Commit 065d78a0603cc6f8d288e96dbf761b96984b634f
Committed by
James Morris
1 parent
daa6d83a28
Exists in
master
and in
20 other branches
LSM: Fix security_module_enable() error.
We can set default LSM module to DAC (which means "enable no LSM module"). If default LSM module was set to DAC, security_module_enable() must return 0 unless overridden via boot time parameter. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Serge E. Hallyn <serge@hallyn.com> Signed-off-by: James Morris <jmorris@namei.org>
Showing 1 changed file with 2 additions and 10 deletions Inline Diff
security/security.c
1 | /* | 1 | /* |
2 | * Security plug functions | 2 | * Security plug functions |
3 | * | 3 | * |
4 | * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> | 4 | * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> |
5 | * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com> | 5 | * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com> |
6 | * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> | 6 | * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> |
7 | * | 7 | * |
8 | * This program is free software; you can redistribute it and/or modify | 8 | * This program is free software; you can redistribute it and/or modify |
9 | * it under the terms of the GNU General Public License as published by | 9 | * it under the terms of the GNU General Public License as published by |
10 | * the Free Software Foundation; either version 2 of the License, or | 10 | * the Free Software Foundation; either version 2 of the License, or |
11 | * (at your option) any later version. | 11 | * (at your option) any later version. |
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include <linux/capability.h> | 14 | #include <linux/capability.h> |
15 | #include <linux/module.h> | 15 | #include <linux/module.h> |
16 | #include <linux/init.h> | 16 | #include <linux/init.h> |
17 | #include <linux/kernel.h> | 17 | #include <linux/kernel.h> |
18 | #include <linux/security.h> | 18 | #include <linux/security.h> |
19 | #include <linux/ima.h> | 19 | #include <linux/ima.h> |
20 | 20 | ||
21 | /* Boot-time LSM user choice */ | 21 | /* Boot-time LSM user choice */ |
22 | static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = | 22 | static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = |
23 | CONFIG_DEFAULT_SECURITY; | 23 | CONFIG_DEFAULT_SECURITY; |
24 | 24 | ||
25 | /* things that live in capability.c */ | 25 | /* things that live in capability.c */ |
26 | extern void __init security_fixup_ops(struct security_operations *ops); | 26 | extern void __init security_fixup_ops(struct security_operations *ops); |
27 | 27 | ||
28 | static struct security_operations *security_ops; | 28 | static struct security_operations *security_ops; |
29 | static struct security_operations default_security_ops = { | 29 | static struct security_operations default_security_ops = { |
30 | .name = "default", | 30 | .name = "default", |
31 | }; | 31 | }; |
32 | 32 | ||
33 | static inline int __init verify(struct security_operations *ops) | 33 | static inline int __init verify(struct security_operations *ops) |
34 | { | 34 | { |
35 | /* verify the security_operations structure exists */ | 35 | /* verify the security_operations structure exists */ |
36 | if (!ops) | 36 | if (!ops) |
37 | return -EINVAL; | 37 | return -EINVAL; |
38 | security_fixup_ops(ops); | 38 | security_fixup_ops(ops); |
39 | return 0; | 39 | return 0; |
40 | } | 40 | } |
41 | 41 | ||
42 | static void __init do_security_initcalls(void) | 42 | static void __init do_security_initcalls(void) |
43 | { | 43 | { |
44 | initcall_t *call; | 44 | initcall_t *call; |
45 | call = __security_initcall_start; | 45 | call = __security_initcall_start; |
46 | while (call < __security_initcall_end) { | 46 | while (call < __security_initcall_end) { |
47 | (*call) (); | 47 | (*call) (); |
48 | call++; | 48 | call++; |
49 | } | 49 | } |
50 | } | 50 | } |
51 | 51 | ||
52 | /** | 52 | /** |
53 | * security_init - initializes the security framework | 53 | * security_init - initializes the security framework |
54 | * | 54 | * |
55 | * This should be called early in the kernel initialization sequence. | 55 | * This should be called early in the kernel initialization sequence. |
56 | */ | 56 | */ |
57 | int __init security_init(void) | 57 | int __init security_init(void) |
58 | { | 58 | { |
59 | printk(KERN_INFO "Security Framework initialized\n"); | 59 | printk(KERN_INFO "Security Framework initialized\n"); |
60 | 60 | ||
61 | security_fixup_ops(&default_security_ops); | 61 | security_fixup_ops(&default_security_ops); |
62 | security_ops = &default_security_ops; | 62 | security_ops = &default_security_ops; |
63 | do_security_initcalls(); | 63 | do_security_initcalls(); |
64 | 64 | ||
65 | return 0; | 65 | return 0; |
66 | } | 66 | } |
67 | 67 | ||
68 | void reset_security_ops(void) | 68 | void reset_security_ops(void) |
69 | { | 69 | { |
70 | security_ops = &default_security_ops; | 70 | security_ops = &default_security_ops; |
71 | } | 71 | } |
72 | 72 | ||
73 | /* Save user chosen LSM */ | 73 | /* Save user chosen LSM */ |
74 | static int __init choose_lsm(char *str) | 74 | static int __init choose_lsm(char *str) |
75 | { | 75 | { |
76 | strncpy(chosen_lsm, str, SECURITY_NAME_MAX); | 76 | strncpy(chosen_lsm, str, SECURITY_NAME_MAX); |
77 | return 1; | 77 | return 1; |
78 | } | 78 | } |
79 | __setup("security=", choose_lsm); | 79 | __setup("security=", choose_lsm); |
80 | 80 | ||
81 | /** | 81 | /** |
82 | * security_module_enable - Load given security module on boot ? | 82 | * security_module_enable - Load given security module on boot ? |
83 | * @ops: a pointer to the struct security_operations that is to be checked. | 83 | * @ops: a pointer to the struct security_operations that is to be checked. |
84 | * | 84 | * |
85 | * Each LSM must pass this method before registering its own operations | 85 | * Each LSM must pass this method before registering its own operations |
86 | * to avoid security registration races. This method may also be used | 86 | * to avoid security registration races. This method may also be used |
87 | * to check if your LSM is currently loaded during kernel initialization. | 87 | * to check if your LSM is currently loaded during kernel initialization. |
88 | * | 88 | * |
89 | * Return true if: | 89 | * Return true if: |
90 | * -The passed LSM is the one chosen by user at boot time, | 90 | * -The passed LSM is the one chosen by user at boot time, |
91 | * -or the passed LSM is configured as the default and the user did not | 91 | * -or the passed LSM is configured as the default and the user did not |
92 | * choose an alternate LSM at boot time, | 92 | * choose an alternate LSM at boot time. |
93 | * -or there is no default LSM set and the user didn't specify a | ||
94 | * specific LSM and we're the first to ask for registration permission, | ||
95 | * -or the passed LSM is currently loaded. | ||
96 | * Otherwise, return false. | 93 | * Otherwise, return false. |
97 | */ | 94 | */ |
98 | int __init security_module_enable(struct security_operations *ops) | 95 | int __init security_module_enable(struct security_operations *ops) |
99 | { | 96 | { |
100 | if (!*chosen_lsm) | 97 | return !strcmp(ops->name, chosen_lsm); |
101 | strncpy(chosen_lsm, ops->name, SECURITY_NAME_MAX); | ||
102 | else if (strncmp(ops->name, chosen_lsm, SECURITY_NAME_MAX)) | ||
103 | return 0; | ||
104 | |||
105 | return 1; | ||
106 | } | 98 | } |
107 | 99 | ||
108 | /** | 100 | /** |
109 | * register_security - registers a security framework with the kernel | 101 | * register_security - registers a security framework with the kernel |
110 | * @ops: a pointer to the struct security_options that is to be registered | 102 | * @ops: a pointer to the struct security_options that is to be registered |
111 | * | 103 | * |
112 | * This function allows a security module to register itself with the | 104 | * This function allows a security module to register itself with the |
113 | * kernel security subsystem. Some rudimentary checking is done on the @ops | 105 | * kernel security subsystem. Some rudimentary checking is done on the @ops |
114 | * value passed to this function. You'll need to check first if your LSM | 106 | * value passed to this function. You'll need to check first if your LSM |
115 | * is allowed to register its @ops by calling security_module_enable(@ops). | 107 | * is allowed to register its @ops by calling security_module_enable(@ops). |
116 | * | 108 | * |
117 | * If there is already a security module registered with the kernel, | 109 | * If there is already a security module registered with the kernel, |
118 | * an error will be returned. Otherwise %0 is returned on success. | 110 | * an error will be returned. Otherwise %0 is returned on success. |
119 | */ | 111 | */ |
120 | int __init register_security(struct security_operations *ops) | 112 | int __init register_security(struct security_operations *ops) |
121 | { | 113 | { |
122 | if (verify(ops)) { | 114 | if (verify(ops)) { |
123 | printk(KERN_DEBUG "%s could not verify " | 115 | printk(KERN_DEBUG "%s could not verify " |
124 | "security_operations structure.\n", __func__); | 116 | "security_operations structure.\n", __func__); |
125 | return -EINVAL; | 117 | return -EINVAL; |
126 | } | 118 | } |
127 | 119 | ||
128 | if (security_ops != &default_security_ops) | 120 | if (security_ops != &default_security_ops) |
129 | return -EAGAIN; | 121 | return -EAGAIN; |
130 | 122 | ||
131 | security_ops = ops; | 123 | security_ops = ops; |
132 | 124 | ||
133 | return 0; | 125 | return 0; |
134 | } | 126 | } |
135 | 127 | ||
136 | /* Security operations */ | 128 | /* Security operations */ |
137 | 129 | ||
138 | int security_ptrace_access_check(struct task_struct *child, unsigned int mode) | 130 | int security_ptrace_access_check(struct task_struct *child, unsigned int mode) |
139 | { | 131 | { |
140 | return security_ops->ptrace_access_check(child, mode); | 132 | return security_ops->ptrace_access_check(child, mode); |
141 | } | 133 | } |
142 | 134 | ||
143 | int security_ptrace_traceme(struct task_struct *parent) | 135 | int security_ptrace_traceme(struct task_struct *parent) |
144 | { | 136 | { |
145 | return security_ops->ptrace_traceme(parent); | 137 | return security_ops->ptrace_traceme(parent); |
146 | } | 138 | } |
147 | 139 | ||
