lsm_hooks.h (f00f85a8b2e0ac344f8dbaa3441b31bc283ce400) | lsm_hooks.h (d291f1a6523292d916fe1659c67f6db061fbd1b5) |
---|---|
1/* 2 * Linux Security Module interfaces 3 * 4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> 5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com> 6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> 7 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au> 8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group) 9 * Copyright (C) 2015 Intel Corporation. 10 * Copyright (C) 2015 Casey Schaufler <casey@schaufler-ca.com> | 1/* 2 * Linux Security Module interfaces 3 * 4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> 5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com> 6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> 7 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au> 8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group) 9 * Copyright (C) 2015 Intel Corporation. 10 * Copyright (C) 2015 Casey Schaufler <casey@schaufler-ca.com> |
11 * Copyright (C) 2016 Mellanox Techonologies |
|
11 * 12 * This program is free software; you can redistribute it and/or modify 13 * it under the terms of the GNU General Public License as published by 14 * the Free Software Foundation; either version 2 of the License, or 15 * (at your option) any later version. 16 * 17 * Due to this file being licensed under the GPL there is controversy over 18 * whether this permits you to write a module that #includes this file --- 5 unchanged lines hidden (view full) --- 24#ifndef __LINUX_LSM_HOOKS_H 25#define __LINUX_LSM_HOOKS_H 26 27#include <linux/security.h> 28#include <linux/init.h> 29#include <linux/rculist.h> 30 31/** | 12 * 13 * This program is free software; you can redistribute it and/or modify 14 * it under the terms of the GNU General Public License as published by 15 * the Free Software Foundation; either version 2 of the License, or 16 * (at your option) any later version. 17 * 18 * Due to this file being licensed under the GPL there is controversy over 19 * whether this permits you to write a module that #includes this file --- 5 unchanged lines hidden (view full) --- 25#ifndef __LINUX_LSM_HOOKS_H 26#define __LINUX_LSM_HOOKS_H 27 28#include <linux/security.h> 29#include <linux/init.h> 30#include <linux/rculist.h> 31 32/** |
32 * union security_list_options - Linux Security Module hook function list 33 * | |
34 * Security hooks for program execution operations. 35 * 36 * @bprm_set_creds: 37 * Save security information in the bprm->security field, typically based 38 * on information about the bprm->file, for later use by the apply_creds 39 * hook. This hook may also optionally check permissions (e.g. for 40 * transitions between security domains). 41 * This hook may be called multiple times during a single execve, e.g. for --- 148 unchanged lines hidden (view full) --- 190 * then it should return -EOPNOTSUPP to skip this processing. 191 * @inode contains the inode structure of the newly created inode. 192 * @dir contains the inode structure of the parent directory. 193 * @qstr contains the last path component of the new object 194 * @name will be set to the allocated name suffix (e.g. selinux). 195 * @value will be set to the allocated attribute value. 196 * @len will be set to the length of the value. 197 * Returns 0 if @name and @value have been successfully set, | 33 * Security hooks for program execution operations. 34 * 35 * @bprm_set_creds: 36 * Save security information in the bprm->security field, typically based 37 * on information about the bprm->file, for later use by the apply_creds 38 * hook. This hook may also optionally check permissions (e.g. for 39 * transitions between security domains). 40 * This hook may be called multiple times during a single execve, e.g. for --- 148 unchanged lines hidden (view full) --- 189 * then it should return -EOPNOTSUPP to skip this processing. 190 * @inode contains the inode structure of the newly created inode. 191 * @dir contains the inode structure of the parent directory. 192 * @qstr contains the last path component of the new object 193 * @name will be set to the allocated name suffix (e.g. selinux). 194 * @value will be set to the allocated attribute value. 195 * @len will be set to the length of the value. 196 * Returns 0 if @name and @value have been successfully set, |
