~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/include/linux/ccsecurity.h

Version: ~ [ linux-4.14 ] ~ [ linux-4.13.12 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.61 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.97 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.46 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.80 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.50 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.95 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.39.4 ] ~ [ linux-2.6.38.8 ] ~ [ linux-2.6.37.6 ] ~ [ linux-2.6.36.4 ] ~ [ linux-2.6.35.14 ] ~ [ linux-2.6.34.15 ] ~ [ linux-2.6.33.20 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.27.62 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * include/linux/ccsecurity.h
  3  *
  4  * Copyright (C) 2005-2012  NTT DATA CORPORATION
  5  *
  6  * Version: 1.8.5   2015/11/11
  7  */
  8 
  9 #ifndef _LINUX_CCSECURITY_H
 10 #define _LINUX_CCSECURITY_H
 11 
 12 #include <linux/version.h>
 13 
 14 #ifndef __user
 15 #define __user
 16 #endif
 17 
 18 struct nameidata;
 19 struct path;
 20 struct dentry;
 21 struct vfsmount;
 22 struct linux_binprm;
 23 struct pt_regs;
 24 struct file;
 25 struct ctl_table;
 26 struct socket;
 27 struct sockaddr;
 28 struct sock;
 29 struct sk_buff;
 30 struct msghdr;
 31 struct pid_namespace;
 32 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 8, 0)
 33 int search_binary_handler(struct linux_binprm *bprm);
 34 #else
 35 int search_binary_handler(struct linux_binprm *bprm, struct pt_regs *regs);
 36 #endif
 37 
 38 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 0, 0)
 39 #include <linux/lsm2ccsecurity.h>
 40 #endif
 41 
 42 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0)
 43 /* Obtain definition of kuid_t and kgid_t. */
 44 #include <linux/uidgid.h>
 45 #endif
 46 
 47 #ifdef CONFIG_CCSECURITY
 48 
 49 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 36) && LINUX_VERSION_CODE < KERNEL_VERSION(3, 2, 0)
 50 /* Obtain prototype of __d_path(). */
 51 #include <linux/dcache.h>
 52 #endif
 53 
 54 /* For exporting variables and functions. */
 55 struct ccsecurity_exports {
 56         void (*load_policy) (const char *filename);
 57 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 2, 0)
 58         char * (*d_absolute_path) (const struct path *, char *, int);
 59 #elif LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 36)
 60         typeof(__d_path) (*__d_path);
 61 #elif LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 0)
 62         spinlock_t *vfsmount_lock;
 63 #endif
 64 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
 65         struct task_struct * (*find_task_by_vpid) (pid_t nr);
 66         struct task_struct * (*find_task_by_pid_ns) (pid_t nr,
 67                                                      struct pid_namespace *ns);
 68 #endif
 69 };
 70 
 71 /* For doing access control. */
 72 struct ccsecurity_operations {
 73         void (*check_profile) (void);
 74 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 25)
 75         int (*chroot_permission) (const struct path *path);
 76         int (*pivot_root_permission) (const struct path *old_path,
 77                                       const struct path *new_path);
 78         int (*mount_permission) (const char *dev_name, const struct path *path,
 79                                  const char *type, unsigned long flags,
 80                                  void *data_page);
 81 #else
 82         int (*chroot_permission) (struct nameidata *nd);
 83         int (*pivot_root_permission) (struct nameidata *old_nd,
 84                                       struct nameidata *new_nd);
 85         int (*mount_permission) (const char *dev_name, struct nameidata *nd,
 86                                  const char *type, unsigned long flags,
 87                                  void *data_page);
 88 #endif
 89         int (*umount_permission) (struct vfsmount *mnt, int flags);
 90         _Bool (*lport_reserved) (const u16 port);
 91 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 32)
 92         void (*save_open_mode) (int mode);
 93         void (*clear_open_mode) (void);
 94         int (*open_permission) (struct dentry *dentry, struct vfsmount *mnt,