148 | int security_capget(struct task_struct *target, | 140 | int security_capget(struct task_struct *target, |
149 | kernel_cap_t *effective, | 141 | kernel_cap_t *effective, |
150 | kernel_cap_t *inheritable, | 142 | kernel_cap_t *inheritable, |
151 | kernel_cap_t *permitted) | 143 | kernel_cap_t *permitted) |
152 | { | 144 | { |
153 | return security_ops->capget(target, effective, inheritable, permitted); | 145 | return security_ops->capget(target, effective, inheritable, permitted); |
154 | } | 146 | } |
155 | 147 | ||
156 | int security_capset(struct cred *new, const struct cred *old, | 148 | int security_capset(struct cred *new, const struct cred *old, |
157 | const kernel_cap_t *effective, | 149 | const kernel_cap_t *effective, |
158 | const kernel_cap_t *inheritable, | 150 | const kernel_cap_t *inheritable, |
159 | const kernel_cap_t *permitted) | 151 | const kernel_cap_t *permitted) |
160 | { | 152 | { |
161 | return security_ops->capset(new, old, | 153 | return security_ops->capset(new, old, |
162 | effective, inheritable, permitted); | 154 | effective, inheritable, permitted); |
163 | } | 155 | } |
164 | 156 | ||
165 | int security_capable(int cap) | 157 | int security_capable(int cap) |
166 | { | 158 | { |
167 | return security_ops->capable(current, current_cred(), cap, | 159 | return security_ops->capable(current, current_cred(), cap, |
168 | SECURITY_CAP_AUDIT); | 160 | SECURITY_CAP_AUDIT); |
169 | } | 161 | } |
170 | 162 | ||
171 | int security_real_capable(struct task_struct *tsk, int cap) | 163 | int security_real_capable(struct task_struct *tsk, int cap) |
172 | { | 164 | { |
173 | const struct cred *cred; | 165 | const struct cred *cred; |
174 | int ret; | 166 | int ret; |
175 | 167 | ||
176 | cred = get_task_cred(tsk); | 168 | cred = get_task_cred(tsk); |
177 | ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_AUDIT); | 169 | ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_AUDIT); |
178 | put_cred(cred); | 170 | put_cred(cred); |
179 | return ret; | 171 | return ret; |
180 | } | 172 | } |
181 | 173 | ||
182 | int security_real_capable_noaudit(struct task_struct *tsk, int cap) | 174 | int security_real_capable_noaudit(struct task_struct *tsk, int cap) |
183 | { | 175 | { |
184 | const struct cred *cred; | 176 | const struct cred *cred; |
185 | int ret; | 177 | int ret; |
186 | 178 | ||
187 | cred = get_task_cred(tsk); | 179 | cred = get_task_cred(tsk); |
188 | ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_NOAUDIT); | 180 | ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_NOAUDIT); |
189 | put_cred(cred); | 181 | put_cred(cred); |
190 | return ret; | 182 | return ret; |
191 | } | 183 | } |
192 | 184 | ||
193 | int security_sysctl(struct ctl_table *table, int op) | 185 | int security_sysctl(struct ctl_table *table, int op) |
194 | { | 186 | { |
195 | return security_ops->sysctl(table, op); | 187 | return security_ops->sysctl(table, op); |
196 | } | 188 | } |
197 | 189 | ||
198 | int security_quotactl(int cmds, int type, int id, struct super_block *sb) | 190 | int security_quotactl(int cmds, int type, int id, struct super_block *sb) |
199 | { | 191 | { |
200 | return security_ops->quotactl(cmds, type, id, sb); | 192 | return security_ops->quotactl(cmds, type, id, sb); |
201 | } | 193 | } |
202 | 194 | ||
203 | int security_quota_on(struct dentry *dentry) | 195 | int security_quota_on(struct dentry *dentry) |
204 | { | 196 | { |
205 | return security_ops->quota_on(dentry); | 197 | return security_ops->quota_on(dentry); |
206 | } | 198 | } |
207 | 199 | ||
208 | int security_syslog(int type, bool from_file) | 200 | int security_syslog(int type, bool from_file) |
209 | { | 201 | { |
210 | return security_ops->syslog(type, from_file); | 202 | return security_ops->syslog(type, from_file); |
211 | } | 203 | } |
212 | 204 | ||
213 | int security_settime(struct timespec *ts, struct timezone *tz) | 205 | int security_settime(struct timespec *ts, struct timezone *tz) |
214 | { | 206 | { |
215 | return security_ops->settime(ts, tz); | 207 | return security_ops->settime(ts, tz); |
216 | } | 208 | } |
217 | 209 | ||
218 | int security_vm_enough_memory(long pages) | 210 | int security_vm_enough_memory(long pages) |
219 | { | 211 | { |
220 | WARN_ON(current->mm == NULL); | 212 | WARN_ON(current->mm == NULL); |
221 | return security_ops->vm_enough_memory(current->mm, pages); | 213 | return security_ops->vm_enough_memory(current->mm, pages); |
222 | } | 214 | } |
223 | 215 | ||
224 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) | 216 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) |
225 | { | 217 | { |
226 | WARN_ON(mm == NULL); | 218 | WARN_ON(mm == NULL); |
227 | return security_ops->vm_enough_memory(mm, pages); | 219 | return security_ops->vm_enough_memory(mm, pages); |
228 | } | 220 | } |
229 | 221 | ||
230 | int security_vm_enough_memory_kern(long pages) | 222 | int security_vm_enough_memory_kern(long pages) |
231 | { | 223 | { |
232 | /* If current->mm is a kernel thread then we will pass NULL, | 224 | /* If current->mm is a kernel thread then we will pass NULL, |
233 | for this specific case that is fine */ | 225 | for this specific case that is fine */ |
234 | return security_ops->vm_enough_memory(current->mm, pages); | 226 | return security_ops->vm_enough_memory(current->mm, pages); |
235 | } | 227 | } |
236 | 228 | ||
237 | int security_bprm_set_creds(struct linux_binprm *bprm) | 229 | int security_bprm_set_creds(struct linux_binprm *bprm) |
238 | { | 230 | { |
239 | return security_ops->bprm_set_creds(bprm); | 231 | return security_ops->bprm_set_creds(bprm); |
240 | } | 232 | } |
241 | 233 | ||
242 | int security_bprm_check(struct linux_binprm *bprm) | 234 | int security_bprm_check(struct linux_binprm *bprm) |
243 | { | 235 | { |
244 | int ret; | 236 | int ret; |
245 | 237 | ||
246 | ret = security_ops->bprm_check_security(bprm); | 238 | ret = security_ops->bprm_check_security(bprm); |
247 | if (ret) | 239 | if (ret) |
248 | return ret; | 240 | return ret; |
249 | return ima_bprm_check(bprm); | 241 | return ima_bprm_check(bprm); |
250 | } | 242 | } |
251 | 243 | ||
252 | void security_bprm_committing_creds(struct linux_binprm *bprm) | 244 | void security_bprm_committing_creds(struct linux_binprm *bprm) |
253 | { | 245 | { |
254 | security_ops->bprm_committing_creds(bprm); | 246 | security_ops->bprm_committing_creds(bprm); |
255 | } | 247 | } |
256 | 248 | ||
257 | void security_bprm_committed_creds(struct linux_binprm *bprm) | 249 | void security_bprm_committed_creds(struct linux_binprm *bprm) |
258 | { | 250 | { |
259 | security_ops->bprm_committed_creds(bprm); | 251 | security_ops->bprm_committed_creds(bprm); |
260 | } | 252 | } |
261 | 253 | ||
262 | int security_bprm_secureexec(struct linux_binprm *bprm) | 254 | int security_bprm_secureexec(struct linux_binprm *bprm) |
263 | { | 255 | { |
264 | return security_ops->bprm_secureexec(bprm); | 256 | return security_ops->bprm_secureexec(bprm); |
265 | } | 257 | } |
266 | 258 | ||
267 | int security_sb_alloc(struct super_block *sb) | 259 | int security_sb_alloc(struct super_block *sb) |
268 | { | 260 | { |
269 | return security_ops->sb_alloc_security(sb); | 261 | return security_ops->sb_alloc_security(sb); |
270 | } | 262 | } |
271 | 263 | ||
272 | void security_sb_free(struct super_block *sb) | 264 | void security_sb_free(struct super_block *sb) |
273 | { | 265 | { |
274 | security_ops->sb_free_security(sb); | 266 | security_ops->sb_free_security(sb); |
275 | } | 267 | } |
276 | 268 | ||
277 | int security_sb_copy_data(char *orig, char *copy) | 269 | int security_sb_copy_data(char *orig, char *copy) |
278 | { | 270 | { |
279 | return security_ops->sb_copy_data(orig, copy); | 271 | return security_ops->sb_copy_data(orig, copy); |
280 | } | 272 | } |
281 | EXPORT_SYMBOL(security_sb_copy_data); | 273 | EXPORT_SYMBOL(security_sb_copy_data); |
282 | 274 | ||
283 | int security_sb_kern_mount(struct super_block *sb, int flags, void *data) | 275 | int security_sb_kern_mount(struct super_block *sb, int flags, void *data) |
284 | { | 276 | { |
285 | return security_ops->sb_kern_mount(sb, flags, data); | 277 | return security_ops->sb_kern_mount(sb, flags, data); |
286 | } | 278 | } |
287 | 279 | ||
288 | int security_sb_show_options(struct seq_file *m, struct super_block *sb) | 280 | int security_sb_show_options(struct seq_file *m, struct super_block *sb) |
289 | { | 281 | { |
290 | return security_ops->sb_show_options(m, sb); | 282 | return security_ops->sb_show_options(m, sb); |
291 | } | 283 | } |
292 | 284 | ||
293 | int security_sb_statfs(struct dentry *dentry) | 285 | int security_sb_statfs(struct dentry *dentry) |
294 | { | 286 | { |
295 | return security_ops->sb_statfs(dentry); | 287 | return security_ops->sb_statfs(dentry); |
296 | } | 288 | } |
297 | 289 | ||
298 | int security_sb_mount(char *dev_name, struct path *path, | 290 | int security_sb_mount(char *dev_name, struct path *path, |
299 | char *type, unsigned long flags, void *data) | 291 | char *type, unsigned long flags, void *data) |
300 | { | 292 | { |
301 | return security_ops->sb_mount(dev_name, path, type, flags, data); | 293 | return security_ops->sb_mount(dev_name, path, type, flags, data); |
302 | } | 294 | } |
303 | 295 | ||
304 | int security_sb_umount(struct vfsmount *mnt, int flags) | 296 | int security_sb_umount(struct vfsmount *mnt, int flags) |
305 | { | 297 | { |
306 | return security_ops->sb_umount(mnt, flags); | 298 | return security_ops->sb_umount(mnt, flags); |
307 | } | 299 | } |
308 | 300 | ||
309 | int security_sb_pivotroot(struct path *old_path, struct path *new_path) | 301 | int security_sb_pivotroot(struct path *old_path, struct path *new_path) |
310 | { | 302 | { |
311 | return security_ops->sb_pivotroot(old_path, new_path); | 303 | return security_ops->sb_pivotroot(old_path, new_path); |
312 | } | 304 | } |
313 | 305 | ||
314 | int security_sb_set_mnt_opts(struct super_block *sb, | 306 | int security_sb_set_mnt_opts(struct super_block *sb, |
315 | struct security_mnt_opts *opts) | 307 | struct security_mnt_opts *opts) |
316 | { | 308 | { |
317 | return security_ops->sb_set_mnt_opts(sb, opts); | 309 | return security_ops->sb_set_mnt_opts(sb, opts); |
318 | } | 310 | } |
319 | EXPORT_SYMBOL(security_sb_set_mnt_opts); | 311 | EXPORT_SYMBOL(security_sb_set_mnt_opts); |
320 | 312 | ||
321 | void security_sb_clone_mnt_opts(const struct super_block *oldsb, | 313 | void security_sb_clone_mnt_opts(const struct super_block *oldsb, |
