct dentry *old_dentry,
@@ -1645,10 +1645,10 @@ static inline void security_inode_post_l
#ifdef CONFIG_SECURITY
if (new_dentry->d_inode && unlikely (IS_PRIVATE (new_dentry->d_inode)))
return;
- security_ops->inode_post_link (old_dentry, dir, new_dentry);
-#else
- return;
+ if (security_ops->inode_post_link)
+ return security_ops->inode_post_link(old_dentry, dir, new_dentry);
#endif
+ return;
}
static inline int security_inode_unlink (struct inode *dir,
@@ -1657,10 +1657,10 @@ static inline int security_inode_unlink
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
- return security_ops->inode_unlink (dir, dentry);
-#else
- return 0;
+ if (security_ops->inode_unlink)
+ return security_ops->inode_unlink(dir, dentry);
#endif
+ return 0;
}
static inline int security_inode_symlink (struct inode *dir,
@@ -1670,10 +1670,10 @@ static inline int security_inode_symlink
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dir)))
return 0;
- return security_ops->inode_symlink (dir, dentry, old_name);
-#else
- return 0;
+ if (security_ops->inode_symlink)
+ return security_ops->inode_symlink(dir, dentry, old_name);
#endif
+ return 0;
}
static inline void security_inode_post_symlink (struct inode *dir,
@@ -1683,10 +1683,10 @@ static inline void security_inode_post_s
#ifdef CONFIG_SECURITY
if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
return;
- security_ops->inode_post_symlink (dir, dentry, old_name);
-#else
- return;
+ if (security_ops->inode_post_symlink)
+ return security_ops->inode_post_symlink(dir, dentry, old_name);
#endif
+ return;
}
static inline int security_inode_mkdir (struct inode *dir,
@@ -1696,10 +1696,10 @@ static inline int security_inode_mkdir (
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dir)))
return 0;
- return security_ops->inode_mkdir (dir, dentry, mode);
-#else
- return 0;
+ if (security_ops->inode_mkdir)
+ return security_ops->inode_mkdir(dir, dentry, mode);
#endif
+ return 0;
}
static inline void security_inode_post_mkdir (struct inode *dir,
@@ -1709,10 +1709,10 @@ static inline void security_inode_post_m
#ifdef CONFIG_SECURITY
if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
return;
- security_ops->inode_post_mkdir (dir, dentry, mode);
-#else
- return;
+ if (security_ops->inode_post_mkdir)
+ return security_ops->inode_post_mkdir(dir, dentry, mode);
#endif
+ return;
}
static inline int security_inode_rmdir (struct inode *dir,
@@ -1721,10 +1721,10 @@ static inline int security_inode_rmdir (
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
- return security_ops->inode_rmdir (dir, dentry);
-#else
- return 0;
+ if (security_ops->inode_rmdir)
+ return security_ops->inode_rmdir(dir, dentry);
#endif
+ return 0;
}
static inline int security_inode_mknod (struct inode *dir,
@@ -1734,10 +1734,10 @@ static inline int security_inode_mknod (
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dir)))
return 0;
- return security_ops->inode_mknod (dir, dentry, mode, dev);
-#else
- return 0;
+ if (security_ops->inode_mknod)
+ return security_ops->inode_mknod(dir, dentry, mode, dev);
#endif
+ return 0;
}
static inline void security_inode_post_mknod (struct inode *dir,
@@ -1747,10 +1747,10 @@ static inline void security_inode_post_m
#ifdef CONFIG_SECURITY
if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
return;
- security_ops->inode_post_mknod (dir, dentry, mode, dev);
-#else
- return;
+ if (security_ops->inode_post_mknod)
+ return security_ops->inode_post_mknod(dir, dentry, mode, dev);
#endif
+ return;
}
static inline int security_inode_rename (struct inode *old_dir,
@@ -1762,11 +1762,10 @@ static inline int security_inode_rename
if (unlikely (IS_PRIVATE (old_dentry->d_inode) ||
(new_dentry->d_inode && IS_PRIVATE (new_dentry->d_inode))))
return 0;
- return security_ops->inode_rename (old_dir, old_dentry,
- new_dir, new_dentry);
-#else
- return 0;
+ if (security_ops->inode_rename)
+ return security_ops->inode_rename(old_dir, old_dentry, new_dir, new_dentry);
#endif
+ return 0;
}
static inline void security_inode_post_rename (struct inode *old_dir,
@@ -1778,11 +1777,10 @@ static inline void security_inode_post_r
if (unlikely (IS_PRIVATE (old_dentry->d_inode) ||
(new_dentry->d_inode && IS_PRIVATE (new_dentry->d_inode))))
return;
- security_ops->inode_post_rename (old_dir, old_dentry,
- new_dir, new_dentry);
-#else
- return;
+ if (security_ops->inode_post_rename)
+ return security_ops->inode_post_rename(old_dir, old_dentry, new_dir, new_dentry);
#endif
+ return;
}
static inline int security_inode_readlink (struct dentry *dentry)
@@ -1790,10 +1788,10 @@ static inline int security_inode_readlin
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
- return security_ops->inode_readlink (dentry);
-#else
- return 0;
+ if (security_ops->inode_readlink)
+ return security_ops->inode_readlink(dentry);
#endif
+ return 0;
}
static inline int security_inode_follow_link (struct dentry *dentry,
@@ -1802,10 +1800,10 @@ static inline int security_inode_follow_
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
- return security_ops->inode_follow_link (dentry, nd);
-#else
- return 0;
+ if (security_ops->inode_follow_link)
+ return security_ops->inode_follow_link(dentry, nd);
#endif
+ return 0;
}
static inline int security_inode_permission (struct inode *inode, int mask,
@@ -1814,10 +1812,10 @@ static inline int security_inode_permiss
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (inode)))
return 0;
- return security_ops->inode_permission (inode, mask, nd);
-#else
- return 0;
+ if (security_ops->inode_permission)
+ return security_ops->inode_permission(inode, mask, nd);
#endif
+ return 0;
}
static inline int security_inode_setattr (struct dentry *dentry,
@@ -1826,10 +1824,10 @@ static inline int security_inode_setattr
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
- return security_ops->inode_setattr (dentry, attr);
-#else
- return 0;
+ if (security_ops->inode_setattr)
+ return security_ops->inode_setattr(dentry, attr);
#endif
+ return 0;
}
static inline int security_inode_getattr (struct vfsmount *mnt,
@@ -1838,10 +1836,10 @@ static inline int security_inode_getattr
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
- return security_ops->inode_getattr (mnt, dentry);
-#else
- return 0;
+ if (security_ops->inode_getattr)
+ return security_ops->inode_getattr(mnt, dentry);
#endif
+ return 0;
}
static inline void security_inode_delete (struct inode *inode)
@@ -1849,10 +1847,10 @@ static inline void security_inode_delete
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (inode)))
return;
- security_ops->inode_delete (inode);
-#else
- return;
+ if (security_ops->inode_delete)
+ return security_ops->inode_delete(inode);
#endif
+ return;
}
static inline int security_inode_setxattr (struct dentry *dentry, char *name,
@@ -1861,10 +1859,10 @@ static inline int security_inode_setxatt
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
- return security_ops->inode_setxattr (dentry, name, value, size, flags);
-#else
- return cap_inode_setxattr(dentry, name, value, size, flags);
+ if (security_ops->inode_setxattr)
+ return security_ops->inode_setxattr(dentry, name, value, size, flags);
#endif
+ return cap_inode_setxattr(dentry, name, value, size, flags);
}
static inline void security_inode_post_setxattr (struct dentry *dentry, char *name,
@@ -1873,10 +1871,10 @@ static inline void security_inode_post_s
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return;
- security_ops->inode_post_setxattr (dentry, name, value, size, flags);
-#else
- return;
+ if (security_ops->inode_post_setxattr)
+ return security_ops->inode_post_setxattr(dentry, name, value, size, flags);
#endif
+ return;
}
static inline int security_inode_getxattr (struct dentry *dentry, char *name)
@@ -1884,10 +1882,10 @@ static inline int security_inode_getxatt
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
- return security_ops->inode_getxattr (dentry, name);
-#else
- return 0;
+ if (security_ops->inode_getxattr)
+ return security_ops->inode_getxattr(dentry, name);
#endif
+ return 0;
}
static inline int security_inode_listxattr (struct dentry *dentry)
@@ -1895,10 +1893,10 @@ static inline int security_inode_listxat
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
- return security_ops->inode_listxattr (dentry);
-#else
- return 0;
+ if (security_ops->inode_listxattr)
+ return security_ops->inode_listxattr(dentry);
#endif
+ return 0;
}
static inline int security_inode_removexattr (struct dentry *dentry, char *name)
@@ -1906,10 +1904,10 @@ static inline int security_inode_removex
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (dentry->d_inode)))
return 0;
- return security_ops->inode_removexattr (dentry, name);
-#else
- return cap_inode_removexattr(dentry, name);
+ if (security_ops->inode_removexattr)
+ return security_ops->inode_removexattr(dentry, name);
#endif
+ return cap_inode_removexattr(dentry, name);
}
static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size)
@@ -1917,10 +1915,10 @@ static inline int security_inode_getsecu
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (inode)))
return 0;
- return security_ops->inode_getsecurity(inode, name, buffer, size);
-#else
- return -EOPNOTSUPP;
+ if (security_ops->inode_getsecurity)
+ return security_ops->inode_getsecurity(inode, name, buffer, size);
#endif
+ return -EOPNOTSUPP;
}
static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
@@ -1928,10 +1926,10 @@ static inline int security_inode_setsecu
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (inode)))
return 0;
- return security_ops->inode_setsecurity(inode, name, value, size, flags);
-#else
- return -EOPNOTSUPP;
+ if (security_ops->inode_setsecurity)
+ return security_ops->inode_setsecurity(inode, name, value, size, flags);
#endif
+ return -EOPNOTSUPP;
}
static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
@@ -1939,47 +1937,47 @@ static inline int security_inode_listsec
#ifdef CONFIG_SECURITY
if (unlikely (IS_PRIVATE (inode)))
return 0;
- return security_ops->inode_listsecurity(inode, buffer, buffer_size);
-#else
- return 0;
+ if (security_ops->inode_listsecurity)
+ return security_ops->inode_listsecurity(inode, buffer, buffer_size);
#endif
+ return 0;
}
static inline int security_file_permission (struct file *file, int mask)
{
#ifdef CONFIG_SECURITY
- return security_ops->file_permission (file, mask);
-#else
- return 0;
+ if (security_ops->file_permission)
+ return security_ops->file_permission(file, mask);
#endif
+ return 0;
}
static inline int security_file_alloc (struct file *file)
{
#ifdef CONFIG_SECURITY
- return security_ops->file_alloc_security (file);
-#else
- return 0;
+ if (security_ops->file_alloc_security)
+ return security_ops->file_alloc_security(file);
#endif
+ return 0;
}
static inline void security_file_free (struct file *file)
{
#ifdef CONFIG_SECURITY
- security_ops->file_free_security (file);
-#else
- return;
+ if (security_ops->file_free_security)
+ return security_ops->file_free_security(file);
#endif
+ return;
}
static inline int security_file_ioctl (struct file *file, unsigned int cmd,
unsigned long arg)
{
#ifdef CONFIG_SECURITY
- return security_ops->file_ioctl (file, cmd, arg);
-#else
- return 0;
+ if (security_ops->file_ioctl)
+ return security_ops->file_ioctl(file, cmd, arg);
#endif
+ return 0;
}
static inline int security_file_mmap (struct file *file, unsigned long reqprot,
@@ -1987,10 +1985,10 @@ static inline int security_file_mmap (st
unsigned long flags)
{
#ifdef CONFIG_SECURITY
- return security_ops->file_mmap (file, reqprot, prot, flags);
-#else
- return 0;
+ if (security_ops->file_mmap)
+ return security_ops->file_mmap(file, reqprot, prot, flags);
#endif
+ return 0;
}
static inline int security_file_mprotect (struct vm_area_struct *vma,
@@ -1998,38 +1996,38 @@ static inline int security_file_mprotect
unsigned long prot)
{
#ifdef CONFIG_SECURITY
- return security_ops->file_mprotect (vma, reqprot, prot);
-#else
- return 0;
+ if (security_ops->file_mprotect)
+ return security_ops->file_mprotect(vma, reqprot, prot);
#endif
+ return 0;
}
static inline int security_file_lock (struct file *file, unsigned int cmd)
{
#ifdef CONFIG_SECURITY
- return security_ops->file_lock (file, cmd);
-#else
- return 0;
+ if (security_ops->file_lock)
+ return security_ops->file_lock(file, cmd);
#endif
+ return 0;
}
static inline int security_file_fcntl (struct file *file, unsigned int cmd,
unsigned long arg)
{
#ifdef CONFIG_SECURITY
- return security_ops->file_fcntl (file, cmd, arg);
-#else
- return 0;
+ if (security_ops->file_fcntl)
+ return security_ops->file_fcntl(file, cmd, arg);
#endif
+ return 0;
}
static inline int security_file_set_fowner (struct file *file)
{
#ifdef CONFIG_SECURITY
- return security_ops->file_set_fowner (file);
-#else
- return 0;
+ if (security_ops->file_set_fowner)
+ return security_ops->file_set_fowner(file);
#endif
+ return 0;
}
static inline int security_file_send_sigiotask (struct task_struct *tsk,
@@ -2037,131 +2035,131 @@ static inline int security_file_send_sig
int sig)
{
#ifdef CONFIG_SECURITY
- return security_ops->file_send_sigiotask (tsk, fown, sig);
-#else
- return 0;
+ if (security_ops->file_send_sigiotask)
+ return security_ops->file_send_sigiotask(tsk, fown, sig);
#endif
+ return 0;
}
static inline int security_file_receive (struct file *file)
{
#ifdef CONFIG_SECURITY
- return security_ops->file_receive (file);
-#else
- return 0;
+ if (security_ops->file_receive)
+ return security_ops->file_receive(file);
#endif
+ return 0;
}
static inline int security_task_create (unsigned long clone_flags)
{
#ifdef CONFIG_SECURITY
- return security_ops->task_create (clone_flags);
-#else
- return 0;
+ if (security_ops->task_create)
+ return security_ops->task_create(clone_flags);
#endif
+ return 0;
}
static inline int security_task_alloc (struct task_struct *p)
{
#ifdef CONFIG_SECURITY
- return security_ops->task_alloc_security (p);
-#else
- return 0;
+ if (security_ops->task_alloc_security)
+ return security_ops->task_alloc_security(p);
#endif
+ return 0;
}
static inline void security_task_free (struct task_struct *p)
{
#ifdef CONFIG_SECURITY
- security_ops->task_free_security (p);
-#else
- return;
+ if (security_ops->task_free_security)
+ return security_ops->task_free_security(p);
#endif
+ return;
}
static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2,
int flags)
{
#ifdef CONFIG_SECURITY
- return security_ops->task_setuid (id0, id1, id2, flags);
-#else
- return 0;
+ if (security_ops->task_setuid)
+ return security_ops->task_setuid(id0, id1, id2, flags);
#endif
+ return 0;
}
static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid,
uid_t old_suid, int flags)
{
#ifdef CONFIG_SECURITY
- return security_ops->task_post_setuid (old_ruid, old_euid, old_suid, flags);
-#else
- return cap_task_post_setuid (old_ruid, old_euid, old_suid, flags);
+ if (security_ops->task_post_setuid)
+ return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, flags);
#endif
+ return cap_task_post_setuid (old_ruid, old_euid, old_suid, flags);
}
static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2,
int flags)
{
#ifdef CONFIG_SECURITY
- return security_ops->task_setgid (id0, id1, id2, flags);
-#else
- return 0;
+ if (security_ops->task_setgid)
+ return security_ops->task_setgid(id0, id1, id2, flags);
#endif
+ return 0;
}
static inline int security_task_setpgid (struct task_struct *p, pid_t pgid)
{
#ifdef CONFIG_SECURITY
- return security_ops->task_setpgid (p, pgid);
-#else
- return 0;
+ if (security_ops->task_setpgid)
+ return security_ops->task_setpgid(p, pgid);
#endif
+ return 0;
}
static inline int security_task_getpgid (struct task_struct *p)
{
#ifdef CONFIG_SECURITY
- return security_ops->task_getpgid (p);
-#else
- return 0;
+ if (security_ops->task_getpgid)
+ return security_ops->task_getpgid(p);
#endif
+ return 0;
}
static inline int security_task_getsid (struct task_struct *p)
{
#ifdef CONFIG_SECURITY
- return security_ops->task_getsid (p);
-#else
- return 0;
+ if (security_ops->task_getsid)
+ return security_ops->task_getsid(p);
#endif
+ return 0;
}
static inline int security_task_setgroups (struct group_info *group_info)
{
#ifdef CONFIG_SECURITY
- return security_ops->task_setgroups (group_info);
-#else
- return 0;
+ if (security_ops->task_setgroups)
+ return security_ops->task_setgroups(group_info);
#endif
+ return 0;
}
static inline int security_task_setnice (struct task_struct *p, int nice)
{
