Weekly Edition
Return to the Kernel page
| |||||||||||||
|
| |||||||||||||
Convert remaining hooks to new format
The attached patch converts the remaining hooks in the lsm-2.5 tree
to the new format. Builds and boots with CONFIG_SECURITY disabled
or enabled. Any objections to committing this patch?
--
Stephen Smalley, NSA
sds@epoch.ncsc.mil
Index: lsm-2.5/arch/i386/kernel/ioport.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/arch/i386/kernel/ioport.c,v
retrieving revision 1.6
diff -u -r1.6 ioport.c
--- lsm-2.5/arch/i386/kernel/ioport.c 6 Nov 2002 20:37:56 -0000 1.6
+++ lsm-2.5/arch/i386/kernel/ioport.c 4 Dec 2002 20:15:10 -0000
@@ -65,7 +65,7 @@
if (turn_on && !capable(CAP_SYS_RAWIO))
return -EPERM;
- ret = security_ops->ioperm(from, num, turn_on);
+ ret = security_ioperm(from, num, turn_on);
if (ret)
return ret;
@@ -127,7 +127,7 @@
if (!capable(CAP_SYS_RAWIO))
return -EPERM;
}
- retval = security_ops->iopl(old, level);
+ retval = security_iopl(old, level);
if (retval) {
return retval;
}
Index: lsm-2.5/arch/ia64/ia32/sys_ia32.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/arch/ia64/ia32/sys_ia32.c,v
retrieving revision 1.16
diff -u -r1.16 sys_ia32.c
--- lsm-2.5/arch/ia64/ia32/sys_ia32.c 19 Nov 2002 15:09:43 -0000 1.16
+++ lsm-2.5/arch/ia64/ia32/sys_ia32.c 4 Dec 2002 20:15:31 -0000
@@ -3187,7 +3187,7 @@
if (!capable(CAP_SYS_RAWIO))
return -EPERM;
}
- retval = security_ops->iopl(old,level);
+ retval = security_iopl(old,level);
if (retval) {
return retval;
}
Index: lsm-2.5/arch/parisc/kernel/ptrace.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/arch/parisc/kernel/ptrace.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 ptrace.c
--- lsm-2.5/arch/parisc/kernel/ptrace.c 6 Nov 2002 19:28:13 -0000 1.1.1.2
+++ lsm-2.5/arch/parisc/kernel/ptrace.c 4 Dec 2002 20:15:48 -0000
@@ -103,7 +103,7 @@
if (current->ptrace & PT_PTRACED)
goto out;
- ret = security_ops->ptrace(current->parent, current);
+ ret = security_ptrace(current->parent, current);
if (ret)
goto out;
Index: lsm-2.5/fs/file_table.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/fs/file_table.c,v
retrieving revision 1.17
diff -u -r1.17 file_table.c
--- lsm-2.5/fs/file_table.c 29 Nov 2002 17:14:31 -0000 1.17
+++ lsm-2.5/fs/file_table.c 4 Dec 2002 20:17:05 -0000
@@ -107,12 +107,12 @@
filp->f_uid = current->fsuid;
filp->f_gid = current->fsgid;
filp->f_op = dentry->d_inode->i_fop;
- error = security_ops->file_alloc_security(filp);
+ error = security_file_alloc(filp);
if (!error)
if (filp->f_op->open) {
error = filp->f_op->open(dentry->d_inode, filp);
if (error)
- security_ops->file_free_security(filp);
+ security_file_free(filp);
}
return error;
}
@@ -123,7 +123,7 @@
if (file->f_op && file->f_op->release)
file->f_op->release(inode, file);
- security_ops->file_free_security(file);
+ security_file_free(file);
}
void fput(struct file * file)
Index: lsm-2.5/fs/super.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/fs/super.c,v
retrieving revision 1.21
diff -u -r1.21 super.c
--- lsm-2.5/fs/super.c 29 Nov 2002 17:14:32 -0000 1.21
+++ lsm-2.5/fs/super.c 4 Dec 2002 20:17:20 -0000
@@ -612,7 +612,7 @@
sb = type->get_sb(type, flags, name, data);
if (IS_ERR(sb))
goto out_mnt;
- error = security_ops->sb_kern_mount(sb);
+ error = security_sb_kern_mount(sb);
if (error) {
up_write(&sb->s_umount);
deactivate_super(sb);
Index: lsm-2.5/fs/hugetlbfs/inode.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/fs/hugetlbfs/inode.c,v
retrieving revision 1.1.1.4
diff -u -r1.1.1.4 inode.c
--- lsm-2.5/fs/hugetlbfs/inode.c 25 Nov 2002 13:32:09 -0000 1.1.1.4
+++ lsm-2.5/fs/hugetlbfs/inode.c 4 Dec 2002 20:17:48 -0000
@@ -209,7 +209,7 @@
if (inode->i_data.nrpages)
truncate_hugepages(&inode->i_data, 0);
- security_ops->inode_delete(inode);
+ security_inode_delete(inode);
clear_inode(inode);
destroy_inode(inode);
@@ -333,7 +333,7 @@
if (error)
goto out;
- error = security_ops->inode_setattr(dentry, attr);
+ error = security_inode_setattr(dentry, attr);
if (error)
goto out;
Index: lsm-2.5/include/linux/security.h
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/include/linux/security.h,v
retrieving revision 1.29
diff -u -r1.29 security.h
--- lsm-2.5/include/linux/security.h 2 Dec 2002 17:09:17 -0000 1.29
+++ lsm-2.5/include/linux/security.h 4 Dec 2002 21:29:46 -0000
@@ -42,6 +42,8 @@
struct sk_buff;
extern int cap_netlink_send (struct sk_buff *skb);
extern int cap_netlink_recv (struct sk_buff *skb);
+extern int cap_ip_decode_options (struct sk_buff *skb, const char *optptr,
+ unsigned char **pp_ptr);
extern int cap_ptrace (struct task_struct *parent, struct task_struct *child);
extern int cap_capget (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
extern int cap_capset_check (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
@@ -67,21 +69,19 @@
/* setfsuid or setfsgid, id0 == fsuid or fsgid */
#define LSM_SETID_FS 8
-
-#ifdef CONFIG_SECURITY
-
/* forward declares to avoid warnings */
struct socket;
struct sock;
struct sockaddr;
struct msghdr;
-struct sk_buff;
struct net_device;
struct nfsctl_arg;
struct sched_param;
struct swap_info_struct;
struct open_request;
+#ifdef CONFIG_SECURITY
+
/**
* struct security_operations - main security structure
* Security hooks for program execution operations.
