Doug / smarc-fsl-linux-kernel

Download as
Browse Code »

Commit 95ce568812822931991a24147987c5c75c0ac5b0

Authored by David S. Miller
1 parent e6eb307d48
Exists in master and in 7 other branches imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-l5.0.0_1.0.0-ga

[SECURITY]: Fix build with CONFIG_SECURITY disabled. 

include/linux/security.h: In function ‘security_release_secctx’:
include/linux/security.h:2757: warning: ‘return’ with a value, in function returning void

Signed-off-by: David S. Miller <davem@davemloft.net>

Showing 1 changed file with 0 additions and 1 deletions Inline Diff

include/linux/security.h
Diff comments   View file @ 95ce568
1 /* 1 /*
2 * Linux Security plug 2 * Linux Security plug
3 * 3 *
4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> 4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com> 5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> 6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
7 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au> 7 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group) 8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
9 * 9 *
10 * This program is free software; you can redistribute it and/or modify 10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by 11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or 12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version. 13 * (at your option) any later version.
14 * 14 *
15 * Due to this file being licensed under the GPL there is controversy over 15 * Due to this file being licensed under the GPL there is controversy over
16 * whether this permits you to write a module that #includes this file 16 * whether this permits you to write a module that #includes this file
17 * without placing your module under the GPL. Please consult a lawyer for 17 * without placing your module under the GPL. Please consult a lawyer for
18 * advice before doing this. 18 * advice before doing this.
19 * 19 *
20 */ 20 */
21 21
22 #ifndef __LINUX_SECURITY_H 22 #ifndef __LINUX_SECURITY_H
23 #define __LINUX_SECURITY_H 23 #define __LINUX_SECURITY_H
24 24
25 #include <linux/fs.h> 25 #include <linux/fs.h>
26 #include <linux/binfmts.h> 26 #include <linux/binfmts.h>
27 #include <linux/signal.h> 27 #include <linux/signal.h>
28 #include <linux/resource.h> 28 #include <linux/resource.h>
29 #include <linux/sem.h> 29 #include <linux/sem.h>
30 #include <linux/shm.h> 30 #include <linux/shm.h>
31 #include <linux/msg.h> 31 #include <linux/msg.h>
32 #include <linux/sched.h> 32 #include <linux/sched.h>
33 #include <linux/key.h> 33 #include <linux/key.h>
34 34
35 struct ctl_table; 35 struct ctl_table;
36 36
37 /* 37 /*
38 * These functions are in security/capability.c and are used 38 * These functions are in security/capability.c and are used
39 * as the default capabilities functions 39 * as the default capabilities functions
40 */ 40 */
41 extern int cap_capable (struct task_struct *tsk, int cap); 41 extern int cap_capable (struct task_struct *tsk, int cap);
42 extern int cap_settime (struct timespec *ts, struct timezone *tz); 42 extern int cap_settime (struct timespec *ts, struct timezone *tz);
43 extern int cap_ptrace (struct task_struct *parent, struct task_struct *child); 43 extern int cap_ptrace (struct task_struct *parent, struct task_struct *child);
44 extern int cap_capget (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); 44 extern int cap_capget (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
45 extern int cap_capset_check (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); 45 extern int cap_capset_check (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
46 extern void cap_capset_set (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); 46 extern void cap_capset_set (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
47 extern int cap_bprm_set_security (struct linux_binprm *bprm); 47 extern int cap_bprm_set_security (struct linux_binprm *bprm);
48 extern void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe); 48 extern void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe);
49 extern int cap_bprm_secureexec(struct linux_binprm *bprm); 49 extern int cap_bprm_secureexec(struct linux_binprm *bprm);
50 extern int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags); 50 extern int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags);
51 extern int cap_inode_removexattr(struct dentry *dentry, char *name); 51 extern int cap_inode_removexattr(struct dentry *dentry, char *name);
52 extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); 52 extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
53 extern void cap_task_reparent_to_init (struct task_struct *p); 53 extern void cap_task_reparent_to_init (struct task_struct *p);
54 extern int cap_syslog (int type); 54 extern int cap_syslog (int type);
55 extern int cap_vm_enough_memory (long pages); 55 extern int cap_vm_enough_memory (long pages);
56 56
57 struct msghdr; 57 struct msghdr;
58 struct sk_buff; 58 struct sk_buff;
59 struct sock; 59 struct sock;
60 struct sockaddr; 60 struct sockaddr;
61 struct socket; 61 struct socket;
62 struct flowi; 62 struct flowi;
63 struct dst_entry; 63 struct dst_entry;
64 struct xfrm_selector; 64 struct xfrm_selector;
65 struct xfrm_policy; 65 struct xfrm_policy;
66 struct xfrm_state; 66 struct xfrm_state;
67 struct xfrm_user_sec_ctx; 67 struct xfrm_user_sec_ctx;
68 68
69 extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); 69 extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
70 extern int cap_netlink_recv(struct sk_buff *skb, int cap); 70 extern int cap_netlink_recv(struct sk_buff *skb, int cap);
71 71
72 /* 72 /*
73 * Values used in the task_security_ops calls 73 * Values used in the task_security_ops calls
74 */ 74 */
75 /* setuid or setgid, id0 == uid or gid */ 75 /* setuid or setgid, id0 == uid or gid */
76 #define LSM_SETID_ID 1 76 #define LSM_SETID_ID 1
77 77
78 /* setreuid or setregid, id0 == real, id1 == eff */ 78 /* setreuid or setregid, id0 == real, id1 == eff */
79 #define LSM_SETID_RE 2 79 #define LSM_SETID_RE 2
80 80
81 /* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */ 81 /* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */
82 #define LSM_SETID_RES 4 82 #define LSM_SETID_RES 4
83 83
84 /* setfsuid or setfsgid, id0 == fsuid or fsgid */ 84 /* setfsuid or setfsgid, id0 == fsuid or fsgid */
85 #define LSM_SETID_FS 8 85 #define LSM_SETID_FS 8
86 86
87 /* forward declares to avoid warnings */ 87 /* forward declares to avoid warnings */
88 struct nfsctl_arg; 88 struct nfsctl_arg;
89 struct sched_param; 89 struct sched_param;
90 struct swap_info_struct; 90 struct swap_info_struct;
91 91
92 /* bprm_apply_creds unsafe reasons */ 92 /* bprm_apply_creds unsafe reasons */
93 #define LSM_UNSAFE_SHARE 1 93 #define LSM_UNSAFE_SHARE 1
94 #define LSM_UNSAFE_PTRACE 2 94 #define LSM_UNSAFE_PTRACE 2
95 #define LSM_UNSAFE_PTRACE_CAP 4 95 #define LSM_UNSAFE_PTRACE_CAP 4
96 96
97 #ifdef CONFIG_SECURITY 97 #ifdef CONFIG_SECURITY
98 98
99 /** 99 /**
100 * struct security_operations - main security structure 100 * struct security_operations - main security structure
101 * 101 *
102 * Security hooks for program execution operations. 102 * Security hooks for program execution operations.
103 * 103 *
104 * @bprm_alloc_security: 104 * @bprm_alloc_security:
105 * Allocate and attach a security structure to the @bprm->security field. 105 * Allocate and attach a security structure to the @bprm->security field.
106 * The security field is initialized to NULL when the bprm structure is 106 * The security field is initialized to NULL when the bprm structure is
107 * allocated. 107 * allocated.
108 * @bprm contains the linux_binprm structure to be modified. 108 * @bprm contains the linux_binprm structure to be modified.
109 * Return 0 if operation was successful. 109 * Return 0 if operation was successful.
110 * @bprm_free_security: 110 * @bprm_free_security:
111 * @bprm contains the linux_binprm structure to be modified. 111 * @bprm contains the linux_binprm structure to be modified.
112 * Deallocate and clear the @bprm->security field. 112 * Deallocate and clear the @bprm->security field.
113 * @bprm_apply_creds: 113 * @bprm_apply_creds:
114 * Compute and set the security attributes of a process being transformed 114 * Compute and set the security attributes of a process being transformed
115 * by an execve operation based on the old attributes (current->security) 115 * by an execve operation based on the old attributes (current->security)
116 * and the information saved in @bprm->security by the set_security hook. 116 * and the information saved in @bprm->security by the set_security hook.
117 * Since this hook function (and its caller) are void, this hook can not 117 * Since this hook function (and its caller) are void, this hook can not
118 * return an error. However, it can leave the security attributes of the 118 * return an error. However, it can leave the security attributes of the
119 * process unchanged if an access failure occurs at this point. 119 * process unchanged if an access failure occurs at this point.
120 * bprm_apply_creds is called under task_lock. @unsafe indicates various 120 * bprm_apply_creds is called under task_lock. @unsafe indicates various
121 * reasons why it may be unsafe to change security state. 121 * reasons why it may be unsafe to change security state.
122 * @bprm contains the linux_binprm structure. 122 * @bprm contains the linux_binprm structure.
123 * @bprm_post_apply_creds: 123 * @bprm_post_apply_creds:
124 * Runs after bprm_apply_creds with the task_lock dropped, so that 124 * Runs after bprm_apply_creds with the task_lock dropped, so that
125 * functions which cannot be called safely under the task_lock can 125 * functions which cannot be called safely under the task_lock can
126 * be used. This hook is a good place to perform state changes on 126 * be used. This hook is a good place to perform state changes on
127 * the process such as closing open file descriptors to which access 127 * the process such as closing open file descriptors to which access
128 * is no longer granted if the attributes were changed. 128 * is no longer granted if the attributes were changed.
129 * Note that a security module might need to save state between 129 * Note that a security module might need to save state between
130 * bprm_apply_creds and bprm_post_apply_creds to store the decision 130 * bprm_apply_creds and bprm_post_apply_creds to store the decision
131 * on whether the process may proceed. 131 * on whether the process may proceed.
132 * @bprm contains the linux_binprm structure. 132 * @bprm contains the linux_binprm structure.
133 * @bprm_set_security: 133 * @bprm_set_security:
134 * Save security information in the bprm->security field, typically based 134 * Save security information in the bprm->security field, typically based
135 * on information about the bprm->file, for later use by the apply_creds 135 * on information about the bprm->file, for later use by the apply_creds
136 * hook. This hook may also optionally check permissions (e.g. for 136 * hook. This hook may also optionally check permissions (e.g. for
137 * transitions between security domains). 137 * transitions between security domains).
138 * This hook may be called multiple times during a single execve, e.g. for 138 * This hook may be called multiple times during a single execve, e.g. for
139 * interpreters. The hook can tell whether it has already been called by 139 * interpreters. The hook can tell whether it has already been called by
140 * checking to see if @bprm->security is non-NULL. If so, then the hook 140 * checking to see if @bprm->security is non-NULL. If so, then the hook
141 * may decide either to retain the security information saved earlier or 141 * may decide either to retain the security information saved earlier or
142 * to replace it. 142 * to replace it.
143 * @bprm contains the linux_binprm structure. 143 * @bprm contains the linux_binprm structure.
144 * Return 0 if the hook is successful and permission is granted. 144 * Return 0 if the hook is successful and permission is granted.
145 * @bprm_check_security: 145 * @bprm_check_security:
146 * This hook mediates the point when a search for a binary handler will 146 * This hook mediates the point when a search for a binary handler will
147 * begin. It allows a check the @bprm->security value which is set in 147 * begin. It allows a check the @bprm->security value which is set in
148 * the preceding set_security call. The primary difference from 148 * the preceding set_security call. The primary difference from
149 * set_security is that the argv list and envp list are reliably 149 * set_security is that the argv list and envp list are reliably
150 * available in @bprm. This hook may be called multiple times 150 * available in @bprm. This hook may be called multiple times
151 * during a single execve; and in each pass set_security is called 151 * during a single execve; and in each pass set_security is called
152 * first. 152 * first.
153 * @bprm contains the linux_binprm structure. 153 * @bprm contains the linux_binprm structure.
154 * Return 0 if the hook is successful and permission is granted. 154 * Return 0 if the hook is successful and permission is granted.
155 * @bprm_secureexec: 155 * @bprm_secureexec:
156 * Return a boolean value (0 or 1) indicating whether a "secure exec" 156 * Return a boolean value (0 or 1) indicating whether a "secure exec"
157 * is required. The flag is passed in the auxiliary table 157 * is required. The flag is passed in the auxiliary table
158 * on the initial stack to the ELF interpreter to indicate whether libc 158 * on the initial stack to the ELF interpreter to indicate whether libc
159 * should enable secure mode. 159 * should enable secure mode.
160 * @bprm contains the linux_binprm structure. 160 * @bprm contains the linux_binprm structure.
161 * 161 *
162 * Security hooks for filesystem operations. 162 * Security hooks for filesystem operations.
163 * 163 *
164 * @sb_alloc_security: 164 * @sb_alloc_security:
165 * Allocate and attach a security structure to the sb->s_security field. 165 * Allocate and attach a security structure to the sb->s_security field.
166 * The s_security field is initialized to NULL when the structure is 166 * The s_security field is initialized to NULL when the structure is
167 * allocated. 167 * allocated.
168 * @sb contains the super_block structure to be modified. 168 * @sb contains the super_block structure to be modified.
169 * Return 0 if operation was successful. 169 * Return 0 if operation was successful.
170 * @sb_free_security: 170 * @sb_free_security:
171 * Deallocate and clear the sb->s_security field. 171 * Deallocate and clear the sb->s_security field.
172 * @sb contains the super_block structure to be modified. 172 * @sb contains the super_block structure to be modified.
173 * @sb_statfs: 173 * @sb_statfs:
174 * Check permission before obtaining filesystem statistics for the @mnt 174 * Check permission before obtaining filesystem statistics for the @mnt
175 * mountpoint. 175 * mountpoint.
176 * @dentry is a handle on the superblock for the filesystem. 176 * @dentry is a handle on the superblock for the filesystem.
177 * Return 0 if permission is granted. 177 * Return 0 if permission is granted.
178 * @sb_mount: 178 * @sb_mount:
179 * Check permission before an object specified by @dev_name is mounted on 179 * Check permission before an object specified by @dev_name is mounted on
180 * the mount point named by @nd. For an ordinary mount, @dev_name 180 * the mount point named by @nd. For an ordinary mount, @dev_name
181 * identifies a device if the file system type requires a device. For a 181 * identifies a device if the file system type requires a device. For a
182 * remount (@flags & MS_REMOUNT), @dev_name is irrelevant. For a 182 * remount (@flags & MS_REMOUNT), @dev_name is irrelevant. For a
183 * loopback/bind mount (@flags & MS_BIND), @dev_name identifies the 183 * loopback/bind mount (@flags & MS_BIND), @dev_name identifies the
184 * pathname of the object being mounted. 184 * pathname of the object being mounted.
185 * @dev_name contains the name for object being mounted. 185 * @dev_name contains the name for object being mounted.
186 * @nd contains the nameidata structure for mount point object. 186 * @nd contains the nameidata structure for mount point object.
187 * @type contains the filesystem type. 187 * @type contains the filesystem type.
188 * @flags contains the mount flags. 188 * @flags contains the mount flags.
189 * @data contains the filesystem-specific data. 189 * @data contains the filesystem-specific data.
190 * Return 0 if permission is granted. 190 * Return 0 if permission is granted.
191 * @sb_copy_data: 191 * @sb_copy_data:
192 * Allow mount option data to be copied prior to parsing by the filesystem, 192 * Allow mount option data to be copied prior to parsing by the filesystem,
193 * so that the security module can extract security-specific mount 193 * so that the security module can extract security-specific mount
194 * options cleanly (a filesystem may modify the data e.g. with strsep()). 194 * options cleanly (a filesystem may modify the data e.g. with strsep()).
195 * This also allows the original mount data to be stripped of security- 195 * This also allows the original mount data to be stripped of security-
196 * specific options to avoid having to make filesystems aware of them. 196 * specific options to avoid having to make filesystems aware of them.
197 * @type the type of filesystem being mounted. 197 * @type the type of filesystem being mounted.
198 * @orig the original mount data copied from userspace. 198 * @orig the original mount data copied from userspace.
199 * @copy copied data which will be passed to the security module. 199 * @copy copied data which will be passed to the security module.
200 * Returns 0 if the copy was successful. 200 * Returns 0 if the copy was successful.
201 * @sb_check_sb: 201 * @sb_check_sb:
202 * Check permission before the device with superblock @mnt->sb is mounted 202 * Check permission before the device with superblock @mnt->sb is mounted
203 * on the mount point named by @nd. 203 * on the mount point named by @nd.
204 * @mnt contains the vfsmount for device being mounted. 204 * @mnt contains the vfsmount for device being mounted.
205 * @nd contains the nameidata object for the mount point. 205 * @nd contains the nameidata object for the mount point.
206 * Return 0 if permission is granted. 206 * Return 0 if permission is granted.
207 * @sb_umount: 207 * @sb_umount:
208 * Check permission before the @mnt file system is unmounted. 208 * Check permission before the @mnt file system is unmounted.
209 * @mnt contains the mounted file system. 209 * @mnt contains the mounted file system.
210 * @flags contains the unmount flags, e.g. MNT_FORCE. 210 * @flags contains the unmount flags, e.g. MNT_FORCE.
211 * Return 0 if permission is granted. 211 * Return 0 if permission is granted.
212 * @sb_umount_close: 212 * @sb_umount_close:
213 * Close any files in the @mnt mounted filesystem that are held open by 213 * Close any files in the @mnt mounted filesystem that are held open by
214 * the security module. This hook is called during an umount operation 214 * the security module. This hook is called during an umount operation
215 * prior to checking whether the filesystem is still busy. 215 * prior to checking whether the filesystem is still busy.
216 * @mnt contains the mounted filesystem. 216 * @mnt contains the mounted filesystem.
217 * @sb_umount_busy: 217 * @sb_umount_busy:
218 * Handle a failed umount of the @mnt mounted filesystem, e.g. re-opening 218 * Handle a failed umount of the @mnt mounted filesystem, e.g. re-opening
219 * any files that were closed by umount_close. This hook is called during 219 * any files that were closed by umount_close. This hook is called during
220 * an umount operation if the umount fails after a call to the 220 * an umount operation if the umount fails after a call to the
221 * umount_close hook. 221 * umount_close hook.
222 * @mnt contains the mounted filesystem. 222 * @mnt contains the mounted filesystem.
223 * @sb_post_remount: 223 * @sb_post_remount:
224 * Update the security module's state when a filesystem is remounted. 224 * Update the security module's state when a filesystem is remounted.
225 * This hook is only called if the remount was successful. 225 * This hook is only called if the remount was successful.
226 * @mnt contains the mounted file system. 226 * @mnt contains the mounted file system.
227 * @flags contains the new filesystem flags. 227 * @flags contains the new filesystem flags.
228 * @data contains the filesystem-specific data. 228 * @data contains the filesystem-specific data.
229 * @sb_post_mountroot: 229 * @sb_post_mountroot:
230 * Update the security module's state when the root filesystem is mounted. 230 * Update the security module's state when the root filesystem is mounted.
231 * This hook is only called if the mount was successful. 231 * This hook is only called if the mount was successful.
232 * @sb_post_addmount: 232 * @sb_post_addmount:
233 * Update the security module's state when a filesystem is mounted. 233 * Update the security module's state when a filesystem is mounted.
234 * This hook is called any time a mount is successfully grafetd to 234 * This hook is called any time a mount is successfully grafetd to
235 * the tree. 235 * the tree.
236 * @mnt contains the mounted filesystem. 236 * @mnt contains the mounted filesystem.
237 * @mountpoint_nd contains the nameidata structure for the mount point. 237 * @mountpoint_nd contains the nameidata structure for the mount point.
238 * @sb_pivotroot: 238 * @sb_pivotroot:
239 * Check permission before pivoting the root filesystem. 239 * Check permission before pivoting the root filesystem.
240 * @old_nd contains the nameidata structure for the new location of the current root (put_old). 240 * @old_nd contains the nameidata structure for the new location of the current root (put_old).
241 * @new_nd contains the nameidata structure for the new root (new_root). 241 * @new_nd contains the nameidata structure for the new root (new_root).
242 * Return 0 if permission is granted. 242 * Return 0 if permission is granted.
243 * @sb_post_pivotroot: 243 * @sb_post_pivotroot:
244 * Update module state after a successful pivot. 244 * Update module state after a successful pivot.
245 * @old_nd contains the nameidata structure for the old root. 245 * @old_nd contains the nameidata structure for the old root.
246 * @new_nd contains the nameidata structure for the new root. 246 * @new_nd contains the nameidata structure for the new root.
247 * 247 *
248 * Security hooks for inode operations. 248 * Security hooks for inode operations.
249 * 249 *
250 * @inode_alloc_security: 250 * @inode_alloc_security:
251 * Allocate and attach a security structure to @inode->i_security. The 251 * Allocate and attach a security structure to @inode->i_security. The
252 * i_security field is initialized to NULL when the inode structure is 252 * i_security field is initialized to NULL when the inode structure is
253 * allocated. 253 * allocated.
254 * @inode contains the inode structure. 254 * @inode contains the inode structure.
255 * Return 0 if operation was successful. 255 * Return 0 if operation was successful.
256 * @inode_free_security: 256 * @inode_free_security:
257 * @inode contains the inode structure. 257 * @inode contains the inode structure.
258 * Deallocate the inode security structure and set @inode->i_security to 258 * Deallocate the inode security structure and set @inode->i_security to
259 * NULL. 259 * NULL.
260 * @inode_init_security: 260 * @inode_init_security:
261 * Obtain the security attribute name suffix and value to set on a newly 261 * Obtain the security attribute name suffix and value to set on a newly
262 * created inode and set up the incore security field for the new inode. 262 * created inode and set up the incore security field for the new inode.
263 * This hook is called by the fs code as part of the inode creation 263 * This hook is called by the fs code as part of the inode creation
264 * transaction and provides for atomic labeling of the inode, unlike 264 * transaction and provides for atomic labeling of the inode, unlike
265 * the post_create/mkdir/... hooks called by the VFS. The hook function 265 * the post_create/mkdir/... hooks called by the VFS. The hook function
266 * is expected to allocate the name and value via kmalloc, with the caller 266 * is expected to allocate the name and value via kmalloc, with the caller
267 * being responsible for calling kfree after using them. 267 * being responsible for calling kfree after using them.
268 * If the security module does not use security attributes or does 268 * If the security module does not use security attributes or does
269 * not wish to put a security attribute on this particular inode, 269 * not wish to put a security attribute on this particular inode,
270 * then it should return -EOPNOTSUPP to skip this processing. 270 * then it should return -EOPNOTSUPP to skip this processing.
271 * @inode contains the inode structure of the newly created inode. 271 * @inode contains the inode structure of the newly created inode.
272 * @dir contains the inode structure of the parent directory. 272 * @dir contains the inode structure of the parent directory.
273 * @name will be set to the allocated name suffix (e.g. selinux). 273 * @name will be set to the allocated name suffix (e.g. selinux).
274 * @value will be set to the allocated attribute value. 274 * @value will be set to the allocated attribute value.
275 * @len will be set to the length of the value. 275 * @len will be set to the length of the value.
276 * Returns 0 if @name and @value have been successfully set, 276 * Returns 0 if @name and @value have been successfully set,
277 * -EOPNOTSUPP if no security attribute is needed, or 277 * -EOPNOTSUPP if no security attribute is needed, or
278 * -ENOMEM on memory allocation failure. 278 * -ENOMEM on memory allocation failure.
279 * @inode_create: 279 * @inode_create:
280 * Check permission to create a regular file. 280 * Check permission to create a regular file.
281 * @dir contains inode structure of the parent of the new file. 281 * @dir contains inode structure of the parent of the new file.
282 * @dentry contains the dentry structure for the file to be created. 282 * @dentry contains the dentry structure for the file to be created.
283 * @mode contains the file mode of the file to be created. 283 * @mode contains the file mode of the file to be created.
284 * Return 0 if permission is granted. 284 * Return 0 if permission is granted.
285 * @inode_link: 285 * @inode_link:
286 * Check permission before creating a new hard link to a file. 286 * Check permission before creating a new hard link to a file.
287 * @old_dentry contains the dentry structure for an existing link to the file. 287 * @old_dentry contains the dentry structure for an existing link to the file.
288 * @dir contains the inode structure of the parent directory of the new link. 288 * @dir contains the inode structure of the parent directory of the new link.
289 * @new_dentry contains the dentry structure for the new link. 289 * @new_dentry contains the dentry structure for the new link.
290 * Return 0 if permission is granted. 290 * Return 0 if permission is granted.
291 * @inode_unlink: 291 * @inode_unlink:
292 * Check the permission to remove a hard link to a file. 292 * Check the permission to remove a hard link to a file.
293 * @dir contains the inode structure of parent directory of the file. 293 * @dir contains the inode structure of parent directory of the file.
294 * @dentry contains the dentry structure for file to be unlinked. 294 * @dentry contains the dentry structure for file to be unlinked.
295 * Return 0 if permission is granted. 295 * Return 0 if permission is granted.
296 * @inode_symlink: 296 * @inode_symlink:
297 * Check the permission to create a symbolic link to a file. 297 * Check the permission to create a symbolic link to a file.
298 * @dir contains the inode structure of parent directory of the symbolic link. 298 * @dir contains the inode structure of parent directory of the symbolic link.
299 * @dentry contains the dentry structure of the symbolic link. 299 * @dentry contains the dentry structure of the symbolic link.
300 * @old_name contains the pathname of file. 300 * @old_name contains the pathname of file.
301 * Return 0 if permission is granted. 301 * Return 0 if permission is granted.
302 * @inode_mkdir: 302 * @inode_mkdir:
303 * Check permissions to create a new directory in the existing directory 303 * Check permissions to create a new directory in the existing directory
304 * associated with inode strcture @dir. 304 * associated with inode strcture @dir.
305 * @dir containst the inode structure of parent of the directory to be created. 305 * @dir containst the inode structure of parent of the directory to be created.
306 * @dentry contains the dentry structure of new directory. 306 * @dentry contains the dentry structure of new directory.
307 * @mode contains the mode of new directory. 307 * @mode contains the mode of new directory.
308 * Return 0 if permission is granted. 308 * Return 0 if permission is granted.
309 * @inode_rmdir: 309 * @inode_rmdir:
310 * Check the permission to remove a directory. 310 * Check the permission to remove a directory.
311 * @dir contains the inode structure of parent of the directory to be removed. 311 * @dir contains the inode structure of parent of the directory to be removed.
312 * @dentry contains the dentry structure of directory to be removed. 312 * @dentry contains the dentry structure of directory to be removed.
313 * Return 0 if permission is granted. 313 * Return 0 if permission is granted.
314 * @inode_mknod: 314 * @inode_mknod:
315 * Check permissions when creating a special file (or a socket or a fifo 315 * Check permissions when creating a special file (or a socket or a fifo
316 * file created via the mknod system call). Note that if mknod operation 316 * file created via the mknod system call). Note that if mknod operation
317 * is being done for a regular file, then the create hook will be called 317 * is being done for a regular file, then the create hook will be called
318 * and not this hook. 318 * and not this hook.
319 * @dir contains the inode structure of parent of the new file. 319 * @dir contains the inode structure of parent of the new file.
320 * @dentry contains the dentry structure of the new file. 320 * @dentry contains the dentry structure of the new file.
321 * @mode contains the mode of the new file. 321 * @mode contains the mode of the new file.
322 * @dev contains the the device number. 322 * @dev contains the the device number.
323 * Return 0 if permission is granted. 323 * Return 0 if permission is granted.
324 * @inode_rename: 324 * @inode_rename:
325 * Check for permission to rename a file or directory. 325 * Check for permission to rename a file or directory.
326 * @old_dir contains the inode structure for parent of the old link. 326 * @old_dir contains the inode structure for parent of the old link.
