Eric Lee / smarc-ti-linux-kernel

Download as
Browse Code ยป

Commit 065d78a0603cc6f8d288e96dbf761b96984b634f

Authored by Tetsuo Handa
Committed by James Morris
1 parent daa6d83a28
Exists in master and in 20 other branches dlt-processor-sdk-linux-03.00.00.04, newt-ti-linux-3.12.y, processor-sdk-linux-01.00.00, processor-sdk-linux-02.00.01, smarc-ti-linux-3.12.10, smarc-ti-linux-3.12.y, smarc-ti-linux-3.14.y, smarc-ti-linux-3.15.y, smarc-ti-lsk-linux-4.1.y, smarct3x-processor-sdk-04.01.00.06, smarct3x-processor-sdk-linux-02.00.01, smarct3x-processor-sdk-linux-03.00.00.04, smarct4x-800-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-04.01.00.06, smarct4x-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-linux-03.00.00.04, ti-linux-3.12.y, ti-linux-3.14.y, ti-linux-3.15.y, ti-lsk-linux-4.1.y

LSM: Fix security_module_enable() error. 

We can set default LSM module to DAC (which means "enable no LSM module").
If default LSM module was set to DAC, security_module_enable() must return 0
unless overridden via boot time parameter.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: James Morris <jmorris@namei.org>

Showing 1 changed file with 2 additions and 10 deletions Inline Diff

1 /* 1 /*
2 * Security plug functions 2 * Security plug functions
3 * 3 *
4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> 4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
5 * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com> 5 * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com>
6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> 6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
7 * 7 *
8 * This program is free software; you can redistribute it and/or modify 8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by 9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or 10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version. 11 * (at your option) any later version.
12 */ 12 */
13 13
14 #include <linux/capability.h> 14 #include <linux/capability.h>
15 #include <linux/module.h> 15 #include <linux/module.h>
16 #include <linux/init.h> 16 #include <linux/init.h>
17 #include <linux/kernel.h> 17 #include <linux/kernel.h>
18 #include <linux/security.h> 18 #include <linux/security.h>
19 #include <linux/ima.h> 19 #include <linux/ima.h>
20 20
21 /* Boot-time LSM user choice */ 21 /* Boot-time LSM user choice */
22 static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = 22 static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
23 CONFIG_DEFAULT_SECURITY; 23 CONFIG_DEFAULT_SECURITY;
24 24
25 /* things that live in capability.c */ 25 /* things that live in capability.c */
26 extern void __init security_fixup_ops(struct security_operations *ops); 26 extern void __init security_fixup_ops(struct security_operations *ops);
27 27
28 static struct security_operations *security_ops; 28 static struct security_operations *security_ops;
29 static struct security_operations default_security_ops = { 29 static struct security_operations default_security_ops = {
30 .name = "default", 30 .name = "default",
31 }; 31 };
32 32
33 static inline int __init verify(struct security_operations *ops) 33 static inline int __init verify(struct security_operations *ops)
34 { 34 {
35 /* verify the security_operations structure exists */ 35 /* verify the security_operations structure exists */
36 if (!ops) 36 if (!ops)
37 return -EINVAL; 37 return -EINVAL;
38 security_fixup_ops(ops); 38 security_fixup_ops(ops);
39 return 0; 39 return 0;
40 } 40 }
41 41
42 static void __init do_security_initcalls(void) 42 static void __init do_security_initcalls(void)
43 { 43 {
44 initcall_t *call; 44 initcall_t *call;
45 call = __security_initcall_start; 45 call = __security_initcall_start;
46 while (call < __security_initcall_end) { 46 while (call < __security_initcall_end) {
47 (*call) (); 47 (*call) ();
48 call++; 48 call++;
49 } 49 }
50 } 50 }
51 51
52 /** 52 /**
53 * security_init - initializes the security framework 53 * security_init - initializes the security framework
54 * 54 *
55 * This should be called early in the kernel initialization sequence. 55 * This should be called early in the kernel initialization sequence.
56 */ 56 */
57 int __init security_init(void) 57 int __init security_init(void)
58 { 58 {
59 printk(KERN_INFO "Security Framework initialized\n"); 59 printk(KERN_INFO "Security Framework initialized\n");
60 60
61 security_fixup_ops(&default_security_ops); 61 security_fixup_ops(&default_security_ops);
62 security_ops = &default_security_ops; 62 security_ops = &default_security_ops;
63 do_security_initcalls(); 63 do_security_initcalls();
64 64
65 return 0; 65 return 0;
66 } 66 }
67 67
68 void reset_security_ops(void) 68 void reset_security_ops(void)
69 { 69 {
70 security_ops = &default_security_ops; 70 security_ops = &default_security_ops;
71 } 71 }
72 72
73 /* Save user chosen LSM */ 73 /* Save user chosen LSM */
74 static int __init choose_lsm(char *str) 74 static int __init choose_lsm(char *str)
75 { 75 {
76 strncpy(chosen_lsm, str, SECURITY_NAME_MAX); 76 strncpy(chosen_lsm, str, SECURITY_NAME_MAX);
77 return 1; 77 return 1;
78 } 78 }
79 __setup("security=", choose_lsm); 79 __setup("security=", choose_lsm);
80 80
81 /** 81 /**
82 * security_module_enable - Load given security module on boot ? 82 * security_module_enable - Load given security module on boot ?
83 * @ops: a pointer to the struct security_operations that is to be checked. 83 * @ops: a pointer to the struct security_operations that is to be checked.
84 * 84 *
85 * Each LSM must pass this method before registering its own operations 85 * Each LSM must pass this method before registering its own operations
86 * to avoid security registration races. This method may also be used 86 * to avoid security registration races. This method may also be used
87 * to check if your LSM is currently loaded during kernel initialization. 87 * to check if your LSM is currently loaded during kernel initialization.
88 * 88 *
89 * Return true if: 89 * Return true if:
90 * -The passed LSM is the one chosen by user at boot time, 90 * -The passed LSM is the one chosen by user at boot time,
91 * -or the passed LSM is configured as the default and the user did not 91 * -or the passed LSM is configured as the default and the user did not
92 * choose an alternate LSM at boot time, 92 * choose an alternate LSM at boot time.
93 * -or there is no default LSM set and the user didn't specify a
94 * specific LSM and we're the first to ask for registration permission,
95 * -or the passed LSM is currently loaded.
96 * Otherwise, return false. 93 * Otherwise, return false.
97 */ 94 */
98 int __init security_module_enable(struct security_operations *ops) 95 int __init security_module_enable(struct security_operations *ops)
99 { 96 {
100 if (!*chosen_lsm) 97 return !strcmp(ops->name, chosen_lsm);
101 strncpy(chosen_lsm, ops->name, SECURITY_NAME_MAX);
102 else if (strncmp(ops->name, chosen_lsm, SECURITY_NAME_MAX))
103 return 0;
104
105 return 1;
106 } 98 }
107 99
108 /** 100 /**
109 * register_security - registers a security framework with the kernel 101 * register_security - registers a security framework with the kernel
110 * @ops: a pointer to the struct security_options that is to be registered 102 * @ops: a pointer to the struct security_options that is to be registered
111 * 103 *
112 * This function allows a security module to register itself with the 104 * This function allows a security module to register itself with the
113 * kernel security subsystem. Some rudimentary checking is done on the @ops 105 * kernel security subsystem. Some rudimentary checking is done on the @ops
114 * value passed to this function. You'll need to check first if your LSM 106 * value passed to this function. You'll need to check first if your LSM
115 * is allowed to register its @ops by calling security_module_enable(@ops). 107 * is allowed to register its @ops by calling security_module_enable(@ops).
116 * 108 *
117 * If there is already a security module registered with the kernel, 109 * If there is already a security module registered with the kernel,
118 * an error will be returned. Otherwise %0 is returned on success. 110 * an error will be returned. Otherwise %0 is returned on success.
119 */ 111 */
120 int __init register_security(struct security_operations *ops) 112 int __init register_security(struct security_operations *ops)
121 { 113 {
122 if (verify(ops)) { 114 if (verify(ops)) {
123 printk(KERN_DEBUG "%s could not verify " 115 printk(KERN_DEBUG "%s could not verify "
124 "security_operations structure.\n", __func__); 116 "security_operations structure.\n", __func__);
125 return -EINVAL; 117 return -EINVAL;
126 } 118 }
127 119
128 if (security_ops != &default_security_ops) 120 if (security_ops != &default_security_ops)
129 return -EAGAIN; 121 return -EAGAIN;
130 122
131 security_ops = ops; 123 security_ops = ops;
132 124
133 return 0; 125 return 0;
134 } 126 }
135 127
136 /* Security operations */ 128 /* Security operations */
137 129
138 int security_ptrace_access_check(struct task_struct *child, unsigned int mode) 130 int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
139 { 131 {
140 return security_ops->ptrace_access_check(child, mode); 132 return security_ops->ptrace_access_check(child, mode);
141 } 133 }
142 134
143 int security_ptrace_traceme(struct task_struct *parent) 135 int security_ptrace_traceme(struct task_struct *parent)
144 { 136 {
145 return security_ops->ptrace_traceme(parent); 137 return security_ops->ptrace_traceme(parent);
146 } 138 }
147 139
148 int security_capget(struct task_struct *target, 140 int security_capget(struct task_struct *target,
149 kernel_cap_t *effective, 141 kernel_cap_t *effective,
150 kernel_cap_t *inheritable, 142 kernel_cap_t *inheritable,
151 kernel_cap_t *permitted) 143 kernel_cap_t *permitted)
152 { 144 {
153 return security_ops->capget(target, effective, inheritable, permitted); 145 return security_ops->capget(target, effective, inheritable, permitted);
154 } 146 }
155 147
156 int security_capset(struct cred *new, const struct cred *old, 148 int security_capset(struct cred *new, const struct cred *old,
157 const kernel_cap_t *effective, 149 const kernel_cap_t *effective,
158 const kernel_cap_t *inheritable, 150 const kernel_cap_t *inheritable,
159 const kernel_cap_t *permitted) 151 const kernel_cap_t *permitted)
160 { 152 {
161 return security_ops->capset(new, old, 153 return security_ops->capset(new, old,
162 effective, inheritable, permitted); 154 effective, inheritable, permitted);
163 } 155 }
164 156
165 int security_capable(int cap) 157 int security_capable(int cap)
166 { 158 {
167 return security_ops->capable(current, current_cred(), cap, 159 return security_ops->capable(current, current_cred(), cap,
168 SECURITY_CAP_AUDIT); 160 SECURITY_CAP_AUDIT);
169 } 161 }
170 162
171 int security_real_capable(struct task_struct *tsk, int cap) 163 int security_real_capable(struct task_struct *tsk, int cap)
172 { 164 {
173 const struct cred *cred; 165 const struct cred *cred;
174 int ret; 166 int ret;
175 167
176 cred = get_task_cred(tsk); 168 cred = get_task_cred(tsk);
177 ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_AUDIT); 169 ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_AUDIT);
178 put_cred(cred); 170 put_cred(cred);
179 return ret; 171 return ret;
180 } 172 }
181 173
182 int security_real_capable_noaudit(struct task_struct *tsk, int cap) 174 int security_real_capable_noaudit(struct task_struct *tsk, int cap)
183 { 175 {
184 const struct cred *cred; 176 const struct cred *cred;
185 int ret; 177 int ret;
186 178
187 cred = get_task_cred(tsk); 179 cred = get_task_cred(tsk);
188 ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_NOAUDIT); 180 ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_NOAUDIT);
189 put_cred(cred); 181 put_cred(cred);
190 return ret; 182 return ret;
191 } 183 }
192 184
193 int security_sysctl(struct ctl_table *table, int op) 185 int security_sysctl(struct ctl_table *table, int op)
194 { 186 {
195 return security_ops->sysctl(table, op); 187 return security_ops->sysctl(table, op);
196 } 188 }
197 189
198 int security_quotactl(int cmds, int type, int id, struct super_block *sb) 190 int security_quotactl(int cmds, int type, int id, struct super_block *sb)
199 { 191 {
200 return security_ops->quotactl(cmds, type, id, sb); 192 return security_ops->quotactl(cmds, type, id, sb);
201 } 193 }
202 194
203 int security_quota_on(struct dentry *dentry) 195 int security_quota_on(struct dentry *dentry)
204 { 196 {
205 return security_ops->quota_on(dentry); 197 return security_ops->quota_on(dentry);
206 } 198 }
207 199
208 int security_syslog(int type, bool from_file) 200 int security_syslog(int type, bool from_file)
209 { 201 {
210 return security_ops->syslog(type, from_file); 202 return security_ops->syslog(type, from_file);
211 } 203 }
212 204
213 int security_settime(struct timespec *ts, struct timezone *tz) 205 int security_settime(struct timespec *ts, struct timezone *tz)
214 { 206 {
215 return security_ops->settime(ts, tz); 207 return security_ops->settime(ts, tz);
216 } 208 }
217 209
218 int security_vm_enough_memory(long pages) 210 int security_vm_enough_memory(long pages)
219 { 211 {
220 WARN_ON(current->mm == NULL); 212 WARN_ON(current->mm == NULL);
221 return security_ops->vm_enough_memory(current->mm, pages); 213 return security_ops->vm_enough_memory(current->mm, pages);
222 } 214 }
223 215
224 int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) 216 int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
225 { 217 {
226 WARN_ON(mm == NULL); 218 WARN_ON(mm == NULL);
227 return security_ops->vm_enough_memory(mm, pages); 219 return security_ops->vm_enough_memory(mm, pages);
228 } 220 }
229 221
230 int security_vm_enough_memory_kern(long pages) 222 int security_vm_enough_memory_kern(long pages)
231 { 223 {
232 /* If current->mm is a kernel thread then we will pass NULL, 224 /* If current->mm is a kernel thread then we will pass NULL,
233 for this specific case that is fine */ 225 for this specific case that is fine */
234 return security_ops->vm_enough_memory(current->mm, pages); 226 return security_ops->vm_enough_memory(current->mm, pages);
235 } 227 }
236 228
237 int security_bprm_set_creds(struct linux_binprm *bprm) 229 int security_bprm_set_creds(struct linux_binprm *bprm)
238 { 230 {
239 return security_ops->bprm_set_creds(bprm); 231 return security_ops->bprm_set_creds(bprm);
240 } 232 }
241 233
242 int security_bprm_check(struct linux_binprm *bprm) 234 int security_bprm_check(struct linux_binprm *bprm)
243 { 235 {
244 int ret; 236 int ret;
245 237
246 ret = security_ops->bprm_check_security(bprm); 238 ret = security_ops->bprm_check_security(bprm);
247 if (ret) 239 if (ret)
248 return ret; 240 return ret;
249 return ima_bprm_check(bprm); 241 return ima_bprm_check(bprm);
250 } 242 }
251 243
252 void security_bprm_committing_creds(struct linux_binprm *bprm) 244 void security_bprm_committing_creds(struct linux_binprm *bprm)
253 { 245 {
254 security_ops->bprm_committing_creds(bprm); 246 security_ops->bprm_committing_creds(bprm);
255 } 247 }
256 248
257 void security_bprm_committed_creds(struct linux_binprm *bprm) 249 void security_bprm_committed_creds(struct linux_binprm *bprm)
258 { 250 {
259 security_ops->bprm_committed_creds(bprm); 251 security_ops->bprm_committed_creds(bprm);
260 } 252 }
261 253
262 int security_bprm_secureexec(struct linux_binprm *bprm) 254 int security_bprm_secureexec(struct linux_binprm *bprm)
263 { 255 {
264 return security_ops->bprm_secureexec(bprm); 256 return security_ops->bprm_secureexec(bprm);
265 } 257 }
266 258
267 int security_sb_alloc(struct super_block *sb) 259 int security_sb_alloc(struct super_block *sb)
268 { 260 {
269 return security_ops->sb_alloc_security(sb); 261 return security_ops->sb_alloc_security(sb);
270 } 262 }
271 263
272 void security_sb_free(struct super_block *sb) 264 void security_sb_free(struct super_block *sb)
273 { 265 {
274 security_ops->sb_free_security(sb); 266 security_ops->sb_free_security(sb);
275 } 267 }
276 268
277 int security_sb_copy_data(char *orig, char *copy) 269 int security_sb_copy_data(char *orig, char *copy)
278 { 270 {
279 return security_ops->sb_copy_data(orig, copy); 271 return security_ops->sb_copy_data(orig, copy);
280 } 272 }
281 EXPORT_SYMBOL(security_sb_copy_data); 273 EXPORT_SYMBOL(security_sb_copy_data);
282 274
283 int security_sb_kern_mount(struct super_block *sb, int flags, void *data) 275 int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
284 { 276 {
285 return security_ops->sb_kern_mount(sb, flags, data); 277 return security_ops->sb_kern_mount(sb, flags, data);
286 } 278 }
287 279
288 int security_sb_show_options(struct seq_file *m, struct super_block *sb) 280 int security_sb_show_options(struct seq_file *m, struct super_block *sb)
289 { 281 {
290 return security_ops->sb_show_options(m, sb); 282 return security_ops->sb_show_options(m, sb);
291 } 283 }
292 284
293 int security_sb_statfs(struct dentry *dentry) 285 int security_sb_statfs(struct dentry *dentry)
294 { 286 {
295 return security_ops->sb_statfs(dentry); 287 return security_ops->sb_statfs(dentry);
296 } 288 }
297 289
298 int security_sb_mount(char *dev_name, struct path *path, 290 int security_sb_mount(char *dev_name, struct path *path,
299 char *type, unsigned long flags, void *data) 291 char *type, unsigned long flags, void *data)
300 { 292 {
301 return security_ops->sb_mount(dev_name, path, type, flags, data); 293 return security_ops->sb_mount(dev_name, path, type, flags, data);
302 } 294 }
303 295
304 int security_sb_umount(struct vfsmount *mnt, int flags) 296 int security_sb_umount(struct vfsmount *mnt, int flags)
305 { 297 {
306 return security_ops->sb_umount(mnt, flags); 298 return security_ops->sb_umount(mnt, flags);
307 } 299 }
308 300
309 int security_sb_pivotroot(struct path *old_path, struct path *new_path) 301 int security_sb_pivotroot(struct path *old_path, struct path *new_path)
310 { 302 {
311 return security_ops->sb_pivotroot(old_path, new_path); 303 return security_ops->sb_pivotroot(old_path, new_path);
312 } 304 }
313 305
314 int security_sb_set_mnt_opts(struct super_block *sb, 306 int security_sb_set_mnt_opts(struct super_block *sb,
315 struct security_mnt_opts *opts) 307 struct security_mnt_opts *opts)
316 { 308 {
317 return security_ops->sb_set_mnt_opts(sb, opts); 309 return security_ops->sb_set_mnt_opts(sb, opts);
318 } 310 }
319 EXPORT_SYMBOL(security_sb_set_mnt_opts); 311 EXPORT_SYMBOL(security_sb_set_mnt_opts);
320 312
321 void security_sb_clone_mnt_opts(const struct super_block *oldsb, 313 void security_sb_clone_mnt_opts(const struct super_block *oldsb,
322 struct super_block *newsb) 314 struct super_block *newsb)
323 { 315 {
324 security_ops->sb_clone_mnt_opts(oldsb, newsb); 316 security_ops->sb_clone_mnt_opts(oldsb, newsb);
325 } 317 }
326 EXPORT_SYMBOL(security_sb_clone_mnt_opts); 318 EXPORT_SYMBOL(security_sb_clone_mnt_opts);
327 319
328 int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts) 320 int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
329 { 321 {
330 return security_ops->sb_parse_opts_str(options, opts); 322 return security_ops->sb_parse_opts_str(options, opts);
331 } 323 }
332 EXPORT_SYMBOL(security_sb_parse_opts_str); 324 EXPORT_SYMBOL(security_sb_parse_opts_str);
333 325
334 int security_inode_alloc(struct inode *inode) 326 int security_inode_alloc(struct inode *inode)
335 { 327 {
336 int ret; 328 int ret;
337 329
338 inode->i_security = NULL; 330 inode->i_security = NULL;
339 ret = security_ops->inode_alloc_security(inode); 331 ret = security_ops->inode_alloc_security(inode);
340 if (ret) 332 if (ret)
341 return ret; 333 return ret;
342 ret = ima_inode_alloc(inode); 334 ret = ima_inode_alloc(inode);
343 if (ret) 335 if (ret)
344 security_inode_free(inode); 336 security_inode_free(inode);
345 return ret; 337 return ret;
346 } 338 }
347 339
348 void security_inode_free(struct inode *inode) 340 void security_inode_free(struct inode *inode)
349 { 341 {
350 ima_inode_free(inode); 342 ima_inode_free(inode);
351 security_ops->inode_free_security(inode); 343 security_ops->inode_free_security(inode);
352 } 344 }
353 345
354 int security_inode_init_security(struct inode *inode, struct inode *dir, 346 int security_inode_init_security(struct inode *inode, struct inode *dir,
355 char **name, void **value, size_t *len) 347 char **name, void **value, size_t *len)
356 { 348 {
357 if (unlikely(IS_PRIVATE(inode))) 349 if (unlikely(IS_PRIVATE(inode)))
358 return -EOPNOTSUPP; 350 return -EOPNOTSUPP;
359 return security_ops->inode_init_security(inode, dir, name, value, len); 351 return security_ops->inode_init_security(inode, dir, name, value, len);
360 } 352 }
361 EXPORT_SYMBOL(security_inode_init_security); 353 EXPORT_SYMBOL(security_inode_init_security);
362 354
363 #ifdef CONFIG_SECURITY_PATH 355 #ifdef CONFIG_SECURITY_PATH
364 int security_path_mknod(struct path *dir, struct dentry *dentry, int mode, 356 int security_path_mknod(struct path *dir, struct dentry *dentry, int mode,
365 unsigned int dev) 357 unsigned int dev)
366 { 358 {
367 if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) 359 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
368 return 0; 360 return 0;
369 return security_ops->path_mknod(dir, dentry, mode, dev); 361 return security_ops->path_mknod(dir, dentry, mode, dev);
370 } 362 }
371 EXPORT_SYMBOL(security_path_mknod); 363 EXPORT_SYMBOL(security_path_mknod);
372 364
373 int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode) 365 int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode)
374 { 366 {
375 if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) 367 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
376 return 0; 368 return 0;
377 return security_ops->path_mkdir(dir, dentry, mode); 369 return security_ops->path_mkdir(dir, dentry, mode);
378 } 370 }
379 371
380 int security_path_rmdir(struct path *dir, struct dentry *dentry) 372 int security_path_rmdir(struct path *dir, struct dentry *dentry)
381 { 373 {
382 if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) 374 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
383 return 0; 375 return 0;
384 return security_ops->path_rmdir(dir, dentry); 376 return security_ops->path_rmdir(dir, dentry);
385 } 377 }
386 378
387 int security_path_unlink(struct path *dir, struct dentry *dentry) 379 int security_path_unlink(struct path *dir, struct dentry *dentry)
388 { 380 {
389 if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) 381 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
390 return 0; 382 return 0;
391 return security_ops->path_unlink(dir, dentry); 383 return security_ops->path_unlink(dir, dentry);
392 } 384 }
393 385
394 int security_path_symlink(struct path *dir, struct dentry *dentry, 386 int security_path_symlink(struct path *dir, struct dentry *dentry,
395 const char *old_name) 387 const char *old_name)
396 { 388 {
397 if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) 389 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
398 return 0; 390 return 0;
399 return security_ops->path_symlink(dir, dentry, old_name); 391 return security_ops->path_symlink(dir, dentry, old_name);
400 } 392 }
401 393
402 int security_path_link(struct dentry *old_dentry, struct path *new_dir, 394 int security_path_link(struct dentry *old_dentry, struct path *new_dir,
403 struct dentry *new_dentry) 395 struct dentry *new_dentry)
404 { 396 {
405 if (unlikely(IS_PRIVATE(old_dentry->d_inode))) 397 if (unlikely(IS_PRIVATE(old_dentry->d_inode)))
406 return 0; 398 return 0;
407 return security_ops->path_link(old_dentry, new_dir, new_dentry); 399 return security_ops->path_link(old_dentry, new_dir, new_dentry);
408 } 400 }
409 401
410 int security_path_rename(struct path *old_dir, struct dentry *old_dentry, 402 int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
411 struct path *new_dir, struct dentry *new_dentry) 403 struct path *new_dir, struct dentry *new_dentry)
412 { 404 {
413 if (unlikely(IS_PRIVATE(old_dentry->d_inode) || 405 if (unlikely(IS_PRIVATE(old_dentry->d_inode) ||
414 (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode)))) 406 (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode))))
415 return 0; 407 return 0;
416 return security_ops->path_rename(old_dir, old_dentry, new_dir, 408 return security_ops->path_rename(old_dir, old_dentry, new_dir,
417 new_dentry); 409 new_dentry);
418 } 410 }
419 411
420 int security_path_truncate(struct path *path) 412 int security_path_truncate(struct path *path)
421 { 413 {
422 if (unlikely(IS_PRIVATE(path->dentry->d_inode))) 414 if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
423 return 0; 415 return 0;
424 return security_ops->path_truncate(path); 416 return security_ops->path_truncate(path);
425 } 417 }
426 418
427 int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt, 419 int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
428 mode_t mode) 420 mode_t mode)
429 { 421 {
430 if (unlikely(IS_PRIVATE(dentry->d_inode))) 422 if (unlikely(IS_PRIVATE(dentry->d_inode)))
431 return 0; 423 return 0;
432 return security_ops->path_chmod(dentry, mnt, mode); 424 return security_ops->path_chmod(dentry, mnt, mode);
433 } 425 }
434 426
435 int security_path_chown(struct path *path, uid_t uid, gid_t gid) 427 int security_path_chown(struct path *path, uid_t uid, gid_t gid)
436 { 428 {
437 if (unlikely(IS_PRIVATE(path->dentry->d_inode))) 429 if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
438 return 0; 430 return 0;
439 return security_ops->path_chown(path, uid, gid); 431 return security_ops->path_chown(path, uid, gid);
440 } 432 }
441 433
442 int security_path_chroot(struct path *path) 434 int security_path_chroot(struct path *path)
443 { 435 {
444 return security_ops->path_chroot(path); 436 return security_ops->path_chroot(path);
445 } 437 }
446 #endif 438 #endif
447 439
448 int security_inode_create(struct inode *dir, struct dentry *dentry, int mode) 440 int security_inode_create(struct inode *dir, struct dentry *dentry, int mode)
449 { 441 {
450 if (unlikely(IS_PRIVATE(dir))) 442 if (unlikely(IS_PRIVATE(dir)))
451 return 0; 443 return 0;
452 return security_ops->inode_create(dir, dentry, mode); 444 return security_ops->inode_create(dir, dentry, mode);
453 } 445 }
454 EXPORT_SYMBOL_GPL(security_inode_create); 446 EXPORT_SYMBOL_GPL(security_inode_create);
455 447
456 int security_inode_link(struct dentry *old_dentry, struct inode *dir, 448 int security_inode_link(struct dentry *old_dentry, struct inode *dir,
457 struct dentry *new_dentry) 449 struct dentry *new_dentry)
458 { 450 {
459 if (unlikely(IS_PRIVATE(old_dentry->d_inode))) 451 if (unlikely(IS_PRIVATE(old_dentry->d_inode)))
460 return 0; 452 return 0;
461 return security_ops->inode_link(old_dentry, dir, new_dentry); 453 return security_ops->inode_link(old_dentry, dir, new_dentry);
462 } 454 }
463 455
464 int security_inode_unlink(struct inode *dir, struct dentry *dentry) 456 int security_inode_unlink(struct inode *dir, struct dentry *dentry)
465 { 457 {
466 if (unlikely(IS_PRIVATE(dentry->d_inode))) 458 if (unlikely(IS_PRIVATE(dentry->d_inode)))
467 return 0; 459 return 0;
468 return security_ops->inode_unlink(dir, dentry); 460 return security_ops->inode_unlink(dir, dentry);
469 } 461 }
470 462
471 int security_inode_symlink(struct inode *dir, struct dentry *dentry, 463 int security_inode_symlink(struct inode *dir, struct dentry *dentry,
472 const char *old_name) 464 const char *old_name)
473 { 465 {
474 if (unlikely(IS_PRIVATE(dir))) 466 if (unlikely(IS_PRIVATE(dir)))
475 return 0; 467 return 0;
476 return security_ops->inode_symlink(dir, dentry, old_name); 468 return security_ops->inode_symlink(dir, dentry, old_name);
477 } 469 }
478 470
479 int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode) 471 int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode)
480 { 472 {
481 if (unlikely(IS_PRIVATE(dir))) 473 if (unlikely(IS_PRIVATE(dir)))
482 return 0; 474 return 0;
483 return security_ops->inode_mkdir(dir, dentry, mode); 475 return security_ops->inode_mkdir(dir, dentry, mode);
484 } 476 }
485 EXPORT_SYMBOL_GPL(security_inode_mkdir); 477 EXPORT_SYMBOL_GPL(security_inode_mkdir);
486 478
487 int security_inode_rmdir(struct inode *dir, struct dentry *dentry) 479 int security_inode_rmdir(struct inode *dir, struct dentry *dentry)
488 { 480 {
489 if (unlikely(IS_PRIVATE(dentry->d_inode))) 481 if (unlikely(IS_PRIVATE(dentry->d_inode)))
490 return 0; 482 return 0;
491 return security_ops->inode_rmdir(dir, dentry); 483 return security_ops->inode_rmdir(dir, dentry);
492 } 484 }
493 485
494 int security_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) 486 int security_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
495 { 487 {
496 if (unlikely(IS_PRIVATE(dir))) 488 if (unlikely(IS_PRIVATE(dir)))
497 return 0; 489 return 0;
498 return security_ops->inode_mknod(dir, dentry, mode, dev); 490 return security_ops->inode_mknod(dir, dentry, mode, dev);
499 } 491 }
500 492
501 int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, 493 int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
502 struct inode *new_dir, struct dentry *new_dentry) 494 struct inode *new_dir, struct dentry *new_dentry)
503 { 495 {
504 if (unlikely(IS_PRIVATE(old_dentry->d_inode) || 496 if (unlikely(IS_PRIVATE(old_dentry->d_inode) ||
505 (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode)))) 497 (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode))))
506 return 0; 498 return 0;
507 return security_ops->inode_rename(old_dir, old_dentry, 499 return security_ops->inode_rename(old_dir, old_dentry,
508 new_dir, new_dentry); 500 new_dir, new_dentry);
509 } 501 }
510 502
511 int security_inode_readlink(struct dentry *dentry) 503 int security_inode_readlink(struct dentry *dentry)
512 { 504 {
513 if (unlikely(IS_PRIVATE(dentry->d_inode))) 505 if (unlikely(IS_PRIVATE(dentry->d_inode)))
514 return 0; 506 return 0;
515 return security_ops->inode_readlink(dentry); 507 return security_ops->inode_readlink(dentry);
516 } 508 }
517 509
518 int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd) 510 int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd)
519 { 511 {
520 if (unlikely(IS_PRIVATE(dentry->d_inode))) 512 if (unlikely(IS_PRIVATE(dentry->d_inode)))
521 return 0; 513 return 0;
522 return security_ops->inode_follow_link(dentry, nd); 514 return security_ops->inode_follow_link(dentry, nd);
523 } 515 }
524 516
525 int security_inode_permission(struct inode *inode, int mask) 517 int security_inode_permission(struct inode *inode, int mask)
526 { 518 {
527 if (unlikely(IS_PRIVATE(inode))) 519 if (unlikely(IS_PRIVATE(inode)))
528 return 0; 520 return 0;
529 return security_ops->inode_permission(inode, mask); 521 return security_ops->inode_permission(inode, mask);
530 } 522 }
531 523
532 int security_inode_setattr(struct dentry *dentry, struct iattr *attr) 524 int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
533 { 525 {
534 if (unlikely(IS_PRIVATE(dentry->d_inode))) 526 if (unlikely(IS_PRIVATE(dentry->d_inode)))
535 return 0; 527 return 0;
536 return security_ops->inode_setattr(dentry, attr); 528 return security_ops->inode_setattr(dentry, attr);
537 } 529 }
538 EXPORT_SYMBOL_GPL(security_inode_setattr); 530 EXPORT_SYMBOL_GPL(security_inode_setattr);
539 531
540 int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) 532 int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
541 { 533 {
542 if (unlikely(IS_PRIVATE(dentry->d_inode))) 534 if (unlikely(IS_PRIVATE(dentry->d_inode)))
543 return 0; 535 return 0;
544 return security_ops->inode_getattr(mnt, dentry); 536 return security_ops->inode_getattr(mnt, dentry);
545 } 537 }
546 538
547 int security_inode_setxattr(struct dentry *dentry, const char *name, 539 int security_inode_setxattr(struct dentry *dentry, const char *name,
548 const void *value, size_t size, int flags) 540 const void *value, size_t size, int flags)
549 { 541 {
550 if (unlikely(IS_PRIVATE(dentry->d_inode))) 542 if (unlikely(IS_PRIVATE(dentry->d_inode)))
551 return 0; 543 return 0;
552 return security_ops->inode_setxattr(dentry, name, value, size, flags); 544 return security_ops->inode_setxattr(dentry, name, value, size, flags);
553 } 545 }
554 546
555 void security_inode_post_setxattr(struct dentry *dentry, const char *name, 547 void security_inode_post_setxattr(struct dentry *dentry, const char *name,
556 const void *value, size_t size, int flags) 548 const void *value, size_t size, int flags)
557 { 549 {
558 if (unlikely(IS_PRIVATE(dentry->d_inode))) 550 if (unlikely(IS_PRIVATE(dentry->d_inode)))
559 return; 551 return;
560 security_ops->inode_post_setxattr(dentry, name, value, size, flags); 552 security_ops->inode_post_setxattr(dentry, name, value, size, flags);
561 } 553 }
562 554
563 int security_inode_getxattr(struct dentry *dentry, const char *name) 555 int security_inode_getxattr(struct dentry *dentry, const char *name)
564 { 556 {
565 if (unlikely(IS_PRIVATE(dentry->d_inode))) 557 if (unlikely(IS_PRIVATE(dentry->d_inode)))
566 return 0; 558 return 0;
567 return security_ops->inode_getxattr(dentry, name); 559 return security_ops->inode_getxattr(dentry, name);
568 } 560 }
569 561
570 int security_inode_listxattr(struct dentry *dentry) 562 int security_inode_listxattr(struct dentry *dentry)
571 { 563 {
572 if (unlikely(IS_PRIVATE(dentry->d_inode))) 564 if (unlikely(IS_PRIVATE(dentry->d_inode)))
573 return 0; 565 return 0;
574 return security_ops->inode_listxattr(dentry); 566 return security_ops->inode_listxattr(dentry);
575 } 567 }
576 568
577 int security_inode_removexattr(struct dentry *dentry, const char *name) 569 int security_inode_removexattr(struct dentry *dentry, const char *name)
578 { 570 {
579 if (unlikely(IS_PRIVATE(dentry->d_inode))) 571 if (unlikely(IS_PRIVATE(dentry->d_inode)))
580 return 0; 572 return 0;
581 return security_ops->inode_removexattr(dentry, name); 573 return security_ops->inode_removexattr(dentry, name);
582 } 574 }
583 575
584 int security_inode_need_killpriv(struct dentry *dentry) 576 int security_inode_need_killpriv(struct dentry *dentry)
585 { 577 {
586 return security_ops->inode_need_killpriv(dentry); 578 return security_ops->inode_need_killpriv(dentry);
587 } 579 }
588 580
589 int security_inode_killpriv(struct dentry *dentry) 581 int security_inode_killpriv(struct dentry *dentry)
590 { 582 {
591 return security_ops->inode_killpriv(dentry); 583 return security_ops->inode_killpriv(dentry);
592 } 584 }
593 585
594 int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc) 586 int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
595 { 587 {
596 if (unlikely(IS_PRIVATE(inode))) 588 if (unlikely(IS_PRIVATE(inode)))
597 return -EOPNOTSUPP; 589 return -EOPNOTSUPP;
598 return security_ops->inode_getsecurity(inode, name, buffer, alloc); 590 return security_ops->inode_getsecurity(inode, name, buffer, alloc);
599 } 591 }
600 592
601 int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) 593 int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
602 { 594 {
603 if (unlikely(IS_PRIVATE(inode))) 595 if (unlikely(IS_PRIVATE(inode)))
604 return -EOPNOTSUPP; 596 return -EOPNOTSUPP;
605 return security_ops->inode_setsecurity(inode, name, value, size, flags); 597 return security_ops->inode_setsecurity(inode, name, value, size, flags);
606 } 598 }
607 599
608 int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) 600 int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
609 { 601 {
610 if (unlikely(IS_PRIVATE(inode))) 602 if (unlikely(IS_PRIVATE(inode)))
611 return 0; 603 return 0;
612 return security_ops->inode_listsecurity(inode, buffer, buffer_size); 604 return security_ops->inode_listsecurity(inode, buffer, buffer_size);
613 } 605 }
614 606
615 void security_inode_getsecid(const struct inode *inode, u32 *secid) 607 void security_inode_getsecid(const struct inode *inode, u32 *secid)
616 { 608 {
617 security_ops->inode_getsecid(inode, secid); 609 security_ops->inode_getsecid(inode, secid);
618 } 610 }
619 611
620 int security_file_permission(struct file *file, int mask) 612 int security_file_permission(struct file *file, int mask)
621 { 613 {
622 int ret; 614 int ret;
623 615
624 ret = security_ops->file_permission(file, mask); 616 ret = security_ops->file_permission(file, mask);
625 if (ret) 617 if (ret)
626 return ret; 618 return ret;
627 619
628 return fsnotify_perm(file, mask); 620 return fsnotify_perm(file, mask);
629 } 621 }
630 622
631 int security_file_alloc(struct file *file) 623 int security_file_alloc(struct file *file)
632 { 624 {
633 return security_ops->file_alloc_security(file); 625 return security_ops->file_alloc_security(file);
634 } 626 }
635 627
636 void security_file_free(struct file *file) 628 void security_file_free(struct file *file)
637 { 629 {
638 security_ops->file_free_security(file); 630 security_ops->file_free_security(file);
639 } 631 }
640 632
641 int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 633 int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
642 { 634 {
643 return security_ops->file_ioctl(file, cmd, arg); 635 return security_ops->file_ioctl(file, cmd, arg);
644 } 636 }
645 637
646 int security_file_mmap(struct file *file, unsigned long reqprot, 638 int security_file_mmap(struct file *file, unsigned long reqprot,
647 unsigned long prot, unsigned long flags, 639 unsigned long prot, unsigned long flags,
648 unsigned long addr, unsigned long addr_only) 640 unsigned long addr, unsigned long addr_only)
649 { 641 {
650 int ret; 642 int ret;
651 643
652 ret = security_ops->file_mmap(file, reqprot, prot, flags, addr, addr_only); 644 ret = security_ops->file_mmap(file, reqprot, prot, flags, addr, addr_only);
653 if (ret) 645 if (ret)
654 return ret; 646 return ret;
655 return ima_file_mmap(file, prot); 647 return ima_file_mmap(file, prot);
656 } 648 }
657 649
658 int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, 650 int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
659 unsigned long prot) 651 unsigned long prot)
660 { 652 {
661 return security_ops->file_mprotect(vma, reqprot, prot); 653 return security_ops->file_mprotect(vma, reqprot, prot);
662 } 654 }
663 655
664 int security_file_lock(struct file *file, unsigned int cmd) 656 int security_file_lock(struct file *file, unsigned int cmd)
665 { 657 {
666 return security_ops->file_lock(file, cmd); 658 return security_ops->file_lock(file, cmd);
667 } 659 }
668 660
669 int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg) 661 int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
670 { 662 {
671 return security_ops->file_fcntl(file, cmd, arg); 663 return security_ops->file_fcntl(file, cmd, arg);
672 } 664 }
673 665
674 int security_file_set_fowner(struct file *file) 666 int security_file_set_fowner(struct file *file)
675 { 667 {
676 return security_ops->file_set_fowner(file); 668 return security_ops->file_set_fowner(file);
677 } 669 }
678 670
679 int security_file_send_sigiotask(struct task_struct *tsk, 671 int security_file_send_sigiotask(struct task_struct *tsk,
680 struct fown_struct *fown, int sig) 672 struct fown_struct *fown, int sig)
681 { 673 {
682 return security_ops->file_send_sigiotask(tsk, fown, sig); 674 return security_ops->file_send_sigiotask(tsk, fown, sig);
683 } 675 }
684 676
685 int security_file_receive(struct file *file) 677 int security_file_receive(struct file *file)
686 { 678 {
687 return security_ops->file_receive(file); 679 return security_ops->file_receive(file);
688 } 680 }
689 681
690 int security_dentry_open(struct file *file, const struct cred *cred) 682 int security_dentry_open(struct file *file, const struct cred *cred)
691 { 683 {
692 int ret; 684 int ret;
693 685
694 ret = security_ops->dentry_open(file, cred); 686 ret = security_ops->dentry_open(file, cred);
695 if (ret) 687 if (ret)
696 return ret; 688 return ret;
697 689
698 return fsnotify_perm(file, MAY_OPEN); 690 return fsnotify_perm(file, MAY_OPEN);
699 } 691 }
700 692
701 int security_task_create(unsigned long clone_flags) 693 int security_task_create(unsigned long clone_flags)
702 { 694 {
703 return security_ops->task_create(clone_flags); 695 return security_ops->task_create(clone_flags);
704 } 696 }
705 697
706 int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) 698 int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
707 { 699 {
708 return security_ops->cred_alloc_blank(cred, gfp); 700 return security_ops->cred_alloc_blank(cred, gfp);
709 } 701 }
710 702
711 void security_cred_free(struct cred *cred) 703 void security_cred_free(struct cred *cred)
712 { 704 {
713 security_ops->cred_free(cred); 705 security_ops->cred_free(cred);
714 } 706 }
715 707
716 int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp) 708 int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp)
717 { 709 {
718 return security_ops->cred_prepare(new, old, gfp); 710 return security_ops->cred_prepare(new, old, gfp);
719 } 711 }
720 712
721 void security_transfer_creds(struct cred *new, const struct cred *old) 713 void security_transfer_creds(struct cred *new, const struct cred *old)
722 { 714 {
723 security_ops->cred_transfer(new, old); 715 security_ops->cred_transfer(new, old);
724 } 716 }
725 717
726 int security_kernel_act_as(struct cred *new, u32 secid) 718 int security_kernel_act_as(struct cred *new, u32 secid)
727 { 719 {
728 return security_ops->kernel_act_as(new, secid); 720 return security_ops->kernel_act_as(new, secid);
729 } 721 }
730 722
731 int security_kernel_create_files_as(struct cred *new, struct inode *inode) 723 int security_kernel_create_files_as(struct cred *new, struct inode *inode)
732 { 724 {
733 return security_ops->kernel_create_files_as(new, inode); 725 return security_ops->kernel_create_files_as(new, inode);
734 } 726 }
735 727
736 int security_kernel_module_request(char *kmod_name) 728 int security_kernel_module_request(char *kmod_name)
737 { 729 {
738 return security_ops->kernel_module_request(kmod_name); 730 return security_ops->kernel_module_request(kmod_name);
739 } 731 }
740 732
741 int security_task_fix_setuid(struct cred *new, const struct cred *old, 733 int security_task_fix_setuid(struct cred *new, const struct cred *old,
742 int flags) 734 int flags)
743 { 735 {
744 return security_ops->task_fix_setuid(new, old, flags); 736 return security_ops->task_fix_setuid(new, old, flags);
745 } 737 }
746 738
747 int security_task_setpgid(struct task_struct *p, pid_t pgid) 739 int security_task_setpgid(struct task_struct *p, pid_t pgid)
748 { 740 {
749 return security_ops->task_setpgid(p, pgid); 741 return security_ops->task_setpgid(p, pgid);
750 } 742 }
751 743
752 int security_task_getpgid(struct task_struct *p) 744 int security_task_getpgid(struct task_struct *p)
753 { 745 {
754 return security_ops->task_getpgid(p); 746 return security_ops->task_getpgid(p);
755 } 747 }
756 748
757 int security_task_getsid(struct task_struct *p) 749 int security_task_getsid(struct task_struct *p)
758 { 750 {
759 return security_ops->task_getsid(p); 751 return security_ops->task_getsid(p);
760 } 752 }
761 753
762 void security_task_getsecid(struct task_struct *p, u32 *secid) 754 void security_task_getsecid(struct task_struct *p, u32 *secid)
763 { 755 {
764 security_ops->task_getsecid(p, secid); 756 security_ops->task_getsecid(p, secid);
765 } 757 }
766 EXPORT_SYMBOL(security_task_getsecid); 758 EXPORT_SYMBOL(security_task_getsecid);
767 759
768 int security_task_setnice(struct task_struct *p, int nice) 760 int security_task_setnice(struct task_struct *p, int nice)
769 { 761 {
770 return security_ops->task_setnice(p, nice); 762 return security_ops->task_setnice(p, nice);
771 } 763 }
772 764
773 int security_task_setioprio(struct task_struct *p, int ioprio) 765 int security_task_setioprio(struct task_struct *p, int ioprio)
774 { 766 {
775 return security_ops->task_setioprio(p, ioprio); 767 return security_ops->task_setioprio(p, ioprio);
776 } 768 }
777 769
778 int security_task_getioprio(struct task_struct *p) 770 int security_task_getioprio(struct task_struct *p)
779 { 771 {
780 return security_ops->task_getioprio(p); 772 return security_ops->task_getioprio(p);
781 } 773 }
782 774
783 int security_task_setrlimit(struct task_struct *p, unsigned int resource, 775 int security_task_setrlimit(struct task_struct *p, unsigned int resource,
784 struct rlimit *new_rlim) 776 struct rlimit *new_rlim)
785 { 777 {
786 return security_ops->task_setrlimit(p, resource, new_rlim); 778 return security_ops->task_setrlimit(p, resource, new_rlim);
787 } 779 }
788 780
789 int security_task_setscheduler(struct task_struct *p, 781 int security_task_setscheduler(struct task_struct *p,
790 int policy, struct sched_param *lp) 782 int policy, struct sched_param *lp)
791 { 783 {
792 return security_ops->task_setscheduler(p, policy, lp); 784 return security_ops->task_setscheduler(p, policy, lp);
793 } 785 }
794 786
795 int security_task_getscheduler(struct task_struct *p) 787 int security_task_getscheduler(struct task_struct *p)
796 { 788 {
797 return security_ops->task_getscheduler(p); 789 return security_ops->task_getscheduler(p);
798 } 790 }
799 791
800 int security_task_movememory(struct task_struct *p) 792 int security_task_movememory(struct task_struct *p)
801 { 793 {
802 return security_ops->task_movememory(p); 794 return security_ops->task_movememory(p);
803 } 795 }
804 796
805 int security_task_kill(struct task_struct *p, struct siginfo *info, 797 int security_task_kill(struct task_struct *p, struct siginfo *info,
806 int sig, u32 secid) 798 int sig, u32 secid)
807 { 799 {
808 return security_ops->task_kill(p, info, sig, secid); 800 return security_ops->task_kill(p, info, sig, secid);
809 } 801 }
810 802
811 int security_task_wait(struct task_struct *p) 803 int security_task_wait(struct task_struct *p)
812 { 804 {
813 return security_ops->task_wait(p); 805 return security_ops->task_wait(p);
814 } 806 }
815 807
816 int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, 808 int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
817 unsigned long arg4, unsigned long arg5) 809 unsigned long arg4, unsigned long arg5)
818 { 810 {
819 return security_ops->task_prctl(option, arg2, arg3, arg4, arg5); 811 return security_ops->task_prctl(option, arg2, arg3, arg4, arg5);
820 } 812 }
821 813
822 void security_task_to_inode(struct task_struct *p, struct inode *inode) 814 void security_task_to_inode(struct task_struct *p, struct inode *inode)
823 { 815 {
824 security_ops->task_to_inode(p, inode); 816 security_ops->task_to_inode(p, inode);
825 } 817 }
826 818
827 int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag) 819 int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
828 { 820 {
829 return security_ops->ipc_permission(ipcp, flag); 821 return security_ops->ipc_permission(ipcp, flag);
830 } 822 }
831 823
832 void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) 824 void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
833 { 825 {
834 security_ops->ipc_getsecid(ipcp, secid); 826 security_ops->ipc_getsecid(ipcp, secid);
835 } 827 }
836 828
837 int security_msg_msg_alloc(struct msg_msg *msg) 829 int security_msg_msg_alloc(struct msg_msg *msg)
838 { 830 {
839 return security_ops->msg_msg_alloc_security(msg); 831 return security_ops->msg_msg_alloc_security(msg);
840 } 832 }
841 833
842 void security_msg_msg_free(struct msg_msg *msg) 834 void security_msg_msg_free(struct msg_msg *msg)
843 { 835 {
844 security_ops->msg_msg_free_security(msg); 836 security_ops->msg_msg_free_security(msg);
845 } 837 }
846 838
847 int security_msg_queue_alloc(struct msg_queue *msq) 839 int security_msg_queue_alloc(struct msg_queue *msq)
848 { 840 {
849 return security_ops->msg_queue_alloc_security(msq); 841 return security_ops->msg_queue_alloc_security(msq);
850 } 842 }
851 843
852 void security_msg_queue_free(struct msg_queue *msq) 844 void security_msg_queue_free(struct msg_queue *msq)
853 { 845 {
854 security_ops->msg_queue_free_security(msq); 846 security_ops->msg_queue_free_security(msq);
855 } 847 }
856 848
857 int security_msg_queue_associate(struct msg_queue *msq, int msqflg) 849 int security_msg_queue_associate(struct msg_queue *msq, int msqflg)
858 { 850 {
859 return security_ops->msg_queue_associate(msq, msqflg); 851 return security_ops->msg_queue_associate(msq, msqflg);
860 } 852 }
861 853
862 int security_msg_queue_msgctl(struct msg_queue *msq, int cmd) 854 int security_msg_queue_msgctl(struct msg_queue *msq, int cmd)
863 { 855 {
864 return security_ops->msg_queue_msgctl(msq, cmd); 856 return security_ops->msg_queue_msgctl(msq, cmd);
865 } 857 }
866 858
867 int security_msg_queue_msgsnd(struct msg_queue *msq, 859 int security_msg_queue_msgsnd(struct msg_queue *msq,
868 struct msg_msg *msg, int msqflg) 860 struct msg_msg *msg, int msqflg)
869 { 861 {
870 return security_ops->msg_queue_msgsnd(msq, msg, msqflg); 862 return security_ops->msg_queue_msgsnd(msq, msg, msqflg);
871 } 863 }
872 864
873 int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, 865 int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
874 struct task_struct *target, long type, int mode) 866 struct task_struct *target, long type, int mode)
875 { 867 {
876 return security_ops->msg_queue_msgrcv(msq, msg, target, type, mode); 868 return security_ops->msg_queue_msgrcv(msq, msg, target, type, mode);
877 } 869 }
878 870
879 int security_shm_alloc(struct shmid_kernel *shp) 871 int security_shm_alloc(struct shmid_kernel *shp)
880 { 872 {
881 return security_ops->shm_alloc_security(shp); 873 return security_ops->shm_alloc_security(shp);
882 } 874 }
883 875
884 void security_shm_free(struct shmid_kernel *shp) 876 void security_shm_free(struct shmid_kernel *shp)
885 { 877 {
886 security_ops->shm_free_security(shp); 878 security_ops->shm_free_security(shp);
887 } 879 }
888 880
889 int security_shm_associate(struct shmid_kernel *shp, int shmflg) 881 int security_shm_associate(struct shmid_kernel *shp, int shmflg)
890 { 882 {
891 return security_ops->shm_associate(shp, shmflg); 883 return security_ops->shm_associate(shp, shmflg);
892 } 884 }
893 885
894 int security_shm_shmctl(struct shmid_kernel *shp, int cmd) 886 int security_shm_shmctl(struct shmid_kernel *shp, int cmd)
895 { 887 {
896 return security_ops->shm_shmctl(shp, cmd); 888 return security_ops->shm_shmctl(shp, cmd);
897 } 889 }
898 890
899 int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg) 891 int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg)
900 { 892 {
901 return security_ops->shm_shmat(shp, shmaddr, shmflg); 893 return security_ops->shm_shmat(shp, shmaddr, shmflg);
902 } 894 }
903 895
904 int security_sem_alloc(struct sem_array *sma) 896 int security_sem_alloc(struct sem_array *sma)
905 { 897 {
906 return security_ops->sem_alloc_security(sma); 898 return security_ops->sem_alloc_security(sma);
907 } 899 }
908 900
909 void security_sem_free(struct sem_array *sma) 901 void security_sem_free(struct sem_array *sma)
910 { 902 {
911 security_ops->sem_free_security(sma); 903 security_ops->sem_free_security(sma);
912 } 904 }
913 905
914 int security_sem_associate(struct sem_array *sma, int semflg) 906 int security_sem_associate(struct sem_array *sma, int semflg)
915 { 907 {
916 return security_ops->sem_associate(sma, semflg); 908 return security_ops->sem_associate(sma, semflg);
917 } 909 }
918 910
919 int security_sem_semctl(struct sem_array *sma, int cmd) 911 int security_sem_semctl(struct sem_array *sma, int cmd)
920 { 912 {
921 return security_ops->sem_semctl(sma, cmd); 913 return security_ops->sem_semctl(sma, cmd);
922 } 914 }
923 915
924 int security_sem_semop(struct sem_array *sma, struct sembuf *sops, 916 int security_sem_semop(struct sem_array *sma, struct sembuf *sops,
925 unsigned nsops, int alter) 917 unsigned nsops, int alter)
926 { 918 {
927 return security_ops->sem_semop(sma, sops, nsops, alter); 919 return security_ops->sem_semop(sma, sops, nsops, alter);
928 } 920 }
929 921
930 void security_d_instantiate(struct dentry *dentry, struct inode *inode) 922 void security_d_instantiate(struct dentry *dentry, struct inode *inode)
931 { 923 {
932 if (unlikely(inode && IS_PRIVATE(inode))) 924 if (unlikely(inode && IS_PRIVATE(inode)))
933 return; 925 return;
934 security_ops->d_instantiate(dentry, inode); 926 security_ops->d_instantiate(dentry, inode);
935 } 927 }
936 EXPORT_SYMBOL(security_d_instantiate); 928 EXPORT_SYMBOL(security_d_instantiate);
937 929
938 int security_getprocattr(struct task_struct *p, char *name, char **value) 930 int security_getprocattr(struct task_struct *p, char *name, char **value)
939 { 931 {
940 return security_ops->getprocattr(p, name, value); 932 return security_ops->getprocattr(p, name, value);
941 } 933 }
942 934
943 int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size) 935 int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
944 { 936 {
945 return security_ops->setprocattr(p, name, value, size); 937 return security_ops->setprocattr(p, name, value, size);
946 } 938 }
947 939
948 int security_netlink_send(struct sock *sk, struct sk_buff *skb) 940 int security_netlink_send(struct sock *sk, struct sk_buff *skb)
949 { 941 {
950 return security_ops->netlink_send(sk, skb); 942 return security_ops->netlink_send(sk, skb);
951 } 943 }
952 944
953 int security_netlink_recv(struct sk_buff *skb, int cap) 945 int security_netlink_recv(struct sk_buff *skb, int cap)
954 { 946 {
955 return security_ops->netlink_recv(skb, cap); 947 return security_ops->netlink_recv(skb, cap);
956 } 948 }
957 EXPORT_SYMBOL(security_netlink_recv); 949 EXPORT_SYMBOL(security_netlink_recv);
958 950
959 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 951 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
960 { 952 {
961 return security_ops->secid_to_secctx(secid, secdata, seclen); 953 return security_ops->secid_to_secctx(secid, secdata, seclen);
962 } 954 }
963 EXPORT_SYMBOL(security_secid_to_secctx); 955 EXPORT_SYMBOL(security_secid_to_secctx);
964 956
965 int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) 957 int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
966 { 958 {
967 return security_ops->secctx_to_secid(secdata, seclen, secid); 959 return security_ops->secctx_to_secid(secdata, seclen, secid);
968 } 960 }
969 EXPORT_SYMBOL(security_secctx_to_secid); 961 EXPORT_SYMBOL(security_secctx_to_secid);
970 962
971 void security_release_secctx(char *secdata, u32 seclen) 963 void security_release_secctx(char *secdata, u32 seclen)
972 { 964 {
973 security_ops->release_secctx(secdata, seclen); 965 security_ops->release_secctx(secdata, seclen);
974 } 966 }
975 EXPORT_SYMBOL(security_release_secctx); 967 EXPORT_SYMBOL(security_release_secctx);
976 968
977 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 969 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
978 { 970 {
979 return security_ops->inode_notifysecctx(inode, ctx, ctxlen); 971 return security_ops->inode_notifysecctx(inode, ctx, ctxlen);
980 } 972 }
981 EXPORT_SYMBOL(security_inode_notifysecctx); 973 EXPORT_SYMBOL(security_inode_notifysecctx);
982 974
983 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 975 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
984 { 976 {
985 return security_ops->inode_setsecctx(dentry, ctx, ctxlen); 977 return security_ops->inode_setsecctx(dentry, ctx, ctxlen);
986 } 978 }
987 EXPORT_SYMBOL(security_inode_setsecctx); 979 EXPORT_SYMBOL(security_inode_setsecctx);
988 980
989 int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 981 int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
990 { 982 {
991 return security_ops->inode_getsecctx(inode, ctx, ctxlen); 983 return security_ops->inode_getsecctx(inode, ctx, ctxlen);
992 } 984 }
993 EXPORT_SYMBOL(security_inode_getsecctx); 985 EXPORT_SYMBOL(security_inode_getsecctx);
994 986
995 #ifdef CONFIG_SECURITY_NETWORK 987 #ifdef CONFIG_SECURITY_NETWORK
996 988
997 int security_unix_stream_connect(struct socket *sock, struct socket *other, 989 int security_unix_stream_connect(struct socket *sock, struct socket *other,
998 struct sock *newsk) 990 struct sock *newsk)
999 { 991 {
1000 return security_ops->unix_stream_connect(sock, other, newsk); 992 return security_ops->unix_stream_connect(sock, other, newsk);
1001 } 993 }
1002 EXPORT_SYMBOL(security_unix_stream_connect); 994 EXPORT_SYMBOL(security_unix_stream_connect);
1003 995
1004 int security_unix_may_send(struct socket *sock, struct socket *other) 996 int security_unix_may_send(struct socket *sock, struct socket *other)
1005 { 997 {
1006 return security_ops->unix_may_send(sock, other); 998 return security_ops->unix_may_send(sock, other);
1007 } 999 }
1008 EXPORT_SYMBOL(security_unix_may_send); 1000 EXPORT_SYMBOL(security_unix_may_send);
1009 1001
1010 int security_socket_create(int family, int type, int protocol, int kern) 1002 int security_socket_create(int family, int type, int protocol, int kern)
1011 { 1003 {
1012 return security_ops->socket_create(family, type, protocol, kern); 1004 return security_ops->socket_create(family, type, protocol, kern);
1013 } 1005 }
1014 1006
1015 int security_socket_post_create(struct socket *sock, int family, 1007 int security_socket_post_create(struct socket *sock, int family,
1016 int type, int protocol, int kern) 1008 int type, int protocol, int kern)
1017 { 1009 {
1018 return security_ops->socket_post_create(sock, family, type, 1010 return security_ops->socket_post_create(sock, family, type,
1019 protocol, kern); 1011 protocol, kern);
1020 } 1012 }
1021 1013
1022 int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) 1014 int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
1023 { 1015 {
1024 return security_ops->socket_bind(sock, address, addrlen); 1016 return security_ops->socket_bind(sock, address, addrlen);
1025 } 1017 }
1026 1018
1027 int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen) 1019 int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
1028 { 1020 {
1029 return security_ops->socket_connect(sock, address, addrlen); 1021 return security_ops->socket_connect(sock, address, addrlen);
1030 } 1022 }
1031 1023
1032 int security_socket_listen(struct socket *sock, int backlog) 1024 int security_socket_listen(struct socket *sock, int backlog)
1033 { 1025 {
1034 return security_ops->socket_listen(sock, backlog); 1026 return security_ops->socket_listen(sock, backlog);
1035 } 1027 }
1036 1028
1037 int security_socket_accept(struct socket *sock, struct socket *newsock) 1029 int security_socket_accept(struct socket *sock, struct socket *newsock)
1038 { 1030 {
1039 return security_ops->socket_accept(sock, newsock); 1031 return security_ops->socket_accept(sock, newsock);
1040 } 1032 }
1041 1033
1042 int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) 1034 int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
1043 { 1035 {
1044 return security_ops->socket_sendmsg(sock, msg, size); 1036 return security_ops->socket_sendmsg(sock, msg, size);
1045 } 1037 }
1046 1038
1047 int security_socket_recvmsg(struct socket *sock, struct msghdr *msg, 1039 int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
1048 int size, int flags) 1040 int size, int flags)
1049 { 1041 {
1050 return security_ops->socket_recvmsg(sock, msg, size, flags); 1042 return security_ops->socket_recvmsg(sock, msg, size, flags);
1051 } 1043 }
1052 1044
1053 int security_socket_getsockname(struct socket *sock) 1045 int security_socket_getsockname(struct socket *sock)
1054 { 1046 {
1055 return security_ops->socket_getsockname(sock); 1047 return security_ops->socket_getsockname(sock);
1056 } 1048 }
1057 1049
1058 int security_socket_getpeername(struct socket *sock) 1050 int security_socket_getpeername(struct socket *sock)
1059 { 1051 {
1060 return security_ops->socket_getpeername(sock); 1052 return security_ops->socket_getpeername(sock);
1061 } 1053 }
1062 1054
1063 int security_socket_getsockopt(struct socket *sock, int level, int optname) 1055 int security_socket_getsockopt(struct socket *sock, int level, int optname)
1064 { 1056 {
1065 return security_ops->socket_getsockopt(sock, level, optname); 1057 return security_ops->socket_getsockopt(sock, level, optname);
1066 } 1058 }
1067 1059
1068 int security_socket_setsockopt(struct socket *sock, int level, int optname) 1060 int security_socket_setsockopt(struct socket *sock, int level, int optname)
1069 { 1061 {
1070 return security_ops->socket_setsockopt(sock, level, optname); 1062 return security_ops->socket_setsockopt(sock, level, optname);
1071 } 1063 }
1072 1064
1073 int security_socket_shutdown(struct socket *sock, int how) 1065 int security_socket_shutdown(struct socket *sock, int how)
1074 { 1066 {
1075 return security_ops->socket_shutdown(sock, how); 1067 return security_ops->socket_shutdown(sock, how);
1076 } 1068 }
1077 1069
1078 int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) 1070 int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
1079 { 1071 {
1080 return security_ops->socket_sock_rcv_skb(sk, skb); 1072 return security_ops->socket_sock_rcv_skb(sk, skb);
1081 } 1073 }
1082 EXPORT_SYMBOL(security_sock_rcv_skb); 1074 EXPORT_SYMBOL(security_sock_rcv_skb);
1083 1075
1084 int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, 1076 int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
1085 int __user *optlen, unsigned len) 1077 int __user *optlen, unsigned len)
1086 { 1078 {
1087 return security_ops->socket_getpeersec_stream(sock, optval, optlen, len); 1079 return security_ops->socket_getpeersec_stream(sock, optval, optlen, len);
1088 } 1080 }
1089 1081
1090 int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) 1082 int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
1091 { 1083 {
1092 return security_ops->socket_getpeersec_dgram(sock, skb, secid); 1084 return security_ops->socket_getpeersec_dgram(sock, skb, secid);
1093 } 1085 }
1094 EXPORT_SYMBOL(security_socket_getpeersec_dgram); 1086 EXPORT_SYMBOL(security_socket_getpeersec_dgram);
1095 1087
1096 int security_sk_alloc(struct sock *sk, int family, gfp_t priority) 1088 int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
1097 { 1089 {
1098 return security_ops->sk_alloc_security(sk, family, priority); 1090 return security_ops->sk_alloc_security(sk, family, priority);
1099 } 1091 }
1100 1092
1101 void security_sk_free(struct sock *sk) 1093 void security_sk_free(struct sock *sk)
1102 { 1094 {
1103 security_ops->sk_free_security(sk); 1095 security_ops->sk_free_security(sk);
1104 } 1096 }
1105 1097
1106 void security_sk_clone(const struct sock *sk, struct sock *newsk) 1098 void security_sk_clone(const struct sock *sk, struct sock *newsk)
1107 { 1099 {
1108 security_ops->sk_clone_security(sk, newsk); 1100 security_ops->sk_clone_security(sk, newsk);
1109 } 1101 }
1110 1102
1111 void security_sk_classify_flow(struct sock *sk, struct flowi *fl) 1103 void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
1112 { 1104 {
1113 security_ops->sk_getsecid(sk, &fl->secid); 1105 security_ops->sk_getsecid(sk, &fl->secid);
1114 } 1106 }
1115 EXPORT_SYMBOL(security_sk_classify_flow); 1107 EXPORT_SYMBOL(security_sk_classify_flow);
1116 1108
1117 void security_req_classify_flow(const struct request_sock *req, struct flowi *fl) 1109 void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
1118 { 1110 {
1119 security_ops->req_classify_flow(req, fl); 1111 security_ops->req_classify_flow(req, fl);
1120 } 1112 }
1121 EXPORT_SYMBOL(security_req_classify_flow); 1113 EXPORT_SYMBOL(security_req_classify_flow);
1122 1114
1123 void security_sock_graft(struct sock *sk, struct socket *parent) 1115 void security_sock_graft(struct sock *sk, struct socket *parent)
1124 { 1116 {
1125 security_ops->sock_graft(sk, parent); 1117 security_ops->sock_graft(sk, parent);
1126 } 1118 }
1127 EXPORT_SYMBOL(security_sock_graft); 1119 EXPORT_SYMBOL(security_sock_graft);
1128 1120
1129 int security_inet_conn_request(struct sock *sk, 1121 int security_inet_conn_request(struct sock *sk,
1130 struct sk_buff *skb, struct request_sock *req) 1122 struct sk_buff *skb, struct request_sock *req)
1131 { 1123 {
1132 return security_ops->inet_conn_request(sk, skb, req); 1124 return security_ops->inet_conn_request(sk, skb, req);
1133 } 1125 }
1134 EXPORT_SYMBOL(security_inet_conn_request); 1126 EXPORT_SYMBOL(security_inet_conn_request);
1135 1127
1136 void security_inet_csk_clone(struct sock *newsk, 1128 void security_inet_csk_clone(struct sock *newsk,
1137 const struct request_sock *req) 1129 const struct request_sock *req)
1138 { 1130 {
1139 security_ops->inet_csk_clone(newsk, req); 1131 security_ops->inet_csk_clone(newsk, req);
1140 } 1132 }
1141 1133
1142 void security_inet_conn_established(struct sock *sk, 1134 void security_inet_conn_established(struct sock *sk,
1143 struct sk_buff *skb) 1135 struct sk_buff *skb)
1144 { 1136 {
1145 security_ops->inet_conn_established(sk, skb); 1137 security_ops->inet_conn_established(sk, skb);
1146 } 1138 }
1147 1139
1148 int security_tun_dev_create(void) 1140 int security_tun_dev_create(void)
1149 { 1141 {
1150 return security_ops->tun_dev_create(); 1142 return security_ops->tun_dev_create();
1151 } 1143 }
1152 EXPORT_SYMBOL(security_tun_dev_create); 1144 EXPORT_SYMBOL(security_tun_dev_create);
1153 1145
1154 void security_tun_dev_post_create(struct sock *sk) 1146 void security_tun_dev_post_create(struct sock *sk)
1155 { 1147 {
1156 return security_ops->tun_dev_post_create(sk); 1148 return security_ops->tun_dev_post_create(sk);
1157 } 1149 }
1158 EXPORT_SYMBOL(security_tun_dev_post_create); 1150 EXPORT_SYMBOL(security_tun_dev_post_create);
1159 1151
1160 int security_tun_dev_attach(struct sock *sk) 1152 int security_tun_dev_attach(struct sock *sk)
1161 { 1153 {
1162 return security_ops->tun_dev_attach(sk); 1154 return security_ops->tun_dev_attach(sk);
1163 } 1155 }
1164 EXPORT_SYMBOL(security_tun_dev_attach); 1156 EXPORT_SYMBOL(security_tun_dev_attach);
1165 1157
1166 #endif /* CONFIG_SECURITY_NETWORK */ 1158 #endif /* CONFIG_SECURITY_NETWORK */
1167 1159
1168 #ifdef CONFIG_SECURITY_NETWORK_XFRM 1160 #ifdef CONFIG_SECURITY_NETWORK_XFRM
1169 1161
1170 int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx) 1162 int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx)
1171 { 1163 {
1172 return security_ops->xfrm_policy_alloc_security(ctxp, sec_ctx); 1164 return security_ops->xfrm_policy_alloc_security(ctxp, sec_ctx);
1173 } 1165 }
1174 EXPORT_SYMBOL(security_xfrm_policy_alloc); 1166 EXPORT_SYMBOL(security_xfrm_policy_alloc);
1175 1167
1176 int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, 1168 int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
1177 struct xfrm_sec_ctx **new_ctxp) 1169 struct xfrm_sec_ctx **new_ctxp)
1178 { 1170 {
1179 return security_ops->xfrm_policy_clone_security(old_ctx, new_ctxp); 1171 return security_ops->xfrm_policy_clone_security(old_ctx, new_ctxp);
1180 } 1172 }
1181 1173
1182 void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx) 1174 void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
1183 { 1175 {
1184 security_ops->xfrm_policy_free_security(ctx); 1176 security_ops->xfrm_policy_free_security(ctx);
1185 } 1177 }
1186 EXPORT_SYMBOL(security_xfrm_policy_free); 1178 EXPORT_SYMBOL(security_xfrm_policy_free);
1187 1179
1188 int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) 1180 int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
1189 { 1181 {
1190 return security_ops->xfrm_policy_delete_security(ctx); 1182 return security_ops->xfrm_policy_delete_security(ctx);
1191 } 1183 }
1192 1184
1193 int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) 1185 int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx)
1194 { 1186 {
1195 return security_ops->xfrm_state_alloc_security(x, sec_ctx, 0); 1187 return security_ops->xfrm_state_alloc_security(x, sec_ctx, 0);
1196 } 1188 }
1197 EXPORT_SYMBOL(security_xfrm_state_alloc); 1189 EXPORT_SYMBOL(security_xfrm_state_alloc);
1198 1190
1199 int security_xfrm_state_alloc_acquire(struct xfrm_state *x, 1191 int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
1200 struct xfrm_sec_ctx *polsec, u32 secid) 1192 struct xfrm_sec_ctx *polsec, u32 secid)
1201 { 1193 {
1202 if (!polsec) 1194 if (!polsec)
1203 return 0; 1195 return 0;
1204 /* 1196 /*
1205 * We want the context to be taken from secid which is usually 1197 * We want the context to be taken from secid which is usually
1206 * from the sock. 1198 * from the sock.
1207 */ 1199 */
1208 return security_ops->xfrm_state_alloc_security(x, NULL, secid); 1200 return security_ops->xfrm_state_alloc_security(x, NULL, secid);
1209 } 1201 }
1210 1202
1211 int security_xfrm_state_delete(struct xfrm_state *x) 1203 int security_xfrm_state_delete(struct xfrm_state *x)
1212 { 1204 {
1213 return security_ops->xfrm_state_delete_security(x); 1205 return security_ops->xfrm_state_delete_security(x);
1214 } 1206 }
1215 EXPORT_SYMBOL(security_xfrm_state_delete); 1207 EXPORT_SYMBOL(security_xfrm_state_delete);
1216 1208
1217 void security_xfrm_state_free(struct xfrm_state *x) 1209 void security_xfrm_state_free(struct xfrm_state *x)
1218 { 1210 {
1219 security_ops->xfrm_state_free_security(x); 1211 security_ops->xfrm_state_free_security(x);
1220 } 1212 }
1221 1213
1222 int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) 1214 int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
1223 { 1215 {
1224 return security_ops->xfrm_policy_lookup(ctx, fl_secid, dir); 1216 return security_ops->xfrm_policy_lookup(ctx, fl_secid, dir);
1225 } 1217 }
1226 1218
1227 int security_xfrm_state_pol_flow_match(struct xfrm_state *x, 1219 int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
1228 struct xfrm_policy *xp, struct flowi *fl) 1220 struct xfrm_policy *xp, struct flowi *fl)
1229 { 1221 {
1230 return security_ops->xfrm_state_pol_flow_match(x, xp, fl); 1222 return security_ops->xfrm_state_pol_flow_match(x, xp, fl);
1231 } 1223 }
1232 1224
1233 int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) 1225 int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
1234 { 1226 {
1235 return security_ops->xfrm_decode_session(skb, secid, 1); 1227 return security_ops->xfrm_decode_session(skb, secid, 1);
1236 } 1228 }
1237 1229
1238 void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl) 1230 void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
1239 { 1231 {
1240 int rc = security_ops->xfrm_decode_session(skb, &fl->secid, 0); 1232 int rc = security_ops->xfrm_decode_session(skb, &fl->secid, 0);
1241 1233
1242 BUG_ON(rc); 1234 BUG_ON(rc);
1243 } 1235 }
1244 EXPORT_SYMBOL(security_skb_classify_flow); 1236 EXPORT_SYMBOL(security_skb_classify_flow);
1245 1237
1246 #endif /* CONFIG_SECURITY_NETWORK_XFRM */ 1238 #endif /* CONFIG_SECURITY_NETWORK_XFRM */
1247 1239
1248 #ifdef CONFIG_KEYS 1240 #ifdef CONFIG_KEYS
1249 1241
1250 int security_key_alloc(struct key *key, const struct cred *cred, 1242 int security_key_alloc(struct key *key, const struct cred *cred,
1251 unsigned long flags) 1243 unsigned long flags)
1252 { 1244 {
1253 return security_ops->key_alloc(key, cred, flags); 1245 return security_ops->key_alloc(key, cred, flags);
1254 } 1246 }
1255 1247
1256 void security_key_free(struct key *key) 1248 void security_key_free(struct key *key)
1257 { 1249 {
1258 security_ops->key_free(key); 1250 security_ops->key_free(key);
1259 } 1251 }
1260 1252
1261 int security_key_permission(key_ref_t key_ref, 1253 int security_key_permission(key_ref_t key_ref,
1262 const struct cred *cred, key_perm_t perm) 1254 const struct cred *cred, key_perm_t perm)
1263 { 1255 {
1264 return security_ops->key_permission(key_ref, cred, perm); 1256 return security_ops->key_permission(key_ref, cred, perm);
1265 } 1257 }
1266 1258
1267 int security_key_getsecurity(struct key *key, char **_buffer) 1259 int security_key_getsecurity(struct key *key, char **_buffer)
1268 { 1260 {
1269 return security_ops->key_getsecurity(key, _buffer); 1261 return security_ops->key_getsecurity(key, _buffer);
1270 } 1262 }
1271 1263
1272 #endif /* CONFIG_KEYS */ 1264 #endif /* CONFIG_KEYS */
1273 1265
1274 #ifdef CONFIG_AUDIT 1266 #ifdef CONFIG_AUDIT
1275 1267
1276 int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) 1268 int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
1277 { 1269 {
1278 return security_ops->audit_rule_init(field, op, rulestr, lsmrule); 1270 return security_ops->audit_rule_init(field, op, rulestr, lsmrule);
1279 } 1271 }
1280 1272
1281 int security_audit_rule_known(struct audit_krule *krule) 1273 int security_audit_rule_known(struct audit_krule *krule)
1282 { 1274 {
1283 return security_ops->audit_rule_known(krule); 1275 return security_ops->audit_rule_known(krule);
1284 } 1276 }
1285 1277
1286 void security_audit_rule_free(void *lsmrule) 1278 void security_audit_rule_free(void *lsmrule)
1287 { 1279 {
1288 security_ops->audit_rule_free(lsmrule); 1280 security_ops->audit_rule_free(lsmrule);
1289 } 1281 }
1290 1282
1291 int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, 1283 int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
1292 struct audit_context *actx) 1284 struct audit_context *actx)
1293 { 1285 {
1294 return security_ops->audit_rule_match(secid, field, op, lsmrule, actx); 1286 return security_ops->audit_rule_match(secid, field, op, lsmrule, actx);
1295 } 1287 }
1296 1288
1297 #endif /* CONFIG_AUDIT */ 1289 #endif /* CONFIG_AUDIT */
1298 1290