@@ -1381,6 +1381,31 @@
extern struct security_operations *security_ops;
/* inline stuff */
+static inline int security_sethostname (char *hostname)
+{
+ return security_ops->sethostname (hostname);
+}
+
+static inline int security_setdomainname (char *domainname)
+{
+ return security_ops->setdomainname (domainname);
+}
+
+static inline int security_reboot (unsigned int cmd)
+{
+ return security_ops->reboot (cmd);
+}
+
+static inline int security_ioperm (unsigned long from, unsigned long num, int turn_on)
+{
+ return security_ops->ioperm (from, num, turn_on);
+}
+
+static inline int security_iopl (unsigned int old, unsigned int level)
+{
+ return security_ops->iopl (old, level);
+}
+
static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
{
return security_ops->ptrace (parent, child);
@@ -1415,6 +1440,26 @@
return security_ops->acct (file);
}
+static inline int security_sysctl(ctl_table * table, int op)
+{
+ return security_ops->sysctl(table, op);
+}
+
+static inline int security_capable(struct task_struct * tsk, int cap)
+{
+ return security_ops->capable(tsk, cap);
+}
+
+static inline int security_swapon(struct swap_info_struct * swap)
+{
+ return security_ops->swapon(swap);
+}
+
+static inline int security_swapoff(struct swap_info_struct * swap)
+{
+ return security_ops->swapoff(swap);
+}
+
static inline int security_quotactl (int cmds, int type, int id,
struct super_block *sb)
{
@@ -1426,6 +1471,41 @@
return security_ops->quota_on (file);
}
+static inline int security_syslog(int type)
+{
+ return security_ops->syslog(type);
+}
+
+static inline int security_settime(struct timeval *tv, struct timezone *tz)
+{
+ return security_ops->settime(tv, tz);
+}
+
+static inline int security_netlink_send(struct sk_buff * skb)
+{
+ return security_ops->netlink_send(skb);
+}
+
+static inline int security_netlink_recv(struct sk_buff * skb)
+{
+ return security_ops->netlink_recv(skb);
+}
+
+
+static inline int security_unix_stream_connect(struct socket * sock,
+ struct socket * other,
+ struct sock * newsk)
+{
+ return security_ops->unix_stream_connect(sock, other, newsk);
+}
+
+
+static inline int security_unix_may_send(struct socket * sock,
+ struct socket * other)
+{
+ return security_ops->unix_may_send(sock, other);
+}
+
static inline int security_bprm_alloc (struct linux_binprm *bprm)
{
return security_ops->bprm_alloc_security (bprm);
@@ -1457,6 +1537,11 @@
security_ops->sb_free_security (sb);
}
+static inline int security_sb_kern_mount (struct super_block *sb)
+{
+ return security_ops->sb_kern_mount (sb);
+}
+
static inline int security_sb_statfs (struct super_block *sb)
{
return security_ops->sb_statfs (sb);
@@ -1861,12 +1946,222 @@
security_ops->task_reparent_to_init (p);
}
+static inline int security_socket_create (int family, int type, int protocol)
+{
+ return security_ops->socket_create(family, type, protocol);
+}
+
+static inline void security_socket_post_create(struct socket * sock,
+ int family,
+ int type,
+ int protocol)
+{
+ security_ops->socket_post_create(sock, family, type, protocol);
+}
+
+static inline int security_socket_bind(struct socket * sock,
+ struct sockaddr * address,
+ int addrlen)
+{
+ return security_ops->socket_bind(sock, address, addrlen);
+}
+
+static inline int security_socket_connect(struct socket * sock,
+ struct sockaddr * address,
+ int addrlen)
+{
+ return security_ops->socket_connect(sock, address, addrlen);
+}
+
+static inline int security_socket_listen(struct socket * sock, int backlog)
+{
+ return security_ops->socket_listen(sock, backlog);
+}
+
+static inline int security_socket_accept(struct socket * sock,
+ struct socket * newsock)
+{
+ return security_ops->socket_accept(sock, newsock);
+}
+
+static inline void security_socket_post_accept(struct socket * sock,
+ struct socket * newsock)
+{
+ security_ops->socket_post_accept(sock, newsock);
+}
+
+static inline int security_socket_sendmsg(struct socket * sock,
+ struct msghdr * msg, int size)
+{
+ return security_ops->socket_sendmsg(sock, msg, size);
+}
+
+static inline int security_socket_recvmsg(struct socket * sock,
+ struct msghdr * msg, int size,
+ int flags)
+{
+ return security_ops->socket_recvmsg(sock, msg, size, flags);
+}
+
+static inline int security_socket_getsockname(struct socket * sock)
+{
+ return security_ops->socket_getsockname(sock);
+}
+
+static inline int security_socket_getpeername(struct socket * sock)
+{
+ return security_ops->socket_getpeername(sock);
+}
+
+static inline int security_socket_getsockopt(struct socket * sock,
+ int level, int optname)
+{
+ return security_ops->socket_getsockopt(sock, level, optname);
+}
+
+static inline int security_socket_setsockopt(struct socket * sock,
+ int level, int optname)
+{
+ return security_ops->socket_setsockopt(sock, level, optname);
+}
+
+static inline int security_socket_shutdown(struct socket * sock, int how)
+{
+ return security_ops->socket_shutdown(sock, how);
+}
+
+static inline int security_sock_alloc(struct sock * sk,
+ int gfp_mask)
+{
+ return security_ops->socket_sock_alloc_security(sk, gfp_mask);
+}
+
+static inline void security_sock_free(struct sock * sk)
+{
+ security_ops->socket_sock_free_security(sk);
+}
+
+static inline int security_sock_rcv_skb (struct sock * sk,
+ struct sk_buff * skb)
+{
+ return security_ops->socket_sock_rcv_skb (sk, skb);
+}
+
+static inline int security_open_request_alloc (struct open_request * req)
+{
+ return security_ops->open_request_alloc_security (req);
+}
+
+static inline void security_open_request_free (struct open_request * req)
+{
+ security_ops->open_request_free_security (req);
+}
+
+static inline void security_tcp_connection_request(struct sock * sk,
+ struct sk_buff * skb,
+ struct open_request * req)
+{
+ security_ops->tcp_connection_request(sk, skb, req);
+}
+
+static inline void security_tcp_synack(struct sock * sk,
+ struct sk_buff * skb,
+ struct open_request * req)
+{
+ security_ops->tcp_synack(sk, skb, req);
+}
+
+static inline void security_tcp_create_openreq_child(struct sock * sk,
+ struct sock * newsk,
+ struct sk_buff * skb,
+ struct open_request * req)
+{
+ security_ops->tcp_create_openreq_child(sk, newsk, skb, req);
+}
+
+static inline int security_skb_alloc(struct sk_buff * skb, int gfp_mask)
+{
+ return security_ops->skb_alloc_security(skb, gfp_mask);
+}
+
+static inline int security_skb_clone(struct sk_buff * newskb,
+ const struct sk_buff * oldskb)
+{
+ return security_ops->skb_clone(newskb, oldskb);
+}
+
+static inline void security_skb_copy(struct sk_buff * newskb,
+ const struct sk_buff * oldskb)
+{
+ security_ops->skb_copy(newskb, oldskb);
+}
+
+static inline void security_skb_set_owner_w (struct sk_buff * skb,
