[net-next-2.6.git] / security / security.c

/*
 * Security plug functions
 *
 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
 * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com>
 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
 *
 *	This program is free software; you can redistribute it and/or modify
 *	it under the terms of the GNU General Public License as published by
 *	the Free Software Foundation; either version 2 of the License, or
 *	(at your option) any later version.
 */

#include <linux/capability.h>
#include <linux/module.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/security.h>

#define SECURITY_FRAMEWORK_VERSION	"1.0.0"

/* things that live in dummy.c */
extern struct security_operations dummy_security_ops;
extern void security_fixup_ops(struct security_operations *ops);

struct security_operations *security_ops;	/* Initialized to NULL */

static inline int verify(struct security_operations *ops)
{
	/* verify the security_operations structure exists */
	if (!ops)
		return -EINVAL;
	security_fixup_ops(ops);
	return 0;
}

static void __init do_security_initcalls(void)
{
	initcall_t *call;
	call = __security_initcall_start;
	while (call < __security_initcall_end) {
		(*call) ();
		call++;
	}
}

/**
 * security_init - initializes the security framework
 *
 * This should be called early in the kernel initialization sequence.
 */
int __init security_init(void)
{
	printk(KERN_INFO "Security Framework v" SECURITY_FRAMEWORK_VERSION
	       " initialized\n");

	if (verify(&dummy_security_ops)) {
		printk(KERN_ERR "%s could not verify "
		       "dummy_security_ops structure.\n", __FUNCTION__);
		return -EIO;
	}

	security_ops = &dummy_security_ops;
	do_security_initcalls();

	return 0;
}

/**
 * register_security - registers a security framework with the kernel
 * @ops: a pointer to the struct security_options that is to be registered
 *
 * This function is to allow a security module to register itself with the
 * kernel security subsystem.  Some rudimentary checking is done on the @ops
 * value passed to this function.  A call to unregister_security() should be
 * done to remove this security_options structure from the kernel.
 *
 * If there is already a security module registered with the kernel,
 * an error will be returned.  Otherwise 0 is returned on success.
 */
int register_security(struct security_operations *ops)
{
	if (verify(ops)) {
		printk(KERN_DEBUG "%s could not verify "
		       "security_operations structure.\n", __FUNCTION__);
		return -EINVAL;
	}

	if (security_ops != &dummy_security_ops)
		return -EAGAIN;

	security_ops = ops;

	return 0;
}

/**
 * unregister_security - unregisters a security framework with the kernel
 * @ops: a pointer to the struct security_options that is to be registered
 *
 * This function removes a struct security_operations variable that had
 * previously been registered with a successful call to register_security().
 *
 * If @ops does not match the valued previously passed to register_security()
 * an error is returned.  Otherwise the default security options is set to the
 * the dummy_security_ops structure, and 0 is returned.
 */
int unregister_security(struct security_operations *ops)
{
	if (ops != security_ops) {
		printk(KERN_INFO "%s: trying to unregister "
		       "a security_opts structure that is not "
		       "registered, failing.\n", __FUNCTION__);
		return -EINVAL;
	}

	security_ops = &dummy_security_ops;

	return 0;
}

/**
 * mod_reg_security - allows security modules to be "stacked"
 * @name: a pointer to a string with the name of the security_options to be registered
 * @ops: a pointer to the struct security_options that is to be registered
 *
 * This function allows security modules to be stacked if the currently loaded
 * security module allows this to happen.  It passes the @name and @ops to the
 * register_security function of the currently loaded security module.
 *
 * The return value depends on the currently loaded security module, with 0 as
 * success.
 */
int mod_reg_security(const char *name, struct security_operations *ops)
{
	if (verify(ops)) {
		printk(KERN_INFO "%s could not verify "
		       "security operations.\n", __FUNCTION__);
		return -EINVAL;
	}

	if (ops == security_ops) {
		printk(KERN_INFO "%s security operations "
		       "already registered.\n", __FUNCTION__);
		return -EINVAL;
	}

	return security_ops->register_security(name, ops);
}

/**
 * mod_unreg_security - allows a security module registered with mod_reg_security() to be unloaded
 * @name: a pointer to a string with the name of the security_options to be removed
 * @ops: a pointer to the struct security_options that is to be removed
 *
 * This function allows security modules that have been successfully registered
 * with a call to mod_reg_security() to be unloaded from the system.
 * This calls the currently loaded security module's unregister_security() call
 * with the @name and @ops variables.
 *
 * The return value depends on the currently loaded security module, with 0 as
 * success.
 */
int mod_unreg_security(const char *name, struct security_operations *ops)
{
	if (ops == security_ops) {
		printk(KERN_INFO "%s invalid attempt to unregister "
		       " primary security ops.\n", __FUNCTION__);
		return -EINVAL;
	}

