// SPDX-License-Identifier: GPL-2.0-or-later

  /*
   * Security plug functions
   *
   * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
   * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com>
   * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>

   * Copyright (C) 2016 Mellanox Technologies

   */

  #define pr_fmt(fmt) "LSM: " fmt

  #include <linux/bpf.h>

  #include <linux/capability.h>

  #include <linux/dcache.h>

  #include <linux/export.h>

  #include <linux/init.h>
  #include <linux/kernel.h>

  #include <linux/lsm_hooks.h>

  #include <linux/integrity.h>

  #include <linux/ima.h>

  #include <linux/evm.h>

  #include <linux/fsnotify.h>

  #include <linux/mman.h>
  #include <linux/mount.h>
  #include <linux/personality.h>

  #include <linux/backing-dev.h>

  #include <linux/string.h>

  #include <linux/msg.h>

  #include <net/flow.h>

  #define MAX_LSM_EVM_XATTR	2

  /* How many LSMs were built into the kernel? */
  #define LSM_COUNT (__end_lsm_info - __start_lsm_info)

  struct security_hook_heads security_hook_heads __lsm_ro_after_init;

  static BLOCKING_NOTIFIER_HEAD(blocking_lsm_notifier_chain);

  static struct kmem_cache *lsm_file_cache;

  static struct kmem_cache *lsm_inode_cache;

  char *lsm_names;

  static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init;

  /* Boot-time LSM user choice */

  static __initdata const char *chosen_lsm_order;

  static __initdata const char *chosen_major_lsm;

  static __initconst const char * const builtin_lsm_order = CONFIG_LSM;

  /* Ordered list of LSMs to initialize. */
  static __initdata struct lsm_info **ordered_lsms;

  static __initdata struct lsm_info *exclusive;

  static __initdata bool debug;
  #define init_debug(...)						\
  	do {							\
  		if (debug)					\
  			pr_info(__VA_ARGS__);			\
  	} while (0)

  static bool __init is_enabled(struct lsm_info *lsm)
  {

  	if (!lsm->enabled)
  		return false;

  	return *lsm->enabled;

  }
  
  /* Mark an LSM's enabled flag. */
  static int lsm_enabled_true __initdata = 1;
  static int lsm_enabled_false __initdata = 0;
  static void __init set_enabled(struct lsm_info *lsm, bool enabled)
  {
  	/*
  	 * When an LSM hasn't configured an enable variable, we can use
  	 * a hard-coded location for storing the default enabled state.
  	 */
  	if (!lsm->enabled) {
  		if (enabled)
  			lsm->enabled = &lsm_enabled_true;
  		else
  			lsm->enabled = &lsm_enabled_false;
  	} else if (lsm->enabled == &lsm_enabled_true) {
  		if (!enabled)
  			lsm->enabled = &lsm_enabled_false;
  	} else if (lsm->enabled == &lsm_enabled_false) {
  		if (enabled)
  			lsm->enabled = &lsm_enabled_true;
  	} else {
  		*lsm->enabled = enabled;
  	}
  }

  /* Is an LSM already listed in the ordered LSMs list? */
  static bool __init exists_ordered_lsm(struct lsm_info *lsm)
  {
  	struct lsm_info **check;
  
  	for (check = ordered_lsms; *check; check++)
  		if (*check == lsm)
  			return true;
  
  	return false;
  }
  
  /* Append an LSM to the list of ordered LSMs to initialize. */
  static int last_lsm __initdata;
  static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from)
  {
  	/* Ignore duplicate selections. */
  	if (exists_ordered_lsm(lsm))
  		return;
  
  	if (WARN(last_lsm == LSM_COUNT, "%s: out of LSM slots!?
  ", from))
  		return;

  	/* Enable this LSM, if it is not already set. */
  	if (!lsm->enabled)
  		lsm->enabled = &lsm_enabled_true;

  	ordered_lsms[last_lsm++] = lsm;

  	init_debug("%s ordering: %s (%sabled)
  ", from, lsm->name,
  		   is_enabled(lsm) ? "en" : "dis");
  }

  /* Is an LSM allowed to be initialized? */
  static bool __init lsm_allowed(struct lsm_info *lsm)
  {
  	/* Skip if the LSM is disabled. */
  	if (!is_enabled(lsm))
  		return false;

  	/* Not allowed if another exclusive LSM already initialized. */
  	if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) {
  		init_debug("exclusive disabled: %s
  ", lsm->name);
  		return false;
  	}

  	return true;
  }

  static void __init lsm_set_blob_size(int *need, int *lbs)
  {
  	int offset;
  
  	if (*need > 0) {
  		offset = *lbs;
  		*lbs += *need;
  		*need = offset;
  	}
  }
  
  static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed)
  {
  	if (!needed)
  		return;
  
  	lsm_set_blob_size(&needed->lbs_cred, &blob_sizes.lbs_cred);

  	lsm_set_blob_size(&needed->lbs_file, &blob_sizes.lbs_file);

  	/*
  	 * The inode blob gets an rcu_head in addition to
  	 * what the modules might need.
  	 */
  	if (needed->lbs_inode && blob_sizes.lbs_inode == 0)
  		blob_sizes.lbs_inode = sizeof(struct rcu_head);
  	lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode);

  	lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc);
  	lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg);

  	lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task);

  }

  /* Prepare LSM for initialization. */
  static void __init prepare_lsm(struct lsm_info *lsm)

  {
  	int enabled = lsm_allowed(lsm);
  
  	/* Record enablement (to handle any following exclusive LSMs). */
  	set_enabled(lsm, enabled);

  	/* If enabled, do pre-initialization work. */

  	if (enabled) {

  		if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) {
  			exclusive = lsm;
  			init_debug("exclusive chosen: %s
  ", lsm->name);
  		}

  
  		lsm_set_blob_sizes(lsm->blobs);