+ struct sock * sk)
+{
+ security_ops->skb_set_owner_w (skb, sk);
+}
+
+static inline void security_skb_recv_datagram(struct sk_buff * skb,
+ struct sock * sk, unsigned flags)
+{
+ security_ops->skb_recv_datagram(skb, sk, flags);
+}
+
+static inline void security_skb_free(struct sk_buff * skb)
+{
+ security_ops->skb_free_security(skb);
+}
+
+static inline void security_ip_fragment(struct sk_buff * newskb,
+ const struct sk_buff * oldskb)
+{
+ security_ops->ip_fragment(newskb, oldskb);
+}
+
+static inline int security_ip_defragment(struct sk_buff * skb)
+{
+ return security_ops->ip_defragment(skb);
+}
+
+static inline void security_ip_encapsulate(struct sk_buff * skb)
+{
+ security_ops->ip_encapsulate(skb);
+}
+
+static inline void security_ip_decapsulate(struct sk_buff * skb)
+{
+ security_ops->ip_decapsulate(skb);
+}
+
+static inline int security_ip_decode_options(struct sk_buff * skb,
+ const char *optptr,
+ unsigned char **pp_ptr)
+{
+ return security_ops->ip_decode_options(skb, optptr, pp_ptr);
+}
+
+static inline void security_netdev_unregister(struct net_device * dev)
+{
+ security_ops->netdev_unregister(dev);
+}
+
static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
short flag)
{
return security_ops->ipc_permission (ipcp, flag);
}
+static inline int security_msg_msg_alloc (struct msg_msg * msg)
+{
+ return security_ops->msg_msg_alloc_security (msg);
+}
+
+static inline void security_msg_msg_free (struct msg_msg * msg)
+{
+ security_ops->msg_msg_free_security(msg);
+}
+
static inline int security_msg_queue_alloc (struct msg_queue *msq)
{
return security_ops->msg_queue_alloc_security (msq);
@@ -1877,6 +2172,31 @@
security_ops->msg_queue_free_security (msq);
}
+static inline int security_msg_queue_associate (struct msg_queue * msq,
+ int msqflg)
+{
+ return security_ops->msg_queue_associate (msq, msqflg);
+}
+
+static inline int security_msg_queue_msgctl (struct msg_queue * msq, int cmd)
+{
+ return security_ops->msg_queue_msgctl (msq, cmd);
+}
+
+static inline int security_msg_queue_msgsnd (struct msg_queue * msq,
+ struct msg_msg * msg, int msqflg)
+{
+ return security_ops->msg_queue_msgsnd (msq, msg, msqflg);
+}
+
+static inline int security_msg_queue_msgrcv (struct msg_queue * msq,
+ struct msg_msg * msg,
+ struct task_struct * target,
+ long type, int mode)
+{
+ return security_ops->msg_queue_msgrcv (msq, msg, target, type, mode);
+}
+
static inline int security_shm_alloc (struct shmid_kernel *shp)
{
return security_ops->shm_alloc_security (shp);
@@ -1887,6 +2207,23 @@
security_ops->shm_free_security (shp);
}
+static inline int security_shm_associate (struct shmid_kernel * shp,
+ int shmflg)
+{
+ return security_ops->shm_associate(shp, shmflg);
+}
+
+static inline int security_shm_shmctl (struct shmid_kernel * shp, int cmd)
+{
+ return security_ops->shm_shmctl (shp, cmd);
+}
+
+static inline int security_shm_shmat (struct shmid_kernel * shp,
+ char *shmaddr, int shmflg)
+{
+ return security_ops->shm_shmat(shp, shmaddr, shmflg);
+}
+
static inline int security_sem_alloc (struct sem_array *sma)
{
return security_ops->sem_alloc_security (sma);
@@ -1897,6 +2234,16 @@
security_ops->sem_free_security (sma);
}
+static inline int security_sem_associate (struct sem_array * sma, int semflg)
+{
+ return security_ops->sem_associate (sma, semflg);
+}
+
+static inline int security_sem_semctl (struct sem_array * sma, int cmd)
+{
+ return security_ops->sem_semctl(sma, cmd);
+}
+
/* prototypes */
extern int security_scaffolding_startup (void);
@@ -1918,6 +2265,31 @@
return 0;
}
+static inline int security_sethostname (char *hostname)
+{
+ return 0;
+}
+
+static inline int security_setdomainname (char *domainname)
+{
+ return 0;
+}
+
+static inline int security_reboot (unsigned int cmd)
+{
+ return 0;
+}
+
+static inline int security_ioperm (unsigned long from, unsigned long num, int turn_on)
+{
+ return 0;
+}
+
+static inline int security_iopl (unsigned int old, unsigned int level)
+{
+ return 0;
+}
+
static inline int security_ptrace (struct task_struct *parent, struct task_struct * child)
{
return cap_ptrace (parent, child);
@@ -1952,6 +2324,26 @@
return 0;
}
+static inline int security_sysctl(ctl_table * table, int op)
+{
+ return 0;
+}
+
+static inline int security_capable(struct task_struct * tsk, int cap)
+{
+ return cap_capable(tsk, cap);
+}
+
+static inline int security_swapon(struct swap_info_struct * swap)
+{
+ return 0;
+}
+
+static inline int security_swapoff(struct swap_info_struct * swap)
+{
+ return 0;
+}
+
static inline int security_quotactl (int cmds, int type, int id,
struct super_block * sb)
{
@@ -1963,6 +2355,39 @@
return 0;
}
+static inline int security_syslog(int type)
+{
+ return 0;
+}
+
+static inline int security_settime(struct timeval *tv, struct timezone *tz)
+{
+ return 0;
+}
+
+static inline int security_netlink_send(struct sk_buff * skb)
+{
+ return cap_netlink_send(skb);
+}
+
+static inline int security_netlink_recv(struct sk_buff * skb)
+{
+ return cap_netlink_recv(skb);
+}
+
+static inline int security_unix_stream_connect(struct socket * sock,
+ struct socket * other,
+ struct sock * newsk)
+{
+ return 0;
+}
+
+static inline int security_unix_may_send(struct socket * sock,
+ struct socket * other)
+{
+ return 0;
+}
+
static inline int security_bprm_alloc (struct linux_binprm *bprm)
{
return 0;
@@ -1994,6 +2419,11 @@
static inline void security_sb_free (struct super_block *sb)
{ }
+static inline int security_sb_kern_mount (struct super_block *sb)
+{
+ return 0;
+}
+
static inline int security_sb_statfs (struct super_block *sb)
{
return 0;
@@ -2362,12 +2792,205 @@
cap_task_reparent_to_init (p);
}
+static inline int security_socket_create (int family, int type, int protocol)
+{
+ return 0;
+}
+
+static inline void security_socket_post_create(struct socket * sock,
+ int family,
+ int type,
+ int protocol)
+{
+}
+
+static inline int security_socket_bind(struct socket * sock,
+ struct sockaddr * address,
+ int addrlen)
+{
+ return 0;
+}
+
+static inline int security_socket_connect(struct socket * sock,
+ struct sockaddr * address,
+ int addrlen)
+{
+ return 0;
+}
+
+static inline int security_socket_listen(struct socket * sock, int backlog)
+{
+ return 0;
+}
+
+static inline int security_socket_accept(struct socket * sock,
+ struct socket * newsock)
+{
+ return 0;
+}
+
+static inline void security_socket_post_accept(struct socket * sock,
+ struct socket * newsock)
+{
+}
+
+static inline int security_socket_sendmsg(struct socket * sock,
+ struct msghdr * msg, int size)
+{
+ return 0;
+}
+
+static inline int security_socket_recvmsg(struct socket * sock,