327 * @old_dentry contains the dentry structure of the old link. 327 * @old_dentry contains the dentry structure of the old link.
328 * @new_dir contains the inode structure for parent of the new link. 328 * @new_dir contains the inode structure for parent of the new link.
329 * @new_dentry contains the dentry structure of the new link. 329 * @new_dentry contains the dentry structure of the new link.
330 * Return 0 if permission is granted. 330 * Return 0 if permission is granted.
331 * @inode_readlink: 331 * @inode_readlink:
332 * Check the permission to read the symbolic link. 332 * Check the permission to read the symbolic link.
333 * @dentry contains the dentry structure for the file link. 333 * @dentry contains the dentry structure for the file link.
334 * Return 0 if permission is granted. 334 * Return 0 if permission is granted.
335 * @inode_follow_link: 335 * @inode_follow_link:
336 * Check permission to follow a symbolic link when looking up a pathname. 336 * Check permission to follow a symbolic link when looking up a pathname.
337 * @dentry contains the dentry structure for the link. 337 * @dentry contains the dentry structure for the link.
338 * @nd contains the nameidata structure for the parent directory. 338 * @nd contains the nameidata structure for the parent directory.
339 * Return 0 if permission is granted. 339 * Return 0 if permission is granted.
340 * @inode_permission: 340 * @inode_permission:
341 * Check permission before accessing an inode. This hook is called by the 341 * Check permission before accessing an inode. This hook is called by the
342 * existing Linux permission function, so a security module can use it to 342 * existing Linux permission function, so a security module can use it to
343 * provide additional checking for existing Linux permission checks. 343 * provide additional checking for existing Linux permission checks.
344 * Notice that this hook is called when a file is opened (as well as many 344 * Notice that this hook is called when a file is opened (as well as many
345 * other operations), whereas the file_security_ops permission hook is 345 * other operations), whereas the file_security_ops permission hook is
346 * called when the actual read/write operations are performed. 346 * called when the actual read/write operations are performed.
347 * @inode contains the inode structure to check. 347 * @inode contains the inode structure to check.
348 * @mask contains the permission mask. 348 * @mask contains the permission mask.
349 * @nd contains the nameidata (may be NULL). 349 * @nd contains the nameidata (may be NULL).
350 * Return 0 if permission is granted. 350 * Return 0 if permission is granted.
351 * @inode_setattr: 351 * @inode_setattr:
352 * Check permission before setting file attributes. Note that the kernel 352 * Check permission before setting file attributes. Note that the kernel
353 * call to notify_change is performed from several locations, whenever 353 * call to notify_change is performed from several locations, whenever
354 * file attributes change (such as when a file is truncated, chown/chmod 354 * file attributes change (such as when a file is truncated, chown/chmod
355 * operations, transferring disk quotas, etc). 355 * operations, transferring disk quotas, etc).
356 * @dentry contains the dentry structure for the file. 356 * @dentry contains the dentry structure for the file.
357 * @attr is the iattr structure containing the new file attributes. 357 * @attr is the iattr structure containing the new file attributes.
358 * Return 0 if permission is granted. 358 * Return 0 if permission is granted.
359 * @inode_getattr: 359 * @inode_getattr:
360 * Check permission before obtaining file attributes. 360 * Check permission before obtaining file attributes.
361 * @mnt is the vfsmount where the dentry was looked up 361 * @mnt is the vfsmount where the dentry was looked up
362 * @dentry contains the dentry structure for the file. 362 * @dentry contains the dentry structure for the file.
363 * Return 0 if permission is granted. 363 * Return 0 if permission is granted.
364 * @inode_delete: 364 * @inode_delete:
365 * @inode contains the inode structure for deleted inode. 365 * @inode contains the inode structure for deleted inode.
366 * This hook is called when a deleted inode is released (i.e. an inode 366 * This hook is called when a deleted inode is released (i.e. an inode
367 * with no hard links has its use count drop to zero). A security module 367 * with no hard links has its use count drop to zero). A security module
368 * can use this hook to release any persistent label associated with the 368 * can use this hook to release any persistent label associated with the
369 * inode. 369 * inode.
370 * @inode_setxattr: 370 * @inode_setxattr:
371 * Check permission before setting the extended attributes 371 * Check permission before setting the extended attributes
372 * @value identified by @name for @dentry. 372 * @value identified by @name for @dentry.
373 * Return 0 if permission is granted. 373 * Return 0 if permission is granted.
374 * @inode_post_setxattr: 374 * @inode_post_setxattr:
375 * Update inode security field after successful setxattr operation. 375 * Update inode security field after successful setxattr operation.
376 * @value identified by @name for @dentry. 376 * @value identified by @name for @dentry.
377 * @inode_getxattr: 377 * @inode_getxattr:
378 * Check permission before obtaining the extended attributes 378 * Check permission before obtaining the extended attributes
379 * identified by @name for @dentry. 379 * identified by @name for @dentry.
380 * Return 0 if permission is granted. 380 * Return 0 if permission is granted.
381 * @inode_listxattr: 381 * @inode_listxattr:
382 * Check permission before obtaining the list of extended attribute 382 * Check permission before obtaining the list of extended attribute
383 * names for @dentry. 383 * names for @dentry.
384 * Return 0 if permission is granted. 384 * Return 0 if permission is granted.
385 * @inode_removexattr: 385 * @inode_removexattr:
386 * Check permission before removing the extended attribute 386 * Check permission before removing the extended attribute
387 * identified by @name for @dentry. 387 * identified by @name for @dentry.
388 * Return 0 if permission is granted. 388 * Return 0 if permission is granted.
389 * @inode_getsecurity: 389 * @inode_getsecurity:
390 * Copy the extended attribute representation of the security label 390 * Copy the extended attribute representation of the security label
391 * associated with @name for @inode into @buffer. @buffer may be 391 * associated with @name for @inode into @buffer. @buffer may be
392 * NULL to request the size of the buffer required. @size indicates 392 * NULL to request the size of the buffer required. @size indicates
393 * the size of @buffer in bytes. Note that @name is the remainder 393 * the size of @buffer in bytes. Note that @name is the remainder
394 * of the attribute name after the security. prefix has been removed. 394 * of the attribute name after the security. prefix has been removed.
395 * @err is the return value from the preceding fs getxattr call, 395 * @err is the return value from the preceding fs getxattr call,
396 * and can be used by the security module to determine whether it 396 * and can be used by the security module to determine whether it
397 * should try and canonicalize the attribute value. 397 * should try and canonicalize the attribute value.
398 * Return number of bytes used/required on success. 398 * Return number of bytes used/required on success.
399 * @inode_setsecurity: 399 * @inode_setsecurity:
400 * Set the security label associated with @name for @inode from the 400 * Set the security label associated with @name for @inode from the
401 * extended attribute value @value. @size indicates the size of the 401 * extended attribute value @value. @size indicates the size of the
402 * @value in bytes. @flags may be XATTR_CREATE, XATTR_REPLACE, or 0. 402 * @value in bytes. @flags may be XATTR_CREATE, XATTR_REPLACE, or 0.
403 * Note that @name is the remainder of the attribute name after the 403 * Note that @name is the remainder of the attribute name after the
404 * security. prefix has been removed. 404 * security. prefix has been removed.
405 * Return 0 on success. 405 * Return 0 on success.
406 * @inode_listsecurity: 406 * @inode_listsecurity:
407 * Copy the extended attribute names for the security labels 407 * Copy the extended attribute names for the security labels
408 * associated with @inode into @buffer. The maximum size of @buffer 408 * associated with @inode into @buffer. The maximum size of @buffer
409 * is specified by @buffer_size. @buffer may be NULL to request 409 * is specified by @buffer_size. @buffer may be NULL to request
410 * the size of the buffer required. 410 * the size of the buffer required.
411 * Returns number of bytes used/required on success. 411 * Returns number of bytes used/required on success.
412 * 412 *
413 * Security hooks for file operations 413 * Security hooks for file operations
414 * 414 *
415 * @file_permission: 415 * @file_permission:
416 * Check file permissions before accessing an open file. This hook is 416 * Check file permissions before accessing an open file. This hook is
417 * called by various operations that read or write files. A security 417 * called by various operations that read or write files. A security
418 * module can use this hook to perform additional checking on these 418 * module can use this hook to perform additional checking on these
419 * operations, e.g. to revalidate permissions on use to support privilege 419 * operations, e.g. to revalidate permissions on use to support privilege
420 * bracketing or policy changes. Notice that this hook is used when the 420 * bracketing or policy changes. Notice that this hook is used when the
421 * actual read/write operations are performed, whereas the 421 * actual read/write operations are performed, whereas the
422 * inode_security_ops hook is called when a file is opened (as well as 422 * inode_security_ops hook is called when a file is opened (as well as
423 * many other operations). 423 * many other operations).
424 * Caveat: Although this hook can be used to revalidate permissions for 424 * Caveat: Although this hook can be used to revalidate permissions for
425 * various system call operations that read or write files, it does not 425 * various system call operations that read or write files, it does not
426 * address the revalidation of permissions for memory-mapped files. 426 * address the revalidation of permissions for memory-mapped files.
427 * Security modules must handle this separately if they need such 427 * Security modules must handle this separately if they need such
428 * revalidation. 428 * revalidation.
429 * @file contains the file structure being accessed. 429 * @file contains the file structure being accessed.
430 * @mask contains the requested permissions. 430 * @mask contains the requested permissions.
431 * Return 0 if permission is granted. 431 * Return 0 if permission is granted.
432 * @file_alloc_security: 432 * @file_alloc_security:
433 * Allocate and attach a security structure to the file->f_security field. 433 * Allocate and attach a security structure to the file->f_security field.
434 * The security field is initialized to NULL when the structure is first 434 * The security field is initialized to NULL when the structure is first
435 * created. 435 * created.
436 * @file contains the file structure to secure. 436 * @file contains the file structure to secure.
437 * Return 0 if the hook is successful and permission is granted. 437 * Return 0 if the hook is successful and permission is granted.
438 * @file_free_security: 438 * @file_free_security:
439 * Deallocate and free any security structures stored in file->f_security. 439 * Deallocate and free any security structures stored in file->f_security.
440 * @file contains the file structure being modified. 440 * @file contains the file structure being modified.
441 * @file_ioctl: 441 * @file_ioctl:
442 * @file contains the file structure. 442 * @file contains the file structure.
443 * @cmd contains the operation to perform. 443 * @cmd contains the operation to perform.
444 * @arg contains the operational arguments. 444 * @arg contains the operational arguments.
445 * Check permission for an ioctl operation on @file. Note that @arg can 445 * Check permission for an ioctl operation on @file. Note that @arg can
446 * sometimes represents a user space pointer; in other cases, it may be a 446 * sometimes represents a user space pointer; in other cases, it may be a
447 * simple integer value. When @arg represents a user space pointer, it 447 * simple integer value. When @arg represents a user space pointer, it
448 * should never be used by the security module. 448 * should never be used by the security module.
449 * Return 0 if permission is granted. 449 * Return 0 if permission is granted.
450 * @file_mmap : 450 * @file_mmap :
451 * Check permissions for a mmap operation. The @file may be NULL, e.g. 451 * Check permissions for a mmap operation. The @file may be NULL, e.g.
452 * if mapping anonymous memory. 452 * if mapping anonymous memory.
453 * @file contains the file structure for file to map (may be NULL). 453 * @file contains the file structure for file to map (may be NULL).
454 * @reqprot contains the protection requested by the application. 454 * @reqprot contains the protection requested by the application.
455 * @prot contains the protection that will be applied by the kernel. 455 * @prot contains the protection that will be applied by the kernel.
456 * @flags contains the operational flags. 456 * @flags contains the operational flags.
457 * Return 0 if permission is granted. 457 * Return 0 if permission is granted.
458 * @file_mprotect: 458 * @file_mprotect:
459 * Check permissions before changing memory access permissions. 459 * Check permissions before changing memory access permissions.
460 * @vma contains the memory region to modify. 460 * @vma contains the memory region to modify.
461 * @reqprot contains the protection requested by the application. 461 * @reqprot contains the protection requested by the application.
462 * @prot contains the protection that will be applied by the kernel. 462 * @prot contains the protection that will be applied by the kernel.
463 * Return 0 if permission is granted. 463 * Return 0 if permission is granted.
464 * @file_lock: 464 * @file_lock:
465 * Check permission before performing file locking operations. 465 * Check permission before performing file locking operations.
466 * Note: this hook mediates both flock and fcntl style locks. 466 * Note: this hook mediates both flock and fcntl style locks.
467 * @file contains the file structure. 467 * @file contains the file structure.
468 * @cmd contains the posix-translated lock operation to perform 468 * @cmd contains the posix-translated lock operation to perform
469 * (e.g. F_RDLCK, F_WRLCK). 469 * (e.g. F_RDLCK, F_WRLCK).
470 * Return 0 if permission is granted. 470 * Return 0 if permission is granted.
471 * @file_fcntl: 471 * @file_fcntl:
472 * Check permission before allowing the file operation specified by @cmd 472 * Check permission before allowing the file operation specified by @cmd
473 * from being performed on the file @file. Note that @arg can sometimes 473 * from being performed on the file @file. Note that @arg can sometimes
474 * represents a user space pointer; in other cases, it may be a simple 474 * represents a user space pointer; in other cases, it may be a simple
475 * integer value. When @arg represents a user space pointer, it should 475 * integer value. When @arg represents a user space pointer, it should
476 * never be used by the security module. 476 * never be used by the security module.
477 * @file contains the file structure. 477 * @file contains the file structure.
478 * @cmd contains the operation to be performed. 478 * @cmd contains the operation to be performed.
479 * @arg contains the operational arguments. 479 * @arg contains the operational arguments.
480 * Return 0 if permission is granted. 480 * Return 0 if permission is granted.
481 * @file_set_fowner: 481 * @file_set_fowner:
482 * Save owner security information (typically from current->security) in 482 * Save owner security information (typically from current->security) in
483 * file->f_security for later use by the send_sigiotask hook. 483 * file->f_security for later use by the send_sigiotask hook.
484 * @file contains the file structure to update. 484 * @file contains the file structure to update.
485 * Return 0 on success. 485 * Return 0 on success.
486 * @file_send_sigiotask: 486 * @file_send_sigiotask:
487 * Check permission for the file owner @fown to send SIGIO or SIGURG to the 487 * Check permission for the file owner @fown to send SIGIO or SIGURG to the
488 * process @tsk. Note that this hook is sometimes called from interrupt. 488 * process @tsk. Note that this hook is sometimes called from interrupt.
489 * Note that the fown_struct, @fown, is never outside the context of a 489 * Note that the fown_struct, @fown, is never outside the context of a
490 * struct file, so the file structure (and associated security information) 490 * struct file, so the file structure (and associated security information)
491 * can always be obtained: 491 * can always be obtained:
492 * (struct file *)((long)fown - offsetof(struct file,f_owner)); 492 * (struct file *)((long)fown - offsetof(struct file,f_owner));
493 * @tsk contains the structure of task receiving signal. 493 * @tsk contains the structure of task receiving signal.
494 * @fown contains the file owner information. 494 * @fown contains the file owner information.
495 * @sig is the signal that will be sent. When 0, kernel sends SIGIO. 495 * @sig is the signal that will be sent. When 0, kernel sends SIGIO.
496 * Return 0 if permission is granted. 496 * Return 0 if permission is granted.
497 * @file_receive: 497 * @file_receive:
498 * This hook allows security modules to control the ability of a process 498 * This hook allows security modules to control the ability of a process
499 * to receive an open file descriptor via socket IPC. 499 * to receive an open file descriptor via socket IPC.
500 * @file contains the file structure being received. 500 * @file contains the file structure being received.
501 * Return 0 if permission is granted. 501 * Return 0 if permission is granted.
502 * 502 *
503 * Security hooks for task operations. 503 * Security hooks for task operations.
504 * 504 *
505 * @task_create: 505 * @task_create:
506 * Check permission before creating a child process. See the clone(2) 506 * Check permission before creating a child process. See the clone(2)
507 * manual page for definitions of the @clone_flags. 507 * manual page for definitions of the @clone_flags.
508 * @clone_flags contains the flags indicating what should be shared. 508 * @clone_flags contains the flags indicating what should be shared.
509 * Return 0 if permission is granted. 509 * Return 0 if permission is granted.
510 * @task_alloc_security: 510 * @task_alloc_security:
511 * @p contains the task_struct for child process. 511 * @p contains the task_struct for child process.
512 * Allocate and attach a security structure to the p->security field. The 512 * Allocate and attach a security structure to the p->security field. The
513 * security field is initialized to NULL when the task structure is 513 * security field is initialized to NULL when the task structure is
514 * allocated. 514 * allocated.
515 * Return 0 if operation was successful. 515 * Return 0 if operation was successful.
516 * @task_free_security: 516 * @task_free_security:
517 * @p contains the task_struct for process. 517 * @p contains the task_struct for process.
518 * Deallocate and clear the p->security field. 518 * Deallocate and clear the p->security field.
519 * @task_setuid: 519 * @task_setuid:
520 * Check permission before setting one or more of the user identity 520 * Check permission before setting one or more of the user identity
521 * attributes of the current process. The @flags parameter indicates 521 * attributes of the current process. The @flags parameter indicates
522 * which of the set*uid system calls invoked this hook and how to 522 * which of the set*uid system calls invoked this hook and how to
523 * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID 523 * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID
524 * definitions at the beginning of this file for the @flags values and 524 * definitions at the beginning of this file for the @flags values and
525 * their meanings. 525 * their meanings.
526 * @id0 contains a uid. 526 * @id0 contains a uid.
527 * @id1 contains a uid. 527 * @id1 contains a uid.
528 * @id2 contains a uid. 528 * @id2 contains a uid.
529 * @flags contains one of the LSM_SETID_* values. 529 * @flags contains one of the LSM_SETID_* values.
530 * Return 0 if permission is granted. 530 * Return 0 if permission is granted.
531 * @task_post_setuid: 531 * @task_post_setuid:
532 * Update the module's state after setting one or more of the user 532 * Update the module's state after setting one or more of the user
533 * identity attributes of the current process. The @flags parameter 533 * identity attributes of the current process. The @flags parameter
534 * indicates which of the set*uid system calls invoked this hook. If 534 * indicates which of the set*uid system calls invoked this hook. If
535 * @flags is LSM_SETID_FS, then @old_ruid is the old fs uid and the other 535 * @flags is LSM_SETID_FS, then @old_ruid is the old fs uid and the other
536 * parameters are not used. 536 * parameters are not used.
537 * @old_ruid contains the old real uid (or fs uid if LSM_SETID_FS). 537 * @old_ruid contains the old real uid (or fs uid if LSM_SETID_FS).
538 * @old_euid contains the old effective uid (or -1 if LSM_SETID_FS). 538 * @old_euid contains the old effective uid (or -1 if LSM_SETID_FS).
539 * @old_suid contains the old saved uid (or -1 if LSM_SETID_FS). 539 * @old_suid contains the old saved uid (or -1 if LSM_SETID_FS).
540 * @flags contains one of the LSM_SETID_* values. 540 * @flags contains one of the LSM_SETID_* values.
541 * Return 0 on success. 541 * Return 0 on success.
542 * @task_setgid: 542 * @task_setgid:
543 * Check permission before setting one or more of the group identity 543 * Check permission before setting one or more of the group identity
544 * attributes of the current process. The @flags parameter indicates 544 * attributes of the current process. The @flags parameter indicates
545 * which of the set*gid system calls invoked this hook and how to 545 * which of the set*gid system calls invoked this hook and how to
546 * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID 546 * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID
547 * definitions at the beginning of this file for the @flags values and 547 * definitions at the beginning of this file for the @flags values and
548 * their meanings. 548 * their meanings.
549 * @id0 contains a gid. 549 * @id0 contains a gid.
550 * @id1 contains a gid. 550 * @id1 contains a gid.
551 * @id2 contains a gid. 551 * @id2 contains a gid.
552 * @flags contains one of the LSM_SETID_* values. 552 * @flags contains one of the LSM_SETID_* values.
553 * Return 0 if permission is granted. 553 * Return 0 if permission is granted.
554 * @task_setpgid: 554 * @task_setpgid:
555 * Check permission before setting the process group identifier of the 555 * Check permission before setting the process group identifier of the
556 * process @p to @pgid. 556 * process @p to @pgid.
557 * @p contains the task_struct for process being modified. 557 * @p contains the task_struct for process being modified.
558 * @pgid contains the new pgid. 558 * @pgid contains the new pgid.
559 * Return 0 if permission is granted. 559 * Return 0 if permission is granted.
560 * @task_getpgid: 560 * @task_getpgid:
561 * Check permission before getting the process group identifier of the 561 * Check permission before getting the process group identifier of the
562 * process @p. 562 * process @p.
563 * @p contains the task_struct for the process. 563 * @p contains the task_struct for the process.
564 * Return 0 if permission is granted. 564 * Return 0 if permission is granted.
565 * @task_getsid: 565 * @task_getsid:
566 * Check permission before getting the session identifier of the process 566 * Check permission before getting the session identifier of the process
567 * @p. 567 * @p.
568 * @p contains the task_struct for the process. 568 * @p contains the task_struct for the process.
569 * Return 0 if permission is granted. 569 * Return 0 if permission is granted.
570 * @task_getsecid: 570 * @task_getsecid:
571 * Retrieve the security identifier of the process @p. 571 * Retrieve the security identifier of the process @p.
572 * @p contains the task_struct for the process and place is into @secid. 572 * @p contains the task_struct for the process and place is into @secid.
573 * @task_setgroups: 573 * @task_setgroups:
574 * Check permission before setting the supplementary group set of the 574 * Check permission before setting the supplementary group set of the
575 * current process. 575 * current process.
576 * @group_info contains the new group information. 576 * @group_info contains the new group information.
577 * Return 0 if permission is granted. 577 * Return 0 if permission is granted.
578 * @task_setnice: 578 * @task_setnice:
579 * Check permission before setting the nice value of @p to @nice. 579 * Check permission before setting the nice value of @p to @nice.
580 * @p contains the task_struct of process. 580 * @p contains the task_struct of process.
581 * @nice contains the new nice value. 581 * @nice contains the new nice value.
582 * Return 0 if permission is granted. 582 * Return 0 if permission is granted.
583 * @task_setioprio 583 * @task_setioprio
584 * Check permission before setting the ioprio value of @p to @ioprio. 584 * Check permission before setting the ioprio value of @p to @ioprio.
585 * @p contains the task_struct of process. 585 * @p contains the task_struct of process.
586 * @ioprio contains the new ioprio value 586 * @ioprio contains the new ioprio value
587 * Return 0 if permission is granted. 587 * Return 0 if permission is granted.
588 * @task_getioprio 588 * @task_getioprio
589 * Check permission before getting the ioprio value of @p. 589 * Check permission before getting the ioprio value of @p.
590 * @p contains the task_struct of process. 590 * @p contains the task_struct of process.
591 * Return 0 if permission is granted. 591 * Return 0 if permission is granted.
592 * @task_setrlimit: 592 * @task_setrlimit:
593 * Check permission before setting the resource limits of the current 593 * Check permission before setting the resource limits of the current
594 * process for @resource to @new_rlim. The old resource limit values can 594 * process for @resource to @new_rlim. The old resource limit values can
595 * be examined by dereferencing (current->signal->rlim + resource). 595 * be examined by dereferencing (current->signal->rlim + resource).
596 * @resource contains the resource whose limit is being set. 596 * @resource contains the resource whose limit is being set.
597 * @new_rlim contains the new limits for @resource. 597 * @new_rlim contains the new limits for @resource.
598 * Return 0 if permission is granted. 598 * Return 0 if permission is granted.
599 * @task_setscheduler: 599 * @task_setscheduler:
600 * Check permission before setting scheduling policy and/or parameters of 600 * Check permission before setting scheduling policy and/or parameters of
601 * process @p based on @policy and @lp. 601 * process @p based on @policy and @lp.
602 * @p contains the task_struct for process. 602 * @p contains the task_struct for process.
603 * @policy contains the scheduling policy. 603 * @policy contains the scheduling policy.
604 * @lp contains the scheduling parameters. 604 * @lp contains the scheduling parameters.
605 * Return 0 if permission is granted. 605 * Return 0 if permission is granted.
606 * @task_getscheduler: 606 * @task_getscheduler:
607 * Check permission before obtaining scheduling information for process 607 * Check permission before obtaining scheduling information for process
608 * @p. 608 * @p.
609 * @p contains the task_struct for process. 609 * @p contains the task_struct for process.
610 * Return 0 if permission is granted. 610 * Return 0 if permission is granted.
611 * @task_movememory 611 * @task_movememory
612 * Check permission before moving memory owned by process @p. 612 * Check permission before moving memory owned by process @p.
613 * @p contains the task_struct for process. 613 * @p contains the task_struct for process.
614 * Return 0 if permission is granted. 614 * Return 0 if permission is granted.
615 * @task_kill: 615 * @task_kill:
616 * Check permission before sending signal @sig to @p. @info can be NULL, 616 * Check permission before sending signal @sig to @p. @info can be NULL,
617 * the constant 1, or a pointer to a siginfo structure. If @info is 1 or 617 * the constant 1, or a pointer to a siginfo structure. If @info is 1 or
618 * SI_FROMKERNEL(info) is true, then the signal should be viewed as coming 618 * SI_FROMKERNEL(info) is true, then the signal should be viewed as coming
619 * from the kernel and should typically be permitted. 619 * from the kernel and should typically be permitted.
620 * SIGIO signals are handled separately by the send_sigiotask hook in 620 * SIGIO signals are handled separately by the send_sigiotask hook in
621 * file_security_ops. 621 * file_security_ops.
622 * @p contains the task_struct for process. 622 * @p contains the task_struct for process.
623 * @info contains the signal information. 623 * @info contains the signal information.
624 * @sig contains the signal value. 624 * @sig contains the signal value.
625 * @secid contains the sid of the process where the signal originated 625 * @secid contains the sid of the process where the signal originated
626 * Return 0 if permission is granted. 626 * Return 0 if permission is granted.
627 * @task_wait: 627 * @task_wait:
628 * Check permission before allowing a process to reap a child process @p 628 * Check permission before allowing a process to reap a child process @p
629 * and collect its status information. 629 * and collect its status information.
630 * @p contains the task_struct for process. 630 * @p contains the task_struct for process.
631 * Return 0 if permission is granted. 631 * Return 0 if permission is granted.
632 * @task_prctl: 632 * @task_prctl:
633 * Check permission before performing a process control operation on the 633 * Check permission before performing a process control operation on the
634 * current process. 634 * current process.
635 * @option contains the operation. 635 * @option contains the operation.
636 * @arg2 contains a argument. 636 * @arg2 contains a argument.
637 * @arg3 contains a argument. 637 * @arg3 contains a argument.
638 * @arg4 contains a argument. 638 * @arg4 contains a argument.
639 * @arg5 contains a argument. 639 * @arg5 contains a argument.
640 * Return 0 if permission is granted. 640 * Return 0 if permission is granted.
641 * @task_reparent_to_init: 641 * @task_reparent_to_init:
642 * Set the security attributes in @p->security for a kernel thread that 642 * Set the security attributes in @p->security for a kernel thread that
643 * is being reparented to the init task. 643 * is being reparented to the init task.
644 * @p contains the task_struct for the kernel thread. 644 * @p contains the task_struct for the kernel thread.
645 * @task_to_inode: 645 * @task_to_inode:
646 * Set the security attributes for an inode based on an associated task's 646 * Set the security attributes for an inode based on an associated task's
647 * security attributes, e.g. for /proc/pid inodes. 647 * security attributes, e.g. for /proc/pid inodes.
648 * @p contains the task_struct for the task. 648 * @p contains the task_struct for the task.
