lsm_hooks.h (f00f85a8b2e0ac344f8dbaa3441b31bc283ce400) lsm_hooks.h (d291f1a6523292d916fe1659c67f6db061fbd1b5)
1/*
2 * Linux Security Module interfaces
3 *
4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
7 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
9 * Copyright (C) 2015 Intel Corporation.
10 * Copyright (C) 2015 Casey Schaufler <casey@schaufler-ca.com>
1/*
2 * Linux Security Module interfaces
3 *
4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
7 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
9 * Copyright (C) 2015 Intel Corporation.
10 * Copyright (C) 2015 Casey Schaufler <casey@schaufler-ca.com>
11 * Copyright (C) 2016 Mellanox Techonologies
11 *
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
16 *
17 * Due to this file being licensed under the GPL there is controversy over
18 * whether this permits you to write a module that #includes this file

--- 5 unchanged lines hidden (view full) ---

24#ifndef __LINUX_LSM_HOOKS_H
25#define __LINUX_LSM_HOOKS_H
26
27#include <linux/security.h>
28#include <linux/init.h>
29#include <linux/rculist.h>
30
31/**
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * Due to this file being licensed under the GPL there is controversy over
19 * whether this permits you to write a module that #includes this file

--- 5 unchanged lines hidden (view full) ---

25#ifndef __LINUX_LSM_HOOKS_H
26#define __LINUX_LSM_HOOKS_H
27
28#include <linux/security.h>
29#include <linux/init.h>
30#include <linux/rculist.h>
31
32/**
32 * union security_list_options - Linux Security Module hook function list
33 *
34 * Security hooks for program execution operations.
35 *
36 * @bprm_set_creds:
37 * Save security information in the bprm->security field, typically based
38 * on information about the bprm->file, for later use by the apply_creds
39 * hook. This hook may also optionally check permissions (e.g. for
40 * transitions between security domains).
41 * This hook may be called multiple times during a single execve, e.g. for

--- 148 unchanged lines hidden (view full) ---

190 * then it should return -EOPNOTSUPP to skip this processing.
191 * @inode contains the inode structure of the newly created inode.
192 * @dir contains the inode structure of the parent directory.
193 * @qstr contains the last path component of the new object
194 * @name will be set to the allocated name suffix (e.g. selinux).
195 * @value will be set to the allocated attribute value.
196 * @len will be set to the length of the value.
197 * Returns 0 if @name and @value have been successfully set,
33 * Security hooks for program execution operations.
34 *
35 * @bprm_set_creds:
36 * Save security information in the bprm->security field, typically based
37 * on information about the bprm->file, for later use by the apply_creds
38 * hook. This hook may also optionally check permissions (e.g. for
39 * transitions between security domains).
40 * This hook may be called multiple times during a single execve, e.g. for

--- 148 unchanged lines hidden (view full) ---

189 * then it should return -EOPNOTSUPP to skip this processing.
190 * @inode contains the inode structure of the newly created inode.
191 * @dir contains the inode structure of the parent directory.
192 * @qstr contains the last path component of the new object
193 * @name will be set to the allocated name suffix (e.g. selinux).
194 * @value will be set to the allocated attribute value.
195 * @len will be set to the length of the value.
196 * Returns 0 if @name and @value have been successfully set,
198 * -EOPNOTSUPP if no security attribute is needed, or
199 * -ENOMEM on memory allocation failure.
197 * -EOPNOTSUPP if no security attribute is needed, or
198 * -ENOMEM on memory allocation failure.
200 * @inode_create:
201 * Check permission to create a regular file.
202 * @dir contains inode structure of the parent of the new file.
203 * @dentry contains the dentry structure for the file to be created.
204 * @mode contains the file mode of the file to be created.
205 * Return 0 if permission is granted.
206 * @inode_link:
207 * Check permission before creating a new hard link to a file.