+ struct msghdr * msg, int size,
+ int flags)
+{
+ return 0;
+}
+
+static inline int security_socket_getsockname(struct socket * sock)
+{
+ return 0;
+}
+
+static inline int security_socket_getpeername(struct socket * sock)
+{
+ return 0;
+}
+
+static inline int security_socket_getsockopt(struct socket * sock,
+ int level, int optname)
+{
+ return 0;
+}
+
+static inline int security_socket_setsockopt(struct socket * sock,
+ int level, int optname)
+{
+ return 0;
+}
+
+static inline int security_socket_shutdown(struct socket * sock, int how)
+{
+ return 0;
+}
+
+static inline int security_sock_alloc(struct sock * sk,
+ int gfp_mask)
+{
+ return 0;
+}
+
+static inline void security_sock_free(struct sock * sk)
+{
+}
+
+static inline int security_sock_rcv_skb (struct sock * sk,
+ struct sk_buff * skb)
+{
+ return 0;
+}
+
+static inline int security_open_request_alloc (struct open_request * req)
+{
+ return 0;
+}
+
+static inline void security_open_request_free (struct open_request * req)
+{
+}
+
+static inline void security_tcp_connection_request(struct sock * sk,
+ struct sk_buff * skb,
+ struct open_request * req)
+{
+}
+
+static inline void security_tcp_synack(struct sock * sk,
+ struct sk_buff * skb,
+ struct open_request * req)
+{
+}
+
+static inline void security_tcp_create_openreq_child(struct sock * sk,
+ struct sock * newsk,
+ struct sk_buff * skb,
+ struct open_request * req)
+{
+}
+
+static inline int security_skb_alloc(struct sk_buff * skb, int gfp_mask)
+{
+ return 0;
+}
+
+static inline int security_skb_clone(struct sk_buff * newskb,
+ const struct sk_buff * oldskb)
+{
+ return 0;
+}
+
+static inline void security_skb_copy(struct sk_buff * newskb,
+ const struct sk_buff * oldskb)
+{
+}
+
+static inline void security_skb_set_owner_w (struct sk_buff * skb,
+ struct sock * sk)
+{
+}
+
+static inline void security_skb_recv_datagram(struct sk_buff * skb,
+ struct sock * sk, unsigned flags)
+{
+}
+
+static inline void security_skb_free(struct sk_buff * skb)
+{
+}
+
+static inline void security_ip_fragment(struct sk_buff * newskb,
+ const struct sk_buff * oldskb)
+{
+}
+
+static inline int security_ip_defragment(struct sk_buff * skb)
+{
+ return 0;
+}
+
+static inline void security_ip_encapsulate(struct sk_buff * skb)
+{
+}
+
+static inline void security_ip_decapsulate(struct sk_buff * skb)
+{
+}
+
+static inline int security_ip_decode_options(struct sk_buff * skb,
+ const char *optptr,
+ unsigned char **pp_ptr)
+{
+ return cap_ip_decode_options(skb,optptr,pp_ptr);
+}
+
+static inline void security_netdev_unregister(struct net_device * dev)
+{
+}
+
static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
short flag)
{
return 0;
}
+static inline int security_msg_msg_alloc (struct msg_msg * msg)
+{
+ return 0;
+}
+
+static inline void security_msg_msg_free (struct msg_msg * msg)
+{ }
+
static inline int security_msg_queue_alloc (struct msg_queue *msq)
{
return 0;
@@ -2376,6 +2999,31 @@
static inline void security_msg_queue_free (struct msg_queue *msq)
{ }
+static inline int security_msg_queue_associate (struct msg_queue * msq,
+ int msqflg)
+{
+ return 0;
+}
+
+static inline int security_msg_queue_msgctl (struct msg_queue * msq, int cmd)
+{
+ return 0;
+}
+
+static inline int security_msg_queue_msgsnd (struct msg_queue * msq,
+ struct msg_msg * msg, int msqflg)
+{
+ return 0;
+}
+
+static inline int security_msg_queue_msgrcv (struct msg_queue * msq,
+ struct msg_msg * msg,
+ struct task_struct * target,
+ long type, int mode)
+{
+ return 0;
+}
+
static inline int security_shm_alloc (struct shmid_kernel *shp)
{
return 0;
@@ -2384,6 +3032,23 @@
static inline void security_shm_free (struct shmid_kernel *shp)
{ }
+static inline int security_shm_associate (struct shmid_kernel * shp,
+ int shmflg)
+{
+ return 0;
+}
+
+static inline int security_shm_shmctl (struct shmid_kernel * shp, int cmd)
+{
+ return 0;
+}
+
+static inline int security_shm_shmat (struct shmid_kernel * shp,
+ char *shmaddr, int shmflg)
+{
+ return 0;
+}
+
static inline int security_sem_alloc (struct sem_array *sma)
{
return 0;
@@ -2392,6 +3057,15 @@
static inline void security_sem_free (struct sem_array *sma)
{ }
+static inline int security_sem_associate (struct sem_array * sma, int semflg)
+{
+ return 0;
+}
+
+static inline int security_sem_semctl (struct sem_array * sma, int cmd)
+{
+ return 0;
+}
#endif /* CONFIG_SECURITY */
Index: lsm-2.5/include/net/sock.h
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/include/net/sock.h,v
retrieving revision 1.17
diff -u -r1.17 sock.h
--- lsm-2.5/include/net/sock.h 29 Nov 2002 18:17:07 -0000 1.17
+++ lsm-2.5/include/net/sock.h 4 Dec 2002 21:04:25 -0000
@@ -705,7 +705,7 @@
skb->sk = sk;
skb->destructor = sock_wfree;
atomic_add(skb->truesize, &sk->wmem_alloc);
- security_ops->skb_set_owner_w(skb, sk);
+ security_skb_set_owner_w(skb, sk);
}
static inline void skb_set_owner_r(struct sk_buff *skb, struct sock *sk)
@@ -725,7 +725,7 @@
if (atomic_read(&sk->rmem_alloc) + skb->truesize >= (unsigned)sk->rcvbuf)
return -ENOMEM;
- err = security_ops->socket_sock_rcv_skb(sk, skb);
+ err = security_sock_rcv_skb(sk, skb);
if (err)
return err;
Index: lsm-2.5/include/net/tcp.h
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/include/net/tcp.h,v
retrieving revision 1.4
diff -u -r1.4 tcp.h
--- lsm-2.5/include/net/tcp.h 6 Nov 2002 20:38:38 -0000 1.4
+++ lsm-2.5/include/net/tcp.h 4 Dec 2002 20:26:00 -0000
@@ -546,7 +546,7 @@
if (req != NULL) {
req->security = NULL;
- if (security_ops->open_request_alloc_security(req)) {
+ if (security_open_request_alloc(req)) {
kmem_cache_free(tcp_openreq_cachep, req);
return NULL;
}
@@ -556,7 +556,7 @@
static inline void tcp_openreq_fastfree(struct open_request *req)
{
- security_ops->open_request_free_security(req);
+ security_open_request_free(req);
kmem_cache_free(tcp_openreq_cachep, req);
}
Index: lsm-2.5/ipc/msg.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/ipc/msg.c,v
retrieving revision 1.10
diff -u -r1.10 msg.c
--- lsm-2.5/ipc/msg.c 29 Nov 2002 17:14:43 -0000 1.10
+++ lsm-2.5/ipc/msg.c 4 Dec 2002 20:31:24 -0000
@@ -130,7 +130,7 @@
{
struct msg_msgseg* seg;
- security_ops->msg_msg_free_security(msg);
+ security_msg_msg_free(msg);
seg = msg->next;
kfree(msg);
@@ -188,7 +188,7 @@
src = ((char*)src)+alen;
}
- err = security_ops->msg_msg_alloc_security(msg);
+ err = security_msg_msg_alloc(msg);
if (err)
goto out_err;
@@ -316,7 +316,7 @@
ret = -EACCES;
else {
int qid = msg_buildid(id, msq->q_perm.seq);
- ret = security_ops->msg_queue_associate(msq, msgflg);
+ ret = security_msg_queue_associate(msq, msgflg);
if (!ret)
ret = qid;
}
@@ -442,7 +442,7 @@
* to set all member fields.
*/
- err = security_ops->msg_queue_msgctl(NULL, cmd);
+ err = security_msg_queue_msgctl(NULL, cmd);
if (err)
return err;
@@ -496,7 +496,7 @@
if (ipcperms (&msq->q_perm, S_IRUGO))
goto out_unlock;
- err = security_ops->msg_queue_msgctl(msq, cmd);
+ err = security_msg_queue_msgctl(msq, cmd);
if (err)
goto out_unlock;
@@ -542,7 +542,7 @@
/* We _could_ check for CAP_CHOWN above, but we don't */
goto out_unlock_up;
- err = security_ops->msg_queue_msgctl(msq, cmd);
+ err = security_msg_queue_msgctl(msq, cmd);
if (err)
goto out_unlock_up;
@@ -618,7 +618,7 @@
msr = list_entry(tmp,struct msg_receiver,r_list);
tmp = tmp->next;
if(testmsg(msg,msr->r_msgtype,msr->r_mode) &&
- !security_ops->msg_queue_msgrcv(msq, msg, msr->r_tsk, msr->r_msgtype, msr->r_mode)) {
+ !security_msg_queue_msgrcv(msq, msg, msr->r_tsk, msr->r_msgtype, msr->r_mode)) {
list_del(&msr->r_list);
if(msr->r_maxsize < msg->m_ts) {
msr->r_msg = ERR_PTR(-E2BIG);
@@ -669,7 +669,7 @@
if (ipcperms(&msq->q_perm, S_IWUGO))
goto out_unlock_free;
- err = security_ops->msg_queue_msgsnd(msq, msg, msgflg);
+ err = security_msg_queue_msgsnd(msq, msg, msgflg);
if (err)
goto out_unlock_free;
@@ -772,7 +772,7 @@
while (tmp != &msq->q_messages) {
msg = list_entry(tmp,struct msg_msg,m_list);
if(testmsg(msg,msgtyp,mode) &&
- !security_ops->msg_queue_msgrcv(msq, msg, current, msgtyp, mode)) {
+ !security_msg_queue_msgrcv(msq, msg, current, msgtyp, mode)) {
found_msg = msg;
if(mode == SEARCH_LESSEQUAL && msg->m_type != 1) {
found_msg=msg;
Index: lsm-2.5/ipc/sem.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/ipc/sem.c,v
retrieving revision 1.14
diff -u -r1.14 sem.c
--- lsm-2.5/ipc/sem.c 29 Nov 2002 17:14:44 -0000 1.14
+++ lsm-2.5/ipc/sem.c 4 Dec 2002 20:36:08 -0000
@@ -188,7 +188,7 @@
err = -EACCES;
else {
int semid = sem_buildid(id, sma->sem_perm.seq);
- err = security_ops->sem_associate(sma, semflg);
+ err = security_sem_associate(sma, semflg);
if (!err)
err = semid;
}
@@ -468,7 +468,7 @@
struct seminfo seminfo;
int max_id;
- err = security_ops->sem_semctl(NULL, cmd);
+ err = security_sem_semctl(NULL, cmd);
if (err)
return err;
@@ -513,7 +513,7 @@
if (ipcperms (&sma->sem_perm, S_IRUGO))
goto out_unlock;
- err = security_ops->sem_semctl(sma, cmd);
+ err = security_sem_semctl(sma, cmd);
if (err)
goto out_unlock;
@@ -560,7 +560,7 @@
if (ipcperms (&sma->sem_perm, (cmd==SETVAL||cmd==SETALL)?S_IWUGO:S_IRUGO))
goto out_unlock;
- err = security_ops->sem_semctl(sma, cmd);
+ err = security_sem_semctl(sma, cmd);
if (err)
goto out_unlock;
@@ -756,7 +756,7 @@
goto out_unlock;
}
- err = security_ops->sem_semctl(sma, cmd);
+ err = security_sem_semctl(sma, cmd);
if (err)
goto out_unlock;
Index: lsm-2.5/ipc/shm.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/ipc/shm.c,v
retrieving revision 1.19
diff -u -r1.19 shm.c
--- lsm-2.5/ipc/shm.c 29 Nov 2002 17:14:44 -0000 1.19
+++ lsm-2.5/ipc/shm.c 4 Dec 2002 20:35:51 -0000
@@ -258,7 +258,7 @@
err = -EACCES;
else {
int shmid = shm_buildid(id, shp->shm_perm.seq);
- err = security_ops->shm_associate(shp, shmflg);
+ err = security_shm_associate(shp, shmflg);
if (!err)
err = shmid;
}
@@ -402,7 +402,7 @@
{
struct shminfo64 shminfo;
- err = security_ops->shm_shmctl(NULL, cmd);
+ err = security_shm_shmctl(NULL, cmd);
if (err)
return err;
@@ -424,7 +424,7 @@
{
struct shm_info shm_info;
- err = security_ops->shm_shmctl(NULL, cmd);
+ err = security_shm_shmctl(NULL, cmd);
if (err)
return err;
@@ -469,7 +469,7 @@
err=-EACCES;
if (ipcperms (&shp->shm_perm, S_IRUGO))
goto out_unlock;
- err = security_ops->shm_shmctl(shp, cmd);
+ err = security_shm_shmctl(shp, cmd);
if (err)
goto out_unlock;
kernel_to_ipc64_perm(&shp->shm_perm, &tbuf.shm_perm);
@@ -507,7 +507,7 @@
if(err)
goto out_unlock;
- err = security_ops->shm_shmctl(shp, cmd);
+ err = security_shm_shmctl(shp, cmd);
if (err)
goto out_unlock;
@@ -551,7 +551,7 @@
goto out_unlock_up;
}
- err = security_ops->shm_shmctl(shp, cmd);
+ err = security_shm_shmctl(shp, cmd);
if (err)
goto out_unlock_up;
@@ -588,7 +588,7 @@
goto out_unlock_up;
}
- err = security_ops->shm_shmctl(shp, cmd);
+ err = security_shm_shmctl(shp, cmd);
if (err)
goto out_unlock_up;
@@ -681,7 +681,7 @@
goto out;
}
- err = security_ops->shm_shmat(shp, shmaddr, shmflg);
+ err = security_shm_shmat(shp, shmaddr, shmflg);
if (err) {
shm_unlock(shp);
return err;
Index: lsm-2.5/kernel/printk.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/kernel/printk.c,v
retrieving revision 1.12
diff -u -r1.12 printk.c
--- lsm-2.5/kernel/printk.c 29 Nov 2002 18:17:07 -0000 1.12
+++ lsm-2.5/kernel/printk.c 4 Dec 2002 20:37:23 -0000
@@ -176,7 +176,7 @@
char *lbuf = NULL;
int error = 0;
- error = security_ops->syslog(type);
+ error = security_syslog(type);
if( error )
return error;
Index: lsm-2.5/kernel/sys.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/kernel/sys.c,v
retrieving revision 1.21
diff -u -r1.21 sys.c
--- lsm-2.5/kernel/sys.c 29 Nov 2002 17:14:46 -0000 1.21
+++ lsm-2.5/kernel/sys.c 4 Dec 2002 20:38:27 -0000
@@ -222,7 +222,7 @@
error = -EACCES;
goto out;
}
- no_nice = security_ops->task_setnice(p, niceval);
+ no_nice = security_task_setnice(p, niceval);
if (no_nice) {
error = no_nice;
goto out;
@@ -368,7 +368,7 @@
if (!capable(CAP_SYS_BOOT))
return -EPERM;
- retval = security_ops->reboot(cmd);
+ retval = security_reboot(cmd);
if (retval) {
return retval;
}
@@ -947,7 +947,7 @@
}
ok_pgid:
- err = security_ops->task_setpgid(p, pgid);
+ err = security_task_setpgid(p, pgid);
if (err)
goto out;
@@ -1152,7 +1152,7 @@
return -EFAULT;
nodename[len] = 0;
- errno = security_ops->sethostname(nodename);
+ errno = security_sethostname(nodename);
if (errno)
return errno;
@@ -1196,7 +1196,7 @@
return -EFAULT;
domainname[len] = 0;
- errno = security_ops->setdomainname(domainname);
+ errno = security_setdomainname(domainname);
if (errno)
return errno;
Index: lsm-2.5/kernel/sysctl.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/kernel/sysctl.c,v
retrieving revision 1.17
diff -u -r1.17 sysctl.c
--- lsm-2.5/kernel/sysctl.c 29 Nov 2002 18:17:08 -0000 1.17
+++ lsm-2.5/kernel/sysctl.c 4 Dec 2002 20:38:46 -0000
@@ -427,7 +427,7 @@
static inline int ctl_perm(ctl_table *table, int op)
{
int error;
- error = security_ops->sysctl(table, op);
+ error = security_sysctl(table, op);
if(error) {
return error;
}
Index: lsm-2.5/kernel/time.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/kernel/time.c,v
retrieving revision 1.4
diff -u -r1.4 time.c
--- lsm-2.5/kernel/time.c 19 Nov 2002 15:10:42 -0000 1.4
+++ lsm-2.5/kernel/time.c 4 Dec 2002 20:41:35 -0000
@@ -154,7 +154,7 @@
return -EPERM;
/* Call the Linux Security Module to perform its checks */
- error = security_ops->settime(tv, tz);
+ error = security_settime(tv, tz);
if (error)
return error;
Index: lsm-2.5/mm/oom_kill.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/mm/oom_kill.c,v
retrieving revision 1.10
diff -u -r1.10 oom_kill.c
--- lsm-2.5/mm/oom_kill.c 29 Nov 2002 18:17:08 -0000 1.10
+++ lsm-2.5/mm/oom_kill.c 4 Dec 2002 20:41:53 -0000
@@ -89,7 +89,7 @@
* Superuser processes are usually more important, so we make it
* less likely that we kill those.
*/
- if (!security_ops->capable(p,CAP_SYS_ADMIN) ||
+ if (!security_capable(p,CAP_SYS_ADMIN) ||
p->uid == 0 || p->euid == 0)
points /= 4;
@@ -99,7 +99,7 @@
* tend to only have this flag set on applications they think
* of as important.
*/
- if (!security_ops->capable(p,CAP_SYS_RAWIO))
+ if (!security_capable(p,CAP_SYS_RAWIO))
points /= 4;
#ifdef DEBUG
printk(KERN_DEBUG "OOMkill: task %d (%s) got %d points\n",
@@ -150,7 +150,7 @@
p->flags |= PF_MEMALLOC | PF_MEMDIE;
/* This process has hardware access, be more careful. */
- if (!security_ops->capable(p,CAP_SYS_RAWIO)) {
+ if (!security_capable(p,CAP_SYS_RAWIO)) {
force_sig(SIGTERM, p);
} else {
force_sig(SIGKILL, p);
Index: lsm-2.5/mm/swapfile.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/mm/swapfile.c,v
retrieving revision 1.26
diff -u -r1.26 swapfile.c
--- lsm-2.5/mm/swapfile.c 29 Nov 2002 18:17:08 -0000 1.26
+++ lsm-2.5/mm/swapfile.c 4 Dec 2002 20:42:08 -0000
@@ -991,7 +991,7 @@
prev = type;
}
- err = security_ops->swapoff(p);
+ err = security_swapoff(p);
if (err) {
swap_list_unlock();
goto out_dput;
@@ -1230,7 +1230,7 @@
}
p->swap_file = swap_file;
- error = security_ops->swapon(p);
+ error = security_swapon(p);
if (error)
goto bad_swap_2;
Index: lsm-2.5/net/socket.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/net/socket.c,v
retrieving revision 1.22
diff -u -r1.22 socket.c
--- lsm-2.5/net/socket.c 25 Nov 2002 14:12:27 -0000 1.22
+++ lsm-2.5/net/socket.c 4 Dec 2002 21:02:29 -0000
@@ -528,7 +528,7 @@
si->msg = msg;
si->size = size;
- err = security_ops->socket_sendmsg(sock, msg, size);
+ err = security_socket_sendmsg(sock, msg, size);
if (err)
return err;
@@ -565,7 +565,7 @@
si->size = size;
si->flags = flags;
- err = security_ops->socket_recvmsg(sock, msg, size, flags);
+ err = security_socket_recvmsg(sock, msg, size, flags);
if (err)
return err;
@@ -997,7 +997,7 @@
family = PF_PACKET;
}
- err = security_ops->socket_create(family, type, protocol);
+ err = security_socket_create(family, type, protocol);
if (err)
return err;
@@ -1046,7 +1046,7 @@
*res = sock;
- security_ops->socket_post_create(sock, family, type, protocol);
+ security_socket_post_create(sock, family, type, protocol);
out:
net_family_read_unlock();
@@ -1158,7 +1158,7 @@
if((sock = sockfd_lookup(fd,&err))!=NULL)
{
if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0) {
- err = security_ops->socket_bind(sock, (struct sockaddr *)address, addrlen);
+ err = security_socket_bind(sock, (struct sockaddr *)address, addrlen);
if (err) {
sockfd_put(sock);
return err;
@@ -1186,7 +1186,7 @@
if ((unsigned) backlog > SOMAXCONN)
backlog = SOMAXCONN;
- err = security_ops->socket_listen(sock, backlog);
+ err = security_socket_listen(sock, backlog);
if (err) {
sockfd_put(sock);
return err;
@@ -1228,7 +1228,7 @@
newsock->type = sock->type;
newsock->ops = sock->ops;
- err = security_ops->socket_accept(sock, newsock);
+ err = security_socket_accept(sock, newsock);
if (err)
goto out_release;
@@ -1251,7 +1251,7 @@
if ((err = sock_map_fd(newsock)) < 0)
goto out_release;
- security_ops->socket_post_accept(sock, newsock);
+ security_socket_post_accept(sock, newsock);
out_put:
sockfd_put(sock);
@@ -1289,7 +1289,7 @@
if (err < 0)
goto out_put;
- err = security_ops->socket_connect(sock, (struct sockaddr *)address, addrlen);
+ err = security_socket_connect(sock, (struct sockaddr *)address, addrlen);
if (err)
goto out_put;
@@ -1317,7 +1317,7 @@
if (!sock)
goto out;
- err = security_ops->socket_getsockname(sock);
+ err = security_socket_getsockname(sock);
if (err)
goto out_put;
@@ -1345,7 +1345,7 @@
if ((sock = sockfd_lookup(fd, &err))!=NULL)
{
- err = security_ops->socket_getpeername(sock);
+ err = security_socket_getpeername(sock);
if (err) {
sockfd_put(sock);
return err;
@@ -1479,7 +1479,7 @@
if ((sock = sockfd_lookup(fd, &err))!=NULL)
{
- err = security_ops->socket_setsockopt(sock,level,optname);
+ err = security_socket_setsockopt(sock,level,optname);
if (err) {
sockfd_put(sock);
return err;
@@ -1506,7 +1506,7 @@
if ((sock = sockfd_lookup(fd, &err))!=NULL)
{
- err = security_ops->socket_getsockopt(sock, level,
+ err = security_socket_getsockopt(sock, level,
optname);
if (err) {
sockfd_put(sock);
@@ -1534,7 +1534,7 @@
if ((sock = sockfd_lookup(fd, &err))!=NULL)
{
- err = security_ops->socket_shutdown(sock, how);
+ err = security_socket_shutdown(sock, how);
if (err) {
sockfd_put(sock);
return err;
Index: lsm-2.5/net/core/datagram.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/net/core/datagram.c,v
retrieving revision 1.5
diff -u -r1.5 datagram.c
--- lsm-2.5/net/core/datagram.c 14 Aug 2002 17:09:42 -0000 1.5
+++ lsm-2.5/net/core/datagram.c 4 Dec 2002 21:02:38 -0000
@@ -177,7 +177,7 @@
skb = skb_dequeue(&sk->receive_queue);
