sync to Linus v4.13-rc2 for subsystem developers to work against
This commit is contained in:
James Morris
@@ -30,6 +30,8 @@
|
||||
#include <linux/rculist.h>
|
||||
|
||||
/**
|
||||
* union security_list_options - Linux Security Module hook function list
|
||||
*
|
||||
* Security hooks for program execution operations.
|
||||
*
|
||||
* @bprm_set_creds:
|
||||
@@ -194,8 +196,8 @@
|
||||
* @value will be set to the allocated attribute value.
|
||||
* @len will be set to the length of the value.
|
||||
* Returns 0 if @name and @value have been successfully set,
|
||||
* -EOPNOTSUPP if no security attribute is needed, or
|
||||
* -ENOMEM on memory allocation failure.
|
||||
* -EOPNOTSUPP if no security attribute is needed, or
|
||||
* -ENOMEM on memory allocation failure.
|
||||
* @inode_create:
|
||||
* Check permission to create a regular file.
|
||||
* @dir contains inode structure of the parent of the new file.
|
||||
@@ -511,8 +513,7 @@
|
||||
* process @tsk. Note that this hook is sometimes called from interrupt.
|
||||
* Note that the fown_struct, @fown, is never outside the context of a
|
||||
* struct file, so the file structure (and associated security information)
|
||||
* can always be obtained:
|
||||
* container_of(fown, struct file, f_owner)
|
||||
* can always be obtained: container_of(fown, struct file, f_owner)
|
||||
* @tsk contains the structure of task receiving signal.
|
||||
* @fown contains the file owner information.
|
||||
* @sig is the signal that will be sent. When 0, kernel sends SIGIO.
|
||||
@@ -522,7 +523,7 @@
|
||||
* to receive an open file descriptor via socket IPC.
|
||||
* @file contains the file structure being received.
|
||||
* Return 0 if permission is granted.
|
||||
* @file_open
|
||||
* @file_open:
|
||||
* Save open-time permission checking state for later use upon
|
||||
* file_permission, and recheck access if anything has changed
|
||||
* since inode_permission.
|
||||
@@ -1159,7 +1160,7 @@
|
||||
* @sma contains the semaphore structure. May be NULL.
|
||||
* @cmd contains the operation to be performed.
|
||||
* Return 0 if permission is granted.
|
||||
* @sem_semop
|
||||
* @sem_semop:
|
||||
* Check permissions before performing operations on members of the
|
||||
* semaphore set @sma. If the @alter flag is nonzero, the semaphore set
|
||||
* may be modified.
|
||||
@@ -1169,20 +1170,20 @@
|
||||
* @alter contains the flag indicating whether changes are to be made.
|
||||
* Return 0 if permission is granted.
|
||||
*
|
||||
* @binder_set_context_mgr
|
||||
* @binder_set_context_mgr:
|
||||
* Check whether @mgr is allowed to be the binder context manager.
|
||||
* @mgr contains the task_struct for the task being registered.
|
||||
* Return 0 if permission is granted.
|
||||
* @binder_transaction
|
||||
* @binder_transaction:
|
||||
* Check whether @from is allowed to invoke a binder transaction call
|
||||
* to @to.
|
||||
* @from contains the task_struct for the sending task.
|
||||
* @to contains the task_struct for the receiving task.
|
||||
* @binder_transfer_binder
|
||||
* @binder_transfer_binder:
|
||||
* Check whether @from is allowed to transfer a binder reference to @to.
|
||||
* @from contains the task_struct for the sending task.
|
||||
* @to contains the task_struct for the receiving task.
|
||||
* @binder_transfer_file
|
||||
* @binder_transfer_file:
|
||||
* Check whether @from is allowed to transfer @file to @to.
|
||||
* @from contains the task_struct for the sending task.
|
||||
* @file contains the struct file being transferred.
|
||||
@@ -1230,7 +1231,7 @@
|
||||
* @cred contains the credentials to use.
|
||||
* @ns contains the user namespace we want the capability in
|
||||
* @cap contains the capability <include/linux/capability.h>.
|
||||
* @audit: Whether to write an audit message or not
|
||||
* @audit contains whether to write an audit message or not
|
||||
* Return 0 if the capability is granted for @tsk.
|
||||
* @syslog:
|
||||
* Check permission before accessing the kernel message ring or changing
|
||||
@@ -1352,9 +1353,7 @@
|
||||
* @inode we wish to get the security context of.
|
||||
* @ctx is a pointer in which to place the allocated security context.
|
||||
* @ctxlen points to the place to put the length of @ctx.
|
||||
* This is the main security structure.
|
||||
*/
|
||||
|
||||
union security_list_options {
|
||||
int (*binder_set_context_mgr)(struct task_struct *mgr);
|
||||
int (*binder_transaction)(struct task_struct *from,
|
||||
@@ -1906,7 +1905,7 @@ struct security_hook_heads {
|
||||
struct list_head audit_rule_match;
|
||||
struct list_head audit_rule_free;
|
||||
#endif /* CONFIG_AUDIT */
|
||||
};
|
||||
} __randomize_layout;
|
||||
|
||||
/*
|
||||
* Security module hook list structure.
|
||||
@@ -1917,7 +1916,7 @@ struct security_hook_list {
|
||||
struct list_head *head;
|
||||
union security_list_options hook;
|
||||
char *lsm;
|
||||
};
|
||||
} __randomize_layout;
|
||||
|
||||
/*
|
||||
* Initializing a security_hook_list structure takes
|
||||
|
||||
Reference in New Issue
Block a user