[LSM]: networking hooks, kconfig bits.

3518172a · James Morris · 67f0857a · 3518172a · 3518172a · 3518172a
Commit 3518172a authored Feb 06, 2003 by James Morris
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 4 deletions

include/linux/security.h include/linux/security.h +9 -4

security/Kconfig security/Kconfig +9 -0

security/dummy.c security/dummy.c +5 -0

No files found.
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -63,16 +63,14 @@ extern void cap_task_reparent_to_init (struct task_struct *p);
 /* setfsuid or setfsgid, id0 == fsuid or fsgid */
 #define LSM_SETID_FS	8

-
-#ifdef CONFIG_SECURITY
-
 /* forward declares to avoid warnings */
 struct sk_buff;
-struct net_device;
 struct nfsctl_arg;
 struct sched_param;
 struct swap_info_struct;

+#ifdef CONFIG_SECURITY
+
 /**
 * struct security_operations - main security structure
 *
@@ -952,6 +950,9 @@ struct security_operations {
 	                          struct security_operations *ops);
 	int (*unregister_security) (const char *name,
 	                            struct security_operations *ops);
+
+#ifdef CONFIG_SECURITY_NETWORK
+#endif	/* CONFIG_SECURITY_NETWORK */
 };

 /* global variables */
@@ -2106,5 +2107,9 @@ static inline int security_sem_semop (struct sem_array * sma,

 #endif	/* CONFIG_SECURITY */

+#ifdef CONFIG_SECURITY_NETWORK
+#else	/* CONFIG_SECURITY_NETWORK */
+#endif	/* CONFIG_SECURITY_NETWORK */
+
 #endif /* ! __LINUX_SECURITY_H */

--- a/security/Kconfig
+++ b/security/Kconfig
@@ -15,6 +15,15 @@ config SECURITY

 	  If you are unsure how to answer this question, answer N.

+config SECURITY_NETWORK
+	bool "Socket and Networking Security Hooks"
+	depends on SECURITY
+	help
+	  This enables the socket and networking security hooks.
+	  If enabled, a security module can use these hooks to
+	  implement socket and networking access controls.
+	  If you are unsure how to answer this question, answer N.
+
 config SECURITY_CAPABILITIES
 	tristate "Default Linux Capabilities"
 	depends on SECURITY!=n

--- a/security/dummy.c
+++ b/security/dummy.c
@@ -597,6 +597,9 @@ static int dummy_sem_semop (struct sem_array *sma,
 	return 0;
 }

+#ifdef CONFIG_SECURITY_NETWORK
+#endif	/* CONFIG_SECURITY_NETWORK */
+
 static int dummy_register_security (const char *name, struct security_operations *ops)
 {
 	return -EINVAL;
@@ -725,5 +728,7 @@ void security_fixup_ops (struct security_operations *ops)
 	set_to_dummy_if_null(ops, sem_semop);
 	set_to_dummy_if_null(ops, register_security);
 	set_to_dummy_if_null(ops, unregister_security);
+#ifdef CONFIG_SECURITY_NETWORK
+#endif	/* CONFIG_SECURITY_NETWORK */
 }