Magellan Linux

  • Back to homepage
    • /[alx-svn]/alx-src/tags/kernel26-2.6.12-alx-r9/security/security.c

    Contents of /alx-src/tags/kernel26-2.6.12-alx-r9/security/security.c

    Parent Directory Parent Directory | Revision Log Revision Log

    Revision 630 - (show annotations) (download)
    Wed Mar 4 11:03:09 2009 UTC (15 years, 2 months ago) by niro
    File MIME type: text/plain
    File size: 6183 byte(s) 
    Tag kernel26-2.6.12-alx-r9
    1 /*
    2 * Security plug functions
    3 *
    4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
    5 * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com>
    6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
    7 *
    8 * This program is free software; you can redistribute it and/or modify
    9 * it under the terms of the GNU General Public License as published by
    10 * the Free Software Foundation; either version 2 of the License, or
    11 * (at your option) any later version.
    12 */
    13
    14 #include <linux/config.h>
    15 #include <linux/module.h>
    16 #include <linux/init.h>
    17 #include <linux/kernel.h>
    18 #include <linux/sched.h>
    19 #include <linux/security.h>
    20
    21 #define SECURITY_FRAMEWORK_VERSION "1.0.0"
    22
    23 /* things that live in dummy.c */
    24 extern struct security_operations dummy_security_ops;
    25 extern void security_fixup_ops(struct security_operations *ops);
    26
    27 struct security_operations *security_ops; /* Initialized to NULL */
    28
    29 static inline int verify(struct security_operations *ops)
    30 {
    31 /* verify the security_operations structure exists */
    32 if (!ops)
    33 return -EINVAL;
    34 security_fixup_ops(ops);
    35 return 0;
    36 }
    37
    38 static void __init do_security_initcalls(void)
    39 {
    40 initcall_t *call;
    41 call = __security_initcall_start;
    42 while (call < __security_initcall_end) {
    43 (*call) ();
    44 call++;
    45 }
    46 }
    47
    48 /**
    49 * security_init - initializes the security framework
    50 *
    51 * This should be called early in the kernel initialization sequence.
    52 */
    53 int __init security_init(void)
    54 {
    55 printk(KERN_INFO "Security Framework v" SECURITY_FRAMEWORK_VERSION
    56 " initialized\n");
    57
    58 if (verify(&dummy_security_ops)) {
    59 printk(KERN_ERR "%s could not verify "
    60 "dummy_security_ops structure.\n", __FUNCTION__);
    61 return -EIO;
    62 }
    63
    64 security_ops = &dummy_security_ops;
    65 do_security_initcalls();
    66
    67 return 0;
    68 }
    69
    70 /**
    71 * register_security - registers a security framework with the kernel
    72 * @ops: a pointer to the struct security_options that is to be registered
    73 *
    74 * This function is to allow a security module to register itself with the
    75 * kernel security subsystem. Some rudimentary checking is done on the @ops
    76 * value passed to this function. A call to unregister_security() should be
    77 * done to remove this security_options structure from the kernel.
    78 *
    79 * If there is already a security module registered with the kernel,
    80 * an error will be returned. Otherwise 0 is returned on success.
    81 */
    82 int register_security(struct security_operations *ops)
    83 {
    84 if (verify(ops)) {
    85 printk(KERN_DEBUG "%s could not verify "
    86 "security_operations structure.\n", __FUNCTION__);
    87 return -EINVAL;
    88 }
    89
    90 if (security_ops != &dummy_security_ops)
    91 return -EAGAIN;
    92
    93 security_ops = ops;
    94
    95 return 0;
    96 }
    97
    98 /**
    99 * unregister_security - unregisters a security framework with the kernel
    100 * @ops: a pointer to the struct security_options that is to be registered
    101 *
    102 * This function removes a struct security_operations variable that had
    103 * previously been registered with a successful call to register_security().
    104 *
    105 * If @ops does not match the valued previously passed to register_security()
    106 * an error is returned. Otherwise the default security options is set to the
    107 * the dummy_security_ops structure, and 0 is returned.
    108 */
    109 int unregister_security(struct security_operations *ops)
    110 {
    111 if (ops != security_ops) {
    112 printk(KERN_INFO "%s: trying to unregister "
    113 "a security_opts structure that is not "
    114 "registered, failing.\n", __FUNCTION__);
    115 return -EINVAL;
    116 }
    117
    118 security_ops = &dummy_security_ops;
    119
    120 return 0;
    121 }
    122
    123 /**
    124 * mod_reg_security - allows security modules to be "stacked"
    125 * @name: a pointer to a string with the name of the security_options to be registered
    126 * @ops: a pointer to the struct security_options that is to be registered
    127 *
    128 * This function allows security modules to be stacked if the currently loaded
    129 * security module allows this to happen. It passes the @name and @ops to the
    130 * register_security function of the currently loaded security module.
    131 *
    132 * The return value depends on the currently loaded security module, with 0 as
    133 * success.
    134 */
    135 int mod_reg_security(const char *name, struct security_operations *ops)
    136 {
    137 if (verify(ops)) {
    138 printk(KERN_INFO "%s could not verify "
    139 "security operations.\n", __FUNCTION__);
    140 return -EINVAL;
    141 }
    142
    143 if (ops == security_ops) {
    144 printk(KERN_INFO "%s security operations "
    145 "already registered.\n", __FUNCTION__);
    146 return -EINVAL;
    147 }
    148
    149 return security_ops->register_security(name, ops);
    150 }
    151
    152 /**
    153 * mod_unreg_security - allows a security module registered with mod_reg_security() to be unloaded
    154 * @name: a pointer to a string with the name of the security_options to be removed
    155 * @ops: a pointer to the struct security_options that is to be removed
    156 *
    157 * This function allows security modules that have been successfully registered
    158 * with a call to mod_reg_security() to be unloaded from the system.
    159 * This calls the currently loaded security module's unregister_security() call
    160 * with the @name and @ops variables.
    161 *
    162 * The return value depends on the currently loaded security module, with 0 as
    163 * success.
    164 */
    165 int mod_unreg_security(const char *name, struct security_operations *ops)
    166 {
    167 if (ops == security_ops) {
    168 printk(KERN_INFO "%s invalid attempt to unregister "
    169 " primary security ops.\n", __FUNCTION__);
    170 return -EINVAL;
    171 }
    172
    173 return security_ops->unregister_security(name, ops);
    174 }
    175
    176 /**
    177 * capable - calls the currently loaded security module's capable() function with the specified capability
    178 * @cap: the requested capability level.
    179 *
    180 * This function calls the currently loaded security module's capable()
    181 * function with a pointer to the current task and the specified @cap value.
    182 *
    183 * This allows the security module to implement the capable function call
    184 * however it chooses to.
    185 */
    186 int capable(int cap)
    187 {
    188 if (security_ops->capable(current, cap)) {
    189 /* capability denied */
    190 return 0;
    191 }
    192
    193 /* capability granted */
    194 current->flags |= PF_SUPERPRIV;
    195 return 1;
    196 }
    197
    198 EXPORT_SYMBOL_GPL(register_security);
    199 EXPORT_SYMBOL_GPL(unregister_security);
    200 EXPORT_SYMBOL_GPL(mod_reg_security);
    201 EXPORT_SYMBOL_GPL(mod_unreg_security);
    202 EXPORT_SYMBOL(capable);
    203 EXPORT_SYMBOL(security_ops);