#ifdef CONFIG_SECURITY
- return security_ops->task_setnice (p, nice);
-#else
- return 0;
+ if (security_ops->task_setnice)
+ return security_ops->task_setnice(p, nice);
#endif
+ return 0;
}
static inline int security_task_setrlimit (unsigned int resource,
struct rlimit *new_rlim)
{
#ifdef CONFIG_SECURITY
- return security_ops->task_setrlimit (resource, new_rlim);
-#else
- return 0;
+ if (security_ops->task_setrlimit)
+ return security_ops->task_setrlimit(resource, new_rlim);
#endif
+ return 0;
}
static inline int security_task_setscheduler (struct task_struct *p,
@@ -2169,38 +2167,38 @@ static inline int security_task_setsched
struct sched_param *lp)
{
#ifdef CONFIG_SECURITY
- return security_ops->task_setscheduler (p, policy, lp);
-#else
- return 0;
+ if (security_ops->task_setscheduler)
+ return security_ops->task_setscheduler(p, policy, lp);
#endif
+ return 0;
}
static inline int security_task_getscheduler (struct task_struct *p)
{
#ifdef CONFIG_SECURITY
- return security_ops->task_getscheduler (p);
-#else
- return 0;
+ if (security_ops->task_getscheduler)
+ return security_ops->task_getscheduler(p);
#endif
+ return 0;
}
static inline int security_task_kill (struct task_struct *p,
struct siginfo *info, int sig)
{
#ifdef CONFIG_SECURITY
- return security_ops->task_kill (p, info, sig);
-#else
- return 0;
+ if (security_ops->task_kill)
+ return security_ops->task_kill(p, info, sig);
#endif
+ return 0;
}
static inline int security_task_wait (struct task_struct *p)
{
#ifdef CONFIG_SECURITY
- return security_ops->task_wait (p);
-#else
- return 0;
+ if (security_ops->task_wait)
+ return security_ops->task_wait(p);
#endif
+ return 0;
}
static inline int security_task_prctl (int option, unsigned long arg2,
@@ -2209,103 +2207,103 @@ static inline int security_task_prctl (i
unsigned long arg5)
{
#ifdef CONFIG_SECURITY
- return security_ops->task_prctl (option, arg2, arg3, arg4, arg5);
-#else
- return 0;
+ if (security_ops->task_prctl)
+ return security_ops->task_prctl(option, arg2, arg3, arg4, arg5);
#endif
+ return 0;
}
static inline void security_task_reparent_to_init (struct task_struct *p)
{
#ifdef CONFIG_SECURITY
- security_ops->task_reparent_to_init (p);
-#else
- cap_task_reparent_to_init (p);
+ if (security_ops->task_reparent_to_init)
+ return security_ops->task_reparent_to_init(p);
#endif
+ cap_task_reparent_to_init (p);
}
static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
{
#ifdef CONFIG_SECURITY
- security_ops->task_to_inode(p, inode);
-#else
- return;
+ if (security_ops->task_to_inode)
+ return security_ops->task_to_inode(p, inode);
#endif
+ return;
}
static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
short flag)
{
#ifdef CONFIG_SECURITY
- return security_ops->ipc_permission (ipcp, flag);
-#else
- return 0;
+ if (security_ops->ipc_permission)
+ return security_ops->ipc_permission(ipcp, flag);
#endif
+ return 0;
}
static inline int security_msg_msg_alloc (struct msg_msg * msg)
{
#ifdef CONFIG_SECURITY
- return security_ops->msg_msg_alloc_security (msg);
-#else
- return 0;
+ if (security_ops->msg_msg_alloc_security)
+ return security_ops->msg_msg_alloc_security(msg);
#endif
+ return 0;
}
static inline void security_msg_msg_free (struct msg_msg * msg)
{
#ifdef CONFIG_SECURITY
- security_ops->msg_msg_free_security(msg);
-#else
- return;
+ if (security_ops->msg_msg_free_security)
+ return security_ops->msg_msg_free_security(msg);
#endif
+ return;
}
static inline int security_msg_queue_alloc (struct msg_queue *msq)
{
#ifdef CONFIG_SECURITY
- return security_ops->msg_queue_alloc_security (msq);
-#else
- return 0;
+ if (security_ops->msg_queue_alloc_security)
+ return security_ops->msg_queue_alloc_security(msq);
#endif
+ return 0;
}
static inline void security_msg_queue_free (struct msg_queue *msq)
{
#ifdef CONFIG_SECURITY
- security_ops->msg_queue_free_security (msq);
-#else
- return;
+ if (security_ops->msg_queue_free_security)
+ return security_ops->msg_queue_free_security(msq);
#endif
+ return;
}
static inline int security_msg_queue_associate (struct msg_queue * msq,
int msqflg)
{
#ifdef CONFIG_SECURITY
- return security_ops->msg_queue_associate (msq, msqflg);
-#else
- return 0;
+ if (security_ops->msg_queue_associate)
+ return security_ops->msg_queue_associate(msq, msqflg);
#endif
+ return 0;
}
static inline int security_msg_queue_msgctl (struct msg_queue * msq, int cmd)
{
#ifdef CONFIG_SECURITY
- return security_ops->msg_queue_msgctl (msq, cmd);
-#else
- return 0;
+ if (security_ops->msg_queue_msgctl)
+ return security_ops->msg_queue_msgctl(msq, cmd);
#endif
+ return 0;
}
static inline int security_msg_queue_msgsnd (struct msg_queue * msq,
struct msg_msg * msg, int msqflg)
{
#ifdef CONFIG_SECURITY
- return security_ops->msg_queue_msgsnd (msq, msg, msqflg);
-#else
- return 0;
+ if (security_ops->msg_queue_msgsnd)
+ return security_ops->msg_queue_msgsnd(msq, msg, msqflg);
#endif
+ return 0;
}
static inline int security_msg_queue_msgrcv (struct msg_queue * msq,
@@ -2314,93 +2312,93 @@ static inline int security_msg_queue_msg
long type, int mode)
{
#ifdef CONFIG_SECURITY
- return security_ops->msg_queue_msgrcv (msq, msg, target, type, mode);
-#else
- return 0;
+ if (security_ops->msg_queue_msgrcv)
+ return security_ops->msg_queue_msgrcv(msq, msg, target, type, mode);
#endif
+ return 0;
}
static inline int security_shm_alloc (struct shmid_kernel *shp)
{
#ifdef CONFIG_SECURITY
- return security_ops->shm_alloc_security (shp);
-#else
- return 0;
+ if (security_ops->shm_alloc_security)
+ return security_ops->shm_alloc_security(shp);
#endif
+ return 0;
}
static inline void security_shm_free (struct shmid_kernel *shp)
{
#ifdef CONFIG_SECURITY
- security_ops->shm_free_security (shp);
-#else
- return;
+ if (security_ops->shm_free_security)
+ return security_ops->shm_free_security(shp);
#endif
+ return;
}
static inline int security_shm_associate (struct shmid_kernel * shp,
int shmflg)
{
#ifdef CONFIG_SECURITY
- return security_ops->shm_associate(shp, shmflg);
-#else
- return 0;
+ if (security_ops->shm_associate)
+ return security_ops->shm_associate(shp, shmflg);
#endif
+ return 0;
}
static inline int security_shm_shmctl (struct shmid_kernel * shp, int cmd)
{
#ifdef CONFIG_SECURITY
- return security_ops->shm_shmctl (shp, cmd);
-#else
- return 0;
+ if (security_ops->shm_shmctl)
+ return security_ops->shm_shmctl(shp, cmd);
#endif
+ return 0;
}
static inline int security_shm_shmat (struct shmid_kernel * shp,
char __user *shmaddr, int shmflg)
{
#ifdef CONFIG_SECURITY
- return security_ops->shm_shmat(shp, shmaddr, shmflg);
-#else
- return 0;
+ if (security_ops->shm_shmat)
+ return security_ops->shm_shmat(shp, shmaddr, shmflg);
#endif
+ return 0;
}
static inline int security_sem_alloc (struct sem_array *sma)
{
#ifdef CONFIG_SECURITY
- return security_ops->sem_alloc_security (sma);
-#else
- return 0;
+ if (security_ops->sem_alloc_security)
+ return security_ops->sem_alloc_security(sma);
#endif
+ return 0;
}
static inline void security_sem_free (struct sem_array *sma)
{
#ifdef CONFIG_SECURITY
- security_ops->sem_free_security (sma);
-#else
- return;
+ if (security_ops->sem_free_security)
+ return security_ops->sem_free_security(sma);
#endif
+ return;
}
static inline int security_sem_associate (struct sem_array * sma, int semflg)
{
#ifdef CONFIG_SECURITY
- return security_ops->sem_associate (sma, semflg);
-#else
- return 0;
+ if (security_ops->sem_associate)
+ return security_ops->sem_associate(sma, semflg);
#endif
+ return 0;
}
static inline int security_sem_semctl (struct sem_array * sma, int cmd)
{
#ifdef CONFIG_SECURITY
- return security_ops->sem_semctl(sma, cmd);
-#else
- return 0;
+ if (security_ops->sem_semctl)
+ return security_ops->sem_semctl(sma, cmd);
#endif
+ return 0;
}
static inline int security_sem_semop (struct sem_array * sma,
@@ -2408,10 +2406,10 @@ static inline int security_sem_semop (st
int alter)
{
#ifdef CONFIG_SECURITY
- return security_ops->sem_semop(sma, sops, nsops, alter);
-#else
- return 0;
+ if (security_ops->sem_semop)
+ return security_ops->sem_semop(sma, sops, nsops, alter);
#endif
+ return 0;
}
static inline void security_d_instantiate (struct dentry *dentry, struct inode *inode)
@@ -2419,46 +2417,46 @@ static inline void security_d_instantiat
#ifdef CONFIG_SECURITY
if (unlikely (inode && IS_PRIVATE (inode)))
return;
- security_ops->d_instantiate (dentry, inode);
-#else
- return;
+ if (security_ops->d_instantiate)
+ return security_ops->d_instantiate(dentry, inode);
#endif
+ return;
}
static inline int security_getprocattr(struct task_struct *p, char *name, void *value, size_t size)
{
#ifdef CONFIG_SECURITY
- return security_ops->getprocattr(p, name, value, size);
-#else
- return -EINVAL;
+ if (security_ops->getprocattr)
+ return security_ops->getprocattr(p, name, value, size);
#endif
+ return -EINVAL;
}
static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
{
#ifdef CONFIG_SECURITY
- return security_ops->setprocattr(p, name, value, size);
-#else
- return -EINVAL;
+ if (security_ops->setprocattr)
+ return security_ops->setprocattr(p, name, value, size);
#endif
+ return -EINVAL;
}
static inline int security_netlink_send(struct sock *sk, struct sk_buff * skb)
{
#ifdef CONFIG_SECURITY
- return security_ops->netlink_send(sk, skb);
-#else
- return cap_netlink_send (sk, skb);
+ if (security_ops->netlink_send)
+ return security_ops->netlink_send(sk, skb);
#endif
+ return cap_netlink_send (sk, skb);
}
static inline int security_netlink_recv(struct sk_buff * skb)
{
#ifdef CONFIG_SECURITY
- return security_ops->netlink_recv(skb);
-#else
- return cap_netlink_recv (skb);
+ if (security_ops->netlink_recv)
+ return security_ops->netlink_recv(skb);
#endif
+ return cap_netlink_recv (skb);
}
static inline int security_unix_stream_connect(struct socket * sock,
@@ -2466,10 +2464,10 @@ static inline int security_unix_stream_c
struct sock * newsk)
{
#ifdef CONFIG_SECURITY_NETWORK
- return security_ops->unix_stream_connect(sock, other, newsk);
-#else
- return 0;
+ if (security_ops->unix_stream_connect)
+ return security_ops->unix_stream_connect(sock, other, newsk);
#endif
+ return 0;
}
@@ -2477,20 +2475,20 @@ static inline int security_unix_may_send
struct socket * other)
{
#ifdef CONFIG_SECURITY_NETWORK
- return security_ops->unix_may_send(sock, other);
-#else
- return 0;
+ if (security_ops->unix_may_send)
+ return security_ops->unix_may_send(sock, other);
#endif
+ return 0;
}
static inline int security_socket_create (int family, int type,
int protocol, int kern)
{
#ifdef CONFIG_SECURITY_NETWORK
- return security_ops->socket_create(family, type, protocol, kern);
-#else
- return 0;
+ if (security_ops->socket_create)
+ return security_ops->socket_create(family, type, protocol, kern);
#endif
+ return 0;
}
static inline void security_socket_post_create(struct socket * sock,
@@ -2499,11 +2497,10 @@ static inline void security_socket_post_
int protocol, int kern)
{
#ifdef CONFIG_SECURITY_NETWORK
- security_ops->socket_post_create(sock, family, type,
- protocol, kern);
-#else
- return;
+ if (security_ops->socket_post_create)
+ return security_ops->socket_post_create(sock, family, type, protocol, kern);
#endif
+ return;
}
static inline int security_socket_bind(struct socket * sock,
@@ -2511,10 +2508,10 @@ static inline int security_socket_bind(s
int addrlen)
{
#ifdef CONFIG_SECURITY_NETWORK
- return security_ops->socket_bind(sock, address, addrlen);
-#else
- return 0;
+ if (security_ops->socket_bind)
+ return security_ops->socket_bind(sock, address, addrlen);
#endif
+ return 0;
}
static inline int security_socket_connect(struct socket * sock,
@@ -2522,49 +2519,49 @@ static inline int security_socket_connec
int addrlen)
{
#ifdef CONFIG_SECURITY_NETWORK
- return security_ops->socket_connect(sock, address, addrlen);
-#else
- return 0;
+ if (security_ops->socket_connect)
+ return security_ops->socket_connect(sock, address, addrlen);
#endif
+ return 0;
}
static inline int security_socket_listen(struct socket * sock, int backlog)
{
#ifdef CONFIG_SECURITY_NETWORK
- return security_ops->socket_listen(sock, backlog);
-#else
- return 0;
+ if (security_ops->socket_listen)
+ return security_ops->socket_listen(sock, backlog);
#endif
+ return 0;
}
static inline int security_socket_accept(struct socket * sock,
struct socket * newsock)
{
#ifdef CONFIG_SECURITY_NETWORK
- return security_ops->socket_accept(sock, newsock);
-#else
- return 0;
+ if (security_ops->socket_accept)
+ return security_ops->socket_accept(sock, newsock);
#endif
+ return 0;
}
static inline void security_socket_post_accept(struct socket * sock,
struct socket * newsock)
{
#ifdef CONFIG_SECURITY_NETWORK
- security_ops->socket_post_accept(sock, newsock);
-#else
- return;
+ if (security_ops->socket_post_accept)
+ return security_ops->socket_post_accept(sock, newsock);
#endif
+ return;
}
static inline int security_socket_sendmsg(struct socket * sock,
struct msghdr * msg, int size)
{
#ifdef CONFIG_SECURITY_NETWORK
- return security_ops->socket_sendmsg(sock, msg, size);
-#else
- return 0;
+ if (security_ops->socket_sendmsg)
+ return security_ops->socket_sendmsg(sock, msg, size);
#endif
+ return 0;
}
static inline int security_socket_recvmsg(struct socket * sock,
@@ -2572,95 +2569,95 @@ static inline int security_socket_recvms
int flags)
{
#ifdef CONFIG_SECURITY_NETWORK
- return security_ops->socket_recvmsg(sock, msg, size, flags);
-#else
- return 0;
+ if (security_ops->socket_recvmsg)
+ return security_ops->socket_recvmsg(sock, msg, size, flags);
#endif
+ return 0;
}
static inline int security_socket_getsockname(struct socket * sock)
{
#ifdef CONFIG_SECURITY_NETWORK
- return security_ops->socket_getsockname(sock);
-#else
- return 0;
+ if (security_ops->socket_getsockname)
+ return security_ops->socket_getsockname(sock);
#endif
+ return 0;
}
static inline int security_socket_getpeername(struct socket * sock)
{
#ifdef CONFIG_SECURITY_NETWORK
- return security_ops->socket_getpeername(sock);
-#else
- return 0;
+ if (security_ops->socket_getpeername)
+ return security_ops->socket_getpeername(sock);
#endif
+ return 0;
}
static inline int security_socket_getsockopt(struct socket * sock,
int level, int optname)
{
#ifdef CONFIG_SECURITY_NETWORK
- return security_ops->socket_getsockopt(sock, level, optname);
-#else
- return 0;
+ if (security_ops->socket_getsockopt)
+ return security_ops->socket_getsockopt(sock, level, optname);
#endif
+ return 0;
}
static inline int security_socket_setsockopt(struct socket * sock,
int level, int optname)
{
#ifdef CONFIG_SECURITY_NETWORK
- return security_ops->socket_setsockopt(sock, level, optname);
-#else
- return 0;
+ if (security_ops->socket_setsockopt)
+ return security_ops->socket_setsockopt(sock, level, optname);
#endif
+ return 0;
}
static inline int security_socket_shutdown(struct socket * sock, int how)
{
#ifdef CONFIG_SECURITY_NETWORK
- return security_ops->socket_shutdown(sock, how);
-#else
- return 0;
+ if (security_ops->socket_shutdown)
+ return security_ops->socket_shutdown(sock, how);
#endif
+ return 0;
}
static inline int security_sock_rcv_skb (struct sock * sk,
struct sk_buff * skb)
{
#ifdef CONFIG_SECURITY_NETWORK
- return security_ops->socket_sock_rcv_skb (sk, skb);
-#else
- return 0;
+ if (security_ops->socket_sock_rcv_skb)
+ return security_ops->socket_sock_rcv_skb(sk, skb);
#endif
+ return 0;
}
static inline int security_socket_getpeersec(struct socket *sock, char __user *optval,
int __user *optlen, unsigned len)
{
#ifdef CONFIG_SECURITY_NETWORK
- return security_ops->socket_getpeersec(sock, optval, optlen, len);
-#else
- return -ENOPROTOOPT;
+ if (security_ops->socket_getpeersec)
+ return security_ops->socket_getpeersec(sock, optval, optlen, len);
#endif
+ return -ENOPROTOOPT;
}
static inline int security_sk_alloc(struct sock *sk, int family, int priority)
{
#ifdef CONFIG_SECURITY_NETWORK
- return security_ops->sk_alloc_security(sk, family, priority);
-#else
- return 0;
+ if (security_ops->sk_alloc_security)
+ return security_ops->sk_alloc_security(sk, family, priority);
#endif
+ return 0;
}
static inline void security_sk_free(struct sock *sk)
{
#ifdef CONFIG_SECURITY_NETWORK
- return security_ops->sk_free_security(sk);
-#else
- return;
+ if (security_ops->sk_free_security)
+ return security_ops->sk_free_security(sk);
#endif
+ return;
}
#endif /* __LINUX_SECURITY_H */
--
^ permalink raw reply [flat|nested] 36+ messages in thread
* [PATCH 4/5] Remove unnecessary default capability callbacks.
2005-08-25 1:20 [PATCH 0/5] LSM hook updates Chris Wright
` (2 preceding siblings ...)
2005-08-25 1:20 ` [PATCH 3/5] Call security hooks conditionally if the security_op is filled out Chris Wright
@ 2005-08-25 1:20 ` Chris Wright
2005-08-25 1:20 ` [PATCH 5/5] Remove unnecesary capability hooks in rootplug Chris Wright
` (2 subsequent siblings)
6 siblings, 0 replies; 36+ messages in thread
From: Chris Wright @ 2005-08-25 1:20 UTC (permalink / raw)
To: linux-security-module; +Cc: linux-kernel, Kurt Garloff, Chris Wright
[-- Attachment #1: cap-empty-default.patch --]
[-- Type: text/plain, Size: 22976 bytes --]
Now that all security hook inline stubs conditionally call to module and
do proper default action as fallback, all the old no-op default hooks can
be removed. Similarly, the verify() bits which populated empty slots with
default hooks is no longer needed. A few hooks are called from security
core directly rather than from inline stubs, so fix those up as well.
Signed-off-by: Chris Wright <chrisw@osdl.org>
---
security/commoncap.c | 825 ---------------------------------------------------
security/security.c | 50 +--
2 files changed, 17 insertions(+), 858 deletions(-)
Index: lsm-hooks-2.6/security/commoncap.c
===================================================================
--- lsm-hooks-2.6.orig/security/commoncap.c
+++ lsm-hooks-2.6/security/commoncap.c
@@ -337,828 +337,3 @@ int cap_netlink_recv(struct sk_buff *skb
return 0;
}
EXPORT_SYMBOL(cap_netlink_recv);
-
-#ifdef CONFIG_SECURITY
-
-static int cap_acct (struct file *file)
-{
- return 0;
-}
-
-static int cap_sysctl (ctl_table * table, int op)
-{
- return 0;
-}
-
-static int cap_quotactl (int cmds, int type, int id, struct super_block *sb)
-{
- return 0;
-}
-
-static int cap_quota_on (struct dentry *dentry)
-{
- return 0;
-}
-
-static int cap_bprm_alloc_security (struct linux_binprm *bprm)
-{
- return 0;
-}
-
-static void cap_bprm_free_security (struct linux_binprm *bprm)
-{
- return;
-}
-
-static void cap_bprm_post_apply_creds (struct linux_binprm *bprm)
-{
- return;
-}
-
-static int cap_bprm_check_security (struct linux_binprm *bprm)
-{
- return 0;
-}
-
-static int cap_sb_alloc_security (struct super_block *sb)
-{
- return 0;
-}
-
-static void cap_sb_free_security (struct super_block *sb)
-{
- return;
-}
-
-static int cap_sb_copy_data (struct file_system_type *type,
- void *orig, void *copy)
-{
- return 0;
-}
-
-static int cap_sb_kern_mount (struct super_block *sb, void *data)
-{
- return 0;
-}
-
-static int cap_sb_statfs (struct super_block *sb)
-{
- return 0;
-}
-
-static int cap_sb_mount (char *dev_name, struct nameidata *nd, char *type,
- unsigned long flags, void *data)
-{
- return 0;
-}
-
-static int cap_sb_check_sb (struct vfsmount *mnt, struct nameidata *nd)
-{
- return 0;
-}
-
-static int cap_sb_umount (struct vfsmount *mnt, int flags)
-{
- return 0;
-}
-
-static void cap_sb_umount_close (struct vfsmount *mnt)
-{
- return;
-}
-
-static void cap_sb_umount_busy (struct vfsmount *mnt)
-{
- return;
-}
-
-static void cap_sb_post_remount (struct vfsmount *mnt, unsigned long flags,
- void *data)
-{
- return;
-}
-
-
-static void cap_sb_post_mountroot (void)
-{
- return;
-}
-
-static void cap_sb_post_addmount (struct vfsmount *mnt, struct nameidata *nd)
-{
- return;
-}
-
-static int cap_sb_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
-{
- return 0;
-}
-
-static void cap_sb_post_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd)
-{
- return;
-}
-
-static int cap_inode_alloc_security (struct inode *inode)
-{
- return 0;
-}
-
-static void cap_inode_free_security (struct inode *inode)
-{
- return;
-}
-
-static int cap_inode_create (struct inode *inode, struct dentry *dentry,
- int mask)
-{
- return 0;
-}
-
-static void cap_inode_post_create (struct inode *inode, struct dentry *dentry,
- int mask)
-{
- return;
-}
-
-static int cap_inode_link (struct dentry *old_dentry, struct inode *inode,
- struct dentry *new_dentry)
-{
- return 0;
-}
-
-static void cap_inode_post_link (struct dentry *old_dentry,
- struct inode *inode,
- struct dentry *new_dentry)
-{
- return;
-}
-
-static int cap_inode_unlink (struct inode *inode, struct dentry *dentry)
-{
- return 0;
-}
-
-static int cap_inode_symlink (struct inode *inode, struct dentry *dentry,
- const char *name)
-{
- return 0;
-}
-
-static void cap_inode_post_symlink (struct inode *inode,
- struct dentry *dentry, const char *name)
-{
- return;
-}
-
-static int cap_inode_mkdir (struct inode *inode, struct dentry *dentry,
- int mask)
-{
- return 0;
-}
-
-static void cap_inode_post_mkdir (struct inode *inode, struct dentry *dentry,
- int mask)
-{
- return;
-}
-
-static int cap_inode_rmdir (struct inode *inode, struct dentry *dentry)
-{
- return 0;
-}
-
-static int cap_inode_mknod (struct inode *inode, struct dentry *dentry,
- int mode, dev_t dev)
-{
- return 0;
-}
-
-static void cap_inode_post_mknod (struct inode *inode, struct dentry *dentry,
- int mode, dev_t dev)
-{
- return;
-}
-
-static int cap_inode_rename (struct inode *old_inode,
- struct dentry *old_dentry,
- struct inode *new_inode,
- struct dentry *new_dentry)
-{
- return 0;
-}
-
-static void cap_inode_post_rename (struct inode *old_inode,
- struct dentry *old_dentry,
- struct inode *new_inode,
- struct dentry *new_dentry)
-{
- return;
-}
-
-static int cap_inode_readlink (struct dentry *dentry)
-{
- return 0;
-}
-
-static int cap_inode_follow_link (struct dentry *dentry,
- struct nameidata *nameidata)
-{
- return 0;
-}
-
-static int cap_inode_permission (struct inode *inode, int mask, struct nameidata *nd)
-{
- return 0;
-}
-
-static int cap_inode_setattr (struct dentry *dentry, struct iattr *iattr)
-{
- return 0;
-}
-
-static int cap_inode_getattr (struct vfsmount *mnt, struct dentry *dentry)
-{
- return 0;
-}
-
-static void cap_inode_delete (struct inode *ino)
-{
- return;
-}
-
-static void cap_inode_post_setxattr (struct dentry *dentry, char *name, void *value,
- size_t size, int flags)
-{
- return;
-}
-
-static int cap_inode_getxattr (struct dentry *dentry, char *name)
-{
- return 0;
-}
-
-static int cap_inode_listxattr (struct dentry *dentry)
-{
- return 0;
-}
-
-static int cap_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size)
-{
- return -EOPNOTSUPP;
-}
-
-static int cap_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
-{
- return -EOPNOTSUPP;
-}
-
-static int cap_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
-{
- return 0;
-}
-
-static int cap_file_permission (struct file *file, int mask)
-{
- return 0;
-}
-
-static int cap_file_alloc_security (struct file *file)
-{
- return 0;
-}
-
-static void cap_file_free_security (struct file *file)
-{
- return;
-}
-
-static int cap_file_ioctl (struct file *file, unsigned int command,
- unsigned long arg)
-{
- return 0;
-}
-
-static int cap_file_mmap (struct file *file, unsigned long reqprot,
- unsigned long prot,
- unsigned long flags)
-{
- return 0;
-}
-
-static int cap_file_mprotect (struct vm_area_struct *vma,
- unsigned long reqprot,
- unsigned long prot)
-{
- return 0;
-}
-
-static int cap_file_lock (struct file *file, unsigned int cmd)
-{
- return 0;
-}
-
-static int cap_file_fcntl (struct file *file, unsigned int cmd,
- unsigned long arg)
-{
- return 0;
-}
-
-static int cap_file_set_fowner (struct file *file)
-{
- return 0;
-}
-
-static int cap_file_send_sigiotask (struct task_struct *tsk,
- struct fown_struct *fown, int sig)
-{
- return 0;
-}
-
-static int cap_file_receive (struct file *file)
-{
- return 0;
-}
-
-static int cap_task_create (unsigned long clone_flags)
-{
- return 0;
-}
-
-static int cap_task_alloc_security (struct task_struct *p)
-{
- return 0;
-}
-
-static void cap_task_free_security (struct task_struct *p)
-{
- return;
-}
-
-static int cap_task_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
-{
- return 0;
-}
-
-static int cap_task_setgid (gid_t id0, gid_t id1, gid_t id2, int flags)
-{
- return 0;
-}
-
-static int cap_task_setpgid (struct task_struct *p, pid_t pgid)
-{
- return 0;
-}
-
-static int cap_task_getpgid (struct task_struct *p)
-{
- return 0;
-}
-
-static int cap_task_getsid (struct task_struct *p)
-{
- return 0;
-}
-
-static int cap_task_setgroups (struct group_info *group_info)
-{
- return 0;
-}
-
-static int cap_task_setnice (struct task_struct *p, int nice)
-{
- return 0;
-}
-
-static int cap_task_setrlimit (unsigned int resource, struct rlimit *new_rlim)
-{
- return 0;
-}
-
-static int cap_task_setscheduler (struct task_struct *p, int policy,
- struct sched_param *lp)
-{
- return 0;
-}
-
-static int cap_task_getscheduler (struct task_struct *p)
-{
- return 0;
-}
-
-static int cap_task_wait (struct task_struct *p)
-{
- return 0;
-}
-
-static int cap_task_kill (struct task_struct *p, struct siginfo *info,
- int sig)
-{
- return 0;
-}
-
-static int cap_task_prctl (int option, unsigned long arg2, unsigned long arg3,
- unsigned long arg4, unsigned long arg5)
-{
- return 0;
-}
-
-static void cap_task_to_inode(struct task_struct *p, struct inode *inode)
-{
- return;
-}
-
-static int cap_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
-{
- return 0;
-}
-
-static int cap_msg_msg_alloc_security (struct msg_msg *msg)
-{
- return 0;
-}
-
-static void cap_msg_msg_free_security (struct msg_msg *msg)
-{
- return;
-}
-
-static int cap_msg_queue_alloc_security (struct msg_queue *msq)
-{
- return 0;
-}
-
-static void cap_msg_queue_free_security (struct msg_queue *msq)
-{
- return;
-}
-
-static int cap_msg_queue_associate (struct msg_queue *msq,
- int msqflg)
-{
- return 0;
-}
-
-static int cap_msg_queue_msgctl (struct msg_queue *msq, int cmd)
-{
- return 0;
-}
-
-static int cap_msg_queue_msgsnd (struct msg_queue *msq, struct msg_msg *msg,
- int msgflg)
-{
- return 0;
-}
-
-static int cap_msg_queue_msgrcv (struct msg_queue *msq, struct msg_msg *msg,
- struct task_struct *target, long type,
- int mode)
-{
- return 0;
-}
-
-static int cap_shm_alloc_security (struct shmid_kernel *shp)
-{
- return 0;
-}
-
-static void cap_shm_free_security (struct shmid_kernel *shp)
-{
- return;
-}
-
-static int cap_shm_associate (struct shmid_kernel *shp, int shmflg)
-{
- return 0;
-}
-
-static int cap_shm_shmctl (struct shmid_kernel *shp, int cmd)
-{
- return 0;
-}
-
-static int cap_shm_shmat (struct shmid_kernel *shp, char __user *shmaddr,
- int shmflg)
-{
- return 0;
-}
-
-static int cap_sem_alloc_security (struct sem_array *sma)
-{
- return 0;
-}
-
-static void cap_sem_free_security (struct sem_array *sma)
-{
- return;
-}
-
-static int cap_sem_associate (struct sem_array *sma, int semflg)
-{
- return 0;
-}
-
-static int cap_sem_semctl (struct sem_array *sma, int cmd)
-{
- return 0;
-}
-
-static int cap_sem_semop (struct sem_array *sma,
- struct sembuf *sops, unsigned nsops, int alter)
-{
- return 0;
-}
-
-#ifdef CONFIG_SECURITY_NETWORK
-static int cap_unix_stream_connect (struct socket *sock,
- struct socket *other,
- struct sock *newsk)
-{
- return 0;
-}
-
-static int cap_unix_may_send (struct socket *sock,
- struct socket *other)
-{
- return 0;
-}
-
-static int cap_socket_create (int family, int type,
- int protocol, int kern)
-{
- return 0;
-}
-
-static void cap_socket_post_create (struct socket *sock, int family, int type,
- int protocol, int kern)
-{
- return;
-}
-
-static int cap_socket_bind (struct socket *sock, struct sockaddr *address,
- int addrlen)
-{
- return 0;
-}
-
-static int cap_socket_connect (struct socket *sock, struct sockaddr *address,
- int addrlen)
-{
- return 0;
-}
-
-static int cap_socket_listen (struct socket *sock, int backlog)
-{
- return 0;
-}
-
-static int cap_socket_accept (struct socket *sock, struct socket *newsock)
-{
- return 0;
-}
-
-static void cap_socket_post_accept (struct socket *sock,
- struct socket *newsock)
-{
- return;
-}
-
-static int cap_socket_sendmsg (struct socket *sock, struct msghdr *msg,
- int size)
-{
- return 0;
-}
-
-static int cap_socket_recvmsg (struct socket *sock, struct msghdr *msg,
- int size, int flags)
-{
- return 0;
-}
-
-static int cap_socket_getsockname (struct socket *sock)
-{
- return 0;
-}
-
-static int cap_socket_getpeername (struct socket *sock)
-{
- return 0;
-}
-
-static int cap_socket_setsockopt (struct socket *sock, int level, int optname)
-{
- return 0;
-}
-
-static int cap_socket_getsockopt (struct socket *sock, int level, int optname)
-{
- return 0;
-}
-
-static int cap_socket_shutdown (struct socket *sock, int how)
-{
- return 0;
-}
-
-static int cap_socket_sock_rcv_skb (struct sock *sk, struct sk_buff *skb)
-{
- return 0;
-}
-
-static int cap_socket_getpeersec(struct socket *sock, char __user *optval,
- int __user *optlen, unsigned len)
-{
- return -ENOPROTOOPT;
-}
-
-static inline int cap_sk_alloc_security (struct sock *sk, int family, int priority)
-{
- return 0;
-}
-
-static inline void cap_sk_free_security (struct sock *sk)
-{
-}
-#endif /* CONFIG_SECURITY_NETWORK */
-
-static int cap_register_security (const char *name, struct security_operations *ops)
-{
- return -EINVAL;
-}
-
-static int cap_unregister_security (const char *name, struct security_operations *ops)
-{
- return -EINVAL;
-}
-
-static void cap_d_instantiate (struct dentry *dentry, struct inode *inode)
-{
- return;
-}
-
-static int cap_getprocattr(struct task_struct *p, char *name, void *value, size_t size)
-{
- return -EINVAL;
-}
-
-static int cap_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
-{
- return -EINVAL;
-}
-
-#define set_to_default_if_null(ops, function) \
- do { \
- if (!ops->function) { \
- ops->function = cap_##function; \
- pr_debug("Had to override with " #function \
- " security op with the default one.\n");\
- } \
- } while (0)
-
-void security_fixup_ops (struct security_operations *ops)
-{
- set_to_default_if_null(ops, ptrace);
- set_to_default_if_null(ops, capget);
- set_to_default_if_null(ops, capset_check);
- set_to_default_if_null(ops, capset_set);
- set_to_default_if_null(ops, acct);
- set_to_default_if_null(ops, capable);
- set_to_default_if_null(ops, quotactl);
- set_to_default_if_null(ops, quota_on);
- set_to_default_if_null(ops, sysctl);
- set_to_default_if_null(ops, syslog);
- set_to_default_if_null(ops, settime);
- set_to_default_if_null(ops, vm_enough_memory);
- set_to_default_if_null(ops, bprm_alloc_security);
- set_to_default_if_null(ops, bprm_free_security);
- set_to_default_if_null(ops, bprm_apply_creds);