322 | struct super_block *newsb) | 314 | struct super_block *newsb) |
323 | { | 315 | { |
324 | security_ops->sb_clone_mnt_opts(oldsb, newsb); | 316 | security_ops->sb_clone_mnt_opts(oldsb, newsb); |
325 | } | 317 | } |
326 | EXPORT_SYMBOL(security_sb_clone_mnt_opts); | 318 | EXPORT_SYMBOL(security_sb_clone_mnt_opts); |
327 | 319 | ||
328 | int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts) | 320 | int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts) |
329 | { | 321 | { |
330 | return security_ops->sb_parse_opts_str(options, opts); | 322 | return security_ops->sb_parse_opts_str(options, opts); |
331 | } | 323 | } |
332 | EXPORT_SYMBOL(security_sb_parse_opts_str); | 324 | EXPORT_SYMBOL(security_sb_parse_opts_str); |
333 | 325 | ||
334 | int security_inode_alloc(struct inode *inode) | 326 | int security_inode_alloc(struct inode *inode) |
335 | { | 327 | { |
336 | int ret; | 328 | int ret; |
337 | 329 | ||
338 | inode->i_security = NULL; | 330 | inode->i_security = NULL; |
339 | ret = security_ops->inode_alloc_security(inode); | 331 | ret = security_ops->inode_alloc_security(inode); |
340 | if (ret) | 332 | if (ret) |
341 | return ret; | 333 | return ret; |
342 | ret = ima_inode_alloc(inode); | 334 | ret = ima_inode_alloc(inode); |
343 | if (ret) | 335 | if (ret) |
344 | security_inode_free(inode); | 336 | security_inode_free(inode); |
345 | return ret; | 337 | return ret; |
346 | } | 338 | } |
347 | 339 | ||
348 | void security_inode_free(struct inode *inode) | 340 | void security_inode_free(struct inode *inode) |
349 | { | 341 | { |
350 | ima_inode_free(inode); | 342 | ima_inode_free(inode); |
351 | security_ops->inode_free_security(inode); | 343 | security_ops->inode_free_security(inode); |
352 | } | 344 | } |
353 | 345 | ||
354 | int security_inode_init_security(struct inode *inode, struct inode *dir, | 346 | int security_inode_init_security(struct inode *inode, struct inode *dir, |
355 | char **name, void **value, size_t *len) | 347 | char **name, void **value, size_t *len) |
356 | { | 348 | { |
357 | if (unlikely(IS_PRIVATE(inode))) | 349 | if (unlikely(IS_PRIVATE(inode))) |
358 | return -EOPNOTSUPP; | 350 | return -EOPNOTSUPP; |
359 | return security_ops->inode_init_security(inode, dir, name, value, len); | 351 | return security_ops->inode_init_security(inode, dir, name, value, len); |
360 | } | 352 | } |
361 | EXPORT_SYMBOL(security_inode_init_security); | 353 | EXPORT_SYMBOL(security_inode_init_security); |
362 | 354 | ||
363 | #ifdef CONFIG_SECURITY_PATH | 355 | #ifdef CONFIG_SECURITY_PATH |
364 | int security_path_mknod(struct path *dir, struct dentry *dentry, int mode, | 356 | int security_path_mknod(struct path *dir, struct dentry *dentry, int mode, |
365 | unsigned int dev) | 357 | unsigned int dev) |
366 | { | 358 | { |
367 | if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) | 359 | if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) |
368 | return 0; | 360 | return 0; |
369 | return security_ops->path_mknod(dir, dentry, mode, dev); | 361 | return security_ops->path_mknod(dir, dentry, mode, dev); |
370 | } | 362 | } |
371 | EXPORT_SYMBOL(security_path_mknod); | 363 | EXPORT_SYMBOL(security_path_mknod); |
372 | 364 | ||
373 | int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode) | 365 | int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode) |
374 | { | 366 | { |
375 | if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) | 367 | if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) |
376 | return 0; | 368 | return 0; |
377 | return security_ops->path_mkdir(dir, dentry, mode); | 369 | return security_ops->path_mkdir(dir, dentry, mode); |
378 | } | 370 | } |
379 | 371 | ||
380 | int security_path_rmdir(struct path *dir, struct dentry *dentry) | 372 | int security_path_rmdir(struct path *dir, struct dentry *dentry) |
381 | { | 373 | { |
382 | if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) | 374 | if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) |
383 | return 0; | 375 | return 0; |
384 | return security_ops->path_rmdir(dir, dentry); | 376 | return security_ops->path_rmdir(dir, dentry); |
385 | } | 377 | } |
386 | 378 | ||
387 | int security_path_unlink(struct path *dir, struct dentry *dentry) | 379 | int security_path_unlink(struct path *dir, struct dentry *dentry) |
388 | { | 380 | { |
389 | if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) | 381 | if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) |
390 | return 0; | 382 | return 0; |
391 | return security_ops->path_unlink(dir, dentry); | 383 | return security_ops->path_unlink(dir, dentry); |
392 | } | 384 | } |
393 | 385 | ||
394 | int security_path_symlink(struct path *dir, struct dentry *dentry, | 386 | int security_path_symlink(struct path *dir, struct dentry *dentry, |
395 | const char *old_name) | 387 | const char *old_name) |
396 | { | 388 | { |
397 | if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) | 389 | if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) |
398 | return 0; | 390 | return 0; |
399 | return security_ops->path_symlink(dir, dentry, old_name); | 391 | return security_ops->path_symlink(dir, dentry, old_name); |
400 | } | 392 | } |
401 | 393 | ||
402 | int security_path_link(struct dentry *old_dentry, struct path *new_dir, | 394 | int security_path_link(struct dentry *old_dentry, struct path *new_dir, |
403 | struct dentry *new_dentry) | 395 | struct dentry *new_dentry) |
404 | { | 396 | { |
405 | if (unlikely(IS_PRIVATE(old_dentry->d_inode))) | 397 | if (unlikely(IS_PRIVATE(old_dentry->d_inode))) |
406 | return 0; | 398 | return 0; |
407 | return security_ops->path_link(old_dentry, new_dir, new_dentry); | 399 | return security_ops->path_link(old_dentry, new_dir, new_dentry); |
408 | } | 400 | } |
409 | 401 | ||
410 | int security_path_rename(struct path *old_dir, struct dentry *old_dentry, | 402 | int security_path_rename(struct path *old_dir, struct dentry *old_dentry, |
411 | struct path *new_dir, struct dentry *new_dentry) | 403 | struct path *new_dir, struct dentry *new_dentry) |
412 | { | 404 | { |
413 | if (unlikely(IS_PRIVATE(old_dentry->d_inode) || | 405 | if (unlikely(IS_PRIVATE(old_dentry->d_inode) || |
414 | (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode)))) | 406 | (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode)))) |
415 | return 0; | 407 | return 0; |
416 | return security_ops->path_rename(old_dir, old_dentry, new_dir, | 408 | return security_ops->path_rename(old_dir, old_dentry, new_dir, |
417 | new_dentry); | 409 | new_dentry); |
418 | } | 410 | } |
419 | 411 | ||
420 | int security_path_truncate(struct path *path) | 412 | int security_path_truncate(struct path *path) |
421 | { | 413 | { |
422 | if (unlikely(IS_PRIVATE(path->dentry->d_inode))) | 414 | if (unlikely(IS_PRIVATE(path->dentry->d_inode))) |
423 | return 0; | 415 | return 0; |
424 | return security_ops->path_truncate(path); | 416 | return security_ops->path_truncate(path); |
425 | } | 417 | } |
426 | 418 | ||
427 | int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt, | 419 | int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt, |
428 | mode_t mode) | 420 | mode_t mode) |
429 | { | 421 | { |
430 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | 422 | if (unlikely(IS_PRIVATE(dentry->d_inode))) |
431 | return 0; | 423 | return 0; |
432 | return security_ops->path_chmod(dentry, mnt, mode); | 424 | return security_ops->path_chmod(dentry, mnt, mode); |
433 | } | 425 | } |
434 | 426 | ||
435 | int security_path_chown(struct path *path, uid_t uid, gid_t gid) | 427 | int security_path_chown(struct path *path, uid_t uid, gid_t gid) |
436 | { | 428 | { |
437 | if (unlikely(IS_PRIVATE(path->dentry->d_inode))) | 429 | if (unlikely(IS_PRIVATE(path->dentry->d_inode))) |
438 | return 0; | 430 | return 0; |
439 | return security_ops->path_chown(path, uid, gid); | 431 | return security_ops->path_chown(path, uid, gid); |
440 | } | 432 | } |
441 | 433 | ||
442 | int security_path_chroot(struct path *path) | 434 | int security_path_chroot(struct path *path) |
443 | { | 435 | { |
444 | return security_ops->path_chroot(path); | 436 | return security_ops->path_chroot(path); |
445 | } | 437 | } |
446 | #endif | 438 | #endif |
447 | 439 | ||
448 | int security_inode_create(struct inode *dir, struct dentry *dentry, int mode) | 440 | int security_inode_create(struct inode *dir, struct dentry *dentry, int mode) |
449 | { | 441 | { |
450 | if (unlikely(IS_PRIVATE(dir))) | 442 | if (unlikely(IS_PRIVATE(dir))) |
451 | return 0; | 443 | return 0; |
452 | return security_ops->inode_create(dir, dentry, mode); | 444 | return security_ops->inode_create(dir, dentry, mode); |
453 | } | 445 | } |
454 | EXPORT_SYMBOL_GPL(security_inode_create); | 446 | EXPORT_SYMBOL_GPL(security_inode_create); |
455 | 447 | ||
456 | int security_inode_link(struct dentry *old_dentry, struct inode *dir, | 448 | int security_inode_link(struct dentry *old_dentry, struct inode *dir, |
457 | struct dentry *new_dentry) | 449 | struct dentry *new_dentry) |
458 | { | 450 | { |
459 | if (unlikely(IS_PRIVATE(old_dentry->d_inode))) | 451 | if (unlikely(IS_PRIVATE(old_dentry->d_inode))) |
460 | return 0; | 452 | return 0; |
461 | return security_ops->inode_link(old_dentry, dir, new_dentry); | 453 | return security_ops->inode_link(old_dentry, dir, new_dentry); |
462 | } | 454 | } |
463 | 455 | ||
464 | int security_inode_unlink(struct inode *dir, struct dentry *dentry) | 456 | int security_inode_unlink(struct inode *dir, struct dentry *dentry) |
465 | { | 457 | { |
466 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | 458 | if (unlikely(IS_PRIVATE(dentry->d_inode))) |
467 | return 0; | 459 | return 0; |
468 | return security_ops->inode_unlink(dir, dentry); | 460 | return security_ops->inode_unlink(dir, dentry); |
469 | } | 461 | } |
470 | 462 | ||
471 | int security_inode_symlink(struct inode *dir, struct dentry *dentry, | 463 | int security_inode_symlink(struct inode *dir, struct dentry *dentry, |
472 | const char *old_name) | 464 | const char *old_name) |
473 | { | 465 | { |
474 | if (unlikely(IS_PRIVATE(dir))) | 466 | if (unlikely(IS_PRIVATE(dir))) |
475 | return 0; | 467 | return 0; |
476 | return security_ops->inode_symlink(dir, dentry, old_name); | 468 | return security_ops->inode_symlink(dir, dentry, old_name); |
477 | } | 469 | } |
478 | 470 | ||
479 | int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode) | 471 | int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode) |
480 | { | 472 | { |
481 | if (unlikely(IS_PRIVATE(dir))) | 473 | if (unlikely(IS_PRIVATE(dir))) |
482 | return 0; | 474 | return 0; |
483 | return security_ops->inode_mkdir(dir, dentry, mode); | 475 | return security_ops->inode_mkdir(dir, dentry, mode); |
484 | } | 476 | } |
485 | EXPORT_SYMBOL_GPL(security_inode_mkdir); | 477 | EXPORT_SYMBOL_GPL(security_inode_mkdir); |
486 | 478 | ||
487 | int security_inode_rmdir(struct inode *dir, struct dentry *dentry) | 479 | int security_inode_rmdir(struct inode *dir, struct dentry *dentry) |
488 | { | 480 | { |
489 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | 481 | if (unlikely(IS_PRIVATE(dentry->d_inode))) |
490 | return 0; | 482 | return 0; |
491 | return security_ops->inode_rmdir(dir, dentry); | 483 | return security_ops->inode_rmdir(dir, dentry); |
492 | } | 484 | } |
493 | 485 | ||
494 | int security_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) | 486 | int security_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) |
495 | { | 487 | { |
496 | if (unlikely(IS_PRIVATE(dir))) | 488 | if (unlikely(IS_PRIVATE(dir))) |
497 | return 0; | 489 | return 0; |
498 | return security_ops->inode_mknod(dir, dentry, mode, dev); | 490 | return security_ops->inode_mknod(dir, dentry, mode, dev); |
499 | } | 491 | } |
500 | 492 | ||
501 | int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, | 493 | int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, |
502 | struct inode *new_dir, struct dentry *new_dentry) | 494 | struct inode *new_dir, struct dentry *new_dentry) |
503 | { | 495 | { |
504 | if (unlikely(IS_PRIVATE(old_dentry->d_inode) || | 496 | if (unlikely(IS_PRIVATE(old_dentry->d_inode) || |
505 | (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode)))) | 497 | (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode)))) |
506 | return 0; | 498 | return 0; |
507 | return security_ops->inode_rename(old_dir, old_dentry, | 499 | return security_ops->inode_rename(old_dir, old_dentry, |
508 | new_dir, new_dentry); | 500 | new_dir, new_dentry); |
509 | } | 501 | } |
510 | 502 | ||
511 | int security_inode_readlink(struct dentry *dentry) | 503 | int security_inode_readlink(struct dentry *dentry) |
512 | { | 504 | { |
513 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | 505 | if (unlikely(IS_PRIVATE(dentry->d_inode))) |
514 | return 0; | 506 | return 0; |
515 | return security_ops->inode_readlink(dentry); | 507 | return security_ops->inode_readlink(dentry); |
516 | } | 508 | } |
517 | 509 | ||
518 | int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd) | 510 | int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd) |
519 | { | 511 | { |
520 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | 512 | if (unlikely(IS_PRIVATE(dentry->d_inode))) |
521 | return 0; | 513 | return 0; |
522 | return security_ops->inode_follow_link(dentry, nd); | 514 | return security_ops->inode_follow_link(dentry, nd); |
523 | } | 515 | } |
524 | 516 | ||
525 | int security_inode_permission(struct inode *inode, int mask) | 517 | int security_inode_permission(struct inode *inode, int mask) |
526 | { | 518 | { |
527 | if (unlikely(IS_PRIVATE(inode))) | 519 | if (unlikely(IS_PRIVATE(inode))) |
528 | return 0; | 520 | return 0; |
529 | return security_ops->inode_permission(inode, mask); | 521 | return security_ops->inode_permission(inode, mask); |
530 | } | 522 | } |
531 | 523 | ||
532 | int security_inode_setattr(struct dentry *dentry, struct iattr *attr) | 524 | int security_inode_setattr(struct dentry *dentry, struct iattr *attr) |
533 | { | 525 | { |
534 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | 526 | if (unlikely(IS_PRIVATE(dentry->d_inode))) |
535 | return 0; | 527 | return 0; |
536 | return security_ops->inode_setattr(dentry, attr); | 528 | return security_ops->inode_setattr(dentry, attr); |
537 | } | 529 | } |
538 | EXPORT_SYMBOL_GPL(security_inode_setattr); | 530 | EXPORT_SYMBOL_GPL(security_inode_setattr); |
539 | 531 | ||
540 | int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) | 532 | int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) |
541 | { | 533 | { |
542 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | 534 | if (unlikely(IS_PRIVATE(dentry->d_inode))) |
543 | return 0; | 535 | return 0; |
544 | return security_ops->inode_getattr(mnt, dentry); | 536 | return security_ops->inode_getattr(mnt, dentry); |
545 | } | 537 | } |
546 | 538 | ||
547 | int security_inode_setxattr(struct dentry *dentry, const char *name, | 539 | int security_inode_setxattr(struct dentry *dentry, const char *name, |
548 | const void *value, size_t size, int flags) | 540 | const void *value, size_t size, int flags) |
549 | { | 541 | { |
550 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | 542 | if (unlikely(IS_PRIVATE(dentry->d_inode))) |
551 | return 0; | 543 | return 0; |
552 | return security_ops->inode_setxattr(dentry, name, value, size, flags); | 544 | return security_ops->inode_setxattr(dentry, name, value, size, flags); |
553 | } | 545 | } |
554 | 546 | ||
555 | void security_inode_post_setxattr(struct dentry *dentry, const char *name, | 547 | void security_inode_post_setxattr(struct dentry *dentry, const char *name, |
556 | const void *value, size_t size, int flags) | 548 | const void *value, size_t size, int flags) |
557 | { | 549 | { |
558 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | 550 | if (unlikely(IS_PRIVATE(dentry->d_inode))) |
559 | return; | 551 | return; |
560 | security_ops->inode_post_setxattr(dentry, name, value, size, flags); | 552 | security_ops->inode_post_setxattr(dentry, name, value, size, flags); |
561 | } | 553 | } |
562 | 554 | ||
563 | int security_inode_getxattr(struct dentry *dentry, const char *name) | 555 | int security_inode_getxattr(struct dentry *dentry, const char *name) |
564 | { | 556 | { |
565 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | 557 | if (unlikely(IS_PRIVATE(dentry->d_inode))) |
566 | return 0; | 558 | return 0; |
567 | return security_ops->inode_getxattr(dentry, name); | 559 | return security_ops->inode_getxattr(dentry, name); |
568 | } | 560 | } |
569 | 561 | ||
570 | int security_inode_listxattr(struct dentry *dentry) | 562 | int security_inode_listxattr(struct dentry *dentry) |
571 | { | 563 | { |
572 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | 564 | if (unlikely(IS_PRIVATE(dentry->d_inode))) |
573 | return 0; | 565 | return 0; |
574 | return security_ops->inode_listxattr(dentry); | 566 | return security_ops->inode_listxattr(dentry); |
575 | } | 567 | } |
576 | 568 | ||
577 | int security_inode_removexattr(struct dentry *dentry, const char *name) | 569 | int security_inode_removexattr(struct dentry *dentry, const char *name) |
578 | { | 570 | { |
579 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | 571 | if (unlikely(IS_PRIVATE(dentry->d_inode))) |
580 | return 0; | 572 | return 0; |
581 | return security_ops->inode_removexattr(dentry, name); | 573 | return security_ops->inode_removexattr(dentry, name); |
582 | } | 574 | } |
583 | 575 | ||
584 | int security_inode_need_killpriv(struct dentry *dentry) | 576 | int security_inode_need_killpriv(struct dentry *dentry) |
585 | { | 577 | { |
586 | return security_ops->inode_need_killpriv(dentry); | 578 | return security_ops->inode_need_killpriv(dentry); |
587 | } | 579 | } |
588 | 580 | ||
589 | int security_inode_killpriv(struct dentry *dentry) | 581 | int security_inode_killpriv(struct dentry *dentry) |
590 | { | 582 | { |
591 | return security_ops->inode_killpriv(dentry); | 583 | return security_ops->inode_killpriv(dentry); |
592 | } | 584 | } |
593 | 585 | ||
594 | int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc) | 586 | int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc) |
595 | { | 587 | { |
596 | if (unlikely(IS_PRIVATE(inode))) | 588 | if (unlikely(IS_PRIVATE(inode))) |
597 | return -EOPNOTSUPP; | 589 | return -EOPNOTSUPP; |
598 | return security_ops->inode_getsecurity(inode, name, buffer, alloc); | 590 | return security_ops->inode_getsecurity(inode, name, buffer, alloc); |
599 | } | 591 | } |
600 | 592 | ||
601 | int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) | 593 | int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) |
602 | { | 594 | { |
603 | if (unlikely(IS_PRIVATE(inode))) | 595 | if (unlikely(IS_PRIVATE(inode))) |
604 | return -EOPNOTSUPP; | 596 | return -EOPNOTSUPP; |
605 | return security_ops->inode_setsecurity(inode, name, value, size, flags); | 597 | return security_ops->inode_setsecurity(inode, name, value, size, flags); |
606 | } | 598 | } |
607 | 599 | ||
608 | int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) | 600 | int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) |
609 | { | 601 | { |
610 | if (unlikely(IS_PRIVATE(inode))) | 602 | if (unlikely(IS_PRIVATE(inode))) |
611 | return 0; | 603 | return 0; |
612 | return security_ops->inode_listsecurity(inode, buffer, buffer_size); | 604 | return security_ops->inode_listsecurity(inode, buffer, buffer_size); |
613 | } | 605 | } |
614 | 606 | ||
615 | void security_inode_getsecid(const struct inode *inode, u32 *secid) | 607 | void security_inode_getsecid(const struct inode *inode, u32 *secid) |
616 | { | 608 | { |
617 | security_ops->inode_getsecid(inode, secid); | 609 | security_ops->inode_getsecid(inode, secid); |
618 | } | 610 | } |
619 | 611 | ||
620 | int security_file_permission(struct file *file, int mask) | 612 | int security_file_permission(struct file *file, int mask) |
621 | { | 613 | { |
622 | int ret; | 614 | int ret; |
623 | 615 | ||
624 | ret = security_ops->file_permission(file, mask); | 616 | ret = security_ops->file_permission(file, mask); |
625 | if (ret) | 617 | if (ret) |
626 | return ret; | 618 | return ret; |
627 | 619 | ||
628 | return fsnotify_perm(file, mask); | 620 | return fsnotify_perm(file, mask); |
629 | } | 621 | } |
630 | 622 | ||
631 | int security_file_alloc(struct file *file) | 623 | int security_file_alloc(struct file *file) |
632 | { | 624 | { |
633 | return security_ops->file_alloc_security(file); | 625 | return security_ops->file_alloc_security(file); |
634 | } | 626 | } |
635 | 627 | ||
636 | void security_file_free(struct file *file) | 628 | void security_file_free(struct file *file) |
637 | { | 629 | { |
638 | security_ops->file_free_security(file); | 630 | security_ops->file_free_security(file); |
639 | } | 631 | } |
640 | 632 | ||
641 | int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) | 633 | int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) |
642 | { | 634 | { |
643 | return security_ops->file_ioctl(file, cmd, arg); | 635 | return security_ops->file_ioctl(file, cmd, arg); |
644 | } | 636 | } |
645 | 637 | ||
646 | int security_file_mmap(struct file *file, unsigned long reqprot, | 638 | int security_file_mmap(struct file *file, unsigned long reqprot, |
647 | unsigned long prot, unsigned long flags, | 639 | unsigned long prot, unsigned long flags, |
648 | unsigned long addr, unsigned long addr_only) | 640 | unsigned long addr, unsigned long addr_only) |
649 | { | 641 | { |
650 | int ret; | 642 | int ret; |
651 | 643 | ||
652 | ret = security_ops->file_mmap(file, reqprot, prot, flags, addr, addr_only); | 644 | ret = security_ops->file_mmap(file, reqprot, prot, flags, addr, addr_only); |
653 | if (ret) | 645 | if (ret) |
654 | return ret; | 646 | return ret; |
655 | return ima_file_mmap(file, prot); | 647 | return ima_file_mmap(file, prot); |
656 | } | 648 | } |
657 | 649 | ||
658 | int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, | 650 | int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, |
659 | unsigned long prot) | 651 | unsigned long prot) |
660 | { | 652 | { |
661 | return security_ops->file_mprotect(vma, reqprot, prot); | 653 | return security_ops->file_mprotect(vma, reqprot, prot); |
662 | } | 654 | } |
663 | 655 | ||
664 | int security_file_lock(struct file *file, unsigned int cmd) | 656 | int security_file_lock(struct file *file, unsigned int cmd) |
665 | { | 657 | { |
666 | return security_ops->file_lock(file, cmd); | 658 | return security_ops->file_lock(file, cmd); |
667 | } | 659 | } |
668 | 660 | ||
669 | int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg) | 661 | int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg) |
670 | { | 662 | { |
671 | return security_ops->file_fcntl(file, cmd, arg); | 663 | return security_ops->file_fcntl(file, cmd, arg); |
672 | } | 664 | } |
673 | 665 | ||
674 | int security_file_set_fowner(struct file *file) | 666 | int security_file_set_fowner(struct file *file) |
675 | { | 667 | { |
676 | return security_ops->file_set_fowner(file); | 668 | return security_ops->file_set_fowner(file); |
677 | } | 669 | } |
678 | 670 | ||
679 | int security_file_send_sigiotask(struct task_struct *tsk, | 671 | int security_file_send_sigiotask(struct task_struct *tsk, |
680 | struct fown_struct *fown, int sig) | 672 | struct fown_struct *fown, int sig) |
681 | { | 673 | { |
682 | return security_ops->file_send_sigiotask(tsk, fown, sig); | 674 | return security_ops->file_send_sigiotask(tsk, fown, sig); |
683 | } | 675 | } |
684 | 676 | ||
685 | int security_file_receive(struct file *file) | 677 | int security_file_receive(struct file *file) |
686 | { | 678 | { |
687 | return security_ops->file_receive(file); | 679 | return security_ops->file_receive(file); |
688 | } | 680 | } |
689 | 681 | ||
690 | int security_dentry_open(struct file *file, const struct cred *cred) | 682 | int security_dentry_open(struct file *file, const struct cred *cred) |
691 | { | 683 | { |
692 | int ret; | 684 | int ret; |
693 | 685 | ||
694 | ret = security_ops->dentry_open(file, cred); | 686 | ret = security_ops->dentry_open(file, cred); |
695 | if (ret) | 687 | if (ret) |
696 | return ret; | 688 | return ret; |
697 | 689 | ||
698 | return fsnotify_perm(file, MAY_OPEN); | 690 | return fsnotify_perm(file, MAY_OPEN); |
699 | } | 691 | } |
700 | 692 | ||
701 | int security_task_create(unsigned long clone_flags) | 693 | int security_task_create(unsigned long clone_flags) |
702 | { | 694 | { |
703 | return security_ops->task_create(clone_flags); | 695 | return security_ops->task_create(clone_flags); |
704 | } | 696 | } |
705 | 697 | ||
706 | int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) | 698 | int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) |
707 | { | 699 | { |
708 | return security_ops->cred_alloc_blank(cred, gfp); | 700 | return security_ops->cred_alloc_blank(cred, gfp); |
709 | } | 701 | } |
710 | 702 | ||
711 | void security_cred_free(struct cred *cred) | 703 | void security_cred_free(struct cred *cred) |
712 | { | 704 | { |
713 | security_ops->cred_free(cred); | 705 | security_ops->cred_free(cred); |
714 | } | 706 | } |
715 | 707 | ||
716 | int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp) | 708 | int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp) |
717 | { | 709 | { |
718 | return security_ops->cred_prepare(new, old, gfp); | 710 | return security_ops->cred_prepare(new, old, gfp); |
719 | } | 711 | } |
720 | 712 | ||
721 | void security_transfer_creds(struct cred *new, const struct cred *old) | 713 | void security_transfer_creds(struct cred *new, const struct cred *old) |
722 | { | 714 | { |
723 | security_ops->cred_transfer(new, old); | 715 | security_ops->cred_transfer(new, old); |
724 | } | 716 | } |
725 | 717 | ||
726 | int security_kernel_act_as(struct cred *new, u32 secid) | 718 | int security_kernel_act_as(struct cred *new, u32 secid) |
727 | { | 719 | { |
728 | return security_ops->kernel_act_as(new, secid); | 720 | return security_ops->kernel_act_as(new, secid); |
729 | } | 721 | } |
730 | 722 | ||
731 | int security_kernel_create_files_as(struct cred *new, struct inode *inode) | 723 | int security_kernel_create_files_as(struct cred *new, struct inode *inode) |
732 | { | 724 | { |
733 | return security_ops->kernel_create_files_as(new, inode); | 725 | return security_ops->kernel_create_files_as(new, inode); |
734 | } | 726 | } |
735 | 727 | ||
736 | int security_kernel_module_request(char *kmod_name) | 728 | int security_kernel_module_request(char *kmod_name) |
737 | { | 729 | { |
738 | return security_ops->kernel_module_request(kmod_name); | 730 | return security_ops->kernel_module_request(kmod_name); |
739 | } | 731 | } |
740 | 732 | ||
741 | int security_task_fix_setuid(struct cred *new, const struct cred *old, | 733 | int security_task_fix_setuid(struct cred *new, const struct cred *old, |
742 | int flags) | 734 | int flags) |
743 | { | 735 | { |
744 | return security_ops->task_fix_setuid(new, old, flags); | 736 | return security_ops->task_fix_setuid(new, old, flags); |
745 | } | 737 | } |
746 | 738 | ||
747 | int security_task_setpgid(struct task_struct *p, pid_t pgid) | 739 | int security_task_setpgid(struct task_struct *p, pid_t pgid) |
748 | { | 740 | { |
749 | return security_ops->task_setpgid(p, pgid); | 741 | return security_ops->task_setpgid(p, pgid); |
750 | } | 742 | } |
751 | 743 | ||
752 | int security_task_getpgid(struct task_struct *p) | 744 | int security_task_getpgid(struct task_struct *p) |
753 | { | 745 | { |
754 | return security_ops->task_getpgid(p); | 746 | return security_ops->task_getpgid(p); |
755 | } | 747 | } |
756 | 748 | ||
757 | int security_task_getsid(struct task_struct *p) | 749 | int security_task_getsid(struct task_struct *p) |
758 | { | 750 | { |
759 | return security_ops->task_getsid(p); | 751 | return security_ops->task_getsid(p); |
760 | } | 752 | } |
761 | 753 | ||
762 | void security_task_getsecid(struct task_struct *p, u32 *secid) | 754 | void security_task_getsecid(struct task_struct *p, u32 *secid) |
763 | { | 755 | { |
764 | security_ops->task_getsecid(p, secid); | 756 | security_ops->task_getsecid(p, secid); |
765 | } | 757 | } |
766 | EXPORT_SYMBOL(security_task_getsecid); | 758 | EXPORT_SYMBOL(security_task_getsecid); |
767 | 759 | ||
768 | int security_task_setnice(struct task_struct *p, int nice) | 760 | int security_task_setnice(struct task_struct *p, int nice) |
769 | { | 761 | { |
770 | return security_ops->task_setnice(p, nice); | 762 | return security_ops->task_setnice(p, nice); |
771 | } | 763 | } |
772 | 764 | ||
773 | int security_task_setioprio(struct task_struct *p, int ioprio) | 765 | int security_task_setioprio(struct task_struct *p, int ioprio) |
774 | { | 766 | { |
775 | return security_ops->task_setioprio(p, ioprio); | 767 | return security_ops->task_setioprio(p, ioprio); |
776 | } | 768 | } |
777 | 769 | ||
778 | int security_task_getioprio(struct task_struct *p) | 770 | int security_task_getioprio(struct task_struct *p) |
779 | { | 771 | { |
780 | return security_ops->task_getioprio(p); | 772 | return security_ops->task_getioprio(p); |
781 | } | 773 | } |
782 | 774 | ||
783 | int security_task_setrlimit(struct task_struct *p, unsigned int resource, | 775 | int security_task_setrlimit(struct task_struct *p, unsigned int resource, |
784 | struct rlimit *new_rlim) | 776 | struct rlimit *new_rlim) |
785 | { | 777 | { |
786 | return security_ops->task_setrlimit(p, resource, new_rlim); | 778 | return security_ops->task_setrlimit(p, resource, new_rlim); |
787 | } | 779 | } |
788 | 780 | ||
789 | int security_task_setscheduler(struct task_struct *p, | 781 | int security_task_setscheduler(struct task_struct *p, |
790 | int policy, struct sched_param *lp) | 782 | int policy, struct sched_param *lp) |
791 | { | 783 | { |
792 | return security_ops->task_setscheduler(p, policy, lp); | 784 | return security_ops->task_setscheduler(p, policy, lp); |
793 | } | 785 | } |
794 | 786 | ||
795 | int security_task_getscheduler(struct task_struct *p) | 787 | int security_task_getscheduler(struct task_struct *p) |
796 | { | 788 | { |
797 | return security_ops->task_getscheduler(p); | 789 | return security_ops->task_getscheduler(p); |
798 | } | 790 | } |
799 | 791 | ||
800 | int security_task_movememory(struct task_struct *p) | 792 | int security_task_movememory(struct task_struct *p) |
801 | { | 793 | { |
802 | return security_ops->task_movememory(p); | 794 | return security_ops->task_movememory(p); |
803 | } | 795 | } |
804 | 796 | ||
805 | int security_task_kill(struct task_struct *p, struct siginfo *info, | 797 | int security_task_kill(struct task_struct *p, struct siginfo *info, |
806 | int sig, u32 secid) | 798 | int sig, u32 secid) |
807 | { | 799 | { |
808 | return security_ops->task_kill(p, info, sig, secid); | 800 | return security_ops->task_kill(p, info, sig, secid); |
809 | } | 801 | } |
810 | 802 | ||
811 | int security_task_wait(struct task_struct *p) | 803 | int security_task_wait(struct task_struct *p) |
812 | { | 804 | { |
813 | return security_ops->task_wait(p); | 805 | return security_ops->task_wait(p); |
814 | } | 806 | } |
815 | 807 | ||
816 | int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, | 808 | int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, |
817 | unsigned long arg4, unsigned long arg5) | 809 | unsigned long arg4, unsigned long arg5) |
818 | { | 810 | { |
819 | return security_ops->task_prctl(option, arg2, arg3, arg4, arg5); | 811 | return security_ops->task_prctl(option, arg2, arg3, arg4, arg5); |
820 | } | 812 | } |
821 | 813 | ||
822 | void security_task_to_inode(struct task_struct *p, struct inode *inode) | 814 | void security_task_to_inode(struct task_struct *p, struct inode *inode) |
823 | { | 815 | { |
824 | security_ops->task_to_inode(p, inode); | 816 | security_ops->task_to_inode(p, inode); |
825 | } | 817 | } |
826 | 818 | ||
827 | int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag) | 819 | int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag) |
828 | { | 820 | { |
829 | return security_ops->ipc_permission(ipcp, flag); | 821 | return security_ops->ipc_permission(ipcp, flag); |
830 | } | 822 | } |
831 | 823 | ||
832 | void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) | 824 | void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) |
833 | { | 825 | { |
834 | security_ops->ipc_getsecid(ipcp, secid); | 826 | security_ops->ipc_getsecid(ipcp, secid); |
835 | } | 827 | } |
836 | 828 | ||
837 | int security_msg_msg_alloc(struct msg_msg *msg) | 829 | int security_msg_msg_alloc(struct msg_msg *msg) |
838 | { | 830 | { |
839 | return security_ops->msg_msg_alloc_security(msg); | 831 | return security_ops->msg_msg_alloc_security(msg); |
840 | } | 832 | } |
841 | 833 | ||
842 | void security_msg_msg_free(struct msg_msg *msg) | 834 | void security_msg_msg_free(struct msg_msg *msg) |
843 | { | 835 | { |
844 | security_ops->msg_msg_free_security(msg); | 836 | security_ops->msg_msg_free_security(msg); |
845 | } | 837 | } |
846 | 838 | ||
847 | int security_msg_queue_alloc(struct msg_queue *msq) | 839 | int security_msg_queue_alloc(struct msg_queue *msq) |
848 | { | 840 | { |
849 | return security_ops->msg_queue_alloc_security(msq); | 841 | return security_ops->msg_queue_alloc_security(msq); |
850 | } | 842 | } |
851 | 843 | ||
852 | void security_msg_queue_free(struct msg_queue *msq) | 844 | void security_msg_queue_free(struct msg_queue *msq) |
853 | { | 845 | { |
854 | security_ops->msg_queue_free_security(msq); | 846 | security_ops->msg_queue_free_security(msq); |
855 | } | 847 | } |
856 | 848 | ||
857 | int security_msg_queue_associate(struct msg_queue *msq, int msqflg) | 849 | int security_msg_queue_associate(struct msg_queue *msq, int msqflg) |
858 | { | 850 | { |
859 | return security_ops->msg_queue_associate(msq, msqflg); | 851 | return security_ops->msg_queue_associate(msq, msqflg); |
860 | } | 852 | } |
861 | 853 | ||
862 | int security_msg_queue_msgctl(struct msg_queue *msq, int cmd) | 854 | int security_msg_queue_msgctl(struct msg_queue *msq, int cmd) |
863 | { | 855 | { |
864 | return security_ops->msg_queue_msgctl(msq, cmd); | 856 | return security_ops->msg_queue_msgctl(msq, cmd); |
865 | } | 857 | } |
866 | 858 | ||
867 | int security_msg_queue_msgsnd(struct msg_queue *msq, | 859 | int security_msg_queue_msgsnd(struct msg_queue *msq, |
868 | struct msg_msg *msg, int msqflg) | 860 | struct msg_msg *msg, int msqflg) |
869 | { | 861 | { |
870 | return security_ops->msg_queue_msgsnd(msq, msg, msqflg); | 862 | return security_ops->msg_queue_msgsnd(msq, msg, msqflg); |
871 | } | 863 | } |
872 | 864 | ||
873 | int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, | 865 | int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, |
874 | struct task_struct *target, long type, int mode) | 866 | struct task_struct *target, long type, int mode) |
875 | { | 867 | { |
876 | return security_ops->msg_queue_msgrcv(msq, msg, target, type, mode); | 868 | return security_ops->msg_queue_msgrcv(msq, msg, target, type, mode); |
877 | } | 869 | } |
878 | 870 | ||
879 | int security_shm_alloc(struct shmid_kernel *shp) | 871 | int security_shm_alloc(struct shmid_kernel *shp) |
880 | { | 872 | { |
881 | return security_ops->shm_alloc_security(shp); | 873 | return security_ops->shm_alloc_security(shp); |
882 | } | 874 | } |
883 | 875 | ||
884 | void security_shm_free(struct shmid_kernel *shp) | 876 | void security_shm_free(struct shmid_kernel *shp) |
885 | { | 877 | { |
886 | security_ops->shm_free_security(shp); | 878 | security_ops->shm_free_security(shp); |
887 | } | 879 | } |
888 | 880 | ||
889 | int security_shm_associate(struct shmid_kernel *shp, int shmflg) | 881 | int security_shm_associate(struct shmid_kernel *shp, int shmflg) |
890 | { | 882 | { |
891 | return security_ops->shm_associate(shp, shmflg); | 883 | return security_ops->shm_associate(shp, shmflg); |
892 | } | 884 | } |
893 | 885 | ||
894 | int security_shm_shmctl(struct shmid_kernel *shp, int cmd) | 886 | int security_shm_shmctl(struct shmid_kernel *shp, int cmd) |
895 | { | 887 | { |
896 | return security_ops->shm_shmctl(shp, cmd); | 888 | return security_ops->shm_shmctl(shp, cmd); |
897 | } | 889 | } |
898 | 890 | ||
899 | int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg) | 891 | int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg) |
900 | { | 892 | { |
901 | return security_ops->shm_shmat(shp, shmaddr, shmflg); | 893 | return security_ops->shm_shmat(shp, shmaddr, shmflg); |
902 | } | 894 | } |
903 | 895 | ||
904 | int security_sem_alloc(struct sem_array *sma) | 896 | int security_sem_alloc(struct sem_array *sma) |
905 | { | 897 | { |
906 | return security_ops->sem_alloc_security(sma); | 898 | return security_ops->sem_alloc_security(sma); |
907 | } | 899 | } |
908 | 900 | ||
909 | void security_sem_free(struct sem_array *sma) | 901 | void security_sem_free(struct sem_array *sma) |
910 | { | 902 | { |
911 | security_ops->sem_free_security(sma); | 903 | security_ops->sem_free_security(sma); |
912 | } | 904 | } |
913 | 905 | ||
914 | int security_sem_associate(struct sem_array *sma, int semflg) | 906 | int security_sem_associate(struct sem_array *sma, int semflg) |
915 | { | 907 | { |
916 | return security_ops->sem_associate(sma, semflg); | 908 | return security_ops->sem_associate(sma, semflg); |
917 | } | 909 | } |
918 | 910 | ||
919 | int security_sem_semctl(struct sem_array *sma, int cmd) | 911 | int security_sem_semctl(struct sem_array *sma, int cmd) |
920 | { | 912 | { |
921 | return security_ops->sem_semctl(sma, cmd); | 913 | return security_ops->sem_semctl(sma, cmd); |
922 | } | 914 | } |
923 | 915 | ||
924 | int security_sem_semop(struct sem_array *sma, struct sembuf *sops, | 916 | int security_sem_semop(struct sem_array *sma, struct sembuf *sops, |
925 | unsigned nsops, int alter) | 917 | unsigned nsops, int alter) |
926 | { | 918 | { |
927 | return security_ops->sem_semop(sma, sops, nsops, alter); | 919 | return security_ops->sem_semop(sma, sops, nsops, alter); |
928 | } | 920 | } |
929 | 921 | ||
930 | void security_d_instantiate(struct dentry *dentry, struct inode *inode) | 922 | void security_d_instantiate(struct dentry *dentry, struct inode *inode) |
931 | { | 923 | { |
932 | if (unlikely(inode && IS_PRIVATE(inode))) | 924 | if (unlikely(inode && IS_PRIVATE(inode))) |
933 | return; | 925 | return; |
934 | security_ops->d_instantiate(dentry, inode); | 926 | security_ops->d_instantiate(dentry, inode); |
935 | } | 927 | } |
936 | EXPORT_SYMBOL(security_d_instantiate); | 928 | EXPORT_SYMBOL(security_d_instantiate); |
937 | 929 | ||
938 | int security_getprocattr(struct task_struct *p, char *name, char **value) | 930 | int security_getprocattr(struct task_struct *p, char *name, char **value) |
939 | { | 931 | { |
940 | return security_ops->getprocattr(p, name, value); | 932 | return security_ops->getprocattr(p, name, value); |
941 | } | 933 | } |
942 | 934 | ||
943 | int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size) | 935 | int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size) |
944 | { | 936 | { |
945 | return security_ops->setprocattr(p, name, value, size); | 937 | return security_ops->setprocattr(p, name, value, size); |
946 | } | 938 | } |
947 | 939 | ||
948 | int security_netlink_send(struct sock *sk, struct sk_buff *skb) | 940 | int security_netlink_send(struct sock *sk, struct sk_buff *skb) |
949 | { | 941 | { |
950 | return security_ops->netlink_send(sk, skb); | 942 | return security_ops->netlink_send(sk, skb); |
951 | } | 943 | } |
952 | 944 | ||
953 | int security_netlink_recv(struct sk_buff *skb, int cap) | 945 | int security_netlink_recv(struct sk_buff *skb, int cap) |
954 | { | 946 | { |
955 | return security_ops->netlink_recv(skb, cap); | 947 | return security_ops->netlink_recv(skb, cap); |
956 | } | 948 | } |
957 | EXPORT_SYMBOL(security_netlink_recv); | 949 | EXPORT_SYMBOL(security_netlink_recv); |
958 | 950 | ||
959 | int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) | 951 | int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) |
960 | { | 952 | { |
961 | return security_ops->secid_to_secctx(secid, secdata, seclen); | 953 | return security_ops->secid_to_secctx(secid, secdata, seclen); |
962 | } | 954 | } |
963 | EXPORT_SYMBOL(security_secid_to_secctx); | 955 | EXPORT_SYMBOL(security_secid_to_secctx); |
964 | 956 | ||
965 | int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) | 957 | int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) |
966 | { | 958 | { |
967 | return security_ops->secctx_to_secid(secdata, seclen, secid); | 959 | return security_ops->secctx_to_secid(secdata, seclen, secid); |
968 | } | 960 | } |
969 | EXPORT_SYMBOL(security_secctx_to_secid); | 961 | EXPORT_SYMBOL(security_secctx_to_secid); |
970 | 962 | ||
971 | void security_release_secctx(char *secdata, u32 seclen) | 963 | void security_release_secctx(char *secdata, u32 seclen) |
972 | { | 964 | { |
973 | security_ops->release_secctx(secdata, seclen); | 965 | security_ops->release_secctx(secdata, seclen); |
974 | } | 966 | } |
975 | EXPORT_SYMBOL(security_release_secctx); | 967 | EXPORT_SYMBOL(security_release_secctx); |
976 | 968 | ||
977 | int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) | 969 | int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) |
978 | { | 970 | { |
979 | return security_ops->inode_notifysecctx(inode, ctx, ctxlen); | 971 | return security_ops->inode_notifysecctx(inode, ctx, ctxlen); |
980 | } | 972 | } |
981 | EXPORT_SYMBOL(security_inode_notifysecctx); | 973 | EXPORT_SYMBOL(security_inode_notifysecctx); |
982 | 974 | ||
983 | int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) | 975 | int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) |
984 | { | 976 | { |
985 | return security_ops->inode_setsecctx(dentry, ctx, ctxlen); | 977 | return security_ops->inode_setsecctx(dentry, ctx, ctxlen); |
986 | } | 978 | } |
987 | EXPORT_SYMBOL(security_inode_setsecctx); | 979 | EXPORT_SYMBOL(security_inode_setsecctx); |
988 | 980 | ||
989 | int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) | 981 | int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) |
990 | { | 982 | { |
991 | return security_ops->inode_getsecctx(inode, ctx, ctxlen); | 983 | return security_ops->inode_getsecctx(inode, ctx, ctxlen); |
992 | } | 984 | } |
993 | EXPORT_SYMBOL(security_inode_getsecctx); | 985 | EXPORT_SYMBOL(security_inode_getsecctx); |
994 | 986 | ||
995 | #ifdef CONFIG_SECURITY_NETWORK | 987 | #ifdef CONFIG_SECURITY_NETWORK |
996 | 988 | ||
997 | int security_unix_stream_connect(struct socket *sock, struct socket *other, | 989 | int security_unix_stream_connect(struct socket *sock, struct socket *other, |
998 | struct sock *newsk) | 990 | struct sock *newsk) |
999 | { | 991 | { |
1000 | return security_ops->unix_stream_connect(sock, other, newsk); | 992 | return security_ops->unix_stream_connect(sock, other, newsk); |
1001 | } | 993 | } |
1002 | EXPORT_SYMBOL(security_unix_stream_connect); | 994 | EXPORT_SYMBOL(security_unix_stream_connect); |
1003 | 995 | ||
1004 | int security_unix_may_send(struct socket *sock, struct socket *other) | 996 | int security_unix_may_send(struct socket *sock, struct socket *other) |
1005 | { | 997 | { |
1006 | return security_ops->unix_may_send(sock, other); | 998 | return security_ops->unix_may_send(sock, other); |
1007 | } | 999 | } |
1008 | EXPORT_SYMBOL(security_unix_may_send); | 1000 | EXPORT_SYMBOL(security_unix_may_send); |
1009 | 1001 | ||
1010 | int security_socket_create(int family, int type, int protocol, int kern) | 1002 | int security_socket_create(int family, int type, int protocol, int kern) |
1011 | { | 1003 | { |
1012 | return security_ops->socket_create(family, type, protocol, kern); | 1004 | return security_ops->socket_create(family, type, protocol, kern); |
1013 | } | 1005 | } |
1014 | 1006 | ||
1015 | int security_socket_post_create(struct socket *sock, int family, | 1007 | int security_socket_post_create(struct socket *sock, int family, |
1016 | int type, int protocol, int kern) | 1008 | int type, int protocol, int kern) |
1017 | { | 1009 | { |
1018 | return security_ops->socket_post_create(sock, family, type, | 1010 | return security_ops->socket_post_create(sock, family, type, |
1019 | protocol, kern); | 1011 | protocol, kern); |
1020 | } | 1012 | } |
1021 | 1013 | ||
1022 | int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) | 1014 | int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) |
1023 | { | 1015 | { |
1024 | return security_ops->socket_bind(sock, address, addrlen); | 1016 | return security_ops->socket_bind(sock, address, addrlen); |
1025 | } | 1017 | } |
1026 | 1018 | ||
1027 | int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen) | 1019 | int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen) |
1028 | { | 1020 | { |
1029 | return security_ops->socket_connect(sock, address, addrlen); | 1021 | return security_ops->socket_connect(sock, address, addrlen); |
1030 | } | 1022 | } |
1031 | 1023 | ||
1032 | int security_socket_listen(struct socket *sock, int backlog) | 1024 | int security_socket_listen(struct socket *sock, int backlog) |
1033 | { | 1025 | { |
1034 | return security_ops->socket_listen(sock, backlog); | 1026 | return security_ops->socket_listen(sock, backlog); |
1035 | } | 1027 | } |
1036 | 1028 | ||
1037 | int security_socket_accept(struct socket *sock, struct socket *newsock) | 1029 | int security_socket_accept(struct socket *sock, struct socket *newsock) |
1038 | { | 1030 | { |
1039 | return security_ops->socket_accept(sock, newsock); | 1031 | return security_ops->socket_accept(sock, newsock); |
1040 | } | 1032 | } |
1041 | 1033 | ||
1042 | int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) | 1034 | int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) |
1043 | { | 1035 | { |
1044 | return security_ops->socket_sendmsg(sock, msg, size); | 1036 | return security_ops->socket_sendmsg(sock, msg, size); |
1045 | } | 1037 | } |
1046 | 1038 | ||
1047 | int security_socket_recvmsg(struct socket *sock, struct msghdr *msg, | 1039 | int security_socket_recvmsg(struct socket *sock, struct msghdr *msg, |
1048 | int size, int flags) | 1040 | int size, int flags) |
1049 | { | 1041 | { |
1050 | return security_ops->socket_recvmsg(sock, msg, size, flags); | 1042 | return security_ops->socket_recvmsg(sock, msg, size, flags); |
1051 | } | 1043 | } |
1052 | 1044 | ||
1053 | int security_socket_getsockname(struct socket *sock) | 1045 | int security_socket_getsockname(struct socket *sock) |
1054 | { | 1046 | { |
1055 | return security_ops->socket_getsockname(sock); | 1047 | return security_ops->socket_getsockname(sock); |
1056 | } | 1048 | } |
1057 | 1049 | ||
1058 | int security_socket_getpeername(struct socket *sock) | 1050 | int security_socket_getpeername(struct socket *sock) |
1059 | { | 1051 | { |
1060 | return security_ops->socket_getpeername(sock); | 1052 | return security_ops->socket_getpeername(sock); |
1061 | } | 1053 | } |
1062 | 1054 | ||
1063 | int security_socket_getsockopt(struct socket *sock, int level, int optname) | 1055 | int security_socket_getsockopt(struct socket *sock, int level, int optname) |
1064 | { | 1056 | { |
1065 | return security_ops->socket_getsockopt(sock, level, optname); | 1057 | return security_ops->socket_getsockopt(sock, level, optname); |
1066 | } | 1058 | } |
1067 | 1059 | ||
1068 | int security_socket_setsockopt(struct socket *sock, int level, int optname) | 1060 | int security_socket_setsockopt(struct socket *sock, int level, int optname) |
1069 | { | 1061 | { |
1070 | return security_ops->socket_setsockopt(sock, level, optname); | 1062 | return security_ops->socket_setsockopt(sock, level, optname); |
1071 | } | 1063 | } |
1072 | 1064 | ||
1073 | int security_socket_shutdown(struct socket *sock, int how) | 1065 | int security_socket_shutdown(struct socket *sock, int how) |
1074 | { | 1066 | { |
1075 | return security_ops->socket_shutdown(sock, how); | 1067 | return security_ops->socket_shutdown(sock, how); |
1076 | } | 1068 | } |
1077 | 1069 | ||
1078 | int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) | 1070 | int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) |
1079 | { | 1071 | { |
1080 | return security_ops->socket_sock_rcv_skb(sk, skb); | 1072 | return security_ops->socket_sock_rcv_skb(sk, skb); |
1081 | } | 1073 | } |
1082 | EXPORT_SYMBOL(security_sock_rcv_skb); | 1074 | EXPORT_SYMBOL(security_sock_rcv_skb); |
1083 | 1075 | ||
1084 | int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, | 1076 | int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, |
1085 | int __user *optlen, unsigned len) | 1077 | int __user *optlen, unsigned len) |
1086 | { | 1078 | { |
1087 | return security_ops->socket_getpeersec_stream(sock, optval, optlen, len); | 1079 | return security_ops->socket_getpeersec_stream(sock, optval, optlen, len); |
1088 | } | 1080 | } |
1089 | 1081 | ||
1090 | int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) | 1082 | int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) |
1091 | { | 1083 | { |
1092 | return security_ops->socket_getpeersec_dgram(sock, skb, secid); | 1084 | return security_ops->socket_getpeersec_dgram(sock, skb, secid); |
1093 | } | 1085 | } |
1094 | EXPORT_SYMBOL(security_socket_getpeersec_dgram); | 1086 | EXPORT_SYMBOL(security_socket_getpeersec_dgram); |
1095 | 1087 | ||
1096 | int security_sk_alloc(struct sock *sk, int family, gfp_t priority) | 1088 | int security_sk_alloc(struct sock *sk, int family, gfp_t priority) |
1097 | { | 1089 | { |
1098 | return security_ops->sk_alloc_security(sk, family, priority); | 1090 | return security_ops->sk_alloc_security(sk, family, priority); |
1099 | } | 1091 | } |
1100 | 1092 | ||
1101 | void security_sk_free(struct sock *sk) | 1093 | void security_sk_free(struct sock *sk) |
1102 | { | 1094 | { |
1103 | security_ops->sk_free_security(sk); | 1095 | security_ops->sk_free_security(sk); |
1104 | } | 1096 | } |
1105 | 1097 | ||
1106 | void security_sk_clone(const struct sock *sk, struct sock *newsk) | 1098 | void security_sk_clone(const struct sock *sk, struct sock *newsk) |
1107 | { | 1099 | { |
1108 | security_ops->sk_clone_security(sk, newsk); | 1100 | security_ops->sk_clone_security(sk, newsk); |
1109 | } | 1101 | } |
1110 | 1102 | ||
1111 | void security_sk_classify_flow(struct sock *sk, struct flowi *fl) | 1103 | void security_sk_classify_flow(struct sock *sk, struct flowi *fl) |
1112 | { | 1104 | { |
1113 | security_ops->sk_getsecid(sk, &fl->secid); | 1105 | security_ops->sk_getsecid(sk, &fl->secid); |
1114 | } | 1106 | } |
1115 | EXPORT_SYMBOL(security_sk_classify_flow); | 1107 | EXPORT_SYMBOL(security_sk_classify_flow); |
1116 | 1108 | ||
1117 | void security_req_classify_flow(const struct request_sock *req, struct flowi *fl) | 1109 | void security_req_classify_flow(const struct request_sock *req, struct flowi *fl) |
1118 | { | 1110 | { |
1119 | security_ops->req_classify_flow(req, fl); | 1111 | security_ops->req_classify_flow(req, fl); |
1120 | } | 1112 | } |
1121 | EXPORT_SYMBOL(security_req_classify_flow); | 1113 | EXPORT_SYMBOL(security_req_classify_flow); |
1122 | 1114 | ||
1123 | void security_sock_graft(struct sock *sk, struct socket *parent) | 1115 | void security_sock_graft(struct sock *sk, struct socket *parent) |
1124 | { | 1116 | { |
1125 | security_ops->sock_graft(sk, parent); | 1117 | security_ops->sock_graft(sk, parent); |
1126 | } | 1118 | } |
1127 | EXPORT_SYMBOL(security_sock_graft); | 1119 | EXPORT_SYMBOL(security_sock_graft); |
1128 | 1120 | ||
1129 | int security_inet_conn_request(struct sock *sk, | 1121 | int security_inet_conn_request(struct sock *sk, |
1130 | struct sk_buff *skb, struct request_sock *req) | 1122 | struct sk_buff *skb, struct request_sock *req) |
1131 | { | 1123 | { |
1132 | return security_ops->inet_conn_request(sk, skb, req); | 1124 | return security_ops->inet_conn_request(sk, skb, req); |
1133 | } | 1125 | } |