649 * @inode contains the inode structure for the inode. 649 * @inode contains the inode structure for the inode.
650 * 650 *
651 * Security hooks for Netlink messaging. 651 * Security hooks for Netlink messaging.
652 * 652 *
653 * @netlink_send: 653 * @netlink_send:
654 * Save security information for a netlink message so that permission 654 * Save security information for a netlink message so that permission
655 * checking can be performed when the message is processed. The security 655 * checking can be performed when the message is processed. The security
656 * information can be saved using the eff_cap field of the 656 * information can be saved using the eff_cap field of the
657 * netlink_skb_parms structure. Also may be used to provide fine 657 * netlink_skb_parms structure. Also may be used to provide fine
658 * grained control over message transmission. 658 * grained control over message transmission.
659 * @sk associated sock of task sending the message., 659 * @sk associated sock of task sending the message.,
660 * @skb contains the sk_buff structure for the netlink message. 660 * @skb contains the sk_buff structure for the netlink message.
661 * Return 0 if the information was successfully saved and message 661 * Return 0 if the information was successfully saved and message
662 * is allowed to be transmitted. 662 * is allowed to be transmitted.
663 * @netlink_recv: 663 * @netlink_recv:
664 * Check permission before processing the received netlink message in 664 * Check permission before processing the received netlink message in
665 * @skb. 665 * @skb.
666 * @skb contains the sk_buff structure for the netlink message. 666 * @skb contains the sk_buff structure for the netlink message.
667 * @cap indicates the capability required 667 * @cap indicates the capability required
668 * Return 0 if permission is granted. 668 * Return 0 if permission is granted.
669 * 669 *
670 * Security hooks for Unix domain networking. 670 * Security hooks for Unix domain networking.
671 * 671 *
672 * @unix_stream_connect: 672 * @unix_stream_connect:
673 * Check permissions before establishing a Unix domain stream connection 673 * Check permissions before establishing a Unix domain stream connection
674 * between @sock and @other. 674 * between @sock and @other.
675 * @sock contains the socket structure. 675 * @sock contains the socket structure.
676 * @other contains the peer socket structure. 676 * @other contains the peer socket structure.
677 * Return 0 if permission is granted. 677 * Return 0 if permission is granted.
678 * @unix_may_send: 678 * @unix_may_send:
679 * Check permissions before connecting or sending datagrams from @sock to 679 * Check permissions before connecting or sending datagrams from @sock to
680 * @other. 680 * @other.
681 * @sock contains the socket structure. 681 * @sock contains the socket structure.
682 * @sock contains the peer socket structure. 682 * @sock contains the peer socket structure.
683 * Return 0 if permission is granted. 683 * Return 0 if permission is granted.
684 * 684 *
685 * The @unix_stream_connect and @unix_may_send hooks were necessary because 685 * The @unix_stream_connect and @unix_may_send hooks were necessary because
686 * Linux provides an alternative to the conventional file name space for Unix 686 * Linux provides an alternative to the conventional file name space for Unix
687 * domain sockets. Whereas binding and connecting to sockets in the file name 687 * domain sockets. Whereas binding and connecting to sockets in the file name
688 * space is mediated by the typical file permissions (and caught by the mknod 688 * space is mediated by the typical file permissions (and caught by the mknod
689 * and permission hooks in inode_security_ops), binding and connecting to 689 * and permission hooks in inode_security_ops), binding and connecting to
690 * sockets in the abstract name space is completely unmediated. Sufficient 690 * sockets in the abstract name space is completely unmediated. Sufficient
691 * control of Unix domain sockets in the abstract name space isn't possible 691 * control of Unix domain sockets in the abstract name space isn't possible
692 * using only the socket layer hooks, since we need to know the actual target 692 * using only the socket layer hooks, since we need to know the actual target
693 * socket, which is not looked up until we are inside the af_unix code. 693 * socket, which is not looked up until we are inside the af_unix code.
694 * 694 *
695 * Security hooks for socket operations. 695 * Security hooks for socket operations.
696 * 696 *
697 * @socket_create: 697 * @socket_create:
698 * Check permissions prior to creating a new socket. 698 * Check permissions prior to creating a new socket.
699 * @family contains the requested protocol family. 699 * @family contains the requested protocol family.
700 * @type contains the requested communications type. 700 * @type contains the requested communications type.
701 * @protocol contains the requested protocol. 701 * @protocol contains the requested protocol.
702 * @kern set to 1 if a kernel socket. 702 * @kern set to 1 if a kernel socket.
703 * Return 0 if permission is granted. 703 * Return 0 if permission is granted.
704 * @socket_post_create: 704 * @socket_post_create:
705 * This hook allows a module to update or allocate a per-socket security 705 * This hook allows a module to update or allocate a per-socket security
706 * structure. Note that the security field was not added directly to the 706 * structure. Note that the security field was not added directly to the
707 * socket structure, but rather, the socket security information is stored 707 * socket structure, but rather, the socket security information is stored
708 * in the associated inode. Typically, the inode alloc_security hook will 708 * in the associated inode. Typically, the inode alloc_security hook will
709 * allocate and and attach security information to 709 * allocate and and attach security information to
710 * sock->inode->i_security. This hook may be used to update the 710 * sock->inode->i_security. This hook may be used to update the
711 * sock->inode->i_security field with additional information that wasn't 711 * sock->inode->i_security field with additional information that wasn't
712 * available when the inode was allocated. 712 * available when the inode was allocated.
713 * @sock contains the newly created socket structure. 713 * @sock contains the newly created socket structure.
714 * @family contains the requested protocol family. 714 * @family contains the requested protocol family.
715 * @type contains the requested communications type. 715 * @type contains the requested communications type.
716 * @protocol contains the requested protocol. 716 * @protocol contains the requested protocol.
717 * @kern set to 1 if a kernel socket. 717 * @kern set to 1 if a kernel socket.
718 * @socket_bind: 718 * @socket_bind:
719 * Check permission before socket protocol layer bind operation is 719 * Check permission before socket protocol layer bind operation is
720 * performed and the socket @sock is bound to the address specified in the 720 * performed and the socket @sock is bound to the address specified in the
721 * @address parameter. 721 * @address parameter.
722 * @sock contains the socket structure. 722 * @sock contains the socket structure.
723 * @address contains the address to bind to. 723 * @address contains the address to bind to.
724 * @addrlen contains the length of address. 724 * @addrlen contains the length of address.
725 * Return 0 if permission is granted. 725 * Return 0 if permission is granted.
726 * @socket_connect: 726 * @socket_connect:
727 * Check permission before socket protocol layer connect operation 727 * Check permission before socket protocol layer connect operation
728 * attempts to connect socket @sock to a remote address, @address. 728 * attempts to connect socket @sock to a remote address, @address.
729 * @sock contains the socket structure. 729 * @sock contains the socket structure.
730 * @address contains the address of remote endpoint. 730 * @address contains the address of remote endpoint.
731 * @addrlen contains the length of address. 731 * @addrlen contains the length of address.
732 * Return 0 if permission is granted. 732 * Return 0 if permission is granted.
733 * @socket_listen: 733 * @socket_listen:
734 * Check permission before socket protocol layer listen operation. 734 * Check permission before socket protocol layer listen operation.
735 * @sock contains the socket structure. 735 * @sock contains the socket structure.
736 * @backlog contains the maximum length for the pending connection queue. 736 * @backlog contains the maximum length for the pending connection queue.
737 * Return 0 if permission is granted. 737 * Return 0 if permission is granted.
738 * @socket_accept: 738 * @socket_accept:
739 * Check permission before accepting a new connection. Note that the new 739 * Check permission before accepting a new connection. Note that the new
740 * socket, @newsock, has been created and some information copied to it, 740 * socket, @newsock, has been created and some information copied to it,
741 * but the accept operation has not actually been performed. 741 * but the accept operation has not actually been performed.
742 * @sock contains the listening socket structure. 742 * @sock contains the listening socket structure.
743 * @newsock contains the newly created server socket for connection. 743 * @newsock contains the newly created server socket for connection.
744 * Return 0 if permission is granted. 744 * Return 0 if permission is granted.
745 * @socket_post_accept: 745 * @socket_post_accept:
746 * This hook allows a security module to copy security 746 * This hook allows a security module to copy security
747 * information into the newly created socket's inode. 747 * information into the newly created socket's inode.
748 * @sock contains the listening socket structure. 748 * @sock contains the listening socket structure.
749 * @newsock contains the newly created server socket for connection. 749 * @newsock contains the newly created server socket for connection.
750 * @socket_sendmsg: 750 * @socket_sendmsg:
751 * Check permission before transmitting a message to another socket. 751 * Check permission before transmitting a message to another socket.
752 * @sock contains the socket structure. 752 * @sock contains the socket structure.
753 * @msg contains the message to be transmitted. 753 * @msg contains the message to be transmitted.
754 * @size contains the size of message. 754 * @size contains the size of message.
755 * Return 0 if permission is granted. 755 * Return 0 if permission is granted.
756 * @socket_recvmsg: 756 * @socket_recvmsg:
757 * Check permission before receiving a message from a socket. 757 * Check permission before receiving a message from a socket.
758 * @sock contains the socket structure. 758 * @sock contains the socket structure.
759 * @msg contains the message structure. 759 * @msg contains the message structure.
760 * @size contains the size of message structure. 760 * @size contains the size of message structure.
761 * @flags contains the operational flags. 761 * @flags contains the operational flags.
762 * Return 0 if permission is granted. 762 * Return 0 if permission is granted.
763 * @socket_getsockname: 763 * @socket_getsockname:
764 * Check permission before the local address (name) of the socket object 764 * Check permission before the local address (name) of the socket object
765 * @sock is retrieved. 765 * @sock is retrieved.
766 * @sock contains the socket structure. 766 * @sock contains the socket structure.
767 * Return 0 if permission is granted. 767 * Return 0 if permission is granted.
768 * @socket_getpeername: 768 * @socket_getpeername:
769 * Check permission before the remote address (name) of a socket object 769 * Check permission before the remote address (name) of a socket object
770 * @sock is retrieved. 770 * @sock is retrieved.
771 * @sock contains the socket structure. 771 * @sock contains the socket structure.
772 * Return 0 if permission is granted. 772 * Return 0 if permission is granted.
773 * @socket_getsockopt: 773 * @socket_getsockopt:
774 * Check permissions before retrieving the options associated with socket 774 * Check permissions before retrieving the options associated with socket
775 * @sock. 775 * @sock.
776 * @sock contains the socket structure. 776 * @sock contains the socket structure.
777 * @level contains the protocol level to retrieve option from. 777 * @level contains the protocol level to retrieve option from.
778 * @optname contains the name of option to retrieve. 778 * @optname contains the name of option to retrieve.
779 * Return 0 if permission is granted. 779 * Return 0 if permission is granted.
780 * @socket_setsockopt: 780 * @socket_setsockopt:
781 * Check permissions before setting the options associated with socket 781 * Check permissions before setting the options associated with socket
782 * @sock. 782 * @sock.
783 * @sock contains the socket structure. 783 * @sock contains the socket structure.
784 * @level contains the protocol level to set options for. 784 * @level contains the protocol level to set options for.
785 * @optname contains the name of the option to set. 785 * @optname contains the name of the option to set.
786 * Return 0 if permission is granted. 786 * Return 0 if permission is granted.
787 * @socket_shutdown: 787 * @socket_shutdown:
788 * Checks permission before all or part of a connection on the socket 788 * Checks permission before all or part of a connection on the socket
789 * @sock is shut down. 789 * @sock is shut down.
790 * @sock contains the socket structure. 790 * @sock contains the socket structure.
791 * @how contains the flag indicating how future sends and receives are handled. 791 * @how contains the flag indicating how future sends and receives are handled.
792 * Return 0 if permission is granted. 792 * Return 0 if permission is granted.
793 * @socket_sock_rcv_skb: 793 * @socket_sock_rcv_skb:
794 * Check permissions on incoming network packets. This hook is distinct 794 * Check permissions on incoming network packets. This hook is distinct
795 * from Netfilter's IP input hooks since it is the first time that the 795 * from Netfilter's IP input hooks since it is the first time that the
796 * incoming sk_buff @skb has been associated with a particular socket, @sk. 796 * incoming sk_buff @skb has been associated with a particular socket, @sk.
797 * @sk contains the sock (not socket) associated with the incoming sk_buff. 797 * @sk contains the sock (not socket) associated with the incoming sk_buff.
798 * @skb contains the incoming network data. 798 * @skb contains the incoming network data.
799 * @socket_getpeersec: 799 * @socket_getpeersec:
800 * This hook allows the security module to provide peer socket security 800 * This hook allows the security module to provide peer socket security
801 * state to userspace via getsockopt SO_GETPEERSEC. 801 * state to userspace via getsockopt SO_GETPEERSEC.
802 * @sock is the local socket. 802 * @sock is the local socket.
803 * @optval userspace memory where the security state is to be copied. 803 * @optval userspace memory where the security state is to be copied.
804 * @optlen userspace int where the module should copy the actual length 804 * @optlen userspace int where the module should copy the actual length
805 * of the security state. 805 * of the security state.
806 * @len as input is the maximum length to copy to userspace provided 806 * @len as input is the maximum length to copy to userspace provided
807 * by the caller. 807 * by the caller.
808 * Return 0 if all is well, otherwise, typical getsockopt return 808 * Return 0 if all is well, otherwise, typical getsockopt return
809 * values. 809 * values.
810 * @sk_alloc_security: 810 * @sk_alloc_security:
811 * Allocate and attach a security structure to the sk->sk_security field, 811 * Allocate and attach a security structure to the sk->sk_security field,
812 * which is used to copy security attributes between local stream sockets. 812 * which is used to copy security attributes between local stream sockets.
813 * @sk_free_security: 813 * @sk_free_security:
814 * Deallocate security structure. 814 * Deallocate security structure.
815 * @sk_getsid: 815 * @sk_getsid:
816 * Retrieve the LSM-specific sid for the sock to enable caching of network 816 * Retrieve the LSM-specific sid for the sock to enable caching of network
817 * authorizations. 817 * authorizations.
818 * 818 *
819 * Security hooks for XFRM operations. 819 * Security hooks for XFRM operations.
820 * 820 *
821 * @xfrm_policy_alloc_security: 821 * @xfrm_policy_alloc_security:
822 * @xp contains the xfrm_policy being added to Security Policy Database 822 * @xp contains the xfrm_policy being added to Security Policy Database
823 * used by the XFRM system. 823 * used by the XFRM system.
824 * @sec_ctx contains the security context information being provided by 824 * @sec_ctx contains the security context information being provided by
825 * the user-level policy update program (e.g., setkey). 825 * the user-level policy update program (e.g., setkey).
826 * Allocate a security structure to the xp->security field. 826 * Allocate a security structure to the xp->security field.
827 * The security field is initialized to NULL when the xfrm_policy is 827 * The security field is initialized to NULL when the xfrm_policy is
828 * allocated. 828 * allocated.
829 * Return 0 if operation was successful (memory to allocate, legal context) 829 * Return 0 if operation was successful (memory to allocate, legal context)
830 * @xfrm_policy_clone_security: 830 * @xfrm_policy_clone_security:
831 * @old contains an existing xfrm_policy in the SPD. 831 * @old contains an existing xfrm_policy in the SPD.
832 * @new contains a new xfrm_policy being cloned from old. 832 * @new contains a new xfrm_policy being cloned from old.
833 * Allocate a security structure to the new->security field 833 * Allocate a security structure to the new->security field
834 * that contains the information from the old->security field. 834 * that contains the information from the old->security field.
835 * Return 0 if operation was successful (memory to allocate). 835 * Return 0 if operation was successful (memory to allocate).
836 * @xfrm_policy_free_security: 836 * @xfrm_policy_free_security:
837 * @xp contains the xfrm_policy 837 * @xp contains the xfrm_policy
838 * Deallocate xp->security. 838 * Deallocate xp->security.
839 * @xfrm_policy_delete_security: 839 * @xfrm_policy_delete_security:
840 * @xp contains the xfrm_policy. 840 * @xp contains the xfrm_policy.
841 * Authorize deletion of xp->security. 841 * Authorize deletion of xp->security.
842 * @xfrm_state_alloc_security: 842 * @xfrm_state_alloc_security:
843 * @x contains the xfrm_state being added to the Security Association 843 * @x contains the xfrm_state being added to the Security Association
844 * Database by the XFRM system. 844 * Database by the XFRM system.
845 * @sec_ctx contains the security context information being provided by 845 * @sec_ctx contains the security context information being provided by
846 * the user-level SA generation program (e.g., setkey or racoon). 846 * the user-level SA generation program (e.g., setkey or racoon).
847 * Allocate a security structure to the x->security field. The 847 * Allocate a security structure to the x->security field. The
848 * security field is initialized to NULL when the xfrm_state is 848 * security field is initialized to NULL when the xfrm_state is
849 * allocated. 849 * allocated.
850 * Return 0 if operation was successful (memory to allocate, legal context). 850 * Return 0 if operation was successful (memory to allocate, legal context).
851 * @xfrm_state_free_security: 851 * @xfrm_state_free_security:
852 * @x contains the xfrm_state. 852 * @x contains the xfrm_state.
853 * Deallocate x->security. 853 * Deallocate x->security.
854 * @xfrm_state_delete_security: 854 * @xfrm_state_delete_security:
855 * @x contains the xfrm_state. 855 * @x contains the xfrm_state.
856 * Authorize deletion of x->security. 856 * Authorize deletion of x->security.
857 * @xfrm_policy_lookup: 857 * @xfrm_policy_lookup:
858 * @xp contains the xfrm_policy for which the access control is being 858 * @xp contains the xfrm_policy for which the access control is being
859 * checked. 859 * checked.
860 * @sk_sid contains the sock security label that is used to authorize 860 * @sk_sid contains the sock security label that is used to authorize
861 * access to the policy xp. 861 * access to the policy xp.
862 * @dir contains the direction of the flow (input or output). 862 * @dir contains the direction of the flow (input or output).
863 * Check permission when a sock selects a xfrm_policy for processing 863 * Check permission when a sock selects a xfrm_policy for processing
864 * XFRMs on a packet. The hook is called when selecting either a 864 * XFRMs on a packet. The hook is called when selecting either a
865 * per-socket policy or a generic xfrm policy. 865 * per-socket policy or a generic xfrm policy.
866 * Return 0 if permission is granted. 866 * Return 0 if permission is granted.
867 * 867 *
868 * Security hooks affecting all Key Management operations 868 * Security hooks affecting all Key Management operations
869 * 869 *
870 * @key_alloc: 870 * @key_alloc:
871 * Permit allocation of a key and assign security data. Note that key does 871 * Permit allocation of a key and assign security data. Note that key does
872 * not have a serial number assigned at this point. 872 * not have a serial number assigned at this point.
873 * @key points to the key. 873 * @key points to the key.
874 * @flags is the allocation flags 874 * @flags is the allocation flags
875 * Return 0 if permission is granted, -ve error otherwise. 875 * Return 0 if permission is granted, -ve error otherwise.
876 * @key_free: 876 * @key_free:
877 * Notification of destruction; free security data. 877 * Notification of destruction; free security data.
878 * @key points to the key. 878 * @key points to the key.
879 * No return value. 879 * No return value.
880 * @key_permission: 880 * @key_permission:
881 * See whether a specific operational right is granted to a process on a 881 * See whether a specific operational right is granted to a process on a
882 * key. 882 * key.
883 * @key_ref refers to the key (key pointer + possession attribute bit). 883 * @key_ref refers to the key (key pointer + possession attribute bit).
884 * @context points to the process to provide the context against which to 884 * @context points to the process to provide the context against which to
885 * evaluate the security data on the key. 885 * evaluate the security data on the key.
886 * @perm describes the combination of permissions required of this key. 886 * @perm describes the combination of permissions required of this key.
887 * Return 1 if permission granted, 0 if permission denied and -ve it the 887 * Return 1 if permission granted, 0 if permission denied and -ve it the
888 * normal permissions model should be effected. 888 * normal permissions model should be effected.
889 * 889 *
890 * Security hooks affecting all System V IPC operations. 890 * Security hooks affecting all System V IPC operations.
891 * 891 *
892 * @ipc_permission: 892 * @ipc_permission:
893 * Check permissions for access to IPC 893 * Check permissions for access to IPC
894 * @ipcp contains the kernel IPC permission structure 894 * @ipcp contains the kernel IPC permission structure
895 * @flag contains the desired (requested) permission set 895 * @flag contains the desired (requested) permission set
896 * Return 0 if permission is granted. 896 * Return 0 if permission is granted.
897 * 897 *
898 * Security hooks for individual messages held in System V IPC message queues 898 * Security hooks for individual messages held in System V IPC message queues
899 * @msg_msg_alloc_security: 899 * @msg_msg_alloc_security:
900 * Allocate and attach a security structure to the msg->security field. 900 * Allocate and attach a security structure to the msg->security field.
901 * The security field is initialized to NULL when the structure is first 901 * The security field is initialized to NULL when the structure is first
902 * created. 902 * created.
903 * @msg contains the message structure to be modified. 903 * @msg contains the message structure to be modified.
904 * Return 0 if operation was successful and permission is granted. 904 * Return 0 if operation was successful and permission is granted.
905 * @msg_msg_free_security: 905 * @msg_msg_free_security:
906 * Deallocate the security structure for this message. 906 * Deallocate the security structure for this message.
907 * @msg contains the message structure to be modified. 907 * @msg contains the message structure to be modified.
908 * 908 *
909 * Security hooks for System V IPC Message Queues 909 * Security hooks for System V IPC Message Queues
910 * 910 *
911 * @msg_queue_alloc_security: 911 * @msg_queue_alloc_security:
912 * Allocate and attach a security structure to the 912 * Allocate and attach a security structure to the
913 * msq->q_perm.security field. The security field is initialized to 913 * msq->q_perm.security field. The security field is initialized to
914 * NULL when the structure is first created. 914 * NULL when the structure is first created.
915 * @msq contains the message queue structure to be modified. 915 * @msq contains the message queue structure to be modified.
916 * Return 0 if operation was successful and permission is granted. 916 * Return 0 if operation was successful and permission is granted.
917 * @msg_queue_free_security: 917 * @msg_queue_free_security:
918 * Deallocate security structure for this message queue. 918 * Deallocate security structure for this message queue.
919 * @msq contains the message queue structure to be modified. 919 * @msq contains the message queue structure to be modified.
920 * @msg_queue_associate: 920 * @msg_queue_associate:
921 * Check permission when a message queue is requested through the 921 * Check permission when a message queue is requested through the
922 * msgget system call. This hook is only called when returning the 922 * msgget system call. This hook is only called when returning the
923 * message queue identifier for an existing message queue, not when a 923 * message queue identifier for an existing message queue, not when a
924 * new message queue is created. 924 * new message queue is created.
925 * @msq contains the message queue to act upon. 925 * @msq contains the message queue to act upon.
926 * @msqflg contains the operation control flags. 926 * @msqflg contains the operation control flags.
927 * Return 0 if permission is granted. 927 * Return 0 if permission is granted.
928 * @msg_queue_msgctl: 928 * @msg_queue_msgctl:
929 * Check permission when a message control operation specified by @cmd 929 * Check permission when a message control operation specified by @cmd
930 * is to be performed on the message queue @msq. 930 * is to be performed on the message queue @msq.
931 * The @msq may be NULL, e.g. for IPC_INFO or MSG_INFO. 931 * The @msq may be NULL, e.g. for IPC_INFO or MSG_INFO.
932 * @msq contains the message queue to act upon. May be NULL. 932 * @msq contains the message queue to act upon. May be NULL.
933 * @cmd contains the operation to be performed. 933 * @cmd contains the operation to be performed.
934 * Return 0 if permission is granted. 934 * Return 0 if permission is granted.
935 * @msg_queue_msgsnd: 935 * @msg_queue_msgsnd:
936 * Check permission before a message, @msg, is enqueued on the message 936 * Check permission before a message, @msg, is enqueued on the message
937 * queue, @msq. 937 * queue, @msq.
938 * @msq contains the message queue to send message to. 938 * @msq contains the message queue to send message to.
939 * @msg contains the message to be enqueued. 939 * @msg contains the message to be enqueued.
940 * @msqflg contains operational flags. 940 * @msqflg contains operational flags.
941 * Return 0 if permission is granted. 941 * Return 0 if permission is granted.
942 * @msg_queue_msgrcv: 942 * @msg_queue_msgrcv:
943 * Check permission before a message, @msg, is removed from the message 943 * Check permission before a message, @msg, is removed from the message
944 * queue, @msq. The @target task structure contains a pointer to the 944 * queue, @msq. The @target task structure contains a pointer to the
945 * process that will be receiving the message (not equal to the current 945 * process that will be receiving the message (not equal to the current
946 * process when inline receives are being performed). 946 * process when inline receives are being performed).
947 * @msq contains the message queue to retrieve message from. 947 * @msq contains the message queue to retrieve message from.
948 * @msg contains the message destination. 948 * @msg contains the message destination.
949 * @target contains the task structure for recipient process. 949 * @target contains the task structure for recipient process.
950 * @type contains the type of message requested. 950 * @type contains the type of message requested.
951 * @mode contains the operational flags. 951 * @mode contains the operational flags.
952 * Return 0 if permission is granted. 952 * Return 0 if permission is granted.
953 * 953 *
954 * Security hooks for System V Shared Memory Segments 954 * Security hooks for System V Shared Memory Segments
955 * 955 *
956 * @shm_alloc_security: 956 * @shm_alloc_security:
957 * Allocate and attach a security structure to the shp->shm_perm.security 957 * Allocate and attach a security structure to the shp->shm_perm.security
958 * field. The security field is initialized to NULL when the structure is 958 * field. The security field is initialized to NULL when the structure is
959 * first created. 959 * first created.
960 * @shp contains the shared memory structure to be modified. 960 * @shp contains the shared memory structure to be modified.
961 * Return 0 if operation was successful and permission is granted. 961 * Return 0 if operation was successful and permission is granted.
962 * @shm_free_security: 962 * @shm_free_security:
963 * Deallocate the security struct for this memory segment. 963 * Deallocate the security struct for this memory segment.
964 * @shp contains the shared memory structure to be modified. 964 * @shp contains the shared memory structure to be modified.
965 * @shm_associate: 965 * @shm_associate:
966 * Check permission when a shared memory region is requested through the 966 * Check permission when a shared memory region is requested through the
967 * shmget system call. This hook is only called when returning the shared 967 * shmget system call. This hook is only called when returning the shared
968 * memory region identifier for an existing region, not when a new shared 968 * memory region identifier for an existing region, not when a new shared
969 * memory region is created. 969 * memory region is created.
970 * @shp contains the shared memory structure to be modified. 970 * @shp contains the shared memory structure to be modified.
971 * @shmflg contains the operation control flags. 971 * @shmflg contains the operation control flags.
972 * Return 0 if permission is granted. 972 * Return 0 if permission is granted.
973 * @shm_shmctl: 973 * @shm_shmctl:
974 * Check permission when a shared memory control operation specified by 974 * Check permission when a shared memory control operation specified by
975 * @cmd is to be performed on the shared memory region @shp. 975 * @cmd is to be performed on the shared memory region @shp.
976 * The @shp may be NULL, e.g. for IPC_INFO or SHM_INFO. 976 * The @shp may be NULL, e.g. for IPC_INFO or SHM_INFO.
977 * @shp contains shared memory structure to be modified. 977 * @shp contains shared memory structure to be modified.
978 * @cmd contains the operation to be performed. 978 * @cmd contains the operation to be performed.
979 * Return 0 if permission is granted. 979 * Return 0 if permission is granted.
980 * @shm_shmat: 980 * @shm_shmat:
981 * Check permissions prior to allowing the shmat system call to attach the 981 * Check permissions prior to allowing the shmat system call to attach the
982 * shared memory segment @shp to the data segment of the calling process. 982 * shared memory segment @shp to the data segment of the calling process.