 95                                 const int flag);
 96 #else
 97         int (*open_permission) (struct file *file);
 98 #endif
 99         int (*ptrace_permission) (long request, long pid);
100         int (*ioctl_permission) (struct file *filp, unsigned int cmd,
101                                  unsigned long arg);
102         int (*parse_table) (int __user *name, int nlen, void __user *oldval,
103                             void __user *newval, struct ctl_table *table);
104         _Bool (*capable) (const u8 operation);
105         int (*mknod_permission) (struct dentry *dentry, struct vfsmount *mnt,
106                                  unsigned int mode, unsigned int dev);
107         int (*mkdir_permission) (struct dentry *dentry, struct vfsmount *mnt,
108                                  unsigned int mode);
109         int (*rmdir_permission) (struct dentry *dentry, struct vfsmount *mnt);
110         int (*unlink_permission) (struct dentry *dentry, struct vfsmount *mnt);
111         int (*symlink_permission) (struct dentry *dentry, struct vfsmount *mnt,
112                                    const char *from);
113         int (*truncate_permission) (struct dentry *dentry,
114                                     struct vfsmount *mnt);
115         int (*rename_permission) (struct dentry *old_dentry,
116                                   struct dentry *new_dentry,
117                                   struct vfsmount *mnt);
118         int (*link_permission) (struct dentry *old_dentry,
119                                 struct dentry *new_dentry,
120                                 struct vfsmount *mnt);
121 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 30)
122         int (*open_exec_permission) (struct dentry *dentry,
123                                      struct vfsmount *mnt);
124         int (*uselib_permission) (struct dentry *dentry, struct vfsmount *mnt);
125 #endif
126         int (*fcntl_permission) (struct file *file, unsigned int cmd,
127                                  unsigned long arg);
128         int (*kill_permission) (pid_t pid, int sig);
129         int (*tgkill_permission) (pid_t tgid, pid_t pid, int sig);
130         int (*tkill_permission) (pid_t pid, int sig);
131         int (*socket_create_permission) (int family, int type, int protocol);
132         int (*socket_listen_permission) (struct socket *sock);
133         int (*socket_connect_permission) (struct socket *sock,
134                                           struct sockaddr *addr, int addr_len);
135         int (*socket_bind_permission) (struct socket *sock,
136                                        struct sockaddr *addr, int addr_len);
137         int (*socket_post_accept_permission) (struct socket *sock,
138                                               struct socket *newsock);
139         int (*socket_sendmsg_permission) (struct socket *sock,
140                                           struct msghdr *msg, int size);
141         int (*socket_post_recvmsg_permission) (struct sock *sk,
142                                                struct sk_buff *skb, int flags);
143 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0)
144         int (*chown_permission) (struct dentry *dentry, struct vfsmount *mnt,
145                                  kuid_t user, kgid_t group);
146 #else
147         int (*chown_permission) (struct dentry *dentry, struct vfsmount *mnt,
148                                  uid_t user, gid_t group);
149 #endif
150         int (*chmod_permission) (struct dentry *dentry, struct vfsmount *mnt,
151                                  mode_t mode);
152         int (*getattr_permission) (struct vfsmount *mnt,
153                                    struct dentry *dentry);
154         int (*sigqueue_permission) (pid_t pid, int sig);
155         int (*tgsigqueue_permission) (pid_t tgid, pid_t pid, int sig);
156 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 8, 0)
157         int (*search_binary_handler) (struct linux_binprm *bprm);
158 #else
159         int (*search_binary_handler) (struct linux_binprm *bprm,
160                                       struct pt_regs *regs);
161 #endif
162 #ifdef CONFIG_CCSECURITY_USE_EXTERNAL_TASK_SECURITY