1134 | EXPORT_SYMBOL(security_inet_conn_request); | 1126 | EXPORT_SYMBOL(security_inet_conn_request); |
1135 | 1127 | ||
1136 | void security_inet_csk_clone(struct sock *newsk, | 1128 | void security_inet_csk_clone(struct sock *newsk, |
1137 | const struct request_sock *req) | 1129 | const struct request_sock *req) |
1138 | { | 1130 | { |
1139 | security_ops->inet_csk_clone(newsk, req); | 1131 | security_ops->inet_csk_clone(newsk, req); |
1140 | } | 1132 | } |
1141 | 1133 | ||
1142 | void security_inet_conn_established(struct sock *sk, | 1134 | void security_inet_conn_established(struct sock *sk, |
1143 | struct sk_buff *skb) | 1135 | struct sk_buff *skb) |
1144 | { | 1136 | { |
1145 | security_ops->inet_conn_established(sk, skb); | 1137 | security_ops->inet_conn_established(sk, skb); |
1146 | } | 1138 | } |
1147 | 1139 | ||
1148 | int security_tun_dev_create(void) | 1140 | int security_tun_dev_create(void) |
1149 | { | 1141 | { |
1150 | return security_ops->tun_dev_create(); | 1142 | return security_ops->tun_dev_create(); |
1151 | } | 1143 | } |
1152 | EXPORT_SYMBOL(security_tun_dev_create); | 1144 | EXPORT_SYMBOL(security_tun_dev_create); |
1153 | 1145 | ||
1154 | void security_tun_dev_post_create(struct sock *sk) | 1146 | void security_tun_dev_post_create(struct sock *sk) |
1155 | { | 1147 | { |
1156 | return security_ops->tun_dev_post_create(sk); | 1148 | return security_ops->tun_dev_post_create(sk); |
1157 | } | 1149 | } |
1158 | EXPORT_SYMBOL(security_tun_dev_post_create); | 1150 | EXPORT_SYMBOL(security_tun_dev_post_create); |
1159 | 1151 | ||
1160 | int security_tun_dev_attach(struct sock *sk) | 1152 | int security_tun_dev_attach(struct sock *sk) |
1161 | { | 1153 | { |
1162 | return security_ops->tun_dev_attach(sk); | 1154 | return security_ops->tun_dev_attach(sk); |
1163 | } | 1155 | } |
1164 | EXPORT_SYMBOL(security_tun_dev_attach); | 1156 | EXPORT_SYMBOL(security_tun_dev_attach); |
1165 | 1157 | ||
1166 | #endif /* CONFIG_SECURITY_NETWORK */ | 1158 | #endif /* CONFIG_SECURITY_NETWORK */ |
1167 | 1159 | ||
1168 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 1160 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
1169 | 1161 | ||
1170 | int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx) | 1162 | int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx) |
1171 | { | 1163 | { |
1172 | return security_ops->xfrm_policy_alloc_security(ctxp, sec_ctx); | 1164 | return security_ops->xfrm_policy_alloc_security(ctxp, sec_ctx); |
1173 | } | 1165 | } |
1174 | EXPORT_SYMBOL(security_xfrm_policy_alloc); | 1166 | EXPORT_SYMBOL(security_xfrm_policy_alloc); |
1175 | 1167 | ||
1176 | int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, | 1168 | int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, |
1177 | struct xfrm_sec_ctx **new_ctxp) | 1169 | struct xfrm_sec_ctx **new_ctxp) |
1178 | { | 1170 | { |
1179 | return security_ops->xfrm_policy_clone_security(old_ctx, new_ctxp); | 1171 | return security_ops->xfrm_policy_clone_security(old_ctx, new_ctxp); |
1180 | } | 1172 | } |
1181 | 1173 | ||
1182 | void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx) | 1174 | void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx) |
1183 | { | 1175 | { |
1184 | security_ops->xfrm_policy_free_security(ctx); | 1176 | security_ops->xfrm_policy_free_security(ctx); |
1185 | } | 1177 | } |
1186 | EXPORT_SYMBOL(security_xfrm_policy_free); | 1178 | EXPORT_SYMBOL(security_xfrm_policy_free); |
1187 | 1179 | ||
1188 | int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) | 1180 | int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) |
1189 | { | 1181 | { |
1190 | return security_ops->xfrm_policy_delete_security(ctx); | 1182 | return security_ops->xfrm_policy_delete_security(ctx); |
1191 | } | 1183 | } |
1192 | 1184 | ||
1193 | int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) | 1185 | int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) |
1194 | { | 1186 | { |
1195 | return security_ops->xfrm_state_alloc_security(x, sec_ctx, 0); | 1187 | return security_ops->xfrm_state_alloc_security(x, sec_ctx, 0); |
1196 | } | 1188 | } |
1197 | EXPORT_SYMBOL(security_xfrm_state_alloc); | 1189 | EXPORT_SYMBOL(security_xfrm_state_alloc); |
1198 | 1190 | ||
1199 | int security_xfrm_state_alloc_acquire(struct xfrm_state *x, | 1191 | int security_xfrm_state_alloc_acquire(struct xfrm_state *x, |
1200 | struct xfrm_sec_ctx *polsec, u32 secid) | 1192 | struct xfrm_sec_ctx *polsec, u32 secid) |
1201 | { | 1193 | { |
1202 | if (!polsec) | 1194 | if (!polsec) |
1203 | return 0; | 1195 | return 0; |
1204 | /* | 1196 | /* |
1205 | * We want the context to be taken from secid which is usually | 1197 | * We want the context to be taken from secid which is usually |
1206 | * from the sock. | 1198 | * from the sock. |
1207 | */ | 1199 | */ |
1208 | return security_ops->xfrm_state_alloc_security(x, NULL, secid); | 1200 | return security_ops->xfrm_state_alloc_security(x, NULL, secid); |
1209 | } | 1201 | } |
1210 | 1202 | ||
1211 | int security_xfrm_state_delete(struct xfrm_state *x) | 1203 | int security_xfrm_state_delete(struct xfrm_state *x) |
1212 | { | 1204 | { |
1213 | return security_ops->xfrm_state_delete_security(x); | 1205 | return security_ops->xfrm_state_delete_security(x); |
1214 | } | 1206 | } |
1215 | EXPORT_SYMBOL(security_xfrm_state_delete); | 1207 | EXPORT_SYMBOL(security_xfrm_state_delete); |
1216 | 1208 | ||
1217 | void security_xfrm_state_free(struct xfrm_state *x) | 1209 | void security_xfrm_state_free(struct xfrm_state *x) |
1218 | { | 1210 | { |
1219 | security_ops->xfrm_state_free_security(x); | 1211 | security_ops->xfrm_state_free_security(x); |
1220 | } | 1212 | } |
1221 | 1213 | ||
1222 | int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) | 1214 | int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) |
1223 | { | 1215 | { |
1224 | return security_ops->xfrm_policy_lookup(ctx, fl_secid, dir); | 1216 | return security_ops->xfrm_policy_lookup(ctx, fl_secid, dir); |
1225 | } | 1217 | } |
1226 | 1218 | ||
1227 | int security_xfrm_state_pol_flow_match(struct xfrm_state *x, | 1219 | int security_xfrm_state_pol_flow_match(struct xfrm_state *x, |
1228 | struct xfrm_policy *xp, struct flowi *fl) | 1220 | struct xfrm_policy *xp, struct flowi *fl) |
1229 | { | 1221 | { |
1230 | return security_ops->xfrm_state_pol_flow_match(x, xp, fl); | 1222 | return security_ops->xfrm_state_pol_flow_match(x, xp, fl); |
1231 | } | 1223 | } |
1232 | 1224 | ||
1233 | int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) | 1225 | int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) |
1234 | { | 1226 | { |
1235 | return security_ops->xfrm_decode_session(skb, secid, 1); | 1227 | return security_ops->xfrm_decode_session(skb, secid, 1); |
1236 | } | 1228 | } |
1237 | 1229 | ||
1238 | void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl) | 1230 | void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl) |
1239 | { | 1231 | { |
1240 | int rc = security_ops->xfrm_decode_session(skb, &fl->secid, 0); | 1232 | int rc = security_ops->xfrm_decode_session(skb, &fl->secid, 0); |
1241 | 1233 | ||
1242 | BUG_ON(rc); | 1234 | BUG_ON(rc); |
1243 | } | 1235 | } |
1244 | EXPORT_SYMBOL(security_skb_classify_flow); | 1236 | EXPORT_SYMBOL(security_skb_classify_flow); |
1245 | 1237 | ||
1246 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ | 1238 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ |
1247 | 1239 | ||
1248 | #ifdef CONFIG_KEYS | 1240 | #ifdef CONFIG_KEYS |
1249 | 1241 | ||
1250 | int security_key_alloc(struct key *key, const struct cred *cred, | 1242 | int security_key_alloc(struct key *key, const struct cred *cred, |
1251 | unsigned long flags) | 1243 | unsigned long flags) |
1252 | { | 1244 | { |
1253 | return security_ops->key_alloc(key, cred, flags); | 1245 | return security_ops->key_alloc(key, cred, flags); |
1254 | } | 1246 | } |
1255 | 1247 | ||
1256 | void security_key_free(struct key *key) | 1248 | void security_key_free(struct key *key) |
1257 | { | 1249 | { |
1258 | security_ops->key_free(key); | 1250 | security_ops->key_free(key); |
1259 | } | 1251 | } |
1260 | 1252 | ||
1261 | int security_key_permission(key_ref_t key_ref, | 1253 | int security_key_permission(key_ref_t key_ref, |
1262 | const struct cred *cred, key_perm_t perm) | 1254 | const struct cred *cred, key_perm_t perm) |
1263 | { | 1255 | { |
1264 | return security_ops->key_permission(key_ref, cred, perm); | 1256 | return security_ops->key_permission(key_ref, cred, perm); |
1265 | } | 1257 | } |
1266 | 1258 | ||
1267 | int security_key_getsecurity(struct key *key, char **_buffer) | 1259 | int security_key_getsecurity(struct key *key, char **_buffer) |
1268 | { | 1260 | { |
1269 | return security_ops->key_getsecurity(key, _buffer); | 1261 | return security_ops->key_getsecurity(key, _buffer); |
1270 | } | 1262 | } |
1271 | 1263 | ||
1272 | #endif /* CONFIG_KEYS */ | 1264 | #endif /* CONFIG_KEYS */ |
1273 | 1265 | ||
1274 | #ifdef CONFIG_AUDIT | 1266 | #ifdef CONFIG_AUDIT |
1275 | 1267 | ||
1276 | int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) | 1268 | int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) |
1277 | { | 1269 | { |
1278 | return security_ops->audit_rule_init(field, op, rulestr, lsmrule); | 1270 | return security_ops->audit_rule_init(field, op, rulestr, lsmrule); |
1279 | } | 1271 | } |
1280 | 1272 | ||
1281 | int security_audit_rule_known(struct audit_krule *krule) | 1273 | int security_audit_rule_known(struct audit_krule *krule) |
1282 | { | 1274 | { |
1283 | return security_ops->audit_rule_known(krule); | 1275 | return security_ops->audit_rule_known(krule); |
1284 | } | 1276 | } |
1285 | 1277 | ||
1286 | void security_audit_rule_free(void *lsmrule) | 1278 | void security_audit_rule_free(void *lsmrule) |
1287 | { | 1279 | { |
1288 | security_ops->audit_rule_free(lsmrule); | 1280 | security_ops->audit_rule_free(lsmrule); |
1289 | } | 1281 | } |
1290 | 1282 | ||
1291 | int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, | 1283 | int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, |
1292 | struct audit_context *actx) | 1284 | struct audit_context *actx) |
1293 | { | 1285 | { |
1294 | return security_ops->audit_rule_match(secid, field, op, lsmrule, actx); | 1286 | return security_ops->audit_rule_match(secid, field, op, lsmrule, actx); |
1295 | } | 1287 | } |
1296 | 1288 | ||
1297 | #endif /* CONFIG_AUDIT */ | 1289 | #endif /* CONFIG_AUDIT */ |
1298 | 1290 |