  	}
  }
  
  /* Initialize a given LSM, if it is enabled. */
  static void __init initialize_lsm(struct lsm_info *lsm)
  {
  	if (is_enabled(lsm)) {
  		int ret;

  		init_debug("initializing %s
  ", lsm->name);
  		ret = lsm->init();
  		WARN(ret, "%s failed to initialize: %d
  ", lsm->name, ret);
  	}
  }

  /* Populate ordered LSMs list from comma-separated LSM name list. */

  static void __init ordered_lsm_parse(const char *order, const char *origin)

  {
  	struct lsm_info *lsm;

  	char *sep, *name, *next;

  	/* LSM_ORDER_FIRST is always first. */
  	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
  		if (lsm->order == LSM_ORDER_FIRST)
  			append_ordered_lsm(lsm, "first");
  	}

  	/* Process "security=", if given. */

  	if (chosen_major_lsm) {
  		struct lsm_info *major;
  
  		/*
  		 * To match the original "security=" behavior, this
  		 * explicitly does NOT fallback to another Legacy Major
  		 * if the selected one was separately disabled: disable
  		 * all non-matching Legacy Major LSMs.
  		 */
  		for (major = __start_lsm_info; major < __end_lsm_info;
  		     major++) {
  			if ((major->flags & LSM_FLAG_LEGACY_MAJOR) &&
  			    strcmp(major->name, chosen_major_lsm) != 0) {
  				set_enabled(major, false);
  				init_debug("security=%s disabled: %s
  ",
  					   chosen_major_lsm, major->name);
  			}
  		}
  	}

  	sep = kstrdup(order, GFP_KERNEL);
  	next = sep;
  	/* Walk the list, looking for matching LSMs. */
  	while ((name = strsep(&next, ",")) != NULL) {
  		bool found = false;
  
  		for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {

  			if (lsm->order == LSM_ORDER_MUTABLE &&
  			    strcmp(lsm->name, name) == 0) {

  				append_ordered_lsm(lsm, origin);
  				found = true;
  			}
  		}
  
  		if (!found)
  			init_debug("%s ignored: %s
  ", origin, name);

  	}

  
  	/* Process "security=", if given. */
  	if (chosen_major_lsm) {
  		for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
  			if (exists_ordered_lsm(lsm))
  				continue;
  			if (strcmp(lsm->name, chosen_major_lsm) == 0)
  				append_ordered_lsm(lsm, "security=");
  		}
  	}
  
  	/* Disable all LSMs not in the ordered list. */
  	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
  		if (exists_ordered_lsm(lsm))
  			continue;
  		set_enabled(lsm, false);
  		init_debug("%s disabled: %s
  ", origin, lsm->name);
  	}

  	kfree(sep);

  }

  static void __init lsm_early_cred(struct cred *cred);
  static void __init lsm_early_task(struct task_struct *task);

  static void __init ordered_lsm_init(void)
  {
  	struct lsm_info **lsm;
  
  	ordered_lsms = kcalloc(LSM_COUNT + 1, sizeof(*ordered_lsms),
  				GFP_KERNEL);

  	if (chosen_lsm_order) {
  		if (chosen_major_lsm) {
  			pr_info("security= is ignored because it is superseded by lsm=
  ");
  			chosen_major_lsm = NULL;
  		}

  		ordered_lsm_parse(chosen_lsm_order, "cmdline");

  	} else

  		ordered_lsm_parse(builtin_lsm_order, "builtin");

  
  	for (lsm = ordered_lsms; *lsm; lsm++)

  		prepare_lsm(*lsm);

  	init_debug("cred blob size     = %d
  ", blob_sizes.lbs_cred);

  	init_debug("file blob size     = %d
  ", blob_sizes.lbs_file);

  	init_debug("inode blob size    = %d
  ", blob_sizes.lbs_inode);

  	init_debug("ipc blob size      = %d
  ", blob_sizes.lbs_ipc);
  	init_debug("msg_msg blob size  = %d
  ", blob_sizes.lbs_msg_msg);

  	init_debug("task blob size     = %d
  ", blob_sizes.lbs_task);

  
  	/*
  	 * Create any kmem_caches needed for blobs
  	 */
  	if (blob_sizes.lbs_file)
  		lsm_file_cache = kmem_cache_create("lsm_file_cache",
  						   blob_sizes.lbs_file, 0,
  						   SLAB_PANIC, NULL);

  	if (blob_sizes.lbs_inode)
  		lsm_inode_cache = kmem_cache_create("lsm_inode_cache",
  						    blob_sizes.lbs_inode, 0,
  						    SLAB_PANIC, NULL);

  	lsm_early_cred((struct cred *) current->cred);
  	lsm_early_task(current);

  	for (lsm = ordered_lsms; *lsm; lsm++)
  		initialize_lsm(*lsm);

  
  	kfree(ordered_lsms);
  }

  /**
   * security_init - initializes the security framework
   *
   * This should be called early in the kernel initialization sequence.
   */
  int __init security_init(void)
  {

  	int i;

  	struct hlist_head *list = (struct hlist_head *) &security_hook_heads;

  	pr_info("Security Framework initializing
  ");

  	for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct hlist_head);

  	     i++)

  		INIT_HLIST_HEAD(&list[i]);

  	/* Load LSMs in specified order. */
  	ordered_lsm_init();

  	return 0;
  }

  /* Save user chosen LSM */

  static int __init choose_major_lsm(char *str)

  {

  	chosen_major_lsm = str;

  	return 1;
  }

  __setup("security=", choose_major_lsm);

  /* Explicitly choose LSM initialization order. */
  static int __init choose_lsm_order(char *str)
  {
  	chosen_lsm_order = str;
  	return 1;
  }
  __setup("lsm=", choose_lsm_order);