163         int (*alloc_task_security) (const struct task_struct *task);
164         void (*free_task_security) (const struct task_struct *task);
165 #endif
166         _Bool disabled;
167 };
168 
169 extern struct ccsecurity_operations ccsecurity_ops;
170 
171 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 25)
172 
173 static inline int ccs_chroot_permission(const struct path *path)
174 {
175         int (*func) (const struct path *) = ccsecurity_ops.chroot_permission;
176         return func ? func(path) : 0;
177 }
178 
179 static inline int ccs_pivot_root_permission(const struct path *old_path,
180                                             const struct path *new_path)
181 {
182         int (*func) (const struct path *, const struct path *)
183                 = ccsecurity_ops.pivot_root_permission;
184         return func ? func(old_path, new_path) : 0;
185 }
186 
187 static inline int ccs_mount_permission(const char *dev_name,
188                                        const struct path *path,
189                                        const char *type, unsigned long flags,
190                                        void *data_page)
191 {
192         int (*func) (const char *, const struct path *, const char *,
193                      unsigned long, void *) = ccsecurity_ops.mount_permission;
194         return func ? func(dev_name, path, type, flags, data_page) : 0;
195 }
196 
197 #else
198 
199 static inline int ccs_chroot_permission(struct nameidata *nd)
200 {
201         int (*func) (struct nameidata *) = ccsecurity_ops.chroot_permission;
202         return func ? func(nd) : 0;
203 }
204 
205 static inline int ccs_pivot_root_permission(struct nameidata *old_nd,
206                                             struct nameidata *new_nd)
207 {
208         int (*func) (struct nameidata *, struct nameidata *)
209                 = ccsecurity_ops.pivot_root_permission;
210         return func ? func(old_nd, new_nd) : 0;
211 }
212 
213 static inline int ccs_mount_permission(const char *dev_name,
214                                        struct nameidata *nd, const char *type,
215                                        unsigned long flags, void *data_page)
216 {
217         int (*func) (const char *, struct nameidata *, const char *,
218                      unsigned long, void *) = ccsecurity_ops.mount_permission;
219         return func ? func(dev_name, nd, type, flags, data_page) : 0;
220 }
221 
222 #endif
223 
224 static inline int ccs_umount_permission(struct vfsmount *mnt, int flags)
225 {
226         int (*func) (struct vfsmount *, int)
227                 = ccsecurity_ops.umount_permission;
228         return func ? func(mnt, flags) : 0;
229 }
230 
231 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 32)
232 
233 static inline void ccs_save_open_mode(int mode)
234 {
235         void (*func) (int) = ccsecurity_ops.save_open_mode;
236         if (func)
237                 func(mode);
238 }
239 
240 static inline void ccs_clear_open_mode(void)
241 {
242         void (*func) (void) = ccsecurity_ops.clear_open_mode;
243         if (func)
244                 func();
245 }
246 
247 static inline int ccs_open_permission(struct dentry *dentry,
248                                       struct vfsmount *mnt, const int flag)
249 {
250         int (*func) (struct dentry *, struct vfsmount *, const int)
251                 = ccsecurity_ops.open_permission;
252         return func ? func(dentry, mnt, flag) : 0;
253 }
254 
255 #else
256 
257 static inline int ccs_open_permission(struct file *filp)
258 {
259         int (*func) (struct file *) = ccsecurity_ops.open_permission;
260         return func ? func(filp) : 0;
261 }
262 
263 #endif
264 
265 static inline int ccs_fcntl_permission(struct file *file, unsigned int cmd,
266                                        unsigned long arg)
267 {
268         int (*func) (struct file *, unsigned int, unsigned long)
269                 = ccsecurity_ops.fcntl_permission;
270         return func ? func(file, cmd, arg) : 0;
271 }
272 
273 static inline int ccs_ioctl_permission(struct file *filp, unsigned int cmd,
274                                        unsigned long arg)
275 {
276         int (*func) (struct file *, unsigned int, unsigned long)
