Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752481AbbFALxB (ORCPT ); Mon, 1 Jun 2015 07:53:01 -0400 Received: from mail-pd0-f174.google.com ([209.85.192.174]:33641 "EHLO mail-pd0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751973AbbFALwx (ORCPT ); Mon, 1 Jun 2015 07:52:53 -0400 From: Baolin Wang To: serge.hallyn@canonical.com Cc: arnd@arndb.de, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, james.l.morris@oracle.com, serge@hallyn.com, pmoore@redhat.com, tiwai@suse.de, jeffv@google.com, jlayton@primarydata.com, keescook@chromium.org, sds@tycho.nsa.gov, mark.d.rustad@intel.com, linux-security-module@vger.kernel.org, baolin.wang@linaro.org, y2038@lists.linaro.org Subject: [PATCH v4 04/25] security/security: Introduce security_settime64() function with timespec64 type Date: Mon, 1 Jun 2015 19:52:35 +0800 Message-Id: <1433159555-4704-1-git-send-email-baolin.wang@linaro.org> X-Mailer: git-send-email 1.7.9.5 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 5353 Lines: 129 For introducing the do_sys_settimeofday64() function with timespec64 type to make it ready for 2038 issue, it need to introduce the security_settime64() function with timespec64 type firstly. Also introduce a default security_settime64() function with timespec64 type when it hasn't defined the CONFIG_SECURITY macro. Also this patch changes the "settime" pointer's argument with timespec64 type in security_operations structure for introducing the the security_settime64() function. Meanwhile moves the security_settime() defined in security/security.c file to include/linux/security.h file as a static function, that makes it convenient to delete the security_settime() later. And change the cap_settime() function's argument with timespec64 type to make it ready for 2038 issue, which is only used by security_settime64()/security_settime() function. Signed-off-by: Baolin Wang --- include/linux/security.h | 25 ++++++++++++++++++++----- security/commoncap.c | 2 +- security/security.c | 2 +- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/include/linux/security.h b/include/linux/security.h index a1b7dbd..5288794 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -75,7 +75,7 @@ struct timezone; */ extern int cap_capable(const struct cred *cred, struct user_namespace *ns, int cap, int audit); -extern int cap_settime(const struct timespec *ts, const struct timezone *tz); +extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz); extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); extern int cap_ptrace_traceme(struct task_struct *parent); extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); @@ -1353,7 +1353,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * Return 0 if permission is granted. * @settime: * Check permission to change the system time. - * struct timespec and timezone are defined in include/linux/time.h + * struct timespec64 is defined in include/linux/time64.h and timezone is + * defined in include/linux/time.h * @ts contains new time * @tz contains new timezone * Return 0 if permission is granted. @@ -1483,7 +1484,7 @@ struct security_operations { int (*quotactl) (int cmds, int type, int id, struct super_block *sb); int (*quota_on) (struct dentry *dentry); int (*syslog) (int type); - int (*settime) (const struct timespec *ts, const struct timezone *tz); + int (*settime) (const struct timespec64 *ts, const struct timezone *tz); int (*vm_enough_memory) (struct mm_struct *mm, long pages); int (*bprm_set_creds) (struct linux_binprm *bprm); @@ -1790,7 +1791,13 @@ int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns, int security_quotactl(int cmds, int type, int id, struct super_block *sb); int security_quota_on(struct dentry *dentry); int security_syslog(int type); -int security_settime(const struct timespec *ts, const struct timezone *tz); +int security_settime64(const struct timespec64 *ts, const struct timezone *tz); +static int security_settime(const struct timespec *ts, const struct timezone *tz) +{ + struct timespec64 ts64 = timespec_to_timespec64(*ts); + + return security_settime64(&ts64, tz); +} int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); int security_bprm_set_creds(struct linux_binprm *bprm); int security_bprm_check(struct linux_binprm *bprm); @@ -2040,10 +2047,18 @@ static inline int security_syslog(int type) return 0; } +static inline int security_settime64(const struct timespec64 *ts, + const struct timezone *tz) +{ + return cap_settime(ts, tz); +} + static inline int security_settime(const struct timespec *ts, const struct timezone *tz) { - return cap_settime(ts, tz); + struct timsepc64 ts64 = timespec_to_timespec64(*ts); + + return cap_settime(&ts64, tz); } static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) diff --git a/security/commoncap.c b/security/commoncap.c index f66713b..bdb8ec0 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -116,7 +116,7 @@ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns, * Determine whether the current process may set the system clock and timezone * information, returning 0 if permission granted, -ve if denied. */ -int cap_settime(const struct timespec *ts, const struct timezone *tz) +int cap_settime(const struct timespec64 *ts, const struct timezone *tz) { if (!capable(CAP_SYS_TIME)) return -EPERM; diff --git a/security/security.c b/security/security.c index e81d5bb..0be5032 100644 --- a/security/security.c +++ b/security/security.c @@ -224,7 +224,7 @@ int security_syslog(int type) return security_ops->syslog(type); } -int security_settime(const struct timespec *ts, const struct timezone *tz) +int security_settime64(const struct timespec64 *ts, const struct timezone *tz) { return security_ops->settime(ts, tz); } -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/