kconfig: centralize the selection of semaphore debugging in lib/Kconfig.debug
[linux-2.6/openmoko-kernel.git] / security / security.c
blobfc8601b2b7acabde473cc86a0fdc4b342a00e97a
1 /*
2 * Security plug functions
4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
5 * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com>
6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
14 #include <linux/capability.h>
15 #include <linux/module.h>
16 #include <linux/init.h>
17 #include <linux/kernel.h>
18 #include <linux/security.h>
20 #define SECURITY_FRAMEWORK_VERSION "1.0.0"
22 /* things that live in dummy.c */
23 extern struct security_operations dummy_security_ops;
24 extern void security_fixup_ops(struct security_operations *ops);
26 struct security_operations *security_ops; /* Initialized to NULL */
28 static inline int verify(struct security_operations *ops)
30 /* verify the security_operations structure exists */
31 if (!ops)
32 return -EINVAL;
33 security_fixup_ops(ops);
34 return 0;
37 static void __init do_security_initcalls(void)
39 initcall_t *call;
40 call = __security_initcall_start;
41 while (call < __security_initcall_end) {
42 (*call) ();
43 call++;
47 /**
48 * security_init - initializes the security framework
50 * This should be called early in the kernel initialization sequence.
52 int __init security_init(void)
54 printk(KERN_INFO "Security Framework v" SECURITY_FRAMEWORK_VERSION
55 " initialized\n");
57 if (verify(&dummy_security_ops)) {
58 printk(KERN_ERR "%s could not verify "
59 "dummy_security_ops structure.\n", __FUNCTION__);
60 return -EIO;
63 security_ops = &dummy_security_ops;
64 do_security_initcalls();
66 return 0;
69 /**
70 * register_security - registers a security framework with the kernel
71 * @ops: a pointer to the struct security_options that is to be registered
73 * This function is to allow a security module to register itself with the
74 * kernel security subsystem. Some rudimentary checking is done on the @ops
75 * value passed to this function. A call to unregister_security() should be
76 * done to remove this security_options structure from the kernel.
78 * If there is already a security module registered with the kernel,
79 * an error will be returned. Otherwise 0 is returned on success.
81 int register_security(struct security_operations *ops)
83 if (verify(ops)) {
84 printk(KERN_DEBUG "%s could not verify "
85 "security_operations structure.\n", __FUNCTION__);
86 return -EINVAL;
89 if (security_ops != &dummy_security_ops)
90 return -EAGAIN;
92 security_ops = ops;
94 return 0;
97 /**
98 * unregister_security - unregisters a security framework with the kernel
99 * @ops: a pointer to the struct security_options that is to be registered
101 * This function removes a struct security_operations variable that had
102 * previously been registered with a successful call to register_security().
104 * If @ops does not match the valued previously passed to register_security()
105 * an error is returned. Otherwise the default security options is set to the
106 * the dummy_security_ops structure, and 0 is returned.
108 int unregister_security(struct security_operations *ops)
110 if (ops != security_ops) {
111 printk(KERN_INFO "%s: trying to unregister "
112 "a security_opts structure that is not "
113 "registered, failing.\n", __FUNCTION__);
114 return -EINVAL;
117 security_ops = &dummy_security_ops;
119 return 0;
123 * mod_reg_security - allows security modules to be "stacked"
124 * @name: a pointer to a string with the name of the security_options to be registered
125 * @ops: a pointer to the struct security_options that is to be registered
127 * This function allows security modules to be stacked if the currently loaded
128 * security module allows this to happen. It passes the @name and @ops to the
129 * register_security function of the currently loaded security module.
131 * The return value depends on the currently loaded security module, with 0 as
132 * success.
134 int mod_reg_security(const char *name, struct security_operations *ops)
136 if (verify(ops)) {
137 printk(KERN_INFO "%s could not verify "
138 "security operations.\n", __FUNCTION__);
139 return -EINVAL;
142 if (ops == security_ops) {
143 printk(KERN_INFO "%s security operations "
144 "already registered.\n", __FUNCTION__);
145 return -EINVAL;
148 return security_ops->register_security(name, ops);
152 * mod_unreg_security - allows a security module registered with mod_reg_security() to be unloaded
153 * @name: a pointer to a string with the name of the security_options to be removed
154 * @ops: a pointer to the struct security_options that is to be removed
156 * This function allows security modules that have been successfully registered
157 * with a call to mod_reg_security() to be unloaded from the system.
158 * This calls the currently loaded security module's unregister_security() call
159 * with the @name and @ops variables.
161 * The return value depends on the currently loaded security module, with 0 as
162 * success.
164 int mod_unreg_security(const char *name, struct security_operations *ops)
166 if (ops == security_ops) {
167 printk(KERN_INFO "%s invalid attempt to unregister "
168 " primary security ops.\n", __FUNCTION__);
169 return -EINVAL;
172 return security_ops->unregister_security(name, ops);
175 EXPORT_SYMBOL_GPL(register_security);
176 EXPORT_SYMBOL_GPL(unregister_security);
177 EXPORT_SYMBOL_GPL(mod_reg_security);
178 EXPORT_SYMBOL_GPL(mod_unreg_security);
179 EXPORT_SYMBOL(security_ops);