983 * The attaching address is specified by @shmaddr. 983 * The attaching address is specified by @shmaddr.
984 * @shp contains the shared memory structure to be modified. 984 * @shp contains the shared memory structure to be modified.
985 * @shmaddr contains the address to attach memory region to. 985 * @shmaddr contains the address to attach memory region to.
986 * @shmflg contains the operational flags. 986 * @shmflg contains the operational flags.
987 * Return 0 if permission is granted. 987 * Return 0 if permission is granted.
988 * 988 *
989 * Security hooks for System V Semaphores 989 * Security hooks for System V Semaphores
990 * 990 *
991 * @sem_alloc_security: 991 * @sem_alloc_security:
992 * Allocate and attach a security structure to the sma->sem_perm.security 992 * Allocate and attach a security structure to the sma->sem_perm.security
993 * field. The security field is initialized to NULL when the structure is 993 * field. The security field is initialized to NULL when the structure is
994 * first created. 994 * first created.
995 * @sma contains the semaphore structure 995 * @sma contains the semaphore structure
996 * Return 0 if operation was successful and permission is granted. 996 * Return 0 if operation was successful and permission is granted.
997 * @sem_free_security: 997 * @sem_free_security:
998 * deallocate security struct for this semaphore 998 * deallocate security struct for this semaphore
999 * @sma contains the semaphore structure. 999 * @sma contains the semaphore structure.
1000 * @sem_associate: 1000 * @sem_associate:
1001 * Check permission when a semaphore is requested through the semget 1001 * Check permission when a semaphore is requested through the semget
1002 * system call. This hook is only called when returning the semaphore 1002 * system call. This hook is only called when returning the semaphore
1003 * identifier for an existing semaphore, not when a new one must be 1003 * identifier for an existing semaphore, not when a new one must be
1004 * created. 1004 * created.
1005 * @sma contains the semaphore structure. 1005 * @sma contains the semaphore structure.
1006 * @semflg contains the operation control flags. 1006 * @semflg contains the operation control flags.
1007 * Return 0 if permission is granted. 1007 * Return 0 if permission is granted.
1008 * @sem_semctl: 1008 * @sem_semctl:
1009 * Check permission when a semaphore operation specified by @cmd is to be 1009 * Check permission when a semaphore operation specified by @cmd is to be
1010 * performed on the semaphore @sma. The @sma may be NULL, e.g. for 1010 * performed on the semaphore @sma. The @sma may be NULL, e.g. for
1011 * IPC_INFO or SEM_INFO. 1011 * IPC_INFO or SEM_INFO.
1012 * @sma contains the semaphore structure. May be NULL. 1012 * @sma contains the semaphore structure. May be NULL.
1013 * @cmd contains the operation to be performed. 1013 * @cmd contains the operation to be performed.
1014 * Return 0 if permission is granted. 1014 * Return 0 if permission is granted.
1015 * @sem_semop 1015 * @sem_semop
1016 * Check permissions before performing operations on members of the 1016 * Check permissions before performing operations on members of the
1017 * semaphore set @sma. If the @alter flag is nonzero, the semaphore set 1017 * semaphore set @sma. If the @alter flag is nonzero, the semaphore set
1018 * may be modified. 1018 * may be modified.
1019 * @sma contains the semaphore structure. 1019 * @sma contains the semaphore structure.
1020 * @sops contains the operations to perform. 1020 * @sops contains the operations to perform.
1021 * @nsops contains the number of operations to perform. 1021 * @nsops contains the number of operations to perform.
1022 * @alter contains the flag indicating whether changes are to be made. 1022 * @alter contains the flag indicating whether changes are to be made.
1023 * Return 0 if permission is granted. 1023 * Return 0 if permission is granted.
1024 * 1024 *
1025 * @ptrace: 1025 * @ptrace:
1026 * Check permission before allowing the @parent process to trace the 1026 * Check permission before allowing the @parent process to trace the
1027 * @child process. 1027 * @child process.
1028 * Security modules may also want to perform a process tracing check 1028 * Security modules may also want to perform a process tracing check
1029 * during an execve in the set_security or apply_creds hooks of 1029 * during an execve in the set_security or apply_creds hooks of
1030 * binprm_security_ops if the process is being traced and its security 1030 * binprm_security_ops if the process is being traced and its security
1031 * attributes would be changed by the execve. 1031 * attributes would be changed by the execve.
1032 * @parent contains the task_struct structure for parent process. 1032 * @parent contains the task_struct structure for parent process.
1033 * @child contains the task_struct structure for child process. 1033 * @child contains the task_struct structure for child process.
1034 * Return 0 if permission is granted. 1034 * Return 0 if permission is granted.
1035 * @capget: 1035 * @capget:
1036 * Get the @effective, @inheritable, and @permitted capability sets for 1036 * Get the @effective, @inheritable, and @permitted capability sets for
1037 * the @target process. The hook may also perform permission checking to 1037 * the @target process. The hook may also perform permission checking to
1038 * determine if the current process is allowed to see the capability sets 1038 * determine if the current process is allowed to see the capability sets
1039 * of the @target process. 1039 * of the @target process.
1040 * @target contains the task_struct structure for target process. 1040 * @target contains the task_struct structure for target process.
1041 * @effective contains the effective capability set. 1041 * @effective contains the effective capability set.
1042 * @inheritable contains the inheritable capability set. 1042 * @inheritable contains the inheritable capability set.
1043 * @permitted contains the permitted capability set. 1043 * @permitted contains the permitted capability set.
1044 * Return 0 if the capability sets were successfully obtained. 1044 * Return 0 if the capability sets were successfully obtained.
1045 * @capset_check: 1045 * @capset_check:
1046 * Check permission before setting the @effective, @inheritable, and 1046 * Check permission before setting the @effective, @inheritable, and
1047 * @permitted capability sets for the @target process. 1047 * @permitted capability sets for the @target process.
1048 * Caveat: @target is also set to current if a set of processes is 1048 * Caveat: @target is also set to current if a set of processes is
1049 * specified (i.e. all processes other than current and init or a 1049 * specified (i.e. all processes other than current and init or a
1050 * particular process group). Hence, the capset_set hook may need to 1050 * particular process group). Hence, the capset_set hook may need to
1051 * revalidate permission to the actual target process. 1051 * revalidate permission to the actual target process.
1052 * @target contains the task_struct structure for target process. 1052 * @target contains the task_struct structure for target process.
1053 * @effective contains the effective capability set. 1053 * @effective contains the effective capability set.
1054 * @inheritable contains the inheritable capability set. 1054 * @inheritable contains the inheritable capability set.
1055 * @permitted contains the permitted capability set. 1055 * @permitted contains the permitted capability set.
1056 * Return 0 if permission is granted. 1056 * Return 0 if permission is granted.
1057 * @capset_set: 1057 * @capset_set:
1058 * Set the @effective, @inheritable, and @permitted capability sets for 1058 * Set the @effective, @inheritable, and @permitted capability sets for
1059 * the @target process. Since capset_check cannot always check permission 1059 * the @target process. Since capset_check cannot always check permission
1060 * to the real @target process, this hook may also perform permission 1060 * to the real @target process, this hook may also perform permission
1061 * checking to determine if the current process is allowed to set the 1061 * checking to determine if the current process is allowed to set the
1062 * capability sets of the @target process. However, this hook has no way 1062 * capability sets of the @target process. However, this hook has no way
1063 * of returning an error due to the structure of the sys_capset code. 1063 * of returning an error due to the structure of the sys_capset code.
1064 * @target contains the task_struct structure for target process. 1064 * @target contains the task_struct structure for target process.
1065 * @effective contains the effective capability set. 1065 * @effective contains the effective capability set.
1066 * @inheritable contains the inheritable capability set. 1066 * @inheritable contains the inheritable capability set.
1067 * @permitted contains the permitted capability set. 1067 * @permitted contains the permitted capability set.
1068 * @capable: 1068 * @capable:
1069 * Check whether the @tsk process has the @cap capability. 1069 * Check whether the @tsk process has the @cap capability.
1070 * @tsk contains the task_struct for the process. 1070 * @tsk contains the task_struct for the process.
1071 * @cap contains the capability <include/linux/capability.h>. 1071 * @cap contains the capability <include/linux/capability.h>.
1072 * Return 0 if the capability is granted for @tsk. 1072 * Return 0 if the capability is granted for @tsk.
1073 * @acct: 1073 * @acct:
1074 * Check permission before enabling or disabling process accounting. If 1074 * Check permission before enabling or disabling process accounting. If
1075 * accounting is being enabled, then @file refers to the open file used to 1075 * accounting is being enabled, then @file refers to the open file used to
1076 * store accounting records. If accounting is being disabled, then @file 1076 * store accounting records. If accounting is being disabled, then @file
1077 * is NULL. 1077 * is NULL.
1078 * @file contains the file structure for the accounting file (may be NULL). 1078 * @file contains the file structure for the accounting file (may be NULL).
1079 * Return 0 if permission is granted. 1079 * Return 0 if permission is granted.
1080 * @sysctl: 1080 * @sysctl:
1081 * Check permission before accessing the @table sysctl variable in the 1081 * Check permission before accessing the @table sysctl variable in the
1082 * manner specified by @op. 1082 * manner specified by @op.
1083 * @table contains the ctl_table structure for the sysctl variable. 1083 * @table contains the ctl_table structure for the sysctl variable.
1084 * @op contains the operation (001 = search, 002 = write, 004 = read). 1084 * @op contains the operation (001 = search, 002 = write, 004 = read).
1085 * Return 0 if permission is granted. 1085 * Return 0 if permission is granted.
1086 * @syslog: 1086 * @syslog:
1087 * Check permission before accessing the kernel message ring or changing 1087 * Check permission before accessing the kernel message ring or changing
1088 * logging to the console. 1088 * logging to the console.
1089 * See the syslog(2) manual page for an explanation of the @type values. 1089 * See the syslog(2) manual page for an explanation of the @type values.
1090 * @type contains the type of action. 1090 * @type contains the type of action.
1091 * Return 0 if permission is granted. 1091 * Return 0 if permission is granted.
1092 * @settime: 1092 * @settime:
1093 * Check permission to change the system time. 1093 * Check permission to change the system time.
1094 * struct timespec and timezone are defined in include/linux/time.h 1094 * struct timespec and timezone are defined in include/linux/time.h
1095 * @ts contains new time 1095 * @ts contains new time
1096 * @tz contains new timezone 1096 * @tz contains new timezone
1097 * Return 0 if permission is granted. 1097 * Return 0 if permission is granted.
1098 * @vm_enough_memory: 1098 * @vm_enough_memory:
1099 * Check permissions for allocating a new virtual mapping. 1099 * Check permissions for allocating a new virtual mapping.
1100 * @pages contains the number of pages. 1100 * @pages contains the number of pages.
1101 * Return 0 if permission is granted. 1101 * Return 0 if permission is granted.
1102 * 1102 *
1103 * @register_security: 1103 * @register_security:
1104 * allow module stacking. 1104 * allow module stacking.
1105 * @name contains the name of the security module being stacked. 1105 * @name contains the name of the security module being stacked.
1106 * @ops contains a pointer to the struct security_operations of the module to stack. 1106 * @ops contains a pointer to the struct security_operations of the module to stack.
1107 * @unregister_security: 1107 * @unregister_security:
1108 * remove a stacked module. 1108 * remove a stacked module.
1109 * @name contains the name of the security module being unstacked. 1109 * @name contains the name of the security module being unstacked.
1110 * @ops contains a pointer to the struct security_operations of the module to unstack. 1110 * @ops contains a pointer to the struct security_operations of the module to unstack.
1111 * 1111 *
1112 * @secid_to_secctx: 1112 * @secid_to_secctx:
1113 * Convert secid to security context. 1113 * Convert secid to security context.
1114 * @secid contains the security ID. 1114 * @secid contains the security ID.
1115 * @secdata contains the pointer that stores the converted security context. 1115 * @secdata contains the pointer that stores the converted security context.
1116 * 1116 *
1117 * @release_secctx: 1117 * @release_secctx:
1118 * Release the security context. 1118 * Release the security context.
1119 * @secdata contains the security context. 1119 * @secdata contains the security context.
1120 * @seclen contains the length of the security context. 1120 * @seclen contains the length of the security context.
1121 * 1121 *
1122 * This is the main security structure. 1122 * This is the main security structure.
1123 */ 1123 */
1124 struct security_operations { 1124 struct security_operations {
1125 int (*ptrace) (struct task_struct * parent, struct task_struct * child); 1125 int (*ptrace) (struct task_struct * parent, struct task_struct * child);
1126 int (*capget) (struct task_struct * target, 1126 int (*capget) (struct task_struct * target,
1127 kernel_cap_t * effective, 1127 kernel_cap_t * effective,
1128 kernel_cap_t * inheritable, kernel_cap_t * permitted); 1128 kernel_cap_t * inheritable, kernel_cap_t * permitted);
1129 int (*capset_check) (struct task_struct * target, 1129 int (*capset_check) (struct task_struct * target,
1130 kernel_cap_t * effective, 1130 kernel_cap_t * effective,
1131 kernel_cap_t * inheritable, 1131 kernel_cap_t * inheritable,
1132 kernel_cap_t * permitted); 1132 kernel_cap_t * permitted);
1133 void (*capset_set) (struct task_struct * target, 1133 void (*capset_set) (struct task_struct * target,
1134 kernel_cap_t * effective, 1134 kernel_cap_t * effective,
1135 kernel_cap_t * inheritable, 1135 kernel_cap_t * inheritable,
1136 kernel_cap_t * permitted); 1136 kernel_cap_t * permitted);
1137 int (*capable) (struct task_struct * tsk, int cap); 1137 int (*capable) (struct task_struct * tsk, int cap);
1138 int (*acct) (struct file * file); 1138 int (*acct) (struct file * file);
1139 int (*sysctl) (struct ctl_table * table, int op); 1139 int (*sysctl) (struct ctl_table * table, int op);
1140 int (*quotactl) (int cmds, int type, int id, struct super_block * sb); 1140 int (*quotactl) (int cmds, int type, int id, struct super_block * sb);
1141 int (*quota_on) (struct dentry * dentry); 1141 int (*quota_on) (struct dentry * dentry);
1142 int (*syslog) (int type); 1142 int (*syslog) (int type);
1143 int (*settime) (struct timespec *ts, struct timezone *tz); 1143 int (*settime) (struct timespec *ts, struct timezone *tz);
1144 int (*vm_enough_memory) (long pages); 1144 int (*vm_enough_memory) (long pages);
1145 1145
1146 int (*bprm_alloc_security) (struct linux_binprm * bprm); 1146 int (*bprm_alloc_security) (struct linux_binprm * bprm);
1147 void (*bprm_free_security) (struct linux_binprm * bprm); 1147 void (*bprm_free_security) (struct linux_binprm * bprm);
1148 void (*bprm_apply_creds) (struct linux_binprm * bprm, int unsafe); 1148 void (*bprm_apply_creds) (struct linux_binprm * bprm, int unsafe);
1149 void (*bprm_post_apply_creds) (struct linux_binprm * bprm); 1149 void (*bprm_post_apply_creds) (struct linux_binprm * bprm);
1150 int (*bprm_set_security) (struct linux_binprm * bprm); 1150 int (*bprm_set_security) (struct linux_binprm * bprm);
1151 int (*bprm_check_security) (struct linux_binprm * bprm); 1151 int (*bprm_check_security) (struct linux_binprm * bprm);
1152 int (*bprm_secureexec) (struct linux_binprm * bprm); 1152 int (*bprm_secureexec) (struct linux_binprm * bprm);
1153 1153
1154 int (*sb_alloc_security) (struct super_block * sb); 1154 int (*sb_alloc_security) (struct super_block * sb);
1155 void (*sb_free_security) (struct super_block * sb); 1155 void (*sb_free_security) (struct super_block * sb);
1156 int (*sb_copy_data)(struct file_system_type *type, 1156 int (*sb_copy_data)(struct file_system_type *type,
1157 void *orig, void *copy); 1157 void *orig, void *copy);
1158 int (*sb_kern_mount) (struct super_block *sb, void *data); 1158 int (*sb_kern_mount) (struct super_block *sb, void *data);
1159 int (*sb_statfs) (struct dentry *dentry); 1159 int (*sb_statfs) (struct dentry *dentry);
1160 int (*sb_mount) (char *dev_name, struct nameidata * nd, 1160 int (*sb_mount) (char *dev_name, struct nameidata * nd,
1161 char *type, unsigned long flags, void *data); 1161 char *type, unsigned long flags, void *data);
1162 int (*sb_check_sb) (struct vfsmount * mnt, struct nameidata * nd); 1162 int (*sb_check_sb) (struct vfsmount * mnt, struct nameidata * nd);
1163 int (*sb_umount) (struct vfsmount * mnt, int flags); 1163 int (*sb_umount) (struct vfsmount * mnt, int flags);
1164 void (*sb_umount_close) (struct vfsmount * mnt); 1164 void (*sb_umount_close) (struct vfsmount * mnt);
1165 void (*sb_umount_busy) (struct vfsmount * mnt); 1165 void (*sb_umount_busy) (struct vfsmount * mnt);
1166 void (*sb_post_remount) (struct vfsmount * mnt, 1166 void (*sb_post_remount) (struct vfsmount * mnt,
1167 unsigned long flags, void *data); 1167 unsigned long flags, void *data);
1168 void (*sb_post_mountroot) (void); 1168 void (*sb_post_mountroot) (void);
1169 void (*sb_post_addmount) (struct vfsmount * mnt, 1169 void (*sb_post_addmount) (struct vfsmount * mnt,
1170 struct nameidata * mountpoint_nd); 1170 struct nameidata * mountpoint_nd);
1171 int (*sb_pivotroot) (struct nameidata * old_nd, 1171 int (*sb_pivotroot) (struct nameidata * old_nd,
1172 struct nameidata * new_nd); 1172 struct nameidata * new_nd);
1173 void (*sb_post_pivotroot) (struct nameidata * old_nd, 1173 void (*sb_post_pivotroot) (struct nameidata * old_nd,
1174 struct nameidata * new_nd); 1174 struct nameidata * new_nd);
1175 1175
1176 int (*inode_alloc_security) (struct inode *inode); 1176 int (*inode_alloc_security) (struct inode *inode);
1177 void (*inode_free_security) (struct inode *inode); 1177 void (*inode_free_security) (struct inode *inode);
1178 int (*inode_init_security) (struct inode *inode, struct inode *dir, 1178 int (*inode_init_security) (struct inode *inode, struct inode *dir,
1179 char **name, void **value, size_t *len); 1179 char **name, void **value, size_t *len);
1180 int (*inode_create) (struct inode *dir, 1180 int (*inode_create) (struct inode *dir,
1181 struct dentry *dentry, int mode); 1181 struct dentry *dentry, int mode);
1182 int (*inode_link) (struct dentry *old_dentry, 1182 int (*inode_link) (struct dentry *old_dentry,
1183 struct inode *dir, struct dentry *new_dentry); 1183 struct inode *dir, struct dentry *new_dentry);
1184 int (*inode_unlink) (struct inode *dir, struct dentry *dentry); 1184 int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
1185 int (*inode_symlink) (struct inode *dir, 1185 int (*inode_symlink) (struct inode *dir,
1186 struct dentry *dentry, const char *old_name); 1186 struct dentry *dentry, const char *old_name);
1187 int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, int mode); 1187 int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, int mode);
1188 int (*inode_rmdir) (struct inode *dir, struct dentry *dentry); 1188 int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
1189 int (*inode_mknod) (struct inode *dir, struct dentry *dentry, 1189 int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
1190 int mode, dev_t dev); 1190 int mode, dev_t dev);
1191 int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry, 1191 int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
1192 struct inode *new_dir, struct dentry *new_dentry); 1192 struct inode *new_dir, struct dentry *new_dentry);
1193 int (*inode_readlink) (struct dentry *dentry); 1193 int (*inode_readlink) (struct dentry *dentry);
1194 int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd); 1194 int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
1195 int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd); 1195 int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd);
1196 int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); 1196 int (*inode_setattr) (struct dentry *dentry, struct iattr *attr);
1197 int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); 1197 int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry);
1198 void (*inode_delete) (struct inode *inode); 1198 void (*inode_delete) (struct inode *inode);
1199 int (*inode_setxattr) (struct dentry *dentry, char *name, void *value, 1199 int (*inode_setxattr) (struct dentry *dentry, char *name, void *value,
1200 size_t size, int flags); 1200 size_t size, int flags);
1201 void (*inode_post_setxattr) (struct dentry *dentry, char *name, void *value, 1201 void (*inode_post_setxattr) (struct dentry *dentry, char *name, void *value,
1202 size_t size, int flags); 1202 size_t size, int flags);
1203 int (*inode_getxattr) (struct dentry *dentry, char *name); 1203 int (*inode_getxattr) (struct dentry *dentry, char *name);
1204 int (*inode_listxattr) (struct dentry *dentry); 1204 int (*inode_listxattr) (struct dentry *dentry);
1205 int (*inode_removexattr) (struct dentry *dentry, char *name); 1205 int (*inode_removexattr) (struct dentry *dentry, char *name);
1206 const char *(*inode_xattr_getsuffix) (void); 1206 const char *(*inode_xattr_getsuffix) (void);
1207 int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err); 1207 int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err);
1208 int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); 1208 int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags);
1209 int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); 1209 int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size);
1210 1210
1211 int (*file_permission) (struct file * file, int mask); 1211 int (*file_permission) (struct file * file, int mask);
1212 int (*file_alloc_security) (struct file * file); 1212 int (*file_alloc_security) (struct file * file);
1213 void (*file_free_security) (struct file * file); 1213 void (*file_free_security) (struct file * file);
1214 int (*file_ioctl) (struct file * file, unsigned int cmd, 1214 int (*file_ioctl) (struct file * file, unsigned int cmd,
1215 unsigned long arg); 1215 unsigned long arg);
1216 int (*file_mmap) (struct file * file, 1216 int (*file_mmap) (struct file * file,
1217 unsigned long reqprot, 1217 unsigned long reqprot,
1218 unsigned long prot, unsigned long flags); 1218 unsigned long prot, unsigned long flags);
1219 int (*file_mprotect) (struct vm_area_struct * vma, 1219 int (*file_mprotect) (struct vm_area_struct * vma,
1220 unsigned long reqprot, 1220 unsigned long reqprot,
1221 unsigned long prot); 1221 unsigned long prot);
1222 int (*file_lock) (struct file * file, unsigned int cmd); 1222 int (*file_lock) (struct file * file, unsigned int cmd);
1223 int (*file_fcntl) (struct file * file, unsigned int cmd, 1223 int (*file_fcntl) (struct file * file, unsigned int cmd,
1224 unsigned long arg); 1224 unsigned long arg);
1225 int (*file_set_fowner) (struct file * file); 1225 int (*file_set_fowner) (struct file * file);
1226 int (*file_send_sigiotask) (struct task_struct * tsk, 1226 int (*file_send_sigiotask) (struct task_struct * tsk,
1227 struct fown_struct * fown, int sig); 1227 struct fown_struct * fown, int sig);
1228 int (*file_receive) (struct file * file); 1228 int (*file_receive) (struct file * file);
1229 1229
1230 int (*task_create) (unsigned long clone_flags); 1230 int (*task_create) (unsigned long clone_flags);
1231 int (*task_alloc_security) (struct task_struct * p); 1231 int (*task_alloc_security) (struct task_struct * p);
1232 void (*task_free_security) (struct task_struct * p); 1232 void (*task_free_security) (struct task_struct * p);
1233 int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); 1233 int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags);
1234 int (*task_post_setuid) (uid_t old_ruid /* or fsuid */ , 1234 int (*task_post_setuid) (uid_t old_ruid /* or fsuid */ ,
1235 uid_t old_euid, uid_t old_suid, int flags); 1235 uid_t old_euid, uid_t old_suid, int flags);
1236 int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); 1236 int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags);
1237 int (*task_setpgid) (struct task_struct * p, pid_t pgid); 1237 int (*task_setpgid) (struct task_struct * p, pid_t pgid);
1238 int (*task_getpgid) (struct task_struct * p); 1238 int (*task_getpgid) (struct task_struct * p);
1239 int (*task_getsid) (struct task_struct * p); 1239 int (*task_getsid) (struct task_struct * p);
1240 void (*task_getsecid) (struct task_struct * p, u32 * secid); 1240 void (*task_getsecid) (struct task_struct * p, u32 * secid);
1241 int (*task_setgroups) (struct group_info *group_info); 1241 int (*task_setgroups) (struct group_info *group_info);
1242 int (*task_setnice) (struct task_struct * p, int nice); 1242 int (*task_setnice) (struct task_struct * p, int nice);
1243 int (*task_setioprio) (struct task_struct * p, int ioprio); 1243 int (*task_setioprio) (struct task_struct * p, int ioprio);
1244 int (*task_getioprio) (struct task_struct * p); 1244 int (*task_getioprio) (struct task_struct * p);
1245 int (*task_setrlimit) (unsigned int resource, struct rlimit * new_rlim); 1245 int (*task_setrlimit) (unsigned int resource, struct rlimit * new_rlim);
1246 int (*task_setscheduler) (struct task_struct * p, int policy, 1246 int (*task_setscheduler) (struct task_struct * p, int policy,
1247 struct sched_param * lp); 1247 struct sched_param * lp);
1248 int (*task_getscheduler) (struct task_struct * p); 1248 int (*task_getscheduler) (struct task_struct * p);
1249 int (*task_movememory) (struct task_struct * p); 1249 int (*task_movememory) (struct task_struct * p);
1250 int (*task_kill) (struct task_struct * p, 1250 int (*task_kill) (struct task_struct * p,
1251 struct siginfo * info, int sig, u32 secid); 1251 struct siginfo * info, int sig, u32 secid);