- set_to_default_if_null(ops, bprm_post_apply_creds);
- set_to_default_if_null(ops, bprm_set_security);
- set_to_default_if_null(ops, bprm_check_security);
- set_to_default_if_null(ops, bprm_secureexec);
- set_to_default_if_null(ops, sb_alloc_security);
- set_to_default_if_null(ops, sb_free_security);
- set_to_default_if_null(ops, sb_copy_data);
- set_to_default_if_null(ops, sb_kern_mount);
- set_to_default_if_null(ops, sb_statfs);
- set_to_default_if_null(ops, sb_mount);
- set_to_default_if_null(ops, sb_check_sb);
- set_to_default_if_null(ops, sb_umount);
- set_to_default_if_null(ops, sb_umount_close);
- set_to_default_if_null(ops, sb_umount_busy);
- set_to_default_if_null(ops, sb_post_remount);
- set_to_default_if_null(ops, sb_post_mountroot);
- set_to_default_if_null(ops, sb_post_addmount);
- set_to_default_if_null(ops, sb_pivotroot);
- set_to_default_if_null(ops, sb_post_pivotroot);
- set_to_default_if_null(ops, inode_alloc_security);
- set_to_default_if_null(ops, inode_free_security);
- set_to_default_if_null(ops, inode_create);
- set_to_default_if_null(ops, inode_post_create);
- set_to_default_if_null(ops, inode_link);
- set_to_default_if_null(ops, inode_post_link);
- set_to_default_if_null(ops, inode_unlink);
- set_to_default_if_null(ops, inode_symlink);
- set_to_default_if_null(ops, inode_post_symlink);
- set_to_default_if_null(ops, inode_mkdir);
- set_to_default_if_null(ops, inode_post_mkdir);
- set_to_default_if_null(ops, inode_rmdir);
- set_to_default_if_null(ops, inode_mknod);
- set_to_default_if_null(ops, inode_post_mknod);
- set_to_default_if_null(ops, inode_rename);
- set_to_default_if_null(ops, inode_post_rename);
- set_to_default_if_null(ops, inode_readlink);
- set_to_default_if_null(ops, inode_follow_link);
- set_to_default_if_null(ops, inode_permission);
- set_to_default_if_null(ops, inode_setattr);
- set_to_default_if_null(ops, inode_getattr);
- set_to_default_if_null(ops, inode_delete);
- set_to_default_if_null(ops, inode_setxattr);
- set_to_default_if_null(ops, inode_post_setxattr);
- set_to_default_if_null(ops, inode_getxattr);
- set_to_default_if_null(ops, inode_listxattr);
- set_to_default_if_null(ops, inode_removexattr);
- set_to_default_if_null(ops, inode_getsecurity);
- set_to_default_if_null(ops, inode_setsecurity);
- set_to_default_if_null(ops, inode_listsecurity);
- set_to_default_if_null(ops, file_permission);
- set_to_default_if_null(ops, file_alloc_security);
- set_to_default_if_null(ops, file_free_security);
- set_to_default_if_null(ops, file_ioctl);
- set_to_default_if_null(ops, file_mmap);
- set_to_default_if_null(ops, file_mprotect);
- set_to_default_if_null(ops, file_lock);
- set_to_default_if_null(ops, file_fcntl);
- set_to_default_if_null(ops, file_set_fowner);
- set_to_default_if_null(ops, file_send_sigiotask);
- set_to_default_if_null(ops, file_receive);
- set_to_default_if_null(ops, task_create);
- set_to_default_if_null(ops, task_alloc_security);
- set_to_default_if_null(ops, task_free_security);
- set_to_default_if_null(ops, task_setuid);
- set_to_default_if_null(ops, task_post_setuid);
- set_to_default_if_null(ops, task_setgid);
- set_to_default_if_null(ops, task_setpgid);
- set_to_default_if_null(ops, task_getpgid);
- set_to_default_if_null(ops, task_getsid);
- set_to_default_if_null(ops, task_setgroups);
- set_to_default_if_null(ops, task_setnice);
- set_to_default_if_null(ops, task_setrlimit);
- set_to_default_if_null(ops, task_setscheduler);
- set_to_default_if_null(ops, task_getscheduler);
- set_to_default_if_null(ops, task_wait);
- set_to_default_if_null(ops, task_kill);
- set_to_default_if_null(ops, task_prctl);
- set_to_default_if_null(ops, task_reparent_to_init);
- set_to_default_if_null(ops, task_to_inode);
- set_to_default_if_null(ops, ipc_permission);
- set_to_default_if_null(ops, msg_msg_alloc_security);
- set_to_default_if_null(ops, msg_msg_free_security);
- set_to_default_if_null(ops, msg_queue_alloc_security);
- set_to_default_if_null(ops, msg_queue_free_security);
- set_to_default_if_null(ops, msg_queue_associate);
- set_to_default_if_null(ops, msg_queue_msgctl);
- set_to_default_if_null(ops, msg_queue_msgsnd);
- set_to_default_if_null(ops, msg_queue_msgrcv);
- set_to_default_if_null(ops, shm_alloc_security);
- set_to_default_if_null(ops, shm_free_security);
- set_to_default_if_null(ops, shm_associate);
- set_to_default_if_null(ops, shm_shmctl);
- set_to_default_if_null(ops, shm_shmat);
- set_to_default_if_null(ops, sem_alloc_security);
- set_to_default_if_null(ops, sem_free_security);
- set_to_default_if_null(ops, sem_associate);
- set_to_default_if_null(ops, sem_semctl);
- set_to_default_if_null(ops, sem_semop);
- set_to_default_if_null(ops, netlink_send);
- set_to_default_if_null(ops, netlink_recv);
- set_to_default_if_null(ops, register_security);
- set_to_default_if_null(ops, unregister_security);
- set_to_default_if_null(ops, d_instantiate);
- set_to_default_if_null(ops, getprocattr);
- set_to_default_if_null(ops, setprocattr);
-#ifdef CONFIG_SECURITY_NETWORK
- set_to_default_if_null(ops, unix_stream_connect);
- set_to_default_if_null(ops, unix_may_send);
- set_to_default_if_null(ops, socket_create);
- set_to_default_if_null(ops, socket_post_create);
- set_to_default_if_null(ops, socket_bind);
- set_to_default_if_null(ops, socket_connect);
- set_to_default_if_null(ops, socket_listen);
- set_to_default_if_null(ops, socket_accept);
- set_to_default_if_null(ops, socket_post_accept);
- set_to_default_if_null(ops, socket_sendmsg);
- set_to_default_if_null(ops, socket_recvmsg);
- set_to_default_if_null(ops, socket_getsockname);
- set_to_default_if_null(ops, socket_getpeername);
- set_to_default_if_null(ops, socket_setsockopt);
- set_to_default_if_null(ops, socket_getsockopt);
- set_to_default_if_null(ops, socket_shutdown);
- set_to_default_if_null(ops, socket_sock_rcv_skb);
- set_to_default_if_null(ops, socket_getpeersec);
- set_to_default_if_null(ops, sk_alloc_security);
- set_to_default_if_null(ops, sk_free_security);
-#endif /* CONFIG_SECURITY_NETWORK */
-}
-
-#endif /* CONFIG_SECURITY */
Index: lsm-hooks-2.6/security/security.c
===================================================================
--- lsm-hooks-2.6.orig/security/security.c
+++ lsm-hooks-2.6/security/security.c
@@ -22,19 +22,9 @@
struct security_operations *security_ops; /* Initialized to NULL */
+/* NULL ops are default */
static struct security_operations default_security_ops;
-extern void security_fixup_ops (struct security_operations *ops);
-
-static inline int verify(struct security_operations *ops)
-{
- /* verify the security_operations structure exists */
- if (!ops)
- return -EINVAL;
- security_fixup_ops(ops);
- return 0;
-}
-
static void __init do_security_initcalls(void)
{
initcall_t *call;
@@ -55,12 +45,6 @@ int __init security_init(void)
printk(KERN_INFO "Security Framework v" SECURITY_FRAMEWORK_VERSION
" initialized\n");
- if (verify(&default_security_ops)) {
- printk(KERN_ERR "%s could not verify "
- "default_security_ops structure.\n", __FUNCTION__);
- return -EIO;
- }
-
security_ops = &default_security_ops;
do_security_initcalls();
@@ -81,12 +65,6 @@ int __init security_init(void)
*/
int register_security(struct security_operations *ops)
{
- if (verify(ops)) {
- printk(KERN_DEBUG "%s could not verify "
- "security_operations structure.\n", __FUNCTION__);
- return -EINVAL;
- }
-
if (security_ops != &default_security_ops)
return -EAGAIN;
@@ -134,19 +112,16 @@ int unregister_security(struct security_
*/
int mod_reg_security(const char *name, struct security_operations *ops)
{
- if (verify(ops)) {
- printk(KERN_INFO "%s could not verify "
- "security operations.\n", __FUNCTION__);
- return -EINVAL;
- }
-
if (ops == security_ops) {
printk(KERN_INFO "%s security operations "
"already registered.\n", __FUNCTION__);
return -EINVAL;
}
- return security_ops->register_security(name, ops);
+ if (security_ops->register_security)
+ return security_ops->register_security(name, ops);
+
+ return -EINVAL;
}
/**
@@ -170,7 +145,10 @@ int mod_unreg_security(const char *name,
return -EINVAL;
}
- return security_ops->unregister_security(name, ops);
+ if (security_ops->unregister_security)
+ return security_ops->unregister_security(name, ops);
+
+ return -EINVAL;
}
/**
@@ -185,10 +163,16 @@ int mod_unreg_security(const char *name,
*/
int capable(int cap)
{
- if (security_ops->capable(current, cap)) {
+ int err;
+
+ if (security_ops->capable)
+ err = security_ops->capable(current, cap);
+ else
+ err = cap_capable(current, cap);
+
+ if (err)
/* capability denied */
return 0;
- }
/* capability granted */
current->flags |= PF_SUPERPRIV;
--
^ permalink raw reply [flat|nested] 36+ messages in thread
* [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
2005-08-25 1:20 [PATCH 0/5] LSM hook updates Chris Wright
` (3 preceding siblings ...)
2005-08-25 1:20 ` [PATCH 4/5] Remove unnecessary default capability callbacks Chris Wright
@ 2005-08-25 1:20 ` Chris Wright
2005-08-25 14:38 ` serue
2005-08-31 6:34 ` Greg KH
2005-08-25 4:39 ` [PATCH 0/5] LSM hook updates James Morris
2005-08-25 9:52 ` serue
6 siblings, 2 replies; 36+ messages in thread
From: Chris Wright @ 2005-08-25 1:20 UTC (permalink / raw)
To: linux-security-module
Cc: linux-kernel, Kurt Garloff, Greg Kroah, Chris Wright
[-- Attachment #1: rootplug-cleanup.patch --]
[-- Type: text/plain, Size: 1131 bytes --]
Now that capability functions are default, rootplug no longer needs to
manually add them to its security_ops.
Cc: Greg Kroah <greg@kroah.com>
Signed-off-by: Chris Wright <chrisw@osdl.org>
---
security/root_plug.c | 14 +-------------
1 files changed, 1 insertion(+), 13 deletions(-)
Index: lsm-hooks-2.6/security/root_plug.c
===================================================================
--- lsm-hooks-2.6.orig/security/root_plug.c
+++ lsm-hooks-2.6/security/root_plug.c
@@ -83,19 +83,7 @@ static int rootplug_bprm_check_security
}
static struct security_operations rootplug_security_ops = {
- /* Use the capability functions for some of the hooks */
- .ptrace = cap_ptrace,
- .capget = cap_capget,
- .capset_check = cap_capset_check,
- .capset_set = cap_capset_set,
- .capable = cap_capable,
-
- .bprm_apply_creds = cap_bprm_apply_creds,
- .bprm_set_security = cap_bprm_set_security,
-
- .task_post_setuid = cap_task_post_setuid,
- .task_reparent_to_init = cap_task_reparent_to_init,
-
+ /* The capability functions are the defaults */
.bprm_check_security = rootplug_bprm_check_security,
};
--
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 0/5] LSM hook updates
2005-08-25 1:20 [PATCH 0/5] LSM hook updates Chris Wright
` (4 preceding siblings ...)
2005-08-25 1:20 ` [PATCH 5/5] Remove unnecesary capability hooks in rootplug Chris Wright
@ 2005-08-25 4:39 ` James Morris
2005-08-25 5:32 ` Chris Wright
2005-08-25 9:52 ` serue
6 siblings, 1 reply; 36+ messages in thread
From: James Morris @ 2005-08-25 4:39 UTC (permalink / raw)
To: Chris Wright
Cc: linux-security-module, linux-kernel, Kurt Garloff,
Stephen Smalley
On Wed, 24 Aug 2005, Chris Wright wrote:
> This is based on Kurt's original work. The net effect is that
> LSM hooks are called conditionally, and in all cases capabilities
> provide the defaults. I've done some basic performance testing, and
> found nothing surprising.
Do you mean nothing noticable?
> I'm interested to see numbers from others
> before I push this up. These are against Linus' current git tree (they
> will clash with the -mm tree).
Are there any numbers for popular architectures like i386 and x86_64?
- James
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 0/5] LSM hook updates
2005-08-25 4:39 ` [PATCH 0/5] LSM hook updates James Morris
@ 2005-08-25 5:32 ` Chris Wright
2005-08-25 19:15 ` Chris Wright
0 siblings, 1 reply; 36+ messages in thread
From: Chris Wright @ 2005-08-25 5:32 UTC (permalink / raw)
To: James Morris
Cc: Chris Wright, linux-security-module, linux-kernel, Kurt Garloff,
Stephen Smalley
* James Morris (jmorris@namei.org) wrote:
> On Wed, 24 Aug 2005, Chris Wright wrote:
>
> > This is based on Kurt's original work. The net effect is that
> > LSM hooks are called conditionally, and in all cases capabilities
> > provide the defaults. I've done some basic performance testing, and
> > found nothing surprising.
>
> Do you mean nothing noticable?
I did only microbenchmarking, which was as much as double digit percentage
faster (on P4), nothing was slower.
> > I'm interested to see numbers from others
> > before I push this up. These are against Linus' current git tree (they
> > will clash with the -mm tree).
>
> Are there any numbers for popular architectures like i386 and x86_64?
I'll have some numbers tomorrow. If you'd like to run SELinux that'd
be quite useful.
thanks,
-chris
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 3/5] Call security hooks conditionally if the security_op is filled out.
2005-08-25 1:20 ` [PATCH 3/5] Call security hooks conditionally if the security_op is filled out Chris Wright
@ 2005-08-25 8:50 ` Kurt Garloff
2005-08-25 16:24 ` Chris Wright
0 siblings, 1 reply; 36+ messages in thread
From: Kurt Garloff @ 2005-08-25 8:50 UTC (permalink / raw)
To: Chris Wright; +Cc: linux-security-module, Linux kernel list
[-- Attachment #1: Type: text/plain, Size: 2151 bytes --]
On Wed, Aug 24, 2005 at 06:20:31PM -0700, Chris Wright wrote:
> Call security hooks conditionally if the security_op is filled out.
> Branches can be more efficient than the unconditional indirect function
> call. Inspired by patch from Kurt Garloff <garloff@suse.de>.
>
> Signed-off-by: Chris Wright <chrisw@osdl.org>
> ---
> include/linux/security.h | 825 +++++++++++++++++++++++------------------------
> 1 files changed, 411 insertions(+), 414 deletions(-)
>
> Index: linus-2.6/include/linux/security.h
> ===================================================================
> --- linus-2.6.orig/include/linux/security.h
> +++ linus-2.6/include/linux/security.h
> @@ -1264,10 +1264,10 @@ static inline int security_init(void)
> static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
> {
> #ifdef CONFIG_SECURITY
> - return security_ops->ptrace (parent, child);
> -#else
> - return cap_ptrace (parent, child);
> + if (security_ops->ptrace)
> + return security_ops->ptrace(parent, child);
You did not like my macro abuse, apparently.
