[PATCH] jbd2: journal_dirty_data re-check for unmapped buffers
[wrt350n-kernel.git] / security / capability.c
blobb868e7eda5f06fafa49ed73c21cf1d5332a77e40
1 /*
2 * Capabilities Linux Security Module
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
9 */
11 #include <linux/module.h>
12 #include <linux/init.h>
13 #include <linux/kernel.h>
14 #include <linux/security.h>
15 #include <linux/file.h>
16 #include <linux/mm.h>
17 #include <linux/mman.h>
18 #include <linux/pagemap.h>
19 #include <linux/swap.h>
20 #include <linux/smp_lock.h>
21 #include <linux/skbuff.h>
22 #include <linux/netlink.h>
23 #include <linux/ptrace.h>
24 #include <linux/moduleparam.h>
26 static struct security_operations capability_ops = {
27 .ptrace = cap_ptrace,
28 .capget = cap_capget,
29 .capset_check = cap_capset_check,
30 .capset_set = cap_capset_set,
31 .capable = cap_capable,
32 .settime = cap_settime,
33 .netlink_send = cap_netlink_send,
34 .netlink_recv = cap_netlink_recv,
36 .bprm_apply_creds = cap_bprm_apply_creds,
37 .bprm_set_security = cap_bprm_set_security,
38 .bprm_secureexec = cap_bprm_secureexec,
40 .inode_setxattr = cap_inode_setxattr,
41 .inode_removexattr = cap_inode_removexattr,
43 .task_post_setuid = cap_task_post_setuid,
44 .task_reparent_to_init = cap_task_reparent_to_init,
46 .syslog = cap_syslog,
48 .vm_enough_memory = cap_vm_enough_memory,
51 /* flag to keep track of how we were registered */
52 static int secondary;
54 static int capability_disable;
55 module_param_named(disable, capability_disable, int, 0);
56 MODULE_PARM_DESC(disable, "To disable capabilities module set disable = 1");
58 static int __init capability_init (void)
60 if (capability_disable) {
61 printk(KERN_INFO "Capabilities disabled at initialization\n");
62 return 0;
64 /* register ourselves with the security framework */
65 if (register_security (&capability_ops)) {
66 /* try registering with primary module */
67 if (mod_reg_security (KBUILD_MODNAME, &capability_ops)) {
68 printk (KERN_INFO "Failure registering capabilities "
69 "with primary security module.\n");
70 return -EINVAL;
72 secondary = 1;
74 printk (KERN_INFO "Capability LSM initialized%s\n",
75 secondary ? " as secondary" : "");
76 return 0;
79 static void __exit capability_exit (void)
81 if (capability_disable)
82 return;
83 /* remove ourselves from the security framework */
84 if (secondary) {
85 if (mod_unreg_security (KBUILD_MODNAME, &capability_ops))
86 printk (KERN_INFO "Failure unregistering capabilities "
87 "with primary module.\n");
88 return;
91 if (unregister_security (&capability_ops)) {
92 printk (KERN_INFO
93 "Failure unregistering capabilities with the kernel\n");
97 security_initcall (capability_init);
98 module_exit (capability_exit);
100 MODULE_DESCRIPTION("Standard Linux Capabilities Security Module");
101 MODULE_LICENSE("GPL");