1252 int (*task_wait) (struct task_struct * p); 1252 int (*task_wait) (struct task_struct * p);
1253 int (*task_prctl) (int option, unsigned long arg2, 1253 int (*task_prctl) (int option, unsigned long arg2,
1254 unsigned long arg3, unsigned long arg4, 1254 unsigned long arg3, unsigned long arg4,
1255 unsigned long arg5); 1255 unsigned long arg5);
1256 void (*task_reparent_to_init) (struct task_struct * p); 1256 void (*task_reparent_to_init) (struct task_struct * p);
1257 void (*task_to_inode)(struct task_struct *p, struct inode *inode); 1257 void (*task_to_inode)(struct task_struct *p, struct inode *inode);
1258 1258
1259 int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); 1259 int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag);
1260 1260
1261 int (*msg_msg_alloc_security) (struct msg_msg * msg); 1261 int (*msg_msg_alloc_security) (struct msg_msg * msg);
1262 void (*msg_msg_free_security) (struct msg_msg * msg); 1262 void (*msg_msg_free_security) (struct msg_msg * msg);
1263 1263
1264 int (*msg_queue_alloc_security) (struct msg_queue * msq); 1264 int (*msg_queue_alloc_security) (struct msg_queue * msq);
1265 void (*msg_queue_free_security) (struct msg_queue * msq); 1265 void (*msg_queue_free_security) (struct msg_queue * msq);
1266 int (*msg_queue_associate) (struct msg_queue * msq, int msqflg); 1266 int (*msg_queue_associate) (struct msg_queue * msq, int msqflg);
1267 int (*msg_queue_msgctl) (struct msg_queue * msq, int cmd); 1267 int (*msg_queue_msgctl) (struct msg_queue * msq, int cmd);
1268 int (*msg_queue_msgsnd) (struct msg_queue * msq, 1268 int (*msg_queue_msgsnd) (struct msg_queue * msq,
1269 struct msg_msg * msg, int msqflg); 1269 struct msg_msg * msg, int msqflg);
1270 int (*msg_queue_msgrcv) (struct msg_queue * msq, 1270 int (*msg_queue_msgrcv) (struct msg_queue * msq,
1271 struct msg_msg * msg, 1271 struct msg_msg * msg,
1272 struct task_struct * target, 1272 struct task_struct * target,
1273 long type, int mode); 1273 long type, int mode);
1274 1274
1275 int (*shm_alloc_security) (struct shmid_kernel * shp); 1275 int (*shm_alloc_security) (struct shmid_kernel * shp);
1276 void (*shm_free_security) (struct shmid_kernel * shp); 1276 void (*shm_free_security) (struct shmid_kernel * shp);
1277 int (*shm_associate) (struct shmid_kernel * shp, int shmflg); 1277 int (*shm_associate) (struct shmid_kernel * shp, int shmflg);
1278 int (*shm_shmctl) (struct shmid_kernel * shp, int cmd); 1278 int (*shm_shmctl) (struct shmid_kernel * shp, int cmd);
1279 int (*shm_shmat) (struct shmid_kernel * shp, 1279 int (*shm_shmat) (struct shmid_kernel * shp,
1280 char __user *shmaddr, int shmflg); 1280 char __user *shmaddr, int shmflg);
1281 1281
1282 int (*sem_alloc_security) (struct sem_array * sma); 1282 int (*sem_alloc_security) (struct sem_array * sma);
1283 void (*sem_free_security) (struct sem_array * sma); 1283 void (*sem_free_security) (struct sem_array * sma);
1284 int (*sem_associate) (struct sem_array * sma, int semflg); 1284 int (*sem_associate) (struct sem_array * sma, int semflg);
1285 int (*sem_semctl) (struct sem_array * sma, int cmd); 1285 int (*sem_semctl) (struct sem_array * sma, int cmd);
1286 int (*sem_semop) (struct sem_array * sma, 1286 int (*sem_semop) (struct sem_array * sma,
1287 struct sembuf * sops, unsigned nsops, int alter); 1287 struct sembuf * sops, unsigned nsops, int alter);
1288 1288
1289 int (*netlink_send) (struct sock * sk, struct sk_buff * skb); 1289 int (*netlink_send) (struct sock * sk, struct sk_buff * skb);
1290 int (*netlink_recv) (struct sk_buff * skb, int cap); 1290 int (*netlink_recv) (struct sk_buff * skb, int cap);
1291 1291
1292 /* allow module stacking */ 1292 /* allow module stacking */
1293 int (*register_security) (const char *name, 1293 int (*register_security) (const char *name,
1294 struct security_operations *ops); 1294 struct security_operations *ops);
1295 int (*unregister_security) (const char *name, 1295 int (*unregister_security) (const char *name,
1296 struct security_operations *ops); 1296 struct security_operations *ops);
1297 1297
1298 void (*d_instantiate) (struct dentry *dentry, struct inode *inode); 1298 void (*d_instantiate) (struct dentry *dentry, struct inode *inode);
1299 1299
1300 int (*getprocattr)(struct task_struct *p, char *name, void *value, size_t size); 1300 int (*getprocattr)(struct task_struct *p, char *name, void *value, size_t size);
1301 int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size); 1301 int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size);
1302 int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen); 1302 int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen);
1303 void (*release_secctx)(char *secdata, u32 seclen); 1303 void (*release_secctx)(char *secdata, u32 seclen);
1304 1304
1305 #ifdef CONFIG_SECURITY_NETWORK 1305 #ifdef CONFIG_SECURITY_NETWORK
1306 int (*unix_stream_connect) (struct socket * sock, 1306 int (*unix_stream_connect) (struct socket * sock,
1307 struct socket * other, struct sock * newsk); 1307 struct socket * other, struct sock * newsk);
1308 int (*unix_may_send) (struct socket * sock, struct socket * other); 1308 int (*unix_may_send) (struct socket * sock, struct socket * other);
1309 1309
1310 int (*socket_create) (int family, int type, int protocol, int kern); 1310 int (*socket_create) (int family, int type, int protocol, int kern);
1311 void (*socket_post_create) (struct socket * sock, int family, 1311 void (*socket_post_create) (struct socket * sock, int family,
1312 int type, int protocol, int kern); 1312 int type, int protocol, int kern);
1313 int (*socket_bind) (struct socket * sock, 1313 int (*socket_bind) (struct socket * sock,
1314 struct sockaddr * address, int addrlen); 1314 struct sockaddr * address, int addrlen);
1315 int (*socket_connect) (struct socket * sock, 1315 int (*socket_connect) (struct socket * sock,
1316 struct sockaddr * address, int addrlen); 1316 struct sockaddr * address, int addrlen);
1317 int (*socket_listen) (struct socket * sock, int backlog); 1317 int (*socket_listen) (struct socket * sock, int backlog);
1318 int (*socket_accept) (struct socket * sock, struct socket * newsock); 1318 int (*socket_accept) (struct socket * sock, struct socket * newsock);
1319 void (*socket_post_accept) (struct socket * sock, 1319 void (*socket_post_accept) (struct socket * sock,
1320 struct socket * newsock); 1320 struct socket * newsock);
1321 int (*socket_sendmsg) (struct socket * sock, 1321 int (*socket_sendmsg) (struct socket * sock,
1322 struct msghdr * msg, int size); 1322 struct msghdr * msg, int size);
1323 int (*socket_recvmsg) (struct socket * sock, 1323 int (*socket_recvmsg) (struct socket * sock,
1324 struct msghdr * msg, int size, int flags); 1324 struct msghdr * msg, int size, int flags);
1325 int (*socket_getsockname) (struct socket * sock); 1325 int (*socket_getsockname) (struct socket * sock);
1326 int (*socket_getpeername) (struct socket * sock); 1326 int (*socket_getpeername) (struct socket * sock);
1327 int (*socket_getsockopt) (struct socket * sock, int level, int optname); 1327 int (*socket_getsockopt) (struct socket * sock, int level, int optname);
1328 int (*socket_setsockopt) (struct socket * sock, int level, int optname); 1328 int (*socket_setsockopt) (struct socket * sock, int level, int optname);
1329 int (*socket_shutdown) (struct socket * sock, int how); 1329 int (*socket_shutdown) (struct socket * sock, int how);
1330 int (*socket_sock_rcv_skb) (struct sock * sk, struct sk_buff * skb); 1330 int (*socket_sock_rcv_skb) (struct sock * sk, struct sk_buff * skb);
1331 int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len); 1331 int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
1332 int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid); 1332 int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
1333 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority); 1333 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
1334 void (*sk_free_security) (struct sock *sk); 1334 void (*sk_free_security) (struct sock *sk);
1335 unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir); 1335 unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir);
1336 #endif /* CONFIG_SECURITY_NETWORK */ 1336 #endif /* CONFIG_SECURITY_NETWORK */
1337 1337
1338 #ifdef CONFIG_SECURITY_NETWORK_XFRM 1338 #ifdef CONFIG_SECURITY_NETWORK_XFRM
1339 int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx); 1339 int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx);
1340 int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new); 1340 int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new);
1341 void (*xfrm_policy_free_security) (struct xfrm_policy *xp); 1341 void (*xfrm_policy_free_security) (struct xfrm_policy *xp);
1342 int (*xfrm_policy_delete_security) (struct xfrm_policy *xp); 1342 int (*xfrm_policy_delete_security) (struct xfrm_policy *xp);
1343 int (*xfrm_state_alloc_security) (struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx); 1343 int (*xfrm_state_alloc_security) (struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx);
1344 void (*xfrm_state_free_security) (struct xfrm_state *x); 1344 void (*xfrm_state_free_security) (struct xfrm_state *x);
1345 int (*xfrm_state_delete_security) (struct xfrm_state *x); 1345 int (*xfrm_state_delete_security) (struct xfrm_state *x);
1346 int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 sk_sid, u8 dir); 1346 int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 sk_sid, u8 dir);
1347 #endif /* CONFIG_SECURITY_NETWORK_XFRM */ 1347 #endif /* CONFIG_SECURITY_NETWORK_XFRM */
1348 1348
1349 /* key management security hooks */ 1349 /* key management security hooks */
1350 #ifdef CONFIG_KEYS 1350 #ifdef CONFIG_KEYS
1351 int (*key_alloc)(struct key *key, struct task_struct *tsk, unsigned long flags); 1351 int (*key_alloc)(struct key *key, struct task_struct *tsk, unsigned long flags);
1352 void (*key_free)(struct key *key); 1352 void (*key_free)(struct key *key);
1353 int (*key_permission)(key_ref_t key_ref, 1353 int (*key_permission)(key_ref_t key_ref,
1354 struct task_struct *context, 1354 struct task_struct *context,
1355 key_perm_t perm); 1355 key_perm_t perm);
1356 1356
1357 #endif /* CONFIG_KEYS */ 1357 #endif /* CONFIG_KEYS */
1358 1358
1359 }; 1359 };
1360 1360
1361 /* global variables */ 1361 /* global variables */
1362 extern struct security_operations *security_ops; 1362 extern struct security_operations *security_ops;
1363 1363
1364 /* inline stuff */ 1364 /* inline stuff */
1365 static inline int security_ptrace (struct task_struct * parent, struct task_struct * child) 1365 static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
1366 { 1366 {
1367 return security_ops->ptrace (parent, child); 1367 return security_ops->ptrace (parent, child);
1368 } 1368 }
1369 1369
1370 static inline int security_capget (struct task_struct *target, 1370 static inline int security_capget (struct task_struct *target,
1371 kernel_cap_t *effective, 1371 kernel_cap_t *effective,
1372 kernel_cap_t *inheritable, 1372 kernel_cap_t *inheritable,
1373 kernel_cap_t *permitted) 1373 kernel_cap_t *permitted)
1374 { 1374 {
1375 return security_ops->capget (target, effective, inheritable, permitted); 1375 return security_ops->capget (target, effective, inheritable, permitted);
1376 } 1376 }
1377 1377
1378 static inline int security_capset_check (struct task_struct *target, 1378 static inline int security_capset_check (struct task_struct *target,
1379 kernel_cap_t *effective, 1379 kernel_cap_t *effective,
1380 kernel_cap_t *inheritable, 1380 kernel_cap_t *inheritable,
1381 kernel_cap_t *permitted) 1381 kernel_cap_t *permitted)
1382 { 1382 {
1383 return security_ops->capset_check (target, effective, inheritable, permitted); 1383 return security_ops->capset_check (target, effective, inheritable, permitted);
1384 } 1384 }
1385 1385
1386 static inline void security_capset_set (struct task_struct *target, 1386 static inline void security_capset_set (struct task_struct *target,
1387 kernel_cap_t *effective, 1387 kernel_cap_t *effective,
1388 kernel_cap_t *inheritable, 1388 kernel_cap_t *inheritable,
1389 kernel_cap_t *permitted) 1389 kernel_cap_t *permitted)
1390 { 1390 {
1391 security_ops->capset_set (target, effective, inheritable, permitted); 1391 security_ops->capset_set (target, effective, inheritable, permitted);
1392 } 1392 }
1393 1393
1394 static inline int security_capable(struct task_struct *tsk, int cap) 1394 static inline int security_capable(struct task_struct *tsk, int cap)
1395 { 1395 {
1396 return security_ops->capable(tsk, cap); 1396 return security_ops->capable(tsk, cap);
1397 } 1397 }
1398 1398
1399 static inline int security_acct (struct file *file) 1399 static inline int security_acct (struct file *file)
1400 { 1400 {
1401 return security_ops->acct (file); 1401 return security_ops->acct (file);
1402 } 1402 }
1403 1403
1404 static inline int security_sysctl(struct ctl_table *table, int op) 1404 static inline int security_sysctl(struct ctl_table *table, int op)
1405 { 1405 {
1406 return security_ops->sysctl(table, op); 1406 return security_ops->sysctl(table, op);
1407 } 1407 }
1408 1408
1409 static inline int security_quotactl (int cmds, int type, int id, 1409 static inline int security_quotactl (int cmds, int type, int id,
1410 struct super_block *sb) 1410 struct super_block *sb)
1411 { 1411 {
1412 return security_ops->quotactl (cmds, type, id, sb); 1412 return security_ops->quotactl (cmds, type, id, sb);
1413 } 1413 }
1414 1414
1415 static inline int security_quota_on (struct dentry * dentry) 1415 static inline int security_quota_on (struct dentry * dentry)
1416 { 1416 {
1417 return security_ops->quota_on (dentry); 1417 return security_ops->quota_on (dentry);
1418 } 1418 }
1419 1419
1420 static inline int security_syslog(int type) 1420 static inline int security_syslog(int type)
1421 { 1421 {
1422 return security_ops->syslog(type); 1422 return security_ops->syslog(type);
1423 } 1423 }
1424 1424
1425 static inline int security_settime(struct timespec *ts, struct timezone *tz) 1425 static inline int security_settime(struct timespec *ts, struct timezone *tz)
1426 { 1426 {
1427 return security_ops->settime(ts, tz); 1427 return security_ops->settime(ts, tz);
1428 } 1428 }
1429 1429
1430 1430
1431 static inline int security_vm_enough_memory(long pages) 1431 static inline int security_vm_enough_memory(long pages)
1432 { 1432 {
1433 return security_ops->vm_enough_memory(pages); 1433 return security_ops->vm_enough_memory(pages);
1434 } 1434 }
1435 1435
1436 static inline int security_bprm_alloc (struct linux_binprm *bprm) 1436 static inline int security_bprm_alloc (struct linux_binprm *bprm)
1437 { 1437 {
1438 return security_ops->bprm_alloc_security (bprm); 1438 return security_ops->bprm_alloc_security (bprm);
1439 } 1439 }
1440 static inline void security_bprm_free (struct linux_binprm *bprm) 1440 static inline void security_bprm_free (struct linux_binprm *bprm)
1441 { 1441 {
1442 security_ops->bprm_free_security (bprm); 1442 security_ops->bprm_free_security (bprm);
1443 } 1443 }
1444 static inline void security_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) 1444 static inline void security_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
1445 { 1445 {
1446 security_ops->bprm_apply_creds (bprm, unsafe); 1446 security_ops->bprm_apply_creds (bprm, unsafe);
1447 } 1447 }
1448 static inline void security_bprm_post_apply_creds (struct linux_binprm *bprm) 1448 static inline void security_bprm_post_apply_creds (struct linux_binprm *bprm)
1449 { 1449 {
1450 security_ops->bprm_post_apply_creds (bprm); 1450 security_ops->bprm_post_apply_creds (bprm);
1451 } 1451 }
1452 static inline int security_bprm_set (struct linux_binprm *bprm) 1452 static inline int security_bprm_set (struct linux_binprm *bprm)
1453 { 1453 {
1454 return security_ops->bprm_set_security (bprm); 1454 return security_ops->bprm_set_security (bprm);
1455 } 1455 }
1456 1456
1457 static inline int security_bprm_check (struct linux_binprm *bprm) 1457 static inline int security_bprm_check (struct linux_binprm *bprm)
1458 { 1458 {
1459 return security_ops->bprm_check_security (bprm); 1459 return security_ops->bprm_check_security (bprm);
1460 } 1460 }
1461 1461
1462 static inline int security_bprm_secureexec (struct linux_binprm *bprm) 1462 static inline int security_bprm_secureexec (struct linux_binprm *bprm)
1463 { 1463 {
1464 return security_ops->bprm_secureexec (bprm); 1464 return security_ops->bprm_secureexec (bprm);
1465 } 1465 }
1466 1466
1467 static inline int security_sb_alloc (struct super_block *sb) 1467 static inline int security_sb_alloc (struct super_block *sb)
1468 { 1468 {
1469 return security_ops->sb_alloc_security (sb); 1469 return security_ops->sb_alloc_security (sb);
1470 } 1470 }
1471 1471
1472 static inline void security_sb_free (struct super_block *sb) 1472 static inline void security_sb_free (struct super_block *sb)
1473 { 1473 {
1474 security_ops->sb_free_security (sb); 1474 security_ops->sb_free_security (sb);
1475 } 1475 }
1476 1476
1477 static inline int security_sb_copy_data (struct file_system_type *type, 1477 static inline int security_sb_copy_data (struct file_system_type *type,
1478 void *orig, void *copy) 1478 void *orig, void *copy)
1479 { 1479 {
1480 return security_ops->sb_copy_data (type, orig, copy); 1480 return security_ops->sb_copy_data (type, orig, copy);
1481 } 1481 }
1482 1482
1483 static inline int security_sb_kern_mount (struct super_block *sb, void *data) 1483 static inline int security_sb_kern_mount (struct super_block *sb, void *data)
1484 { 1484 {
1485 return security_ops->sb_kern_mount (sb, data); 1485 return security_ops->sb_kern_mount (sb, data);
1486 } 1486 }
1487 1487
1488 static inline int security_sb_statfs (struct dentry *dentry) 1488 static inline int security_sb_statfs (struct dentry *dentry)
1489 { 1489 {
1490 return security_ops->sb_statfs (dentry); 1490 return security_ops->sb_statfs (dentry);
1491 } 1491 }
1492 1492
1493 static inline int security_sb_mount (char *dev_name, struct nameidata *nd, 1493 static inline int security_sb_mount (char *dev_name, struct nameidata *nd,
1494 char *type, unsigned long flags, 1494 char *type, unsigned long flags,
1495 void *data) 1495 void *data)
1496 { 1496 {
1497 return security_ops->sb_mount (dev_name, nd, type, flags, data); 1497 return security_ops->sb_mount (dev_name, nd, type, flags, data);
1498 } 1498 }
1499 1499
1500 static inline int security_sb_check_sb (struct vfsmount *mnt, 1500 static inline int security_sb_check_sb (struct vfsmount *mnt,
1501 struct nameidata *nd) 1501 struct nameidata *nd)
1502 { 1502 {
1503 return security_ops->sb_check_sb (mnt, nd); 1503 return security_ops->sb_check_sb (mnt, nd);
1504 } 1504 }
1505 1505
1506 static inline int security_sb_umount (struct vfsmount *mnt, int flags) 1506 static inline int security_sb_umount (struct vfsmount *mnt, int flags)
1507 { 1507 {
1508 return security_ops->sb_umount (mnt, flags); 1508 return security_ops->sb_umount (mnt, flags);
1509 } 1509 }
1510 1510
1511 static inline void security_sb_umount_close (struct vfsmount *mnt) 1511 static inline void security_sb_umount_close (struct vfsmount *mnt)
1512 { 1512 {
1513 security_ops->sb_umount_close (mnt); 1513 security_ops->sb_umount_close (mnt);
1514 } 1514 }
1515 1515
1516 static inline void security_sb_umount_busy (struct vfsmount *mnt) 1516 static inline void security_sb_umount_busy (struct vfsmount *mnt)
1517 { 1517 {
1518 security_ops->sb_umount_busy (mnt); 1518 security_ops->sb_umount_busy (mnt);
1519 } 1519 }
1520 1520
1521 static inline void security_sb_post_remount (struct vfsmount *mnt, 1521 static inline void security_sb_post_remount (struct vfsmount *mnt,
1522 unsigned long flags, void *data) 1522 unsigned long flags, void *data)
1523 { 1523 {
1524 security_ops->sb_post_remount (mnt, flags, data); 1524 security_ops->sb_post_remount (mnt, flags, data);
1525 } 1525 }
1526 1526
1527 static inline void security_sb_post_mountroot (void) 1527 static inline void security_sb_post_mountroot (void)
1528 { 1528 {
1529 security_ops->sb_post_mountroot (); 1529 security_ops->sb_post_mountroot ();
1530 } 1530 }
1531 1531
1532 static inline void security_sb_post_addmount (struct vfsmount *mnt, 1532 static inline void security_sb_post_addmount (struct vfsmount *mnt,
1533 struct nameidata *mountpoint_nd) 1533 struct nameidata *mountpoint_nd)
1534 { 1534 {
1535 security_ops->sb_post_addmount (mnt, mountpoint_nd); 1535 security_ops->sb_post_addmount (mnt, mountpoint_nd);
1536 } 1536 }
1537 1537
1538 static inline int security_sb_pivotroot (struct nameidata *old_nd, 1538 static inline int security_sb_pivotroot (struct nameidata *old_nd,
1539 struct nameidata *new_nd) 1539 struct nameidata *new_nd)
1540 { 1540 {
1541 return security_ops->sb_pivotroot (old_nd, new_nd); 1541 return security_ops->sb_pivotroot (old_nd, new_nd);
1542 } 1542 }
1543 1543
1544 static inline void security_sb_post_pivotroot (struct nameidata *old_nd, 1544 static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
1545 struct nameidata *new_nd) 1545 struct nameidata *new_nd)
1546 { 1546 {
1547 security_ops->sb_post_pivotroot (old_nd, new_nd); 1547 security_ops->sb_post_pivotroot (old_nd, new_nd);
1548 } 1548 }
1549 1549
1550 static inline int security_inode_alloc (struct inode *inode) 1550 static inline int security_inode_alloc (struct inode *inode)
1551 { 1551 {
1552 return security_ops->inode_alloc_security (inode); 1552 return security_ops->inode_alloc_security (inode);
1553 } 1553 }
1554 1554
1555 static inline void security_inode_free (struct inode *inode) 1555 static inline void security_inode_free (struct inode *inode)
1556 { 1556 {
1557 security_ops->inode_free_security (inode); 1557 security_ops->inode_free_security (inode);
1558 } 1558 }
1559 1559
1560 static inline int security_inode_init_security (struct inode *inode, 1560 static inline int security_inode_init_security (struct inode *inode,
1561 struct inode *dir, 1561 struct inode *dir,
1562 char **name, 1562 char **name,
1563 void **value, 1563 void **value,
1564 size_t *len) 1564 size_t *len)
1565 { 1565 {
1566 if (unlikely (IS_PRIVATE (inode))) 1566 if (unlikely (IS_PRIVATE (inode)))
1567 return -EOPNOTSUPP; 1567 return -EOPNOTSUPP;
1568 return security_ops->inode_init_security (inode, dir, name, value, len); 1568 return security_ops->inode_init_security (inode, dir, name, value, len);
1569 } 1569 }
1570 1570
1571 static inline int security_inode_create (struct inode *dir, 1571 static inline int security_inode_create (struct inode *dir,
1572 struct dentry *dentry, 1572 struct dentry *dentry,
1573 int mode) 1573 int mode)
1574 { 1574 {
1575 if (unlikely (IS_PRIVATE (dir))) 1575 if (unlikely (IS_PRIVATE (dir)))
1576 return 0; 1576 return 0;
1577 return security_ops->inode_create (dir, dentry, mode); 1577 return security_ops->inode_create (dir, dentry, mode);
1578 } 1578 }
1579 1579
1580 static inline int security_inode_link (struct dentry *old_dentry, 1580 static inline int security_inode_link (struct dentry *old_dentry,
1581 struct inode *dir, 1581 struct inode *dir,
1582 struct dentry *new_dentry) 1582 struct dentry *new_dentry)
1583 { 1583 {
1584 if (unlikely (IS_PRIVATE (old_dentry->d_inode))) 1584 if (unlikely (IS_PRIVATE (old_dentry->d_inode)))
1585 return 0; 1585 return 0;
1586 return security_ops->inode_link (old_dentry, dir, new_dentry); 1586 return security_ops->inode_link (old_dentry, dir, new_dentry);
1587 } 1587 }
1588 1588
1589 static inline int security_inode_unlink (struct inode *dir, 1589 static inline int security_inode_unlink (struct inode *dir,
1590 struct dentry *dentry) 1590 struct dentry *dentry)
1591 { 1591 {
1592 if (unlikely (IS_PRIVATE (dentry->d_inode))) 1592 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1593 return 0; 1593 return 0;
1594 return security_ops->inode_unlink (dir, dentry); 1594 return security_ops->inode_unlink (dir, dentry);
1595 } 1595 }
1596 1596
1597 static inline int security_inode_symlink (struct inode *dir, 1597 static inline int security_inode_symlink (struct inode *dir,
1598 struct dentry *dentry, 1598 struct dentry *dentry,
1599 const char *old_name) 1599 const char *old_name)
1600 { 1600 {
1601 if (unlikely (IS_PRIVATE (dir))) 1601 if (unlikely (IS_PRIVATE (dir)))
1602 return 0; 1602 return 0;
1603 return security_ops->inode_symlink (dir, dentry, old_name); 1603 return security_ops->inode_symlink (dir, dentry, old_name);
1604 } 1604 }
1605 1605
1606 static inline int security_inode_mkdir (struct inode *dir, 1606 static inline int security_inode_mkdir (struct inode *dir,
1607 struct dentry *dentry, 1607 struct dentry *dentry,
1608 int mode) 1608 int mode)
1609 { 1609 {
1610 if (unlikely (IS_PRIVATE (dir))) 1610 if (unlikely (IS_PRIVATE (dir)))
1611 return 0; 1611 return 0;
1612 return security_ops->inode_mkdir (dir, dentry, mode); 1612 return security_ops->inode_mkdir (dir, dentry, mode);
1613 } 1613 }
1614 1614
1615 static inline int security_inode_rmdir (struct inode *dir, 1615 static inline int security_inode_rmdir (struct inode *dir,
1616 struct dentry *dentry) 1616 struct dentry *dentry)
1617 { 1617 {
1618 if (unlikely (IS_PRIVATE (dentry->d_inode))) 1618 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1619 return 0; 1619 return 0;
1620 return security_ops->inode_rmdir (dir, dentry); 1620 return security_ops->inode_rmdir (dir, dentry);
1621 } 1621 }
1622 1622
1623 static inline int security_inode_mknod (struct inode *dir, 1623 static inline int security_inode_mknod (struct inode *dir,
1624 struct dentry *dentry, 1624 struct dentry *dentry,
1625 int mode, dev_t dev) 1625 int mode, dev_t dev)
1626 { 1626 {
1627 if (unlikely (IS_PRIVATE (dir))) 1627 if (unlikely (IS_PRIVATE (dir)))
1628 return 0; 1628 return 0;
1629 return security_ops->inode_mknod (dir, dentry, mode, dev); 1629 return security_ops->inode_mknod (dir, dentry, mode, dev);
1630 } 1630 }
1631 1631
1632 static inline int security_inode_rename (struct inode *old_dir, 1632 static inline int security_inode_rename (struct inode *old_dir,
1633 struct dentry *old_dentry, 1633 struct dentry *old_dentry,
1634 struct inode *new_dir, 1634 struct inode *new_dir,
1635 struct dentry *new_dentry) 1635 struct dentry *new_dentry)
1636 { 1636 {
1637 if (unlikely (IS_PRIVATE (old_dentry->d_inode) || 1637 if (unlikely (IS_PRIVATE (old_dentry->d_inode) ||
1638 (new_dentry->d_inode && IS_PRIVATE (new_dentry->d_inode)))) 1638 (new_dentry->d_inode && IS_PRIVATE (new_dentry->d_inode))))
1639 return 0; 1639 return 0;
1640 return security_ops->inode_rename (old_dir, old_dentry, 1640 return security_ops->inode_rename (old_dir, old_dentry,
1641 new_dir, new_dentry); 1641 new_dir, new_dentry);
1642 } 1642 }
1643 1643
1644 static inline int security_inode_readlink (struct dentry *dentry) 1644 static inline int security_inode_readlink (struct dentry *dentry)
1645 { 1645 {
1646 if (unlikely (IS_PRIVATE (dentry->d_inode))) 1646 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1647 return 0; 1647 return 0;
1648 return security_ops->inode_readlink (dentry); 1648 return security_ops->inode_readlink (dentry);
1649 } 1649 }
1650 1650
1651 static inline int security_inode_follow_link (struct dentry *dentry, 1651 static inline int security_inode_follow_link (struct dentry *dentry,
