static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
CONFIG_DEFAULT_SECURITY;
+#if CONFIG_SECURITY_YAMA
+extern int yama_ptrace_access_check(struct task_struct *child,
+ unsigned int mode);
+extern int yama_path_link(struct dentry *old_dentry, struct path *new_dir,
+ struct dentry *new_dentry);
+extern int yama_inode_follow_link(struct dentry *dentry,
+ struct nameidata *nameidata);
+extern void yama_task_free(struct task_struct *task);
+extern int yama_task_prctl(int option, unsigned long arg2, unsigned long arg3,
+ unsigned long arg4, unsigned long arg5);
+#endif
+
/* things that live in capability.c */
extern void __init security_fixup_ops(struct security_operations *ops);
int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
{
+#if CONFIG_SECURITY_YAMA
+ int rc;
+ rc = yama_ptrace_access_check(child, mode);
+ if (rc || security_ops->ptrace_access_check == yama_ptrace_access_check)
+ return rc;
+#endif
return security_ops->ptrace_access_check(child, mode);
}
{
if (unlikely(IS_PRIVATE(old_dentry->d_inode)))
return 0;
+#if CONFIG_SECURITY_YAMA
+ int rc = yama_path_link(old_dentry, new_dir, new_dentry);
+ if (rc || security_ops->path_link == yama_path_link)
+ return rc;
+#endif
return security_ops->path_link(old_dentry, new_dir, new_dentry);
}
{
if (unlikely(IS_PRIVATE(dentry->d_inode)))
return 0;
+#if CONFIG_SECURITY_YAMA
+ int rc = yama_inode_follow_link(dentry, nd);
+ if (rc || security_ops->inode_follow_link == yama_inode_follow_link)
+ return rc;
+#endif
return security_ops->inode_follow_link(dentry, nd);
}
void security_task_free(struct task_struct *task)
{
+#if CONFIG_SECURITY_YAMA
+ yama_task_free(task);
+ if (security_ops->task_free == yama_task_free)
+ return;
+#endif
security_ops->task_free(task);
}
int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5)
{
+#if CONFIG_SECURITY_YAMA
+ int rc;
+ rc = yama_task_prctl(option, arg2, arg3, arg4, arg5);
+ if (rc != -ENOSYS || security_ops->task_prctl == yama_task_prctl)
+ return rc;
+#endif
return security_ops->task_prctl(option, arg2, arg3, arg4, arg5);
}
* yama_task_free - check for task_pid to remove from exception list
* @task: task being removed
*/
-static void yama_task_free(struct task_struct *task)
+void yama_task_free(struct task_struct *task)
{
yama_ptracer_del(task, task);
}
* Return 0 on success, -ve on error. -ENOSYS is returned when Yama
* does not handle the given option.
*/
-static int yama_task_prctl(int option, unsigned long arg2, unsigned long arg3,
+int yama_task_prctl(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5)
{
int rc;
*
* Returns 0 if following the ptrace is allowed, -ve on error.
*/
-static int yama_ptrace_access_check(struct task_struct *child,
+int yama_ptrace_access_check(struct task_struct *child,
unsigned int mode)
{
int rc;
*
* Returns 0 if following the symlink is allowed, -ve on error.
*/
-static int yama_inode_follow_link(struct dentry *dentry,
+int yama_inode_follow_link(struct dentry *dentry,
struct nameidata *nameidata)
{
int rc = 0;
*
* Returns 0 if successful, -ve on error.
*/
-static int yama_path_link(struct dentry *old_dentry, struct path *new_dir,
+int yama_path_link(struct dentry *old_dentry, struct path *new_dir,
struct dentry *new_dentry)
{
int rc = 0;
static __init int yama_init(void)
{
- if (!security_module_enable(&yama_ops))
- return 0;
-
printk(KERN_INFO "Yama: becoming mindful.\n");
- if (register_security(&yama_ops))
- panic("Yama: kernel registration failed.\n");
-
#ifdef CONFIG_SYSCTL
if (!register_sysctl_paths(yama_sysctl_path, yama_sysctl_table))
panic("Yama: sysctl registration failed.\n");
#endif
+ if (!security_module_enable(&yama_ops))
+ return 0;
+
+ if (register_security(&yama_ops))
+ panic("Yama: kernel registration failed.\n");
+
return 0;
}