struct xattr;
struct xfrm_sec_ctx;
struct mm_struct;
+struct kdbus_conn;
/* Maximum number of letters for an LSM name string */
#define SECURITY_NAME_MAX 10
* @inode we wish to get the security context of.
* @ctx is a pointer in which to place the allocated security context.
* @ctxlen points to the place to put the length of @ctx.
+ *
+ * Security hooks for kdbus
+ *
+ * @kdbus_conn_alloc:
+ * Allocate and initialize security related part of kdbus connection.
+ * Return 0 on success.
+ *
+ * @kdbus_conn_free:
+ * Deallocate security related part of kdbus connection.
+ *
+ * @kdbus_talk:
+ * Check if peers can talk to each other.
+ * Return 0 if permission is granted.
+ *
* This is the main security structure.
*/
struct security_operations {
int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen);
int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen);
+#ifdef CONFIG_KDBUS
+ int (*kdbus_conn_alloc)(struct kdbus_conn *conn);
+ void (*kdbus_conn_free)(struct kdbus_conn *conn);
+ int (*kdbus_talk)(const struct kdbus_conn *src,
+ const struct kdbus_conn *dst);
+#endif /* CONFIG_KDBUS */
+
#ifdef CONFIG_SECURITY_NETWORK
int (*unix_stream_connect) (struct sock *sock, struct sock *other, struct sock *newsk);
int (*unix_may_send) (struct socket *sock, struct socket *other);
}
#endif /* CONFIG_SECURITY_PATH */
+#ifdef CONFIG_KDBUS
+#ifdef CONFIG_SECURITY
+
+int security_kdbus_conn_alloc(struct kdbus_conn *conn);
+void security_kdbus_conn_free(struct kdbus_conn *conn);
+int security_kdbus_talk(const struct kdbus_conn *src,
+ const struct kdbus_conn *dst);
+
+#else /* CONFIG_SECURITY */
+
+static inline int security_kdbus_conn_alloc(struct kdbus_conn *conn)
+{
+ return 0;
+}
+
+static inline void security_kdbus_conn_free(struct kdbus_conn *conn)
+{
+}
+
+static inline int security_kdbus_talk(const struct kdbus_conn *src,
+ const struct kdbus_conn *dst)
+{
+ return 0;
+}
+
+#endif /* CONFIG_SECURITY */
+#endif /* CONFIG_KDBUS */
+
#ifdef CONFIG_KEYS
#ifdef CONFIG_SECURITY
return 0;
}
+#ifdef CONFIG_KDBUS
+
+static int cap_kdbus_conn_alloc(struct kdbus_conn *conn)
+{
+ return 0;
+}
+
+static void cap_kdbus_conn_free(struct kdbus_conn *conn)
+{
+}
+
+static int cap_kdbus_talk(const struct kdbus_conn *src,
+ const struct kdbus_conn *dst)
+{
+ return 0;
+}
+
+#endif /* CONFIG_KDBUS */
+
#ifdef CONFIG_SECURITY_NETWORK
static int cap_unix_stream_connect(struct sock *sock, struct sock *other,
struct sock *newsk)
set_to_cap_if_null(ops, inode_notifysecctx);
set_to_cap_if_null(ops, inode_setsecctx);
set_to_cap_if_null(ops, inode_getsecctx);
+#ifdef CONFIG_KDBUS
+ set_to_cap_if_null(ops, kdbus_conn_alloc);
+ set_to_cap_if_null(ops, kdbus_conn_free);
+ set_to_cap_if_null(ops, kdbus_talk);
+#endif /* CONFIG_KDBUS */
#ifdef CONFIG_SECURITY_NETWORK
set_to_cap_if_null(ops, unix_stream_connect);
set_to_cap_if_null(ops, unix_may_send);
}
EXPORT_SYMBOL(security_inode_getsecctx);
+#ifdef CONFIG_KDBUS
+
+int security_kdbus_conn_alloc(struct kdbus_conn *conn)
+{
+ return security_ops->kdbus_conn_alloc(conn);
+}
+EXPORT_SYMBOL(security_kdbus_conn_alloc);
+
+void security_kdbus_conn_free(struct kdbus_conn *conn)
+{
+ security_ops->kdbus_conn_free(conn);
+}
+EXPORT_SYMBOL(security_kdbus_conn_free);
+
+int security_kdbus_talk(const struct kdbus_conn *src,
+ const struct kdbus_conn *dst)
+{
+ return security_ops->kdbus_talk(src, dst);
+}
+EXPORT_SYMBOL(security_kdbus_talk);
+
+#endif /* CONFIG_KDBUS */
+
#ifdef CONFIG_SECURITY_NETWORK
int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk)
projects / platform / kernel / linux-exynos.git / commitdiff