c9180a57a9
Adds security_get_sb_mnt_opts, security_set_sb_mnt_opts, and security_clont_sb_mnt_opts to the LSM and to SELinux. This will allow filesystems to directly own and control all of their mount options if they so choose. This interface deals only with option identifiers and strings so it should generic enough for any LSM which may come in the future. Filesystems which pass text mount data around in the kernel (almost all of them) need not currently make use of this interface when dealing with SELinux since it will still parse those strings as it always has. I assume future LSM's would do the same. NFS is the primary FS which does not use text mount data and thus must make use of this interface. An LSM would need to implement these functions only if they had mount time options, such as selinux has context= or fscontext=. If the LSM has no mount time options they could simply not implement and let the dummy ops take care of things. An LSM other than SELinux would need to define new option numbers in security.h and any FS which decides to own there own security options would need to be patched to use this new interface for every possible LSM. This is because it was stated to me very clearly that LSM's should not attempt to understand FS mount data and the burdon to understand security should be in the FS which owns the options. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
126 lines
4.1 KiB
C
126 lines
4.1 KiB
C
/*
|
|
* NSA Security-Enhanced Linux (SELinux) security module
|
|
*
|
|
* This file contains the SELinux security data structures for kernel objects.
|
|
*
|
|
* Author(s): Stephen Smalley, <sds@epoch.ncsc.mil>
|
|
* Chris Vance, <cvance@nai.com>
|
|
* Wayne Salamon, <wsalamon@nai.com>
|
|
* James Morris <jmorris@redhat.com>
|
|
*
|
|
* Copyright (C) 2001,2002 Networks Associates Technology, Inc.
|
|
* Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2,
|
|
* as published by the Free Software Foundation.
|
|
*/
|
|
#ifndef _SELINUX_OBJSEC_H_
|
|
#define _SELINUX_OBJSEC_H_
|
|
|
|
#include <linux/list.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/fs.h>
|
|
#include <linux/binfmts.h>
|
|
#include <linux/in.h>
|
|
#include <linux/spinlock.h>
|
|
#include "flask.h"
|
|
#include "avc.h"
|
|
|
|
struct task_security_struct {
|
|
struct task_struct *task; /* back pointer to task object */
|
|
u32 osid; /* SID prior to last execve */
|
|
u32 sid; /* current SID */
|
|
u32 exec_sid; /* exec SID */
|
|
u32 create_sid; /* fscreate SID */
|
|
u32 keycreate_sid; /* keycreate SID */
|
|
u32 sockcreate_sid; /* fscreate SID */
|
|
u32 ptrace_sid; /* SID of ptrace parent */
|
|
};
|
|
|
|
struct inode_security_struct {
|
|
struct inode *inode; /* back pointer to inode object */
|
|
struct list_head list; /* list of inode_security_struct */
|
|
u32 task_sid; /* SID of creating task */
|
|
u32 sid; /* SID of this object */
|
|
u16 sclass; /* security class of this object */
|
|
unsigned char initialized; /* initialization flag */
|
|
struct mutex lock;
|
|
unsigned char inherit; /* inherit SID from parent entry */
|
|
};
|
|
|
|
struct file_security_struct {
|
|
struct file *file; /* back pointer to file object */
|
|
u32 sid; /* SID of open file description */
|
|
u32 fown_sid; /* SID of file owner (for SIGIO) */
|
|
u32 isid; /* SID of inode at the time of file open */
|
|
u32 pseqno; /* Policy seqno at the time of file open */
|
|
};
|
|
|
|
struct superblock_security_struct {
|
|
struct super_block *sb; /* back pointer to sb object */
|
|
struct list_head list; /* list of superblock_security_struct */
|
|
u32 sid; /* SID of file system superblock */
|
|
u32 def_sid; /* default SID for labeling */
|
|
u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */
|
|
unsigned int behavior; /* labeling behavior */
|
|
unsigned char initialized; /* initialization flag */
|
|
unsigned char flags; /* which mount options were specified */
|
|
unsigned char proc; /* proc fs */
|
|
struct mutex lock;
|
|
struct list_head isec_head;
|
|
spinlock_t isec_lock;
|
|
};
|
|
|
|
struct msg_security_struct {
|
|
struct msg_msg *msg; /* back pointer */
|
|
u32 sid; /* SID of message */
|
|
};
|
|
|
|
struct ipc_security_struct {
|
|
struct kern_ipc_perm *ipc_perm; /* back pointer */
|
|
u16 sclass; /* security class of this object */
|
|
u32 sid; /* SID of IPC resource */
|
|
};
|
|
|
|
struct bprm_security_struct {
|
|
struct linux_binprm *bprm; /* back pointer to bprm object */
|
|
u32 sid; /* SID for transformed process */
|
|
unsigned char set;
|
|
|
|
/*
|
|
* unsafe is used to share failure information from bprm_apply_creds()
|
|
* to bprm_post_apply_creds().
|
|
*/
|
|
char unsafe;
|
|
};
|
|
|
|
struct netif_security_struct {
|
|
struct net_device *dev; /* back pointer */
|
|
u32 if_sid; /* SID for this interface */
|
|
u32 msg_sid; /* default SID for messages received on this interface */
|
|
};
|
|
|
|
struct sk_security_struct {
|
|
struct sock *sk; /* back pointer to sk object */
|
|
u32 sid; /* SID of this object */
|
|
u32 peer_sid; /* SID of peer */
|
|
#ifdef CONFIG_NETLABEL
|
|
u16 sclass; /* sock security class */
|
|
enum { /* NetLabel state */
|
|
NLBL_UNSET = 0,
|
|
NLBL_REQUIRE,
|
|
NLBL_LABELED,
|
|
} nlbl_state;
|
|
spinlock_t nlbl_lock; /* protects nlbl_state */
|
|
#endif
|
|
};
|
|
|
|
struct key_security_struct {
|
|
struct key *obj; /* back pointer */
|
|
u32 sid; /* SID of key */
|
|
};
|
|
|
|
extern unsigned int selinux_checkreqprot;
|
|
|
|
#endif /* _SELINUX_OBJSEC_H_ */
|