	return security_ops->unregister_security(name, ops);
}

EXPORT_SYMBOL_GPL(register_security);
EXPORT_SYMBOL_GPL(unregister_security);
EXPORT_SYMBOL_GPL(mod_reg_security);
EXPORT_SYMBOL_GPL(mod_unreg_security);
EXPORT_SYMBOL(security_ops);
Commit	Line	Data
1da177e4 LT	1	/*
	2	* Security plug functions
	3	*
	4	* Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
	5	* Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com>
	6	* Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
	7	*
	8	* This program is free software; you can redistribute it and/or modify
	9	* it under the terms of the GNU General Public License as published by
	10	* the Free Software Foundation; either version 2 of the License, or
	11	* (at your option) any later version.
	12	*/
	13
c59ede7b	14	#include <linux/capability.h>
1da177e4 LT	15	#include <linux/module.h>
	16	#include <linux/init.h>
	17	#include <linux/kernel.h>
1da177e4 LT	18	#include <linux/security.h>
	19
	20	#define SECURITY_FRAMEWORK_VERSION "1.0.0"
	21
	22	/* things that live in dummy.c */
	23	extern struct security_operations dummy_security_ops;
	24	extern void security_fixup_ops(struct security_operations *ops);
	25
	26	struct security_operations security_ops; / Initialized to NULL */
	27
	28	static inline int verify(struct security_operations *ops)
	29	{
	30	/* verify the security_operations structure exists */
	31	if (!ops)
	32	return -EINVAL;
	33	security_fixup_ops(ops);
	34	return 0;
	35	}
	36
	37	static void __init do_security_initcalls(void)
	38	{
	39	initcall_t *call;
	40	call = __security_initcall_start;
	41	while (call < __security_initcall_end) {
	42	(*call) ();
	43	call++;
	44	}
	45	}
	46
	47	/**
	48	* security_init - initializes the security framework
	49	*
	50	* This should be called early in the kernel initialization sequence.
	51	*/
	52	int __init security_init(void)
	53	{
	54	printk(KERN_INFO "Security Framework v" SECURITY_FRAMEWORK_VERSION
	55	" initialized\n");
	56
	57	if (verify(&dummy_security_ops)) {
	58	printk(KERN_ERR "%s could not verify "
	59	"dummy_security_ops structure.\n", __FUNCTION__);
	60	return -EIO;
	61	}
	62
	63	security_ops = &dummy_security_ops;
	64	do_security_initcalls();
	65
	66	return 0;
	67	}
	68
	69	/**
	70	* register_security - registers a security framework with the kernel
	71	* @ops: a pointer to the struct security_options that is to be registered
	72	*
	73	* This function is to allow a security module to register itself with the
	74	* kernel security subsystem. Some rudimentary checking is done on the @ops
	75	* value passed to this function. A call to unregister_security() should be
	76	* done to remove this security_options structure from the kernel.
	77	*
	78	* If there is already a security module registered with the kernel,
	79	* an error will be returned. Otherwise 0 is returned on success.
	80	*/
	81	int register_security(struct security_operations *ops)
82	{
83	if (verify(ops)) {
84	printk(KERN_DEBUG "%s could not verify "
85	"security_operations structure.\n", __FUNCTION__);
86	return -EINVAL;
87	}
88
89	if (security_ops != &dummy_security_ops)
90	return -EAGAIN;
91
92	security_ops = ops;
93
94	return 0;
95	}
96
97	/**
98	* unregister_security - unregisters a security framework with the kernel
99	* @ops: a pointer to the struct security_options that is to be registered
100	*
101	* This function removes a struct security_operations variable that had
102	* previously been registered with a successful call to register_security().
103	*
104	* If @ops does not match the valued previously passed to register_security()
105	* an error is returned. Otherwise the default security options is set to the
106	* the dummy_security_ops structure, and 0 is returned.
107	*/
108	int unregister_security(struct security_operations *ops)
109	{
110	if (ops != security_ops) {
111	printk(KERN_INFO "%s: trying to unregister "
112	"a security_opts structure that is not "
113	"registered, failing.\n", __FUNCTION__);
114	return -EINVAL;
115	}
116
117	security_ops = &dummy_security_ops;
118
119	return 0;
120	}
121
122	/**
123	* mod_reg_security - allows security modules to be "stacked"
124	* @name: a pointer to a string with the name of the security_options to be registered
125	* @ops: a pointer to the struct security_options that is to be registered
126	*
127	* This function allows security modules to be stacked if the currently loaded
128	* security module allows this to happen. It passes the @name and @ops to the
129	* register_security function of the currently loaded security module.
130	*
131	* The return value depends on the currently loaded security module, with 0 as
132	* success.
133	*/
134	int mod_reg_security(const char name, struct security_operations ops)
135	{
136	if (verify(ops)) {
137	printk(KERN_INFO "%s could not verify "
138	"security operations.\n", __FUNCTION__);
139	return -EINVAL;
140	}
141
142	if (ops == security_ops) {
143	printk(KERN_INFO "%s security operations "
144	"already registered.\n", __FUNCTION__);
145	return -EINVAL;
146	}
147
148	return security_ops->register_security(name, ops);
149	}
150
151	/**
152	* mod_unreg_security - allows a security module registered with mod_reg_security() to be unloaded
153	* @name: a pointer to a string with the name of the security_options to be removed
154	* @ops: a pointer to the struct security_options that is to be removed
155	*
156	* This function allows security modules that have been successfully registered
157	* with a call to mod_reg_security() to be unloaded from the system.
158	* This calls the currently loaded security module's unregister_security() call
159	* with the @name and @ops variables.
160	*
161	* The return value depends on the currently loaded security module, with 0 as
162	* success.
163	*/
164	int mod_unreg_security(const char name, struct security_operations ops)
165	{
166	if (ops == security_ops) {
167	printk(KERN_INFO "%s invalid attempt to unregister "
168	" primary security ops.\n", __FUNCTION__);
169	return -EINVAL;
170	}
171
172	return security_ops->unregister_security(name, ops);
173	}
174
1da177e4 LT	175	EXPORT_SYMBOL_GPL(register_security);
	176	EXPORT_SYMBOL_GPL(unregister_security);
	177	EXPORT_SYMBOL_GPL(mod_reg_security);
	178	EXPORT_SYMBOL_GPL(mod_unreg_security);
1da177e4	179	EXPORT_SYMBOL(security_ops);