1/* 2 * Security plug functions 3 * 4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> 5 * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com> 6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 */ 13 14#include <linux/capability.h> 15#include <linux/module.h> 16#include <linux/init.h> 17#include <linux/kernel.h> 18#include <linux/sched.h> 19#include <linux/security.h> 20 21#define SECURITY_FRAMEWORK_VERSION "1.0.0" 22 23/* things that live in dummy.c */ 24extern struct security_operations dummy_security_ops; 25extern void security_fixup_ops(struct security_operations *ops); 26 27struct security_operations *security_ops; /* Initialized to NULL */ 28 29static inline int verify(struct security_operations *ops) 30{ 31 /* verify the security_operations structure exists */ 32 if (!ops) 33 return -EINVAL; 34 security_fixup_ops(ops); 35 return 0; 36} 37 38static void __init do_security_initcalls(void) 39{ 40 initcall_t *call; 41 call = __security_initcall_start; 42 while (call < __security_initcall_end) { 43 (*call) (); 44 call++; 45 } 46} 47 48/** 49 * security_init - initializes the security framework 50 * 51 * This should be called early in the kernel initialization sequence. 52 */ 53int __init security_init(void) 54{ 55 printk(KERN_INFO "Security Framework v" SECURITY_FRAMEWORK_VERSION 56 " initialized\n"); 57 58 if (verify(&dummy_security_ops)) { 59 printk(KERN_ERR "%s could not verify " 60 "dummy_security_ops structure.\n", __FUNCTION__); 61 return -EIO; 62 } 63 64 security_ops = &dummy_security_ops; 65 do_security_initcalls(); 66 67 return 0; 68} 69 70/** 71 * register_security - registers a security framework with the kernel 72 * @ops: a pointer to the struct security_options that is to be registered 73 * 74 * This function is to allow a security module to register itself with the 75 * kernel security subsystem. Some rudimentary checking is done on the @ops 76 * value passed to this function. A call to unregister_security() should be 77 * done to remove this security_options structure from the kernel. 78 * 79 * If there is already a security module registered with the kernel, 80 * an error will be returned. Otherwise 0 is returned on success. 81 */ 82int register_security(struct security_operations *ops) 83{ 84 if (verify(ops)) { 85 printk(KERN_DEBUG "%s could not verify " 86 "security_operations structure.\n", __FUNCTION__); 87 return -EINVAL; 88 } 89 90 if (security_ops != &dummy_security_ops) 91 return -EAGAIN; 92 93 security_ops = ops; 94 95 return 0; 96} 97 98/** 99 * unregister_security - unregisters a security framework with the kernel 100 * @ops: a pointer to the struct security_options that is to be registered 101 * 102 * This function removes a struct security_operations variable that had 103 * previously been registered with a successful call to register_security(). 104 * 105 * If @ops does not match the valued previously passed to register_security() 106 * an error is returned. Otherwise the default security options is set to the 107 * the dummy_security_ops structure, and 0 is returned. 108 */ 109int unregister_security(struct security_operations *ops) 110{ 111 if (ops != security_ops) { 112 printk(KERN_INFO "%s: trying to unregister " 113 "a security_opts structure that is not " 114 "registered, failing.\n", __FUNCTION__); 115 return -EINVAL; 116 } 117 118 security_ops = &dummy_security_ops; 119 120 return 0; 121} 122 123/** 124 * mod_reg_security - allows security modules to be "stacked" 125 * @name: a pointer to a string with the name of the security_options to be registered 126 * @ops: a pointer to the struct security_options that is to be registered 127 * 128 * This function allows security modules to be stacked if the currently loaded 129 * security module allows this to happen. It passes the @name and @ops to the 130 * register_security function of the currently loaded security module. 131 * 132 * The return value depends on the currently loaded security module, with 0 as 133 * success. 134 */ 135int mod_reg_security(const char *name, struct security_operations *ops) 136{ 137 if (verify(ops)) { 138 printk(KERN_INFO "%s could not verify " 139 "security operations.\n", __FUNCTION__); 140 return -EINVAL; 141 } 142 143 if (ops == security_ops) { 144 printk(KERN_INFO "%s security operations " 145 "already registered.\n", __FUNCTION__); 146 return -EINVAL; 147 } 148 149 return security_ops->register_security(name, ops); 150} 151 152/** 153 * mod_unreg_security - allows a security module registered with mod_reg_security() to be unloaded 154 * @name: a pointer to a string with the name of the security_options to be removed 155 * @ops: a pointer to the struct security_options that is to be removed 156 * 157 * This function allows security modules that have been successfully registered 158 * with a call to mod_reg_security() to be unloaded from the system. 159 * This calls the currently loaded security module's unregister_security() call 160 * with the @name and @ops variables. 161 * 162 * The return value depends on the currently loaded security module, with 0 as 163 * success. 164 */ 165int mod_unreg_security(const char *name, struct security_operations *ops) 166{ 167 if (ops == security_ops) { 168 printk(KERN_INFO "%s invalid attempt to unregister " 169 " primary security ops.\n", __FUNCTION__); 170 return -EINVAL; 171 } 172 173 return security_ops->unregister_security(name, ops); 174} 175 176EXPORT_SYMBOL_GPL(register_security); 177EXPORT_SYMBOL_GPL(unregister_security); 178EXPORT_SYMBOL_GPL(mod_reg_security); 179EXPORT_SYMBOL_GPL(mod_unreg_security); 180EXPORT_SYMBOL(security_ops); 181