198 * -EOPNOTSUPP if no security attribute is needed, or 199 * -ENOMEM on memory allocation failure. | 197 * -EOPNOTSUPP if no security attribute is needed, or 198 * -ENOMEM on memory allocation failure. |
200 * @inode_create: 201 * Check permission to create a regular file. 202 * @dir contains inode structure of the parent of the new file. 203 * @dentry contains the dentry structure for the file to be created. 204 * @mode contains the file mode of the file to be created. 205 * Return 0 if permission is granted. 206 * @inode_link: 207 * Check permission before creating a new hard link to a file. --- 299 unchanged lines hidden (view full) --- 507 * file->f_security for later use by the send_sigiotask hook. 508 * @file contains the file structure to update. 509 * Return 0 on success. 510 * @file_send_sigiotask: 511 * Check permission for the file owner @fown to send SIGIO or SIGURG to the 512 * process @tsk. Note that this hook is sometimes called from interrupt. 513 * Note that the fown_struct, @fown, is never outside the context of a 514 * struct file, so the file structure (and associated security information) | 199 * @inode_create: 200 * Check permission to create a regular file. 201 * @dir contains inode structure of the parent of the new file. 202 * @dentry contains the dentry structure for the file to be created. 203 * @mode contains the file mode of the file to be created. 204 * Return 0 if permission is granted. 205 * @inode_link: 206 * Check permission before creating a new hard link to a file. --- 299 unchanged lines hidden (view full) --- 506 * file->f_security for later use by the send_sigiotask hook. 507 * @file contains the file structure to update. 508 * Return 0 on success. 509 * @file_send_sigiotask: 510 * Check permission for the file owner @fown to send SIGIO or SIGURG to the 511 * process @tsk. Note that this hook is sometimes called from interrupt. 512 * Note that the fown_struct, @fown, is never outside the context of a 513 * struct file, so the file structure (and associated security information) |
515 * can always be obtained: container_of(fown, struct file, f_owner) | 514 * can always be obtained: 515 * container_of(fown, struct file, f_owner) |
516 * @tsk contains the structure of task receiving signal. 517 * @fown contains the file owner information. 518 * @sig is the signal that will be sent. When 0, kernel sends SIGIO. 519 * Return 0 if permission is granted. 520 * @file_receive: 521 * This hook allows security modules to control the ability of a process 522 * to receive an open file descriptor via socket IPC. 523 * @file contains the file structure being received. 524 * Return 0 if permission is granted. | 516 * @tsk contains the structure of task receiving signal. 517 * @fown contains the file owner information. 518 * @sig is the signal that will be sent. When 0, kernel sends SIGIO. 519 * Return 0 if permission is granted. 520 * @file_receive: 521 * This hook allows security modules to control the ability of a process 522 * to receive an open file descriptor via socket IPC. 523 * @file contains the file structure being received. 524 * Return 0 if permission is granted. |
525 * @file_open: | 525 * @file_open |
526 * Save open-time permission checking state for later use upon 527 * file_permission, and recheck access if anything has changed 528 * since inode_permission. 529 * 530 * Security hooks for task operations. 531 * 532 * @task_create: 533 * Check permission before creating a child process. See the clone(2) --- 373 unchanged lines hidden (view full) --- 907 * associated with the TUN device's sock structure. 908 * @sk contains the existing sock structure. 909 * @security pointer to the TUN device's security structure. 910 * @tun_dev_open: 911 * This hook can be used by the module to update any security state 912 * associated with the TUN device's security structure. 913 * @security pointer to the TUN devices's security structure. 914 * | 526 * Save open-time permission checking state for later use upon 527 * file_permission, and recheck access if anything has changed 528 * since inode_permission. 529 * 530 * Security hooks for task operations. 531 * 532 * @task_create: 533 * Check permission before creating a child process. See the clone(2) --- 373 unchanged lines hidden (view full) --- 907 * associated with the TUN device's sock structure. 908 * @sk contains the existing sock structure. 909 * @security pointer to the TUN device's security structure. 910 * @tun_dev_open: 911 * This hook can be used by the module to update any security state 912 * associated with the TUN device's security structure. 913 * @security pointer to the TUN devices's security structure. 914 * |