  /* Enable LSM order debugging. */
  static int __init enable_debug(char *str)
  {
  	debug = true;
  	return 1;
  }
  __setup("lsm.debug", enable_debug);

  static bool match_last_lsm(const char *list, const char *lsm)
  {
  	const char *last;
  
  	if (WARN_ON(!list || !lsm))
  		return false;
  	last = strrchr(list, ',');
  	if (last)
  		/* Pass the comma, strcmp() will check for '\0' */
  		last++;
  	else
  		last = list;
  	return !strcmp(last, lsm);
  }

  static int lsm_append(char *new, char **result)
  {
  	char *cp;
  
  	if (*result == NULL) {
  		*result = kstrdup(new, GFP_KERNEL);

  		if (*result == NULL)
  			return -ENOMEM;

  	} else {

  		/* Check if it is the last registered name */
  		if (match_last_lsm(*result, new))
  			return 0;

  		cp = kasprintf(GFP_KERNEL, "%s,%s", *result, new);
  		if (cp == NULL)
  			return -ENOMEM;
  		kfree(*result);
  		*result = cp;
  	}
  	return 0;
  }

  /**

   * security_add_hooks - Add a modules hooks to the hook lists.
   * @hooks: the hooks to add
   * @count: the number of hooks to add
   * @lsm: the name of the security module
   *
   * Each LSM has to register its hooks with the infrastructure.
   */
  void __init security_add_hooks(struct security_hook_list *hooks, int count,
  				char *lsm)
  {
  	int i;
  
  	for (i = 0; i < count; i++) {
  		hooks[i].lsm = lsm;

  		hlist_add_tail_rcu(&hooks[i].list, hooks[i].head);

  	}
  	if (lsm_append(lsm, &lsm_names) < 0)
  		panic("%s - Cannot get early memory.
  ", __func__);
  }

  int call_blocking_lsm_notifier(enum lsm_event event, void *data)

  {

  	return blocking_notifier_call_chain(&blocking_lsm_notifier_chain,
  					    event, data);

  }

  EXPORT_SYMBOL(call_blocking_lsm_notifier);

  int register_blocking_lsm_notifier(struct notifier_block *nb)

  {

  	return blocking_notifier_chain_register(&blocking_lsm_notifier_chain,
  						nb);

  }

  EXPORT_SYMBOL(register_blocking_lsm_notifier);

  int unregister_blocking_lsm_notifier(struct notifier_block *nb)

  {

  	return blocking_notifier_chain_unregister(&blocking_lsm_notifier_chain,
  						  nb);

  }

  EXPORT_SYMBOL(unregister_blocking_lsm_notifier);

  /**
   * lsm_cred_alloc - allocate a composite cred blob
   * @cred: the cred that needs a blob
   * @gfp: allocation type
   *
   * Allocate the cred blob for all the modules
   *
   * Returns 0, or -ENOMEM if memory can't be allocated.
   */
  static int lsm_cred_alloc(struct cred *cred, gfp_t gfp)
  {
  	if (blob_sizes.lbs_cred == 0) {
  		cred->security = NULL;
  		return 0;
  	}
  
  	cred->security = kzalloc(blob_sizes.lbs_cred, gfp);
  	if (cred->security == NULL)
  		return -ENOMEM;
  	return 0;
  }
  
  /**
   * lsm_early_cred - during initialization allocate a composite cred blob
   * @cred: the cred that needs a blob
   *

   * Allocate the cred blob for all the modules

   */

  static void __init lsm_early_cred(struct cred *cred)

  {

  	int rc = lsm_cred_alloc(cred, GFP_KERNEL);

  	if (rc)
  		panic("%s: Early cred alloc failed.
  ", __func__);
  }

  /**
   * lsm_file_alloc - allocate a composite file blob
   * @file: the file that needs a blob
   *
   * Allocate the file blob for all the modules
   *
   * Returns 0, or -ENOMEM if memory can't be allocated.
   */
  static int lsm_file_alloc(struct file *file)
  {
  	if (!lsm_file_cache) {
  		file->f_security = NULL;
  		return 0;
  	}
  
  	file->f_security = kmem_cache_zalloc(lsm_file_cache, GFP_KERNEL);
  	if (file->f_security == NULL)
  		return -ENOMEM;
  	return 0;
  }

  /**
   * lsm_inode_alloc - allocate a composite inode blob
   * @inode: the inode that needs a blob
   *
   * Allocate the inode blob for all the modules
   *
   * Returns 0, or -ENOMEM if memory can't be allocated.
   */
  int lsm_inode_alloc(struct inode *inode)
  {
  	if (!lsm_inode_cache) {
  		inode->i_security = NULL;
  		return 0;
  	}
  
  	inode->i_security = kmem_cache_zalloc(lsm_inode_cache, GFP_NOFS);
  	if (inode->i_security == NULL)
  		return -ENOMEM;
  	return 0;
  }

  /**
   * lsm_task_alloc - allocate a composite task blob
   * @task: the task that needs a blob
   *
   * Allocate the task blob for all the modules
   *
   * Returns 0, or -ENOMEM if memory can't be allocated.
   */

  static int lsm_task_alloc(struct task_struct *task)

  {
  	if (blob_sizes.lbs_task == 0) {
  		task->security = NULL;
  		return 0;
  	}
  
  	task->security = kzalloc(blob_sizes.lbs_task, GFP_KERNEL);
  	if (task->security == NULL)
  		return -ENOMEM;
  	return 0;
  }
  
  /**

   * lsm_ipc_alloc - allocate a composite ipc blob
   * @kip: the ipc that needs a blob
   *
   * Allocate the ipc blob for all the modules
   *
   * Returns 0, or -ENOMEM if memory can't be allocated.
   */

  static int lsm_ipc_alloc(struct kern_ipc_perm *kip)

  {
  	if (blob_sizes.lbs_ipc == 0) {
  		kip->security = NULL;
  		return 0;
  	}
  
  	kip->security = kzalloc(blob_sizes.lbs_ipc, GFP_KERNEL);
  	if (kip->security == NULL)
  		return -ENOMEM;
  	return 0;
  }
  
  /**
   * lsm_msg_msg_alloc - allocate a composite msg_msg blob
   * @mp: the msg_msg that needs a blob
   *
   * Allocate the ipc blob for all the modules
   *
   * Returns 0, or -ENOMEM if memory can't be allocated.
   */

  static int lsm_msg_msg_alloc(struct msg_msg *mp)

  {
  	if (blob_sizes.lbs_msg_msg == 0) {
  		mp->security = NULL;
  		return 0;
  	}
  
  	mp->security = kzalloc(blob_sizes.lbs_msg_msg, GFP_KERNEL);
  	if (mp->security == NULL)
  		return -ENOMEM;
  	return 0;
  }
  
  /**

   * lsm_early_task - during initialization allocate a composite task blob
   * @task: the task that needs a blob
   *

   * Allocate the task blob for all the modules

   */

  static void __init lsm_early_task(struct task_struct *task)

  {

  	int rc = lsm_task_alloc(task);

  	if (rc)
  		panic("%s: Early task alloc failed.
  ", __func__);
  }

  /*

   * Hook list operation macros.

   *

   * call_void_hook:
   *	This is a hook that does not return a value.

   *

   * call_int_hook:
   *	This is a hook that returns a value.

   */

  #define call_void_hook(FUNC, ...)				\
  	do {							\
  		struct security_hook_list *P;			\
  								\

  		hlist_for_each_entry(P, &security_hook_heads.FUNC, list) \

  			P->hook.FUNC(__VA_ARGS__);		\
  	} while (0)
  
  #define call_int_hook(FUNC, IRC, ...) ({			\
  	int RC = IRC;						\
  	do {							\
  		struct security_hook_list *P;			\
  								\

  		hlist_for_each_entry(P, &security_hook_heads.FUNC, list) { \

  			RC = P->hook.FUNC(__VA_ARGS__);		\
  			if (RC != 0)				\
  				break;				\
  		}						\
  	} while (0);						\
  	RC;							\
  })

  /* Security operations */

  int security_binder_set_context_mgr(struct task_struct *mgr)
  {

  	return call_int_hook(binder_set_context_mgr, 0, mgr);

  }
  
  int security_binder_transaction(struct task_struct *from,
  				struct task_struct *to)
  {

  	return call_int_hook(binder_transaction, 0, from, to);

  }
  
  int security_binder_transfer_binder(struct task_struct *from,
  				    struct task_struct *to)
  {

  	return call_int_hook(binder_transfer_binder, 0, from, to);

  }
  
  int security_binder_transfer_file(struct task_struct *from,
  				  struct task_struct *to, struct file *file)
  {

  	return call_int_hook(binder_transfer_file, 0, from, to, file);

  }

  int security_ptrace_access_check(struct task_struct *child, unsigned int mode)

  {

  	return call_int_hook(ptrace_access_check, 0, child, mode);

  }
  
  int security_ptrace_traceme(struct task_struct *parent)
  {

  	return call_int_hook(ptrace_traceme, 0, parent);

  }
  
  int security_capget(struct task_struct *target,
  		     kernel_cap_t *effective,
  		     kernel_cap_t *inheritable,
  		     kernel_cap_t *permitted)
  {

  	return call_int_hook(capget, 0, target,
  				effective, inheritable, permitted);

  }

  int security_capset(struct cred *new, const struct cred *old,
  		    const kernel_cap_t *effective,
  		    const kernel_cap_t *inheritable,
  		    const kernel_cap_t *permitted)

  {

  	return call_int_hook(capset, 0, new, old,
  				effective, inheritable, permitted);

  }

  int security_capable(const struct cred *cred,
  		     struct user_namespace *ns,
  		     int cap,
  		     unsigned int opts)

  {

  	return call_int_hook(capable, 0, cred, ns, cap, opts);

  }

  int security_quotactl(int cmds, int type, int id, struct super_block *sb)
  {

  	return call_int_hook(quotactl, 0, cmds, type, id, sb);

  }
  
  int security_quota_on(struct dentry *dentry)
  {

  	return call_int_hook(quota_on, 0, dentry);

  }

  int security_syslog(int type)

  {

  	return call_int_hook(syslog, 0, type);

  }

  int security_settime64(const struct timespec64 *ts, const struct timezone *tz)

  {

  	return call_int_hook(settime, 0, ts, tz);

  }

  int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
  {

  	struct security_hook_list *hp;
  	int cap_sys_admin = 1;
  	int rc;
  
  	/*
  	 * The module will respond with a positive value if
  	 * it thinks the __vm_enough_memory() call should be
  	 * made with the cap_sys_admin set. If all of the modules
  	 * agree that it should be set it will. If any module
  	 * thinks it should not be set it won't.
  	 */

  	hlist_for_each_entry(hp, &security_hook_heads.vm_enough_memory, list) {

  		rc = hp->hook.vm_enough_memory(mm, pages);
  		if (rc <= 0) {
  			cap_sys_admin = 0;
  			break;
  		}
  	}
  	return __vm_enough_memory(mm, pages, cap_sys_admin);

  }

  int security_bprm_set_creds(struct linux_binprm *bprm)

  {

  	return call_int_hook(bprm_set_creds, 0, bprm);

  }

  int security_bprm_check(struct linux_binprm *bprm)

  {

  	int ret;

  	ret = call_int_hook(bprm_check_security, 0, bprm);

  	if (ret)
  		return ret;
  	return ima_bprm_check(bprm);

  }

  void security_bprm_committing_creds(struct linux_binprm *bprm)

  {

  	call_void_hook(bprm_committing_creds, bprm);

  }

  void security_bprm_committed_creds(struct linux_binprm *bprm)

  {

  	call_void_hook(bprm_committed_creds, bprm);

  }

  int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc)
  {
  	return call_int_hook(fs_context_dup, 0, fc, src_fc);
  }

  int security_fs_context_parse_param(struct fs_context *fc, struct fs_parameter *param)
  {
  	return call_int_hook(fs_context_parse_param, -ENOPARAM, fc, param);
  }

  int security_sb_alloc(struct super_block *sb)
  {

  	return call_int_hook(sb_alloc_security, 0, sb);

  }
  
  void security_sb_free(struct super_block *sb)
  {

  	call_void_hook(sb_free_security, sb);

  }

  void security_free_mnt_opts(void **mnt_opts)

  {

  	if (!*mnt_opts)
  		return;
  	call_void_hook(sb_free_mnt_opts, *mnt_opts);
  	*mnt_opts = NULL;

  }

  EXPORT_SYMBOL(security_free_mnt_opts);

  int security_sb_eat_lsm_opts(char *options, void **mnt_opts)

  {

  	return call_int_hook(sb_eat_lsm_opts, 0, options, mnt_opts);

  }

  EXPORT_SYMBOL(security_sb_eat_lsm_opts);

  int security_sb_remount(struct super_block *sb,

  			void *mnt_opts)

  {

  	return call_int_hook(sb_remount, 0, sb, mnt_opts);

  }

  EXPORT_SYMBOL(security_sb_remount);

  int security_sb_kern_mount(struct super_block *sb)

  {

  	return call_int_hook(sb_kern_mount, 0, sb);

  }

  int security_sb_show_options(struct seq_file *m, struct super_block *sb)
  {

  	return call_int_hook(sb_show_options, 0, m, sb);

  }

  int security_sb_statfs(struct dentry *dentry)
  {

  	return call_int_hook(sb_statfs, 0, dentry);

  }

  int security_sb_mount(const char *dev_name, const struct path *path,

                         const char *type, unsigned long flags, void *data)

  {

  	return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data);

  }

  int security_sb_umount(struct vfsmount *mnt, int flags)
  {

  	return call_int_hook(sb_umount, 0, mnt, flags);

  }

  int security_sb_pivotroot(const struct path *old_path, const struct path *new_path)

  {

  	return call_int_hook(sb_pivotroot, 0, old_path, new_path);

  }

  int security_sb_set_mnt_opts(struct super_block *sb,

  				void *mnt_opts,

  				unsigned long kern_flags,
  				unsigned long *set_kern_flags)

  {

  	return call_int_hook(sb_set_mnt_opts,

  				mnt_opts ? -EOPNOTSUPP : 0, sb,
  				mnt_opts, kern_flags, set_kern_flags);

  }

  EXPORT_SYMBOL(security_sb_set_mnt_opts);

  int security_sb_clone_mnt_opts(const struct super_block *oldsb,

  				struct super_block *newsb,
  				unsigned long kern_flags,
  				unsigned long *set_kern_flags)

  {

  	return call_int_hook(sb_clone_mnt_opts, 0, oldsb, newsb,
  				kern_flags, set_kern_flags);

  }

  EXPORT_SYMBOL(security_sb_clone_mnt_opts);

  int security_add_mnt_opt(const char *option, const char *val, int len,
  			 void **mnt_opts)

  {

  	return call_int_hook(sb_add_mnt_opt, -EINVAL,
  					option, val, len, mnt_opts);

  }

  EXPORT_SYMBOL(security_add_mnt_opt);

  int security_move_mount(const struct path *from_path, const struct path *to_path)
  {
  	return call_int_hook(move_mount, 0, from_path, to_path);
  }

  int security_inode_alloc(struct inode *inode)
  {

  	int rc = lsm_inode_alloc(inode);
  
  	if (unlikely(rc))
  		return rc;
  	rc = call_int_hook(inode_alloc_security, 0, inode);
  	if (unlikely(rc))
  		security_inode_free(inode);
  	return rc;
  }
  
  static void inode_free_by_rcu(struct rcu_head *head)
  {
  	/*
  	 * The rcu head is at the start of the inode blob
  	 */
  	kmem_cache_free(lsm_inode_cache, head);

  }
  
  void security_inode_free(struct inode *inode)
  {

  	integrity_inode_free(inode);

  	call_void_hook(inode_free_security, inode);

  	/*
  	 * The inode may still be referenced in a path walk and
  	 * a call to security_inode_permission() can be made
  	 * after inode_free_security() is called. Ideally, the VFS
  	 * wouldn't do this, but fixing that is a much harder
  	 * job. For now, simply free the i_security via RCU, and
  	 * leave the current inode->i_security pointer intact.
  	 * The inode will be freed after the RCU grace period too.
  	 */
  	if (inode->i_security)
  		call_rcu((struct rcu_head *)inode->i_security,
  				inode_free_by_rcu);

  }

  int security_dentry_init_security(struct dentry *dentry, int mode,

  					const struct qstr *name, void **ctx,

  					u32 *ctxlen)
  {

  	return call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode,
  				name, ctx, ctxlen);

  }
  EXPORT_SYMBOL(security_dentry_init_security);

  int security_dentry_create_files_as(struct dentry *dentry, int mode,
  				    struct qstr *name,
  				    const struct cred *old, struct cred *new)
  {
  	return call_int_hook(dentry_create_files_as, 0, dentry, mode,
  				name, old, new);
  }
  EXPORT_SYMBOL(security_dentry_create_files_as);

  int security_inode_init_security(struct inode *inode, struct inode *dir,

  				 const struct qstr *qstr,
  				 const initxattrs initxattrs, void *fs_data)

  {

  	struct xattr new_xattrs[MAX_LSM_EVM_XATTR + 1];
  	struct xattr *lsm_xattr, *evm_xattr, *xattr;

  	int ret;

  	if (unlikely(IS_PRIVATE(inode)))

  		return 0;

  	if (!initxattrs)

  		return call_int_hook(inode_init_security, -EOPNOTSUPP, inode,
  				     dir, qstr, NULL, NULL, NULL);

  	memset(new_xattrs, 0, sizeof(new_xattrs));

  	lsm_xattr = new_xattrs;

  	ret = call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr,

  						&lsm_xattr->name,
  						&lsm_xattr->value,
  						&lsm_xattr->value_len);
  	if (ret)
  		goto out;

  
  	evm_xattr = lsm_xattr + 1;
  	ret = evm_inode_init_security(inode, lsm_xattr, evm_xattr);
  	if (ret)
  		goto out;

  	ret = initxattrs(inode, new_xattrs, fs_data);
  out:

  	for (xattr = new_xattrs; xattr->value != NULL; xattr++)

  		kfree(xattr->value);

  	return (ret == -EOPNOTSUPP) ? 0 : ret;
  }
  EXPORT_SYMBOL(security_inode_init_security);
  
  int security_old_inode_init_security(struct inode *inode, struct inode *dir,

  				     const struct qstr *qstr, const char **name,

  				     void **value, size_t *len)

  {
  	if (unlikely(IS_PRIVATE(inode)))

  		return -EOPNOTSUPP;

  	return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir,
  			     qstr, name, value, len);

  }

  EXPORT_SYMBOL(security_old_inode_init_security);

  #ifdef CONFIG_SECURITY_PATH

  int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode,

  			unsigned int dev)
  {

  	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))

  		return 0;

  	return call_int_hook(path_mknod, 0, dir, dentry, mode, dev);

  }
  EXPORT_SYMBOL(security_path_mknod);

  int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode)

  {

  	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))

  		return 0;

  	return call_int_hook(path_mkdir, 0, dir, dentry, mode);

  }

  EXPORT_SYMBOL(security_path_mkdir);

  int security_path_rmdir(const struct path *dir, struct dentry *dentry)

  {

  	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))

  		return 0;

  	return call_int_hook(path_rmdir, 0, dir, dentry);

  }

  int security_path_unlink(const struct path *dir, struct dentry *dentry)

  {

  	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))

  		return 0;

  	return call_int_hook(path_unlink, 0, dir, dentry);

  }

  EXPORT_SYMBOL(security_path_unlink);

  int security_path_symlink(const struct path *dir, struct dentry *dentry,

  			  const char *old_name)
  {

  	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))

  		return 0;

  	return call_int_hook(path_symlink, 0, dir, dentry, old_name);

  }

  int security_path_link(struct dentry *old_dentry, const struct path *new_dir,

  		       struct dentry *new_dentry)
  {

  	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry))))

  		return 0;

  	return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry);

  }

  int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
  			 const struct path *new_dir, struct dentry *new_dentry,

  			 unsigned int flags)

  {

  	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) ||
  		     (d_is_positive(new_dentry) && IS_PRIVATE(d_backing_inode(new_dentry)))))

  		return 0;

  
  	if (flags & RENAME_EXCHANGE) {

  		int err = call_int_hook(path_rename, 0, new_dir, new_dentry,
  					old_dir, old_dentry);

  		if (err)
  			return err;
  	}

  	return call_int_hook(path_rename, 0, old_dir, old_dentry, new_dir,
  				new_dentry);

  }

  EXPORT_SYMBOL(security_path_rename);

  int security_path_truncate(const struct path *path)

  {

  	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))

  		return 0;

  	return call_int_hook(path_truncate, 0, path);

  }

  int security_path_chmod(const struct path *path, umode_t mode)

  {

  	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))

  		return 0;

  	return call_int_hook(path_chmod, 0, path, mode);

  }

  int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)

  {

  	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))

  		return 0;

  	return call_int_hook(path_chown, 0, path, uid, gid);

  }

  int security_path_chroot(const struct path *path)

  {

  	return call_int_hook(path_chroot, 0, path);

  }

  #endif

  int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)

  {
  	if (unlikely(IS_PRIVATE(dir)))
  		return 0;

  	return call_int_hook(inode_create, 0, dir, dentry, mode);

  }

  EXPORT_SYMBOL_GPL(security_inode_create);

  
  int security_inode_link(struct dentry *old_dentry, struct inode *dir,
  			 struct dentry *new_dentry)
  {

  	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry))))

  		return 0;

  	return call_int_hook(inode_link, 0, old_dentry, dir, new_dentry);

  }
  
  int security_inode_unlink(struct inode *dir, struct dentry *dentry)
  {

  	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))

  		return 0;

  	return call_int_hook(inode_unlink, 0, dir, dentry);

  }
  
  int security_inode_symlink(struct inode *dir, struct dentry *dentry,
  			    const char *old_name)
  {
  	if (unlikely(IS_PRIVATE(dir)))
  		return 0;

  	return call_int_hook(inode_symlink, 0, dir, dentry, old_name);

  }

  int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)

  {
  	if (unlikely(IS_PRIVATE(dir)))
  		return 0;

  	return call_int_hook(inode_mkdir, 0, dir, dentry, mode);

  }

  EXPORT_SYMBOL_GPL(security_inode_mkdir);

  
  int security_inode_rmdir(struct inode *dir, struct dentry *dentry)
  {

  	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))

  		return 0;

  	return call_int_hook(inode_rmdir, 0, dir, dentry);

