1 files changed, 226 insertions, 207 deletions
diff --git a/security/security.c b/security/security.c
index 9c95fe0c8d75..02dc72006afa 100644
--- a/security/security.c
+++ b/security/security.c
@@ -133,29 +133,42 @@ int __init register_security(struct security_operations *ops)
        return 0;
 }
+/*
+ * Hook operation macros.
+ *
+ * call_void_hook:
+ *      This is a hook that does not return a value.
+ *
+ * call_int_hook:
+ *      This is a hook that returns a value.
+ */
+#define call_void_hook(FUNC, ...)       security_ops->FUNC(__VA_ARGS__)
+#define call_int_hook(FUNC, IRC, ...)   security_ops->FUNC(__VA_ARGS__)
 /* Security operations */
 int security_binder_set_context_mgr(struct task_struct *mgr)
 {
-        return security_ops->binder_set_context_mgr(mgr);
+        return call_int_hook(binder_set_context_mgr, 0, mgr);
 }
 int security_binder_transaction(struct task_struct *from,
                                struct task_struct *to)
 {
-        return security_ops->binder_transaction(from, to);
+        return call_int_hook(binder_transaction, 0, from, to);
 }
 int security_binder_transfer_binder(struct task_struct *from,
                                    struct task_struct *to)
 {
-        return security_ops->binder_transfer_binder(from, to);
+        return call_int_hook(binder_transfer_binder, 0, from, to);
 }
 int security_binder_transfer_file(struct task_struct *from,
                                  struct task_struct *to, struct file *file)
 {
-        return security_ops->binder_transfer_file(from, to, file);
+        return call_int_hook(binder_transfer_file, 0, from, to, file);
 }
 int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
@@ -166,7 +179,7 @@ int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
        if (rc)
                return rc;
 #endif
-        return security_ops->ptrace_access_check(child, mode);
+        return call_int_hook(ptrace_access_check, 0, child, mode);
 }
 int security_ptrace_traceme(struct task_struct *parent)
@@ -177,7 +190,7 @@ int security_ptrace_traceme(struct task_struct *parent)
        if (rc)
                return rc;
 #endif
-        return security_ops->ptrace_traceme(parent);
+        return call_int_hook(ptrace_traceme, 0, parent);
 }
 int security_capget(struct task_struct *target,
@@ -185,7 +198,8 @@ int security_capget(struct task_struct *target,
                     kernel_cap_t *inheritable,
                     kernel_cap_t *permitted)
 {
-        return security_ops->capget(target, effective, inheritable, permitted);
+        return call_int_hook(capget, 0, target,
+                                effective, inheritable, permitted);
 }
 int security_capset(struct cred *new, const struct cred *old,
@@ -193,57 +207,57 @@ int security_capset(struct cred *new, const struct cred *old,
                    const kernel_cap_t *inheritable,
                    const kernel_cap_t *permitted)
 {
-        return security_ops->capset(new, old,
+        return call_int_hook(capset, 0, new, old,
-                                    effective, inheritable, permitted);
+                                effective, inheritable, permitted);
 }
 int security_capable(const struct cred *cred, struct user_namespace *ns,
                     int cap)
 {
-        return security_ops->capable(cred, ns, cap, SECURITY_CAP_AUDIT);
+        return call_int_hook(capable, 0, cred, ns, cap, SECURITY_CAP_AUDIT);
 }
 int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
                             int cap)
 {
-        return security_ops->capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
+        return call_int_hook(capable, 0, cred, ns, cap, SECURITY_CAP_NOAUDIT);
 }
 int security_quotactl(int cmds, int type, int id, struct super_block *sb)
 {
-        return security_ops->quotactl(cmds, type, id, sb);
+        return call_int_hook(quotactl, 0, cmds, type, id, sb);
 }
 int security_quota_on(struct dentry *dentry)
 {
-        return security_ops->quota_on(dentry);
+        return call_int_hook(quota_on, 0, dentry);
 }
 int security_syslog(int type)
 {
-        return security_ops->syslog(type);
+        return call_int_hook(syslog, 0, type);
 }
 int security_settime(const struct timespec *ts, const struct timezone *tz)
 {
-        return security_ops->settime(ts, tz);
+        return call_int_hook(settime, 0, ts, tz);
 }
 int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
 {
-        return security_ops->vm_enough_memory(mm, pages);
+        return call_int_hook(vm_enough_memory, 0, mm, pages);
 }
 int security_bprm_set_creds(struct linux_binprm *bprm)
 {
-        return security_ops->bprm_set_creds(bprm);
+        return call_int_hook(bprm_set_creds, 0, bprm);
 }
 int security_bprm_check(struct linux_binprm *bprm)
 {
        int ret;
-        ret = security_ops->bprm_check_security(bprm);
+        ret = call_int_hook(bprm_check_security, 0, bprm);
        if (ret)
                return ret;
        return ima_bprm_check(bprm);
@@ -251,69 +265,69 @@ int security_bprm_check(struct linux_binprm *bprm)
 void security_bprm_committing_creds(struct linux_binprm *bprm)
 {
-        security_ops->bprm_committing_creds(bprm);
+        call_void_hook(bprm_committing_creds, bprm);
 }
 void security_bprm_committed_creds(struct linux_binprm *bprm)
 {
-        security_ops->bprm_committed_creds(bprm);
+        call_void_hook(bprm_committed_creds, bprm);
 }
 int security_bprm_secureexec(struct linux_binprm *bprm)
 {
-        return security_ops->bprm_secureexec(bprm);
+        return call_int_hook(bprm_secureexec, 0, bprm);
 }
 int security_sb_alloc(struct super_block *sb)
 {
-        return security_ops->sb_alloc_security(sb);
+        return call_int_hook(sb_alloc_security, 0, sb);
 }
 void security_sb_free(struct super_block *sb)
 {
-        security_ops->sb_free_security(sb);
+        call_void_hook(sb_free_security, sb);
 }
 int security_sb_copy_data(char *orig, char *copy)
 {
-        return security_ops->sb_copy_data(orig, copy);
+        return call_int_hook(sb_copy_data, 0, orig, copy);
 }
 EXPORT_SYMBOL(security_sb_copy_data);
 int security_sb_remount(struct super_block *sb, void *data)
 {
-        return security_ops->sb_remount(sb, data);
+        return call_int_hook(sb_remount, 0, sb, data);
 }
 int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
 {
-        return security_ops->sb_kern_mount(sb, flags, data);
+        return call_int_hook(sb_kern_mount, 0, sb, flags, data);
 }
 int security_sb_show_options(struct seq_file *m, struct super_block *sb)
 {
-        return security_ops->sb_show_options(m, sb);
+        return call_int_hook(sb_show_options, 0, m, sb);
 }
 int security_sb_statfs(struct dentry *dentry)
 {
-        return security_ops->sb_statfs(dentry);
+        return call_int_hook(sb_statfs, 0, dentry);
 }
 int security_sb_mount(const char *dev_name, struct path *path,
                       const char *type, unsigned long flags, void *data)
 {
-        return security_ops->sb_mount(dev_name, path, type, flags, data);
+        return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data);
 }
 int security_sb_umount(struct vfsmount *mnt, int flags)
 {
-        return security_ops->sb_umount(mnt, flags);
+        return call_int_hook(sb_umount, 0, mnt, flags);
 }
 int security_sb_pivotroot(struct path *old_path, struct path *new_path)
 {
-        return security_ops->sb_pivotroot(old_path, new_path);
+        return call_int_hook(sb_pivotroot, 0, old_path, new_path);
 }
 int security_sb_set_mnt_opts(struct super_block *sb,
@@ -321,7 +335,7 @@ int security_sb_set_mnt_opts(struct super_block *sb,
                                unsigned long kern_flags,
                                unsigned long *set_kern_flags)
 {
-        return security_ops->sb_set_mnt_opts(sb, opts, kern_flags,
+        return call_int_hook(sb_set_mnt_opts, 0, sb, opts, kern_flags,
                                                set_kern_flags);
 }
 EXPORT_SYMBOL(security_sb_set_mnt_opts);
@@ -329,33 +343,33 @@ EXPORT_SYMBOL(security_sb_set_mnt_opts);
 int security_sb_clone_mnt_opts(const struct super_block *oldsb,
                                struct super_block *newsb)
 {
-        return security_ops->sb_clone_mnt_opts(oldsb, newsb);
+        return call_int_hook(sb_clone_mnt_opts, 0, oldsb, newsb);
 }
 EXPORT_SYMBOL(security_sb_clone_mnt_opts);
 int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
 {
-        return security_ops->sb_parse_opts_str(options, opts);
+        return call_int_hook(sb_parse_opts_str, 0, options, opts);
 }
 EXPORT_SYMBOL(security_sb_parse_opts_str);
 int security_inode_alloc(struct inode *inode)
 {
        inode->i_security = NULL;
-        return security_ops->inode_alloc_security(inode);
+        return call_int_hook(inode_alloc_security, 0, inode);
 }
 void security_inode_free(struct inode *inode)
 {
        integrity_inode_free(inode);
-        security_ops->inode_free_security(inode);
+        call_void_hook(inode_free_security, inode);
 }
 int security_dentry_init_security(struct dentry *dentry, int mode,
                                        struct qstr *name, void **ctx,
                                        u32 *ctxlen)
 {
-        return security_ops->dentry_init_security(dentry, mode, name,
+        return call_int_hook(dentry_init_security, 0, dentry, mode, name,
                                                        ctx, ctxlen);
 }
 EXPORT_SYMBOL(security_dentry_init_security);
@@ -372,11 +386,11 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
                return 0;
        if (!initxattrs)
-                return security_ops->inode_init_security(inode, dir, qstr,
+                return call_int_hook(inode_init_security, 0, inode, dir, qstr,
                                                         NULL, NULL, NULL);
        memset(new_xattrs, 0, sizeof(new_xattrs));
        lsm_xattr = new_xattrs;
-        ret = security_ops->inode_init_security(inode, dir, qstr,
+        ret = call_int_hook(inode_init_security, 0, inode, dir, qstr,
                                                &lsm_xattr->name,
                                                &lsm_xattr->value,
                                                &lsm_xattr->value_len);
@@ -401,8 +415,8 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir,
 {
        if (unlikely(IS_PRIVATE(inode)))
                return -EOPNOTSUPP;
-        return security_ops->inode_init_security(inode, dir, qstr, name, value,
+        return call_int_hook(inode_init_security, 0, inode, dir, qstr,
-                                                 len);
+                                name, value, len);
 }
 EXPORT_SYMBOL(security_old_inode_init_security);
@@ -412,7 +426,7 @@ int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
 {
        if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
                return 0;
-        return security_ops->path_mknod(dir, dentry, mode, dev);
+        return call_int_hook(path_mknod, 0, dir, dentry, mode, dev);
 }
 EXPORT_SYMBOL(security_path_mknod);
@@ -420,7 +434,7 @@ int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode)
 {
        if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
                return 0;
-        return security_ops->path_mkdir(dir, dentry, mode);
+        return call_int_hook(path_mkdir, 0, dir, dentry, mode);
 }
 EXPORT_SYMBOL(security_path_mkdir);
@@ -428,14 +442,14 @@ int security_path_rmdir(struct path *dir, struct dentry *dentry)
 {
        if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
                return 0;
-        return security_ops->path_rmdir(dir, dentry);
+        return call_int_hook(path_rmdir, 0, dir, dentry);
