From e20b043a6902ecb61c2c84355c3bae5149f391db Mon Sep 17 00:00:00 2001 From: Casey Schaufler Date: Sat, 2 May 2015 15:11:36 -0700 Subject: LSM: Add security module hook list heads Add a list header for each security hook. They aren't used until later in the patch series. They are grouped together in a structure so that there doesn't need to be an external address for each. Macro-ize the initialization of the security_operations for each security module in anticipation of changing out the security_operations structure. Signed-off-by: Casey Schaufler Acked-by: John Johansen Acked-by: Kees Cook Acked-by: Paul Moore Acked-by: Stephen Smalley Acked-by: Tetsuo Handa Signed-off-by: James Morris --- security/smack/smack_lsm.c | 258 ++++++++++++++++++++++----------------------- 1 file changed, 129 insertions(+), 129 deletions(-) (limited to 'security/smack') diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index b644757886bc..4313bf44c3f0 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4267,146 +4267,146 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) } struct security_operations smack_ops = { - .name = "smack", - - .ptrace_access_check = smack_ptrace_access_check, - .ptrace_traceme = smack_ptrace_traceme, - .syslog = smack_syslog, - - .sb_alloc_security = smack_sb_alloc_security, - .sb_free_security = smack_sb_free_security, - .sb_copy_data = smack_sb_copy_data, - .sb_kern_mount = smack_sb_kern_mount, - .sb_statfs = smack_sb_statfs, - - .bprm_set_creds = smack_bprm_set_creds, - .bprm_committing_creds = smack_bprm_committing_creds, - .bprm_secureexec = smack_bprm_secureexec, - - .inode_alloc_security = smack_inode_alloc_security, - .inode_free_security = smack_inode_free_security, - .inode_init_security = smack_inode_init_security, - .inode_link = smack_inode_link, - .inode_unlink = smack_inode_unlink, - .inode_rmdir = smack_inode_rmdir, - .inode_rename = smack_inode_rename, - .inode_permission = smack_inode_permission, - .inode_setattr = smack_inode_setattr, - .inode_getattr = smack_inode_getattr, - .inode_setxattr = smack_inode_setxattr, - .inode_post_setxattr = smack_inode_post_setxattr, - .inode_getxattr = smack_inode_getxattr, - .inode_removexattr = smack_inode_removexattr, - .inode_getsecurity = smack_inode_getsecurity, - .inode_setsecurity = smack_inode_setsecurity, - .inode_listsecurity = smack_inode_listsecurity, - .inode_getsecid = smack_inode_getsecid, - - .file_permission = smack_file_permission, - .file_alloc_security = smack_file_alloc_security, - .file_free_security = smack_file_free_security, - .file_ioctl = smack_file_ioctl, - .file_lock = smack_file_lock, - .file_fcntl = smack_file_fcntl, - .mmap_file = smack_mmap_file, - .mmap_addr = cap_mmap_addr, - .file_set_fowner = smack_file_set_fowner, - .file_send_sigiotask = smack_file_send_sigiotask, - .file_receive = smack_file_receive, - - .file_open = smack_file_open, - - .cred_alloc_blank = smack_cred_alloc_blank, - .cred_free = smack_cred_free, - .cred_prepare = smack_cred_prepare, - .cred_transfer = smack_cred_transfer, - .kernel_act_as = smack_kernel_act_as, - .kernel_create_files_as = smack_kernel_create_files_as, - .task_setpgid = smack_task_setpgid, - .task_getpgid = smack_task_getpgid, - .task_getsid = smack_task_getsid, - .task_getsecid = smack_task_getsecid, - .task_setnice = smack_task_setnice, - .task_setioprio = smack_task_setioprio, - .task_getioprio = smack_task_getioprio, - .task_setscheduler = smack_task_setscheduler, - .task_getscheduler = smack_task_getscheduler, - .task_movememory = smack_task_movememory, - .task_kill = smack_task_kill, - .task_wait = smack_task_wait, - .task_to_inode = smack_task_to_inode, - - .ipc_permission = smack_ipc_permission, - .ipc_getsecid = smack_ipc_getsecid, - - .msg_msg_alloc_security = smack_msg_msg_alloc_security, - .msg_msg_free_security = smack_msg_msg_free_security, - - .msg_queue_alloc_security = smack_msg_queue_alloc_security, - .msg_queue_free_security = smack_msg_queue_free_security, - .msg_queue_associate = smack_msg_queue_associate, - .msg_queue_msgctl = smack_msg_queue_msgctl, - .msg_queue_msgsnd = smack_msg_queue_msgsnd, - .msg_queue_msgrcv = smack_msg_queue_msgrcv, - - .shm_alloc_security = smack_shm_alloc_security, - .shm_free_security = smack_shm_free_security, - .shm_associate = smack_shm_associate, - .shm_shmctl = smack_shm_shmctl, - .shm_shmat = smack_shm_shmat, - - .sem_alloc_security = smack_sem_alloc_security, - .sem_free_security = smack_sem_free_security, - .sem_associate = smack_sem_associate, - .sem_semctl = smack_sem_semctl, - .sem_semop = smack_sem_semop, - - .d_instantiate = smack_d_instantiate, - - .getprocattr = smack_getprocattr, - .setprocattr = smack_setprocattr, - - .unix_stream_connect = smack_unix_stream_connect, - .unix_may_send = smack_unix_may_send, - - .socket_post_create = smack_socket_post_create, + LSM_HOOK_INIT(name, "smack"), + + LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), + LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), + LSM_HOOK_INIT(syslog, smack_syslog), + + LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), + LSM_HOOK_INIT(sb_free_security, smack_sb_free_security), + LSM_HOOK_INIT(sb_copy_data, smack_sb_copy_data), + LSM_HOOK_INIT(sb_kern_mount, smack_sb_kern_mount), + LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), + + LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds), + LSM_HOOK_INIT(bprm_committing_creds, smack_bprm_committing_creds), + LSM_HOOK_INIT(bprm_secureexec, smack_bprm_secureexec), + + LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), + LSM_HOOK_INIT(inode_free_security, smack_inode_free_security), + LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), + LSM_HOOK_INIT(inode_link, smack_inode_link), + LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), + LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), + LSM_HOOK_INIT(inode_rename, smack_inode_rename), + LSM_HOOK_INIT(inode_permission, smack_inode_permission), + LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), + LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), + LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), + LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), + LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), + LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), + LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), + LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), + LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), + LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), + + LSM_HOOK_INIT(file_permission, smack_file_permission), + LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), + LSM_HOOK_INIT(file_free_security, smack_file_free_security), + LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), + LSM_HOOK_INIT(file_lock, smack_file_lock), + LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), + LSM_HOOK_INIT(mmap_file, smack_mmap_file), + LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), + LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), + LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), + LSM_HOOK_INIT(file_receive, smack_file_receive), + + LSM_HOOK_INIT(file_open, smack_file_open), + + LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), + LSM_HOOK_INIT(cred_free, smack_cred_free), + LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), + LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), + LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), + LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), + LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), + LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), + LSM_HOOK_INIT(task_getsid, smack_task_getsid), + LSM_HOOK_INIT(task_getsecid, smack_task_getsecid), + LSM_HOOK_INIT(task_setnice, smack_task_setnice), + LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), + LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), + LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), + LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), + LSM_HOOK_INIT(task_movememory, smack_task_movememory), + LSM_HOOK_INIT(task_kill, smack_task_kill), + LSM_HOOK_INIT(task_wait, smack_task_wait), + LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), + + LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), + LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), + + LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), + LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security), + + LSM_HOOK_INIT(msg_queue_alloc_security, smack_msg_queue_alloc_security), + LSM_HOOK_INIT(msg_queue_free_security, smack_msg_queue_free_security), + LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), + LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), + LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), + LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), + + LSM_HOOK_INIT(shm_alloc_security, smack_shm_alloc_security), + LSM_HOOK_INIT(shm_free_security, smack_shm_free_security), + LSM_HOOK_INIT(shm_associate, smack_shm_associate), + LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), + LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), + + LSM_HOOK_INIT(sem_alloc_security, smack_sem_alloc_security), + LSM_HOOK_INIT(sem_free_security, smack_sem_free_security), + LSM_HOOK_INIT(sem_associate, smack_sem_associate), + LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), + LSM_HOOK_INIT(sem_semop, smack_sem_semop), + + LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), + + LSM_HOOK_INIT(getprocattr, smack_getprocattr), + LSM_HOOK_INIT(setprocattr, smack_setprocattr), + + LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), + LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), + + LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), #ifndef CONFIG_SECURITY_SMACK_NETFILTER - .socket_bind = smack_socket_bind, + LSM_HOOK_INIT(socket_bind, smack_socket_bind), #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ - .socket_connect = smack_socket_connect, - .socket_sendmsg = smack_socket_sendmsg, - .socket_sock_rcv_skb = smack_socket_sock_rcv_skb, - .socket_getpeersec_stream = smack_socket_getpeersec_stream, - .socket_getpeersec_dgram = smack_socket_getpeersec_dgram, - .sk_alloc_security = smack_sk_alloc_security, - .sk_free_security = smack_sk_free_security, - .sock_graft = smack_sock_graft, - .inet_conn_request = smack_inet_conn_request, - .inet_csk_clone = smack_inet_csk_clone, + LSM_HOOK_INIT(socket_connect, smack_socket_connect), + LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), + LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), + LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), + LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), + LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), + LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), + LSM_HOOK_INIT(sock_graft, smack_sock_graft), + LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), + LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), /* key management security hooks */ #ifdef CONFIG_KEYS - .key_alloc = smack_key_alloc, - .key_free = smack_key_free, - .key_permission = smack_key_permission, - .key_getsecurity = smack_key_getsecurity, + LSM_HOOK_INIT(key_alloc, smack_key_alloc), + LSM_HOOK_INIT(key_free, smack_key_free), + LSM_HOOK_INIT(key_permission, smack_key_permission), + LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), #endif /* CONFIG_KEYS */ /* Audit hooks */ #ifdef CONFIG_AUDIT - .audit_rule_init = smack_audit_rule_init, - .audit_rule_known = smack_audit_rule_known, - .audit_rule_match = smack_audit_rule_match, - .audit_rule_free = smack_audit_rule_free, + LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), + LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), + LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), + LSM_HOOK_INIT(audit_rule_free, smack_audit_rule_free), #endif /* CONFIG_AUDIT */ - .ismaclabel = smack_ismaclabel, - .secid_to_secctx = smack_secid_to_secctx, - .secctx_to_secid = smack_secctx_to_secid, - .release_secctx = smack_release_secctx, - .inode_notifysecctx = smack_inode_notifysecctx, - .inode_setsecctx = smack_inode_setsecctx, - .inode_getsecctx = smack_inode_getsecctx, + LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), + LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), + LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), + LSM_HOOK_INIT(release_secctx, smack_release_secctx), + LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), + LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), + LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), }; -- cgit