1 /* 2 * Security plug functions 3 * 4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> 5 * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com> 6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 */ 13 14 #include <linux/capability.h> 15 #include <linux/module.h> 16 #include <linux/init.h> 17 #include <linux/kernel.h> 18 #include <linux/security.h> 19 20 #define SECURITY_FRAMEWORK_VERSION "1.0.0" 21 22 /* things that live in dummy.c */ 23 extern struct security_operations dummy_security_ops; 24 extern void security_fixup_ops(struct security_operations *ops); 25 26 struct security_operations *security_ops; /* Initialized to NULL */ 27 28 static inline int verify(struct security_operations *ops) 29 { 30 /* verify the security_operations structure exists */ 31 if (!ops) 32 return -EINVAL; 33 security_fixup_ops(ops); 34 return 0; 35 } 36 37 static void __init do_security_initcalls(void) 38 { 39 initcall_t *call; 40 call = __security_initcall_start; 41 while (call < __security_initcall_end) { 42 (*call) (); 43 call++; 44 } 45 } 46 47 /** 48 * security_init - initializes the security framework 49 * 50 * This should be called early in the kernel initialization sequence. 51 */ 52 int __init security_init(void) 53 { 54 printk(KERN_INFO "Security Framework v" SECURITY_FRAMEWORK_VERSION 55 " initialized\n"); 56 57 if (verify(&dummy_security_ops)) { 58 printk(KERN_ERR "%s could not verify " 59 "dummy_security_ops structure.\n", __FUNCTION__); 60 return -EIO; 61 } 62 63 security_ops = &dummy_security_ops; 64 do_security_initcalls(); 65 66 return 0; 67 } 68 69 /** 70 * register_security - registers a security framework with the kernel 71 * @ops: a pointer to the struct security_options that is to be registered 72 * 73 * This function is to allow a security module to register itself with the 74 * kernel security subsystem. Some rudimentary checking is done on the @ops 75 * value passed to this function. A call to unregister_security() should be 76 * done to remove this security_options structure from the kernel. 77 * 78 * If there is already a security module registered with the kernel, 79 * an error will be returned. Otherwise 0 is returned on success. 80 */ 81 int register_security(struct security_operations *ops) 82 { 83 if (verify(ops)) { 84 printk(KERN_DEBUG "%s could not verify " 85 "security_operations structure.\n", __FUNCTION__); 86 return -EINVAL; 87 } 88 89 if (security_ops != &dummy_security_ops) 90 return -EAGAIN; 91 92 security_ops = ops; 93 94 return 0; 95 } 96 97 /** 98 * unregister_security - unregisters a security framework with the kernel 99 * @ops: a pointer to the struct security_options that is to be registered 100 * 101 * This function removes a struct security_operations variable that had 102 * previously been registered with a successful call to register_security(). 103 * 104 * If @ops does not match the valued previously passed to register_security() 105 * an error is returned. Otherwise the default security options is set to the 106 * the dummy_security_ops structure, and 0 is returned. 107 */ 108 int unregister_security(struct security_operations *ops) 109 { 110 if (ops != security_ops) { 111 printk(KERN_INFO "%s: trying to unregister " 112 "a security_opts structure that is not " 113 "registered, failing.\n", __FUNCTION__); 114 return -EINVAL; 115 } 116 117 security_ops = &dummy_security_ops; 118 119 return 0; 120 } 121 122 /** 123 * mod_reg_security - allows security modules to be "stacked" 124 * @name: a pointer to a string with the name of the security_options to be registered 125 * @ops: a pointer to the struct security_options that is to be registered 126 * 127 * This function allows security modules to be stacked if the currently loaded 128 * security module allows this to happen. It passes the @name and @ops to the 129 * register_security function of the currently loaded security module. 130 * 131 * The return value depends on the currently loaded security module, with 0 as 132 * success. 133 */ 134 int mod_reg_security(const char *name, struct security_operations *ops) 135 { 136 if (verify(ops)) { 137 printk(KERN_INFO "%s could not verify " 138 "security operations.\n", __FUNCTION__); 139 return -EINVAL; 140 } 141 142 if (ops == security_ops) { 143 printk(KERN_INFO "%s security operations " 144 "already registered.\n", __FUNCTION__); 145 return -EINVAL; 146 } 147 148 return security_ops->register_security(name, ops); 149 } 150 151 /** 152 * mod_unreg_security - allows a security module registered with mod_reg_security() to be unloaded 153 * @name: a pointer to a string with the name of the security_options to be removed 154 * @ops: a pointer to the struct security_options that is to be removed 155 * 156 * This function allows security modules that have been successfully registered 157 * with a call to mod_reg_security() to be unloaded from the system. 158 * This calls the currently loaded security module's unregister_security() call 159 * with the @name and @ops variables. 160 * 161 * The return value depends on the currently loaded security module, with 0 as 162 * success. 163 */ 164 int mod_unreg_security(const char *name, struct security_operations *ops) 165 { 166 if (ops == security_ops) { 167 printk(KERN_INFO "%s invalid attempt to unregister " 168 " primary security ops.\n", __FUNCTION__); 169 return -EINVAL; 170 } 171 172 return security_ops->unregister_security(name, ops); 173 } 174 175 EXPORT_SYMBOL_GPL(register_security); 176 EXPORT_SYMBOL_GPL(unregister_security); 177 EXPORT_SYMBOL_GPL(mod_reg_security); 178 EXPORT_SYMBOL_GPL(mod_unreg_security); 179 EXPORT_SYMBOL(security_ops); 180