 }
 int security_path_unlink(struct path *dir, struct dentry *dentry)
 {
        if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
                return 0;
-        return security_ops->path_unlink(dir, dentry);
+        return call_int_hook(path_unlink, 0, dir, dentry);
 }
 EXPORT_SYMBOL(security_path_unlink);
@@ -444,7 +458,7 @@ int security_path_symlink(struct path *dir, struct dentry *dentry,
 {
        if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
                return 0;
-        return security_ops->path_symlink(dir, dentry, old_name);
+        return call_int_hook(path_symlink, 0, dir, dentry, old_name);
 }
 int security_path_link(struct dentry *old_dentry, struct path *new_dir,
@@ -452,7 +466,7 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
 {
        if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry))))
                return 0;
-        return security_ops->path_link(old_dentry, new_dir, new_dentry);
+        return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry);
 }
 int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
@@ -464,14 +478,14 @@ int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
                return 0;
        if (flags & RENAME_EXCHANGE) {
-                int err = security_ops->path_rename(new_dir, new_dentry,
+                int err = call_int_hook(path_rename, 0, new_dir, new_dentry,
-                                                    old_dir, old_dentry);
+                                        old_dir, old_dentry);
                if (err)
                        return err;
        }
-        return security_ops->path_rename(old_dir, old_dentry, new_dir,
+        return call_int_hook(path_rename, 0, old_dir, old_dentry, new_dir,
-                                         new_dentry);
+                                new_dentry);
 }
 EXPORT_SYMBOL(security_path_rename);
@@ -479,26 +493,26 @@ int security_path_truncate(struct path *path)
 {
        if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
                return 0;
-        return security_ops->path_truncate(path);
+        return call_int_hook(path_truncate, 0, path);
 }
 int security_path_chmod(struct path *path, umode_t mode)
 {
        if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
                return 0;
-        return security_ops->path_chmod(path, mode);
+        return call_int_hook(path_chmod, 0, path, mode);
 }
 int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)
 {
        if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
                return 0;
-        return security_ops->path_chown(path, uid, gid);
+        return call_int_hook(path_chown, 0, path, uid, gid);
 }
 int security_path_chroot(struct path *path)
 {
-        return security_ops->path_chroot(path);
+        return call_int_hook(path_chroot, 0, path);
 }
 #endif
@@ -506,7 +520,7 @@ int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode
 {
        if (unlikely(IS_PRIVATE(dir)))
                return 0;
-        return security_ops->inode_create(dir, dentry, mode);
+        return call_int_hook(inode_create, 0, dir, dentry, mode);
 }
 EXPORT_SYMBOL_GPL(security_inode_create);
@@ -515,14 +529,14 @@ int security_inode_link(struct dentry *old_dentry, struct inode *dir,
 {
        if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry))))
                return 0;
-        return security_ops->inode_link(old_dentry, dir, new_dentry);
+        return call_int_hook(inode_link, 0, old_dentry, dir, new_dentry);
 }
 int security_inode_unlink(struct inode *dir, struct dentry *dentry)
 {
        if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
                return 0;
-        return security_ops->inode_unlink(dir, dentry);
+        return call_int_hook(inode_unlink, 0, dir, dentry);
 }
 int security_inode_symlink(struct inode *dir, struct dentry *dentry,
@@ -530,14 +544,14 @@ int security_inode_symlink(struct inode *dir, struct dentry *dentry,
 {
        if (unlikely(IS_PRIVATE(dir)))
                return 0;
-        return security_ops->inode_symlink(dir, dentry, old_name);
+        return call_int_hook(inode_symlink, 0, dir, dentry, old_name);
 }
 int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
 {
        if (unlikely(IS_PRIVATE(dir)))
                return 0;
-        return security_ops->inode_mkdir(dir, dentry, mode);
+        return call_int_hook(inode_mkdir, 0, dir, dentry, mode);
 }
 EXPORT_SYMBOL_GPL(security_inode_mkdir);
@@ -545,14 +559,14 @@ int security_inode_rmdir(struct inode *dir, struct dentry *dentry)
 {
        if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
                return 0;
-        return security_ops->inode_rmdir(dir, dentry);
+        return call_int_hook(inode_rmdir, 0, dir, dentry);
 }
 int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
 {
        if (unlikely(IS_PRIVATE(dir)))
                return 0;
-        return security_ops->inode_mknod(dir, dentry, mode, dev);
+        return call_int_hook(inode_mknod, 0, dir, dentry, mode, dev);
 }
 int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
@@ -564,13 +578,13 @@ int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
                return 0;
        if (flags & RENAME_EXCHANGE) {
-                int err = security_ops->inode_rename(new_dir, new_dentry,
+                int err = call_int_hook(inode_rename, 0, new_dir, new_dentry,
                                                     old_dir, old_dentry);
                if (err)
                        return err;
        }
-        return security_ops->inode_rename(old_dir, old_dentry,
+        return call_int_hook(inode_rename, 0, old_dir, old_dentry,
                                           new_dir, new_dentry);
 }
@@ -578,21 +592,21 @@ int security_inode_readlink(struct dentry *dentry)
 {
