bluetooth: Properly clone LSM attributes to newly created child connections
[linux-2.6.git] / security / security.c
index 47b8a44..d9e1533 100644 (file)
@@ -154,29 +154,33 @@ int security_capset(struct cred *new, const struct cred *old,
                                    effective, inheritable, permitted);
 }
 
-int security_capable(const struct cred *cred, int cap)
+int security_capable(struct user_namespace *ns, const struct cred *cred,
+                    int cap)
 {
-       return security_ops->capable(current, cred, cap, SECURITY_CAP_AUDIT);
+       return security_ops->capable(current, cred, ns, cap,
+                                    SECURITY_CAP_AUDIT);
 }
 
-int security_real_capable(struct task_struct *tsk, int cap)
+int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
+                         int cap)
 {
        const struct cred *cred;
        int ret;
 
        cred = get_task_cred(tsk);
-       ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_AUDIT);
+       ret = security_ops->capable(tsk, cred, ns, cap, SECURITY_CAP_AUDIT);
        put_cred(cred);
        return ret;
 }
 
-int security_real_capable_noaudit(struct task_struct *tsk, int cap)
+int security_real_capable_noaudit(struct task_struct *tsk,
+                                 struct user_namespace *ns, int cap)
 {
        const struct cred *cred;
        int ret;
 
        cred = get_task_cred(tsk);
-       ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_NOAUDIT);
+       ret = security_ops->capable(tsk, cred, ns, cap, SECURITY_CAP_NOAUDIT);
        put_cred(cred);
        return ret;
 }
@@ -196,7 +200,7 @@ int security_syslog(int type)
        return security_ops->syslog(type);
 }
 
-int security_settime(struct timespec *ts, struct timezone *tz)
+int security_settime(const struct timespec *ts, const struct timezone *tz)
 {
        return security_ops->settime(ts, tz);
 }
@@ -517,15 +521,6 @@ int security_inode_permission(struct inode *inode, int mask)
        return security_ops->inode_permission(inode, mask);
 }
 
-int security_inode_exec_permission(struct inode *inode, unsigned int flags)
-{
-       if (unlikely(IS_PRIVATE(inode)))
-               return 0;
-       if (flags)
-               return -ECHILD;
-       return security_ops->inode_permission(inode, MAY_EXEC);
-}
-
 int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
 {
        if (unlikely(IS_PRIVATE(dentry->d_inode)))
@@ -1102,10 +1097,11 @@ void security_sk_clone(const struct sock *sk, struct sock *newsk)
 {
        security_ops->sk_clone_security(sk, newsk);
 }
+EXPORT_SYMBOL(security_sk_clone);
 
 void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
 {
-       security_ops->sk_getsecid(sk, &fl->secid);
+       security_ops->sk_getsecid(sk, &fl->flowi_secid);
 }
 EXPORT_SYMBOL(security_sk_classify_flow);
 
@@ -1238,7 +1234,8 @@ int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
 }
 
 int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
-                                      struct xfrm_policy *xp, struct flowi *fl)
+                                      struct xfrm_policy *xp,
+                                      const struct flowi *fl)
 {
        return security_ops->xfrm_state_pol_flow_match(x, xp, fl);
 }
@@ -1250,7 +1247,7 @@ int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
 
 void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
 {
-       int rc = security_ops->xfrm_decode_session(skb, &fl->secid, 0);
+       int rc = security_ops->xfrm_decode_session(skb, &fl->flowi_secid, 0);
 
        BUG_ON(rc);
 }