277                 = ccsecurity_ops.ioctl_permission;
278         return func ? func(filp, cmd, arg) : 0;
279 }
280 
281 static inline int ccs_parse_table(int __user *name, int nlen,
282                                   void __user *oldval, void __user *newval,
283                                   struct ctl_table *table)
284 {
285         int (*func) (int __user *, int, void __user *, void __user *,
286                      struct ctl_table *) = ccsecurity_ops.parse_table;
287         return func ? func(name, nlen, oldval, newval, table) : 0;
288 }
289 
290 static inline int ccs_mknod_permission(struct dentry *dentry,
291                                        struct vfsmount *mnt, unsigned int mode,
292                                        unsigned int dev)
293 {
294         int (*func) (struct dentry *, struct vfsmount *, unsigned int,
295                      unsigned int) = ccsecurity_ops.mknod_permission;
296         return func ? func(dentry, mnt, mode, dev) : 0;
297 }
298 
299 static inline int ccs_mkdir_permission(struct dentry *dentry,
300                                        struct vfsmount *mnt, unsigned int mode)
301 {
302         int (*func) (struct dentry *, struct vfsmount *, unsigned int)
303                 = ccsecurity_ops.mkdir_permission;
304         return func ? func(dentry, mnt, mode) : 0;
305 }
306 
307 static inline int ccs_rmdir_permission(struct dentry *dentry,
308                                        struct vfsmount *mnt)
309 {
310         int (*func) (struct dentry *, struct vfsmount *)
311                 = ccsecurity_ops.rmdir_permission;
312         return func ? func(dentry, mnt) : 0;
313 }
314 
315 static inline int ccs_unlink_permission(struct dentry *dentry,
316                                         struct vfsmount *mnt)
317 {
318         int (*func) (struct dentry *, struct vfsmount *)
319                 = ccsecurity_ops.unlink_permission;
320         return func ? func(dentry, mnt) : 0;
321 }
322 
323 static inline int ccs_symlink_permission(struct dentry *dentry,
324                                          struct vfsmount *mnt,
325                                          const char *from)
326 {
327         int (*func) (struct dentry *, struct vfsmount *, const char *)
328                 = ccsecurity_ops.symlink_permission;
329         return func ? func(dentry, mnt, from) : 0;
330 }
331 
332 static inline int ccs_truncate_permission(struct dentry *dentry,
333                                           struct vfsmount *mnt)
334 {
335         int (*func) (struct dentry *, struct vfsmount *)
336                 = ccsecurity_ops.truncate_permission;
337         return func ? func(dentry, mnt) : 0;
338 }
339 
340 static inline int ccs_rename_permission(struct dentry *old_dentry,
341                                         struct dentry *new_dentry,
342                                         struct vfsmount *mnt)
343 {
344         int (*func) (struct dentry *, struct dentry *, struct vfsmount *)
345                 = ccsecurity_ops.rename_permission;
346         return func ? func(old_dentry, new_dentry, mnt) : 0;
347 }
348 
349 static inline int ccs_link_permission(struct dentry *old_dentry,
350                                       struct dentry *new_dentry,
351                                       struct vfsmount *mnt)
352 {
353         int (*func) (struct dentry *, struct dentry *, struct vfsmount *)
354                 = ccsecurity_ops.link_permission;
355         return func ? func(old_dentry, new_dentry, mnt) : 0;
356 }
357 
358 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 30)
359 
360 static inline int ccs_open_exec_permission(struct dentry *dentry,
361                                            struct vfsmount *mnt)
362 {
363         int (*func) (struct dentry *, struct vfsmount *)
364                 = ccsecurity_ops.open_exec_permission;
365         return func ? func(dentry, mnt) : 0;
366 }
367 
368 static inline int ccs_uselib_permission(struct dentry *dentry,
369                                         struct vfsmount *mnt)
370 {
371         int (*func) (struct dentry *, struct vfsmount *)
372                 = ccsecurity_ops.uselib_permission;
373         return func ? func(dentry, mnt) : 0;
374 }
375 
376 #endif
377 
378 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0)
379 
380 static inline int ccs_chown_permission(struct dentry *dentry,
381                                        struct vfsmount *mnt, kuid_t user,
382                                        kgid_t group)
383 {
384         int (*func) (struct dentry *, struct vfsmount *, kuid_t, kgid_t)
385                 = ccsecurity_ops.chown_permission;
386         return func ? func(dentry, mnt, user, group) : 0;
387 }
388 
389 #else
390 
391 static inline int ccs_chown_permission(struct dentry *dentry,
392                                        struct vfsmount *mnt, uid_t user,
393                                        gid_t group)
394 {
395         int (*func) (struct dentry *, struct vfsmount *, uid_t, gid_t)
396                 = ccsecurity_ops.chown_permission;
397         return func ? func(dentry, mnt, user, group) : 0;
398 }
399 
400 #endif
401 
402 static inline int ccs_chmod_permission(struct dentry *dentry,
403                                        struct vfsmount *mnt, mode_t mode)
404 {
405         int (*func) (struct dentry *, struct vfsmount *, mode_t)
406                 = ccsecurity_ops.chmod_permission;
407         return func ? func(dentry, mnt, mode) : 0;
408 }
409 
410 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 8, 0)
411 
412 static inline int ccs_search_binary_handler(struct linux_binprm *bprm)
413 {
414         return ccsecurity_ops.search_binary_handler(bprm);
415 }
416 
417 #else
418 
419 static inline int ccs_search_binary_handler(struct linux_binprm *bprm,
420                                             struct pt_regs *regs)
421 {
422         return ccsecurity_ops.search_binary_handler(bprm, regs);
423 }
424 
425 #endif
426 
427 #else
428 
429 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 25)
430 
431 static inline int ccs_chroot_permission(const struct path *path)
432 {
433         return 0;
434 }
435 
436 static inline int ccs_pivot_root_permission(const struct path *old_path,
437                                             const struct path *new_path)
438 {
439         return 0;
440 }
441 
442 static inline int ccs_mount_permission(const char *dev_name,
443                                        const struct path *path,
444                                        const char *type, unsigned long flags,
445                                        void *data_page)
446 {
447         return 0;
448 }
449 
450 #else
451 
452 static inline int ccs_chroot_permission(struct nameidata *nd)
453 {
454         return 0;
455 }
456 
457 static inline int ccs_pivot_root_permission(struct nameidata *old_nd,
458                                             struct nameidata *new_nd)
459 {
460         return 0;
461 }
462 
463 static inline int ccs_mount_permission(const char *dev_name,
464                                        struct nameidata *nd, const char *type,
465                                        unsigned long flags, void *data_page)
466 {
467         return 0;
468 }
469 
470 #endif
471 
472 static inline int ccs_umount_permission(struct vfsmount *mnt, int flags)
473 {
474         return 0;
475 }
476 
477 static inline void ccs_save_open_mode(int mode)
478 {
479 }
480 
481 static inline void ccs_clear_open_mode(void)
482 {
483 }
484 
485 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 32)
486 
487 static inline int ccs_open_permission(struct dentry *dentry,
488                                       struct vfsmount *mnt, const int flag)
489 {
490         return 0;
491 }
492 
493 #else
494 
495 static inline int ccs_open_permission(struct file *filp)
496 {
497         return 0;
498 }
499 
500 #endif
501 
502 static inline int ccs_ioctl_permission(struct file *filp, unsigned int cmd,
503                                        unsigned long arg)
504 {
505         return 0;
506 }
507 
508 static inline int ccs_parse_table(int __user *name, int nlen,
509                                   void __user *oldval, void __user *newval,
510                                   struct ctl_table *table)
511 {
512         return 0;
513 }
514 
515 static inline int ccs_mknod_permission(struct dentry *dentry,
516                                        struct vfsmount *mnt, unsigned int mode,
517                                        unsigned int dev)
518 {
519         return 0;
520 }
521 
522 static inline int ccs_mkdir_permission(struct dentry *dentry,
523                                        struct vfsmount *mnt, unsigned int mode)
524 {
525         return 0;
526 }
527 
528 static inline int ccs_rmdir_permission(struct dentry *dentry,
529                                        struct vfsmount *mnt)
530 {
531         return 0;
532 }
533 
534 static inline int ccs_unlink_permission(struct dentry *dentry,
535                                         struct vfsmount *mnt)
536 {
537         return 0;
538 }
539 
540 static inline int ccs_symlink_permission(struct dentry *dentry,
541                                          struct vfsmount *mnt,
542                                          const char *from)
543 {
544         return 0;
545 }
546 
547 static inline int ccs_truncate_permission(struct dentry *dentry,
548                                           struct vfsmount *mnt)
549 {
550         return 0;
551 }
552 
553 static inline int ccs_rename_permission(struct dentry *old_dentry,
554                                         struct dentry *new_dentry,
555                                         struct vfsmount *mnt)
556 {
557         return 0;
558 }
559 
560 static inline int ccs_link_permission(struct dentry *old_dentry,
561                                       struct dentry *new_dentry,
562                                       struct vfsmount *mnt)
563 {
564         return 0;
565 }
566 
567 static inline int ccs_open_exec_permission(struct dentry *dentry,
568                                            struct vfsmount *mnt)
569 {
570         return 0;
571 }
572 
573 static inline int ccs_uselib_permission(struct dentry *dentry,
574                                         struct vfsmount *mnt)
575 {
576         return 0;
577 }
578 
579 static inline int ccs_fcntl_permission(struct file *file, unsigned int cmd,
580                                        unsigned long arg)
581 {
582         return 0;
583 }
584 
585 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0)
586 
587 static inline int ccs_chown_permission(struct dentry *dentry,
588                                        struct vfsmount *mnt, kuid_t user,
589                                        kgid_t group)
590 {
591         return 0;
592 }
593 
594 #else
595 
596 static inline int ccs_chown_permission(struct dentry *dentry,
597                                        struct vfsmount *mnt, uid_t user,
598                                        gid_t group)
599 {
600         return 0;
601 }
602 
603 #endif
604 
605 static inline int ccs_chmod_permission(struct dentry *dentry,
606                                        struct vfsmount *mnt, mode_t mode)
607 {
608         return 0;
609 }
610 
611 #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 8, 0)
612 
613 static inline int ccs_search_binary_handler(struct linux_binprm *bprm)
614 {
615         return search_binary_handler(bprm);
616 }
617 
618 #else
619 
620 static inline int ccs_search_binary_handler(struct linux_binprm *bprm,
621                                             struct pt_regs *regs)
622 {
623         return search_binary_handler(bprm, regs);
624 }
625 
626 #endif
627 
628 #endif
629 
630 #ifdef CONFIG_CCSECURITY_USE_EXTERNAL_TASK_SECURITY
631 
632 static inline int ccs_alloc_task_security(const struct task_struct *task)
633 {
634         int (*func) (const struct task_struct *)
635                 = ccsecurity_ops.alloc_task_security;
636         return func ? func(task) : 0;
637 }
638 
639 static inline void ccs_free_task_security(const struct task_struct *task)
640 {
641         void (*func) (const struct task_struct *)
642                 = ccsecurity_ops.free_task_security;
643         if (func)
644                 func(task);
645 }
646 
647 #else
648 
649 static inline int ccs_alloc_task_security(const struct task_struct *task)
650 {
651         return 0;
652 }
653 
654 static inline void ccs_free_task_security(const struct task_struct *task)
655 {
656 }
657 
658 #endif
659 
660 #ifdef CONFIG_CCSECURITY_FILE_GETATTR
661 
662 static inline int ccs_getattr_permission(struct vfsmount *mnt,
663                                          struct dentry *dentry)
664 {