915 * Security hooks for Infiniband 916 * 917 * @ib_pkey_access: 918 * Check permission to access a pkey when modifing a QP. 919 * @subnet_prefix the subnet prefix of the port being used. 920 * @pkey the pkey to be accessed. 921 * @sec pointer to a security structure. 922 * @ib_alloc_security: 923 * Allocate a security structure for Infiniband objects. 924 * @sec pointer to a security structure pointer. 925 * Returns 0 on success, non-zero on failure 926 * @ib_free_security: 927 * Deallocate an Infiniband security structure. 928 * @sec contains the security structure to be freed. 929 * |
|
915 * Security hooks for XFRM operations. 916 * 917 * @xfrm_policy_alloc_security: 918 * @ctxp is a pointer to the xfrm_sec_ctx being added to Security Policy 919 * Database used by the XFRM system. 920 * @sec_ctx contains the security context information being provided by 921 * the user-level policy update program (e.g., setkey). 922 * Allocate a security structure to the xp->security field; the security --- 216 unchanged lines hidden (view full) --- 1139 * Return 0 if permission is granted. 1140 * @sem_semctl: 1141 * Check permission when a semaphore operation specified by @cmd is to be 1142 * performed on the semaphore @sma. The @sma may be NULL, e.g. for 1143 * IPC_INFO or SEM_INFO. 1144 * @sma contains the semaphore structure. May be NULL. 1145 * @cmd contains the operation to be performed. 1146 * Return 0 if permission is granted. | 930 * Security hooks for XFRM operations. 931 * 932 * @xfrm_policy_alloc_security: 933 * @ctxp is a pointer to the xfrm_sec_ctx being added to Security Policy 934 * Database used by the XFRM system. 935 * @sec_ctx contains the security context information being provided by 936 * the user-level policy update program (e.g., setkey). 937 * Allocate a security structure to the xp->security field; the security --- 216 unchanged lines hidden (view full) --- 1154 * Return 0 if permission is granted. 1155 * @sem_semctl: 1156 * Check permission when a semaphore operation specified by @cmd is to be 1157 * performed on the semaphore @sma. The @sma may be NULL, e.g. for 1158 * IPC_INFO or SEM_INFO. 1159 * @sma contains the semaphore structure. May be NULL. 1160 * @cmd contains the operation to be performed. 1161 * Return 0 if permission is granted. |
1147 * @sem_semop: | 1162 * @sem_semop |
1148 * Check permissions before performing operations on members of the 1149 * semaphore set @sma. If the @alter flag is nonzero, the semaphore set 1150 * may be modified. 1151 * @sma contains the semaphore structure. 1152 * @sops contains the operations to perform. 1153 * @nsops contains the number of operations to perform. 1154 * @alter contains the flag indicating whether changes are to be made. 1155 * Return 0 if permission is granted. 1156 * | 1163 * Check permissions before performing operations on members of the 1164 * semaphore set @sma. If the @alter flag is nonzero, the semaphore set 1165 * may be modified. 1166 * @sma contains the semaphore structure. 1167 * @sops contains the operations to perform. 1168 * @nsops contains the number of operations to perform. 1169 * @alter contains the flag indicating whether changes are to be made. 1170 * Return 0 if permission is granted. 1171 * |
1157 * @binder_set_context_mgr: | 1172 * @binder_set_context_mgr |
1158 * Check whether @mgr is allowed to be the binder context manager. 1159 * @mgr contains the task_struct for the task being registered. 1160 * Return 0 if permission is granted. | 1173 * Check whether @mgr is allowed to be the binder context manager. 1174 * @mgr contains the task_struct for the task being registered. 1175 * Return 0 if permission is granted. |
1161 * @binder_transaction: | 1176 * @binder_transaction |