That's too bad, as it allowed you to do changes without changing
hundreds of lines of code.
Just one remark:
Make sure you don't set security_ops->XXX ever back to NULL or you
might take an oops.
Security module unloading is racy and always has been. It's not well
defined at what point in time the new functions become effective.
And we certainly don't want to use locking for performance reasons.
One could think of using RCU, though, thus the security_ops pointer
would only be changed after all CPUs schedule()d ...
In my version of the patches, I maintained the capability_security_ops
structure fully filled-in and pointed security_ops to it, so you'll
always have a valid function pointer. If you wanted to avoid a pointer
compare, I had an integer to look at ...
Thanks for your patches!
--
Kurt Garloff <kurt@garloff.de> [Koeln, DE]
Physics:Plasma modeling <garloff@plasimo.phys.tue.nl> [TU Eindhoven, NL]
Linux: SUSE Labs (Director) <garloff@suse.de> [Novell Inc]
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 0/5] LSM hook updates
2005-08-25 1:20 [PATCH 0/5] LSM hook updates Chris Wright
` (5 preceding siblings ...)
2005-08-25 4:39 ` [PATCH 0/5] LSM hook updates James Morris
@ 2005-08-25 9:52 ` serue
2005-08-25 10:18 ` serue
6 siblings, 1 reply; 36+ messages in thread
From: serue @ 2005-08-25 9:52 UTC (permalink / raw)
To: Chris Wright; +Cc: linux-security-module, linux-kernel, Kurt Garloff
Hmm, haven't yet figured out why, but something in this patchset
doesn't work for power5. Oops attached, as well as the assembly
for selinux_task_create (which I'm weeding through right now).
thanks,
-serge
Oops output from console:
Security Framework v1.0.0 initialized
SELinux: Initializing.
SELinux: Starting in permissive mode
selinux_register_security: Registering secondary module capability
Capability LSM initialized as secondary
Mount-cache hash table entries: 256
Oops: Kernel access of bad area, sig: 11 [#1]
SMP NR_CPUS=128 NUMA PSERIES LPAR
Modules linked in:
NIP: C00000000016BCCC XER: 20000005 LR: C00000000004FA38 CTR: C00000000016BCA8
REGS: c000000000403590 TRAP: 0300 Not tainted (2.6.13-rc7-git1)
MSR: 8000000000009032 EE: 1 PR: 0 FP: 0 ME: 1 IR/DR: 11 CR: 42000028
DAR: 0000000000000000 DSISR: 0000000040000000
TASK: c000000000468ea0[0] 'swapper' THREAD: c000000000400000 CPU: 0
GPR00: C00000000004FA38 C000000000403810 C00000000054BA70 0000000000800B00
GPR04: C000000000403DE0 C000000000403B60 0000000000000000 0000000000000000
GPR08: 0000000000000000 C00000000049C450 0000000000000000 C0000000005F3298
GPR12: 0000000042000022 C000000000423C00 0000000000000000 0000000000000000
GPR16: 0000000000000000 0000000000000000 0000000000000000 C000000000403B60
GPR20: C000000000403DE0 0000000000000000 0000000000000001 0000000000000000
GPR24: 0000000000000000 0000000000800B00 C000000000403DE0 0000000000000000
GPR28: 0000000000000001 0000000000000001 C0000000004A4AC8 0000000000800B00
NIP [c00000000016bccc] .selinux_task_create+0x24/0x84
LR [c00000000004fa38] .copy_process+0xc28/0x163c
Call Trace:
[c000000000403810] [00000000000000d0] 0xd0 (unreliable)
[c000000000403890] [c00000000004fa38] .copy_process+0xc28/0x163c
[c0000000004039a0] [c00000000005059c] .do_fork+0x94/0x240
[c000000000403a80] [c000000000011c80] .sys_clone+0x60/0x78
[c000000000403af0] [c00000000000d814] .ppc_clone+0x8/0xc
--- Exception: c00 at .kernel_thread+0x28/0x68
LR = .rest_init+0x24/0x5c
[c000000000403de0] [0000000001ff1b88] 0x1ff1b88 (unreliable)
[c000000000403e50] [c0000000003e3004] .proc_root_init+0x164/0x184
[c000000000403ed0] [c0000000003c98a0] .start_kernel+0x2ac/0x328
[c000000000403f90] [c00000000000bfb4] .__setup_cpu_power3+0x0/0x4
Instruction dump:
4e800020 63ff0004 4bffff44 7c0802a6 fbc1fff0 ebc2c9d0 fbe1fff8 f8010010
f821ff81 e97e8100 e92b0000 e9490258 <e80a0000> f8410028 e96a0010 e84a0008
<0>Kernel panic - not syncing: Attempted to kill the idle task!
Taken from hooks.S:
0000000000005494 <.selinux_task_create>:
5494: 7c 08 02 a6 mflr r0
5498: fb c1 ff f0 std r30,-16(r1)
549c: eb c2 00 00 ld r30,0(r2)
54a0: fb e1 ff f8 std r31,-8(r1)
54a4: f8 01 00 10 std r0,16(r1)
54a8: f8 21 ff 81 stdu r1,-128(r1)
54ac: e9 7e 81 00 ld r11,-32512(r30)
54b0: e9 2b 00 00 ld r9,0(r11)
54b4: e9 49 02 58 ld r10,600(r9)
54b8: e8 0a 00 00 ld r0,0(r10)
54bc: f8 41 00 28 std r2,40(r1)
54c0: e9 6a 00 10 ld r11,16(r10)
54c4: e8 4a 00 08 ld r2,8(r10)
54c8: 7c 09 03 a6 mtctr r0
54cc: 4e 80 04 21 bctrl
54d0: e8 41 00 28 ld r2,40(r1)
54d4: 38 a0 00 01 li r5,1
54d8: 2f a3 00 00 cmpdi cr7,r3,0
54dc: 41 9e 00 1c beq- cr7,54f8 <.selinux_task_create+0x64>
54e0: 38 21 00 80 addi r1,r1,128
54e4: e8 01 00 10 ld r0,16(r1)
54e8: eb c1 ff f0 ld r30,-16(r1)
54ec: eb e1 ff f8 ld r31,-8(r1)
54f0: 7c 08 03 a6 mtlr r0
54f4: 4e 80 00 20 blr
54f8: 38 21 00 80 addi r1,r1,128
54fc: e8 6d 01 70 ld r3,368(r13)
5500: e8 01 00 10 ld r0,16(r1)
5504: eb c1 ff f0 ld r30,-16(r1)
5508: eb e1 ff f8 ld r31,-8(r1)
550c: 7c 64 1b 78 mr r4,r3
5510: 7c 08 03 a6 mtlr r0
5514: 4b ff ba 68 b f7c <.task_has_perm>
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 0/5] LSM hook updates
2005-08-25 9:52 ` serue
@ 2005-08-25 10:18 ` serue
2005-08-25 16:19 ` Chris Wright
0 siblings, 1 reply; 36+ messages in thread
From: serue @ 2005-08-25 10:18 UTC (permalink / raw)
To: serue
Cc: Chris Wright, Kurt Garloff, linux-security-module, linux-kernel,
James Morris, Stephen Smalley
Did you ever check this with selinux? I'm assuming that the problem is
that selinux does things like:
rc = secondary_ops->task_create();
when secondary_ops->task_create can now be null...
(Will whip up the obvious patch asap - later this morning)
-serge
Quoting serue@us.ibm.com (serue@us.ibm.com):
> Hmm, haven't yet figured out why, but something in this patchset
> doesn't work for power5. Oops attached, as well as the assembly
> for selinux_task_create (which I'm weeding through right now).
>
> thanks,
> -serge
>
> Oops output from console:
>
> Security Framework v1.0.0 initialized
> SELinux: Initializing.
> SELinux: Starting in permissive mode
> selinux_register_security: Registering secondary module capability
> Capability LSM initialized as secondary
> Mount-cache hash table entries: 256
> Oops: Kernel access of bad area, sig: 11 [#1]
> SMP NR_CPUS=128 NUMA PSERIES LPAR
> Modules linked in:
> NIP: C00000000016BCCC XER: 20000005 LR: C00000000004FA38 CTR: C00000000016BCA8
> REGS: c000000000403590 TRAP: 0300 Not tainted (2.6.13-rc7-git1)
> MSR: 8000000000009032 EE: 1 PR: 0 FP: 0 ME: 1 IR/DR: 11 CR: 42000028
> DAR: 0000000000000000 DSISR: 0000000040000000
> TASK: c000000000468ea0[0] 'swapper' THREAD: c000000000400000 CPU: 0
> GPR00: C00000000004FA38 C000000000403810 C00000000054BA70 0000000000800B00
> GPR04: C000000000403DE0 C000000000403B60 0000000000000000 0000000000000000
> GPR08: 0000000000000000 C00000000049C450 0000000000000000 C0000000005F3298
> GPR12: 0000000042000022 C000000000423C00 0000000000000000 0000000000000000
> GPR16: 0000000000000000 0000000000000000 0000000000000000 C000000000403B60
> GPR20: C000000000403DE0 0000000000000000 0000000000000001 0000000000000000
> GPR24: 0000000000000000 0000000000800B00 C000000000403DE0 0000000000000000
> GPR28: 0000000000000001 0000000000000001 C0000000004A4AC8 0000000000800B00
> NIP [c00000000016bccc] .selinux_task_create+0x24/0x84
> LR [c00000000004fa38] .copy_process+0xc28/0x163c
> Call Trace:
> [c000000000403810] [00000000000000d0] 0xd0 (unreliable)
> [c000000000403890] [c00000000004fa38] .copy_process+0xc28/0x163c
> [c0000000004039a0] [c00000000005059c] .do_fork+0x94/0x240
> [c000000000403a80] [c000000000011c80] .sys_clone+0x60/0x78
> [c000000000403af0] [c00000000000d814] .ppc_clone+0x8/0xc
> --- Exception: c00 at .kernel_thread+0x28/0x68
> LR = .rest_init+0x24/0x5c
> [c000000000403de0] [0000000001ff1b88] 0x1ff1b88 (unreliable)
> [c000000000403e50] [c0000000003e3004] .proc_root_init+0x164/0x184
> [c000000000403ed0] [c0000000003c98a0] .start_kernel+0x2ac/0x328
> [c000000000403f90] [c00000000000bfb4] .__setup_cpu_power3+0x0/0x4
> Instruction dump:
> 4e800020 63ff0004 4bffff44 7c0802a6 fbc1fff0 ebc2c9d0 fbe1fff8 f8010010
> f821ff81 e97e8100 e92b0000 e9490258 <e80a0000> f8410028 e96a0010 e84a0008
> <0>Kernel panic - not syncing: Attempted to kill the idle task!
>
> Taken from hooks.S:
>
> 0000000000005494 <.selinux_task_create>:
> 5494: 7c 08 02 a6 mflr r0
> 5498: fb c1 ff f0 std r30,-16(r1)
> 549c: eb c2 00 00 ld r30,0(r2)
> 54a0: fb e1 ff f8 std r31,-8(r1)
> 54a4: f8 01 00 10 std r0,16(r1)
> 54a8: f8 21 ff 81 stdu r1,-128(r1)
> 54ac: e9 7e 81 00 ld r11,-32512(r30)
> 54b0: e9 2b 00 00 ld r9,0(r11)
> 54b4: e9 49 02 58 ld r10,600(r9)
> 54b8: e8 0a 00 00 ld r0,0(r10)
> 54bc: f8 41 00 28 std r2,40(r1)
> 54c0: e9 6a 00 10 ld r11,16(r10)
> 54c4: e8 4a 00 08 ld r2,8(r10)
> 54c8: 7c 09 03 a6 mtctr r0
> 54cc: 4e 80 04 21 bctrl
> 54d0: e8 41 00 28 ld r2,40(r1)
> 54d4: 38 a0 00 01 li r5,1
> 54d8: 2f a3 00 00 cmpdi cr7,r3,0
> 54dc: 41 9e 00 1c beq- cr7,54f8 <.selinux_task_create+0x64>
> 54e0: 38 21 00 80 addi r1,r1,128
> 54e4: e8 01 00 10 ld r0,16(r1)
> 54e8: eb c1 ff f0 ld r30,-16(r1)
> 54ec: eb e1 ff f8 ld r31,-8(r1)
> 54f0: 7c 08 03 a6 mtlr r0
> 54f4: 4e 80 00 20 blr
> 54f8: 38 21 00 80 addi r1,r1,128
> 54fc: e8 6d 01 70 ld r3,368(r13)
> 5500: e8 01 00 10 ld r0,16(r1)
> 5504: eb c1 ff f0 ld r30,-16(r1)
> 5508: eb e1 ff f8 ld r31,-8(r1)
> 550c: 7c 64 1b 78 mr r4,r3
> 5510: 7c 08 03 a6 mtlr r0
> 5514: 4b ff ba 68 b f7c <.task_has_perm>
>
>
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
2005-08-25 1:20 ` [PATCH 5/5] Remove unnecesary capability hooks in rootplug Chris Wright
@ 2005-08-25 14:38 ` serue
2005-08-25 15:13 ` Stephen Smalley
2005-08-25 21:12 ` Chris Wright
2005-08-31 6:34 ` Greg KH
1 sibling, 2 replies; 36+ messages in thread
From: serue @ 2005-08-25 14:38 UTC (permalink / raw)
To: Chris Wright
Cc: linux-security-module, Greg Kroah, linux-kernel, Kurt Garloff,
James Morris, Stephen Smalley
Ok, with the attached patch SELinux seems to work correctly. You'll
probably want to make it a little prettier :) Note I have NOT ran the
ltp tests for correctness. I'll do some performance runs, though
unfortunately can't do so on ppc right now.
thanks,
-serge
Signed-off-by: Serge Hallyn <serue@us.ibm.com
--
hooks.c | 93 ++++++++++++++++++++++++++++++++++++++++++----------------------
1 files changed, 62 insertions(+), 31 deletions(-)
Index: linux-2.6.12/security/selinux/hooks.c
===================================================================
--- linux-2.6.12.orig/security/selinux/hooks.c 2005-08-25 12:56:51.000000000 -0500
+++ linux-2.6.12/security/selinux/hooks.c 2005-08-25 14:27:53.000000000 -0500
@@ -1352,7 +1352,7 @@ static int selinux_ptrace(struct task_st
struct task_security_struct *csec = child->security;
int rc;
- rc = secondary_ops->ptrace(parent,child);
+ rc = secondary_ops->ptrace ? secondary_ops->ptrace(parent,child) : 0;
if (rc)
return rc;
@@ -1372,7 +1372,9 @@ static int selinux_capget(struct task_st
if (error)
return error;
- return secondary_ops->capget(target, effective, inheritable, permitted);
+ return secondary_ops->capget ?
+ secondary_ops->capget(target, effective, inheritable,
+ permitted) : 0;
}
static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective,
@@ -1380,7 +1382,9 @@ static int selinux_capset_check(struct t
{
int error;
- error = secondary_ops->capset_check(target, effective, inheritable, permitted);
+ error = secondary_ops->capset_check ?
+ secondary_ops->capset_check(target, effective,
+ inheritable, permitted) : 0;
if (error)
return error;
@@ -1390,14 +1394,16 @@ static int selinux_capset_check(struct t
static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective,
kernel_cap_t *inheritable, kernel_cap_t *permitted)
{
- secondary_ops->capset_set(target, effective, inheritable, permitted);
+ if (secondary_ops->capset_set)
+ secondary_ops->capset_set(target, effective, inheritable,
+ permitted);
}
static int selinux_capable(struct task_struct *tsk, int cap)
{
int rc;
- rc = secondary_ops->capable(tsk, cap);
+ rc = secondary_ops->capable ? secondary_ops->capable(tsk, cap) : 0;
if (rc)
return rc;
@@ -1412,7 +1418,7 @@ static int selinux_sysctl(ctl_table *tab
u32 tsid;
int rc;
- rc = secondary_ops->sysctl(table, op);
+ rc = secondary_ops->sysctl ? secondary_ops->sysctl(table, op) : 0;
if (rc)
return rc;
@@ -1484,7 +1490,7 @@ static int selinux_syslog(int type)
{
int rc;
- rc = secondary_ops->syslog(type);
+ rc = secondary_ops->syslog ? secondary_ops->syslog(type) : 0;
if (rc)
return rc;
@@ -1527,7 +1533,8 @@ static int selinux_vm_enough_memory(long
int rc, cap_sys_admin = 0;
struct task_security_struct *tsec = current->security;
- rc = secondary_ops->capable(current, CAP_SYS_ADMIN);
+ rc = secondary_ops->capable ?
+ secondary_ops->capable(current, CAP_SYS_ADMIN) : 0;
if (rc == 0)
rc = avc_has_perm_noaudit(tsec->sid, tsec->sid,
SECCLASS_CAPABILITY,
@@ -1570,7 +1577,8 @@ static int selinux_bprm_set_security(str
struct avc_audit_data ad;
int rc;
- rc = secondary_ops->bprm_set_security(bprm);
+ rc = secondary_ops->bprm_set_security ?