665         int (*func) (struct vfsmount *, struct dentry *)
666                 = ccsecurity_ops.getattr_permission;
667         return func ? func(mnt, dentry) : 0;
668 }
669 
670 #else
671 
672 static inline int ccs_getattr_permission(struct vfsmount *mnt,
673                                          struct dentry *dentry)
674 {
675         return 0;
676 }
677 
678 #endif
679 
680 #ifdef CONFIG_CCSECURITY_NETWORK
681 
682 static inline int ccs_socket_listen_permission(struct socket *sock)
683 {
684         int (*func) (struct socket *)
685                 = ccsecurity_ops.socket_listen_permission;
686         return func ? func(sock) : 0;
687 }
688 
689 static inline int ccs_socket_connect_permission(struct socket *sock,
690                                                 struct sockaddr *addr,
691                                                 int addr_len)
692 {
693         int (*func) (struct socket *, struct sockaddr *, int)
694                 = ccsecurity_ops.socket_connect_permission;
695         return func ? func(sock, addr, addr_len) : 0;
696 }
697 
698 static inline int ccs_socket_bind_permission(struct socket *sock,
699                                              struct sockaddr *addr,
700                                              int addr_len)
701 {
702         int (*func) (struct socket *, struct sockaddr *, int)
703                 = ccsecurity_ops.socket_bind_permission;
704         return func ? func(sock, addr, addr_len) : 0;
705 }
706 
707 static inline int ccs_socket_post_accept_permission(struct socket *sock,
708                                                     struct socket *newsock)
709 {
710         int (*func) (struct socket *, struct socket *)
711                 = ccsecurity_ops.socket_post_accept_permission;
712         return func ? func(sock, newsock) : 0;
713 }
714 
715 static inline int ccs_socket_sendmsg_permission(struct socket *sock,
716                                                 struct msghdr *msg,
717                                                 int size)
718 {
719         int (*func) (struct socket *, struct msghdr *, int)
720                 = ccsecurity_ops.socket_sendmsg_permission;
721         return func ? func(sock, msg, size) : 0;
722 }
723 
724 #else
725 
726 static inline int ccs_socket_listen_permission(struct socket *sock)
727 {
728         return 0;
729 }
730 
731 static inline int ccs_socket_connect_permission(struct socket *sock,
732                                                 struct sockaddr *addr,
733                                                 int addr_len)
734 {
735         return 0;
736 }
737 
738 static inline int ccs_socket_bind_permission(struct socket *sock,
739                                              struct sockaddr *addr,
740                                              int addr_len)
741 {
742         return 0;
743 }
744 
745 static inline int ccs_socket_post_accept_permission(struct socket *sock,
746                                                     struct socket *newsock)
747 {
748         return 0;
749 }
750 
751 static inline int ccs_socket_sendmsg_permission(struct socket *sock,
752                                                 struct msghdr *msg,
753                                                 int size)
754 {
755         return 0;
756 }
757 
758 #endif
759 
760 #ifdef CONFIG_CCSECURITY_NETWORK_RECVMSG
761 
762 static inline int ccs_socket_post_recvmsg_permission(struct sock *sk,
763                                                      struct sk_buff *skb,
764                                                      int flags)
765 {
766         int (*func) (struct sock *, struct sk_buff *, int)
767                 = ccsecurity_ops.socket_post_recvmsg_permission;
768         return func ? func(sk, skb, flags) : 0;
769 }
770 
771 #else
772 
773 static inline int ccs_socket_post_recvmsg_permission(struct sock *sk,
774                                                      struct sk_buff *skb,
775                                                      int flags)
776 {
777         return 0;
778 }
779 
780 #endif
781 
782 #ifdef CONFIG_CCSECURITY_PORTRESERVE
783 
784 static inline _Bool ccs_lport_reserved(const u16 port)
785 {
786         _Bool (*func) (const u16) = ccsecurity_ops.lport_reserved;