        if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
                return 0;
-        return security_ops->inode_readlink(dentry);
+        return call_int_hook(inode_readlink, 0, dentry);
 }
 int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd)
 {
        if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
                return 0;
-        return security_ops->inode_follow_link(dentry, nd);
+        return call_int_hook(inode_follow_link, 0, dentry, nd);
 }
 int security_inode_permission(struct inode *inode, int mask)
 {
        if (unlikely(IS_PRIVATE(inode)))
                return 0;
-        return security_ops->inode_permission(inode, mask);
+        return call_int_hook(inode_permission, 0, inode, mask);
 }
 int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
@@ -601,7 +615,7 @@ int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
        if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
                return 0;
-        ret = security_ops->inode_setattr(dentry, attr);
+        ret = call_int_hook(inode_setattr, 0, dentry, attr);
        if (ret)
                return ret;
        return evm_inode_setattr(dentry, attr);
@@ -612,7 +626,7 @@ int security_inode_getattr(const struct path *path)
 {
        if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
                return 0;
-        return security_ops->inode_getattr(path);
+        return call_int_hook(inode_getattr, 0, path);
 }
 int security_inode_setxattr(struct dentry *dentry, const char *name,
@@ -622,7 +636,8 @@ int security_inode_setxattr(struct dentry *dentry, const char *name,
        if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
                return 0;
-        ret = security_ops->inode_setxattr(dentry, name, value, size, flags);
+        ret = call_int_hook(inode_setxattr, 0, dentry, name, value, size,
+                                flags);
        if (ret)
                return ret;
        ret = ima_inode_setxattr(dentry, name, value, size);
@@ -636,7 +651,7 @@ void security_inode_post_setxattr(struct dentry *dentry, const char *name,
 {
        if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
                return;
-        security_ops->inode_post_setxattr(dentry, name, value, size, flags);
+        call_void_hook(inode_post_setxattr, dentry, name, value, size, flags);
        evm_inode_post_setxattr(dentry, name, value, size);
 }
@@ -644,14 +659,14 @@ int security_inode_getxattr(struct dentry *dentry, const char *name)
 {
        if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
                return 0;
-        return security_ops->inode_getxattr(dentry, name);
+        return call_int_hook(inode_getxattr, 0, dentry, name);
 }
 int security_inode_listxattr(struct dentry *dentry)
 {
        if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
                return 0;
-        return security_ops->inode_listxattr(dentry);
+        return call_int_hook(inode_listxattr, 0, dentry);
 }
 int security_inode_removexattr(struct dentry *dentry, const char *name)
@@ -660,7 +675,7 @@ int security_inode_removexattr(struct dentry *dentry, const char *name)
        if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
                return 0;
-        ret = security_ops->inode_removexattr(dentry, name);
+        ret = call_int_hook(inode_removexattr, 0, dentry, name);
        if (ret)
                return ret;
        ret = ima_inode_removexattr(dentry, name);
@@ -671,46 +686,47 @@ int security_inode_removexattr(struct dentry *dentry, const char *name)
 int security_inode_need_killpriv(struct dentry *dentry)
 {
-        return security_ops->inode_need_killpriv(dentry);
+        return call_int_hook(inode_need_killpriv, 0, dentry);
 }
 int security_inode_killpriv(struct dentry *dentry)
 {
-        return security_ops->inode_killpriv(dentry);
+        return call_int_hook(inode_killpriv, 0, dentry);
 }
 int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
 {
        if (unlikely(IS_PRIVATE(inode)))
                return -EOPNOTSUPP;
-        return security_ops->inode_getsecurity(inode, name, buffer, alloc);
+        return call_int_hook(inode_getsecurity, 0, inode, name, buffer, alloc);
 }
 int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
 {
        if (unlikely(IS_PRIVATE(inode)))
                return -EOPNOTSUPP;
-        return security_ops->inode_setsecurity(inode, name, value, size, flags);
+        return call_int_hook(inode_setsecurity, 0, inode, name, value, size,
+                                flags);
 }
 int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
 {
        if (unlikely(IS_PRIVATE(inode)))
                return 0;
-        return security_ops->inode_listsecurity(inode, buffer, buffer_size);
+        return call_int_hook(inode_listsecurity, 0, inode, buffer, buffer_size);
 }
 EXPORT_SYMBOL(security_inode_listsecurity);
 void security_inode_getsecid(const struct inode *inode, u32 *secid)
 {
-        security_ops->inode_getsecid(inode, secid);
+        call_void_hook(inode_getsecid, inode, secid);
 }
 int security_file_permission(struct file *file, int mask)
 {
        int ret;
-        ret = security_ops->file_permission(file, mask);
+        ret = call_int_hook(file_permission, 0, file, mask);
        if (ret)
                return ret;
@@ -719,17 +735,17 @@ int security_file_permission(struct file *file, int mask)
 int security_file_alloc(struct file *file)
 {
-        return security_ops->file_alloc_security(file);
+        return call_int_hook(file_alloc_security, 0, file);
 }
 void security_file_free(struct file *file)
 {
-        security_ops->file_free_security(file);
+        call_void_hook(file_free_security, file);
 }
 int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 {
-        return security_ops->file_ioctl(file, cmd, arg);
+        return call_int_hook(file_ioctl, 0, file, cmd, arg);
 }
 static inline unsigned long mmap_prot(struct file *file, unsigned long prot)
@@ -769,7 +785,7 @@ int security_mmap_file(struct file *file, unsigned long prot,
                        unsigned long flags)
 {
        int ret;
-        ret = security_ops->mmap_file(file, prot,
+        ret = call_int_hook(mmap_file, 0, file, prot,
                                        mmap_prot(file, prot), flags);
        if (ret)
                return ret;
@@ -778,46 +794,46 @@ int security_mmap_file(struct file *file, unsigned long prot,
 int security_mmap_addr(unsigned long addr)
 {
-        return security_ops->mmap_addr(addr);
+        return call_int_hook(mmap_addr, 0, addr);
 }
 int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
                            unsigned long prot)
 {
-        return security_ops->file_mprotect(vma, reqprot, prot);
+        return call_int_hook(file_mprotect, 0, vma, reqprot, prot);
 }
 int security_file_lock(struct file *file, unsigned int cmd)
 {
-        return security_ops->file_lock(file, cmd);
+        return call_int_hook(file_lock, 0, file, cmd);
 }
 int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
 {
-        return security_ops->file_fcntl(file, cmd, arg);
+        return call_int_hook(file_fcntl, 0, file, cmd, arg);
 }
 void security_file_set_fowner(struct file *file)
 {
-        security_ops->file_set_fowner(file);
+        call_void_hook(file_set_fowner, file);
 }
 int security_file_send_sigiotask(struct task_struct *tsk,
                                  struct fown_struct *fown, int sig)
 {
-        return security_ops->file_send_sigiotask(tsk, fown, sig);
+        return call_int_hook(file_send_sigiotask, 0, tsk, fown, sig);
 }
 int security_file_receive(struct file *file)
 {
-        return security_ops->file_receive(file);
+        return call_int_hook(file_receive, 0, file);
 }
 int security_file_open(struct file *file, const struct cred *cred)
 {
        int ret;
-        ret = security_ops->file_open(file, cred);
+        ret = call_int_hook(file_open, 0, file, cred);
        if (ret)
                return ret;
@@ -826,7 +842,7 @@ int security_file_open(struct file *file, const struct cred *cred)
 int security_task_create(unsigned long clone_flags)
 {
-        return security_ops->task_create(clone_flags);
+        return call_int_hook(task_create, 0, clone_flags);
 }
 void security_task_free(struct task_struct *task)
@@ -834,44 +850,44 @@ void security_task_free(struct task_struct *task)
 #ifdef CONFIG_SECURITY_YAMA_STACKED
        yama_task_free(task);
 #endif
-        security_ops->task_free(task);
+        call_void_hook(task_free, task);
 }
 int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
 {
-        return security_ops->cred_alloc_blank(cred, gfp);
+        return call_int_hook(cred_alloc_blank, 0, cred, gfp);
 }
 void security_cred_free(struct cred *cred)
 {
-        security_ops->cred_free(cred);
+        call_void_hook(cred_free, cred);
 }
 int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp)
 {
-        return security_ops->cred_prepare(new, old, gfp);
+        return call_int_hook(cred_prepare, 0, new, old, gfp);
 }
 void security_transfer_creds(struct cred *new, const struct cred *old)
 {
-        security_ops->cred_transfer(new, old);
+        call_void_hook(cred_transfer, new, old);
 }
 int security_kernel_act_as(struct cred *new, u32 secid)
 {
-        return security_ops->kernel_act_as(new, secid);
+        return call_int_hook(kernel_act_as, 0, new, secid);
 }
 int security_kernel_create_files_as(struct cred *new, struct inode *inode)
 {
-        return security_ops->kernel_create_files_as(new, inode);
+        return call_int_hook(kernel_create_files_as, 0, new, inode);
 }
 int security_kernel_fw_from_file(struct file *file, char *buf, size_t size)
 {
        int ret;
-        ret = security_ops->kernel_fw_from_file(file, buf, size);
+        ret = call_int_hook(kernel_fw_from_file, 0, file, buf, size);
        if (ret)
                return ret;
        return ima_fw_from_file(file, buf, size);
@@ -880,14 +896,14 @@ EXPORT_SYMBOL_GPL(security_kernel_fw_from_file);
 int security_kernel_module_request(char *kmod_name)
 {
-        return security_ops->kernel_module_request(kmod_name);
+        return call_int_hook(kernel_module_request, 0, kmod_name);
 }
 int security_kernel_module_from_file(struct file *file)
 {
        int ret;
-        ret = security_ops->kernel_module_from_file(file);
+        ret = call_int_hook(kernel_module_from_file, 0, file);
        if (ret)
                return ret;
        return ima_module_check(file);
@@ -896,75 +912,75 @@ int security_kernel_module_from_file(struct file *file)
 int security_task_fix_setuid(struct cred *new, const struct cred *old,
                             int flags)
 {
-        return security_ops->task_fix_setuid(new, old, flags);
+        return call_int_hook(task_fix_setuid, 0, new, old, flags);
 }
 int security_task_setpgid(struct task_struct *p, pid_t pgid)
 {
-        return security_ops->task_setpgid(p, pgid);
+        return call_int_hook(task_setpgid, 0, p, pgid);
 }
 int security_task_getpgid(struct task_struct *p)
 {
-        return security_ops->task_getpgid(p);
+        return call_int_hook(task_getpgid, 0, p);
 }
 int security_task_getsid(struct task_struct *p)
 {
-        return security_ops->task_getsid(p);
+        return call_int_hook(task_getsid, 0, p);
 }
 void security_task_getsecid(struct task_struct *p, u32 *secid)
 {
-        security_ops->task_getsecid(p, secid);
+        call_void_hook(task_getsecid, p, secid);
 }
 EXPORT_SYMBOL(security_task_getsecid);
 int security_task_setnice(struct task_struct *p, int nice)
 {
-        return security_ops->task_setnice(p, nice);
+        return call_int_hook(task_setnice, 0, p, nice);