+ secondary_ops->bprm_set_security(bprm) : 0;
if (rc)
return rc;
@@ -1637,7 +1645,8 @@ static int selinux_bprm_set_security(str
static int selinux_bprm_check_security (struct linux_binprm *bprm)
{
- return secondary_ops->bprm_check_security(bprm);
+ return secondary_ops->bprm_check_security ?
+ secondary_ops->bprm_check_security(bprm) : 0;
}
@@ -1655,7 +1664,9 @@ static int selinux_bprm_secureexec (stru
PROCESS__NOATSECURE, NULL);
}
- return (atsecure || secondary_ops->bprm_secureexec(bprm));
+ return (atsecure ||
+ secondary_ops->bprm_secureexec ?
+ secondary_ops->bprm_secureexec(bprm) : 0);
}
static void selinux_bprm_free_security(struct linux_binprm *bprm)
@@ -1756,7 +1767,8 @@ static void selinux_bprm_apply_creds(str
u32 sid;
int rc;
- secondary_ops->bprm_apply_creds(bprm, unsafe);
+ if (secondary_ops->bprm_apply_creds)
+ secondary_ops->bprm_apply_creds(bprm, unsafe);
tsec = current->security;
@@ -1982,7 +1994,8 @@ static int selinux_mount(char * dev_name
{
int rc;
- rc = secondary_ops->sb_mount(dev_name, nd, type, flags, data);
+ rc = secondary_ops->sb_mount ?
+ secondary_ops->sb_mount(dev_name, nd, type, flags, data) : 0;
if (rc)
return rc;
@@ -1998,7 +2011,8 @@ static int selinux_umount(struct vfsmoun
{
int rc;
- rc = secondary_ops->sb_umount(mnt, flags);
+ rc = secondary_ops->sb_umount ?
+ secondary_ops->sb_umount(mnt, flags) : 0;
if (rc)
return rc;
@@ -2032,7 +2046,8 @@ static int selinux_inode_link(struct den
{
int rc;
- rc = secondary_ops->inode_link(old_dentry,dir,new_dentry);
+ rc = secondary_ops->inode_link ?
+ secondary_ops->inode_link(old_dentry,dir,new_dentry) : 0;
if (rc)
return rc;
return may_link(dir, old_dentry, MAY_LINK);
@@ -2047,7 +2062,8 @@ static int selinux_inode_unlink(struct i
{
int rc;
- rc = secondary_ops->inode_unlink(dir, dentry);
+ rc = secondary_ops->inode_unlink ?
+ secondary_ops->inode_unlink(dir, dentry) : 0;
if (rc)
return rc;
return may_link(dir, dentry, MAY_UNLINK);
@@ -2082,7 +2098,8 @@ static int selinux_inode_mknod(struct in
{
int rc;
- rc = secondary_ops->inode_mknod(dir, dentry, mode, dev);
+ rc = secondary_ops->inode_mknod ?
+ secondary_ops->inode_mknod(dir, dentry, mode, dev) : 0;
if (rc)
return rc;
@@ -2115,7 +2132,8 @@ static int selinux_inode_follow_link(str
{
int rc;
- rc = secondary_ops->inode_follow_link(dentry,nameidata);
+ rc = secondary_ops->inode_follow_link ?
+ secondary_ops->inode_follow_link(dentry,nameidata) : 0;
if (rc)
return rc;
return dentry_has_perm(current, NULL, dentry, FILE__READ);
@@ -2126,7 +2144,8 @@ static int selinux_inode_permission(stru
{
int rc;
- rc = secondary_ops->inode_permission(inode, mask, nd);
+ rc = secondary_ops->inode_permission ?
+ secondary_ops->inode_permission(inode, mask, nd) : 0;
if (rc)
return rc;
@@ -2143,7 +2162,8 @@ static int selinux_inode_setattr(struct
{
int rc;
- rc = secondary_ops->inode_setattr(dentry, iattr);
+ rc = secondary_ops->inode_setattr ?
+ secondary_ops->inode_setattr(dentry, iattr) : 0;
if (rc)
return rc;
@@ -2453,7 +2473,8 @@ static int selinux_file_mmap(struct file
{
int rc;
- rc = secondary_ops->file_mmap(file, reqprot, prot, flags);
+ rc = secondary_ops->file_mmap ?
+ secondary_ops->file_mmap(file, reqprot, prot, flags) : 0;
if (rc)
return rc;
@@ -2470,7 +2491,8 @@ static int selinux_file_mprotect(struct
{
int rc;
- rc = secondary_ops->file_mprotect(vma, reqprot, prot);
+ rc = secondary_ops->file_mprotect ?
+ secondary_ops->file_mprotect(vma, reqprot, prot) : 0;
if (rc)
return rc;
@@ -2610,7 +2632,8 @@ static int selinux_task_create(unsigned
{
int rc;
- rc = secondary_ops->task_create(clone_flags);
+ rc = secondary_ops->task_create ?
+ secondary_ops->task_create(clone_flags) : 0;
if (rc)
return rc;
@@ -2662,7 +2685,8 @@ static int selinux_task_setuid(uid_t id0
static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
{
- return secondary_ops->task_post_setuid(id0,id1,id2,flags);
+ return secondary_ops->task_post_setuid ?
+ secondary_ops->task_post_setuid(id0,id1,id2,flags) : 0;
}
static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
@@ -2696,7 +2720,8 @@ static int selinux_task_setnice(struct t
{
int rc;
- rc = secondary_ops->task_setnice(p, nice);
+ rc = secondary_ops->task_setnice ?
+ secondary_ops->task_setnice(p, nice) : 0;
if (rc)
return rc;
@@ -2708,7 +2733,8 @@ static int selinux_task_setrlimit(unsign
struct rlimit *old_rlim = current->signal->rlim + resource;
int rc;
- rc = secondary_ops->task_setrlimit(resource, new_rlim);
+ rc = secondary_ops->task_setrlimit ?
+ secondary_ops->task_setrlimit(resource, new_rlim) : 0;
if (rc)
return rc;
@@ -2737,7 +2763,8 @@ static int selinux_task_kill(struct task
u32 perm;
int rc;
- rc = secondary_ops->task_kill(p, info, sig);
+ rc = secondary_ops->task_kill ?
+ secondary_ops->task_kill(p, info, sig) : 0;
if (rc)
return rc;
@@ -2778,7 +2805,8 @@ static void selinux_task_reparent_to_ini
{
struct task_security_struct *tsec;
- secondary_ops->task_reparent_to_init(p);
+ if (secondary_ops->task_reparent_to_init)
+ secondary_ops->task_reparent_to_init(p);
tsec = p->security;
tsec->osid = tsec->sid;
@@ -3227,7 +3255,8 @@ static int selinux_socket_unix_stream_co
struct avc_audit_data ad;
int err;
- err = secondary_ops->unix_stream_connect(sock, other, newsk);
+ err = secondary_ops->unix_stream_connect ?
+ secondary_ops->unix_stream_connect(sock, other, newsk) : 0;
if (err)
return err;
@@ -3603,7 +3632,8 @@ static int selinux_netlink_send(struct s
struct av_decision avd;
int err;
- err = secondary_ops->netlink_send(sk, skb);
+ err = secondary_ops->netlink_send ?
+ secondary_ops->netlink_send(sk, skb) : 0;
if (err)
return err;
@@ -3949,7 +3979,8 @@ static int selinux_shm_shmat(struct shmi
u32 perms;
int rc;
- rc = secondary_ops->shm_shmat(shp, shmaddr, shmflg);
+ rc = secondary_ops->shm_shmat ?
+ secondary_ops->shm_shmat(shp, shmaddr, shmflg) : 0;
if (rc)
return rc;
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
2005-08-25 14:38 ` serue
@ 2005-08-25 15:13 ` Stephen Smalley
2005-08-25 16:21 ` Chris Wright
2005-08-25 21:12 ` Chris Wright
1 sibling, 1 reply; 36+ messages in thread
From: Stephen Smalley @ 2005-08-25 15:13 UTC (permalink / raw)
To: serue
Cc: Chris Wright, linux-security-module, Greg Kroah, linux-kernel,
Kurt Garloff, James Morris
On Thu, 2005-08-25 at 09:38 -0500, serue@us.ibm.com wrote:
> Ok, with the attached patch SELinux seems to work correctly. You'll
> probably want to make it a little prettier :) Note I have NOT ran the
> ltp tests for correctness. I'll do some performance runs, though
> unfortunately can't do so on ppc right now.
Note that the selinux tests there _only_ test the SELinux checking. So
if these changes interfere with proper stacking of SELinux with
capabilities, that won't show up there.
--
Stephen Smalley
National Security Agency
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 0/5] LSM hook updates
2005-08-25 10:18 ` serue
@ 2005-08-25 16:19 ` Chris Wright
0 siblings, 0 replies; 36+ messages in thread
From: Chris Wright @ 2005-08-25 16:19 UTC (permalink / raw)
To: serue
Cc: Chris Wright, Kurt Garloff, linux-security-module, linux-kernel,
James Morris, Stephen Smalley
* serue@us.ibm.com (serue@us.ibm.com) wrote:
> Did you ever check this with selinux?
No, thanks for catching that oversight.
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
2005-08-25 15:13 ` Stephen Smalley
@ 2005-08-25 16:21 ` Chris Wright
2005-08-25 16:23 ` Stephen Smalley
2005-08-25 16:28 ` serue
0 siblings, 2 replies; 36+ messages in thread
From: Chris Wright @ 2005-08-25 16:21 UTC (permalink / raw)
To: Stephen Smalley
Cc: serue, Chris Wright, linux-security-module, Greg Kroah,
linux-kernel, Kurt Garloff, James Morris
* Stephen Smalley (sds@epoch.ncsc.mil) wrote:
> On Thu, 2005-08-25 at 09:38 -0500, serue@us.ibm.com wrote:
> > Ok, with the attached patch SELinux seems to work correctly. You'll
> > probably want to make it a little prettier :) Note I have NOT ran the
> > ltp tests for correctness. I'll do some performance runs, though
> > unfortunately can't do so on ppc right now.
>
> Note that the selinux tests there _only_ test the SELinux checking. So
> if these changes interfere with proper stacking of SELinux with
> capabilities, that won't show up there.
Sorry, I'm not parsing that?
-chris
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
2005-08-25 16:21 ` Chris Wright
@ 2005-08-25 16:23 ` Stephen Smalley
2005-08-25 17:06 ` Chris Wright
2005-08-25 16:28 ` serue
1 sibling, 1 reply; 36+ messages in thread
From: Stephen Smalley @ 2005-08-25 16:23 UTC (permalink / raw)
To: Chris Wright
Cc: Greg Kroah, Kurt Garloff, linux-security-module, linux-kernel
On Thu, 2005-08-25 at 09:21 -0700, Chris Wright wrote:
> * Stephen Smalley (sds@epoch.ncsc.mil) wrote:
> > On Thu, 2005-08-25 at 09:38 -0500, serue@us.ibm.com wrote:
> > > Ok, with the attached patch SELinux seems to work correctly. You'll
> > > probably want to make it a little prettier :) Note I have NOT ran the
> > > ltp tests for correctness. I'll do some performance runs, though
> > > unfortunately can't do so on ppc right now.
> >
> > Note that the selinux tests there _only_ test the SELinux checking. So
> > if these changes interfere with proper stacking of SELinux with
> > capabilities, that won't show up there.
>
> Sorry, I'm not parsing that?
e.g. if secondary_ops->capable is null, the SELinux tests aren't going
to show that, because they will still see that the SELinux permission
checks are working correctly. They only test failure/success for the
SELinux permission checks, not for the capability checks, so if you
unhook capabilities, they won't notice.
--
Stephen Smalley
National Security Agency
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 3/5] Call security hooks conditionally if the security_op is filled out.
2005-08-25 8:50 ` Kurt Garloff
@ 2005-08-25 16:24 ` Chris Wright
0 siblings, 0 replies; 36+ messages in thread
From: Chris Wright @ 2005-08-25 16:24 UTC (permalink / raw)
To: Kurt Garloff, Chris Wright, linux-security-module,
Linux kernel list
* Kurt Garloff (garloff@suse.de) wrote:
> You did not like my macro abuse, apparently.
> That's too bad, as it allowed you to do changes without changing
> hundreds of lines of code.
It was handy that way, but I think this way is just cleaner and simpler.
Esp. when checking against the function ptr, not the security_ops ptr.
> Just one remark:
> Make sure you don't set security_ops->XXX ever back to NULL or you
> might take an oops.
> Security module unloading is racy and always has been. It's not well
> defined at what point in time the new functions become effective.
> And we certainly don't want to use locking for performance reasons.
> One could think of using RCU, though, thus the security_ops pointer
> would only be changed after all CPUs schedule()d ...
Removing a security module has always been unsafe.
> In my version of the patches, I maintained the capability_security_ops
> structure fully filled-in and pointed security_ops to it, so you'll
> always have a valid function pointer. If you wanted to avoid a pointer
> compare, I had an integer to look at ...
Yes, that's how 2/5 is. At KS, there was specific mention of not doing
unconditional call. Comparing against security_ops only helps the case
where a module is not loaded. Checking the function ptr should help any
module with sparse ops.
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
2005-08-25 16:21 ` Chris Wright
2005-08-25 16:23 ` Stephen Smalley
@ 2005-08-25 16:28 ` serue
1 sibling, 0 replies; 36+ messages in thread
From: serue @ 2005-08-25 16:28 UTC (permalink / raw)
To: Chris Wright
Cc: Stephen Smalley, serue, linux-security-module, Greg Kroah,
linux-kernel, Kurt Garloff, James Morris
Quoting Chris Wright (chrisw@osdl.org):
> * Stephen Smalley (sds@epoch.ncsc.mil) wrote:
> > On Thu, 2005-08-25 at 09:38 -0500, serue@us.ibm.com wrote:
> > > Ok, with the attached patch SELinux seems to work correctly. You'll
> > > probably want to make it a little prettier :) Note I have NOT ran the
> > > ltp tests for correctness. I'll do some performance runs, though
> > > unfortunately can't do so on ppc right now.
> >
> > Note that the selinux tests there _only_ test the SELinux checking. So
> > if these changes interfere with proper stacking of SELinux with
> > capabilities, that won't show up there.
>
> Sorry, I'm not parsing that?
> -chris
That was in reference to running the LTP selinux tests: that running
them successfully will not mean selinux and capability are working
together correct.
thanks,
-serge
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
2005-08-25 16:23 ` Stephen Smalley
@ 2005-08-25 17:06 ` Chris Wright
2005-08-25 21:13 ` Chris Wright
0 siblings, 1 reply; 36+ messages in thread
From: Chris Wright @ 2005-08-25 17:06 UTC (permalink / raw)
To: Stephen Smalley
Cc: Chris Wright, Greg Kroah, Kurt Garloff, linux-security-module,
linux-kernel
* Stephen Smalley (sds@epoch.ncsc.mil) wrote:
> On Thu, 2005-08-25 at 09:21 -0700, Chris Wright wrote:
> > * Stephen Smalley (sds@epoch.ncsc.mil) wrote:
> > > On Thu, 2005-08-25 at 09:38 -0500, serue@us.ibm.com wrote:
> > > > Ok, with the attached patch SELinux seems to work correctly. You'll
> > > > probably want to make it a little prettier :) Note I have NOT ran the
> > > > ltp tests for correctness. I'll do some performance runs, though
> > > > unfortunately can't do so on ppc right now.
> > >
> > > Note that the selinux tests there _only_ test the SELinux checking. So
> > > if these changes interfere with proper stacking of SELinux with
> > > capabilities, that won't show up there.
> >
> > Sorry, I'm not parsing that?
>
> e.g. if secondary_ops->capable is null, the SELinux tests aren't going
> to show that, because they will still see that the SELinux permission
> checks are working correctly. They only test failure/success for the
> SELinux permission checks, not for the capability checks, so if you
> unhook capabilities, they won't notice.
Yes, I see. I thought the tests you were referring to were
"if (secondary_ops->capable)" not LTP tests. Capability is still a
module that can be loaded (or built-in). So the only issue is it's
security_ops is now NULL where it was a trivial return 0 function.
Aside from the oversight Serge fixed, I don't think there's any issue.
thanks,
-chris
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 0/5] LSM hook updates
2005-08-25 5:32 ` Chris Wright
@ 2005-08-25 19:15 ` Chris Wright
2005-08-26 9:23 ` serue
0 siblings, 1 reply; 36+ messages in thread
From: Chris Wright @ 2005-08-25 19:15 UTC (permalink / raw)
To: Chris Wright
Cc: James Morris, linux-security-module, linux-kernel, Kurt Garloff,
Stephen Smalley
* Chris Wright (chrisw@osdl.org) wrote:
> I'll have some numbers tomorrow. If you'd like to run SELinux that'd
> be quite useful.
These are just lmbench and kernel build numbers (certainly not the best
for real benchmark numbers, but easy to get a quick view run). This is
just baseline (i.e. default, nothing loaded).
This is x86_64 (1 HT core) 2GB.