787         return func ? func(port) : 0;
788 }
789 
790 #else
791 
792 static inline _Bool ccs_lport_reserved(const u16 port)
793 {
794         return 0;
795 }
796 
797 #endif
798 
799 #ifdef CONFIG_CCSECURITY_CAPABILITY
800 
801 static inline _Bool ccs_capable(const u8 operation)
802 {
803         _Bool (*func) (const u8) = ccsecurity_ops.capable;
804         return func ? func(operation) : 1;
805 }
806 
807 static inline int ccs_socket_create_permission(int family, int type,
808                                                int protocol)
809 {
810         int (*func) (int, int, int) = ccsecurity_ops.socket_create_permission;
811         return func ? func(family, type, protocol) : 0;
812 }
813 
814 static inline int ccs_ptrace_permission(long request, long pid)
815 {
816         int (*func) (long, long) = ccsecurity_ops.ptrace_permission;
817         return func ? func(request, pid) : 0;
818 }
819 
820 #else
821 
822 static inline _Bool ccs_capable(const u8 operation)
823 {
824         return 1;
825 }
826 
827 static inline int ccs_socket_create_permission(int family, int type,
828                                                int protocol)
829 {
830         return 0;
831 }
832 
833 static inline int ccs_ptrace_permission(long request, long pid)
834 {
835         return 0;
836 }
837 
838 #endif
839 
840 #ifdef CONFIG_CCSECURITY_IPC
841 
842 static inline int ccs_kill_permission(pid_t pid, int sig)
843 {
844         int (*func) (pid_t, int) = ccsecurity_ops.kill_permission;
845         return func ? func(pid, sig) : 0;
846 }
847 
848 static inline int ccs_tgkill_permission(pid_t tgid, pid_t pid, int sig)
849 {
850         int (*func) (pid_t, pid_t, int) = ccsecurity_ops.tgkill_permission;
851         return func ? func(tgid, pid, sig) : 0;
852 }
853 
854 static inline int ccs_tkill_permission(pid_t pid, int sig)
855 {
856         int (*func) (pid_t, int) = ccsecurity_ops.tkill_permission;
857         return func ? func(pid, sig) : 0;
858 }
859 
860 static inline int ccs_sigqueue_permission(pid_t pid, int sig)
861 {
862         int (*func) (pid_t, int) = ccsecurity_ops.sigqueue_permission;
863         return func ? func(pid, sig) : 0;
864 }
865 
866 static inline int ccs_tgsigqueue_permission(pid_t tgid, pid_t pid, int sig)
867 {
868         int (*func) (pid_t, pid_t, int) = ccsecurity_ops.tgsigqueue_permission;
869         return func ? func(tgid, pid, sig) : 0;
870 }
871 
872 #else
873 
874 static inline int ccs_kill_permission(pid_t pid, int sig)
875 {
876         return 0;
877 }
878 
879 static inline int ccs_tgkill_permission(pid_t tgid, pid_t pid, int sig)
880 {
881         return 0;
882 }
883 
884 static inline int ccs_tkill_permission(pid_t pid, int sig)
885 {
886         return 0;
887 }
888 
889 static inline int ccs_sigqueue_permission(pid_t pid, int sig)
890 {
891         return 0;
892 }
893 
894 static inline int ccs_tgsigqueue_permission(pid_t tgid, pid_t pid, int sig)
895 {
896         return 0;
897 }
898 
899 #endif
900 
901 /* Index numbers for Capability Controls. */
902 enum ccs_capability_acl_index {
903         /* socket(PF_ROUTE, *, *)                                      */
904         CCS_USE_ROUTE_SOCKET,
905         /* socket(PF_PACKET, *, *)                                     */
906         CCS_USE_PACKET_SOCKET,
907         /* sys_reboot()                                                */
908         CCS_SYS_REBOOT,
909         /* sys_vhangup()                                               */
910         CCS_SYS_VHANGUP,
911         /* do_settimeofday(), sys_adjtimex()                           */
912         CCS_SYS_SETTIME,
913         /* sys_nice(), sys_setpriority()                               */
914         CCS_SYS_NICE,
915         /* sys_sethostname(), sys_setdomainname()                      */
916         CCS_SYS_SETHOSTNAME,
917         /* sys_create_module(), sys_init_module(), sys_delete_module() */
918         CCS_USE_KERNEL_MODULE,
919         /* sys_kexec_load()                                            */
920         CCS_SYS_KEXEC_LOAD,
921         /* sys_ptrace()                                                */
922         CCS_SYS_PTRACE,
923         CCS_MAX_CAPABILITY_INDEX
924 };
925 
926 #endif
927 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp