Commit a1629843 authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'next-general' of...

Merge branch 'next-general' of git://git.kernel.org:/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris:
 "Two minor updates for the core security subsystem:

   - kernel-doc warning fixes from Randy Dunlap

   - header cleanup from YueHaibing"

* 'next-general' of git://git.kernel.org:/pub/scm/linux/kernel/git/jmorris/linux-security:
  security: remove duplicated include from security.h
  security: <linux/lsm_hooks.h>: fix all kernel-doc warnings
parents b3aa112d 3e27a339
...@@ -103,6 +103,10 @@ ...@@ -103,6 +103,10 @@
* @sb_free_security: * @sb_free_security:
* Deallocate and clear the sb->s_security field. * Deallocate and clear the sb->s_security field.
* @sb contains the super_block structure to be modified. * @sb contains the super_block structure to be modified.
* @sb_free_mnt_opts:
* Free memory associated with @mnt_ops.
* @sb_eat_lsm_opts:
* Eat (scan @orig options) and save them in @mnt_opts.
* @sb_statfs: * @sb_statfs:
* Check permission before obtaining filesystem statistics for the @mnt * Check permission before obtaining filesystem statistics for the @mnt
* mountpoint. * mountpoint.
...@@ -136,6 +140,10 @@ ...@@ -136,6 +140,10 @@
* @sb superblock being remounted * @sb superblock being remounted
* @data contains the filesystem-specific data. * @data contains the filesystem-specific data.
* Return 0 if permission is granted. * Return 0 if permission is granted.
* @sb_kern_mount:
* Mount this @sb if allowed by permissions.
* @sb_show_options:
* Show (print on @m) mount options for this @sb.
* @sb_umount: * @sb_umount:
* Check permission before the @mnt file system is unmounted. * Check permission before the @mnt file system is unmounted.
* @mnt contains the mounted file system. * @mnt contains the mounted file system.
...@@ -155,6 +163,8 @@ ...@@ -155,6 +163,8 @@
* Copy all security options from a given superblock to another * Copy all security options from a given superblock to another
* @oldsb old superblock which contain information to clone * @oldsb old superblock which contain information to clone
* @newsb new superblock which needs filled in * @newsb new superblock which needs filled in
* @sb_add_mnt_opt:
* Add one mount @option to @mnt_opts.
* @sb_parse_opts_str: * @sb_parse_opts_str:
* Parse a string of security data filling in the opts structure * Parse a string of security data filling in the opts structure
* @options string containing all mount options known by the LSM * @options string containing all mount options known by the LSM
...@@ -451,6 +461,12 @@ ...@@ -451,6 +461,12 @@
* security module does not know about attribute or a negative error code * security module does not know about attribute or a negative error code
* to abort the copy up. Note that the caller is responsible for reading * to abort the copy up. Note that the caller is responsible for reading
* and writing the xattrs as this hook is merely a filter. * and writing the xattrs as this hook is merely a filter.
* @d_instantiate:
* Fill in @inode security information for a @dentry if allowed.
* @getprocattr:
* Read attribute @name for process @p and store it into @value if allowed.
* @setprocattr:
* Write (set) attribute @name to @value, size @size if allowed.
* *
* Security hooks for kernfs node operations * Security hooks for kernfs node operations
* *
...@@ -1113,6 +1129,7 @@ ...@@ -1113,6 +1129,7 @@
* In case of failure, @secid will be set to zero. * In case of failure, @secid will be set to zero.
* *
* Security hooks for individual messages held in System V IPC message queues * Security hooks for individual messages held in System V IPC message queues
*
* @msg_msg_alloc_security: * @msg_msg_alloc_security:
* Allocate and attach a security structure to the msg->security field. * Allocate and attach a security structure to the msg->security field.
* The security field is initialized to NULL when the structure is first * The security field is initialized to NULL when the structure is first
...@@ -1302,6 +1319,10 @@ ...@@ -1302,6 +1319,10 @@
* @cap contains the capability <include/linux/capability.h>. * @cap contains the capability <include/linux/capability.h>.
* @opts contains options for the capable check <include/linux/security.h> * @opts contains options for the capable check <include/linux/security.h>
* Return 0 if the capability is granted for @tsk. * Return 0 if the capability is granted for @tsk.
* @quotactl:
* Check whether the quotactl syscall is allowed for this @sb.
* @quota_on:
* Check whether QUOTAON is allowed for this @dentry.
* @syslog: * @syslog:
* Check permission before accessing the kernel message ring or changing * Check permission before accessing the kernel message ring or changing
* logging to the console. * logging to the console.
...@@ -1449,11 +1470,24 @@ ...@@ -1449,11 +1470,24 @@
* @bpf_prog_free_security: * @bpf_prog_free_security:
* Clean up the security information stored inside bpf prog. * Clean up the security information stored inside bpf prog.
* *
* @locked_down * @locked_down:
* Determine whether a kernel feature that potentially enables arbitrary * Determine whether a kernel feature that potentially enables arbitrary
* code execution in kernel space should be permitted. * code execution in kernel space should be permitted.
* *
* @what: kernel feature being accessed * @what: kernel feature being accessed
*
* Security hooks for perf events
*
* @perf_event_open:
* Check whether the @type of perf_event_open syscall is allowed.
* @perf_event_alloc:
* Allocate and save perf_event security info.
* @perf_event_free:
* Release (free) perf_event security info.
* @perf_event_read:
* Read perf_event security info if allowed.
* @perf_event_write:
* Write perf_event security info if allowed.
*/ */
union security_list_options { union security_list_options {
int (*binder_set_context_mgr)(struct task_struct *mgr); int (*binder_set_context_mgr)(struct task_struct *mgr);
......
...@@ -30,7 +30,6 @@ ...@@ -30,7 +30,6 @@
#include <linux/err.h> #include <linux/err.h>
#include <linux/string.h> #include <linux/string.h>
#include <linux/mm.h> #include <linux/mm.h>
#include <linux/fs.h>
struct linux_binprm; struct linux_binprm;
struct cred; struct cred;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment