LSM: Split security.h

The security.h header file serves two purposes, interfaces for users of the security modules and interfaces for security modules. Users of the security modules don't need to know about what's in the security_operations structure, so pull it out into it's own header, lsm_hooks.h Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: John Johansen <john.johansen@canonical.com> Acked-by: Kees Cook <keescook@chromium.org> Acked-by: Paul Moore <paul@paul-moore.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <james.l.morris@oracle.com>
author: Casey Schaufler <casey@schaufler-ca.com> 2015-05-02 18:10:46 -0400
committer: James Morris <james.l.morris@oracle.com> 2015-05-12 01:00:16 -0400
commit: 3c4ed7bdf5997d8020cbb8d4abbef2fcfb9f1284 (patch)
tree: 6137d6577f72d7f15b2693b44a973bc94cad1b6e /include/linux/security.h
parent: b787f68c36d49bb1d9236f403813641efa74a031 (diff)
1 files changed, 0 insertions, 305 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 18264ea9e314..f3d42c636f27 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -116,8 +116,6 @@ struct seq_file;
 extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
-void reset_security_ops(void);
 #ifdef CONFIG_MMU
 extern unsigned long mmap_min_addr;
 extern unsigned long dac_mmap_min_addr;
@@ -1457,312 +1455,9 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 *      @ctxlen points to the place to put the length of @ctx.
 * This is the main security structure.
 */
-struct security_operations {
-        char name[SECURITY_NAME_MAX + 1];
-        int (*binder_set_context_mgr) (struct task_struct *mgr);
-        int (*binder_transaction) (struct task_struct *from,
-                                   struct task_struct *to);
-        int (*binder_transfer_binder) (struct task_struct *from,
-                                       struct task_struct *to);
-        int (*binder_transfer_file) (struct task_struct *from,
-                                     struct task_struct *to, struct file *file);
-        int (*ptrace_access_check) (struct task_struct *child, unsigned int mode);
-        int (*ptrace_traceme) (struct task_struct *parent);
-        int (*capget) (struct task_struct *target,
-                       kernel_cap_t *effective,
-                       kernel_cap_t *inheritable, kernel_cap_t *permitted);
-        int (*capset) (struct cred *new,
-                       const struct cred *old,
-                       const kernel_cap_t *effective,
-                       const kernel_cap_t *inheritable,
-                       const kernel_cap_t *permitted);
-        int (*capable) (const struct cred *cred, struct user_namespace *ns,
-                        int cap, int audit);
-        int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
-        int (*quota_on) (struct dentry *dentry);
-        int (*syslog) (int type);
-        int (*settime) (const struct timespec *ts, const struct timezone *tz);
-        int (*vm_enough_memory) (struct mm_struct *mm, long pages);
-        int (*bprm_set_creds) (struct linux_binprm *bprm);
-        int (*bprm_check_security) (struct linux_binprm *bprm);
-        int (*bprm_secureexec) (struct linux_binprm *bprm);
-        void (*bprm_committing_creds) (struct linux_binprm *bprm);
-        void (*bprm_committed_creds) (struct linux_binprm *bprm);
-        int (*sb_alloc_security) (struct super_block *sb);
-        void (*sb_free_security) (struct super_block *sb);
-        int (*sb_copy_data) (char *orig, char *copy);
-        int (*sb_remount) (struct super_block *sb, void *data);
-        int (*sb_kern_mount) (struct super_block *sb, int flags, void *data);
-        int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
-        int (*sb_statfs) (struct dentry *dentry);
-        int (*sb_mount) (const char *dev_name, struct path *path,
-                         const char *type, unsigned long flags, void *data);
-        int (*sb_umount) (struct vfsmount *mnt, int flags);
-        int (*sb_pivotroot) (struct path *old_path,
-                             struct path *new_path);
-        int (*sb_set_mnt_opts) (struct super_block *sb,
-                                struct security_mnt_opts *opts,
-                                unsigned long kern_flags,
-                                unsigned long *set_kern_flags);
-        int (*sb_clone_mnt_opts) (const struct super_block *oldsb,
-                                   struct super_block *newsb);
-        int (*sb_parse_opts_str) (char *options, struct security_mnt_opts *opts);
-        int (*dentry_init_security) (struct dentry *dentry, int mode,
-                                        struct qstr *name, void **ctx,
-                                        u32 *ctxlen);
-#ifdef CONFIG_SECURITY_PATH
-        int (*path_unlink) (struct path *dir, struct dentry *dentry);
-        int (*path_mkdir) (struct path *dir, struct dentry *dentry, umode_t mode);
-        int (*path_rmdir) (struct path *dir, struct dentry *dentry);
-        int (*path_mknod) (struct path *dir, struct dentry *dentry, umode_t mode,
-                           unsigned int dev);
-        int (*path_truncate) (struct path *path);
-        int (*path_symlink) (struct path *dir, struct dentry *dentry,
-                             const char *old_name);
-        int (*path_link) (struct dentry *old_dentry, struct path *new_dir,
-                          struct dentry *new_dentry);
-        int (*path_rename) (struct path *old_dir, struct dentry *old_dentry,
-                            struct path *new_dir, struct dentry *new_dentry);
-        int (*path_chmod) (struct path *path, umode_t mode);
-        int (*path_chown) (struct path *path, kuid_t uid, kgid_t gid);
-        int (*path_chroot) (struct path *path);
-#endif
-        int (*inode_alloc_security) (struct inode *inode);
-        void (*inode_free_security) (struct inode *inode);
-        int (*inode_init_security) (struct inode *inode, struct inode *dir,
-                                    const struct qstr *qstr, const char **name,
-                                    void **value, size_t *len);
-        int (*inode_create) (struct inode *dir,
-                             struct dentry *dentry, umode_t mode);
-        int (*inode_link) (struct dentry *old_dentry,
-                           struct inode *dir, struct dentry *new_dentry);
-        int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
-        int (*inode_symlink) (struct inode *dir,
-                              struct dentry *dentry, const char *old_name);
-        int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, umode_t mode);
-        int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
-        int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
-                            umode_t mode, dev_t dev);
-        int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
-                             struct inode *new_dir, struct dentry *new_dentry);
-        int (*inode_readlink) (struct dentry *dentry);
-        int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
-        int (*inode_permission) (struct inode *inode, int mask);
-        int (*inode_setattr)    (struct dentry *dentry, struct iattr *attr);
-        int (*inode_getattr) (const struct path *path);
-        int (*inode_setxattr) (struct dentry *dentry, const char *name,
-                               const void *value, size_t size, int flags);
-        void (*inode_post_setxattr) (struct dentry *dentry, const char *name,
-                                     const void *value, size_t size, int flags);
-        int (*inode_getxattr) (struct dentry *dentry, const char *name);
-        int (*inode_listxattr) (struct dentry *dentry);
-        int (*inode_removexattr) (struct dentry *dentry, const char *name);
-        int (*inode_need_killpriv) (struct dentry *dentry);
-        int (*inode_killpriv) (struct dentry *dentry);
-        int (*inode_getsecurity) (const struct inode *inode, const char *name, void **buffer, bool alloc);
-        int (*inode_setsecurity) (struct inode *inode, const char *name, const void *value, size_t size, int flags);
-        int (*inode_listsecurity) (struct inode *inode, char *buffer, size_t buffer_size);
-        void (*inode_getsecid) (const struct inode *inode, u32 *secid);
-        int (*file_permission) (struct file *file, int mask);
-        int (*file_alloc_security) (struct file *file);
-        void (*file_free_security) (struct file *file);
-        int (*file_ioctl) (struct file *file, unsigned int cmd,
-                           unsigned long arg);
-        int (*mmap_addr) (unsigned long addr);
-        int (*mmap_file) (struct file *file,
-                          unsigned long reqprot, unsigned long prot,
-                          unsigned long flags);
-        int (*file_mprotect) (struct vm_area_struct *vma,
-                              unsigned long reqprot,
-                              unsigned long prot);
-        int (*file_lock) (struct file *file, unsigned int cmd);
-        int (*file_fcntl) (struct file *file, unsigned int cmd,
-                           unsigned long arg);
-        void (*file_set_fowner) (struct file *file);
-        int (*file_send_sigiotask) (struct task_struct *tsk,
-                                    struct fown_struct *fown, int sig);
-        int (*file_receive) (struct file *file);
-        int (*file_open) (struct file *file, const struct cred *cred);
-        int (*task_create) (unsigned long clone_flags);
-        void (*task_free) (struct task_struct *task);
-        int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp);
-        void (*cred_free) (struct cred *cred);
-        int (*cred_prepare)(struct cred *new, const struct cred *old,
-                            gfp_t gfp);
-        void (*cred_transfer)(struct cred *new, const struct cred *old);
-        int (*kernel_act_as)(struct cred *new, u32 secid);
-        int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
-        int (*kernel_fw_from_file)(struct file *file, char *buf, size_t size);
-        int (*kernel_module_request)(char *kmod_name);
-        int (*kernel_module_from_file)(struct file *file);
-        int (*task_fix_setuid) (struct cred *new, const struct cred *old,
-                                int flags);
-        int (*task_setpgid) (struct task_struct *p, pid_t pgid);
-        int (*task_getpgid) (struct task_struct *p);
-        int (*task_getsid) (struct task_struct *p);
-        void (*task_getsecid) (struct task_struct *p, u32 *secid);
-        int (*task_setnice) (struct task_struct *p, int nice);
-        int (*task_setioprio) (struct task_struct *p, int ioprio);
-        int (*task_getioprio) (struct task_struct *p);
-        int (*task_setrlimit) (struct task_struct *p, unsigned int resource,
-                        struct rlimit *new_rlim);
-        int (*task_setscheduler) (struct task_struct *p);
-        int (*task_getscheduler) (struct task_struct *p);
-        int (*task_movememory) (struct task_struct *p);
-        int (*task_kill) (struct task_struct *p,
-                          struct siginfo *info, int sig, u32 secid);
-        int (*task_wait) (struct task_struct *p);
-        int (*task_prctl) (int option, unsigned long arg2,
-                           unsigned long arg3, unsigned long arg4,
-                           unsigned long arg5);
-        void (*task_to_inode) (struct task_struct *p, struct inode *inode);
-        int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag);
-        void (*ipc_getsecid) (struct kern_ipc_perm *ipcp, u32 *secid);
-        int (*msg_msg_alloc_security) (struct msg_msg *msg);
-        void (*msg_msg_free_security) (struct msg_msg *msg);
-        int (*msg_queue_alloc_security) (struct msg_queue *msq);
-        void (*msg_queue_free_security) (struct msg_queue *msq);
-        int (*msg_queue_associate) (struct msg_queue *msq, int msqflg);
-        int (*msg_queue_msgctl) (struct msg_queue *msq, int cmd);
-        int (*msg_queue_msgsnd) (struct msg_queue *msq,
-                                 struct msg_msg *msg, int msqflg);
-        int (*msg_queue_msgrcv) (struct msg_queue *msq,
-                                 struct msg_msg *msg,
-                                 struct task_struct *target,
-                                 long type, int mode);
-        int (*shm_alloc_security) (struct shmid_kernel *shp);
-        void (*shm_free_security) (struct shmid_kernel *shp);
-        int (*shm_associate) (struct shmid_kernel *shp, int shmflg);
-        int (*shm_shmctl) (struct shmid_kernel *shp, int cmd);
-        int (*shm_shmat) (struct shmid_kernel *shp,
-                          char __user *shmaddr, int shmflg);
-        int (*sem_alloc_security) (struct sem_array *sma);
-        void (*sem_free_security) (struct sem_array *sma);
-        int (*sem_associate) (struct sem_array *sma, int semflg);
-        int (*sem_semctl) (struct sem_array *sma, int cmd);
-        int (*sem_semop) (struct sem_array *sma,
-                          struct sembuf *sops, unsigned nsops, int alter);
-        int (*netlink_send) (struct sock *sk, struct sk_buff *skb);
-        void (*d_instantiate) (struct dentry *dentry, struct inode *inode);
-        int (*getprocattr) (struct task_struct *p, char *name, char **value);
-        int (*setprocattr) (struct task_struct *p, char *name, void *value, size_t size);
-        int (*ismaclabel) (const char *name);
-        int (*secid_to_secctx) (u32 secid, char **secdata, u32 *seclen);
-        int (*secctx_to_secid) (const char *secdata, u32 seclen, u32 *secid);
-        void (*release_secctx) (char *secdata, u32 seclen);
-        int (*inode_notifysecctx)(struct inode *inode, void *ctx, u32 ctxlen);
-        int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen);
-        int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen);
-#ifdef CONFIG_SECURITY_NETWORK
-        int (*unix_stream_connect) (struct sock *sock, struct sock *other, struct sock *newsk);
-        int (*unix_may_send) (struct socket *sock, struct socket *other);
-        int (*socket_create) (int family, int type, int protocol, int kern);
-        int (*socket_post_create) (struct socket *sock, int family,
-                                   int type, int protocol, int kern);
-        int (*socket_bind) (struct socket *sock,
-                            struct sockaddr *address, int addrlen);
-        int (*socket_connect) (struct socket *sock,
-                               struct sockaddr *address, int addrlen);
-        int (*socket_listen) (struct socket *sock, int backlog);
-        int (*socket_accept) (struct socket *sock, struct socket *newsock);
-        int (*socket_sendmsg) (struct socket *sock,
-                               struct msghdr *msg, int size);
-        int (*socket_recvmsg) (struct socket *sock,
-                               struct msghdr *msg, int size, int flags);
-        int (*socket_getsockname) (struct socket *sock);
-        int (*socket_getpeername) (struct socket *sock);
-        int (*socket_getsockopt) (struct socket *sock, int level, int optname);
-        int (*socket_setsockopt) (struct socket *sock, int level, int optname);
-        int (*socket_shutdown) (struct socket *sock, int how);
-        int (*socket_sock_rcv_skb) (struct sock *sk, struct sk_buff *skb);
-        int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
-        int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
-        int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
-        void (*sk_free_security) (struct sock *sk);
-        void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
-        void (*sk_getsecid) (struct sock *sk, u32 *secid);
-        void (*sock_graft) (struct sock *sk, struct socket *parent);
-        int (*inet_conn_request) (struct sock *sk, struct sk_buff *skb,
-                                  struct request_sock *req);
-        void (*inet_csk_clone) (struct sock *newsk, const struct request_sock *req);
-        void (*inet_conn_established) (struct sock *sk, struct sk_buff *skb);
-        int (*secmark_relabel_packet) (u32 secid);
-        void (*secmark_refcount_inc) (void);
-        void (*secmark_refcount_dec) (void);
-        void (*req_classify_flow) (const struct request_sock *req, struct flowi *fl);
-        int (*tun_dev_alloc_security) (void **security);
-        void (*tun_dev_free_security) (void *security);
-        int (*tun_dev_create) (void);
-        int (*tun_dev_attach_queue) (void *security);
-        int (*tun_dev_attach) (struct sock *sk, void *security);
-        int (*tun_dev_open) (void *security);
-#endif  /* CONFIG_SECURITY_NETWORK */
-#ifdef CONFIG_SECURITY_NETWORK_XFRM
-        int (*xfrm_policy_alloc_security) (struct xfrm_sec_ctx **ctxp,
-                        struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp);
-        int (*xfrm_policy_clone_security) (struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctx);
-        void (*xfrm_policy_free_security) (struct xfrm_sec_ctx *ctx);
-        int (*xfrm_policy_delete_security) (struct xfrm_sec_ctx *ctx);
-        int (*xfrm_state_alloc) (struct xfrm_state *x,
-                                 struct xfrm_user_sec_ctx *sec_ctx);
-        int (*xfrm_state_alloc_acquire) (struct xfrm_state *x,
-                                         struct xfrm_sec_ctx *polsec,
-                                         u32 secid);
-        void (*xfrm_state_free_security) (struct xfrm_state *x);
-        int (*xfrm_state_delete_security) (struct xfrm_state *x);
-        int (*xfrm_policy_lookup) (struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
-        int (*xfrm_state_pol_flow_match) (struct xfrm_state *x,
-                                          struct xfrm_policy *xp,
-                                          const struct flowi *fl);
-        int (*xfrm_decode_session) (struct sk_buff *skb, u32 *secid, int ckall);
-#endif  /* CONFIG_SECURITY_NETWORK_XFRM */
-        /* key management security hooks */
-#ifdef CONFIG_KEYS
-        int (*key_alloc) (struct key *key, const struct cred *cred, unsigned long flags);
-        void (*key_free) (struct key *key);
-        int (*key_permission) (key_ref_t key_ref,
-                               const struct cred *cred,
-                               unsigned perm);
-        int (*key_getsecurity)(struct key *key, char **_buffer);
-#endif  /* CONFIG_KEYS */
-#ifdef CONFIG_AUDIT
-        int (*audit_rule_init) (u32 field, u32 op, char *rulestr, void **lsmrule);
-        int (*audit_rule_known) (struct audit_krule *krule);
-        int (*audit_rule_match) (u32 secid, u32 field, u32 op, void *lsmrule,
-                                 struct audit_context *actx);
-        void (*audit_rule_free) (void *lsmrule);
-#endif /* CONFIG_AUDIT */
-};
 /* prototypes */
 extern int security_init(void);
-extern int security_module_enable(struct security_operations *ops);
-extern int register_security(struct security_operations *ops);
-extern void __init security_fixup_ops(struct security_operations *ops);
 /* Security operations */
 int security_binder_set_context_mgr(struct task_struct *mgr);
author	Casey Schaufler <casey@schaufler-ca.com>	2015-05-02 18:10:46 -0400
committer	James Morris <james.l.morris@oracle.com>	2015-05-12 01:00:16 -0400
commit	3c4ed7bdf5997d8020cbb8d4abbef2fcfb9f1284 (patch)
tree	6137d6577f72d7f15b2693b44a973bc94cad1b6e /include/linux/security.h
parent	b787f68c36d49bb1d9236f403813641efa74a031 (diff)

diff --git a/include/linux/security.h b/include/linux/security.h index 18264ea9e314..f3d42c636f27 100644 --- a/include/linux/security.h +++ b/include/linux/security.h
@@ -116,8 +116,6 @@ struct seq_file;
116		116
117	extern int cap_netlink_send(struct sock sk, struct sk_buff skb);	117	extern int cap_netlink_send(struct sock sk, struct sk_buff skb);
118		118
119	void reset_security_ops(void);
120
121	#ifdef CONFIG_MMU	119	#ifdef CONFIG_MMU
122	extern unsigned long mmap_min_addr;	120	extern unsigned long mmap_min_addr;
123	extern unsigned long dac_mmap_min_addr;	121	extern unsigned long dac_mmap_min_addr;
@@ -1457,312 +1455,9 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1457	* @ctxlen points to the place to put the length of @ctx.	1455	* @ctxlen points to the place to put the length of @ctx.
1458	* This is the main security structure.	1456	* This is the main security structure.
1459	*/	1457	*/
1460	struct security_operations {
1461	char name[SECURITY_NAME_MAX + 1];
1462
1463	int (binder_set_context_mgr) (struct task_struct mgr);
1464	int (binder_transaction) (struct task_struct from,
1465	struct task_struct *to);
1466	int (binder_transfer_binder) (struct task_struct from,
1467	struct task_struct *to);
1468	int (binder_transfer_file) (struct task_struct from,
1469	struct task_struct to, struct file file);
1470
1471	int (ptrace_access_check) (struct task_struct child, unsigned int mode);
1472	int (ptrace_traceme) (struct task_struct parent);
1473	int (capget) (struct task_struct target,
1474	kernel_cap_t *effective,
1475	kernel_cap_t inheritable, kernel_cap_t permitted);
1476	int (capset) (struct cred new,
1477	const struct cred *old,
1478	const kernel_cap_t *effective,
1479	const kernel_cap_t *inheritable,
1480	const kernel_cap_t *permitted);
1481	int (capable) (const struct cred cred, struct user_namespace *ns,
1482	int cap, int audit);
1483	int (quotactl) (int cmds, int type, int id, struct super_block sb);
1484	int (quota_on) (struct dentry dentry);
1485	int (*syslog) (int type);
1486	int (settime) (const struct timespec ts, const struct timezone *tz);
1487	int (vm_enough_memory) (struct mm_struct mm, long pages);
1488
1489	int (bprm_set_creds) (struct linux_binprm bprm);
1490	int (bprm_check_security) (struct linux_binprm bprm);
1491	int (bprm_secureexec) (struct linux_binprm bprm);
1492	void (bprm_committing_creds) (struct linux_binprm bprm);
1493	void (bprm_committed_creds) (struct linux_binprm bprm);
1494
1495	int (sb_alloc_security) (struct super_block sb);
1496	void (sb_free_security) (struct super_block sb);
1497	int (sb_copy_data) (char orig, char *copy);
1498	int (sb_remount) (struct super_block sb, void *data);
1499	int (sb_kern_mount) (struct super_block sb, int flags, void *data);
1500	int (sb_show_options) (struct seq_file m, struct super_block *sb);
1501	int (sb_statfs) (struct dentry dentry);
1502	int (sb_mount) (const char dev_name, struct path *path,
1503	const char type, unsigned long flags, void data);
1504	int (sb_umount) (struct vfsmount mnt, int flags);
1505	int (sb_pivotroot) (struct path old_path,
1506	struct path *new_path);
1507	int (sb_set_mnt_opts) (struct super_block sb,
1508	struct security_mnt_opts *opts,
1509	unsigned long kern_flags,
1510	unsigned long *set_kern_flags);
1511	int (sb_clone_mnt_opts) (const struct super_block oldsb,
1512	struct super_block *newsb);
1513	int (sb_parse_opts_str) (char options, struct security_mnt_opts *opts);
1514	int (dentry_init_security) (struct dentry dentry, int mode,
1515	struct qstr name, void *ctx,
1516	u32 *ctxlen);
1517
1518
1519	#ifdef CONFIG_SECURITY_PATH
1520	int (path_unlink) (struct path dir, struct dentry *dentry);
1521	int (path_mkdir) (struct path dir, struct dentry *dentry, umode_t mode);
1522	int (path_rmdir) (struct path dir, struct dentry *dentry);
1523	int (path_mknod) (struct path dir, struct dentry *dentry, umode_t mode,
1524	unsigned int dev);
1525	int (path_truncate) (struct path path);
1526	int (path_symlink) (struct path dir, struct dentry *dentry,
1527	const char *old_name);
1528	int (path_link) (struct dentry old_dentry, struct path *new_dir,
1529	struct dentry *new_dentry);
1530	int (path_rename) (struct path old_dir, struct dentry *old_dentry,
1531	struct path new_dir, struct dentry new_dentry);
1532	int (path_chmod) (struct path path, umode_t mode);
1533	int (path_chown) (struct path path, kuid_t uid, kgid_t gid);
1534	int (path_chroot) (struct path path);
1535	#endif
1536
1537	int (inode_alloc_security) (struct inode inode);
1538	void (inode_free_security) (struct inode inode);
1539	int (inode_init_security) (struct inode inode, struct inode *dir,
1540	const struct qstr qstr, const char *name,
1541	void *value, size_t len);
1542	int (inode_create) (struct inode dir,
1543	struct dentry *dentry, umode_t mode);
1544	int (inode_link) (struct dentry old_dentry,
1545	struct inode dir, struct dentry new_dentry);
1546	int (inode_unlink) (struct inode dir, struct dentry *dentry);
1547	int (inode_symlink) (struct inode dir,
1548	struct dentry dentry, const char old_name);
1549	int (inode_mkdir) (struct inode dir, struct dentry *dentry, umode_t mode);
1550	int (inode_rmdir) (struct inode dir, struct dentry *dentry);
1551	int (inode_mknod) (struct inode dir, struct dentry *dentry,
1552	umode_t mode, dev_t dev);
1553	int (inode_rename) (struct inode old_dir, struct dentry *old_dentry,
1554	struct inode new_dir, struct dentry new_dentry);
1555	int (inode_readlink) (struct dentry dentry);
1556	int (inode_follow_link) (struct dentry dentry, struct nameidata *nd);
1557	int (inode_permission) (struct inode inode, int mask);
1558	int (inode_setattr) (struct dentry dentry, struct iattr *attr);
1559	int (inode_getattr) (const struct path path);
1560	int (inode_setxattr) (struct dentry dentry, const char *name,
1561	const void *value, size_t size, int flags);
1562	void (inode_post_setxattr) (struct dentry dentry, const char *name,
1563	const void *value, size_t size, int flags);
1564	int (inode_getxattr) (struct dentry dentry, const char *name);
1565	int (inode_listxattr) (struct dentry dentry);
1566	int (inode_removexattr) (struct dentry dentry, const char *name);
1567	int (inode_need_killpriv) (struct dentry dentry);
1568	int (inode_killpriv) (struct dentry dentry);
1569	int (inode_getsecurity) (const struct inode inode, const char name, void *buffer, bool alloc);
1570	int (inode_setsecurity) (struct inode inode, const char name, const void value, size_t size, int flags);
1571	int (inode_listsecurity) (struct inode inode, char *buffer, size_t buffer_size);
1572	void (inode_getsecid) (const struct inode inode, u32 *secid);
1573
1574	int (file_permission) (struct file file, int mask);
1575	int (file_alloc_security) (struct file file);
1576	void (file_free_security) (struct file file);
1577	int (file_ioctl) (struct file file, unsigned int cmd,
1578	unsigned long arg);
1579	int (*mmap_addr) (unsigned long addr);
1580	int (mmap_file) (struct file file,
1581	unsigned long reqprot, unsigned long prot,
1582	unsigned long flags);
1583	int (file_mprotect) (struct vm_area_struct vma,
1584	unsigned long reqprot,
1585	unsigned long prot);
1586	int (file_lock) (struct file file, unsigned int cmd);
1587	int (file_fcntl) (struct file file, unsigned int cmd,
1588	unsigned long arg);
1589	void (file_set_fowner) (struct file file);
1590	int (file_send_sigiotask) (struct task_struct tsk,
1591	struct fown_struct *fown, int sig);
1592	int (file_receive) (struct file file);
1593	int (file_open) (struct file file, const struct cred *cred);
1594
1595	int (*task_create) (unsigned long clone_flags);
1596	void (task_free) (struct task_struct task);
1597	int (cred_alloc_blank) (struct cred cred, gfp_t gfp);
1598	void (cred_free) (struct cred cred);
1599	int (cred_prepare)(struct cred new, const struct cred *old,
1600	gfp_t gfp);
1601	void (cred_transfer)(struct cred new, const struct cred *old);
1602	int (kernel_act_as)(struct cred new, u32 secid);
1603	int (kernel_create_files_as)(struct cred new, struct inode *inode);
1604	int (kernel_fw_from_file)(struct file file, char *buf, size_t size);
1605	int (kernel_module_request)(char kmod_name);
1606	int (kernel_module_from_file)(struct file file);
1607	int (task_fix_setuid) (struct cred new, const struct cred *old,
1608	int flags);
1609	int (task_setpgid) (struct task_struct p, pid_t pgid);
1610	int (task_getpgid) (struct task_struct p);
1611	int (task_getsid) (struct task_struct p);
1612	void (task_getsecid) (struct task_struct p, u32 *secid);
1613	int (task_setnice) (struct task_struct p, int nice);
1614	int (task_setioprio) (struct task_struct p, int ioprio);
1615	int (task_getioprio) (struct task_struct p);
1616	int (task_setrlimit) (struct task_struct p, unsigned int resource,
1617	struct rlimit *new_rlim);
1618	int (task_setscheduler) (struct task_struct p);
1619	int (task_getscheduler) (struct task_struct p);
1620	int (task_movememory) (struct task_struct p);
1621	int (task_kill) (struct task_struct p,
1622	struct siginfo *info, int sig, u32 secid);
1623	int (task_wait) (struct task_struct p);
1624	int (*task_prctl) (int option, unsigned long arg2,
1625	unsigned long arg3, unsigned long arg4,
1626	unsigned long arg5);
1627	void (task_to_inode) (struct task_struct p, struct inode *inode);
1628
1629	int (ipc_permission) (struct kern_ipc_perm ipcp, short flag);
1630	void (ipc_getsecid) (struct kern_ipc_perm ipcp, u32 *secid);
1631
1632	int (msg_msg_alloc_security) (struct msg_msg msg);
1633	void (msg_msg_free_security) (struct msg_msg msg);
1634
1635	int (msg_queue_alloc_security) (struct msg_queue msq);
1636	void (msg_queue_free_security) (struct msg_queue msq);
1637	int (msg_queue_associate) (struct msg_queue msq, int msqflg);
1638	int (msg_queue_msgctl) (struct msg_queue msq, int cmd);
1639	int (msg_queue_msgsnd) (struct msg_queue msq,
1640	struct msg_msg *msg, int msqflg);
1641	int (msg_queue_msgrcv) (struct msg_queue msq,
1642	struct msg_msg *msg,
1643	struct task_struct *target,
1644	long type, int mode);
1645
1646	int (shm_alloc_security) (struct shmid_kernel shp);
1647	void (shm_free_security) (struct shmid_kernel shp);
1648	int (shm_associate) (struct shmid_kernel shp, int shmflg);
1649	int (shm_shmctl) (struct shmid_kernel shp, int cmd);
1650	int (shm_shmat) (struct shmid_kernel shp,
1651	char __user *shmaddr, int shmflg);
1652
1653	int (sem_alloc_security) (struct sem_array sma);
1654	void (sem_free_security) (struct sem_array sma);
1655	int (sem_associate) (struct sem_array sma, int semflg);
1656	int (sem_semctl) (struct sem_array sma, int cmd);
1657	int (sem_semop) (struct sem_array sma,
1658	struct sembuf *sops, unsigned nsops, int alter);
1659
1660	int (netlink_send) (struct sock sk, struct sk_buff *skb);
1661
1662	void (d_instantiate) (struct dentry dentry, struct inode *inode);
1663
1664	int (getprocattr) (struct task_struct p, char name, char *value);
1665	int (setprocattr) (struct task_struct p, char name, void value, size_t size);
1666	int (ismaclabel) (const char name);
1667	int (secid_to_secctx) (u32 secid, char secdata, u32 seclen);
1668	int (secctx_to_secid) (const char secdata, u32 seclen, u32 *secid);
1669	void (release_secctx) (char secdata, u32 seclen);
1670
1671	int (inode_notifysecctx)(struct inode inode, void *ctx, u32 ctxlen);
1672	int (inode_setsecctx)(struct dentry dentry, void *ctx, u32 ctxlen);
1673	int (inode_getsecctx)(struct inode inode, void *ctx, u32 ctxlen);
1674
1675	#ifdef CONFIG_SECURITY_NETWORK
1676	int (unix_stream_connect) (struct sock sock, struct sock other, struct sock newsk);
1677	int (unix_may_send) (struct socket sock, struct socket *other);
1678
1679	int (*socket_create) (int family, int type, int protocol, int kern);
1680	int (socket_post_create) (struct socket sock, int family,
1681	int type, int protocol, int kern);
1682	int (socket_bind) (struct socket sock,
1683	struct sockaddr *address, int addrlen);
1684	int (socket_connect) (struct socket sock,
1685	struct sockaddr *address, int addrlen);
1686	int (socket_listen) (struct socket sock, int backlog);
1687	int (socket_accept) (struct socket sock, struct socket *newsock);
1688	int (socket_sendmsg) (struct socket sock,
1689	struct msghdr *msg, int size);
1690	int (socket_recvmsg) (struct socket sock,
1691	struct msghdr *msg, int size, int flags);
1692	int (socket_getsockname) (struct socket sock);
1693	int (socket_getpeername) (struct socket sock);
1694	int (socket_getsockopt) (struct socket sock, int level, int optname);
1695	int (socket_setsockopt) (struct socket sock, int level, int optname);
1696	int (socket_shutdown) (struct socket sock, int how);
1697	int (socket_sock_rcv_skb) (struct sock sk, struct sk_buff *skb);
1698	int (socket_getpeersec_stream) (struct socket sock, char __user optval, int __user optlen, unsigned len);
1699	int (socket_getpeersec_dgram) (struct socket sock, struct sk_buff skb, u32 secid);
1700	int (sk_alloc_security) (struct sock sk, int family, gfp_t priority);
1701	void (sk_free_security) (struct sock sk);
1702	void (sk_clone_security) (const struct sock sk, struct sock *newsk);
1703	void (sk_getsecid) (struct sock sk, u32 *secid);
1704	void (sock_graft) (struct sock sk, struct socket *parent);
1705	int (inet_conn_request) (struct sock sk, struct sk_buff *skb,
1706	struct request_sock *req);
1707	void (inet_csk_clone) (struct sock newsk, const struct request_sock *req);
1708	void (inet_conn_established) (struct sock sk, struct sk_buff *skb);
1709	int (*secmark_relabel_packet) (u32 secid);
1710	void (*secmark_refcount_inc) (void);
1711	void (*secmark_refcount_dec) (void);
1712	void (req_classify_flow) (const struct request_sock req, struct flowi *fl);
1713	int (tun_dev_alloc_security) (void *security);
1714	void (tun_dev_free_security) (void security);
1715	int (*tun_dev_create) (void);
1716	int (tun_dev_attach_queue) (void security);
1717	int (tun_dev_attach) (struct sock sk, void *security);
1718	int (tun_dev_open) (void security);
1719	#endif /* CONFIG_SECURITY_NETWORK */
1720
1721	#ifdef CONFIG_SECURITY_NETWORK_XFRM
1722	int (xfrm_policy_alloc_security) (struct xfrm_sec_ctx *ctxp,
1723	struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp);
1724	int (xfrm_policy_clone_security) (struct xfrm_sec_ctx old_ctx, struct xfrm_sec_ctx **new_ctx);
1725	void (xfrm_policy_free_security) (struct xfrm_sec_ctx ctx);
1726	int (xfrm_policy_delete_security) (struct xfrm_sec_ctx ctx);
1727	int (xfrm_state_alloc) (struct xfrm_state x,
1728	struct xfrm_user_sec_ctx *sec_ctx);
1729	int (xfrm_state_alloc_acquire) (struct xfrm_state x,
1730	struct xfrm_sec_ctx *polsec,
1731	u32 secid);
1732	void (xfrm_state_free_security) (struct xfrm_state x);
1733	int (xfrm_state_delete_security) (struct xfrm_state x);
1734	int (xfrm_policy_lookup) (struct xfrm_sec_ctx ctx, u32 fl_secid, u8 dir);
1735	int (xfrm_state_pol_flow_match) (struct xfrm_state x,
1736	struct xfrm_policy *xp,
1737	const struct flowi *fl);
1738	int (xfrm_decode_session) (struct sk_buff skb, u32 *secid, int ckall);
1739	#endif /* CONFIG_SECURITY_NETWORK_XFRM */
1740
1741	/* key management security hooks */
1742	#ifdef CONFIG_KEYS
1743	int (key_alloc) (struct key key, const struct cred *cred, unsigned long flags);
1744	void (key_free) (struct key key);
1745	int (*key_permission) (key_ref_t key_ref,
1746	const struct cred *cred,
1747	unsigned perm);
1748	int (key_getsecurity)(struct key key, char **_buffer);
1749	#endif /* CONFIG_KEYS */
1750
1751	#ifdef CONFIG_AUDIT
1752	int (audit_rule_init) (u32 field, u32 op, char rulestr, void **lsmrule);
1753	int (audit_rule_known) (struct audit_krule krule);
1754	int (audit_rule_match) (u32 secid, u32 field, u32 op, void lsmrule,
1755	struct audit_context *actx);
1756	void (audit_rule_free) (void lsmrule);
1757	#endif /* CONFIG_AUDIT */
1758	};
1759		1458
1760	/* prototypes */	1459	/* prototypes */
1761	extern int security_init(void);	1460	extern int security_init(void);
1762	extern int security_module_enable(struct security_operations *ops);
1763	extern int register_security(struct security_operations *ops);
1764	extern void __init security_fixup_ops(struct security_operations *ops);
1765
1766		1461
1767	/* Security operations */	1462	/* Security operations */
1768	int security_binder_set_context_mgr(struct task_struct *mgr);	1463	int security_binder_set_context_mgr(struct task_struct *mgr);