From patchwork Mon Jun 1 11:52:35 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "\(Exiting\) Baolin Wang" X-Patchwork-Id: 49301 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-wi0-f197.google.com (mail-wi0-f197.google.com [209.85.212.197]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 8D6BD218FC for ; Mon, 1 Jun 2015 11:53:10 +0000 (UTC) Received: by wibut5 with SMTP id ut5sf5156304wib.0 for ; Mon, 01 Jun 2015 04:53:09 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:sender:precedence:list-id:x-original-sender :x-original-authentication-results:mailing-list:list-post:list-help :list-archive:list-unsubscribe; bh=4FeVnQXPmCr5Bs5Zhw79QH45tG0UWUFjbWGkE+pt1fE=; b=DCSmROm6cvQzR9NX6Gii+Tuq6E3VCzcTaz+UFF7HpRd8olpKlvuT6kkJAx7L1259r1 tRUac6ah4E2gpzIAN4engfshqgQC+p0Ljljug1q5fr/i8C9uCZGyS+2T0v8S8n/v8vpa DVwHbX6IB/jhZ17gbnmXItWQx49UJTwVbawismBL5oBsQhML8tN4URPch+xxFbwPA/7j TNc7EqhFHT5GPCTu5miCMcKKvGkJOXdN9YqXVCzaxxLuwv6sWVz0T+sbWriaoQDH+9J1 5p3FoR5Ji61HljhsdDD6kummS2hv4SS/B5ZOWpYd1O0+qO2orC7aj6W5OW9nWm/sK0iz 12bQ== X-Gm-Message-State: ALoCoQk0tU/FE03KLOw3EeZXTu58Xv6hYvYK0my/HP8MHMajoHXUC/1YZszXJya/6i7t3qsLjPpT X-Received: by 10.112.162.228 with SMTP id yd4mr20398536lbb.8.1433159589527; Mon, 01 Jun 2015 04:53:09 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.9.7 with SMTP id v7ls75212laa.75.gmail; Mon, 01 Jun 2015 04:53:09 -0700 (PDT) X-Received: by 10.152.87.13 with SMTP id t13mr21029243laz.66.1433159589346; Mon, 01 Jun 2015 04:53:09 -0700 (PDT) Received: from mail-la0-f53.google.com (mail-la0-f53.google.com. [209.85.215.53]) by mx.google.com with ESMTPS id aa12si12133895lbd.30.2015.06.01.04.53.09 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 01 Jun 2015 04:53:09 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.53 as permitted sender) client-ip=209.85.215.53; Received: by laei3 with SMTP id i3so11596438lae.3 for ; Mon, 01 Jun 2015 04:53:09 -0700 (PDT) X-Received: by 10.152.2.133 with SMTP id 5mr19260698lau.36.1433159588896; Mon, 01 Jun 2015 04:53:08 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.108.230 with SMTP id hn6csp2256173lbb; Mon, 1 Jun 2015 04:53:07 -0700 (PDT) X-Received: by 10.70.131.33 with SMTP id oj1mr39668107pdb.3.1433159587054; Mon, 01 Jun 2015 04:53:07 -0700 (PDT) Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id oo1si18926907pdb.185.2015.06.01.04.53.06; Mon, 01 Jun 2015 04:53:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752479AbbFALxB (ORCPT + 28 others); Mon, 1 Jun 2015 07:53:01 -0400 Received: from mail-pd0-f174.google.com ([209.85.192.174]:33641 "EHLO mail-pd0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751973AbbFALwx (ORCPT ); Mon, 1 Jun 2015 07:52:53 -0400 Received: by pdbqa5 with SMTP id qa5so106082748pdb.0 for ; Mon, 01 Jun 2015 04:52:52 -0700 (PDT) X-Received: by 10.70.29.4 with SMTP id f4mr40583843pdh.23.1433159572836; Mon, 01 Jun 2015 04:52:52 -0700 (PDT) Received: from baolinwangubtpc.spreadtrum.com ([175.111.195.49]) by mx.google.com with ESMTPSA id b4sm14008020pbu.71.2015.06.01.04.52.47 (version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 01 Jun 2015 04:52:52 -0700 (PDT) From: Baolin Wang To: serge.hallyn@canonical.com Cc: arnd@arndb.de, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, james.l.morris@oracle.com, serge@hallyn.com, pmoore@redhat.com, tiwai@suse.de, jeffv@google.com, jlayton@primarydata.com, keescook@chromium.org, sds@tycho.nsa.gov, mark.d.rustad@intel.com, linux-security-module@vger.kernel.org, baolin.wang@linaro.org, y2038@lists.linaro.org Subject: [PATCH v4 04/25] security/security: Introduce security_settime64() function with timespec64 type Date: Mon, 1 Jun 2015 19:52:35 +0800 Message-Id: <1433159555-4704-1-git-send-email-baolin.wang@linaro.org> X-Mailer: git-send-email 1.7.9.5 Sender: linux-kernel-owner@vger.kernel.org Precedence: list List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: baolin.wang@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.53 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , For introducing the do_sys_settimeofday64() function with timespec64 type to make it ready for 2038 issue, it need to introduce the security_settime64() function with timespec64 type firstly. Also introduce a default security_settime64() function with timespec64 type when it hasn't defined the CONFIG_SECURITY