LSM: Switch to lists of hooks

#define __LINUX_LSM_HOOKS_H

#include <linux/security.h>

/* Maximum number of letters for an LSM name string */

#define SECURITY_NAME_MAX	10

#ifdef CONFIG_SECURITY

#include <linux/init.h>

#include <linux/rculist.h>

/**

 * struct security_operations - main security structure

 *

 * Security module identifier.

 *

 * @name:

 *	A string that acts as a unique identifier for the LSM with max number

 *	of characters = SECURITY_NAME_MAX.

 *

 * Security hooks for program execution operations.

 *

 * @bprm_set_creds:

 * This is the main security structure.

 */

struct security_operations {

	char name[SECURITY_NAME_MAX + 1];

union security_list_options {

	int (*binder_set_context_mgr)(struct task_struct *mgr);

	int (*binder_transaction)(struct task_struct *from,

					struct task_struct *to);

#endif /* CONFIG_AUDIT */

};

/*

 * Security module hook list structure.

 * For use with generic list macros for common operations.

 */

struct security_hook_list {

	struct list_head		list;

	struct list_head		*head;

	union security_list_options	hook;

};

/*

 * Initializing a security_hook_list structure takes

 * up a lot of space in a source file. This macro takes

 * care of the common case and reduces the amount of

 * text involved.

 * Casey says: Comment is true in the next patch.

 */

#define LSM_HOOK_INIT(HEAD, HOOK)	.HEAD = HOOK

#define LSM_HOOK_INIT(HEAD, HOOK) \

	{ .head = &security_hook_heads.HEAD, .hook = { .HEAD = HOOK } }

extern struct security_hook_heads security_hook_heads;

static inline void security_add_hooks(struct security_hook_list *hooks,

				      int count)

{

	int i;

/* prototypes */

extern int security_module_enable(struct security_operations *ops);

extern int register_security(struct security_operations *ops);

extern void __init security_fixup_ops(struct security_operations *ops);

extern void reset_security_ops(void);

	for (i = 0; i < count; i++)

		list_add_tail_rcu(&hooks[i].list, hooks[i].head);

}

#endif /* CONFIG_SECURITY */

#ifdef CONFIG_SECURITY_SELINUX_DISABLE

/*

 * Assuring the safety of deleting a security module is up to

 * the security module involved. This may entail ordering the

 * module's hook list in a particular way, refusing to disable

 * the module once a policy is loaded or any number of other

 * actions better imagined than described.

 *

 * The name of the configuration option reflects the only module

 * that currently uses the mechanism. Any developer who thinks

 * disabling their module is a good idea needs to be at least as

 * careful as the SELinux team.

 */

static inline void security_delete_hooks(struct security_hook_list *hooks,

						int count)

{

	int i;

	for (i = 0; i < count; i++)

		list_del_rcu(&hooks[i].list);

}

#endif /* CONFIG_SECURITY_SELINUX_DISABLE */

extern int __init security_module_enable(const char *module);

extern void __init capability_add_hooks(void);

#ifdef CONFIG_SECURITY_YAMA_STACKED

void __init yama_add_hooks(void);

#endif

#endif /* ! __LINUX_LSM_HOOKS_H */

#include <linux/slab.h>

#include <linux/err.h>

#include <linux/string.h>

#include <linux/mm.h>

struct linux_binprm;

struct cred;

struct xfrm_sec_ctx;

struct mm_struct;

/* Maximum number of letters for an LSM name string */

#define SECURITY_NAME_MAX	10

/* If capable should audit the security request */

#define SECURITY_CAP_NOAUDIT 0

#define SECURITY_CAP_AUDIT 1

struct user_namespace;

struct timezone;

/*

 * These functions are in security/capability.c and are used

 * as the default capabilities functions

 */

/* These functions are in security/commoncap.c */

extern int cap_capable(const struct cred *cred, struct user_namespace *ns,

		       int cap, int audit);

extern int cap_settime(const struct timespec *ts, const struct timezone *tz);

struct xfrm_user_sec_ctx;

struct seq_file;

extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);

#ifdef CONFIG_MMU

extern unsigned long mmap_min_addr;

extern unsigned long dac_mmap_min_addr;

static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)

{

	return cap_vm_enough_memory(mm, pages);

	return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages));

}

static inline int security_bprm_set_creds(struct linux_binprm *bprm)

static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb)

{

	return cap_netlink_send(sk, skb);

	return 0;

}

static inline int security_ismaclabel(const char *name)

{ }

#endif /* CONFIG_SECURITY */

#ifdef CONFIG_SECURITY_YAMA

extern int yama_ptrace_access_check(struct task_struct *child,

				    unsigned int mode);

extern int yama_ptrace_traceme(struct task_struct *parent);

extern void yama_task_free(struct task_struct *task);

extern int yama_task_prctl(int option, unsigned long arg2, unsigned long arg3,

			   unsigned long arg4, unsigned long arg5);