1652 struct nameidata *nd) 1652 struct nameidata *nd)
1653 { 1653 {
1654 if (unlikely (IS_PRIVATE (dentry->d_inode))) 1654 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1655 return 0; 1655 return 0;
1656 return security_ops->inode_follow_link (dentry, nd); 1656 return security_ops->inode_follow_link (dentry, nd);
1657 } 1657 }
1658 1658
1659 static inline int security_inode_permission (struct inode *inode, int mask, 1659 static inline int security_inode_permission (struct inode *inode, int mask,
1660 struct nameidata *nd) 1660 struct nameidata *nd)
1661 { 1661 {
1662 if (unlikely (IS_PRIVATE (inode))) 1662 if (unlikely (IS_PRIVATE (inode)))
1663 return 0; 1663 return 0;
1664 return security_ops->inode_permission (inode, mask, nd); 1664 return security_ops->inode_permission (inode, mask, nd);
1665 } 1665 }
1666 1666
1667 static inline int security_inode_setattr (struct dentry *dentry, 1667 static inline int security_inode_setattr (struct dentry *dentry,
1668 struct iattr *attr) 1668 struct iattr *attr)
1669 { 1669 {
1670 if (unlikely (IS_PRIVATE (dentry->d_inode))) 1670 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1671 return 0; 1671 return 0;
1672 return security_ops->inode_setattr (dentry, attr); 1672 return security_ops->inode_setattr (dentry, attr);
1673 } 1673 }
1674 1674
1675 static inline int security_inode_getattr (struct vfsmount *mnt, 1675 static inline int security_inode_getattr (struct vfsmount *mnt,
1676 struct dentry *dentry) 1676 struct dentry *dentry)
1677 { 1677 {
1678 if (unlikely (IS_PRIVATE (dentry->d_inode))) 1678 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1679 return 0; 1679 return 0;
1680 return security_ops->inode_getattr (mnt, dentry); 1680 return security_ops->inode_getattr (mnt, dentry);
1681 } 1681 }
1682 1682
1683 static inline void security_inode_delete (struct inode *inode) 1683 static inline void security_inode_delete (struct inode *inode)
1684 { 1684 {
1685 if (unlikely (IS_PRIVATE (inode))) 1685 if (unlikely (IS_PRIVATE (inode)))
1686 return; 1686 return;
1687 security_ops->inode_delete (inode); 1687 security_ops->inode_delete (inode);
1688 } 1688 }
1689 1689
1690 static inline int security_inode_setxattr (struct dentry *dentry, char *name, 1690 static inline int security_inode_setxattr (struct dentry *dentry, char *name,
1691 void *value, size_t size, int flags) 1691 void *value, size_t size, int flags)
1692 { 1692 {
1693 if (unlikely (IS_PRIVATE (dentry->d_inode))) 1693 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1694 return 0; 1694 return 0;
1695 return security_ops->inode_setxattr (dentry, name, value, size, flags); 1695 return security_ops->inode_setxattr (dentry, name, value, size, flags);
1696 } 1696 }
1697 1697
1698 static inline void security_inode_post_setxattr (struct dentry *dentry, char *name, 1698 static inline void security_inode_post_setxattr (struct dentry *dentry, char *name,
1699 void *value, size_t size, int flags) 1699 void *value, size_t size, int flags)
1700 { 1700 {
1701 if (unlikely (IS_PRIVATE (dentry->d_inode))) 1701 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1702 return; 1702 return;
1703 security_ops->inode_post_setxattr (dentry, name, value, size, flags); 1703 security_ops->inode_post_setxattr (dentry, name, value, size, flags);
1704 } 1704 }
1705 1705
1706 static inline int security_inode_getxattr (struct dentry *dentry, char *name) 1706 static inline int security_inode_getxattr (struct dentry *dentry, char *name)
1707 { 1707 {
1708 if (unlikely (IS_PRIVATE (dentry->d_inode))) 1708 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1709 return 0; 1709 return 0;
1710 return security_ops->inode_getxattr (dentry, name); 1710 return security_ops->inode_getxattr (dentry, name);
1711 } 1711 }
1712 1712
1713 static inline int security_inode_listxattr (struct dentry *dentry) 1713 static inline int security_inode_listxattr (struct dentry *dentry)
1714 { 1714 {
1715 if (unlikely (IS_PRIVATE (dentry->d_inode))) 1715 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1716 return 0; 1716 return 0;
1717 return security_ops->inode_listxattr (dentry); 1717 return security_ops->inode_listxattr (dentry);
1718 } 1718 }
1719 1719
1720 static inline int security_inode_removexattr (struct dentry *dentry, char *name) 1720 static inline int security_inode_removexattr (struct dentry *dentry, char *name)
1721 { 1721 {
1722 if (unlikely (IS_PRIVATE (dentry->d_inode))) 1722 if (unlikely (IS_PRIVATE (dentry->d_inode)))
1723 return 0; 1723 return 0;
1724 return security_ops->inode_removexattr (dentry, name); 1724 return security_ops->inode_removexattr (dentry, name);
1725 } 1725 }
1726 1726
1727 static inline const char *security_inode_xattr_getsuffix(void) 1727 static inline const char *security_inode_xattr_getsuffix(void)
1728 { 1728 {
1729 return security_ops->inode_xattr_getsuffix(); 1729 return security_ops->inode_xattr_getsuffix();
1730 } 1730 }
1731 1731
1732 static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) 1732 static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
1733 { 1733 {
1734 if (unlikely (IS_PRIVATE (inode))) 1734 if (unlikely (IS_PRIVATE (inode)))
1735 return 0; 1735 return 0;
1736 return security_ops->inode_getsecurity(inode, name, buffer, size, err); 1736 return security_ops->inode_getsecurity(inode, name, buffer, size, err);
1737 } 1737 }
1738 1738
1739 static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) 1739 static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
1740 { 1740 {
1741 if (unlikely (IS_PRIVATE (inode))) 1741 if (unlikely (IS_PRIVATE (inode)))
1742 return 0; 1742 return 0;
1743 return security_ops->inode_setsecurity(inode, name, value, size, flags); 1743 return security_ops->inode_setsecurity(inode, name, value, size, flags);
1744 } 1744 }
1745 1745
1746 static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) 1746 static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
1747 { 1747 {
1748 if (unlikely (IS_PRIVATE (inode))) 1748 if (unlikely (IS_PRIVATE (inode)))
1749 return 0; 1749 return 0;
1750 return security_ops->inode_listsecurity(inode, buffer, buffer_size); 1750 return security_ops->inode_listsecurity(inode, buffer, buffer_size);
1751 } 1751 }
1752 1752
1753 static inline int security_file_permission (struct file *file, int mask) 1753 static inline int security_file_permission (struct file *file, int mask)
1754 { 1754 {
1755 return security_ops->file_permission (file, mask); 1755 return security_ops->file_permission (file, mask);
1756 } 1756 }
1757 1757
1758 static inline int security_file_alloc (struct file *file) 1758 static inline int security_file_alloc (struct file *file)
1759 { 1759 {
1760 return security_ops->file_alloc_security (file); 1760 return security_ops->file_alloc_security (file);
1761 } 1761 }
1762 1762
1763 static inline void security_file_free (struct file *file) 1763 static inline void security_file_free (struct file *file)
1764 { 1764 {
1765 security_ops->file_free_security (file); 1765 security_ops->file_free_security (file);
1766 } 1766 }
1767 1767
1768 static inline int security_file_ioctl (struct file *file, unsigned int cmd, 1768 static inline int security_file_ioctl (struct file *file, unsigned int cmd,
1769 unsigned long arg) 1769 unsigned long arg)
1770 { 1770 {
1771 return security_ops->file_ioctl (file, cmd, arg); 1771 return security_ops->file_ioctl (file, cmd, arg);
1772 } 1772 }
1773 1773
1774 static inline int security_file_mmap (struct file *file, unsigned long reqprot, 1774 static inline int security_file_mmap (struct file *file, unsigned long reqprot,
1775 unsigned long prot, 1775 unsigned long prot,
1776 unsigned long flags) 1776 unsigned long flags)
1777 { 1777 {
1778 return security_ops->file_mmap (file, reqprot, prot, flags); 1778 return security_ops->file_mmap (file, reqprot, prot, flags);
1779 } 1779 }
1780 1780
1781 static inline int security_file_mprotect (struct vm_area_struct *vma, 1781 static inline int security_file_mprotect (struct vm_area_struct *vma,
1782 unsigned long reqprot, 1782 unsigned long reqprot,
1783 unsigned long prot) 1783 unsigned long prot)
1784 { 1784 {
1785 return security_ops->file_mprotect (vma, reqprot, prot); 1785 return security_ops->file_mprotect (vma, reqprot, prot);
1786 } 1786 }
1787 1787
1788 static inline int security_file_lock (struct file *file, unsigned int cmd) 1788 static inline int security_file_lock (struct file *file, unsigned int cmd)
1789 { 1789 {
1790 return security_ops->file_lock (file, cmd); 1790 return security_ops->file_lock (file, cmd);
1791 } 1791 }
1792 1792
1793 static inline int security_file_fcntl (struct file *file, unsigned int cmd, 1793 static inline int security_file_fcntl (struct file *file, unsigned int cmd,
1794 unsigned long arg) 1794 unsigned long arg)
1795 { 1795 {
1796 return security_ops->file_fcntl (file, cmd, arg); 1796 return security_ops->file_fcntl (file, cmd, arg);
1797 } 1797 }
1798 1798
1799 static inline int security_file_set_fowner (struct file *file) 1799 static inline int security_file_set_fowner (struct file *file)
1800 { 1800 {
1801 return security_ops->file_set_fowner (file); 1801 return security_ops->file_set_fowner (file);
1802 } 1802 }
1803 1803
1804 static inline int security_file_send_sigiotask (struct task_struct *tsk, 1804 static inline int security_file_send_sigiotask (struct task_struct *tsk,
1805 struct fown_struct *fown, 1805 struct fown_struct *fown,
1806 int sig) 1806 int sig)
1807 { 1807 {
1808 return security_ops->file_send_sigiotask (tsk, fown, sig); 1808 return security_ops->file_send_sigiotask (tsk, fown, sig);
1809 } 1809 }
1810 1810
1811 static inline int security_file_receive (struct file *file) 1811 static inline int security_file_receive (struct file *file)
1812 { 1812 {
1813 return security_ops->file_receive (file); 1813 return security_ops->file_receive (file);
1814 } 1814 }
1815 1815
1816 static inline int security_task_create (unsigned long clone_flags) 1816 static inline int security_task_create (unsigned long clone_flags)
1817 { 1817 {
1818 return security_ops->task_create (clone_flags); 1818 return security_ops->task_create (clone_flags);
1819 } 1819 }
1820 1820
1821 static inline int security_task_alloc (struct task_struct *p) 1821 static inline int security_task_alloc (struct task_struct *p)
1822 { 1822 {
1823 return security_ops->task_alloc_security (p); 1823 return security_ops->task_alloc_security (p);
1824 } 1824 }
1825 1825
1826 static inline void security_task_free (struct task_struct *p) 1826 static inline void security_task_free (struct task_struct *p)
1827 { 1827 {
1828 security_ops->task_free_security (p); 1828 security_ops->task_free_security (p);
1829 } 1829 }
1830 1830
1831 static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2, 1831 static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2,
1832 int flags) 1832 int flags)
1833 { 1833 {
1834 return security_ops->task_setuid (id0, id1, id2, flags); 1834 return security_ops->task_setuid (id0, id1, id2, flags);
1835 } 1835 }
1836 1836
1837 static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid, 1837 static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid,
1838 uid_t old_suid, int flags) 1838 uid_t old_suid, int flags)
1839 { 1839 {
1840 return security_ops->task_post_setuid (old_ruid, old_euid, old_suid, flags); 1840 return security_ops->task_post_setuid (old_ruid, old_euid, old_suid, flags);
1841 } 1841 }
1842 1842
1843 static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2, 1843 static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2,
1844 int flags) 1844 int flags)
1845 { 1845 {
1846 return security_ops->task_setgid (id0, id1, id2, flags); 1846 return security_ops->task_setgid (id0, id1, id2, flags);
1847 } 1847 }
1848 1848
1849 static inline int security_task_setpgid (struct task_struct *p, pid_t pgid) 1849 static inline int security_task_setpgid (struct task_struct *p, pid_t pgid)
1850 { 1850 {
1851 return security_ops->task_setpgid (p, pgid); 1851 return security_ops->task_setpgid (p, pgid);
1852 } 1852 }
1853 1853
1854 static inline int security_task_getpgid (struct task_struct *p) 1854 static inline int security_task_getpgid (struct task_struct *p)
1855 { 1855 {
1856 return security_ops->task_getpgid (p); 1856 return security_ops->task_getpgid (p);
1857 } 1857 }
1858 1858
1859 static inline int security_task_getsid (struct task_struct *p) 1859 static inline int security_task_getsid (struct task_struct *p)
1860 { 1860 {
1861 return security_ops->task_getsid (p); 1861 return security_ops->task_getsid (p);
1862 } 1862 }
1863 1863
1864 static inline void security_task_getsecid (struct task_struct *p, u32 *secid) 1864 static inline void security_task_getsecid (struct task_struct *p, u32 *secid)
1865 { 1865 {
1866 security_ops->task_getsecid (p, secid); 1866 security_ops->task_getsecid (p, secid);
1867 } 1867 }
1868 1868
1869 static inline int security_task_setgroups (struct group_info *group_info) 1869 static inline int security_task_setgroups (struct group_info *group_info)
1870 { 1870 {
1871 return security_ops->task_setgroups (group_info); 1871 return security_ops->task_setgroups (group_info);
1872 } 1872 }
1873 1873
1874 static inline int security_task_setnice (struct task_struct *p, int nice) 1874 static inline int security_task_setnice (struct task_struct *p, int nice)
1875 { 1875 {
1876 return security_ops->task_setnice (p, nice); 1876 return security_ops->task_setnice (p, nice);
1877 } 1877 }
1878 1878
1879 static inline int security_task_setioprio (struct task_struct *p, int ioprio) 1879 static inline int security_task_setioprio (struct task_struct *p, int ioprio)
1880 { 1880 {
1881 return security_ops->task_setioprio (p, ioprio); 1881 return security_ops->task_setioprio (p, ioprio);
1882 } 1882 }
1883 1883
1884 static inline int security_task_getioprio (struct task_struct *p) 1884 static inline int security_task_getioprio (struct task_struct *p)
1885 { 1885 {
1886 return security_ops->task_getioprio (p); 1886 return security_ops->task_getioprio (p);
1887 } 1887 }
1888 1888
1889 static inline int security_task_setrlimit (unsigned int resource, 1889 static inline int security_task_setrlimit (unsigned int resource,
1890 struct rlimit *new_rlim) 1890 struct rlimit *new_rlim)
1891 { 1891 {
1892 return security_ops->task_setrlimit (resource, new_rlim); 1892 return security_ops->task_setrlimit (resource, new_rlim);
1893 } 1893 }
1894 1894
1895 static inline int security_task_setscheduler (struct task_struct *p, 1895 static inline int security_task_setscheduler (struct task_struct *p,
1896 int policy, 1896 int policy,
1897 struct sched_param *lp) 1897 struct sched_param *lp)
1898 { 1898 {
1899 return security_ops->task_setscheduler (p, policy, lp); 1899 return security_ops->task_setscheduler (p, policy, lp);
1900 } 1900 }
1901 1901
1902 static inline int security_task_getscheduler (struct task_struct *p) 1902 static inline int security_task_getscheduler (struct task_struct *p)
1903 { 1903 {
1904 return security_ops->task_getscheduler (p); 1904 return security_ops->task_getscheduler (p);
1905 } 1905 }
1906 1906
1907 static inline int security_task_movememory (struct task_struct *p) 1907 static inline int security_task_movememory (struct task_struct *p)
1908 { 1908 {
1909 return security_ops->task_movememory (p); 1909 return security_ops->task_movememory (p);
1910 } 1910 }
1911 1911
1912 static inline int security_task_kill (struct task_struct *p, 1912 static inline int security_task_kill (struct task_struct *p,
1913 struct siginfo *info, int sig, 1913 struct siginfo *info, int sig,
1914 u32 secid) 1914 u32 secid)
1915 { 1915 {
1916 return security_ops->task_kill (p, info, sig, secid); 1916 return security_ops->task_kill (p, info, sig, secid);
1917 } 1917 }
1918 1918
1919 static inline int security_task_wait (struct task_struct *p) 1919 static inline int security_task_wait (struct task_struct *p)
1920 { 1920 {
1921 return security_ops->task_wait (p); 1921 return security_ops->task_wait (p);
1922 } 1922 }
1923 1923
1924 static inline int security_task_prctl (int option, unsigned long arg2, 1924 static inline int security_task_prctl (int option, unsigned long arg2,
1925 unsigned long arg3, 1925 unsigned long arg3,
1926 unsigned long arg4, 1926 unsigned long arg4,
1927 unsigned long arg5) 1927 unsigned long arg5)
1928 { 1928 {
1929 return security_ops->task_prctl (option, arg2, arg3, arg4, arg5); 1929 return security_ops->task_prctl (option, arg2, arg3, arg4, arg5);
1930 } 1930 }
1931 1931
1932 static inline void security_task_reparent_to_init (struct task_struct *p) 1932 static inline void security_task_reparent_to_init (struct task_struct *p)
1933 { 1933 {
1934 security_ops->task_reparent_to_init (p); 1934 security_ops->task_reparent_to_init (p);
1935 } 1935 }
1936 1936
1937 static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) 1937 static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
1938 { 1938 {
1939 security_ops->task_to_inode(p, inode); 1939 security_ops->task_to_inode(p, inode);
1940 } 1940 }
1941 1941
1942 static inline int security_ipc_permission (struct kern_ipc_perm *ipcp, 1942 static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
1943 short flag) 1943 short flag)
1944 { 1944 {
1945 return security_ops->ipc_permission (ipcp, flag); 1945 return security_ops->ipc_permission (ipcp, flag);
1946 } 1946 }
1947 1947
1948 static inline int security_msg_msg_alloc (struct msg_msg * msg) 1948 static inline int security_msg_msg_alloc (struct msg_msg * msg)
1949 { 1949 {
1950 return security_ops->msg_msg_alloc_security (msg); 1950 return security_ops->msg_msg_alloc_security (msg);
1951 } 1951 }
1952 1952
1953 static inline void security_msg_msg_free (struct msg_msg * msg) 1953 static inline void security_msg_msg_free (struct msg_msg * msg)
1954 { 1954 {
1955 security_ops->msg_msg_free_security(msg); 1955 security_ops->msg_msg_free_security(msg);
1956 } 1956 }
1957 1957
1958 static inline int security_msg_queue_alloc (struct msg_queue *msq) 1958 static inline int security_msg_queue_alloc (struct msg_queue *msq)
1959 { 1959 {
1960 return security_ops->msg_queue_alloc_security (msq); 1960 return security_ops->msg_queue_alloc_security (msq);
1961 } 1961 }
1962 1962
1963 static inline void security_msg_queue_free (struct msg_queue *msq) 1963 static inline void security_msg_queue_free (struct msg_queue *msq)
1964 { 1964 {
1965 security_ops->msg_queue_free_security (msq); 1965 security_ops->msg_queue_free_security (msq);
1966 } 1966 }
1967 1967
1968 static inline int security_msg_queue_associate (struct msg_queue * msq, 1968 static inline int security_msg_queue_associate (struct msg_queue * msq,
1969 int msqflg) 1969 int msqflg)
1970 { 1970 {
1971 return security_ops->msg_queue_associate (msq, msqflg); 1971 return security_ops->msg_queue_associate (msq, msqflg);
1972 } 1972 }
1973 1973
1974 static inline int security_msg_queue_msgctl (struct msg_queue * msq, int cmd) 1974 static inline int security_msg_queue_msgctl (struct msg_queue * msq, int cmd)
1975 { 1975 {
1976 return security_ops->msg_queue_msgctl (msq, cmd); 1976 return security_ops->msg_queue_msgctl (msq, cmd);
1977 } 1977 }
1978 1978
1979 static inline int security_msg_queue_msgsnd (struct msg_queue * msq, 1979 static inline int security_msg_queue_msgsnd (struct msg_queue * msq,
1980 struct msg_msg * msg, int msqflg) 1980 struct msg_msg * msg, int msqflg)
1981 { 1981 {
1982 return security_ops->msg_queue_msgsnd (msq, msg, msqflg); 1982 return security_ops->msg_queue_msgsnd (msq, msg, msqflg);
1983 } 1983 }
1984 1984
1985 static inline int security_msg_queue_msgrcv (struct msg_queue * msq, 1985 static inline int security_msg_queue_msgrcv (struct msg_queue * msq,
1986 struct msg_msg * msg, 1986 struct msg_msg * msg,
1987 struct task_struct * target, 1987 struct task_struct * target,
1988 long type, int mode) 1988 long type, int mode)
1989 { 1989 {
1990 return security_ops->msg_queue_msgrcv (msq, msg, target, type, mode); 1990 return security_ops->msg_queue_msgrcv (msq, msg, target, type, mode);
1991 } 1991 }
1992 1992
1993 static inline int security_shm_alloc (struct shmid_kernel *shp) 1993 static inline int security_shm_alloc (struct shmid_kernel *shp)
1994 { 1994 {
1995 return security_ops->shm_alloc_security (shp); 1995 return security_ops->shm_alloc_security (shp);
1996 } 1996 }
1997 1997
1998 static inline void security_shm_free (struct shmid_kernel *shp) 1998 static inline void security_shm_free (struct shmid_kernel *shp)
1999 { 1999 {
2000 security_ops->shm_free_security (shp); 2000 security_ops->shm_free_security (shp);
2001 } 2001 }
2002 2002
2003 static inline int security_shm_associate (struct shmid_kernel * shp, 2003 static inline int security_shm_associate (struct shmid_kernel * shp,
2004 int shmflg) 2004 int shmflg)
2005 { 2005 {
2006 return security_ops->shm_associate(shp, shmflg); 2006 return security_ops->shm_associate(shp, shmflg);
2007 } 2007 }
2008 2008
2009 static inline int security_shm_shmctl (struct shmid_kernel * shp, int cmd) 2009 static inline int security_shm_shmctl (struct shmid_kernel * shp, int cmd)
2010 { 2010 {
2011 return security_ops->shm_shmctl (shp, cmd); 2011 return security_ops->shm_shmctl (shp, cmd);
2012 } 2012 }
2013 2013
2014 static inline int security_shm_shmat (struct shmid_kernel * shp, 2014 static inline int security_shm_shmat (struct shmid_kernel * shp,
2015 char __user *shmaddr, int shmflg) 2015 char __user *shmaddr, int shmflg)
2016 { 2016 {
2017 return security_ops->shm_shmat(shp, shmaddr, shmflg); 2017 return security_ops->shm_shmat(shp, shmaddr, shmflg);
2018 } 2018 }
2019 2019
2020 static inline int security_sem_alloc (struct sem_array *sma) 2020 static inline int security_sem_alloc (struct sem_array *sma)
2021 { 2021 {
2022 return security_ops->sem_alloc_security (sma); 2022 return security_ops->sem_alloc_security (sma);
2023 } 2023 }
2024 2024
2025 static inline void security_sem_free (struct sem_array *sma) 2025 static inline void security_sem_free (struct sem_array *sma)
2026 { 2026 {
2027 security_ops->sem_free_security (sma); 2027 security_ops->sem_free_security (sma);
2028 } 2028 }
2029 2029
2030 static inline int security_sem_associate (struct sem_array * sma, int semflg) 2030 static inline int security_sem_associate (struct sem_array * sma, int semflg)
2031 { 2031 {
2032 return security_ops->sem_associate (sma, semflg); 2032 return security_ops->sem_associate (sma, semflg);
2033 } 2033 }
2034 2034
2035 static inline int security_sem_semctl (struct sem_array * sma, int cmd) 2035 static inline int security_sem_semctl (struct sem_array * sma, int cmd)
2036 { 2036 {
2037 return security_ops->sem_semctl(sma, cmd); 2037 return security_ops->sem_semctl(sma, cmd);
2038 } 2038 }
2039 2039
2040 static inline int security_sem_semop (struct sem_array * sma, 2040 static inline int security_sem_semop (struct sem_array * sma,
2041 struct sembuf * sops, unsigned nsops, 2041 struct sembuf * sops, unsigned nsops,
2042 int alter) 2042 int alter)
2043 { 2043 {
2044 return security_ops->sem_semop(sma, sops, nsops, alter); 2044 return security_ops->sem_semop(sma, sops, nsops, alter);
2045 } 2045 }
2046 2046
2047 static inline void security_d_instantiate (struct dentry *dentry, struct inode *inode) 2047 static inline void security_d_instantiate (struct dentry *dentry, struct inode *inode)
2048 { 2048 {
2049 if (unlikely (inode && IS_PRIVATE (inode))) 2049 if (unlikely (inode && IS_PRIVATE (inode)))
2050 return; 2050 return;
2051 security_ops->d_instantiate (dentry, inode); 2051 security_ops->d_instantiate (dentry, inode);
2052 } 2052 }
2053 2053
2054 static inline int security_getprocattr(struct task_struct *p, char *name, void *value, size_t size) 2054 static inline int security_getprocattr(struct task_struct *p, char *name, void *value, size_t size)
2055 { 2055 {
2056 return security_ops->getprocattr(p, name, value, size); 2056 return security_ops->getprocattr(p, name, value, size);
2057 } 2057 }
2058 2058
2059 static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size) 2059 static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
2060 { 2060 {
2061 return security_ops->setprocattr(p, name, value, size); 2061 return security_ops->setprocattr(p, name, value, size);
2062 } 2062 }
2063 2063
2064 static inline int security_netlink_send(struct sock *sk, struct sk_buff * skb) 2064 static inline int security_netlink_send(struct sock *sk, struct sk_buff * skb)
2065 { 2065 {
2066 return security_ops->netlink_send(sk, skb); 2066 return security_ops->netlink_send(sk, skb);
2067 } 2067 }
2068 2068
2069 static inline int security_netlink_recv(struct sk_buff * skb, int cap) 2069 static inline int security_netlink_recv(struct sk_buff * skb, int cap)
2070 { 2070 {
2071 return security_ops->netlink_recv(skb, cap); 2071 return security_ops->netlink_recv(skb, cap);
2072 } 2072 }
2073 2073
2074 static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 2074 static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
2075 { 2075 {
2076 return security_ops->secid_to_secctx(secid, secdata, seclen); 2076 return security_ops->secid_to_secctx(secid, secdata, seclen);
2077 } 2077 }
2078 2078
2079 static inline void security_release_secctx(char *secdata, u32 seclen) 2079 static inline void security_release_secctx(char *secdata, u32 seclen)
2080 { 2080 {
2081 return security_ops->release_secctx(secdata, seclen); 2081 return security_ops->release_secctx(secdata, seclen);
2082 } 2082 }
2083 2083
2084 /* prototypes */ 2084 /* prototypes */
2085 extern int security_init (void); 2085 extern int security_init (void);
2086 extern int register_security (struct security_operations *ops); 2086 extern int register_security (struct security_operations *ops);
2087 extern int unregister_security (struct security_operations *ops); 2087 extern int unregister_security (struct security_operations *ops);
2088 extern int mod_reg_security (const char *name, struct security_operations *ops); 2088 extern int mod_reg_security (const char *name, struct security_operations *ops);
2089 extern int mod_unreg_security (const char *name, struct security_operations *ops); 2089 extern int mod_unreg_security (const char *name, struct security_operations *ops);
2090 extern struct dentry *securityfs_create_file(const char *name, mode_t mode, 2090 extern struct dentry *securityfs_create_file(const char *name, mode_t mode,
2091 struct dentry *parent, void *data, 2091 struct dentry *parent, void *data,
2092 struct file_operations *fops); 2092 struct file_operations *fops);
2093 extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent); 2093 extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
2094 extern void securityfs_remove(struct dentry *dentry); 2094 extern void securityfs_remove(struct dentry *dentry);
2095 2095
2096 2096
2097 #else /* CONFIG_SECURITY */ 2097 #else /* CONFIG_SECURITY */
2098 2098
2099 /* 2099 /*
2100 * This is the default capabilities functionality. Most of these functions 2100 * This is the default capabilities functionality. Most of these functions
2101 * are just stubbed out, but a few must call the proper capable code. 2101 * are just stubbed out, but a few must call the proper capable code.
2102 */ 2102 */
2103 2103
2104 static inline int security_init(void) 2104 static inline int security_init(void)
2105 { 2105 {
2106 return 0; 2106 return 0;
2107 } 2107 }
2108 2108
2109 static inline int security_ptrace (struct task_struct *parent, struct task_struct * child) 2109 static inline int security_ptrace (struct task_struct *parent, struct task_struct * child)
2110 { 2110 {
2111 return cap_ptrace (parent, child); 2111 return cap_ptrace (parent, child);
2112 } 2112 }
2113 2113
2114 static inline int security_capget (struct task_struct *target, 2114 static inline int security_capget (struct task_struct *target,
2115 kernel_cap_t *effective, 2115 kernel_cap_t *effective,
2116 kernel_cap_t *inheritable, 2116 kernel_cap_t *inheritable,
2117 kernel_cap_t *permitted) 2117 kernel_cap_t *permitted)
2118 { 2118 {
2119 return cap_capget (target, effective, inheritable, permitted); 2119 return cap_capget (target, effective, inheritable, permitted);
2120 } 2120 }
2121 2121
2122 static inline int security_capset_check (struct task_struct *target, 2122 static inline int security_capset_check (struct task_struct *target,
2123 kernel_cap_t *effective, 2123 kernel_cap_t *effective,
2124 kernel_cap_t *inheritable, 2124 kernel_cap_t *inheritable,
2125 kernel_cap_t *permitted) 2125 kernel_cap_t *permitted)
2126 { 2126 {
2127 return cap_capset_check (target, effective, inheritable, permitted); 2127 return cap_capset_check (target, effective, inheritable, permitted);
2128 } 2128 }
2129 2129
2130 static inline void security_capset_set (struct task_struct *target, 2130 static inline void security_capset_set (struct task_struct *target,
2131 kernel_cap_t *effective, 2131 kernel_cap_t *effective,
2132 kernel_cap_t *inheritable, 2132 kernel_cap_t *inheritable,
2133 kernel_cap_t *permitted) 2133 kernel_cap_t *permitted)
2134 { 2134 {
2135 cap_capset_set (target, effective, inheritable, permitted); 2135 cap_capset_set (target, effective, inheritable, permitted);
2136 } 2136 }
2137 2137
2138 static inline int security_capable(struct task_struct *tsk, int cap) 2138 static inline int security_capable(struct task_struct *tsk, int cap)
2139 { 2139 {
2140 return cap_capable(tsk, cap); 2140 return cap_capable(tsk, cap);
2141 } 2141 }
2142 2142
2143 static inline int security_acct (struct file *file) 2143 static inline int security_acct (struct file *file)
2144 { 2144 {
2145 return 0; 2145 return 0;
2146 } 2146 }
2147 2147
2148 static inline int security_sysctl(struct ctl_table *table, int op) 2148 static inline int security_sysctl(struct ctl_table *table, int op)
2149 { 2149 {
2150 return 0; 2150 return 0;
2151 } 2151 }
2152 2152
2153 static inline int security_quotactl (int cmds, int type, int id, 2153 static inline int security_quotactl (int cmds, int type, int id,
2154 struct super_block * sb) 2154 struct super_block * sb)
2155 { 2155 {
2156 return 0; 2156 return 0;
2157 } 2157 }
2158 2158
2159 static inline int security_quota_on (struct dentry * dentry) 2159 static inline int security_quota_on (struct dentry * dentry)
2160 { 2160 {
2161 return 0; 2161 return 0;
2162 } 2162 }
2163 2163
2164 static inline int security_syslog(int type) 2164 static inline int security_syslog(int type)
2165 { 2165 {
2166 return cap_syslog(type); 2166 return cap_syslog(type);
2167 } 2167 }
2168 2168
2169 static inline int security_settime(struct timespec *ts, struct timezone *tz) 2169 static inline int security_settime(struct timespec *ts, struct timezone *tz)
2170 { 2170 {
2171 return cap_settime(ts, tz); 2171 return cap_settime(ts, tz);
2172 } 2172 }
2173 2173
2174 static inline int security_vm_enough_memory(long pages) 2174 static inline int security_vm_enough_memory(long pages)
2175 { 2175 {
2176 return cap_vm_enough_memory(pages); 2176 return cap_vm_enough_memory(pages);
2177 } 2177 }
2178 2178
2179 static inline int security_bprm_alloc (struct linux_binprm *bprm) 2179 static inline int security_bprm_alloc (struct linux_binprm *bprm)
2180 { 2180 {
2181 return 0; 2181 return 0;
2182 } 2182 }
2183 2183
2184 static inline void security_bprm_free (struct linux_binprm *bprm) 2184 static inline void security_bprm_free (struct linux_binprm *bprm)
2185 { } 2185 { }
2186 2186
2187 static inline void security_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) 2187 static inline void security_bprm_apply_creds (struct linux_binprm *bprm, int unsafe)
2188 { 2188 {
2189 cap_bprm_apply_creds (bprm, unsafe); 2189 cap_bprm_apply_creds (bprm, unsafe);
2190 } 2190 }
2191 2191
2192 static inline void security_bprm_post_apply_creds (struct linux_binprm *bprm) 2192 static inline void security_bprm_post_apply_creds (struct linux_binprm *bprm)
2193 { 2193 {
2194 return; 2194 return;
2195 } 2195 }
2196 2196
2197 static inline int security_bprm_set (struct linux_binprm *bprm) 2197 static inline int security_bprm_set (struct linux_binprm *bprm)
2198 { 2198 {
2199 return cap_bprm_set_security (bprm); 2199 return cap_bprm_set_security (bprm);
2200 } 2200 }
2201 2201
2202 static inline int security_bprm_check (struct linux_binprm *bprm) 2202 static inline int security_bprm_check (struct linux_binprm *bprm)
2203 { 2203 {
2204 return 0; 2204 return 0;
2205 } 2205 }
2206 2206
2207 static inline int security_bprm_secureexec (struct linux_binprm *bprm) 2207 static inline int security_bprm_secureexec (struct linux_binprm *bprm)
2208 { 2208 {
2209 return cap_bprm_secureexec(bprm); 2209 return cap_bprm_secureexec(bprm);
2210 } 2210 }
2211 2211
2212 static inline int security_sb_alloc (struct super_block *sb) 2212 static inline int security_sb_alloc (struct super_block *sb)
2213 { 2213 {
2214 return 0; 2214 return 0;
2215 } 2215 }
2216 2216
2217 static inline void security_sb_free (struct super_block *sb) 2217 static inline void security_sb_free (struct super_block *sb)
2218 { } 2218 { }
2219 2219
2220 static inline int security_sb_copy_data (struct file_system_type *type, 2220 static inline int security_sb_copy_data (struct file_system_type *type,
2221 void *orig, void *copy) 2221 void *orig, void *copy)
2222 { 2222 {
2223 return 0; 2223 return 0;
2224 } 2224 }
2225 2225
2226 static inline int security_sb_kern_mount (struct super_block *sb, void *data) 2226 static inline int security_sb_kern_mount (struct super_block *sb, void *data)
2227 { 2227 {
2228 return 0; 2228 return 0;
2229 } 2229 }
2230 2230
2231 static inline int security_sb_statfs (struct dentry *dentry) 2231 static inline int security_sb_statfs (struct dentry *dentry)
2232 { 2232 {
2233 return 0; 2233 return 0;
2234 } 2234 }
2235 2235
2236 static inline int security_sb_mount (char *dev_name, struct nameidata *nd, 2236 static inline int security_sb_mount (char *dev_name, struct nameidata *nd,
2237 char *type, unsigned long flags, 2237 char *type, unsigned long flags,
2238 void *data) 2238 void *data)
2239 { 2239 {
2240 return 0; 2240 return 0;
2241 } 2241 }
2242 2242
2243 static inline int security_sb_check_sb (struct vfsmount *mnt, 2243 static inline int security_sb_check_sb (struct vfsmount *mnt,
2244 struct nameidata *nd) 2244 struct nameidata *nd)
2245 { 2245 {
2246 return 0; 2246 return 0;
2247 } 2247 }
2248 2248
2249 static inline int security_sb_umount (struct vfsmount *mnt, int flags) 2249 static inline int security_sb_umount (struct vfsmount *mnt, int flags)
2250 { 2250 {
2251 return 0; 2251 return 0;
2252 } 2252 }
2253 2253
2254 static inline void security_sb_umount_close (struct vfsmount *mnt) 2254 static inline void security_sb_umount_close (struct vfsmount *mnt)
2255 { } 2255 { }
2256 2256
2257 static inline void security_sb_umount_busy (struct vfsmount *mnt) 2257 static inline void security_sb_umount_busy (struct vfsmount *mnt)
2258 { } 2258 { }
2259 2259
2260 static inline void security_sb_post_remount (struct vfsmount *mnt, 2260 static inline void security_sb_post_remount (struct vfsmount *mnt,
2261 unsigned long flags, void *data) 2261 unsigned long flags, void *data)
2262 { } 2262 { }
2263 2263
2264 static inline void security_sb_post_mountroot (void) 2264 static inline void security_sb_post_mountroot (void)
2265 { } 2265 { }
2266 2266
2267 static inline void security_sb_post_addmount (struct vfsmount *mnt, 2267 static inline void security_sb_post_addmount (struct vfsmount *mnt,
2268 struct nameidata *mountpoint_nd) 2268 struct nameidata *mountpoint_nd)
2269 { } 2269 { }
2270 2270
2271 static inline int security_sb_pivotroot (struct nameidata *old_nd, 2271 static inline int security_sb_pivotroot (struct nameidata *old_nd,
2272 struct nameidata *new_nd) 2272 struct nameidata *new_nd)
2273 { 2273 {
2274 return 0; 2274 return 0;
2275 } 2275 }
2276 2276
2277 static inline void security_sb_post_pivotroot (struct nameidata *old_nd, 2277 static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
2278 struct nameidata *new_nd) 2278 struct nameidata *new_nd)
2279 { } 2279 { }
2280 2280
2281 static inline int security_inode_alloc (struct inode *inode) 2281 static inline int security_inode_alloc (struct inode *inode)
2282 { 2282 {
2283 return 0; 2283 return 0;
2284 } 2284 }
2285 2285
2286 static inline void security_inode_free (struct inode *inode) 2286 static inline void security_inode_free (struct inode *inode)
2287 { } 2287 { }
2288 2288
2289 static inline int security_inode_init_security (struct inode *inode, 2289 static inline int security_inode_init_security (struct inode *inode,
2290 struct inode *dir, 2290 struct inode *dir,
2291 char **name, 2291 char **name,
2292 void **value, 2292 void **value,
2293 size_t *len) 2293 size_t *len)
2294 { 2294 {
2295 return -EOPNOTSUPP; 2295 return -EOPNOTSUPP;
2296 } 2296 }
2297 2297
2298 static inline int security_inode_create (struct inode *dir, 2298 static inline int security_inode_create (struct inode *dir,
2299 struct dentry *dentry, 2299 struct dentry *dentry,
2300 int mode) 2300 int mode)
2301 { 2301 {
2302 return 0; 2302 return 0;
2303 } 2303 }
2304 2304
2305 static inline int security_inode_link (struct dentry *old_dentry, 2305 static inline int security_inode_link (struct dentry *old_dentry,
2306 struct inode *dir, 2306 struct inode *dir,
2307 struct dentry *new_dentry) 2307 struct dentry *new_dentry)
2308 { 2308 {
2309 return 0; 2309 return 0;
2310 } 2310 }
2311 2311
2312 static inline int security_inode_unlink (struct inode *dir, 2312 static inline int security_inode_unlink (struct inode *dir,
2313 struct dentry *dentry) 2313 struct dentry *dentry)
2314 { 2314 {
2315 return 0; 2315 return 0;
2316 } 2316 }
2317 2317
2318 static inline int security_inode_symlink (struct inode *dir, 2318 static inline int security_inode_symlink (struct inode *dir,
2319 struct dentry *dentry, 2319 struct dentry *dentry,
2320 const char *old_name) 2320 const char *old_name)
2321 { 2321 {
2322 return 0; 2322 return 0;
2323 } 2323 }
2324 2324
2325 static inline int security_inode_mkdir (struct inode *dir, 2325 static inline int security_inode_mkdir (struct inode *dir,
2326 struct dentry *dentry, 2326 struct dentry *dentry,
2327 int mode) 2327 int mode)
2328 { 2328 {
2329 return 0; 2329 return 0;
2330 } 2330 }
2331 2331
2332 static inline int security_inode_rmdir (struct inode *dir, 2332 static inline int security_inode_rmdir (struct inode *dir,
2333 struct dentry *dentry) 2333 struct dentry *dentry)
2334 { 2334 {
2335 return 0; 2335 return 0;
2336 } 2336 }
2337 2337
2338 static inline int security_inode_mknod (struct inode *dir, 2338 static inline int security_inode_mknod (struct inode *dir,
2339 struct dentry *dentry, 2339 struct dentry *dentry,
2340 int mode, dev_t dev) 2340 int mode, dev_t dev)
2341 { 2341 {
2342 return 0; 2342 return 0;
2343 } 2343 }
2344 2344
2345 static inline int security_inode_rename (struct inode *old_dir, 2345 static inline int security_inode_rename (struct inode *old_dir,
2346 struct dentry *old_dentry, 2346 struct dentry *old_dentry,
2347 struct inode *new_dir, 2347 struct inode *new_dir,
2348 struct dentry *new_dentry) 2348 struct dentry *new_dentry)
2349 { 2349 {
2350 return 0; 2350 return 0;
2351 } 2351 }
2352 2352
2353 static inline int security_inode_readlink (struct dentry *dentry) 2353 static inline int security_inode_readlink (struct dentry *dentry)
2354 { 2354 {
2355 return 0; 2355 return 0;
2356 } 2356 }
2357 2357
2358 static inline int security_inode_follow_link (struct dentry *dentry, 2358 static inline int security_inode_follow_link (struct dentry *dentry,
2359 struct nameidata *nd) 2359 struct nameidata *nd)
2360 { 2360 {
2361 return 0; 2361 return 0;
2362 } 2362 }
2363 2363
2364 static inline int security_inode_permission (struct inode *inode, int mask, 2364 static inline int security_inode_permission (struct inode *inode, int mask,
2365 struct nameidata *nd) 2365 struct nameidata *nd)
2366 { 2366 {
2367 return 0; 2367 return 0;
2368 } 2368 }
2369 2369
2370 static inline int security_inode_setattr (struct dentry *dentry, 2370 static inline int security_inode_setattr (struct dentry *dentry,
2371 struct iattr *attr) 2371 struct iattr *attr)
2372 { 2372 {
2373 return 0; 2373 return 0;
2374 } 2374 }
2375 2375
2376 static inline int security_inode_getattr (struct vfsmount *mnt, 2376 static inline int security_inode_getattr (struct vfsmount *mnt,
2377 struct dentry *dentry) 2377 struct dentry *dentry)
2378 { 2378 {
2379 return 0; 2379 return 0;
2380 } 2380 }
2381 2381
2382 static inline void security_inode_delete (struct inode *inode) 2382 static inline void security_inode_delete (struct inode *inode)
2383 { } 2383 { }
2384 2384
2385 static inline int security_inode_setxattr (struct dentry *dentry, char *name, 2385 static inline int security_inode_setxattr (struct dentry *dentry, char *name,
2386 void *value, size_t size, int flags) 2386 void *value, size_t size, int flags)
2387 { 2387 {
2388 return cap_inode_setxattr(dentry, name, value, size, flags); 2388 return cap_inode_setxattr(dentry, name, value, size, flags);
2389 } 2389 }
2390 2390
2391 static inline void security_inode_post_setxattr (struct dentry *dentry, char *name, 2391 static inline void security_inode_post_setxattr (struct dentry *dentry, char *name,
2392 void *value, size_t size, int flags) 2392 void *value, size_t size, int flags)
2393 { } 2393 { }
2394 2394
2395 static inline int security_inode_getxattr (struct dentry *dentry, char *name) 2395 static inline int security_inode_getxattr (struct dentry *dentry, char *name)
2396 { 2396 {
2397 return 0; 2397 return 0;
2398 } 2398 }
2399 2399
2400 static inline int security_inode_listxattr (struct dentry *dentry) 2400 static inline int security_inode_listxattr (struct dentry *dentry)
2401 { 2401 {
2402 return 0; 2402 return 0;
2403 } 2403 }
2404 2404
2405 static inline int security_inode_removexattr (struct dentry *dentry, char *name) 2405 static inline int security_inode_removexattr (struct dentry *dentry, char *name)
2406 { 2406 {
2407 return cap_inode_removexattr(dentry, name); 2407 return cap_inode_removexattr(dentry, name);
2408 } 2408 }
2409 2409
2410 static inline const char *security_inode_xattr_getsuffix (void) 2410 static inline const char *security_inode_xattr_getsuffix (void)
2411 { 2411 {
2412 return NULL ; 2412 return NULL ;
2413 } 2413 }
2414 2414
2415 static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) 2415 static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
2416 { 2416 {
2417 return -EOPNOTSUPP; 2417 return -EOPNOTSUPP;
2418 } 2418 }
2419 2419
2420 static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) 2420 static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
2421 { 2421 {
2422 return -EOPNOTSUPP; 2422 return -EOPNOTSUPP;
2423 } 2423 }
2424 2424
2425 static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) 2425 static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2426 { 2426 {
2427 return 0; 2427 return 0;
2428 } 2428 }
2429 2429
2430 static inline int security_file_permission (struct file *file, int mask) 2430 static inline int security_file_permission (struct file *file, int mask)
2431 { 2431 {
2432 return 0; 2432 return 0;
2433 } 2433 }
2434 2434
2435 static inline int security_file_alloc (struct file *file) 2435 static inline int security_file_alloc (struct file *file)
2436 { 2436 {
2437 return 0; 2437 return 0;
2438 } 2438 }
2439 2439
2440 static inline void security_file_free (struct file *file) 2440 static inline void security_file_free (struct file *file)
2441 { } 2441 { }
2442 2442
2443 static inline int security_file_ioctl (struct file *file, unsigned int cmd, 2443 static inline int security_file_ioctl (struct file *file, unsigned int cmd,
2444 unsigned long arg) 2444 unsigned long arg)
2445 { 2445 {
2446 return 0; 2446 return 0;
2447 } 2447 }
2448 2448
2449 static inline int security_file_mmap (struct file *file, unsigned long reqprot, 2449 static inline int security_file_mmap (struct file *file, unsigned long reqprot,
2450 unsigned long prot, 2450 unsigned long prot,
2451 unsigned long flags) 2451 unsigned long flags)
2452 { 2452 {
2453 return 0; 2453 return 0;
2454 } 2454 }
2455 2455
2456 static inline int security_file_mprotect (struct vm_area_struct *vma, 2456 static inline int security_file_mprotect (struct vm_area_struct *vma,
2457 unsigned long reqprot, 2457 unsigned long reqprot,
2458 unsigned long prot) 2458 unsigned long prot)
2459 { 2459 {
2460 return 0; 2460 return 0;
2461 } 2461 }
2462 2462
2463 static inline int security_file_lock (struct file *file, unsigned int cmd) 2463 static inline int security_file_lock (struct file *file, unsigned int cmd)
2464 { 2464 {
2465 return 0; 2465 return 0;
2466 } 2466 }
2467 2467
2468 static inline int security_file_fcntl (struct file *file, unsigned int cmd, 2468 static inline int security_file_fcntl (struct file *file, unsigned int cmd,
2469 unsigned long arg) 2469 unsigned long arg)
2470 { 2470 {
2471 return 0; 2471 return 0;
2472 } 2472 }
2473 2473
2474 static inline int security_file_set_fowner (struct file *file) 2474 static inline int security_file_set_fowner (struct file *file)
2475 { 2475 {
2476 return 0; 2476 return 0;
2477 } 2477 }
2478 2478
2479 static inline int security_file_send_sigiotask (struct task_struct *tsk, 2479 static inline int security_file_send_sigiotask (struct task_struct *tsk,
2480 struct fown_struct *fown, 2480 struct fown_struct *fown,
2481 int sig) 2481 int sig)
2482 { 2482 {
2483 return 0; 2483 return 0;
2484 } 2484 }
2485 2485
2486 static inline int security_file_receive (struct file *file) 2486 static inline int security_file_receive (struct file *file)
2487 { 2487 {
2488 return 0; 2488 return 0;
2489 } 2489 }
2490 2490
2491 static inline int security_task_create (unsigned long clone_flags) 2491 static inline int security_task_create (unsigned long clone_flags)
2492 { 2492 {
2493 return 0; 2493 return 0;
2494 } 2494 }
2495 2495
2496 static inline int security_task_alloc (struct task_struct *p) 2496 static inline int security_task_alloc (struct task_struct *p)
2497 { 2497 {
2498 return 0; 2498 return 0;
2499 } 2499 }
2500 2500
2501 static inline void security_task_free (struct task_struct *p) 2501 static inline void security_task_free (struct task_struct *p)
2502 { } 2502 { }
2503 2503
2504 static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2, 2504 static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2,
2505 int flags) 2505 int flags)
2506 { 2506 {
2507 return 0; 2507 return 0;
2508 } 2508 }
2509 2509
2510 static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid, 2510 static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid,
2511 uid_t old_suid, int flags) 2511 uid_t old_suid, int flags)
2512 { 2512 {
2513 return cap_task_post_setuid (old_ruid, old_euid, old_suid, flags); 2513 return cap_task_post_setuid (old_ruid, old_euid, old_suid, flags);
2514 } 2514 }
2515 2515
2516 static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2, 2516 static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2,
2517 int flags) 2517 int flags)
2518 { 2518 {
2519 return 0; 2519 return 0;
2520 } 2520 }
2521 2521
2522 static inline int security_task_setpgid (struct task_struct *p, pid_t pgid) 2522 static inline int security_task_setpgid (struct task_struct *p, pid_t pgid)
2523 { 2523 {
2524 return 0; 2524 return 0;
2525 } 2525 }
2526 2526
2527 static inline int security_task_getpgid (struct task_struct *p) 2527 static inline int security_task_getpgid (struct task_struct *p)
2528 { 2528 {
2529 return 0; 2529 return 0;
2530 } 2530 }
2531 2531
2532 static inline int security_task_getsid (struct task_struct *p) 2532 static inline int security_task_getsid (struct task_struct *p)
2533 { 2533 {
2534 return 0; 2534 return 0;
2535 } 2535 }
2536 2536
2537 static inline void security_task_getsecid (struct task_struct *p, u32 *secid) 2537 static inline void security_task_getsecid (struct task_struct *p, u32 *secid)
2538 { } 2538 { }
2539 2539
2540 static inline int security_task_setgroups (struct group_info *group_info) 2540 static inline int security_task_setgroups (struct group_info *group_info)
2541 { 2541 {
2542 return 0; 2542 return 0;
2543 } 2543 }
2544 2544
2545 static inline int security_task_setnice (struct task_struct *p, int nice) 2545 static inline int security_task_setnice (struct task_struct *p, int nice)
2546 { 2546 {
2547 return 0; 2547 return 0;
2548 } 2548 }
2549 2549
2550 static inline int security_task_setioprio (struct task_struct *p, int ioprio) 2550 static inline int security_task_setioprio (struct task_struct *p, int ioprio)
2551 { 2551 {
2552 return 0; 2552 return 0;
2553 } 2553 }
2554 2554
2555 static inline int security_task_getioprio (struct task_struct *p) 2555 static inline int security_task_getioprio (struct task_struct *p)
2556 { 2556 {
2557 return 0; 2557 return 0;
2558 } 2558 }
2559 2559
2560 static inline int security_task_setrlimit (unsigned int resource, 2560 static inline int security_task_setrlimit (unsigned int resource,
2561 struct rlimit *new_rlim) 2561 struct rlimit *new_rlim)
2562 { 2562 {
2563 return 0; 2563 return 0;
2564 } 2564 }
2565 2565
2566 static inline int security_task_setscheduler (struct task_struct *p, 2566 static inline int security_task_setscheduler (struct task_struct *p,
2567 int policy, 2567 int policy,
2568 struct sched_param *lp) 2568 struct sched_param *lp)
2569 { 2569 {
2570 return 0; 2570 return 0;
2571 } 2571 }
2572 2572
2573 static inline int security_task_getscheduler (struct task_struct *p) 2573 static inline int security_task_getscheduler (struct task_struct *p)
2574 { 2574 {
2575 return 0; 2575 return 0;
2576 } 2576 }
2577 2577
2578 static inline int security_task_movememory (struct task_struct *p) 2578 static inline int security_task_movememory (struct task_struct *p)
2579 { 2579 {
2580 return 0; 2580 return 0;
2581 } 2581 }
2582 2582
2583 static inline int security_task_kill (struct task_struct *p, 2583 static inline int security_task_kill (struct task_struct *p,
2584 struct siginfo *info, int sig, 2584 struct siginfo *info, int sig,
2585 u32 secid) 2585 u32 secid)
2586 { 2586 {
2587 return 0; 2587 return 0;
2588 } 2588 }
2589 2589
2590 static inline int security_task_wait (struct task_struct *p) 2590 static inline int security_task_wait (struct task_struct *p)
2591 { 2591 {
2592 return 0; 2592 return 0;
2593 } 2593 }
2594 2594
2595 static inline int security_task_prctl (int option, unsigned long arg2, 2595 static inline int security_task_prctl (int option, unsigned long arg2,
2596 unsigned long arg3, 2596 unsigned long arg3,
2597 unsigned long arg4, 2597 unsigned long arg4,
2598 unsigned long arg5) 2598 unsigned long arg5)
2599 { 2599 {
2600 return 0; 2600 return 0;
2601 } 2601 }
2602 2602
2603 static inline void security_task_reparent_to_init (struct task_struct *p) 2603 static inline void security_task_reparent_to_init (struct task_struct *p)
2604 { 2604 {
2605 cap_task_reparent_to_init (p); 2605 cap_task_reparent_to_init (p);
2606 } 2606 }
2607 2607
2608 static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) 2608 static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
2609 { } 2609 { }
2610 2610
2611 static inline int security_ipc_permission (struct kern_ipc_perm *ipcp, 2611 static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
2612 short flag) 2612 short flag)
2613 { 2613 {
2614 return 0; 2614 return 0;
2615 } 2615 }
2616 2616
2617 static inline int security_msg_msg_alloc (struct msg_msg * msg) 2617 static inline int security_msg_msg_alloc (struct msg_msg * msg)
2618 { 2618 {
2619 return 0; 2619 return 0;
2620 } 2620 }
2621 2621
2622 static inline void security_msg_msg_free (struct msg_msg * msg) 2622 static inline void security_msg_msg_free (struct msg_msg * msg)
2623 { } 2623 { }
2624 2624
2625 static inline int security_msg_queue_alloc (struct msg_queue *msq) 2625 static inline int security_msg_queue_alloc (struct msg_queue *msq)
2626 { 2626 {
2627 return 0; 2627 return 0;
2628 } 2628 }
2629 2629
2630 static inline void security_msg_queue_free (struct msg_queue *msq) 2630 static inline void security_msg_queue_free (struct msg_queue *msq)
2631 { } 2631 { }
2632 2632
2633 static inline int security_msg_queue_associate (struct msg_queue * msq, 2633 static inline int security_msg_queue_associate (struct msg_queue * msq,
2634 int msqflg) 2634 int msqflg)
2635 { 2635 {
2636 return 0; 2636 return 0;
2637 } 2637 }
2638 2638
2639 static inline int security_msg_queue_msgctl (struct msg_queue * msq, int cmd) 2639 static inline int security_msg_queue_msgctl (struct msg_queue * msq, int cmd)
2640 { 2640 {
2641 return 0; 2641 return 0;
2642 } 2642 }
2643 2643
