Commit 3518172a authored by James Morris's avatar James Morris

[LSM]: networking hooks, kconfig bits.

parent 67f0857a
...@@ -63,16 +63,14 @@ extern void cap_task_reparent_to_init (struct task_struct *p); ...@@ -63,16 +63,14 @@ extern void cap_task_reparent_to_init (struct task_struct *p);
/* setfsuid or setfsgid, id0 == fsuid or fsgid */ /* setfsuid or setfsgid, id0 == fsuid or fsgid */
#define LSM_SETID_FS 8 #define LSM_SETID_FS 8
#ifdef CONFIG_SECURITY
/* forward declares to avoid warnings */ /* forward declares to avoid warnings */
struct sk_buff; struct sk_buff;
struct net_device;
struct nfsctl_arg; struct nfsctl_arg;
struct sched_param; struct sched_param;
struct swap_info_struct; struct swap_info_struct;
#ifdef CONFIG_SECURITY
/** /**
* struct security_operations - main security structure * struct security_operations - main security structure
* *
...@@ -952,6 +950,9 @@ struct security_operations { ...@@ -952,6 +950,9 @@ struct security_operations {
struct security_operations *ops); struct security_operations *ops);
int (*unregister_security) (const char *name, int (*unregister_security) (const char *name,
struct security_operations *ops); struct security_operations *ops);
#ifdef CONFIG_SECURITY_NETWORK
#endif /* CONFIG_SECURITY_NETWORK */
}; };
/* global variables */ /* global variables */
...@@ -2106,5 +2107,9 @@ static inline int security_sem_semop (struct sem_array * sma, ...@@ -2106,5 +2107,9 @@ static inline int security_sem_semop (struct sem_array * sma,
#endif /* CONFIG_SECURITY */ #endif /* CONFIG_SECURITY */
#ifdef CONFIG_SECURITY_NETWORK
#else /* CONFIG_SECURITY_NETWORK */
#endif /* CONFIG_SECURITY_NETWORK */
#endif /* ! __LINUX_SECURITY_H */ #endif /* ! __LINUX_SECURITY_H */
...@@ -15,6 +15,15 @@ config SECURITY ...@@ -15,6 +15,15 @@ config SECURITY
If you are unsure how to answer this question, answer N. If you are unsure how to answer this question, answer N.
config SECURITY_NETWORK
bool "Socket and Networking Security Hooks"
depends on SECURITY
help
This enables the socket and networking security hooks.
If enabled, a security module can use these hooks to
implement socket and networking access controls.
If you are unsure how to answer this question, answer N.
config SECURITY_CAPABILITIES config SECURITY_CAPABILITIES
tristate "Default Linux Capabilities" tristate "Default Linux Capabilities"
depends on SECURITY!=n depends on SECURITY!=n
......
...@@ -597,6 +597,9 @@ static int dummy_sem_semop (struct sem_array *sma, ...@@ -597,6 +597,9 @@ static int dummy_sem_semop (struct sem_array *sma,
return 0; return 0;
} }
#ifdef CONFIG_SECURITY_NETWORK
#endif /* CONFIG_SECURITY_NETWORK */
static int dummy_register_security (const char *name, struct security_operations *ops) static int dummy_register_security (const char *name, struct security_operations *ops)
{ {
return -EINVAL; return -EINVAL;
...@@ -725,5 +728,7 @@ void security_fixup_ops (struct security_operations *ops) ...@@ -725,5 +728,7 @@ void security_fixup_ops (struct security_operations *ops)
set_to_dummy_if_null(ops, sem_semop); set_to_dummy_if_null(ops, sem_semop);
set_to_dummy_if_null(ops, register_security); set_to_dummy_if_null(ops, register_security);
set_to_dummy_if_null(ops, unregister_security); set_to_dummy_if_null(ops, unregister_security);
#ifdef CONFIG_SECURITY_NETWORK
#endif /* CONFIG_SECURITY_NETWORK */
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment