forked from Minki/linux
securityfs: do not depend on CONFIG_SECURITY
Add a new Kconfig option SECURITYFS which will build securityfs support but does not require CONFIG_SECURITY. The only current user of securityfs does not depend on CONFIG_SECURITY and there is no reason the full LSM needs to be built to build this fs. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
86d688984d
commit
da31894ed7
@ -6,6 +6,7 @@ menuconfig TCG_TPM
|
||||
tristate "TPM Hardware Support"
|
||||
depends on HAS_IOMEM
|
||||
depends on EXPERIMENTAL
|
||||
select SECURITYFS
|
||||
---help---
|
||||
If you have a TPM security chip in your system, which
|
||||
implements the Trusted Computing Group's specification,
|
||||
|
@ -1560,11 +1560,6 @@ struct security_operations {
|
||||
extern int security_init(void);
|
||||
extern int security_module_enable(struct security_operations *ops);
|
||||
extern int register_security(struct security_operations *ops);
|
||||
extern struct dentry *securityfs_create_file(const char *name, mode_t mode,
|
||||
struct dentry *parent, void *data,
|
||||
const struct file_operations *fops);
|
||||
extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
|
||||
extern void securityfs_remove(struct dentry *dentry);
|
||||
|
||||
/* Security operations */
|
||||
int security_ptrace_may_access(struct task_struct *child, unsigned int mode);
|
||||
@ -2424,25 +2419,6 @@ static inline int security_netlink_recv(struct sk_buff *skb, int cap)
|
||||
return cap_netlink_recv(skb, cap);
|
||||
}
|
||||
|
||||
static inline struct dentry *securityfs_create_dir(const char *name,
|
||||
struct dentry *parent)
|
||||
{
|
||||
return ERR_PTR(-ENODEV);
|
||||
}
|
||||
|
||||
static inline struct dentry *securityfs_create_file(const char *name,
|
||||
mode_t mode,
|
||||
struct dentry *parent,
|
||||
void *data,
|
||||
const struct file_operations *fops)
|
||||
{
|
||||
return ERR_PTR(-ENODEV);
|
||||
}
|
||||
|
||||
static inline void securityfs_remove(struct dentry *dentry)
|
||||
{
|
||||
}
|
||||
|
||||
static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
|
||||
{
|
||||
return -EOPNOTSUPP;
|
||||
@ -2806,5 +2782,35 @@ static inline void security_audit_rule_free(void *lsmrule)
|
||||
#endif /* CONFIG_SECURITY */
|
||||
#endif /* CONFIG_AUDIT */
|
||||
|
||||
#ifdef CONFIG_SECURITYFS
|
||||
|
||||
extern struct dentry *securityfs_create_file(const char *name, mode_t mode,
|
||||
struct dentry *parent, void *data,
|
||||
const struct file_operations *fops);
|
||||
extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
|
||||
extern void securityfs_remove(struct dentry *dentry);
|
||||
|
||||
#else /* CONFIG_SECURITYFS */
|
||||
|
||||
static inline struct dentry *securityfs_create_dir(const char *name,
|
||||
struct dentry *parent)
|
||||
{
|
||||
return ERR_PTR(-ENODEV);
|
||||
}
|
||||
|
||||
static inline struct dentry *securityfs_create_file(const char *name,
|
||||
mode_t mode,
|
||||
struct dentry *parent,
|
||||
void *data,
|
||||
const struct file_operations *fops)
|
||||
{
|
||||
return ERR_PTR(-ENODEV);
|
||||
}
|
||||
|
||||
static inline void securityfs_remove(struct dentry *dentry)
|
||||
{}
|
||||
|
||||
#endif
|
||||
|
||||
#endif /* ! __LINUX_SECURITY_H */
|
||||
|
||||
|
@ -51,6 +51,14 @@ config SECURITY
|
||||
|
||||
If you are unsure how to answer this question, answer N.
|
||||
|
||||
config SECURITYFS
|
||||
bool "Enable the securityfs filesystem"
|
||||
help
|
||||
This will build the securityfs filesystem. It is currently used by
|
||||
the TPM bios character driver. It is not used by SELinux or SMACK.
|
||||
|
||||
If you are unsure how to answer this question, answer N.
|
||||
|
||||
config SECURITY_NETWORK
|
||||
bool "Socket and Networking Security Hooks"
|
||||
depends on SECURITY
|
||||
|
@ -10,7 +10,8 @@ subdir-$(CONFIG_SECURITY_SMACK) += smack
|
||||
obj-y += commoncap.o
|
||||
|
||||
# Object file lists
|
||||
obj-$(CONFIG_SECURITY) += security.o capability.o inode.o
|
||||
obj-$(CONFIG_SECURITY) += security.o capability.o
|
||||
obj-$(CONFIG_SECURITYFS) += inode.o
|
||||
# Must precede capability.o in order to stack properly.
|
||||
obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o
|
||||
obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o
|
||||
|
Loading…
Reference in New Issue
Block a user