Kernel build:
old hooks new hooks
--------- ---------
real 7m2.313s real 7m1.542s
user 6m25.012s user 6m25.484s
sys 0m56.580s sys 0m56.008s
real 7m3.376s real 7m0.593s
user 6m25.412s user 6m24.184s
sys 0m57.140s sys 0m56.936s
real 7m2.643s real 7m1.280s
user 6m23.840s user 6m25.408s
sys 0m57.668s sys 0m55.935s
real 7m0.015s real 7m0.712s
user 6m23.964s user 6m24.820s
sys 0m57.940s sys 0m56.520s
real 7m3.204s real 7m0.592s
user 6m23.868s user 6m24.652s
sys 0m57.712s sys 0m56.460s
real 7m1.961s real 7m1.328s
user 6m24.416s user 6m25.284s
sys 0m57.252s sys 0m56.184s
Basic system parameters
----------------------------------------------------
Host OS Description Mhz
--------- ------------- ----------------------- ----
vert.sous Linux 2.6.13- x86_64-linux-gnu-oldhoo 2997
vert.sous Linux 2.6.13- x86_64-linux-gnu-oldhoo 2997
vert.sous Linux 2.6.13- x86_64-linux-gnu-oldhoo 2997
vert.sous Linux 2.6.13- x86_64-linux-gnu-oldhoo 2997
vert.sous Linux 2.6.13- x86_64-linux-gnu-newhoo 2997
vert.sous Linux 2.6.13- x86_64-linux-gnu-newhoo 2997
vert.sous Linux 2.6.13- x86_64-linux-gnu-newhoo 2997
vert.sous Linux 2.6.13- x86_64-linux-gnu-newhoo 2997
Processor, Processes - times in microseconds - smaller is better
----------------------------------------------------------------
Host OS Mhz null null open selct sig sig fork exec sh
call I/O stat clos TCP inst hndl proc proc proc
--------- ------------- ---- ---- ---- ---- ---- ----- ---- ---- ---- ---- ----
vert.sous Linux 2.6.13- 2997 0.22 0.39 14.1 16.4 14.9 0.36 4.77 199. 684. 2524
vert.sous Linux 2.6.13- 2997 0.22 0.39 14.1 16.4 15.0 0.36 4.68 198. 689. 2530
vert.sous Linux 2.6.13- 2997 0.23 0.39 14.1 16.4 14.2 0.36 4.74 198. 690. 2528
vert.sous Linux 2.6.13- 2997 0.22 0.39 14.1 16.4 14.9 0.37 4.71 199. 684. 2532
vert.sous Linux 2.6.13- 2997 0.22 0.39 14.1 16.3 14.2 0.37 4.66 195. 679. 2497
vert.sous Linux 2.6.13- 2997 0.22 0.39 14.1 16.3 14.8 0.37 4.67 198. 681. 2511
vert.sous Linux 2.6.13- 2997 0.23 0.40 14.1 16.3 15.0 0.37 4.67 197. 678. 2512
vert.sous Linux 2.6.13- 2997 0.23 0.39 14.1 16.3 15.6 0.37 4.70 197. 681. 2508
Context switching - times in microseconds - smaller is better
-------------------------------------------------------------
Host OS 2p/0K 2p/16K 2p/64K 8p/16K 8p/64K 16p/16K 16p/64K
ctxsw ctxsw ctxsw ctxsw ctxsw ctxsw ctxsw
--------- ------------- ----- ------ ------ ------ ------ ------- -------
vert.sous Linux 2.6.13- 6.120 7.1500 9.6900 7.1600 11.8 7.78000 18.0
vert.sous Linux 2.6.13- 6.140 7.1000 9.6700 7.1600 11.7 7.93000 18.1
vert.sous Linux 2.6.13- 6.080 7.1100 9.6900 7.2100 11.9 8.14000 18.0
vert.sous Linux 2.6.13- 6.070 7.1000 9.7100 7.3000 12.9 7.85000 18.1
vert.sous Linux 2.6.13- 5.820 6.8900 9.4200 7.0600 12.2 7.77000 18.0
vert.sous Linux 2.6.13- 5.830 6.9700 9.5400 7.0000 13.6 7.99000 17.9
vert.sous Linux 2.6.13- 5.870 6.8200 9.5000 7.3000 12.1 8.15000 17.8
vert.sous Linux 2.6.13- 5.870 6.9200 9.5400 7.1200 11.4 7.91000 18.3
*Local* Communication latencies in microseconds - smaller is better
-------------------------------------------------------------------
Host OS 2p/0K Pipe AF UDP RPC/ TCP RPC/ TCP
ctxsw UNIX UDP TCP conn
--------- ------------- ----- ----- ---- ----- ----- ----- ----- ----
vert.sous Linux 2.6.13- 6.180 15.2 33.9 29.9 42.3 55.9 72.2 106.
vert.sous Linux 2.6.13- 6.140 15.2 33.8 30.1 42.5 55.8 72.5 107.
vert.sous Linux 2.6.13- 6.080 15.1 34.0 30.0 42.5 55.9 72.6 107.
vert.sous Linux 2.6.13- 6.070 14.7 34.1 30.2 42.4 55.7 72.5 107.
vert.sous Linux 2.6.13- 5.820 14.1 33.8 30.0 42.0 54.9 71.0 106.
vert.sous Linux 2.6.13- 5.830 14.4 33.9 30.2 42.1 54.9 71.0 106.
vert.sous Linux 2.6.13- 5.870 14.6 34.1 29.9 42.0 54.9 71.2 106.
vert.sous Linux 2.6.13- 5.870 14.6 34.3 29.8 42.2 54.8 71.0 106.
File & VM system latencies in microseconds - smaller is better
--------------------------------------------------------------
Host OS 0K File 10K File Mmap Prot Page
Create Delete Create Delete Latency Fault Fault
--------- ------------- ------ ------ ------ ------ ------- ----- -----
vert.sous Linux 2.6.13- 32.6 25.9 80.1 46.8 8368.0 1.014 2.00000
vert.sous Linux 2.6.13- 32.4 26.0 84.2 46.8 8413.0 1.092 2.00000
vert.sous Linux 2.6.13- 32.4 25.9 87.6 46.8 8434.0 1.111 2.00000
vert.sous Linux 2.6.13- 32.5 25.9 82.7 46.8 8448.0 1.110 2.00000
vert.sous Linux 2.6.13- 32.5 27.0 86.5 48.9 8266.0 1.027 2.00000
vert.sous Linux 2.6.13- 32.5 27.0 85.8 49.0 8382.0 1.012 2.00000
vert.sous Linux 2.6.13- 32.5 27.1 81.4 49.3 8403.0 1.004 2.00000
vert.sous Linux 2.6.13- 32.4 27.0 86.1 48.8 8386.0 1.127 2.00000
*Local* Communication bandwidths in MB/s - bigger is better
-----------------------------------------------------------
Host OS Pipe AF TCP File Mmap Bcopy Bcopy Mem Mem
UNIX reread reread (libc) (hand) read write
--------- ------------- ---- ---- ---- ------ ------ ------ ------ ---- -----
vert.sous Linux 2.6.13- 1101 279. 458. 2281.4 4304.0 1291.3 1316.6 4291 1973.
vert.sous Linux 2.6.13- 1115 280. 467. 2280.7 4295.0 1313.8 1322.3 4304 1978.
vert.sous Linux 2.6.13- 1133 280. 467. 2273.9 4297.8 1304.9 1319.7 4297 2008.
vert.sous Linux 2.6.13- 1132 279. 458. 2276.6 4298.3 1290.7 1308.4 4296 1982.
vert.sous Linux 2.6.13- 1103 279. 456. 2283.0 4303.6 969.8 997.1 4289 1519.
vert.sous Linux 2.6.13- 1098 279. 454. 2283.2 4290.6 1036.3 1054.3 4286 1572.
vert.sous Linux 2.6.13- 1128 279. 455. 2273.9 4296.1 1122.6 1069.6 4302 1629.
vert.sous Linux 2.6.13- 1103 279. 467. 2276.3 4299.1 1054.4 1076.5 4302 1633.
Memory latencies in nanoseconds - smaller is better
(WARNING - may not be correct, check graphs)
---------------------------------------------------
Host OS Mhz L1 $ L2 $ Main mem Guesses
--------- ------------- ---- ----- ------ -------- -------
vert.sous Linux 2.6.13- 2997 1.337 9.4000 44.6
vert.sous Linux 2.6.13- 2997 1.336 9.5200 44.3
vert.sous Linux 2.6.13- 2997 1.336 9.3990 44.5
vert.sous Linux 2.6.13- 2997 1.336 9.3600 44.5
vert.sous Linux 2.6.13- 2997 1.338 9.5130 44.5
vert.sous Linux 2.6.13- 2997 1.336 9.5170 44.5
vert.sous Linux 2.6.13- 2997 1.336 9.4670 44.6
vert.sous Linux 2.6.13- 2997 1.336 9.4620 44.5
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
2005-08-25 14:38 ` serue
2005-08-25 15:13 ` Stephen Smalley
@ 2005-08-25 21:12 ` Chris Wright
1 sibling, 0 replies; 36+ messages in thread
From: Chris Wright @ 2005-08-25 21:12 UTC (permalink / raw)
To: serue
Cc: Chris Wright, linux-security-module, Greg Kroah, linux-kernel,
Kurt Garloff, James Morris, Stephen Smalley
* serue@us.ibm.com (serue@us.ibm.com) wrote:
> @@ -1527,7 +1533,8 @@ static int selinux_vm_enough_memory(long
> int rc, cap_sys_admin = 0;
> struct task_security_struct *tsec = current->security;
>
> - rc = secondary_ops->capable(current, CAP_SYS_ADMIN);
> + rc = secondary_ops->capable ?
> + secondary_ops->capable(current, CAP_SYS_ADMIN) : 0;
I don't think this really makes sense. It says the default secondary
thinks you have the capablity. Safe since SELinux double checks, but
not really accurate.
thanks,
-chris
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
2005-08-25 17:06 ` Chris Wright
@ 2005-08-25 21:13 ` Chris Wright
0 siblings, 0 replies; 36+ messages in thread
From: Chris Wright @ 2005-08-25 21:13 UTC (permalink / raw)
To: Chris Wright
Cc: Stephen Smalley, Greg Kroah, Kurt Garloff, linux-security-module,
linux-kernel
* Chris Wright (chrisw@osdl.org) wrote:
> * Stephen Smalley (sds@epoch.ncsc.mil) wrote:
> > e.g. if secondary_ops->capable is null, the SELinux tests aren't going
> > to show that, because they will still see that the SELinux permission
> > checks are working correctly. They only test failure/success for the
> > SELinux permission checks, not for the capability checks, so if you
> > unhook capabilities, they won't notice.
>
> Yes, I see. I thought the tests you were referring to were
> "if (secondary_ops->capable)" not LTP tests. Capability is still a
> module that can be loaded (or built-in). So the only issue is it's
> security_ops is now NULL where it was a trivial return 0 function.
> Aside from the oversight Serge fixed, I don't think there's any issue.
Bah, of course, that's inaccurate because you unconditionally set the
secondary to the default. So, indeed, the default case (nothing actively
loaded as secondary) will get secondary_ops filled with NULL only.
Seems simplest to just fill the default with cap calls where applicable,
but I had hoped to eliminate that.
Thoughts?
thanks,
-chris
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 0/5] LSM hook updates
2005-08-25 19:15 ` Chris Wright
@ 2005-08-26 9:23 ` serue
2005-08-26 13:27 ` Stephen Smalley
2005-08-26 16:41 ` Chris Wright
0 siblings, 2 replies; 36+ messages in thread
From: serue @ 2005-08-26 9:23 UTC (permalink / raw)
To: Chris Wright
Cc: linux-kernel, Kurt Garloff, Stephen Smalley,
linux-security-module
Quoting Chris Wright (chrisw@osdl.org):
> * Chris Wright (chrisw@osdl.org) wrote:
> > I'll have some numbers tomorrow. If you'd like to run SELinux that'd
> > be quite useful.
>
> These are just lmbench and kernel build numbers (certainly not the best
> for real benchmark numbers, but easy to get a quick view run). This is
> just baseline (i.e. default, nothing loaded).
Here are some numbers on a 4way x86 - PIII 700Mhz with 1G memory (hmm,
highmem not enabled). I should hopefully have a 2way ppc available
later today for a pair of runs.
dbench and tbench were run 50 times each, kernbench and reaim 10 times
each. Results are mean +/- 95% confidence half-interval. Kernel had
selinux and capabilities compiled in.
A little surprising: kernbench is improved, but dbench and tbench
are worse - though within the 95% CI.
dbench (throughput, larger is better):
original: 357.957780 +/- 3.509188
patched: 351.266820 +/- 4.736168
tbench (throughput, larger is better):
original: 38.710270 +/- 0.028970
patched: 38.210506 +/- 0.032954
kernbench (time, smaller is better):
original: 91.837000 +/- 0.324471
patched: 91.466000 +/- 0.308797
reaim (#children vs throughput, larger is better):
original:
1 48702.197000 1875.223996
3 131411.870000 4497.107969
5 130219.174000 6365.289551
7 162377.027000 3131.071134
9 155432.904000 4964.935291
11 169784.384000 4490.812272
13 164540.169000 3902.652904
15 172983.569000 3149.934591
patched:
1 47525.273000 1509.578035
3 132151.651000 2282.043786
5 131244.291000 5874.212092
7 165629.693000 4646.641230
9 156163.110000 3422.903849
11 170608.526000 4132.988693
13 164863.102000 3664.214481
15 172947.803000 2548.662380
thanks,
-serge
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 0/5] LSM hook updates
2005-08-26 13:27 ` Stephen Smalley
@ 2005-08-26 10:30 ` serue
0 siblings, 0 replies; 36+ messages in thread
From: serue @ 2005-08-26 10:30 UTC (permalink / raw)
To: Stephen Smalley
Cc: serue, Chris Wright, linux-security-module, linux-kernel,
Kurt Garloff
Quoting Stephen Smalley (sds@epoch.ncsc.mil):
> On Fri, 2005-08-26 at 04:23 -0500, serue@us.ibm.com wrote:
> > Here are some numbers on a 4way x86 - PIII 700Mhz with 1G memory (hmm,
> > highmem not enabled). I should hopefully have a 2way ppc available
> > later today for a pair of runs.
> >
> > dbench and tbench were run 50 times each, kernbench and reaim 10 times
> > each. Results are mean +/- 95% confidence half-interval. Kernel had
> > selinux and capabilities compiled in.
> >
> > A little surprising: kernbench is improved, but dbench and tbench
> > are worse - though within the 95% CI.
>
> Might be interesting to roll in Chris' patch (sent separately to lsm and
> selinux list) for "remove selinux stacked ops" in place of your patch,
> as that will avoid the indirect call through the secondary_ops in
> SELinux. At that point, you can also disable the capability module
> altogether, as SELinux will just directly use the built-in cap_
> functions from commoncap.
True - I'll start a new set of jobs and hopefully report back sunday or
monday.
thanks,
-serge
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 0/5] LSM hook updates
2005-08-26 9:23 ` serue
@ 2005-08-26 13:27 ` Stephen Smalley
2005-08-26 10:30 ` serue
2005-08-26 16:41 ` Chris Wright
1 sibling, 1 reply; 36+ messages in thread
From: Stephen Smalley @ 2005-08-26 13:27 UTC (permalink / raw)
To: serue; +Cc: Chris Wright, linux-security-module, linux-kernel, Kurt Garloff
On Fri, 2005-08-26 at 04:23 -0500, serue@us.ibm.com wrote:
> Here are some numbers on a 4way x86 - PIII 700Mhz with 1G memory (hmm,
> highmem not enabled). I should hopefully have a 2way ppc available
> later today for a pair of runs.
>
> dbench and tbench were run 50 times each, kernbench and reaim 10 times
> each. Results are mean +/- 95% confidence half-interval. Kernel had
> selinux and capabilities compiled in.
>
> A little surprising: kernbench is improved, but dbench and tbench
> are worse - though within the 95% CI.
Might be interesting to roll in Chris' patch (sent separately to lsm and
selinux list) for "remove selinux stacked ops" in place of your patch,
as that will avoid the indirect call through the secondary_ops in
SELinux. At that point, you can also disable the capability module
altogether, as SELinux will just directly use the built-in cap_
functions from commoncap.
--
Stephen Smalley
National Security Agency
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 0/5] LSM hook updates
2005-08-26 9:23 ` serue
2005-08-26 13:27 ` Stephen Smalley
@ 2005-08-26 16:41 ` Chris Wright
2005-08-26 17:35 ` serue
1 sibling, 1 reply; 36+ messages in thread
From: Chris Wright @ 2005-08-26 16:41 UTC (permalink / raw)
To: serue
Cc: Chris Wright, linux-kernel, Kurt Garloff, Stephen Smalley,
linux-security-module
* serue@us.ibm.com (serue@us.ibm.com) wrote:
> Here are some numbers on a 4way x86 - PIII 700Mhz with 1G memory (hmm,
> highmem not enabled). I should hopefully have a 2way ppc available
> later today for a pair of runs.
Thanks for running these numbers Serge.