 }
 int security_task_setioprio(struct task_struct *p, int ioprio)
 {
-        return security_ops->task_setioprio(p, ioprio);
+        return call_int_hook(task_setioprio, 0, p, ioprio);
 }
 int security_task_getioprio(struct task_struct *p)
 {
-        return security_ops->task_getioprio(p);
+        return call_int_hook(task_getioprio, 0, p);
 }
 int security_task_setrlimit(struct task_struct *p, unsigned int resource,
                struct rlimit *new_rlim)
 {
-        return security_ops->task_setrlimit(p, resource, new_rlim);
+        return call_int_hook(task_setrlimit, 0, p, resource, new_rlim);
 }
 int security_task_setscheduler(struct task_struct *p)
 {
-        return security_ops->task_setscheduler(p);
+        return call_int_hook(task_setscheduler, 0, p);
 }
 int security_task_getscheduler(struct task_struct *p)
 {
-        return security_ops->task_getscheduler(p);
+        return call_int_hook(task_getscheduler, 0, p);
 }
 int security_task_movememory(struct task_struct *p)
 {
-        return security_ops->task_movememory(p);
+        return call_int_hook(task_movememory, 0, p);
 }
 int security_task_kill(struct task_struct *p, struct siginfo *info,
                        int sig, u32 secid)
 {
-        return security_ops->task_kill(p, info, sig, secid);
+        return call_int_hook(task_kill, 0, p, info, sig, secid);
 }
 int security_task_wait(struct task_struct *p)
 {
-        return security_ops->task_wait(p);
+        return call_int_hook(task_wait, 0, p);
 }
 int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
@@ -976,179 +992,179 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
        if (rc != -ENOSYS)
                return rc;
 #endif
-        return security_ops->task_prctl(option, arg2, arg3, arg4, arg5);
+        return call_int_hook(task_prctl, 0, option, arg2, arg3, arg4, arg5);
 }
 void security_task_to_inode(struct task_struct *p, struct inode *inode)
 {
-        security_ops->task_to_inode(p, inode);
+        call_void_hook(task_to_inode, p, inode);
 }
 int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
 {
-        return security_ops->ipc_permission(ipcp, flag);
+        return call_int_hook(ipc_permission, 0, ipcp, flag);
 }
 void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
 {
-        security_ops->ipc_getsecid(ipcp, secid);
+        call_void_hook(ipc_getsecid, ipcp, secid);
 }
 int security_msg_msg_alloc(struct msg_msg *msg)
 {
-        return security_ops->msg_msg_alloc_security(msg);
+        return call_int_hook(msg_msg_alloc_security, 0, msg);
 }
 void security_msg_msg_free(struct msg_msg *msg)
 {
-        security_ops->msg_msg_free_security(msg);
+        call_void_hook(msg_msg_free_security, msg);
 }
 int security_msg_queue_alloc(struct msg_queue *msq)
 {
-        return security_ops->msg_queue_alloc_security(msq);
+        return call_int_hook(msg_queue_alloc_security, 0, msq);
 }
 void security_msg_queue_free(struct msg_queue *msq)
 {
-        security_ops->msg_queue_free_security(msq);
+        call_void_hook(msg_queue_free_security, msq);
 }
 int security_msg_queue_associate(struct msg_queue *msq, int msqflg)
 {
-        return security_ops->msg_queue_associate(msq, msqflg);
+        return call_int_hook(msg_queue_associate, 0, msq, msqflg);
 }
 int security_msg_queue_msgctl(struct msg_queue *msq, int cmd)
 {
-        return security_ops->msg_queue_msgctl(msq, cmd);
+        return call_int_hook(msg_queue_msgctl, 0, msq, cmd);
 }
 int security_msg_queue_msgsnd(struct msg_queue *msq,
                               struct msg_msg *msg, int msqflg)
 {
-        return security_ops->msg_queue_msgsnd(msq, msg, msqflg);
+        return call_int_hook(msg_queue_msgsnd, 0, msq, msg, msqflg);
 }
 int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
                               struct task_struct *target, long type, int mode)
 {
-        return security_ops->msg_queue_msgrcv(msq, msg, target, type, mode);
+        return call_int_hook(msg_queue_msgrcv, 0, msq, msg, target, type, mode);
 }
 int security_shm_alloc(struct shmid_kernel *shp)
 {
-        return security_ops->shm_alloc_security(shp);
+        return call_int_hook(shm_alloc_security, 0, shp);
 }
 void security_shm_free(struct shmid_kernel *shp)
 {
-        security_ops->shm_free_security(shp);
+        call_void_hook(shm_free_security, shp);
 }
 int security_shm_associate(struct shmid_kernel *shp, int shmflg)
 {
-        return security_ops->shm_associate(shp, shmflg);
+        return call_int_hook(shm_associate, 0, shp, shmflg);
 }
 int security_shm_shmctl(struct shmid_kernel *shp, int cmd)
 {
-        return security_ops->shm_shmctl(shp, cmd);
+        return call_int_hook(shm_shmctl, 0, shp, cmd);
 }
 int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg)
 {
-        return security_ops->shm_shmat(shp, shmaddr, shmflg);
+        return call_int_hook(shm_shmat, 0, shp, shmaddr, shmflg);
 }
 int security_sem_alloc(struct sem_array *sma)
 {
-        return security_ops->sem_alloc_security(sma);
+        return call_int_hook(sem_alloc_security, 0, sma);
 }
 void security_sem_free(struct sem_array *sma)
 {
-        security_ops->sem_free_security(sma);
+        call_void_hook(sem_free_security, sma);
 }
 int security_sem_associate(struct sem_array *sma, int semflg)
 {
-        return security_ops->sem_associate(sma, semflg);
+        return call_int_hook(sem_associate, 0, sma, semflg);
 }
 int security_sem_semctl(struct sem_array *sma, int cmd)
 {
-        return security_ops->sem_semctl(sma, cmd);
+        return call_int_hook(sem_semctl, 0, sma, cmd);
 }
 int security_sem_semop(struct sem_array *sma, struct sembuf *sops,
                        unsigned nsops, int alter)
 {
-        return security_ops->sem_semop(sma, sops, nsops, alter);
+        return call_int_hook(sem_semop, 0, sma, sops, nsops, alter);
 }
 void security_d_instantiate(struct dentry *dentry, struct inode *inode)
 {
        if (unlikely(inode && IS_PRIVATE(inode)))
                return;
-        security_ops->d_instantiate(dentry, inode);
+        call_void_hook(d_instantiate, dentry, inode);
 }
 EXPORT_SYMBOL(security_d_instantiate);
 int security_getprocattr(struct task_struct *p, char *name, char **value)
 {
-        return security_ops->getprocattr(p, name, value);
+        return call_int_hook(getprocattr, 0, p, name, value);
 }
 int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
 {
-        return security_ops->setprocattr(p, name, value, size);
+        return call_int_hook(setprocattr, 0, p, name, value, size);
 }
 int security_netlink_send(struct sock *sk, struct sk_buff *skb)
 {
-        return security_ops->netlink_send(sk, skb);
+        return call_int_hook(netlink_send, 0, sk, skb);
 }
 int security_ismaclabel(const char *name)
 {
-        return security_ops->ismaclabel(name);
+        return call_int_hook(ismaclabel, 0, name);
 }
 EXPORT_SYMBOL(security_ismaclabel);
 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
 {
-        return security_ops->secid_to_secctx(secid, secdata, seclen);
+        return call_int_hook(secid_to_secctx, 0, secid, secdata, seclen);
 }
 EXPORT_SYMBOL(security_secid_to_secctx);
 int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
 {
-        return security_ops->secctx_to_secid(secdata, seclen, secid);
+        return call_int_hook(secctx_to_secid, 0, secdata, seclen, secid);
 }
 EXPORT_SYMBOL(security_secctx_to_secid);
 void security_release_secctx(char *secdata, u32 seclen)
 {
-        security_ops->release_secctx(secdata, seclen);
+        call_void_hook(release_secctx, secdata, seclen);
 }
 EXPORT_SYMBOL(security_release_secctx);
 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
 {
-        return security_ops->inode_notifysecctx(inode, ctx, ctxlen);
+        return call_int_hook(inode_notifysecctx, 0, inode, ctx, ctxlen);
 }
 EXPORT_SYMBOL(security_inode_notifysecctx);
 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
 {
-        return security_ops->inode_setsecctx(dentry, ctx, ctxlen);
+        return call_int_hook(inode_setsecctx, 0, dentry, ctx, ctxlen);
 }
 EXPORT_SYMBOL(security_inode_setsecctx);
 int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
 {
-        return security_ops->inode_getsecctx(inode, ctx, ctxlen);
+        return call_int_hook(inode_getsecctx, 0, inode, ctx, ctxlen);
 }
 EXPORT_SYMBOL(security_inode_getsecctx);
@@ -1156,206 +1172,207 @@ EXPORT_SYMBOL(security_inode_getsecctx);
 int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk)
 {
-        return security_ops->unix_stream_connect(sock, other, newsk);
+        return call_int_hook(unix_stream_connect, 0, sock, other, newsk);
 }
 EXPORT_SYMBOL(security_unix_stream_connect);
 int security_unix_may_send(struct socket *sock,  struct socket *other)
 {
-        return security_ops->unix_may_send(sock, other);
+        return call_int_hook(unix_may_send, 0, sock, other);
 }
 EXPORT_SYMBOL(security_unix_may_send);
 int security_socket_create(int family, int type, int protocol, int kern)
 {
-        return security_ops->socket_create(family, type, protocol, kern);
+        return call_int_hook(socket_create, 0, family, type, protocol, kern);
 }
 int security_socket_post_create(struct socket *sock, int family,
                                int type, int protocol, int kern)
 {
-        return security_ops->socket_post_create(sock, family, type,
+        return call_int_hook(socket_post_create, 0, sock, family, type,
                                                protocol, kern);
 }
 int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
 {
-        return security_ops->socket_bind(sock, address, addrlen);
+        return call_int_hook(socket_bind, 0, sock, address, addrlen);
 }
 int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
 {
-        return security_ops->socket_connect(sock, address, addrlen);
+        return call_int_hook(socket_connect, 0, sock, address, addrlen);
 }
 int security_socket_listen(struct socket *sock, int backlog)
 {
-        return security_ops->socket_listen(sock, backlog);
+        return call_int_hook(socket_listen, 0, sock, backlog);
 }
 int security_socket_accept(struct socket *sock, struct socket *newsock)
 {
-        return security_ops->socket_accept(sock, newsock);
+        return call_int_hook(socket_accept, 0, sock, newsock);
 }
 int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
 {
-        return security_ops->socket_sendmsg(sock, msg, size);
+        return call_int_hook(socket_sendmsg, 0, sock, msg, size);
 }
 int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
                            int size, int flags)
 {
-        return security_ops->socket_recvmsg(sock, msg, size, flags);
+        return call_int_hook(socket_recvmsg, 0, sock, msg, size, flags);
 }
 int security_socket_getsockname(struct socket *sock)
 {
-        return security_ops->socket_getsockname(sock);
+        return call_int_hook(socket_getsockname, 0, sock);
 }
 int security_socket_getpeername(struct socket *sock)
 {
-        return security_ops->socket_getpeername(sock);
+        return call_int_hook(socket_getpeername, 0, sock);
 }
 int security_socket_getsockopt(struct socket *sock, int level, int optname)
 {
-        return security_ops->socket_getsockopt(sock, level, optname);
+        return call_int_hook(socket_getsockopt, 0, sock, level, optname);
 }
 int security_socket_setsockopt(struct socket *sock, int level, int optname)
 {
-        return security_ops->socket_setsockopt(sock, level, optname);
+        return call_int_hook(socket_setsockopt, 0, sock, level, optname);
 }
 int security_socket_shutdown(struct socket *sock, int how)
 {
