diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/audit.h | 2 | ||||
-rw-r--r-- | include/linux/ima.h | 27 | ||||
-rw-r--r-- | include/linux/integrity.h | 7 | ||||
-rw-r--r-- | include/linux/ptrace.h | 2 | ||||
-rw-r--r-- | include/linux/security.h | 31 | ||||
-rw-r--r-- | include/linux/tpm.h | 4 | ||||
-rw-r--r-- | include/linux/xattr.h | 3 |
7 files changed, 71 insertions, 5 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 36abf2aa7e6..2a5073cf548 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -529,6 +529,7 @@ extern int audit_set_loginuid(uid_t loginuid); #define audit_get_loginuid(t) ((t)->loginuid) #define audit_get_sessionid(t) ((t)->sessionid) extern void audit_log_task_context(struct audit_buffer *ab); +extern void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk); extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); extern int __audit_bprm(struct linux_binprm *bprm); @@ -640,6 +641,7 @@ extern int audit_signals; #define audit_get_loginuid(t) (-1) #define audit_get_sessionid(t) (-1) #define audit_log_task_context(b) do { ; } while (0) +#define audit_log_task_info(b, t) do { ; } while (0) #define audit_ipc_obj(i) ((void)0) #define audit_ipc_set_perm(q,u,g,m) ((void)0) #define audit_bprm(p) ({ 0; }) diff --git a/include/linux/ima.h b/include/linux/ima.h index 6ac8e50c6cf..2c7223d7e73 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -39,5 +39,32 @@ static inline int ima_file_mmap(struct file *file, unsigned long prot) { return 0; } + #endif /* CONFIG_IMA_H */ + +#ifdef CONFIG_IMA_APPRAISE +extern void ima_inode_post_setattr(struct dentry *dentry); +extern int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, + const void *xattr_value, size_t xattr_value_len); +extern int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name); +#else +static inline void ima_inode_post_setattr(struct dentry *dentry) +{ + return; +} + +static inline int ima_inode_setxattr(struct dentry *dentry, + const char *xattr_name, + const void *xattr_value, + size_t xattr_value_len) +{ + return 0; +} + +static inline int ima_inode_removexattr(struct dentry *dentry, + const char *xattr_name) +{ + return 0; +} +#endif /* CONFIG_IMA_APPRAISE_H */ #endif /* _LINUX_IMA_H */ diff --git a/include/linux/integrity.h b/include/linux/integrity.h index a0c41256cb9..66c5fe9550a 100644 --- a/include/linux/integrity.h +++ b/include/linux/integrity.h @@ -22,13 +22,14 @@ enum integrity_status { /* List of EVM protected security xattrs */ #ifdef CONFIG_INTEGRITY -extern int integrity_inode_alloc(struct inode *inode); +extern struct integrity_iint_cache *integrity_inode_get(struct inode *inode); extern void integrity_inode_free(struct inode *inode); #else -static inline int integrity_inode_alloc(struct inode *inode) +static inline struct integrity_iint_cache * + integrity_inode_get(struct inode *inode) { - return 0; + return NULL; } static inline void integrity_inode_free(struct inode *inode) diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h index 597e4fdb97f..3db698aee34 100644 --- a/include/linux/ptrace.h +++ b/include/linux/ptrace.h @@ -130,8 +130,6 @@ extern void exit_ptrace(struct task_struct *tracer); #define PTRACE_MODE_READ 0x01 #define PTRACE_MODE_ATTACH 0x02 #define PTRACE_MODE_NOAUDIT 0x04 -/* Returns 0 on success, -errno on denial. */ -extern int __ptrace_may_access(struct task_struct *task, unsigned int mode); /* Returns true on success, false on denial. */ extern bool ptrace_may_access(struct task_struct *task, unsigned int mode); diff --git a/include/linux/security.h b/include/linux/security.h index 3dea6a9d568..01ef030b940 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -3021,5 +3021,36 @@ static inline void free_secdata(void *secdata) { } #endif /* CONFIG_SECURITY */ +#ifdef CONFIG_SECURITY_YAMA +extern int yama_ptrace_access_check(struct task_struct *child, + unsigned int mode); +extern int yama_ptrace_traceme(struct task_struct *parent); +extern void yama_task_free(struct task_struct *task); +extern int yama_task_prctl(int option, unsigned long arg2, unsigned long arg3, + unsigned long arg4, unsigned long arg5); +#else +static inline int yama_ptrace_access_check(struct task_struct *child, + unsigned int mode) +{ + return 0; +} + +static inline int yama_ptrace_traceme(struct task_struct *parent) +{ + return 0; +} + +static inline void yama_task_free(struct task_struct *task) +{ +} + +static inline int yama_task_prctl(int option, unsigned long arg2, + unsigned long arg3, unsigned long arg4, + unsigned long arg5) +{ + return -ENOSYS; +} +#endif /* CONFIG_SECURITY_YAMA */ + #endif /* ! __LINUX_SECURITY_H */ diff --git a/include/linux/tpm.h b/include/linux/tpm.h index fdc718abf83..fcb627ff8d3 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -32,6 +32,7 @@ extern int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf); extern int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash); extern int tpm_send(u32 chip_num, void *cmd, size_t buflen); +extern int tpm_get_random(u32 chip_num, u8 *data, size_t max); #else static inline int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf) { return -ENODEV; @@ -42,5 +43,8 @@ static inline int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash) { static inline int tpm_send(u32 chip_num, void *cmd, size_t buflen) { return -ENODEV; } +static inline int tpm_get_random(u32 chip_num, u8 *data, size_t max) { + return -ENODEV; +} #endif #endif diff --git a/include/linux/xattr.h b/include/linux/xattr.h index e5d12203154..77a3e686d56 100644 --- a/include/linux/xattr.h +++ b/include/linux/xattr.h @@ -33,6 +33,9 @@ #define XATTR_EVM_SUFFIX "evm" #define XATTR_NAME_EVM XATTR_SECURITY_PREFIX XATTR_EVM_SUFFIX +#define XATTR_IMA_SUFFIX "ima" +#define XATTR_NAME_IMA XATTR_SECURITY_PREFIX XATTR_IMA_SUFFIX + #define XATTR_SELINUX_SUFFIX "selinux" #define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX |