Contents of /alx-src/tags/kernel26-2.6.12-alx-r9/security/capability.c
Parent Directory | Revision Log
Revision 630 -
(show annotations)
(download)
Wed Mar 4 11:03:09 2009 UTC (15 years, 6 months ago) by niro
File MIME type: text/plain
File size: 2891 byte(s)
Wed Mar 4 11:03:09 2009 UTC (15 years, 6 months ago) by niro
File MIME type: text/plain
File size: 2891 byte(s)
Tag kernel26-2.6.12-alx-r9
1 | /* |
2 | * Capabilities Linux Security Module |
3 | * |
4 | * This program is free software; you can redistribute it and/or modify |
5 | * it under the terms of the GNU General Public License as published by |
6 | * the Free Software Foundation; either version 2 of the License, or |
7 | * (at your option) any later version. |
8 | * |
9 | */ |
10 | |
11 | #include <linux/config.h> |
12 | #include <linux/module.h> |
13 | #include <linux/init.h> |
14 | #include <linux/kernel.h> |
15 | #include <linux/security.h> |
16 | #include <linux/file.h> |
17 | #include <linux/mm.h> |
18 | #include <linux/mman.h> |
19 | #include <linux/pagemap.h> |
20 | #include <linux/swap.h> |
21 | #include <linux/smp_lock.h> |
22 | #include <linux/skbuff.h> |
23 | #include <linux/netlink.h> |
24 | #include <linux/ptrace.h> |
25 | #include <linux/moduleparam.h> |
26 | |
27 | static struct security_operations capability_ops = { |
28 | .ptrace = cap_ptrace, |
29 | .capget = cap_capget, |
30 | .capset_check = cap_capset_check, |
31 | .capset_set = cap_capset_set, |
32 | .capable = cap_capable, |
33 | .settime = cap_settime, |
34 | .netlink_send = cap_netlink_send, |
35 | .netlink_recv = cap_netlink_recv, |
36 | |
37 | .bprm_apply_creds = cap_bprm_apply_creds, |
38 | .bprm_set_security = cap_bprm_set_security, |
39 | .bprm_secureexec = cap_bprm_secureexec, |
40 | |
41 | .inode_setxattr = cap_inode_setxattr, |
42 | .inode_removexattr = cap_inode_removexattr, |
43 | |
44 | .task_post_setuid = cap_task_post_setuid, |
45 | .task_reparent_to_init = cap_task_reparent_to_init, |
46 | |
47 | .syslog = cap_syslog, |
48 | |
49 | .vm_enough_memory = cap_vm_enough_memory, |
50 | }; |
51 | |
52 | #define MY_NAME __stringify(KBUILD_MODNAME) |
53 | |
54 | /* flag to keep track of how we were registered */ |
55 | static int secondary; |
56 | |
57 | static int capability_disable; |
58 | module_param_named(disable, capability_disable, int, 0); |
59 | MODULE_PARM_DESC(disable, "To disable capabilities module set disable = 1"); |
60 | |
61 | static int __init capability_init (void) |
62 | { |
63 | if (capability_disable) { |
64 | printk(KERN_INFO "Capabilities disabled at initialization\n"); |
65 | return 0; |
66 | } |
67 | /* register ourselves with the security framework */ |
68 | if (register_security (&capability_ops)) { |
69 | /* try registering with primary module */ |
70 | if (mod_reg_security (MY_NAME, &capability_ops)) { |
71 | printk (KERN_INFO "Failure registering capabilities " |
72 | "with primary security module.\n"); |
73 | return -EINVAL; |
74 | } |
75 | secondary = 1; |
76 | } |
77 | printk (KERN_INFO "Capability LSM initialized%s\n", |
78 | secondary ? " as secondary" : ""); |
79 | return 0; |
80 | } |
81 | |
82 | static void __exit capability_exit (void) |
83 | { |
84 | if (capability_disable) |
85 | return; |
86 | /* remove ourselves from the security framework */ |
87 | if (secondary) { |
88 | if (mod_unreg_security (MY_NAME, &capability_ops)) |
89 | printk (KERN_INFO "Failure unregistering capabilities " |
90 | "with primary module.\n"); |
91 | return; |
92 | } |
93 | |
94 | if (unregister_security (&capability_ops)) { |
95 | printk (KERN_INFO |
96 | "Failure unregistering capabilities with the kernel\n"); |
97 | } |
98 | } |
99 | |
100 | security_initcall (capability_init); |
101 | module_exit (capability_exit); |
102 | |
103 | MODULE_DESCRIPTION("Standard Linux Capabilities Security Module"); |
104 | MODULE_LICENSE("GPL"); |