[LSM]: networking hooks, kconfig bits.

diff --git a/include/linux/security.h b/include/linux/security.h
index a7d728493d2c6993923354b6738089485ef6f95b..5e2d1da2e7f75a73080adc0146b5f26b885771e5 100644 (file)
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -63,16 +63,14 @@ extern void cap_task_reparent_to_init (struct task_struct *p);
 /* setfsuid or setfsgid, id0 == fsuid or fsgid */
 #define LSM_SETID_FS   8
 
-
-#ifdef CONFIG_SECURITY
-
 /* forward declares to avoid warnings */
 struct sk_buff;
-struct net_device;
 struct nfsctl_arg;
 struct sched_param;
 struct swap_info_struct;
 
+#ifdef CONFIG_SECURITY
+
 /**
  * struct security_operations - main security structure
  *
@@ -952,6 +950,9 @@ struct security_operations {
                                  struct security_operations *ops);
        int (*unregister_security) (const char *name,
                                    struct security_operations *ops);
+
+#ifdef CONFIG_SECURITY_NETWORK
+#endif /* CONFIG_SECURITY_NETWORK */
 };
 
 /* global variables */
@@ -2106,5 +2107,9 @@ static inline int security_sem_semop (struct sem_array * sma,
 
 #endif /* CONFIG_SECURITY */
 
+#ifdef CONFIG_SECURITY_NETWORK
+#else  /* CONFIG_SECURITY_NETWORK */
+#endif /* CONFIG_SECURITY_NETWORK */
+
 #endif /* ! __LINUX_SECURITY_H */
 

diff --git a/security/Kconfig b/security/Kconfig
index 76d62c92176f83aeb48b3118bfec6878718747fb..e529321997bd0514c006930422254c38f855f574 100644 (file)
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -15,6 +15,15 @@ config SECURITY
 
          If you are unsure how to answer this question, answer N.
 
+config SECURITY_NETWORK
+       bool "Socket and Networking Security Hooks"
+       depends on SECURITY
+       help
+         This enables the socket and networking security hooks.
+         If enabled, a security module can use these hooks to
+         implement socket and networking access controls.
+         If you are unsure how to answer this question, answer N.
+
 config SECURITY_CAPABILITIES
        tristate "Default Linux Capabilities"
        depends on SECURITY!=n

diff --git a/security/dummy.c b/security/dummy.c
index 7f2ad59f9d480fdd3d78f41290e6106763915b6d..7403b45a869f9a3d93c931304cf4cc74b1789332 100644 (file)
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -597,6 +597,9 @@ static int dummy_sem_semop (struct sem_array *sma,
        return 0;
 }
 
+#ifdef CONFIG_SECURITY_NETWORK
+#endif /* CONFIG_SECURITY_NETWORK */
+
 static int dummy_register_security (const char *name, struct security_operations *ops)
 {
        return -EINVAL;
@@ -725,5 +728,7 @@ void security_fixup_ops (struct security_operations *ops)
        set_to_dummy_if_null(ops, sem_semop);
        set_to_dummy_if_null(ops, register_security);
        set_to_dummy_if_null(ops, unregister_security);
+#ifdef CONFIG_SECURITY_NETWORK
+#endif /* CONFIG_SECURITY_NETWORK */
 }