1162 * Check whether @from is allowed to invoke a binder transaction call 1163 * to @to. 1164 * @from contains the task_struct for the sending task. 1165 * @to contains the task_struct for the receiving task. | 1177 * Check whether @from is allowed to invoke a binder transaction call 1178 * to @to. 1179 * @from contains the task_struct for the sending task. 1180 * @to contains the task_struct for the receiving task. |
1166 * @binder_transfer_binder: | 1181 * @binder_transfer_binder |
1167 * Check whether @from is allowed to transfer a binder reference to @to. 1168 * @from contains the task_struct for the sending task. 1169 * @to contains the task_struct for the receiving task. | 1182 * Check whether @from is allowed to transfer a binder reference to @to. 1183 * @from contains the task_struct for the sending task. 1184 * @to contains the task_struct for the receiving task. |
1170 * @binder_transfer_file: | 1185 * @binder_transfer_file |
1171 * Check whether @from is allowed to transfer @file to @to. 1172 * @from contains the task_struct for the sending task. 1173 * @file contains the struct file being transferred. 1174 * @to contains the task_struct for the receiving task. 1175 * 1176 * @ptrace_access_check: 1177 * Check permission before allowing the current process to trace the 1178 * @child process. --- 31 unchanged lines hidden (view full) --- 1210 * @permitted contains the permitted capability set. 1211 * Return 0 and update @new if permission is granted. 1212 * @capable: 1213 * Check whether the @tsk process has the @cap capability in the indicated 1214 * credentials. 1215 * @cred contains the credentials to use. 1216 * @ns contains the user namespace we want the capability in 1217 * @cap contains the capability <include/linux/capability.h>. | 1186 * Check whether @from is allowed to transfer @file to @to. 1187 * @from contains the task_struct for the sending task. 1188 * @file contains the struct file being transferred. 1189 * @to contains the task_struct for the receiving task. 1190 * 1191 * @ptrace_access_check: 1192 * Check permission before allowing the current process to trace the 1193 * @child process. --- 31 unchanged lines hidden (view full) --- 1225 * @permitted contains the permitted capability set. 1226 * Return 0 and update @new if permission is granted. 1227 * @capable: 1228 * Check whether the @tsk process has the @cap capability in the indicated 1229 * credentials. 1230 * @cred contains the credentials to use. 1231 * @ns contains the user namespace we want the capability in 1232 * @cap contains the capability <include/linux/capability.h>. |
1218 * @audit contains whether to write an audit message or not | 1233 * @audit: Whether to write an audit message or not |
1219 * Return 0 if the capability is granted for @tsk. 1220 * @syslog: 1221 * Check permission before accessing the kernel message ring or changing 1222 * logging to the console. 1223 * See the syslog(2) manual page for an explanation of the @type values. 1224 * @type contains the type of action. 1225 * @from_file indicates the context of action (if it came from /proc). 1226 * Return 0 if permission is granted. --- 105 unchanged lines hidden (view full) --- 1332 * 1333 * @inode_getsecctx: 1334 * On success, returns 0 and fills out @ctx and @ctxlen with the security 1335 * context for the given @inode. 1336 * 1337 * @inode we wish to get the security context of. 1338 * @ctx is a pointer in which to place the allocated security context. 1339 * @ctxlen points to the place to put the length of @ctx. | 1234 * Return 0 if the capability is granted for @tsk. 1235 * @syslog: 1236 * Check permission before accessing the kernel message ring or changing 1237 * logging to the console. 1238 * See the syslog(2) manual page for an explanation of the @type values. 1239 * @type contains the type of action. 1240 * @from_file indicates the context of action (if it came from /proc). 1241 * Return 0 if permission is granted. --- 105 unchanged lines hidden (view full) --- 1347 * 1348 * @inode_getsecctx: 1349 * On success, returns 0 and fills out @ctx and @ctxlen with the security 1350 * context for the given @inode. 1351 * 1352 * @inode we wish to get the security context of. 1353 * @ctx is a pointer in which to place the allocated security context. 1354 * @ctxlen points to the place to put the length of @ctx. |
1355 * This is the main security structure. |
|
1340 */ | 1356 */ |
1357 |
|
1341union security_list_options { 1342 int (*binder_set_context_mgr)(struct task_struct *mgr); 1343 int (*binder_transaction)(struct task_struct *from, 1344 struct task_struct *to); 1345 int (*binder_transfer_binder)(struct task_struct *from, 1346 struct task_struct *to); 1347 int (*binder_transfer_file)(struct task_struct *from, 1348 struct task_struct *to, --- 265 unchanged lines hidden (view full) --- 1614 int (*tun_dev_alloc_security)(void **security); 1615 void (*tun_dev_free_security)(void *security); 1616 int (*tun_dev_create)(void); 1617 int (*tun_dev_attach_queue)(void *security); 1618 int (*tun_dev_attach)(struct sock *sk, void *security); 1619 int (*tun_dev_open)(void *security); 1620#endif /* CONFIG_SECURITY_NETWORK */ 1621 | 1358union security_list_options { 1359 int (*binder_set_context_mgr)(struct task_struct *mgr); 1360 int (*binder_transaction)(struct task_struct *from, 1361 struct task_struct *to); 1362 int (*binder_transfer_binder)(struct task_struct *from, 1363 struct task_struct *to); 1364 int (*binder_transfer_file)(struct task_struct *from, 1365 struct task_struct *to, --- 265 unchanged lines hidden (view full) --- 1631 int (*tun_dev_alloc_security)(void **security); 1632 void (*tun_dev_free_security)(void *security); 1633 int (*tun_dev_create)(void); 1634 int (*tun_dev_attach_queue)(void *security); 1635 int (*tun_dev_attach)(struct sock *sk, void *security); 1636 int (*tun_dev_open)(void *security); 1637#endif /* CONFIG_SECURITY_NETWORK */ 1638 |
1639#ifdef CONFIG_SECURITY_INFINIBAND 1640 int (*ib_pkey_access)(void *sec, u64 subnet_prefix, u16 pkey); 1641 int (*ib_alloc_security)(void **sec); 1642 void (*ib_free_security)(void *sec); 1643#endif /* CONFIG_SECURITY_INFINIBAND */ 1644 |
|
1622#ifdef CONFIG_SECURITY_NETWORK_XFRM 1623 int (*xfrm_policy_alloc_security)(struct xfrm_sec_ctx **ctxp, 1624 struct xfrm_user_sec_ctx *sec_ctx, 1625 gfp_t gfp); 1626 int (*xfrm_policy_clone_security)(struct xfrm_sec_ctx *old_ctx, 1627 struct xfrm_sec_ctx **new_ctx); 1628 void (*xfrm_policy_free_security)(struct xfrm_sec_ctx *ctx); 1629 int (*xfrm_policy_delete_security)(struct xfrm_sec_ctx *ctx); --- 215 unchanged lines hidden (view full) --- 1845 struct list_head req_classify_flow; 1846 struct list_head tun_dev_alloc_security; 1847 struct list_head tun_dev_free_security; 1848 struct list_head tun_dev_create; 1849 struct list_head tun_dev_attach_queue; 1850 struct list_head tun_dev_attach; 1851 struct list_head tun_dev_open; 1852#endif /* CONFIG_SECURITY_NETWORK */ | 1645#ifdef CONFIG_SECURITY_NETWORK_XFRM 1646 int (*xfrm_policy_alloc_security)(struct xfrm_sec_ctx **ctxp, 1647 struct xfrm_user_sec_ctx *sec_ctx, 1648 gfp_t gfp); 1649 int (*xfrm_policy_clone_security)(struct xfrm_sec_ctx *old_ctx, 1650 struct xfrm_sec_ctx **new_ctx); 1651 void (*xfrm_policy_free_security)(struct xfrm_sec_ctx *ctx); 1652 int (*xfrm_policy_delete_security)(struct xfrm_sec_ctx *ctx); --- 215 unchanged lines hidden (view full) --- 1868 struct list_head req_classify_flow; 1869 struct list_head tun_dev_alloc_security; 1870 struct list_head tun_dev_free_security; 1871 struct list_head tun_dev_create; 1872 struct list_head tun_dev_attach_queue; 1873 struct list_head tun_dev_attach; 1874 struct list_head tun_dev_open; 1875#endif /* CONFIG_SECURITY_NETWORK */ |
1876#ifdef CONFIG_SECURITY_INFINIBAND 1877 struct list_head ib_pkey_access; 1878 struct list_head ib_alloc_security; 1879 struct list_head ib_free_security; 1880#endif /* CONFIG_SECURITY_INFINIBAND */ |
|
1853#ifdef CONFIG_SECURITY_NETWORK_XFRM 1854 struct list_head xfrm_policy_alloc_security; 1855 struct list_head xfrm_policy_clone_security; 1856 struct list_head xfrm_policy_free_security; 1857 struct list_head xfrm_policy_delete_security; 1858 struct list_head xfrm_state_alloc; 1859 struct list_head xfrm_state_alloc_acquire; 1860 struct list_head xfrm_state_free_security; --- 89 unchanged lines hidden --- | 1881#ifdef CONFIG_SECURITY_NETWORK_XFRM 1882 struct list_head xfrm_policy_alloc_security; 1883 struct list_head xfrm_policy_clone_security; 1884 struct list_head xfrm_policy_free_security; 1885 struct list_head xfrm_policy_delete_security; 1886 struct list_head xfrm_state_alloc; 1887 struct list_head xfrm_state_alloc_acquire; 1888 struct list_head xfrm_state_free_security; --- 89 unchanged lines hidden --- |