2644 static inline int security_msg_queue_msgsnd (struct msg_queue * msq, 2644 static inline int security_msg_queue_msgsnd (struct msg_queue * msq,
2645 struct msg_msg * msg, int msqflg) 2645 struct msg_msg * msg, int msqflg)
2646 { 2646 {
2647 return 0; 2647 return 0;
2648 } 2648 }
2649 2649
2650 static inline int security_msg_queue_msgrcv (struct msg_queue * msq, 2650 static inline int security_msg_queue_msgrcv (struct msg_queue * msq,
2651 struct msg_msg * msg, 2651 struct msg_msg * msg,
2652 struct task_struct * target, 2652 struct task_struct * target,
2653 long type, int mode) 2653 long type, int mode)
2654 { 2654 {
2655 return 0; 2655 return 0;
2656 } 2656 }
2657 2657
2658 static inline int security_shm_alloc (struct shmid_kernel *shp) 2658 static inline int security_shm_alloc (struct shmid_kernel *shp)
2659 { 2659 {
2660 return 0; 2660 return 0;
2661 } 2661 }
2662 2662
2663 static inline void security_shm_free (struct shmid_kernel *shp) 2663 static inline void security_shm_free (struct shmid_kernel *shp)
2664 { } 2664 { }
2665 2665
2666 static inline int security_shm_associate (struct shmid_kernel * shp, 2666 static inline int security_shm_associate (struct shmid_kernel * shp,
2667 int shmflg) 2667 int shmflg)
2668 { 2668 {
2669 return 0; 2669 return 0;
2670 } 2670 }
2671 2671
2672 static inline int security_shm_shmctl (struct shmid_kernel * shp, int cmd) 2672 static inline int security_shm_shmctl (struct shmid_kernel * shp, int cmd)
2673 { 2673 {
2674 return 0; 2674 return 0;
2675 } 2675 }
2676 2676
2677 static inline int security_shm_shmat (struct shmid_kernel * shp, 2677 static inline int security_shm_shmat (struct shmid_kernel * shp,
2678 char __user *shmaddr, int shmflg) 2678 char __user *shmaddr, int shmflg)
2679 { 2679 {
2680 return 0; 2680 return 0;
2681 } 2681 }
2682 2682
2683 static inline int security_sem_alloc (struct sem_array *sma) 2683 static inline int security_sem_alloc (struct sem_array *sma)
2684 { 2684 {
2685 return 0; 2685 return 0;
2686 } 2686 }
2687 2687
2688 static inline void security_sem_free (struct sem_array *sma) 2688 static inline void security_sem_free (struct sem_array *sma)
2689 { } 2689 { }
2690 2690
2691 static inline int security_sem_associate (struct sem_array * sma, int semflg) 2691 static inline int security_sem_associate (struct sem_array * sma, int semflg)
2692 { 2692 {
2693 return 0; 2693 return 0;
2694 } 2694 }
2695 2695
2696 static inline int security_sem_semctl (struct sem_array * sma, int cmd) 2696 static inline int security_sem_semctl (struct sem_array * sma, int cmd)
2697 { 2697 {
2698 return 0; 2698 return 0;
2699 } 2699 }
2700 2700
2701 static inline int security_sem_semop (struct sem_array * sma, 2701 static inline int security_sem_semop (struct sem_array * sma,
2702 struct sembuf * sops, unsigned nsops, 2702 struct sembuf * sops, unsigned nsops,
2703 int alter) 2703 int alter)
2704 { 2704 {
2705 return 0; 2705 return 0;
2706 } 2706 }
2707 2707
2708 static inline void security_d_instantiate (struct dentry *dentry, struct inode *inode) 2708 static inline void security_d_instantiate (struct dentry *dentry, struct inode *inode)
2709 { } 2709 { }
2710 2710
2711 static inline int security_getprocattr(struct task_struct *p, char *name, void *value, size_t size) 2711 static inline int security_getprocattr(struct task_struct *p, char *name, void *value, size_t size)
2712 { 2712 {
2713 return -EINVAL; 2713 return -EINVAL;
2714 } 2714 }
2715 2715
2716 static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size) 2716 static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
2717 { 2717 {
2718 return -EINVAL; 2718 return -EINVAL;
2719 } 2719 }
2720 2720
2721 static inline int security_netlink_send (struct sock *sk, struct sk_buff *skb) 2721 static inline int security_netlink_send (struct sock *sk, struct sk_buff *skb)
2722 { 2722 {
2723 return cap_netlink_send (sk, skb); 2723 return cap_netlink_send (sk, skb);
2724 } 2724 }
2725 2725
2726 static inline int security_netlink_recv (struct sk_buff *skb, int cap) 2726 static inline int security_netlink_recv (struct sk_buff *skb, int cap)
2727 { 2727 {
2728 return cap_netlink_recv (skb, cap); 2728 return cap_netlink_recv (skb, cap);
2729 } 2729 }
2730 2730
2731 static inline struct dentry *securityfs_create_dir(const char *name, 2731 static inline struct dentry *securityfs_create_dir(const char *name,
2732 struct dentry *parent) 2732 struct dentry *parent)
2733 { 2733 {
2734 return ERR_PTR(-ENODEV); 2734 return ERR_PTR(-ENODEV);
2735 } 2735 }
2736 2736
2737 static inline struct dentry *securityfs_create_file(const char *name, 2737 static inline struct dentry *securityfs_create_file(const char *name,
2738 mode_t mode, 2738 mode_t mode,
2739 struct dentry *parent, 2739 struct dentry *parent,
2740 void *data, 2740 void *data,
2741 struct file_operations *fops) 2741 struct file_operations *fops)
2742 { 2742 {
2743 return ERR_PTR(-ENODEV); 2743 return ERR_PTR(-ENODEV);
2744 } 2744 }
2745 2745
2746 static inline void securityfs_remove(struct dentry *dentry) 2746 static inline void securityfs_remove(struct dentry *dentry)
2747 { 2747 {
2748 } 2748 }
2749 2749
2750 static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 2750 static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
2751 { 2751 {
2752 return -EOPNOTSUPP; 2752 return -EOPNOTSUPP;
2753 } 2753 }
2754 2754
2755 static inline void security_release_secctx(char *secdata, u32 seclen) 2755 static inline void security_release_secctx(char *secdata, u32 seclen)
2756 { 2756 {
2757 return -EOPNOTSUPP;
2758 } 2757 }
2759 #endif /* CONFIG_SECURITY */ 2758 #endif /* CONFIG_SECURITY */
2760 2759
2761 #ifdef CONFIG_SECURITY_NETWORK 2760 #ifdef CONFIG_SECURITY_NETWORK
2762 static inline int security_unix_stream_connect(struct socket * sock, 2761 static inline int security_unix_stream_connect(struct socket * sock,
2763 struct socket * other, 2762 struct socket * other,
2764 struct sock * newsk) 2763 struct sock * newsk)
2765 { 2764 {
2766 return security_ops->unix_stream_connect(sock, other, newsk); 2765 return security_ops->unix_stream_connect(sock, other, newsk);
2767 } 2766 }
2768 2767
2769 2768
2770 static inline int security_unix_may_send(struct socket * sock, 2769 static inline int security_unix_may_send(struct socket * sock,
2771 struct socket * other) 2770 struct socket * other)
2772 { 2771 {
2773 return security_ops->unix_may_send(sock, other); 2772 return security_ops->unix_may_send(sock, other);
2774 } 2773 }
2775 2774
2776 static inline int security_socket_create (int family, int type, 2775 static inline int security_socket_create (int family, int type,
2777 int protocol, int kern) 2776 int protocol, int kern)
2778 { 2777 {
2779 return security_ops->socket_create(family, type, protocol, kern); 2778 return security_ops->socket_create(family, type, protocol, kern);
2780 } 2779 }
2781 2780
2782 static inline void security_socket_post_create(struct socket * sock, 2781 static inline void security_socket_post_create(struct socket * sock,
2783 int family, 2782 int family,
2784 int type, 2783 int type,
2785 int protocol, int kern) 2784 int protocol, int kern)
2786 { 2785 {
2787 security_ops->socket_post_create(sock, family, type, 2786 security_ops->socket_post_create(sock, family, type,
2788 protocol, kern); 2787 protocol, kern);
2789 } 2788 }
2790 2789
2791 static inline int security_socket_bind(struct socket * sock, 2790 static inline int security_socket_bind(struct socket * sock,
2792 struct sockaddr * address, 2791 struct sockaddr * address,
2793 int addrlen) 2792 int addrlen)
2794 { 2793 {
2795 return security_ops->socket_bind(sock, address, addrlen); 2794 return security_ops->socket_bind(sock, address, addrlen);
2796 } 2795 }
2797 2796
2798 static inline int security_socket_connect(struct socket * sock, 2797 static inline int security_socket_connect(struct socket * sock,
2799 struct sockaddr * address, 2798 struct sockaddr * address,
2800 int addrlen) 2799 int addrlen)
2801 { 2800 {
2802 return security_ops->socket_connect(sock, address, addrlen); 2801 return security_ops->socket_connect(sock, address, addrlen);
2803 } 2802 }
2804 2803
2805 static inline int security_socket_listen(struct socket * sock, int backlog) 2804 static inline int security_socket_listen(struct socket * sock, int backlog)
2806 { 2805 {
2807 return security_ops->socket_listen(sock, backlog); 2806 return security_ops->socket_listen(sock, backlog);
2808 } 2807 }
2809 2808
2810 static inline int security_socket_accept(struct socket * sock, 2809 static inline int security_socket_accept(struct socket * sock,
2811 struct socket * newsock) 2810 struct socket * newsock)
2812 { 2811 {
2813 return security_ops->socket_accept(sock, newsock); 2812 return security_ops->socket_accept(sock, newsock);
2814 } 2813 }
2815 2814
2816 static inline void security_socket_post_accept(struct socket * sock, 2815 static inline void security_socket_post_accept(struct socket * sock,
2817 struct socket * newsock) 2816 struct socket * newsock)
2818 { 2817 {
2819 security_ops->socket_post_accept(sock, newsock); 2818 security_ops->socket_post_accept(sock, newsock);
2820 } 2819 }
2821 2820
2822 static inline int security_socket_sendmsg(struct socket * sock, 2821 static inline int security_socket_sendmsg(struct socket * sock,
2823 struct msghdr * msg, int size) 2822 struct msghdr * msg, int size)
2824 { 2823 {
2825 return security_ops->socket_sendmsg(sock, msg, size); 2824 return security_ops->socket_sendmsg(sock, msg, size);
2826 } 2825 }
2827 2826
2828 static inline int security_socket_recvmsg(struct socket * sock, 2827 static inline int security_socket_recvmsg(struct socket * sock,
2829 struct msghdr * msg, int size, 2828 struct msghdr * msg, int size,
2830 int flags) 2829 int flags)
2831 { 2830 {
2832 return security_ops->socket_recvmsg(sock, msg, size, flags); 2831 return security_ops->socket_recvmsg(sock, msg, size, flags);
2833 } 2832 }
2834 2833
2835 static inline int security_socket_getsockname(struct socket * sock) 2834 static inline int security_socket_getsockname(struct socket * sock)
2836 { 2835 {
2837 return security_ops->socket_getsockname(sock); 2836 return security_ops->socket_getsockname(sock);
2838 } 2837 }
2839 2838
2840 static inline int security_socket_getpeername(struct socket * sock) 2839 static inline int security_socket_getpeername(struct socket * sock)
2841 { 2840 {
2842 return security_ops->socket_getpeername(sock); 2841 return security_ops->socket_getpeername(sock);
2843 } 2842 }
2844 2843
2845 static inline int security_socket_getsockopt(struct socket * sock, 2844 static inline int security_socket_getsockopt(struct socket * sock,
2846 int level, int optname) 2845 int level, int optname)
2847 { 2846 {
2848 return security_ops->socket_getsockopt(sock, level, optname); 2847 return security_ops->socket_getsockopt(sock, level, optname);
2849 } 2848 }
2850 2849
2851 static inline int security_socket_setsockopt(struct socket * sock, 2850 static inline int security_socket_setsockopt(struct socket * sock,
2852 int level, int optname) 2851 int level, int optname)
2853 { 2852 {
2854 return security_ops->socket_setsockopt(sock, level, optname); 2853 return security_ops->socket_setsockopt(sock, level, optname);
2855 } 2854 }
2856 2855
2857 static inline int security_socket_shutdown(struct socket * sock, int how) 2856 static inline int security_socket_shutdown(struct socket * sock, int how)
2858 { 2857 {
2859 return security_ops->socket_shutdown(sock, how); 2858 return security_ops->socket_shutdown(sock, how);
2860 } 2859 }
2861 2860
2862 static inline int security_sock_rcv_skb (struct sock * sk, 2861 static inline int security_sock_rcv_skb (struct sock * sk,
2863 struct sk_buff * skb) 2862 struct sk_buff * skb)
2864 { 2863 {
2865 return security_ops->socket_sock_rcv_skb (sk, skb); 2864 return security_ops->socket_sock_rcv_skb (sk, skb);
2866 } 2865 }
2867 2866
2868 static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, 2867 static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
2869 int __user *optlen, unsigned len) 2868 int __user *optlen, unsigned len)
2870 { 2869 {
2871 return security_ops->socket_getpeersec_stream(sock, optval, optlen, len); 2870 return security_ops->socket_getpeersec_stream(sock, optval, optlen, len);
2872 } 2871 }
2873 2872
2874 static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) 2873 static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
2875 { 2874 {
2876 return security_ops->socket_getpeersec_dgram(sock, skb, secid); 2875 return security_ops->socket_getpeersec_dgram(sock, skb, secid);
2877 } 2876 }
2878 2877
2879 static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority) 2878 static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
2880 { 2879 {
2881 return security_ops->sk_alloc_security(sk, family, priority); 2880 return security_ops->sk_alloc_security(sk, family, priority);
2882 } 2881 }
2883 2882
2884 static inline void security_sk_free(struct sock *sk) 2883 static inline void security_sk_free(struct sock *sk)
2885 { 2884 {
2886 return security_ops->sk_free_security(sk); 2885 return security_ops->sk_free_security(sk);
2887 } 2886 }
2888 2887
2889 static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir) 2888 static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir)
2890 { 2889 {
2891 return security_ops->sk_getsid(sk, fl, dir); 2890 return security_ops->sk_getsid(sk, fl, dir);
2892 } 2891 }
2893 #else /* CONFIG_SECURITY_NETWORK */ 2892 #else /* CONFIG_SECURITY_NETWORK */
2894 static inline int security_unix_stream_connect(struct socket * sock, 2893 static inline int security_unix_stream_connect(struct socket * sock,
2895 struct socket * other, 2894 struct socket * other,
2896 struct sock * newsk) 2895 struct sock * newsk)
2897 { 2896 {
2898 return 0; 2897 return 0;
2899 } 2898 }
2900 2899
2901 static inline int security_unix_may_send(struct socket * sock, 2900 static inline int security_unix_may_send(struct socket * sock,
2902 struct socket * other) 2901 struct socket * other)
2903 { 2902 {
2904 return 0; 2903 return 0;
2905 } 2904 }
2906 2905
2907 static inline int security_socket_create (int family, int type, 2906 static inline int security_socket_create (int family, int type,
2908 int protocol, int kern) 2907 int protocol, int kern)
2909 { 2908 {
2910 return 0; 2909 return 0;
2911 } 2910 }
2912 2911
2913 static inline void security_socket_post_create(struct socket * sock, 2912 static inline void security_socket_post_create(struct socket * sock,
2914 int family, 2913 int family,
2915 int type, 2914 int type,
2916 int protocol, int kern) 2915 int protocol, int kern)
2917 { 2916 {
2918 } 2917 }
2919 2918
2920 static inline int security_socket_bind(struct socket * sock, 2919 static inline int security_socket_bind(struct socket * sock,
2921 struct sockaddr * address, 2920 struct sockaddr * address,
2922 int addrlen) 2921 int addrlen)
2923 { 2922 {
2924 return 0; 2923 return 0;
2925 } 2924 }
2926 2925
2927 static inline int security_socket_connect(struct socket * sock, 2926 static inline int security_socket_connect(struct socket * sock,
2928 struct sockaddr * address, 2927 struct sockaddr * address,
2929 int addrlen) 2928 int addrlen)
2930 { 2929 {
2931 return 0; 2930 return 0;
2932 } 2931 }
2933 2932
2934 static inline int security_socket_listen(struct socket * sock, int backlog) 2933 static inline int security_socket_listen(struct socket * sock, int backlog)
2935 { 2934 {
2936 return 0; 2935 return 0;
2937 } 2936 }
2938 2937
2939 static inline int security_socket_accept(struct socket * sock, 2938 static inline int security_socket_accept(struct socket * sock,
2940 struct socket * newsock) 2939 struct socket * newsock)
2941 { 2940 {
2942 return 0; 2941 return 0;
2943 } 2942 }
2944 2943
2945 static inline void security_socket_post_accept(struct socket * sock, 2944 static inline void security_socket_post_accept(struct socket * sock,
2946 struct socket * newsock) 2945 struct socket * newsock)
2947 { 2946 {
2948 } 2947 }
2949 2948
2950 static inline int security_socket_sendmsg(struct socket * sock, 2949 static inline int security_socket_sendmsg(struct socket * sock,
2951 struct msghdr * msg, int size) 2950 struct msghdr * msg, int size)
2952 { 2951 {
2953 return 0; 2952 return 0;
2954 } 2953 }
2955 2954
2956 static inline int security_socket_recvmsg(struct socket * sock, 2955 static inline int security_socket_recvmsg(struct socket * sock,
2957 struct msghdr * msg, int size, 2956 struct msghdr * msg, int size,
2958 int flags) 2957 int flags)
2959 { 2958 {
2960 return 0; 2959 return 0;
2961 } 2960 }
2962 2961
2963 static inline int security_socket_getsockname(struct socket * sock) 2962 static inline int security_socket_getsockname(struct socket * sock)
2964 { 2963 {
2965 return 0; 2964 return 0;
2966 } 2965 }
2967 2966
2968 static inline int security_socket_getpeername(struct socket * sock) 2967 static inline int security_socket_getpeername(struct socket * sock)
2969 { 2968 {
2970 return 0; 2969 return 0;
2971 } 2970 }
2972 2971
2973 static inline int security_socket_getsockopt(struct socket * sock, 2972 static inline int security_socket_getsockopt(struct socket * sock,
2974 int level, int optname) 2973 int level, int optname)
2975 { 2974 {
2976 return 0; 2975 return 0;
2977 } 2976 }
2978 2977
2979 static inline int security_socket_setsockopt(struct socket * sock, 2978 static inline int security_socket_setsockopt(struct socket * sock,
2980 int level, int optname) 2979 int level, int optname)
2981 { 2980 {
2982 return 0; 2981 return 0;
2983 } 2982 }
2984 2983
2985 static inline int security_socket_shutdown(struct socket * sock, int how) 2984 static inline int security_socket_shutdown(struct socket * sock, int how)
2986 { 2985 {
2987 return 0; 2986 return 0;
2988 } 2987 }
2989 static inline int security_sock_rcv_skb (struct sock * sk, 2988 static inline int security_sock_rcv_skb (struct sock * sk,
2990 struct sk_buff * skb) 2989 struct sk_buff * skb)
2991 { 2990 {
2992 return 0; 2991 return 0;
2993 } 2992 }
2994 2993
2995 static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, 2994 static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
2996 int __user *optlen, unsigned len) 2995 int __user *optlen, unsigned len)
2997 { 2996 {
2998 return -ENOPROTOOPT; 2997 return -ENOPROTOOPT;
2999 } 2998 }
3000 2999
3001 static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) 3000 static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
3002 { 3001 {
3003 return -ENOPROTOOPT; 3002 return -ENOPROTOOPT;
3004 } 3003 }
3005 3004
3006 static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority) 3005 static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
3007 { 3006 {
3008 return 0; 3007 return 0;
3009 } 3008 }
3010 3009
3011 static inline void security_sk_free(struct sock *sk) 3010 static inline void security_sk_free(struct sock *sk)
3012 { 3011 {
3013 } 3012 }
3014 3013
3015 static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir) 3014 static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir)
3016 { 3015 {
3017 return 0; 3016 return 0;
3018 } 3017 }
3019 #endif /* CONFIG_SECURITY_NETWORK */ 3018 #endif /* CONFIG_SECURITY_NETWORK */
3020 3019
3021 #ifdef CONFIG_SECURITY_NETWORK_XFRM 3020 #ifdef CONFIG_SECURITY_NETWORK_XFRM
3022 static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) 3021 static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx)
3023 { 3022 {
3024 return security_ops->xfrm_policy_alloc_security(xp, sec_ctx); 3023 return security_ops->xfrm_policy_alloc_security(xp, sec_ctx);
3025 } 3024 }
3026 3025
3027 static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) 3026 static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
3028 { 3027 {
3029 return security_ops->xfrm_policy_clone_security(old, new); 3028 return security_ops->xfrm_policy_clone_security(old, new);
3030 } 3029 }
3031 3030
3032 static inline void security_xfrm_policy_free(struct xfrm_policy *xp) 3031 static inline void security_xfrm_policy_free(struct xfrm_policy *xp)
3033 { 3032 {
3034 security_ops->xfrm_policy_free_security(xp); 3033 security_ops->xfrm_policy_free_security(xp);
3035 } 3034 }
3036 3035
3037 static inline int security_xfrm_policy_delete(struct xfrm_policy *xp) 3036 static inline int security_xfrm_policy_delete(struct xfrm_policy *xp)
3038 { 3037 {
3039 return security_ops->xfrm_policy_delete_security(xp); 3038 return security_ops->xfrm_policy_delete_security(xp);
3040 } 3039 }
3041 3040
3042 static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) 3041 static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx)
3043 { 3042 {
3044 return security_ops->xfrm_state_alloc_security(x, sec_ctx); 3043 return security_ops->xfrm_state_alloc_security(x, sec_ctx);
3045 } 3044 }
3046 3045
3047 static inline int security_xfrm_state_delete(struct xfrm_state *x) 3046 static inline int security_xfrm_state_delete(struct xfrm_state *x)
3048 { 3047 {
3049 return security_ops->xfrm_state_delete_security(x); 3048 return security_ops->xfrm_state_delete_security(x);
3050 } 3049 }
3051 3050
3052 static inline void security_xfrm_state_free(struct xfrm_state *x) 3051 static inline void security_xfrm_state_free(struct xfrm_state *x)
3053 { 3052 {
3054 security_ops->xfrm_state_free_security(x); 3053 security_ops->xfrm_state_free_security(x);
3055 } 3054 }
3056 3055
3057 static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir) 3056 static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir)
3058 { 3057 {
3059 return security_ops->xfrm_policy_lookup(xp, sk_sid, dir); 3058 return security_ops->xfrm_policy_lookup(xp, sk_sid, dir);
3060 } 3059 }
3061 #else /* CONFIG_SECURITY_NETWORK_XFRM */ 3060 #else /* CONFIG_SECURITY_NETWORK_XFRM */
3062 static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) 3061 static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx)
3063 { 3062 {
3064 return 0; 3063 return 0;
3065 } 3064 }
3066 3065
3067 static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) 3066 static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
3068 { 3067 {
3069 return 0; 3068 return 0;
3070 } 3069 }
3071 3070
3072 static inline void security_xfrm_policy_free(struct xfrm_policy *xp) 3071 static inline void security_xfrm_policy_free(struct xfrm_policy *xp)
3073 { 3072 {
3074 } 3073 }
3075 3074
3076 static inline int security_xfrm_policy_delete(struct xfrm_policy *xp) 3075 static inline int security_xfrm_policy_delete(struct xfrm_policy *xp)
3077 { 3076 {
3078 return 0; 3077 return 0;
3079 } 3078 }
3080 3079
3081 static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) 3080 static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx)
3082 { 3081 {
3083 return 0; 3082 return 0;
3084 } 3083 }
3085 3084
3086 static inline void security_xfrm_state_free(struct xfrm_state *x) 3085 static inline void security_xfrm_state_free(struct xfrm_state *x)
3087 { 3086 {
3088 } 3087 }
3089 3088
3090 static inline int security_xfrm_state_delete(struct xfrm_state *x) 3089 static inline int security_xfrm_state_delete(struct xfrm_state *x)
3091 { 3090 {
3092 return 0; 3091 return 0;
3093 } 3092 }
3094 3093
3095 static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir) 3094 static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir)
3096 { 3095 {
3097 return 0; 3096 return 0;
3098 } 3097 }
3099 #endif /* CONFIG_SECURITY_NETWORK_XFRM */ 3098 #endif /* CONFIG_SECURITY_NETWORK_XFRM */
3100 3099
3101 #ifdef CONFIG_KEYS 3100 #ifdef CONFIG_KEYS
3102 #ifdef CONFIG_SECURITY 3101 #ifdef CONFIG_SECURITY
3103 static inline int security_key_alloc(struct key *key, 3102 static inline int security_key_alloc(struct key *key,
3104 struct task_struct *tsk, 3103 struct task_struct *tsk,
3105 unsigned long flags) 3104 unsigned long flags)
3106 { 3105 {
3107 return security_ops->key_alloc(key, tsk, flags); 3106 return security_ops->key_alloc(key, tsk, flags);
3108 } 3107 }
3109 3108
3110 static inline void security_key_free(struct key *key) 3109 static inline void security_key_free(struct key *key)
3111 { 3110 {
3112 security_ops->key_free(key); 3111 security_ops->key_free(key);
3113 } 3112 }
3114 3113
3115 static inline int security_key_permission(key_ref_t key_ref, 3114 static inline int security_key_permission(key_ref_t key_ref,
3116 struct task_struct *context, 3115 struct task_struct *context,
3117 key_perm_t perm) 3116 key_perm_t perm)
3118 { 3117 {
3119 return security_ops->key_permission(key_ref, context, perm); 3118 return security_ops->key_permission(key_ref, context, perm);
3120 } 3119 }
3121 3120
3122 #else 3121 #else
3123 3122
3124 static inline int security_key_alloc(struct key *key, 3123 static inline int security_key_alloc(struct key *key,
3125 struct task_struct *tsk, 3124 struct task_struct *tsk,
3126 unsigned long flags) 3125 unsigned long flags)
3127 { 3126 {
3128 return 0; 3127 return 0;
3129 } 3128 }
3130 3129
3131 static inline void security_key_free(struct key *key) 3130 static inline void security_key_free(struct key *key)
3132 { 3131 {
3133 } 3132 }
3134 3133
3135 static inline int security_key_permission(key_ref_t key_ref, 3134 static inline int security_key_permission(key_ref_t key_ref,
3136 struct task_struct *context, 3135 struct task_struct *context,
3137 key_perm_t perm) 3136 key_perm_t perm)
3138 { 3137 {
3139 return 0; 3138 return 0;
3140 } 3139 }
3141 3140
3142 #endif 3141 #endif
3143 #endif /* CONFIG_KEYS */ 3142 #endif /* CONFIG_KEYS */
3144 3143
3145 #endif /* ! __LINUX_SECURITY_H */ 3144 #endif /* ! __LINUX_SECURITY_H */
3146 3145
3147 3146