X-Git-Url: http://pilppa.org/gitweb/?a=blobdiff_plain;f=security%2Fdummy.c;h=649326bf64ea37e82afe63901560f96c687a468b;hb=5ce94e9e8b469a17fbd3efa1b940c19b5e43449a;hp=3ccfbbe973b6d3014ea9b8cf77015b206688bf6f;hpb=f7a5274d7dde0022dedfb6bca5b4438bbf30e9ce;p=linux-2.6-omap-h63xx.git diff --git a/security/dummy.c b/security/dummy.c index 3ccfbbe973b..649326bf64e 100644 --- a/security/dummy.c +++ b/security/dummy.c @@ -36,14 +36,19 @@ static int dummy_ptrace (struct task_struct *parent, struct task_struct *child) static int dummy_capget (struct task_struct *target, kernel_cap_t * effective, kernel_cap_t * inheritable, kernel_cap_t * permitted) { - *effective = *inheritable = *permitted = 0; if (target->euid == 0) { - *permitted |= (~0 & ~CAP_FS_MASK); - *effective |= (~0 & ~CAP_TO_MASK(CAP_SETPCAP) & ~CAP_FS_MASK); + cap_set_full(*permitted); + cap_set_init_eff(*effective); + } else { + cap_clear(*permitted); + cap_clear(*effective); } - if (target->fsuid == 0) { - *permitted |= CAP_FS_MASK; - *effective |= CAP_FS_MASK; + + cap_clear(*inheritable); + + if (target->fsuid != 0) { + *permitted = cap_drop_fs_set(*permitted); + *effective = cap_drop_fs_set(*effective); } return 0; } @@ -225,22 +230,40 @@ static void dummy_sb_post_remount (struct vfsmount *mnt, unsigned long flags, } -static void dummy_sb_post_mountroot (void) +static void dummy_sb_post_addmount (struct vfsmount *mnt, struct nameidata *nd) { return; } -static void dummy_sb_post_addmount (struct vfsmount *mnt, struct nameidata *nd) +static int dummy_sb_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd) +{ + return 0; +} + +static void dummy_sb_post_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd) { return; } -static int dummy_sb_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd) +static int dummy_sb_get_mnt_opts(const struct super_block *sb, char ***mount_options, + int **flags, int *num_opts) { + *mount_options = NULL; + *flags = NULL; + *num_opts = 0; return 0; } -static void dummy_sb_post_pivotroot (struct nameidata *old_nd, struct nameidata *new_nd) +static int dummy_sb_set_mnt_opts(struct super_block *sb, char **mount_options, + int *flags, int num_opts) +{ + if (unlikely(num_opts)) + return -EOPNOTSUPP; + return 0; +} + +static void dummy_sb_clone_mnt_opts(const struct super_block *oldsb, + struct super_block *newsb) { return; } @@ -384,7 +407,7 @@ static int dummy_inode_killpriv(struct dentry *dentry) return 0; } -static int dummy_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) +static int dummy_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc) { return -EOPNOTSUPP; } @@ -928,6 +951,11 @@ static int dummy_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) return -EOPNOTSUPP; } +static int dummy_secctx_to_secid(char *secdata, u32 seclen, u32 *secid) +{ + return -EOPNOTSUPP; +} + static void dummy_release_secctx(char *secdata, u32 seclen) { } @@ -994,10 +1022,12 @@ void security_fixup_ops (struct security_operations *ops) set_to_dummy_if_null(ops, sb_umount_close); set_to_dummy_if_null(ops, sb_umount_busy); set_to_dummy_if_null(ops, sb_post_remount); - set_to_dummy_if_null(ops, sb_post_mountroot); set_to_dummy_if_null(ops, sb_post_addmount); set_to_dummy_if_null(ops, sb_pivotroot); set_to_dummy_if_null(ops, sb_post_pivotroot); + set_to_dummy_if_null(ops, sb_get_mnt_opts); + set_to_dummy_if_null(ops, sb_set_mnt_opts); + set_to_dummy_if_null(ops, sb_clone_mnt_opts); set_to_dummy_if_null(ops, inode_alloc_security); set_to_dummy_if_null(ops, inode_free_security); set_to_dummy_if_null(ops, inode_init_security); @@ -1086,6 +1116,7 @@ void security_fixup_ops (struct security_operations *ops) set_to_dummy_if_null(ops, getprocattr); set_to_dummy_if_null(ops, setprocattr); set_to_dummy_if_null(ops, secid_to_secctx); + set_to_dummy_if_null(ops, secctx_to_secid); set_to_dummy_if_null(ops, release_secctx); #ifdef CONFIG_SECURITY_NETWORK set_to_dummy_if_null(ops, unix_stream_connect);