macro. Also this patch changes the "settime" pointer's argument with timespec64 type in security_operations structure for introducing the the security_settime64() function. Meanwhile moves the security_settime() defined in security/security.c file to include/linux/security.h file as a static function, that makes it convenient to delete the security_settime() later. And change the cap_settime() function's argument with timespec64 type to make it ready for 2038 issue, which is only used by security_settime64()/security_settime() function. Signed-off-by: Baolin Wang --- include/linux/security.h | 25 ++++++++++++++++++++----- security/commoncap.c | 2 +- security/security.c | 2 +- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index a1b7dbd..5288794 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -75,7 +75,7 @@ struct timezone; */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, int audit); -extern int cap_settime(const struct timespec *ts, const struct timezone *tz); +extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz); extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); extern int cap_ptrace_traceme(struct task_struct *parent); extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); @@ -1353,7 +1353,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * Return 0 if permission is granted. * @settime: * Check permission to change the system time. - * struct timespec and timezone are defined in include/linux/time.h + * struct timespec64 is defined in include/linux/time64.h and timezone is + * defined in include/linux/time.h * @ts contains new time * @tz contains new timezone * Return 0 if permission is granted. @@ -1483,7 +1484,7 @@ struct security_operations { int (*quotactl) (int cmds, int type, int id, struct super_block *sb); int (*quota_on) (struct dentry *dentry); int (*syslog) (int type); - int (*settime) (const struct timespec *ts, const struct timezone *tz); + int (*settime) (const struct timespec64 *ts, const struct timezone *tz); int (*vm_enough_memory) (struct mm_struct *mm, long pages); int (*bprm_set_creds) (struct linux_binprm *bprm); @@ -1790,7 +1791,13 @@ int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns, int security_quotactl(int cmds, int type, int id, struct super_block *sb); int security_quota_on(struct dentry *dentry); int security_syslog(int type); -int security_settime(const struct timespec *ts, const struct timezone *tz); +int security_settime64(const struct timespec64 *ts, const struct timezone *tz); +static int security_settime(const struct timespec *ts, const struct timezone *tz) +{ + struct timespec64 ts64 = timespec_to_timespec64(*ts); + + return security_settime64(&ts64, tz); +} int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); int security_bprm_set_creds(struct linux_binprm *bprm); int security_bprm_check(struct linux_binprm *bprm); @@ -2040,10 +2047,18 @@ static inline int security_syslog(int type) return 0; } +static inline int security_settime64(const struct timespec64 *ts, + const struct timezone *tz) +{ + return cap_settime(ts, tz); +} + static inline int security_settime(const struct timespec *ts, const struct timezone *tz) { - return cap_settime(ts, tz); + struct timsepc64 ts64 = timespec_to_timespec64(*ts); + + return cap_settime(&ts64, tz); } static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) diff --git a/security/commoncap.c b/security/commoncap.c index f66713b..bdb8ec0 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -116,7 +116,7 @@ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns, * Determine whether the current process may set the system clock and timezone * information, returning 0 if permission granted, -ve if denied. */ -int cap_settime(const struct timespec *ts, const struct timezone *tz) +int cap_settime(const struct timespec64 *ts, const struct timezone *tz) { if (!capable(CAP_SYS_TIME)) return -EPERM; diff --git a/security/security.c b/security/security.c index e81d5bb..0be5032 100644 --- a/security/security.c +++ b/security/security.c @@ -224,7 +224,7 @@ int security_syslog(int type) return security_ops->syslog(type); } -int security_settime(const struct timespec *ts, const struct timezone *tz) +int security_settime64(const struct timespec64 *ts, const struct timezone *tz) { return security_ops->settime(ts, tz); }