  }

  int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)

  {
  	if (unlikely(IS_PRIVATE(dir)))
  		return 0;

  	return call_int_hook(inode_mknod, 0, dir, dentry, mode, dev);

  }
  
  int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,

  			   struct inode *new_dir, struct dentry *new_dentry,
  			   unsigned int flags)

  {

          if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) ||
              (d_is_positive(new_dentry) && IS_PRIVATE(d_backing_inode(new_dentry)))))

  		return 0;

  
  	if (flags & RENAME_EXCHANGE) {

  		int err = call_int_hook(inode_rename, 0, new_dir, new_dentry,

  						     old_dir, old_dentry);
  		if (err)
  			return err;
  	}

  	return call_int_hook(inode_rename, 0, old_dir, old_dentry,

  					   new_dir, new_dentry);
  }
  
  int security_inode_readlink(struct dentry *dentry)
  {

  	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))

  		return 0;

  	return call_int_hook(inode_readlink, 0, dentry);

  }

  int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
  			       bool rcu)

  {

  	if (unlikely(IS_PRIVATE(inode)))

  		return 0;

  	return call_int_hook(inode_follow_link, 0, dentry, inode, rcu);

  }

  int security_inode_permission(struct inode *inode, int mask)

  {
  	if (unlikely(IS_PRIVATE(inode)))
  		return 0;

  	return call_int_hook(inode_permission, 0, inode, mask);

  }
  
  int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
  {

  	int ret;

  	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))

  		return 0;

  	ret = call_int_hook(inode_setattr, 0, dentry, attr);

  	if (ret)
  		return ret;
  	return evm_inode_setattr(dentry, attr);

  }

  EXPORT_SYMBOL_GPL(security_inode_setattr);

  int security_inode_getattr(const struct path *path)

  {

  	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))

  		return 0;

  	return call_int_hook(inode_getattr, 0, path);

  }

  int security_inode_setxattr(struct dentry *dentry, const char *name,
  			    const void *value, size_t size, int flags)

  {

  	int ret;

  	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))

  		return 0;

  	/*
  	 * SELinux and Smack integrate the cap call,
  	 * so assume that all LSMs supplying this call do so.
  	 */
  	ret = call_int_hook(inode_setxattr, 1, dentry, name, value, size,

  				flags);

  
  	if (ret == 1)
  		ret = cap_inode_setxattr(dentry, name, value, size, flags);

  	if (ret)
  		return ret;

  	ret = ima_inode_setxattr(dentry, name, value, size);
  	if (ret)
  		return ret;

  	return evm_inode_setxattr(dentry, name, value, size);

  }

  void security_inode_post_setxattr(struct dentry *dentry, const char *name,
  				  const void *value, size_t size, int flags)

  {

  	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))

  		return;

  	call_void_hook(inode_post_setxattr, dentry, name, value, size, flags);

  	evm_inode_post_setxattr(dentry, name, value, size);

  }

  int security_inode_getxattr(struct dentry *dentry, const char *name)

  {

  	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))

  		return 0;

  	return call_int_hook(inode_getxattr, 0, dentry, name);

  }
  
  int security_inode_listxattr(struct dentry *dentry)
  {

  	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))

  		return 0;

  	return call_int_hook(inode_listxattr, 0, dentry);

  }

  int security_inode_removexattr(struct dentry *dentry, const char *name)

  {

  	int ret;

  	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))

  		return 0;

  	/*
  	 * SELinux and Smack integrate the cap call,
  	 * so assume that all LSMs supplying this call do so.
  	 */
  	ret = call_int_hook(inode_removexattr, 1, dentry, name);
  	if (ret == 1)
  		ret = cap_inode_removexattr(dentry, name);

  	if (ret)
  		return ret;

  	ret = ima_inode_removexattr(dentry, name);
  	if (ret)
  		return ret;

  	return evm_inode_removexattr(dentry, name);

  }

  int security_inode_need_killpriv(struct dentry *dentry)
  {

  	return call_int_hook(inode_need_killpriv, 0, dentry);

  }
  
  int security_inode_killpriv(struct dentry *dentry)
  {

  	return call_int_hook(inode_killpriv, 0, dentry);

  }

  int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)

  {

  	struct security_hook_list *hp;
  	int rc;

  	if (unlikely(IS_PRIVATE(inode)))

  		return -EOPNOTSUPP;

  	/*
  	 * Only one module will provide an attribute with a given name.
  	 */

  	hlist_for_each_entry(hp, &security_hook_heads.inode_getsecurity, list) {

  		rc = hp->hook.inode_getsecurity(inode, name, buffer, alloc);
  		if (rc != -EOPNOTSUPP)
  			return rc;
  	}
  	return -EOPNOTSUPP;

  }
  
  int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
  {

  	struct security_hook_list *hp;
  	int rc;

  	if (unlikely(IS_PRIVATE(inode)))

  		return -EOPNOTSUPP;

  	/*
  	 * Only one module will provide an attribute with a given name.
  	 */

  	hlist_for_each_entry(hp, &security_hook_heads.inode_setsecurity, list) {

  		rc = hp->hook.inode_setsecurity(inode, name, value, size,
  								flags);
  		if (rc != -EOPNOTSUPP)
  			return rc;
  	}
  	return -EOPNOTSUPP;

  }
  
  int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
  {
  	if (unlikely(IS_PRIVATE(inode)))
  		return 0;

  	return call_int_hook(inode_listsecurity, 0, inode, buffer, buffer_size);

  }

  EXPORT_SYMBOL(security_inode_listsecurity);

  void security_inode_getsecid(struct inode *inode, u32 *secid)

  {

  	call_void_hook(inode_getsecid, inode, secid);

  }

  int security_inode_copy_up(struct dentry *src, struct cred **new)
  {
  	return call_int_hook(inode_copy_up, 0, src, new);
  }
  EXPORT_SYMBOL(security_inode_copy_up);

  int security_inode_copy_up_xattr(const char *name)
  {
  	return call_int_hook(inode_copy_up_xattr, -EOPNOTSUPP, name);
  }
  EXPORT_SYMBOL(security_inode_copy_up_xattr);

  int security_kernfs_init_security(struct kernfs_node *kn_dir,
  				  struct kernfs_node *kn)
  {
  	return call_int_hook(kernfs_init_security, 0, kn_dir, kn);
  }

  int security_file_permission(struct file *file, int mask)
  {

  	int ret;

  	ret = call_int_hook(file_permission, 0, file, mask);

  	if (ret)
  		return ret;
  
  	return fsnotify_perm(file, mask);

  }
  
  int security_file_alloc(struct file *file)
  {

  	int rc = lsm_file_alloc(file);
  
  	if (rc)
  		return rc;
  	rc = call_int_hook(file_alloc_security, 0, file);
  	if (unlikely(rc))
  		security_file_free(file);
  	return rc;

  }
  
  void security_file_free(struct file *file)
  {

  	void *blob;

  	call_void_hook(file_free_security, file);

  
  	blob = file->f_security;
  	if (blob) {
  		file->f_security = NULL;
  		kmem_cache_free(lsm_file_cache, blob);
  	}

  }
  
  int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
  {

  	return call_int_hook(file_ioctl, 0, file, cmd, arg);

  }

  static inline unsigned long mmap_prot(struct file *file, unsigned long prot)

  {

  	/*

  	 * Does we have PROT_READ and does the application expect
  	 * it to imply PROT_EXEC?  If not, nothing to talk about...

  	 */

  	if ((prot & (PROT_READ | PROT_EXEC)) != PROT_READ)
  		return prot;

  	if (!(current->personality & READ_IMPLIES_EXEC))

  		return prot;
  	/*
  	 * if that's an anonymous mapping, let it.
  	 */
  	if (!file)
  		return prot | PROT_EXEC;
  	/*
  	 * ditto if it's not on noexec mount, except that on !MMU we need

  	 * NOMMU_MAP_EXEC (== VM_MAYEXEC) in this case

  	 */

  	if (!path_noexec(&file->f_path)) {

  #ifndef CONFIG_MMU

  		if (file->f_op->mmap_capabilities) {
  			unsigned caps = file->f_op->mmap_capabilities(file);
  			if (!(caps & NOMMU_MAP_EXEC))
  				return prot;
  		}

  #endif

  		return prot | PROT_EXEC;

  	}

  	/* anything on noexec mount won't get PROT_EXEC */
  	return prot;
  }
  
  int security_mmap_file(struct file *file, unsigned long prot,
  			unsigned long flags)
  {
  	int ret;

  	ret = call_int_hook(mmap_file, 0, file, prot,

  					mmap_prot(file, prot), flags);

  	if (ret)
  		return ret;
  	return ima_file_mmap(file, prot);

  }

  int security_mmap_addr(unsigned long addr)
  {

  	return call_int_hook(mmap_addr, 0, addr);

  }

  int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
  			    unsigned long prot)
  {

  	return call_int_hook(file_mprotect, 0, vma, reqprot, prot);

  }
  
  int security_file_lock(struct file *file, unsigned int cmd)
  {

  	return call_int_hook(file_lock, 0, file, cmd);

  }
  
  int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
  {

  	return call_int_hook(file_fcntl, 0, file, cmd, arg);

  }

  void security_file_set_fowner(struct file *file)

  {

  	call_void_hook(file_set_fowner, file);

  }
  
  int security_file_send_sigiotask(struct task_struct *tsk,
  				  struct fown_struct *fown, int sig)
  {

  	return call_int_hook(file_send_sigiotask, 0, tsk, fown, sig);

  }
  
  int security_file_receive(struct file *file)
  {

  	return call_int_hook(file_receive, 0, file);

  }

  int security_file_open(struct file *file)

  {

  	int ret;

  	ret = call_int_hook(file_open, 0, file);

  	if (ret)
  		return ret;
  
  	return fsnotify_perm(file, MAY_OPEN);

  }

  int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
  {

  	int rc = lsm_task_alloc(task);
  
  	if (rc)
  		return rc;
  	rc = call_int_hook(task_alloc, 0, task, clone_flags);
  	if (unlikely(rc))
  		security_task_free(task);
  	return rc;

  }

  void security_task_free(struct task_struct *task)
  {

  	call_void_hook(task_free, task);

  
  	kfree(task->security);
  	task->security = NULL;

  }

  int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
  {

  	int rc = lsm_cred_alloc(cred, gfp);
  
  	if (rc)
  		return rc;
  
  	rc = call_int_hook(cred_alloc_blank, 0, cred, gfp);

  	if (unlikely(rc))

  		security_cred_free(cred);
  	return rc;

  }

  void security_cred_free(struct cred *cred)

  {

  	/*
  	 * There is a failure case in prepare_creds() that
  	 * may result in a call here with ->security being NULL.
  	 */
  	if (unlikely(cred->security == NULL))
  		return;

  	call_void_hook(cred_free, cred);

  
  	kfree(cred->security);
  	cred->security = NULL;

  }

  int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp)

  {

  	int rc = lsm_cred_alloc(new, gfp);
  
  	if (rc)
  		return rc;
  
  	rc = call_int_hook(cred_prepare, 0, new, old, gfp);

  	if (unlikely(rc))

  		security_cred_free(new);
  	return rc;

  }

  void security_transfer_creds(struct cred *new, const struct cred *old)
  {

  	call_void_hook(cred_transfer, new, old);