#else

static inline int yama_ptrace_access_check(struct task_struct *child,

					   unsigned int mode)

{

	return 0;

}

static inline int yama_ptrace_traceme(struct task_struct *parent)

{

	return 0;

}

static inline void yama_task_free(struct task_struct *task)

{

}

static inline int yama_task_prctl(int option, unsigned long arg2,

				  unsigned long arg3, unsigned long arg4,

				  unsigned long arg5)

{

	return -ENOSYS;

}

#endif /* CONFIG_SECURITY_YAMA */

#endif /* ! __LINUX_SECURITY_H */

obj-$(CONFIG_MMU)			+= min_addr.o

# Object file lists

obj-$(CONFIG_SECURITY)			+= security.o capability.o

obj-$(CONFIG_SECURITY)			+= security.o

obj-$(CONFIG_SECURITYFS)		+= inode.o

obj-$(CONFIG_SECURITY_SELINUX)		+= selinux/

obj-$(CONFIG_SECURITY_SMACK)		+= smack/

		file_inode(bprm->file)->i_mode

	};

	const char *name = NULL, *target = NULL, *info = NULL;

	int error = cap_bprm_set_creds(bprm);

	if (error)

		return error;

	int error = 0;

	if (bprm->cred_prepared)

		return 0;

 */

int apparmor_bprm_secureexec(struct linux_binprm *bprm)

{

	int ret = cap_bprm_secureexec(bprm);

	/* the decision to use secure exec is computed in set_creds

	 * and stored in bprm->unsafe.

	 */

	if (!ret && (bprm->unsafe & AA_SECURE_X_NEEDED))

		ret = 1;

	if (bprm->unsafe & AA_SECURE_X_NEEDED)

		return 1;

	return ret;

	return 0;

}

/**

static int apparmor_ptrace_access_check(struct task_struct *child,

					unsigned int mode)

{

	int error = cap_ptrace_access_check(child, mode);

	if (error)

		return error;

	return aa_ptrace(current, child, mode);

}

static int apparmor_ptrace_traceme(struct task_struct *parent)

{

	int error = cap_ptrace_traceme(parent);

	if (error)

		return error;

	return aa_ptrace(parent, current, PTRACE_MODE_ATTACH);

}

	cred = __task_cred(target);

	profile = aa_cred_profile(cred);

	*effective = cred->cap_effective;

	*inheritable = cred->cap_inheritable;

	*permitted = cred->cap_permitted;

	/*

	 * cap_capget is stacked ahead of this and will

	 * initialize effective and permitted.

	 */

	if (!unconfined(profile) && !COMPLAIN_MODE(profile)) {

		*effective = cap_intersect(*effective, profile->caps.allow);

		*permitted = cap_intersect(*permitted, profile->caps.allow);

			    int cap, int audit)

{

	struct aa_profile *profile;

	/* cap_capable returns 0 on success, else -EPERM */

	int error = cap_capable(cred, ns, cap, audit);

	if (!error) {

	int error = 0;

	profile = aa_cred_profile(cred);

	if (!unconfined(profile))

		error = aa_capable(profile, cap, audit);

	}

	return error;

}

	return error;

}

static struct security_operations apparmor_ops = {

	LSM_HOOK_INIT(name, "apparmor"),

static struct security_hook_list apparmor_hooks[] = {

	LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check),

	LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme),

	LSM_HOOK_INIT(capget, apparmor_capget),

	LSM_HOOK_INIT(file_alloc_security, apparmor_file_alloc_security),

	LSM_HOOK_INIT(file_free_security, apparmor_file_free_security),

	LSM_HOOK_INIT(mmap_file, apparmor_mmap_file),

	LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),

	LSM_HOOK_INIT(file_mprotect, apparmor_file_mprotect),

	LSM_HOOK_INIT(file_lock, apparmor_file_lock),

{

	int error;

	if (!apparmor_enabled || !security_module_enable(&apparmor_ops)) {

	if (!apparmor_enabled || !security_module_enable("apparmor")) {

		aa_info_message("AppArmor disabled by boot time parameter");

		apparmor_enabled = 0;

		return 0;

	error = set_init_cxt();

	if (error) {

		AA_ERROR("Failed to set context on init task\n");

		goto register_security_out;

	}

	error = register_security(&apparmor_ops);

	if (error) {

		struct cred *cred = (struct cred *)current->real_cred;

		aa_free_task_context(cred_cxt(cred));

		cred_cxt(cred) = NULL;

		AA_ERROR("Unable to register AppArmor\n");

		goto register_security_out;

		aa_free_root_ns();

		goto alloc_out;

	}

	security_add_hooks(apparmor_hooks, ARRAY_SIZE(apparmor_hooks));

	/* Report that AppArmor successfully initialized */

	apparmor_initialized = 1;

	return error;

register_security_out:

	aa_free_root_ns();

alloc_out:

	aa_destroy_aafs();