if (skb) {
- security_ops->skb_recv_datagram(skb, sk, flags);
+ security_skb_recv_datagram(skb, sk, flags);
return skb;
}
Index: lsm-2.5/net/core/dev.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/net/core/dev.c,v
retrieving revision 1.16
diff -u -r1.16 dev.c
--- lsm-2.5/net/core/dev.c 25 Nov 2002 14:12:30 -0000 1.16
+++ lsm-2.5/net/core/dev.c 4 Dec 2002 21:04:55 -0000
@@ -2594,7 +2594,7 @@
free_divert_blk(dev);
#endif
- security_ops->netdev_unregister(dev);
+ security_netdev_unregister(dev);
if (dev->features & NETIF_F_DYNALLOC) {
#ifdef NET_REFCNT_DEBUG
Index: lsm-2.5/net/core/rtnetlink.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/net/core/rtnetlink.c,v
retrieving revision 1.4
diff -u -r1.4 rtnetlink.c
--- lsm-2.5/net/core/rtnetlink.c 6 Nov 2002 20:38:55 -0000 1.4
+++ lsm-2.5/net/core/rtnetlink.c 4 Dec 2002 21:05:02 -0000
@@ -316,7 +316,7 @@
sz_idx = type>>2;
kind = type&3;
- if (kind != 2 && security_ops->netlink_recv(skb)) {
+ if (kind != 2 && security_netlink_recv(skb)) {
*errp = -EPERM;
return -1;
}
Index: lsm-2.5/net/core/skbuff.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/net/core/skbuff.c,v
retrieving revision 1.10
diff -u -r1.10 skbuff.c
--- lsm-2.5/net/core/skbuff.c 6 Nov 2002 20:38:55 -0000 1.10
+++ lsm-2.5/net/core/skbuff.c 4 Dec 2002 21:05:21 -0000
@@ -196,7 +196,7 @@
if (!data)
goto nodata;
- if (security_ops->skb_alloc_security(skb, gfp_mask)) {
+ if (security_skb_alloc(skb, gfp_mask)) {
kfree(data);
goto nodata;
}
@@ -344,7 +344,7 @@
nf_bridge_put(skb->nf_bridge);
#endif
#endif
- security_ops->skb_free_security(skb);
+ security_skb_free(skb);
skb_headerinit(skb, NULL, 0); /* clean state */
kfree_skbmem(skb);
}
@@ -373,7 +373,7 @@
return NULL;
}
- if (security_ops->skb_clone(n, skb)) {
+ if (security_skb_clone(n, skb)) {
skb_head_to_pool(n);
return NULL;
}
@@ -477,7 +477,7 @@
#ifdef CONFIG_NET_SCHED
new->tc_index = old->tc_index;
#endif
- security_ops->skb_copy(new, old);
+ security_skb_copy(new, old);
}
/**
Index: lsm-2.5/net/core/sock.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/net/core/sock.c,v
retrieving revision 1.6
diff -u -r1.6 sock.c
--- lsm-2.5/net/core/sock.c 22 Oct 2002 12:59:09 -0000 1.6
+++ lsm-2.5/net/core/sock.c 4 Dec 2002 21:04:13 -0000
@@ -601,7 +601,7 @@
sock_lock_init(sk);
}
sk->security = NULL;
- if (security_ops->socket_sock_alloc_security(sk, priority)) {
+ if (security_sock_alloc(sk, priority)) {
kmem_cache_free(slab, sk);
return NULL;
}
@@ -631,7 +631,7 @@
if (atomic_read(&sk->omem_alloc))
printk(KERN_DEBUG "sk_free: optmem leakage (%d bytes) detected.\n", atomic_read(&sk->omem_alloc));
- security_ops->socket_sock_free_security(sk);
+ security_sock_free(sk);
kmem_cache_free(sk->slab, sk);
}
Index: lsm-2.5/net/ipv4/ip_fragment.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ip_fragment.c,v
retrieving revision 1.5
diff -u -r1.5 ip_fragment.c
--- lsm-2.5/net/ipv4/ip_fragment.c 8 Jul 2002 12:46:26 -0000 1.5
+++ lsm-2.5/net/ipv4/ip_fragment.c 4 Dec 2002 21:05:50 -0000
@@ -375,7 +375,7 @@
int flags, offset;
int ihl, end, ret;
- ret = security_ops->ip_defragment(skb);
+ ret = security_ip_defragment(skb);
if (ret)
goto err;
Index: lsm-2.5/net/ipv4/ip_gre.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ip_gre.c,v
retrieving revision 1.11
diff -u -r1.11 ip_gre.c
--- lsm-2.5/net/ipv4/ip_gre.c 12 Nov 2002 14:56:44 -0000 1.11
+++ lsm-2.5/net/ipv4/ip_gre.c 4 Dec 2002 21:05:58 -0000
@@ -661,7 +661,7 @@
skb->nf_debug = 0;
#endif
#endif
- security_ops->ip_decapsulate(skb);
+ security_ip_decapsulate(skb);
ipgre_ecn_decapsulate(iph, skb);
netif_rx(skb);
read_unlock(&ipgre_lock);
@@ -899,7 +899,7 @@
skb->nf_debug = 0;
#endif
#endif
- security_ops->ip_encapsulate(skb);
+ security_ip_encapsulate(skb);
IPTUNNEL_XMIT();
tunnel->recursion--;
Index: lsm-2.5/net/ipv4/ip_options.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ip_options.c,v
retrieving revision 1.4
diff -u -r1.4 ip_options.c
--- lsm-2.5/net/ipv4/ip_options.c 26 Sep 2002 19:31:18 -0000 1.4
+++ lsm-2.5/net/ipv4/ip_options.c 4 Dec 2002 21:06:06 -0000
@@ -435,7 +435,7 @@
case IPOPT_SEC:
case IPOPT_CIPSO:
case IPOPT_SID:
- if (security_ops->ip_decode_options(skb, optptr, &pp_ptr))
+ if (security_ip_decode_options(skb, optptr, &pp_ptr))
goto error;
break;
default:
Index: lsm-2.5/net/ipv4/ip_output.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ip_output.c,v
retrieving revision 1.14
diff -u -r1.14 ip_output.c
--- lsm-2.5/net/ipv4/ip_output.c 19 Nov 2002 15:10:50 -0000 1.14
+++ lsm-2.5/net/ipv4/ip_output.c 4 Dec 2002 21:06:13 -0000
@@ -633,7 +633,7 @@
ptr += len;
offset += len;
- security_ops->ip_fragment(skb2, skb);
+ security_ip_fragment(skb2, skb);
/*
* Put this fragment into the sending queue.
Index: lsm-2.5/net/ipv4/ipip.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ipip.c,v
retrieving revision 1.10
diff -u -r1.10 ipip.c
--- lsm-2.5/net/ipv4/ipip.c 12 Nov 2002 14:56:44 -0000 1.10
+++ lsm-2.5/net/ipv4/ipip.c 4 Dec 2002 21:06:26 -0000
@@ -508,7 +508,7 @@
skb->nf_debug = 0;
#endif
#endif
- security_ops->ip_decapsulate(skb);
+ security_ip_decapsulate(skb);
ipip_ecn_decapsulate(iph, skb);
netif_rx(skb);
read_unlock(&ipip_lock);
@@ -663,7 +663,7 @@
#endif
#endif
- security_ops->ip_encapsulate(skb);
+ security_ip_encapsulate(skb);
IPTUNNEL_XMIT();
tunnel->recursion--;
Index: lsm-2.5/net/ipv4/ipmr.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ipmr.c,v
retrieving revision 1.10
diff -u -r1.10 ipmr.c
--- lsm-2.5/net/ipv4/ipmr.c 12 Nov 2002 14:56:45 -0000 1.10
+++ lsm-2.5/net/ipv4/ipmr.c 4 Dec 2002 21:06:44 -0000
@@ -1105,7 +1105,7 @@
nf_conntrack_put(skb->nfct);
skb->nfct = NULL;
#endif
- security_ops->ip_encapsulate(skb);
+ security_ip_encapsulate(skb);
}
static inline int ipmr_forward_finish(struct sk_buff *skb)
@@ -1462,7 +1462,7 @@
nf_conntrack_put(skb->nfct);
skb->nfct = NULL;
#endif
- security_ops->ip_decapsulate(skb);
+ security_ip_decapsulate(skb);
netif_rx(skb);
dev_put(reg_dev);
return 0;
@@ -1530,7 +1530,7 @@
nf_conntrack_put(skb->nfct);
skb->nfct = NULL;
#endif
- security_ops->ip_decapsulate(skb);
+ security_ip_decapsulate(skb);
netif_rx(skb);
dev_put(reg_dev);
return 0;
Index: lsm-2.5/net/ipv4/syncookies.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/syncookies.c,v
retrieving revision 1.3
diff -u -r1.3 syncookies.c
--- lsm-2.5/net/ipv4/syncookies.c 6 Nov 2002 20:39:00 -0000 1.3
+++ lsm-2.5/net/ipv4/syncookies.c 4 Dec 2002 21:06:51 -0000
@@ -188,7 +188,7 @@
}
}
- security_ops->tcp_connection_request(sk, skb, req);
+ security_tcp_connection_request(sk, skb, req);
/* Try to redo what tcp_v4_send_synack did. */
req->window_clamp = dst_metric(&rt->u.dst, RTAX_WINDOW);
Index: lsm-2.5/net/ipv4/tcp_ipv4.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/tcp_ipv4.c,v
retrieving revision 1.19
diff -u -r1.19 tcp_ipv4.c
--- lsm-2.5/net/ipv4/tcp_ipv4.c 19 Nov 2002 15:10:50 -0000 1.19
+++ lsm-2.5/net/ipv4/tcp_ipv4.c 4 Dec 2002 21:07:08 -0000
@@ -1331,7 +1331,7 @@
if (skb) {
struct tcphdr *th = skb->h.th;
- security_ops->tcp_synack(sk, skb, req);
+ security_tcp_synack(sk, skb, req);
th->check = tcp_v4_check(th, skb->len,
req->af.v4_req.loc_addr,
@@ -1549,7 +1549,7 @@
}
req->snt_isn = isn;
- security_ops->tcp_connection_request(sk, skb, req);
+ security_tcp_connection_request(sk, skb, req);
if (tcp_v4_send_synack(sk, req, dst))
goto drop_and_free;
@@ -1800,7 +1800,7 @@
goto no_tcp_socket;
process:
- if (security_ops->socket_sock_rcv_skb(sk, skb))
+ if (security_sock_rcv_skb(sk, skb))
goto discard_and_relse;
if (sk->state == TCP_TIME_WAIT)
Index: lsm-2.5/net/ipv4/tcp_minisocks.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/tcp_minisocks.c,v
retrieving revision 1.10
diff -u -r1.10 tcp_minisocks.c
--- lsm-2.5/net/ipv4/tcp_minisocks.c 12 Nov 2002 14:56:45 -0000 1.10
+++ lsm-2.5/net/ipv4/tcp_minisocks.c 4 Dec 2002 21:07:36 -0000
@@ -803,7 +803,7 @@
TCP_INC_STATS_BH(TcpPassiveOpens);
- security_ops->tcp_create_openreq_child(sk, newsk, skb, req);
+ security_tcp_create_openreq_child(sk, newsk, skb, req);
}
return newsk;
}
Index: lsm-2.5/net/ipv4/netfilter/ip_queue.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/netfilter/ip_queue.c,v
retrieving revision 1.6
diff -u -r1.6 ip_queue.c
--- lsm-2.5/net/ipv4/netfilter/ip_queue.c 14 Aug 2002 17:09:44 -0000 1.6
+++ lsm-2.5/net/ipv4/netfilter/ip_queue.c 4 Dec 2002 21:07:45 -0000
@@ -496,7 +496,7 @@
if (type <= IPQM_BASE)
return;
- if (security_ops->netlink_recv(skb))
+ if (security_netlink_recv(skb))
RCV_SKB_FAIL(-EPERM);
write_lock_bh(&queue_lock);
Index: lsm-2.5/net/netlink/af_netlink.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/net/netlink/af_netlink.c,v
retrieving revision 1.9
diff -u -r1.9 af_netlink.c
--- lsm-2.5/net/netlink/af_netlink.c 25 Nov 2002 14:12:33 -0000 1.9
+++ lsm-2.5/net/netlink/af_netlink.c 4 Dec 2002 21:07:58 -0000
@@ -637,7 +637,7 @@
to corresponding kernel module. --ANK (980802)
*/
- err = security_ops->netlink_send(skb);
+ err = security_netlink_send(skb);
if (err) {
kfree_skb(skb);
goto out;
Index: lsm-2.5/net/unix/af_unix.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/net/unix/af_unix.c,v
retrieving revision 1.18
diff -u -r1.18 af_unix.c
--- lsm-2.5/net/unix/af_unix.c 29 Nov 2002 17:14:55 -0000 1.18
+++ lsm-2.5/net/unix/af_unix.c 4 Dec 2002 21:08:14 -0000
@@ -818,7 +818,7 @@
if (!unix_may_send(sk, other))
goto out_unlock;
- err = security_ops->unix_may_send(sk->socket, other->socket);
+ err = security_unix_may_send(sk->socket, other->socket);
if (err)
goto out_unlock;
@@ -987,7 +987,7 @@
goto restart;
}
- err = security_ops->unix_stream_connect(sock, other->socket, newsk);
+ err = security_unix_stream_connect(sock, other->socket, newsk);
if (err) {
unix_state_wunlock(sk);
goto out_unlock;
@@ -1291,7 +1291,7 @@
if (other->shutdown&RCV_SHUTDOWN)
goto out_unlock;
- err = security_ops->unix_may_send(sk->socket, other->socket);
+ err = security_unix_may_send(sk->socket, other->socket);
if (err)
goto out_unlock;
Index: lsm-2.5/security/capability.c
===================================================================
RCS file: /home/pal/CVS/lsm-2.5/security/capability.c,v
retrieving revision 1.29
diff -u -r1.29 capability.c
--- lsm-2.5/security/capability.c 2 Dec 2002 17:09:19 -0000 1.29
+++ lsm-2.5/security/capability.c 4 Dec 2002 20:59:03 -0000
@@ -279,6 +279,16 @@
return;
}
+int cap_ip_decode_options (struct sk_buff *skb, const char *optptr,
+ unsigned char **pp_ptr)
+{
+ if (!skb && !capable (CAP_NET_RAW)) {
+ (const unsigned char *) *pp_ptr = optptr;
+ return -EPERM;
+ }
+ return 0;
+}
+
EXPORT_SYMBOL(cap_capable);
EXPORT_SYMBOL(cap_ptrace);
EXPORT_SYMBOL(cap_capget);
@@ -289,6 +299,9 @@
EXPORT_SYMBOL(cap_task_post_setuid);
EXPORT_SYMBOL(cap_task_kmod_set_label);
EXPORT_SYMBOL(cap_task_reparent_to_init);
+EXPORT_SYMBOL(cap_netlink_send);
+EXPORT_SYMBOL(cap_netlink_recv);
+EXPORT_SYMBOL(cap_ip_decode_options);
#ifdef CONFIG_SECURITY
@@ -761,16 +774,6 @@
static void cap_ip_decapsulate (struct sk_buff *skb)
{
return;
-}
-
-static int cap_ip_decode_options (struct sk_buff *skb, const char *optptr,
- unsigned char **pp_ptr)
-{
- if (!skb && !capable (CAP_NET_RAW)) {
- (const unsigned char *) *pp_ptr = optptr;
- return -EPERM;
- }
- return 0;
}
static void cap_netdev_unregister (struct net_device *dev)
|
|
||||||||||||