From: Baolin Wang <baolin.wang@linaro.org>
To: serge.hallyn@canonical.com
Cc: arnd@arndb.de, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
        james.l.morris@oracle.com, serge@hallyn.com, pmoore@redhat.com,
        tiwai@suse.de, jeffv@google.com, jlayton@primarydata.com,
        keescook@chromium.org, sds@tycho.nsa.gov, mark.d.rustad@intel.com,
        linux-security-module@vger.kernel.org, baolin.wang@linaro.org,
        y2038@lists.linaro.org
Subject: [PATCH v4 04/25] security/security: Introduce security_settime64() function with timespec64 type
Date: Mon,  1 Jun 2015 19:52:35 +0800
Message-Id: <1433159555-4704-1-git-send-email-baolin.wang@linaro.org>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 5353
Lines: 129

For introducing the do_sys_settimeofday64() function with
timespec64 type to make it ready for 2038 issue, it need to
introduce the security_settime64() function with timespec64
type firstly.

Also introduce a default security_settime64() function with
timespec64 type when it hasn't defined the CONFIG_SECURITY macro.

Also this patch changes the "settime" pointer's argument with
timespec64 type in security_operations structure for introducing
the the security_settime64() function.

Meanwhile moves the security_settime() defined in
security/security.c file to include/linux/security.h file as a
static function, that makes it convenient to delete the
security_settime() later.

And change the cap_settime() function's argument with timespec64
type to make it ready for 2038 issue, which is only used by
security_settime64()/security_settime() function.

Signed-off-by: Baolin Wang <baolin.wang@linaro.org>
---
 include/linux/security.h |   25 ++++++++++++++++++++-----
 security/commoncap.c     |    2 +-
 security/security.c      |    2 +-
 3 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/include/linux/security.h b/include/linux/security.h
index a1b7dbd..5288794 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -75,7 +75,7 @@ struct timezone;
  */
 extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
 		       int cap, int audit);
-extern int cap_settime(const struct timespec *ts, const struct timezone *tz);
+extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz);
 extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
 extern int cap_ptrace_traceme(struct task_struct *parent);
 extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
@@ -1353,7 +1353,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *	Return 0 if permission is granted.
  * @settime:
  *	Check permission to change the system time.
- *	struct timespec and timezone are defined in include/linux/time.h
+ *	struct timespec64 is defined in include/linux/time64.h and timezone is
+ *	defined in include/linux/time.h
  *	@ts contains new time
  *	@tz contains new timezone
  *	Return 0 if permission is granted.
@@ -1483,7 +1484,7 @@ struct security_operations {
 	int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
 	int (*quota_on) (struct dentry *dentry);
 	int (*syslog) (int type);
-	int (*settime) (const struct timespec *ts, const struct timezone *tz);
+	int (*settime) (const struct timespec64 *ts, const struct timezone *tz);
 	int (*vm_enough_memory) (struct mm_struct *mm, long pages);
 
 	int (*bprm_set_creds) (struct linux_binprm *bprm);
@@ -1790,7 +1791,13 @@ int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
 int security_quotactl(int cmds, int type, int id, struct super_block *sb);
 int security_quota_on(struct dentry *dentry);
 int security_syslog(int type);
-int security_settime(const struct timespec *ts, const struct timezone *tz);
+int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
+static int security_settime(const struct timespec *ts, const struct timezone *tz)
+{
+	struct timespec64 ts64 = timespec_to_timespec64(*ts);
+
+	return security_settime64(&ts64, tz);
+}
 int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
 int security_bprm_set_creds(struct linux_binprm *bprm);
 int security_bprm_check(struct linux_binprm *bprm);
@@ -2040,10 +2047,18 @@ static inline int security_syslog(int type)
 	return 0;
 }
 
+static inline int security_settime64(const struct timespec64 *ts,
+				     const struct timezone *tz)
+{
+	return cap_settime(ts, tz);
+}
+
 static inline int security_settime(const struct timespec *ts,
 				   const struct timezone *tz)
 {
-	return cap_settime(ts, tz);
+	struct timsepc64 ts64 = timespec_to_timespec64(*ts);
+
+	return cap_settime(&ts64, tz);
 }
 
 static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
diff --git a/security/commoncap.c b/security/commoncap.c
index f66713b..bdb8ec0 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -116,7 +116,7 @@ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
  * Determine whether the current process may set the system clock and timezone
  * information, returning 0 if permission granted, -ve if denied.
  */
-int cap_settime(const struct timespec *ts, const struct timezone *tz)
+int cap_settime(const struct timespec64 *ts, const struct timezone *tz)
 {
 	if (!capable(CAP_SYS_TIME))
 		return -EPERM;
diff --git a/security/security.c b/security/security.c
index e81d5bb..0be5032 100644
--- a/security/security.c
+++ b/security/security.c
@@ -224,7 +224,7 @@ int security_syslog(int type)
 	return security_ops->syslog(type);
 }
 
-int security_settime(const struct timespec *ts, const struct timezone *tz)
+int security_settime64(const struct timespec64 *ts, const struct timezone *tz)
 {
 	return security_ops->settime(ts, tz);
 }
-- 
1.7.9.5

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/