> dbench and tbench were run 50 times each, kernbench and reaim 10 times
> each. Results are mean +/- 95% confidence half-interval. Kernel had
> selinux and capabilities compiled in.
>
> A little surprising: kernbench is improved, but dbench and tbench
> are worse - though within the 95% CI.
It is interesting. Would be good to see what happens with the cap_ bits
used in SELinux instead of secondary callout. Also, need to run ia64,
do you have an ia64 box?
thanks,
-chris
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 2/5] Rework stubs in security.h
2005-08-25 1:20 ` [PATCH 2/5] Rework stubs in security.h Chris Wright
@ 2005-08-26 17:31 ` Tony Jones
2005-08-26 17:59 ` Chris Wright
2005-08-26 18:00 ` Stephen Smalley
0 siblings, 2 replies; 36+ messages in thread
From: Tony Jones @ 2005-08-26 17:31 UTC (permalink / raw)
To: Chris Wright; +Cc: linux-security-module, linux-kernel, Kurt Garloff
On Wed, Aug 24, 2005 at 06:20:30PM -0700, Chris Wright wrote:
> static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
> {
> +#ifdef CONFIG_SECURITY
> return security_ops->ptrace (parent, child);
> +#else
> + return cap_ptrace (parent, child);
> +#endif
> +
> }
The discussion about composing with commoncap made me think about whether
this is the best way to do this. It seems that we're heading towards a
requirement that every module internally compose with commoncap.
If so (apart from the obvious correctness issues when they don't) it's work
for each module and composing N of them under stacker obviously creates
overhead.
Would the following not be a better approach?
static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
{
int ret;
ret=cap_ptrace (parent, child);
#ifdef CONFIG_SECURITY
if (!ret && security_ops->ptrace)
ret=security_ops->ptrace(parent, child);
#endif
return ret;
}
If every module is already internally composing, there shouldn't be a
performance cost for the additional branch inside the #ifdef.
I havn't looked at every single hook and it's users to see if this would
cause a problem. I noticed SELinux calls sec->capget() post rather than pre
it's processing which may be an issue.
Tony
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 0/5] LSM hook updates
2005-08-26 16:41 ` Chris Wright
@ 2005-08-26 17:35 ` serue
2005-08-26 17:49 ` Chris Wright
0 siblings, 1 reply; 36+ messages in thread
From: serue @ 2005-08-26 17:35 UTC (permalink / raw)
To: Chris Wright
Cc: serue, linux-kernel, Kurt Garloff, Stephen Smalley,
linux-security-module
Quoting Chris Wright (chrisw@osdl.org):
> > A little surprising: kernbench is improved, but dbench and tbench
> > are worse - though within the 95% CI.
>
> It is interesting. Would be good to see what happens with the cap_ bits
> used in SELinux instead of secondary callout.
Here are the new numbers next to the originals. 'patchedv2' is
obviously with your new patch. Kernbench keeps getting faster :)
dbench (throughput, larger is better):
original: 357.957780 +/- 3.509188
patched: 351.266820 +/- 4.736168
patchedv2: 352.414880 +/- 3.649639
tbench (throughput, larger is better):
original: 38.710270 +/- 0.028970
patched: 38.210506 +/- 0.032954
patchedv2: 38.018038 +/- 0.024762
kernbench (time, smaller is better):
original: 91.837000 +/- 0.324471
patched: 91.466000 +/- 0.308797
patchedv2: 91.079000 +/- 0.236836
reaim (#children vs throughput, larger is better):
original:
1 48702.197000 1875.223996
3 131411.870000 4497.107969
5 130219.174000 6365.289551
7 162377.027000 3131.071134
9 155432.904000 4964.935291
11 169784.384000 4490.812272
13 164540.169000 3902.652904
15 172983.569000 3149.934591
patched:
1 47525.273000 1509.578035
3 132151.651000 2282.043786
5 131244.291000 5874.212092
7 165629.693000 4646.641230
9 156163.110000 3422.903849
11 170608.526000 4132.988693
13 164863.102000 3664.214481
15 172947.803000 2548.662380
patchedv2:
1 46796.702000 1454.752458
3 126771.430000 3296.287229
5 132779.408000 4786.218275
7 165525.949000 3364.383587
9 156160.772000 3358.822121
11 172681.856000 2524.954098
13 162618.395000 4892.710796
15 172982.170000 3105.761847
> Also, need to run ia64,
> do you have an ia64 box?
Not a one, I'm afraid.
-serge
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 0/5] LSM hook updates
2005-08-26 17:35 ` serue
@ 2005-08-26 17:49 ` Chris Wright
0 siblings, 0 replies; 36+ messages in thread
From: Chris Wright @ 2005-08-26 17:49 UTC (permalink / raw)
To: serue
Cc: Chris Wright, linux-kernel, Kurt Garloff, Stephen Smalley,
linux-security-module
* serue@us.ibm.com (serue@us.ibm.com) wrote:
> Quoting Chris Wright (chrisw@osdl.org):
> > > A little surprising: kernbench is improved, but dbench and tbench
> > > are worse - though within the 95% CI.
> >
> > It is interesting. Would be good to see what happens with the cap_ bits
> > used in SELinux instead of secondary callout.
>
> Here are the new numbers next to the originals. 'patchedv2' is
> obviously with your new patch. Kernbench keeps getting faster :)
Thanks again. Hmm, tbench fell a bit more, reaim is sort of all over
the place. Do you have a harness for this? I can run same on hardware
here (in particular I'm interested to do P4 and ia64).
thanks,
-chris
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 2/5] Rework stubs in security.h
2005-08-26 17:31 ` Tony Jones
@ 2005-08-26 17:59 ` Chris Wright
2005-08-26 18:03 ` Tony Jones
2005-08-26 18:00 ` Stephen Smalley
1 sibling, 1 reply; 36+ messages in thread
From: Chris Wright @ 2005-08-26 17:59 UTC (permalink / raw)
To: Tony Jones
Cc: Chris Wright, linux-security-module, linux-kernel, Kurt Garloff
* Tony Jones (tonyj@suse.de) wrote:
> The discussion about composing with commoncap made me think about whether
> this is the best way to do this. It seems that we're heading towards a
> requirement that every module internally compose with commoncap.
Not a requirement, it's a choice ATM.
> If so (apart from the obvious correctness issues when they don't) it's work
> for each module and composing N of them under stacker obviously creates
> overhead.
>
> Would the following not be a better approach?
>
> static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
> {
> int ret;
> ret=cap_ptrace (parent, child);
> #ifdef CONFIG_SECURITY
> if (!ret && security_ops->ptrace)
> ret=security_ops->ptrace(parent, child);
> #endif
> return ret;
> }
Heh, this was next on my list. I just wanted to separate the changes to
one at a time so we can easily measure the impact. This becomes another
policy shift.
> If every module is already internally composing, there shouldn't be a
> performance cost for the additional branch inside the #ifdef.
This needs measurement to verify.
> I havn't looked at every single hook and it's users to see if this would
> cause a problem. I noticed SELinux calls sec->capget() post rather than pre
> it's processing which may be an issue.
Yes, that need careful inspection.
thanks,
-chris
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 2/5] Rework stubs in security.h
2005-08-26 17:31 ` Tony Jones
2005-08-26 17:59 ` Chris Wright
@ 2005-08-26 18:00 ` Stephen Smalley
2005-08-26 18:08 ` Chris Wright
2005-08-26 18:11 ` Tony Jones
1 sibling, 2 replies; 36+ messages in thread
From: Stephen Smalley @ 2005-08-26 18:00 UTC (permalink / raw)
To: Tony Jones
Cc: Chris Wright, Kurt Garloff, linux-security-module, linux-kernel
On Fri, 2005-08-26 at 10:31 -0700, Tony Jones wrote:
> On Wed, Aug 24, 2005 at 06:20:30PM -0700, Chris Wright wrote:
>
> > static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
> > {
> > +#ifdef CONFIG_SECURITY
> > return security_ops->ptrace (parent, child);
> > +#else
> > + return cap_ptrace (parent, child);
> > +#endif
> > +
> > }
With the third patch applied, it looks like this instead:
static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
{
#ifdef CONFIG_SECURITY
if (security_ops->ptrace)
return security_ops->ptrace(parent, child);
#endif
return cap_ptrace (parent, child);
}
> The discussion about composing with commoncap made me think about whether
> this is the best way to do this. It seems that we're heading towards a
> requirement that every module internally compose with commoncap.
>
>
> If so (apart from the obvious correctness issues when they don't) it's work
> for each module and composing N of them under stacker obviously creates
> overhead.
Only matters if there are two or more modules that need to be used
together and both need to override/supplement the capability logic for a
given hook.
> Would the following not be a better approach?
>
> static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
> {
> int ret;
> ret=cap_ptrace (parent, child);
> #ifdef CONFIG_SECURITY
> if (!ret && security_ops->ptrace)
> ret=security_ops->ptrace(parent, child);
> #endif
> return ret;
> }
That makes capability part of the core kernel again, just like DAC,
which means that you can never override a capability denial in your
module. We sometimes want to override the capability implementation,
not just apply further restrictions after it. cap_inode_setxattr and
cap_inode_removexattr are examples; they prohibit any access to _all_
security attributes without CAP_SYS_ADMIN, whereas SELinux wants to
allow access to security.selinux if you pass a certain set of its own
permission checks. vm_enough_memory is another problem area due to vm
accounting handled internally.
> If every module is already internally composing, there shouldn't be a
> performance cost for the additional branch inside the #ifdef.
>
> I havn't looked at every single hook and it's users to see if this would
> cause a problem. I noticed SELinux calls sec->capget() post rather than pre
> it's processing which may be an issue.
That one isn't so much an issue as the xattr ones and vm_enough_memory
case. But more generally, if you think about moving toward a place
where one can grant privileges to processes based solely on their
role/domain, you'll need the same ability for capable and other hooks
too. Naturally, that can't be done safely without a lot more work on
userspace and policy, but it is a long term goal.
--
Stephen Smalley
National Security Agency
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 2/5] Rework stubs in security.h
2005-08-26 17:59 ` Chris Wright
@ 2005-08-26 18:03 ` Tony Jones
0 siblings, 0 replies; 36+ messages in thread
From: Tony Jones @ 2005-08-26 18:03 UTC (permalink / raw)
To: Chris Wright
Cc: Tony Jones, Kurt Garloff, linux-security-module, linux-kernel
On Fri, Aug 26, 2005 at 10:59:52AM -0700, Chris Wright wrote:
> * Tony Jones (tonyj@suse.de) wrote:
> > The discussion about composing with commoncap made me think about whether
> > this is the best way to do this. It seems that we're heading towards a
> > requirement that every module internally compose with commoncap.
>
> Not a requirement, it's a choice ATM.
Can you think of a case where the choice (on the part of the module author)
to not do so makes any sense?
> Heh, this was next on my list. I just wanted to separate the changes to
> one at a time so we can easily measure the impact. This becomes another
> policy shift.
I understand the advantages of clearly measuring the impact of each change
independantly but with SELinux having to change how they use their secondaries
at the same time, I'm not sure there is a lot of difference between the
two phases.
> > If every module is already internally composing, there shouldn't be a
> > performance cost for the additional branch inside the #ifdef.
>
> This needs measurement to verify.
Agreed. So does the current proposal :-)
Tony
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 2/5] Rework stubs in security.h
2005-08-26 18:00 ` Stephen Smalley
@ 2005-08-26 18:08 ` Chris Wright
2005-08-26 18:11 ` Tony Jones
1 sibling, 0 replies; 36+ messages in thread
From: Chris Wright @ 2005-08-26 18:08 UTC (permalink / raw)
To: Stephen Smalley
Cc: Tony Jones, Chris Wright, Kurt Garloff, linux-security-module,
linux-kernel
* Stephen Smalley (sds@tycho.nsa.gov) wrote:
> That one isn't so much an issue as the xattr ones and vm_enough_memory
> case. But more generally, if you think about moving toward a place
> where one can grant privileges to processes based solely on their
> role/domain, you'll need the same ability for capable and other hooks
> too. Naturally, that can't be done safely without a lot more work on
> userspace and policy, but it is a long term goal.
Right, you've mentioned that before, thanks for bringing that up.
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 2/5] Rework stubs in security.h
2005-08-26 18:00 ` Stephen Smalley
2005-08-26 18:08 ` Chris Wright
@ 2005-08-26 18:11 ` Tony Jones
1 sibling, 0 replies; 36+ messages in thread
From: Tony Jones @ 2005-08-26 18:11 UTC (permalink / raw)
To: Stephen Smalley
Cc: Chris Wright, Kurt Garloff, linux-security-module, linux-kernel
On Fri, Aug 26, 2005 at 02:00:56PM -0400, Stephen Smalley wrote:
>
> That makes capability part of the core kernel again, just like DAC,
> which means that you can never override a capability denial in your
> module. We sometimes want to override the capability implementation,
> not just apply further restrictions after it. cap_inode_setxattr and
> cap_inode_removexattr are examples; they prohibit any access to _all_
Right, the rationale behind cap_stack.c. Good point. I'd forgotten that.
I guess selective internal composition is the way to go.
Tony
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
2005-08-25 1:20 ` [PATCH 5/5] Remove unnecesary capability hooks in rootplug Chris Wright
2005-08-25 14:38 ` serue
@ 2005-08-31 6:34 ` Greg KH
2005-08-31 15:09 ` Chris Wright
1 sibling, 1 reply; 36+ messages in thread
From: Greg KH @ 2005-08-31 6:34 UTC (permalink / raw)
To: Chris Wright; +Cc: linux-security-module, linux-kernel, Kurt Garloff
On Wed, Aug 24, 2005 at 06:20:33PM -0700, Chris Wright wrote:
> Now that capability functions are default, rootplug no longer needs to
> manually add them to its security_ops.
>
> Cc: Greg Kroah <greg@kroah.com>
> Signed-off-by: Chris Wright <chrisw@osdl.org>
You can add:
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
to this one when you send it on.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 36+ messages in thread
* Re: [PATCH 5/5] Remove unnecesary capability hooks in rootplug.
2005-08-31 6:34 ` Greg KH
@ 2005-08-31 15:09 ` Chris Wright
0 siblings, 0 replies; 36+ messages in thread
From: Chris Wright @ 2005-08-31 15:09 UTC (permalink / raw)
To: Greg KH; +Cc: Chris Wright, linux-security-module, linux-kernel, Kurt Garloff
* Greg KH (greg@kroah.com) wrote:
> On Wed, Aug 24, 2005 at 06:20:33PM -0700, Chris Wright wrote:
> > Now that capability functions are default, rootplug no longer needs to
> > manually add them to its security_ops.
> >
> > Cc: Greg Kroah <greg@kroah.com>
> > Signed-off-by: Chris Wright <chrisw@osdl.org>
>
> You can add:
>
> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
>
> to this one when you send it on.
Thanks, will do.
-chris
^ permalink raw reply [flat|nested] 36+ messages in thread
end of thread, other threads:[~2005-08-31 15:09 UTC | newest]
Thread overview: 36+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-08-25 1:20 [PATCH 0/5] LSM hook updates Chris Wright
2005-08-25 1:20 ` [PATCH 1/5] Use capabilities as default w/ and w/out CONFIG_SECURITY Chris Wright
2005-08-25 1:20 ` [PATCH 2/5] Rework stubs in security.h Chris Wright
2005-08-26 17:31 ` Tony Jones
2005-08-26 17:59 ` Chris Wright
2005-08-26 18:03 ` Tony Jones
2005-08-26 18:00 ` Stephen Smalley
2005-08-26 18:08 ` Chris Wright
2005-08-26 18:11 ` Tony Jones
2005-08-25 1:20 ` [PATCH 3/5] Call security hooks conditionally if the security_op is filled out Chris Wright
2005-08-25 8:50 ` Kurt Garloff
2005-08-25 16:24 ` Chris Wright
2005-08-25 1:20 ` [PATCH 4/5] Remove unnecessary default capability callbacks Chris Wright
2005-08-25 1:20 ` [PATCH 5/5] Remove unnecesary capability hooks in rootplug Chris Wright
2005-08-25 14:38 ` serue
2005-08-25 15:13 ` Stephen Smalley
2005-08-25 16:21 ` Chris Wright
2005-08-25 16:23 ` Stephen Smalley
2005-08-25 17:06 ` Chris Wright
2005-08-25 21:13 ` Chris Wright
2005-08-25 16:28 ` serue
2005-08-25 21:12 ` Chris Wright
2005-08-31 6:34 ` Greg KH
2005-08-31 15:09 ` Chris Wright
2005-08-25 4:39 ` [PATCH 0/5] LSM hook updates James Morris
2005-08-25 5:32 ` Chris Wright
2005-08-25 19:15 ` Chris Wright
2005-08-26 9:23 ` serue
2005-08-26 13:27 ` Stephen Smalley
2005-08-26 10:30 ` serue
2005-08-26 16:41 ` Chris Wright
2005-08-26 17:35 ` serue
2005-08-26 17:49 ` Chris Wright
2005-08-25 9:52 ` serue
2005-08-25 10:18 ` serue
2005-08-25 16:19 ` Chris Wright
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox