Here is a patch to add documentation for the task_security_ops. If there aren't any objections, I can commit it. -- Stephen D. Smalley, NAI Labs ssmalleyat_private --- lsm-wirex/include/linux/security.h Fri Sep 14 12:14:51 2001 +++ lsm/include/linux/security.h Fri Sep 14 12:50:14 2001 @@ -87,7 +87,7 @@ * leave the security attributes of the process unchanged * if an access failure occurs at this point. It can * also perform other state changes on the process (e.g. - * closing open file descriptions to which access is no + * closing open file descriptors to which access is no * longer granted if the attributes were changed). */ void (* compute_creds) (struct linux_binprm *bprm); @@ -328,25 +328,287 @@ }; struct sched_param; +/** + * Security hooks for task operations. + */ struct task_security_ops { - int (* create) (unsigned long clone_flags); - int (* alloc_security) (struct task_struct *p); /* create per process security stuff */ - void (* free_security) (struct task_struct *p); /* free it */ - int (* setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); - int (* post_setuid) (uid_t old_ruid /* or fsuid */, uid_t old_euid, uid_t old_suid, int flags); - int (* setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); - int (* setpgid) (struct task_struct *p, pid_t pgid); - int (* getpgid) (struct task_struct *p); - int (* getsid) (struct task_struct *p); - int (* setgroups) (int gidsetsize, gid_t *grouplist); - int (* setnice) (struct task_struct *p, int nice); - int (* setrlimit) (unsigned int resource, struct rlimit *new_rlim); - int (* setscheduler) (struct task_struct *p, int policy, struct sched_param *lp); - int (* getscheduler) (struct task_struct *p); - int (* kill) (struct task_struct *p, struct siginfo *info, int sig); - int (* wait) (struct task_struct *p); - int (* prctl) (int option, unsigned long arg2, unsigned long arg3, - unsigned long arg4, unsigned long arg5); + /** + * create - check permission when creating a child process + * @clone_flags: flags indicating what should be shared + * + * called: do_fork <kernel/fork.c> + * + * Check permission before creating a child process. + * Return 0 if permission is granted. + * See the clone(2) manual page for definitions of the @clone_flags. + */ + int (* create) (unsigned long clone_flags); + + /** + * alloc_security - allocate security structure for child process + * @p: task_struct for child process + * + * called: do_fork <kernel/fork.c> + * + * Allocate and attach a security structure to the p->security + * field. The security field is initialized to NULL when the + * task structure is allocated. Return 0 if operation was successful. + */ + int (* alloc_security) (struct task_struct *p); + + /** + * free_security - deallocate security structure for this process + * @p: task_struct for process + * + * called: release_task <kernel/exit.c> + * + * Deallocate and clear the p->security field. + */ + void (* free_security) (struct task_struct *p); + + /** + * setuid - check permission when setting user identity attributes + * @id0: uid + * @id1: uid + * @id2: uid + * @flags: one of the LSM_SETID_* values + * + * called: sys_setreuid <kernel/sys.c> + * called: sys_setuid <kernel/sys.c> + * called: sys_setresuid <kernel/sys.c> + * called: sys_setfsuid <kernel/sys.c> + * + * Check permission before setting one or more of the user identity + * attributes of the current process. The @flags parameter indicates + * which of the set*uid system calls invoked this hook and how + * to interpret the @id0, @id1, and @id2 parameters. See the + * LSM_SETID definitions at the beginning of this file for the + * @flags values and their meanings. Return 0 if permission is + * granted. + */ + int (* setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); + + /** + * post_setuid - update state after setting user identity attributes + * @old_ruid: old real uid (or fs uid if LSM_SETID_FS) + * @old_euid: old effective uid (or -1 if LSM_SETID_FS) + * @old_suid: old saved uid (or -1 if LSM_SETID_FS) + * @flags: one of the LSM_SETID_* values + * + * called: sys_setreuid <kernel/sys.c> + * called: sys_setuid <kernel/sys.c> + * called: sys_setresuid <kernel/sys.c> + * called: sys_setfsuid <kernel/sys.c> + * + * Update the module's state after setting one or more of the + * user identity attributes of the current process. The @flags + * parameter indicates which of the set*uid system calls invoked + * this hook. If @flags is LSM_SETID_FS, then @old_ruid is + * the old fs uid and the other parameters are not used. Return + * 0 on success. + */ + int (* post_setuid) (uid_t old_ruid /* or fsuid */, uid_t old_euid, + uid_t old_suid, int flags); + + /** + * setgid - check permission when setting group identity attributes + * @id0: gid + * @id1: gid + * @id2: gid + * @flags: one of the LSM_SETID_* values + * + * called: sys_setregid <kernel/sys.c> + * called: sys_setgid <kernel/sys.c> + * called: sys_setresgid <kernel/sys.c> + * called: sys_setfsgid <kernel/sys.c> + * + * Check permission before setting one or more of the group identity + * attributes of the current process. The @flags parameter indicates + * which of the set*gid system calls invoked this hook and how + * to interpret the @id0, @id1, and @id2 parameters. See the + * LSM_SETID definitions at the beginning of this file for the + * @flags values and their meanings. Return 0 if permission is + * granted. + */ + int (* setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); + + /** + * setpgid - check permission when setting process group identifier + * @p: task_struct for process being modified + * @pgid: new pgid + * + * called: sys_setpgid <kernel/sys.c> + * + * lock: tasklist_lock is read-locked. + * + * Check permission before setting the process group identifier + * of the process @p to @pgid. Return 0 if permission is + * granted. + */ + int (* setpgid) (struct task_struct *p, pid_t pgid); + + /** + * getpgid - check permission when getting process group identifier + * @p: task_struct for process + * + * called: sys_getpgid <kernel/sys.c> + * + * lock: tasklist_lock is read-locked. + * + * Check permission before getting the process group identifier + * of the process @p. Return 0 if permission is granted. + */ + int (* getpgid) (struct task_struct *p); + + /** + * getsid - check permission when getting session identifier + * @p: task_struct for process + * + * called: sys_getsid <kernel/sys.c> + * + * lock: tasklist_lock is read-locked. + * + * Check permission before getting the session identifier + * of the process @p. Return 0 if permission is granted. + */ + int (* getsid) (struct task_struct *p); + + /** + * setgroups - check permission when setting supplementary group set + * @gidsetsize: number of elements in @grouplist + * @grouplist: array of gids + * + * called: sys_setgroups <kernel/sys.c> + * + * Check permission before setting the supplementary group set + * of the current process to @grouplist. Return 0 if permission + * is granted. + */ + int (* setgroups) (int gidsetsize, gid_t *grouplist); + + /** + * setnice - check permission when setting process nice value + * @p: task_struct of process + * @nice: new nice value + * + * called: sys_setpriority <kernel/sys.c> + * called: sys_nice <kernel/sched.c> + * + * lock: the tasklist_lock is read-locked in sys_setpriority. + * + * Check permission before setting the nice value of @p + * to @nice. Return 0 if permission is granted. + */ + int (* setnice) (struct task_struct *p, int nice); + + /** + * setrlimit - check permission when setting resource limits + * @resource: resource whose limit is being set + * @new_rlim: new limits for @resource + * + * called: sys_setrlimit <kernel/sys.c> + * + * Check permission before setting the resource limits + * of the current process for @resource to @new_rlim. + * The old resource limit values can be examined by + * dereferencing (current->rlim + resource). + * Return 0 if permission is granted. + */ + int (* setrlimit) (unsigned int resource, struct rlimit *new_rlim); + + /** + * setscheduler - check permission when setting scheduling info + * @p: task_struct for process + * @policy: scheduling policy + * @lp: scheduling parameters + * + * called: setscheduler <kernel/sched.c> + * + * lock: tasklist_lock is read-locked, and runqueue_lock is locked. + * + * Check permission before setting scheduling policy + * and/or parameters of process @p based on @policy + * and @lp. Return 0 if permission is granted. + */ + int (* setscheduler) (struct task_struct *p, int policy, + struct sched_param *lp); + + /** + * getscheduler - check permission when obtaining scheduling info + * @p: task_struct for process + * + * called: sys_sched_getscheduler <kernel/sched.c> + * called: sys_sched_getparam <kernel/sched.c> + * called: sys_sched_rr_get_interval <kernel/sched.c> + * + * lock: tasklist_lock is read-locked. + * + * Check permission before obtaining scheduling information + * for process @p. Return 0 if permission is granted. + */ + int (* getscheduler) (struct task_struct *p); + + /** + * kill - check permission when sending a signal + * @p: task_struct for process + * @info: signal information + * @sig: signal value + * + * called: send_sig_info <kernel/signal.c> + * + * lock: tasklist_lock may be read-locked by the caller. + * + * Check permission before sending signal @sig to @p. + * @info can be NULL, the constant 1, or a pointer to + * a siginfo structure. If @info is 1 or SI_FROMKERNEL(info) + * is true, then the signal should be viewed as coming from + * the kernel and should typically be permitted. + * Return 0 if permission is granted. + * + * SIGIO signals are handled separately by the send_sigiotask + * hook in file_security_ops. + */ + int (* kill) (struct task_struct *p, struct siginfo *info, int sig); + + /** + * wait - check permission when reaping a child process + * @p: task_struct for process + * + * called: sys_wait4 <kernel/exit.c> + * + * lock: tasklist_lock is read-locked. + * + * Check permission before allowing a process to reap + * a child process @p and collect its status information. + * Return 0 if permission is granted. + */ + int (* wait) (struct task_struct *p); + + /** + * prctl - check permission when performing process control operations + * @option: the operation + * @arg2: argument + * @arg3: argument + * @arg4: argument + * @arg5: argument + * + * called: sys_prctl <kernel/sys.c> + * + * Check permission before performing a process control operation + * on the current process. Return 0 if permission is granted. + */ + int (* prctl) (int option, unsigned long arg2, unsigned long arg3, + unsigned long arg4, unsigned long arg5); + + /** + * kmod_set_label - set security attributes for kernel module loader + * + * called: exec_usermodehelper <kernel/kmod.c> + * + * Set the security attributes in current->security + * for the kernel module loader thread, so that it + * has the permissions needed to perform its function. + */ void (* kmod_set_label) (void); }; _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Sep 14 2001 - 09:57:19 PDT