Merge branch 'timers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...

[linux-2.6.git] / security / capability.c

diff --git a/security/capability.c b/security/capability.c
index 88f752e8152cbe1ea888747121181035fcb8fbbb..4875142b858d65e0dea6c2faaf7adf56365ec93a 100644 (file)
--- a/security/capability.c
+++ b/security/capability.c
@@ -308,6 +308,22 @@ static int cap_path_truncate(struct path *path, loff_t length,
 {
        return 0;
 }
+
+static int cap_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
+                         mode_t mode)
+{
+       return 0;
+}
+
+static int cap_path_chown(struct path *path, uid_t uid, gid_t gid)
+{
+       return 0;
+}
+
+static int cap_path_chroot(struct path *root)
+{
+       return 0;
+}
 #endif
 
 static int cap_file_permission(struct file *file, int mask)
@@ -373,6 +389,11 @@ static int cap_task_create(unsigned long clone_flags)
        return 0;
 }
 
+static int cap_cred_alloc_blank(struct cred *cred, gfp_t gfp)
+{
+       return 0;
+}
+
 static void cap_cred_free(struct cred *cred)
 {
 }
@@ -386,6 +407,10 @@ static void cap_cred_commit(struct cred *new, const struct cred *old)
 {
 }
 
+static void cap_cred_transfer(struct cred *new, const struct cred *old)
+{
+}
+
 static int cap_kernel_act_as(struct cred *new, u32 secid)
 {
        return 0;
@@ -396,6 +421,11 @@ static int cap_kernel_create_files_as(struct cred *new, struct inode *inode)
        return 0;
 }
 
+static int cap_kernel_module_request(char *kmod_name)
+{
+       return 0;
+}
+
 static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
 {
        return 0;
@@ -701,10 +731,26 @@ static void cap_inet_conn_established(struct sock *sk, struct sk_buff *skb)
 {
 }
 
+
+
 static void cap_req_classify_flow(const struct request_sock *req,
                                  struct flowi *fl)
 {
 }
+
+static int cap_tun_dev_create(void)
+{
+       return 0;
+}
+
+static void cap_tun_dev_post_create(struct sock *sk)
+{
+}
+
+static int cap_tun_dev_attach(struct sock *sk)
+{
+       return 0;
+}
 #endif /* CONFIG_SECURITY_NETWORK */
 
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
@@ -792,6 +838,20 @@ static void cap_release_secctx(char *secdata, u32 seclen)
 {
 }
 
+static int cap_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
+{
+       return 0;
+}
+
+static int cap_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
+{
+       return 0;
+}
+
+static int cap_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
+{
+       return 0;
+}
 #ifdef CONFIG_KEYS
 static int cap_key_alloc(struct key *key, const struct cred *cred,
                         unsigned long flags)
@@ -815,6 +875,13 @@ static int cap_key_getsecurity(struct key *key, char **_buffer)
        return 0;
 }
 
+static int cap_key_session_to_parent(const struct cred *cred,
+                                    const struct cred *parent_cred,
+                                    struct key *key)
+{
+       return 0;
+}
+
 #endif /* CONFIG_KEYS */
 
 #ifdef CONFIG_AUDIT
@@ -839,10 +906,6 @@ static void cap_audit_rule_free(void *lsmrule)
 }
 #endif /* CONFIG_AUDIT */
 
-struct security_operations default_security_ops = {
-       .name   = "default",
-};
-
 #define set_to_cap_if_null(ops, function)                              \
        do {                                                            \
                if (!ops->function) {                                   \
@@ -854,7 +917,7 @@ struct security_operations default_security_ops = {
 
 void security_fixup_ops(struct security_operations *ops)
 {
-       set_to_cap_if_null(ops, ptrace_may_access);
+       set_to_cap_if_null(ops, ptrace_access_check);
        set_to_cap_if_null(ops, ptrace_traceme);
        set_to_cap_if_null(ops, capget);
        set_to_cap_if_null(ops, capset);
@@ -926,6 +989,9 @@ void security_fixup_ops(struct security_operations *ops)
        set_to_cap_if_null(ops, path_link);
        set_to_cap_if_null(ops, path_rename);
        set_to_cap_if_null(ops, path_truncate);
+       set_to_cap_if_null(ops, path_chmod);
+       set_to_cap_if_null(ops, path_chown);
+       set_to_cap_if_null(ops, path_chroot);
 #endif
        set_to_cap_if_null(ops, file_permission);
        set_to_cap_if_null(ops, file_alloc_security);
@@ -940,11 +1006,14 @@ void security_fixup_ops(struct security_operations *ops)
        set_to_cap_if_null(ops, file_receive);
        set_to_cap_if_null(ops, dentry_open);
        set_to_cap_if_null(ops, task_create);
+       set_to_cap_if_null(ops, cred_alloc_blank);
        set_to_cap_if_null(ops, cred_free);
        set_to_cap_if_null(ops, cred_prepare);
        set_to_cap_if_null(ops, cred_commit);
+       set_to_cap_if_null(ops, cred_transfer);
        set_to_cap_if_null(ops, kernel_act_as);
        set_to_cap_if_null(ops, kernel_create_files_as);
+       set_to_cap_if_null(ops, kernel_module_request);
        set_to_cap_if_null(ops, task_setuid);
        set_to_cap_if_null(ops, task_fix_setuid);
        set_to_cap_if_null(ops, task_setgid);
@@ -992,6 +1061,9 @@ void security_fixup_ops(struct security_operations *ops)
        set_to_cap_if_null(ops, secid_to_secctx);
        set_to_cap_if_null(ops, secctx_to_secid);
        set_to_cap_if_null(ops, release_secctx);
+       set_to_cap_if_null(ops, inode_notifysecctx);
+       set_to_cap_if_null(ops, inode_setsecctx);
+       set_to_cap_if_null(ops, inode_getsecctx);
 #ifdef CONFIG_SECURITY_NETWORK
        set_to_cap_if_null(ops, unix_stream_connect);
        set_to_cap_if_null(ops, unix_may_send);
@@ -1020,6 +1092,9 @@ void security_fixup_ops(struct security_operations *ops)
        set_to_cap_if_null(ops, inet_csk_clone);
        set_to_cap_if_null(ops, inet_conn_established);
        set_to_cap_if_null(ops, req_classify_flow);
+       set_to_cap_if_null(ops, tun_dev_create);
+       set_to_cap_if_null(ops, tun_dev_post_create);
+       set_to_cap_if_null(ops, tun_dev_attach);
 #endif /* CONFIG_SECURITY_NETWORK */
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
        set_to_cap_if_null(ops, xfrm_policy_alloc_security);
@@ -1038,6 +1113,7 @@ void security_fixup_ops(struct security_operations *ops)
        set_to_cap_if_null(ops, key_free);
        set_to_cap_if_null(ops, key_permission);
        set_to_cap_if_null(ops, key_getsecurity);
+       set_to_cap_if_null(ops, key_session_to_parent);
 #endif /* CONFIG_KEYS */
 #ifdef CONFIG_AUDIT
        set_to_cap_if_null(ops, audit_rule_init);