--- 299 unchanged lines hidden (view full) ---

507 * file->f_security for later use by the send_sigiotask hook.
508 * @file contains the file structure to update.
509 * Return 0 on success.
510 * @file_send_sigiotask:
511 * Check permission for the file owner @fown to send SIGIO or SIGURG to the
512 * process @tsk. Note that this hook is sometimes called from interrupt.
513 * Note that the fown_struct, @fown, is never outside the context of a
514 * struct file, so the file structure (and associated security information)
199 * @inode_create:
200 * Check permission to create a regular file.
201 * @dir contains inode structure of the parent of the new file.
202 * @dentry contains the dentry structure for the file to be created.
203 * @mode contains the file mode of the file to be created.
204 * Return 0 if permission is granted.
205 * @inode_link:
206 * Check permission before creating a new hard link to a file.

--- 299 unchanged lines hidden (view full) ---

506 * file->f_security for later use by the send_sigiotask hook.
507 * @file contains the file structure to update.
508 * Return 0 on success.
509 * @file_send_sigiotask:
510 * Check permission for the file owner @fown to send SIGIO or SIGURG to the
511 * process @tsk. Note that this hook is sometimes called from interrupt.
512 * Note that the fown_struct, @fown, is never outside the context of a
513 * struct file, so the file structure (and associated security information)
515 * can always be obtained: container_of(fown, struct file, f_owner)
514 * can always be obtained:
515 * container_of(fown, struct file, f_owner)
516 * @tsk contains the structure of task receiving signal.
517 * @fown contains the file owner information.
518 * @sig is the signal that will be sent. When 0, kernel sends SIGIO.
519 * Return 0 if permission is granted.
520 * @file_receive:
521 * This hook allows security modules to control the ability of a process
522 * to receive an open file descriptor via socket IPC.
523 * @file contains the file structure being received.
524 * Return 0 if permission is granted.
516 * @tsk contains the structure of task receiving signal.
517 * @fown contains the file owner information.
518 * @sig is the signal that will be sent. When 0, kernel sends SIGIO.
519 * Return 0 if permission is granted.
520 * @file_receive:
521 * This hook allows security modules to control the ability of a process
522 * to receive an open file descriptor via socket IPC.
523 * @file contains the file structure being received.
524 * Return 0 if permission is granted.
525 * @file_open:
525 * @file_open
526 * Save open-time permission checking state for later use upon
527 * file_permission, and recheck access if anything has changed
528 * since inode_permission.
529 *
530 * Security hooks for task operations.
531 *
532 * @task_create:
533 * Check permission before creating a child process. See the clone(2)

--- 373 unchanged lines hidden (view full) ---

907 * associated with the TUN device's sock structure.
908 * @sk contains the existing sock structure.
909 * @security pointer to the TUN device's security structure.
910 * @tun_dev_open:
911 * This hook can be used by the module to update any security state
912 * associated with the TUN device's security structure.
913 * @security pointer to the TUN devices's security structure.
914 *
526 * Save open-time permission checking state for later use upon
527 * file_permission, and recheck access if anything has changed
528 * since inode_permission.
529 *
530 * Security hooks for task operations.
531 *
532 * @task_create:
533 * Check permission before creating a child process. See the clone(2)

--- 373 unchanged lines hidden (view full) ---

907 * associated with the TUN device's sock structure.
908 * @sk contains the existing sock structure.
909 * @security pointer to the TUN device's security structure.
910 * @tun_dev_open:
911 * This hook can be used by the module to update any security state
912 * associated with the TUN device's security structure.
913 * @security pointer to the TUN devices's security structure.
914 *
915 * Security hooks for Infiniband
916 *
917 * @ib_pkey_access:
918 * Check permission to access a pkey when modifing a QP.
919 * @subnet_prefix the subnet prefix of the port being used.
920 * @pkey the pkey to be accessed.
921 * @sec pointer to a security structure.
922 * @ib_alloc_security:
923 * Allocate a security structure for Infiniband objects.
924 * @sec pointer to a security structure pointer.
925 * Returns 0 on success, non-zero on failure
926 * @ib_free_security:
927 * Deallocate an Infiniband security structure.
928 * @sec contains the security structure to be freed.
929 *
915 * Security hooks for XFRM operations.
916 *
917 * @xfrm_policy_alloc_security:
918 * @ctxp is a pointer to the xfrm_sec_ctx being added to Security Policy
919 * Database used by the XFRM system.
920 * @sec_ctx contains the security context information being provided by
921 * the user-level policy update program (e.g., setkey).
922 * Allocate a security structure to the xp->security field; the security

--- 216 unchanged lines hidden (view full) ---

1139 * Return 0 if permission is granted.
1140 * @sem_semctl:
1141 * Check permission when a semaphore operation specified by @cmd is to be
1142 * performed on the semaphore @sma. The @sma may be NULL, e.g. for
1143 * IPC_INFO or SEM_INFO.
1144 * @sma contains the semaphore structure. May be NULL.
1145 * @cmd contains the operation to be performed.
1146 * Return 0 if permission is granted.
930 * Security hooks for XFRM operations.
931 *
932 * @xfrm_policy_alloc_security:
933 * @ctxp is a pointer to the xfrm_sec_ctx being added to Security Policy
934 * Database used by the XFRM system.
935 * @sec_ctx contains the security context information being provided by
936 * the user-level policy update program (e.g., setkey).
937 * Allocate a security structure to the xp->security field; the security

--- 216 unchanged lines hidden (view full) ---

1154 * Return 0 if permission is granted.
1155 * @sem_semctl:
1156 * Check permission when a semaphore operation specified by @cmd is to be
1157 * performed on the semaphore @sma. The @sma may be NULL, e.g. for
1158 * IPC_INFO or SEM_INFO.
1159 * @sma contains the semaphore structure. May be NULL.
1160 * @cmd contains the operation to be performed.
1161 * Return 0 if permission is granted.
1147 * @sem_semop:
1162 * @sem_semop
1148 * Check permissions before performing operations on members of the
1149 * semaphore set @sma. If the @alter flag is nonzero, the semaphore set
1150 * may be modified.
1151 * @sma contains the semaphore structure.
1152 * @sops contains the operations to perform.
1153 * @nsops contains the number of operations to perform.
1154 * @alter contains the flag indicating whether changes are to be made.
1155 * Return 0 if permission is granted.
1156 *
1163 * Check permissions before performing operations on members of the
1164 * semaphore set @sma. If the @alter flag is nonzero, the semaphore set
1165 * may be modified.
1166 * @sma contains the semaphore structure.
1167 * @sops contains the operations to perform.
1168 * @nsops contains the number of operations to perform.
1169 * @alter contains the flag indicating whether changes are to be made.
1170 * Return 0 if permission is granted.
1171 *
1157 * @binder_set_context_mgr:
1172 * @binder_set_context_mgr
1158 * Check whether @mgr is allowed to be the binder context manager.
1159 * @mgr contains the task_struct for the task being registered.
1160 * Return 0 if permission is granted.
1173 * Check whether @mgr is allowed to be the binder context manager.
1174 * @mgr contains the task_struct for the task being registered.
1175 * Return 0 if permission is granted.
1161 * @binder_transaction:
1176 * @binder_transaction
1162 * Check whether @from is allowed to invoke a binder transaction call
1163 * to @to.
1164 * @from contains the task_struct for the sending task.
1165 * @to contains the task_struct for the receiving task.
1177 * Check whether @from is allowed to invoke a binder transaction call
1178 * to @to.
1179 * @from contains the task_struct for the sending task.
1180 * @to contains the task_struct for the receiving task.
1166 * @binder_transfer_binder:
1181 * @binder_transfer_binder
1167 * Check whether @from is allowed to transfer a binder reference to @to.
1168 * @from contains the task_struct for the sending task.
1169 * @to contains the task_struct for the receiving task.
1182 * Check whether @from is allowed to transfer a binder reference to @to.
1183 * @from contains the task_struct for the sending task.
1184 * @to contains the task_struct for the receiving task.
1170 * @binder_transfer_file:
1185 * @binder_transfer_file
1171 * Check whether @from is allowed to transfer @file to @to.
1172 * @from contains the task_struct for the sending task.
1173 * @file contains the struct file being transferred.
1174 * @to contains the task_struct for the receiving task.
1175 *
1176 * @ptrace_access_check:
1177 * Check permission before allowing the current process to trace the
1178 * @child process.

--- 31 unchanged lines hidden (view full) ---

1210 * @permitted contains the permitted capability set.
1211 * Return 0 and update @new if permission is granted.
1212 * @capable:
1213 * Check whether the @tsk process has the @cap capability in the indicated
1214 * credentials.
1215 * @cred contains the credentials to use.
1216 * @ns contains the user namespace we want the capability in
1217 * @cap contains the capability <include/linux/capability.h>.
1186 * Check whether @from is allowed to transfer @file to @to.
1187 * @from contains the task_struct for the sending task.
1188 * @file contains the struct file being transferred.
1189 * @to contains the task_struct for the receiving task.
1190 *
1191 * @ptrace_access_check:
1192 * Check permission before allowing the current process to trace the
1193 * @child process.

--- 31 unchanged lines hidden (view full) ---

1225 * @permitted contains the permitted capability set.
1226 * Return 0 and update @new if permission is granted.
1227 * @capable:
1228 * Check whether the @tsk process has the @cap capability in the indicated
1229 * credentials.
1230 * @cred contains the credentials to use.
1231 * @ns contains the user namespace we want the capability in
1232 * @cap contains the capability <include/linux/capability.h>.
1218 * @audit contains whether to write an audit message or not
1233 * @audit: Whether to write an audit message or not
1219 * Return 0 if the capability is granted for @tsk.
1220 * @syslog:
1221 * Check permission before accessing the kernel message ring or changing
1222 * logging to the console.
1223 * See the syslog(2) manual page for an explanation of the @type values.
1224 * @type contains the type of action.
1225 * @from_file indicates the context of action (if it came from /proc).
1226 * Return 0 if permission is granted.

--- 105 unchanged lines hidden (view full) ---

1332 *
1333 * @inode_getsecctx:
1334 * On success, returns 0 and fills out @ctx and @ctxlen with the security
1335 * context for the given @inode.
1336 *
1337 * @inode we wish to get the security context of.
1338 * @ctx is a pointer in which to place the allocated security context.
1339 * @ctxlen points to the place to put the length of @ctx.
1234 * Return 0 if the capability is granted for @tsk.
1235 * @syslog:
1236 * Check permission before accessing the kernel message ring or changing
1237 * logging to the console.
1238 * See the syslog(2) manual page for an explanation of the @type values.
1239 * @type contains the type of action.
1240 * @from_file indicates the context of action (if it came from /proc).
1241 * Return 0 if permission is granted.

--- 105 unchanged lines hidden (view full) ---

1347 *
1348 * @inode_getsecctx:
1349 * On success, returns 0 and fills out @ctx and @ctxlen with the security
1350 * context for the given @inode.
1351 *
1352 * @inode we wish to get the security context of.
1353 * @ctx is a pointer in which to place the allocated security context.
1354 * @ctxlen points to the place to put the length of @ctx.
1355 * This is the main security structure.
1340 */
1356 */
1357
1341union security_list_options {
1342 int (*binder_set_context_mgr)(struct task_struct *mgr);
1343 int (*binder_transaction)(struct task_struct *from,
1344 struct task_struct *to);
1345 int (*binder_transfer_binder)(struct task_struct *from,
1346 struct task_struct *to);
1347 int (*binder_transfer_file)(struct task_struct *from,
1348 struct task_struct *to,

--- 265 unchanged lines hidden (view full) ---

1614 int (*tun_dev_alloc_security)(void **security);
1615 void (*tun_dev_free_security)(void *security);
1616 int (*tun_dev_create)(void);
1617 int (*tun_dev_attach_queue)(void *security);
1618 int (*tun_dev_attach)(struct sock *sk, void *security);
1619 int (*tun_dev_open)(void *security);
1620#endif /* CONFIG_SECURITY_NETWORK */
1621
1358union security_list_options {
1359 int (*binder_set_context_mgr)(struct task_struct *mgr);
1360 int (*binder_transaction)(struct task_struct *from,
1361 struct task_struct *to);
1362 int (*binder_transfer_binder)(struct task_struct *from,
1363 struct task_struct *to);
1364 int (*binder_transfer_file)(struct task_struct *from,
1365 struct task_struct *to,

--- 265 unchanged lines hidden (view full) ---

1631 int (*tun_dev_alloc_security)(void **security);
1632 void (*tun_dev_free_security)(void *security);
1633 int (*tun_dev_create)(void);
1634 int (*tun_dev_attach_queue)(void *security);
1635 int (*tun_dev_attach)(struct sock *sk, void *security);
1636 int (*tun_dev_open)(void *security);
1637#endif /* CONFIG_SECURITY_NETWORK */
1638
1639#ifdef CONFIG_SECURITY_INFINIBAND
1640 int (*ib_pkey_access)(void *sec, u64 subnet_prefix, u16 pkey);
1641 int (*ib_alloc_security)(void **sec);
1642 void (*ib_free_security)(void *sec);
1643#endif /* CONFIG_SECURITY_INFINIBAND */
1644
1622#ifdef CONFIG_SECURITY_NETWORK_XFRM
1623 int (*xfrm_policy_alloc_security)(struct xfrm_sec_ctx **ctxp,
1624 struct xfrm_user_sec_ctx *sec_ctx,
1625 gfp_t gfp);
1626 int (*xfrm_policy_clone_security)(struct xfrm_sec_ctx *old_ctx,
1627 struct xfrm_sec_ctx **new_ctx);
1628 void (*xfrm_policy_free_security)(struct xfrm_sec_ctx *ctx);
1629 int (*xfrm_policy_delete_security)(struct xfrm_sec_ctx *ctx);

--- 215 unchanged lines hidden (view full) ---

1845 struct list_head req_classify_flow;
1846 struct list_head tun_dev_alloc_security;
1847 struct list_head tun_dev_free_security;
1848 struct list_head tun_dev_create;
1849 struct list_head tun_dev_attach_queue;
1850 struct list_head tun_dev_attach;
1851 struct list_head tun_dev_open;
1852#endif /* CONFIG_SECURITY_NETWORK */
1645#ifdef CONFIG_SECURITY_NETWORK_XFRM
1646 int (*xfrm_policy_alloc_security)(struct xfrm_sec_ctx **ctxp,
1647 struct xfrm_user_sec_ctx *sec_ctx,
1648 gfp_t gfp);
1649 int (*xfrm_policy_clone_security)(struct xfrm_sec_ctx *old_ctx,
1650 struct xfrm_sec_ctx **new_ctx);
1651 void (*xfrm_policy_free_security)(struct xfrm_sec_ctx *ctx);
1652 int (*xfrm_policy_delete_security)(struct xfrm_sec_ctx *ctx);

--- 215 unchanged lines hidden (view full) ---

1868 struct list_head req_classify_flow;
1869 struct list_head tun_dev_alloc_security;
1870 struct list_head tun_dev_free_security;
1871 struct list_head tun_dev_create;
1872 struct list_head tun_dev_attach_queue;
1873 struct list_head tun_dev_attach;
1874 struct list_head tun_dev_open;
1875#endif /* CONFIG_SECURITY_NETWORK */
1876#ifdef CONFIG_SECURITY_INFINIBAND
1877 struct list_head ib_pkey_access;
1878 struct list_head ib_alloc_security;
1879 struct list_head ib_free_security;
1880#endif /* CONFIG_SECURITY_INFINIBAND */
1853#ifdef CONFIG_SECURITY_NETWORK_XFRM
1854 struct list_head xfrm_policy_alloc_security;
1855 struct list_head xfrm_policy_clone_security;
1856 struct list_head xfrm_policy_free_security;
1857 struct list_head xfrm_policy_delete_security;
1858 struct list_head xfrm_state_alloc;
1859 struct list_head xfrm_state_alloc_acquire;
1860 struct list_head xfrm_state_free_security;

--- 89 unchanged lines hidden ---
1881#ifdef CONFIG_SECURITY_NETWORK_XFRM
1882 struct list_head xfrm_policy_alloc_security;
1883 struct list_head xfrm_policy_clone_security;
1884 struct list_head xfrm_policy_free_security;
1885 struct list_head xfrm_policy_delete_security;
1886 struct list_head xfrm_state_alloc;
1887 struct list_head xfrm_state_alloc_acquire;
1888 struct list_head xfrm_state_free_security;

--- 89 unchanged lines hidden ---