summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/linux/key.h1
-rw-r--r--include/linux/prctl.h7
-rw-r--r--include/linux/security.h80
-rw-r--r--include/net/sock.h2
4 files changed, 48 insertions, 42 deletions
diff --git a/include/linux/key.h b/include/linux/key.h
index 5253471cd2e..1600ebf717a 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -155,6 +155,7 @@ struct key {
#define KEY_FLAG_IN_QUOTA 3 /* set if key consumes quota */
#define KEY_FLAG_USER_CONSTRUCT 4 /* set if key is being constructed in userspace */
#define KEY_FLAG_NEGATIVE 5 /* set if key is negative */
+#define KEY_FLAG_ROOT_CAN_CLEAR 6 /* set if key can be cleared by root without permission */
/* the description string
* - this is used to match a key against search criteria
diff --git a/include/linux/prctl.h b/include/linux/prctl.h
index 7ddc7f1b480..a0413ac3abe 100644
--- a/include/linux/prctl.h
+++ b/include/linux/prctl.h
@@ -114,4 +114,11 @@
# define PR_SET_MM_START_BRK 6
# define PR_SET_MM_BRK 7
+/*
+ * Set specific pid that is allowed to ptrace the current task.
+ * A value of 0 mean "no process".
+ */
+#define PR_SET_PTRACER 0x59616d61
+# define PR_SET_PTRACER_ANY ((unsigned long)-1)
+
#endif /* _LINUX_PRCTL_H */
diff --git a/include/linux/security.h b/include/linux/security.h
index c8949385e56..673afbb8238 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -22,22 +22,36 @@
#ifndef __LINUX_SECURITY_H
#define __LINUX_SECURITY_H
-#include <linux/fs.h>
-#include <linux/fsnotify.h>
-#include <linux/binfmts.h>
-#include <linux/dcache.h>
-#include <linux/signal.h>
-#include <linux/resource.h>
-#include <linux/sem.h>
-#include <linux/shm.h>
-#include <linux/mm.h> /* PAGE_ALIGN */
-#include <linux/msg.h>
-#include <linux/sched.h>
#include <linux/key.h>
-#include <linux/xfrm.h>
+#include <linux/capability.h>
#include <linux/slab.h>
-#include <linux/xattr.h>
-#include <net/flow.h>
+#include <linux/err.h>
+
+struct linux_binprm;
+struct cred;
+struct rlimit;
+struct siginfo;
+struct sem_array;
+struct sembuf;
+struct kern_ipc_perm;
+struct audit_context;
+struct super_block;
+struct inode;
+struct dentry;
+struct file;
+struct vfsmount;
+struct path;
+struct qstr;
+struct nameidata;
+struct iattr;
+struct fown_struct;
+struct file_operations;
+struct shmid_kernel;
+struct msg_msg;
+struct msg_queue;
+struct xattr;
+struct xfrm_sec_ctx;
+struct mm_struct;
/* Maximum number of letters for an LSM name string */
#define SECURITY_NAME_MAX 10
@@ -49,6 +63,7 @@
struct ctl_table;
struct audit_krule;
struct user_namespace;
+struct timezone;
/*
* These functions are in security/capability.c and are used
@@ -131,18 +146,6 @@ struct request_sock;
#define LSM_UNSAFE_PTRACE_CAP 4
#ifdef CONFIG_MMU
-/*
- * If a hint addr is less than mmap_min_addr change hint to be as
- * low as possible but still greater than mmap_min_addr
- */
-static inline unsigned long round_hint_to_min(unsigned long hint)
-{
- hint &= PAGE_MASK;
- if (((void *)hint != NULL) &&
- (hint < mmap_min_addr))
- return PAGE_ALIGN(mmap_min_addr);
- return hint;
-}
extern int mmap_min_addr_handler(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos);
#endif
@@ -651,6 +654,10 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* manual page for definitions of the @clone_flags.
* @clone_flags contains the flags indicating what should be shared.
* Return 0 if permission is granted.
+ * @task_free:
+ * @task task being freed
+ * Handle release of task-related resources. (Note that this can be called
+ * from interrupt context.)
* @cred_alloc_blank:
* @cred points to the credentials.
* @gfp indicates the atomicity of any memory allocations.
@@ -1493,6 +1500,7 @@ struct security_operations {
int (*dentry_open) (struct file *file, const struct cred *cred);
int (*task_create) (unsigned long clone_flags);
+ void (*task_free) (struct task_struct *task);
int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp);
void (*cred_free) (struct cred *cred);
int (*cred_prepare)(struct cred *new, const struct cred *old,
@@ -1674,9 +1682,7 @@ int security_quotactl(int cmds, int type, int id, struct super_block *sb);
int security_quota_on(struct dentry *dentry);
int security_syslog(int type);
int security_settime(const struct timespec *ts, const struct timezone *tz);
-int security_vm_enough_memory(long pages);
int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
-int security_vm_enough_memory_kern(long pages);
int security_bprm_set_creds(struct linux_binprm *bprm);
int security_bprm_check(struct linux_binprm *bprm);
void security_bprm_committing_creds(struct linux_binprm *bprm);
@@ -1752,6 +1758,7 @@ int security_file_send_sigiotask(struct task_struct *tsk,
int security_file_receive(struct file *file);
int security_dentry_open(struct file *file, const struct cred *cred);
int security_task_create(unsigned long clone_flags);
+void security_task_free(struct task_struct *task);
int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
void security_cred_free(struct cred *cred);
int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
@@ -1896,25 +1903,11 @@ static inline int security_settime(const struct timespec *ts,
return cap_settime(ts, tz);
}
-static inline int security_vm_enough_memory(long pages)
-{
- WARN_ON(current->mm == NULL);
- return cap_vm_enough_memory(current->mm, pages);
-}
-
static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
{
- WARN_ON(mm == NULL);
return cap_vm_enough_memory(mm, pages);
}
-static inline int security_vm_enough_memory_kern(long pages)
-{
- /* If current->mm is a kernel thread then we will pass NULL,
- for this specific case that is fine */
- return cap_vm_enough_memory(current->mm, pages);
-}
-
static inline int security_bprm_set_creds(struct linux_binprm *bprm)
{
return cap_bprm_set_creds(bprm);
@@ -2245,6 +2238,9 @@ static inline int security_task_create(unsigned long clone_flags)
return 0;
}
+static inline void security_task_free(struct task_struct *task)
+{ }
+
static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
{
return 0;
diff --git a/include/net/sock.h b/include/net/sock.h
index f84be9ed611..04bc0b30e9e 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -56,6 +56,8 @@
#include <linux/memcontrol.h>
#include <linux/res_counter.h>
#include <linux/static_key.h>
+#include <linux/aio.h>
+#include <linux/sched.h>
#include <linux/filter.h>
#include <linux/rculist_nulls.h>