From: Linus Torvalds Date: Mon, 28 Apr 2008 17:08:49 +0000 (-0700) Subject: Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris... X-Git-Tag: v2.6.26-rc1~703 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cfd299dffe6f47c04c47b95893708cdc65876fbd;p=linux-2.6 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6: SELinux: Fix a RCU free problem with the netport cache SELinux: Made netnode cache adds faster SELinux: include/security.h whitespace, syntax, and other cleanups SELinux: policydb.h whitespace, syntax, and other cleanups SELinux: mls_types.h whitespace, syntax, and other cleanups SELinux: mls.h whitespace, syntax, and other cleanups SELinux: hashtab.h whitespace, syntax, and other cleanups SELinux: context.h whitespace, syntax, and other cleanups SELinux: ss/conditional.h whitespace, syntax, and other cleanups SELinux: selinux/include/security.h whitespace, syntax, and other cleanups SELinux: objsec.h whitespace, syntax, and other cleanups SELinux: netlabel.h whitespace, syntax, and other cleanups SELinux: avc_ss.h whitespace, syntax, and other cleanups Fixed up conflict in include/linux/security.h manually --- cfd299dffe6f47c04c47b95893708cdc65876fbd diff --cc include/linux/security.h index e6299e50e2,a90c06376e..d0a28fd174 --- a/include/linux/security.h +++ b/include/linux/security.h @@@ -57,14 -59,12 +57,14 @@@ extern int cap_inode_setxattr(struct de extern int cap_inode_removexattr(struct dentry *dentry, char *name); extern int cap_inode_need_killpriv(struct dentry *dentry); extern int cap_inode_killpriv(struct dentry *dentry); - extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); - extern void cap_task_reparent_to_init (struct task_struct *p); + extern int cap_task_post_setuid(uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); + extern void cap_task_reparent_to_init(struct task_struct *p); +extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, + unsigned long arg4, unsigned long arg5, long *rc_p); - extern int cap_task_setscheduler (struct task_struct *p, int policy, struct sched_param *lp); - extern int cap_task_setioprio (struct task_struct *p, int ioprio); - extern int cap_task_setnice (struct task_struct *p, int nice); - extern int cap_syslog (int type); + extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp); + extern int cap_task_setioprio(struct task_struct *p, int ioprio); + extern int cap_task_setnice(struct task_struct *p, int nice); + extern int cap_syslog(int type); extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); struct msghdr; @@@ -720,16 -720,14 +720,16 @@@ static inline void security_free_mnt_op * @arg3 contains a argument. * @arg4 contains a argument. * @arg5 contains a argument. - * Return 0 if permission is granted. + * @rc_p contains a pointer to communicate back the forced return code + * Return 0 if permission is granted, and non-zero if the security module + * has taken responsibility (setting *rc_p) for the prctl call. * @task_reparent_to_init: - * Set the security attributes in @p->security for a kernel thread that - * is being reparented to the init task. + * Set the security attributes in @p->security for a kernel thread that + * is being reparented to the init task. * @p contains the task_struct for the kernel thread. * @task_to_inode: - * Set the security attributes for an inode based on an associated task's - * security attributes, e.g. for /proc/pid inodes. + * Set the security attributes for an inode based on an associated task's + * security attributes, e.g. for /proc/pid inodes. * @p contains the task_struct for the task. * @inode contains the inode structure for the inode. * @@@ -1404,61 -1402,61 +1404,61 @@@ struct security_operations int (*task_post_setuid) (uid_t old_ruid /* or fsuid */ , uid_t old_euid, uid_t old_suid, int flags); int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); - int (*task_setpgid) (struct task_struct * p, pid_t pgid); - int (*task_getpgid) (struct task_struct * p); - int (*task_getsid) (struct task_struct * p); - void (*task_getsecid) (struct task_struct * p, u32 * secid); + int (*task_setpgid) (struct task_struct *p, pid_t pgid); + int (*task_getpgid) (struct task_struct *p); + int (*task_getsid) (struct task_struct *p); + void (*task_getsecid) (struct task_struct *p, u32 *secid); int (*task_setgroups) (struct group_info *group_info); - int (*task_setnice) (struct task_struct * p, int nice); - int (*task_setioprio) (struct task_struct * p, int ioprio); - int (*task_getioprio) (struct task_struct * p); - int (*task_setrlimit) (unsigned int resource, struct rlimit * new_rlim); - int (*task_setscheduler) (struct task_struct * p, int policy, - struct sched_param * lp); - int (*task_getscheduler) (struct task_struct * p); - int (*task_movememory) (struct task_struct * p); - int (*task_kill) (struct task_struct * p, - struct siginfo * info, int sig, u32 secid); - int (*task_wait) (struct task_struct * p); + int (*task_setnice) (struct task_struct *p, int nice); + int (*task_setioprio) (struct task_struct *p, int ioprio); + int (*task_getioprio) (struct task_struct *p); + int (*task_setrlimit) (unsigned int resource, struct rlimit *new_rlim); + int (*task_setscheduler) (struct task_struct *p, int policy, + struct sched_param *lp); + int (*task_getscheduler) (struct task_struct *p); + int (*task_movememory) (struct task_struct *p); + int (*task_kill) (struct task_struct *p, + struct siginfo *info, int sig, u32 secid); + int (*task_wait) (struct task_struct *p); int (*task_prctl) (int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, - unsigned long arg5); + unsigned long arg5, long *rc_p); - void (*task_reparent_to_init) (struct task_struct * p); - void (*task_to_inode)(struct task_struct *p, struct inode *inode); + void (*task_reparent_to_init) (struct task_struct *p); + void (*task_to_inode) (struct task_struct *p, struct inode *inode); - int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); + int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag); void (*ipc_getsecid) (struct kern_ipc_perm *ipcp, u32 *secid); - int (*msg_msg_alloc_security) (struct msg_msg * msg); - void (*msg_msg_free_security) (struct msg_msg * msg); - - int (*msg_queue_alloc_security) (struct msg_queue * msq); - void (*msg_queue_free_security) (struct msg_queue * msq); - int (*msg_queue_associate) (struct msg_queue * msq, int msqflg); - int (*msg_queue_msgctl) (struct msg_queue * msq, int cmd); - int (*msg_queue_msgsnd) (struct msg_queue * msq, - struct msg_msg * msg, int msqflg); - int (*msg_queue_msgrcv) (struct msg_queue * msq, - struct msg_msg * msg, - struct task_struct * target, + int (*msg_msg_alloc_security) (struct msg_msg *msg); + void (*msg_msg_free_security) (struct msg_msg *msg); + + int (*msg_queue_alloc_security) (struct msg_queue *msq); + void (*msg_queue_free_security) (struct msg_queue *msq); + int (*msg_queue_associate) (struct msg_queue *msq, int msqflg); + int (*msg_queue_msgctl) (struct msg_queue *msq, int cmd); + int (*msg_queue_msgsnd) (struct msg_queue *msq, + struct msg_msg *msg, int msqflg); + int (*msg_queue_msgrcv) (struct msg_queue *msq, + struct msg_msg *msg, + struct task_struct *target, long type, int mode); - int (*shm_alloc_security) (struct shmid_kernel * shp); - void (*shm_free_security) (struct shmid_kernel * shp); - int (*shm_associate) (struct shmid_kernel * shp, int shmflg); - int (*shm_shmctl) (struct shmid_kernel * shp, int cmd); - int (*shm_shmat) (struct shmid_kernel * shp, + int (*shm_alloc_security) (struct shmid_kernel *shp); + void (*shm_free_security) (struct shmid_kernel *shp); + int (*shm_associate) (struct shmid_kernel *shp, int shmflg); + int (*shm_shmctl) (struct shmid_kernel *shp, int cmd); + int (*shm_shmat) (struct shmid_kernel *shp, char __user *shmaddr, int shmflg); - int (*sem_alloc_security) (struct sem_array * sma); - void (*sem_free_security) (struct sem_array * sma); - int (*sem_associate) (struct sem_array * sma, int semflg); - int (*sem_semctl) (struct sem_array * sma, int cmd); - int (*sem_semop) (struct sem_array * sma, - struct sembuf * sops, unsigned nsops, int alter); + int (*sem_alloc_security) (struct sem_array *sma); + void (*sem_free_security) (struct sem_array *sma); + int (*sem_associate) (struct sem_array *sma, int semflg); + int (*sem_semctl) (struct sem_array *sma, int cmd); + int (*sem_semop) (struct sem_array *sma, + struct sembuf *sops, unsigned nsops, int alter); - int (*netlink_send) (struct sock * sk, struct sk_buff * skb); - int (*netlink_recv) (struct sk_buff * skb, int cap); + int (*netlink_send) (struct sock *sk, struct sk_buff *skb); + int (*netlink_recv) (struct sk_buff *skb, int cap); /* allow module stacking */ int (*register_security) (const char *name, @@@ -2270,17 -2268,17 +2270,17 @@@ static inline int security_task_wait(st return 0; } - static inline int security_task_prctl (int option, unsigned long arg2, - unsigned long arg3, - unsigned long arg4, - unsigned long arg5, long *rc_p) + static inline int security_task_prctl(int option, unsigned long arg2, + unsigned long arg3, + unsigned long arg4, - unsigned long arg5) ++ unsigned long arg5, long *rc_p) { - return 0; + return cap_task_prctl(option, arg2, arg3, arg3, arg5, rc_p); } - static inline void security_task_reparent_to_init (struct task_struct *p) + static inline void security_task_reparent_to_init(struct task_struct *p) { - cap_task_reparent_to_init (p); + cap_task_reparent_to_init(p); } static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)