-        return security_ops->socket_shutdown(sock, how);
+        return call_int_hook(socket_shutdown, 0, sock, how);
 }
 int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 {
-        return security_ops->socket_sock_rcv_skb(sk, skb);
+        return call_int_hook(socket_sock_rcv_skb, 0, sk, skb);
 }
 EXPORT_SYMBOL(security_sock_rcv_skb);
 int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
                                      int __user *optlen, unsigned len)
 {
-        return security_ops->socket_getpeersec_stream(sock, optval, optlen, len);
+        return call_int_hook(socket_getpeersec_stream, 0, sock, optval,
+                                optlen, len);
 }
 int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
 {
-        return security_ops->socket_getpeersec_dgram(sock, skb, secid);
+        return call_int_hook(socket_getpeersec_dgram, 0, sock, skb, secid);
 }
 EXPORT_SYMBOL(security_socket_getpeersec_dgram);
 int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
 {
-        return security_ops->sk_alloc_security(sk, family, priority);
+        return call_int_hook(sk_alloc_security, 0, sk, family, priority);
 }
 void security_sk_free(struct sock *sk)
 {
-        security_ops->sk_free_security(sk);
+        call_void_hook(sk_free_security, sk);
 }
 void security_sk_clone(const struct sock *sk, struct sock *newsk)
 {
-        security_ops->sk_clone_security(sk, newsk);
+        call_void_hook(sk_clone_security, sk, newsk);
 }
 EXPORT_SYMBOL(security_sk_clone);
 void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
 {
-        security_ops->sk_getsecid(sk, &fl->flowi_secid);
+        call_void_hook(sk_getsecid, sk, &fl->flowi_secid);
 }
 EXPORT_SYMBOL(security_sk_classify_flow);
 void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
 {
-        security_ops->req_classify_flow(req, fl);
+        call_void_hook(req_classify_flow, req, fl);
 }
 EXPORT_SYMBOL(security_req_classify_flow);
 void security_sock_graft(struct sock *sk, struct socket *parent)
 {
-        security_ops->sock_graft(sk, parent);
+        call_void_hook(sock_graft, sk, parent);
 }
 EXPORT_SYMBOL(security_sock_graft);
 int security_inet_conn_request(struct sock *sk,
                        struct sk_buff *skb, struct request_sock *req)
 {
-        return security_ops->inet_conn_request(sk, skb, req);
+        return call_int_hook(inet_conn_request, 0, sk, skb, req);
 }
 EXPORT_SYMBOL(security_inet_conn_request);
 void security_inet_csk_clone(struct sock *newsk,
                        const struct request_sock *req)
 {
-        security_ops->inet_csk_clone(newsk, req);
+        call_void_hook(inet_csk_clone, newsk, req);
 }
 void security_inet_conn_established(struct sock *sk,
                        struct sk_buff *skb)
 {
-        security_ops->inet_conn_established(sk, skb);
+        call_void_hook(inet_conn_established, sk, skb);
 }
 int security_secmark_relabel_packet(u32 secid)
 {
-        return security_ops->secmark_relabel_packet(secid);
+        return call_int_hook(secmark_relabel_packet, 0, secid);
 }
 EXPORT_SYMBOL(security_secmark_relabel_packet);
 void security_secmark_refcount_inc(void)
 {
-        security_ops->secmark_refcount_inc();
+        call_void_hook(secmark_refcount_inc);
 }
 EXPORT_SYMBOL(security_secmark_refcount_inc);
 void security_secmark_refcount_dec(void)
 {
-        security_ops->secmark_refcount_dec();
+        call_void_hook(secmark_refcount_dec);
 }
 EXPORT_SYMBOL(security_secmark_refcount_dec);
 int security_tun_dev_alloc_security(void **security)
 {
-        return security_ops->tun_dev_alloc_security(security);
+        return call_int_hook(tun_dev_alloc_security, 0, security);
 }
 EXPORT_SYMBOL(security_tun_dev_alloc_security);
 void security_tun_dev_free_security(void *security)
 {
-        security_ops->tun_dev_free_security(security);
+        call_void_hook(tun_dev_free_security, security);
 }
 EXPORT_SYMBOL(security_tun_dev_free_security);
 int security_tun_dev_create(void)
 {
-        return security_ops->tun_dev_create();
+        return call_int_hook(tun_dev_create, 0);
 }
 EXPORT_SYMBOL(security_tun_dev_create);
 int security_tun_dev_attach_queue(void *security)
 {
-        return security_ops->tun_dev_attach_queue(security);
+        return call_int_hook(tun_dev_attach_queue, 0, security);
 }
 EXPORT_SYMBOL(security_tun_dev_attach_queue);
 int security_tun_dev_attach(struct sock *sk, void *security)
 {
-        return security_ops->tun_dev_attach(sk, security);
+        return call_int_hook(tun_dev_attach, 0, sk, security);
 }
 EXPORT_SYMBOL(security_tun_dev_attach);
 int security_tun_dev_open(void *security)
 {
-        return security_ops->tun_dev_open(security);
+        return call_int_hook(tun_dev_open, 0, security);
 }
 EXPORT_SYMBOL(security_tun_dev_open);
@@ -1367,71 +1384,72 @@ int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
                               struct xfrm_user_sec_ctx *sec_ctx,
                               gfp_t gfp)
 {
-        return security_ops->xfrm_policy_alloc_security(ctxp, sec_ctx, gfp);
+        return call_int_hook(xfrm_policy_alloc_security, 0, ctxp, sec_ctx, gfp);
 }
 EXPORT_SYMBOL(security_xfrm_policy_alloc);
 int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
                              struct xfrm_sec_ctx **new_ctxp)
 {
-        return security_ops->xfrm_policy_clone_security(old_ctx, new_ctxp);
+        return call_int_hook(xfrm_policy_clone_security, 0, old_ctx, new_ctxp);
 }
 void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
 {
-        security_ops->xfrm_policy_free_security(ctx);
+        call_void_hook(xfrm_policy_free_security, ctx);
 }
 EXPORT_SYMBOL(security_xfrm_policy_free);
 int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
 {
-        return security_ops->xfrm_policy_delete_security(ctx);
+        return call_int_hook(xfrm_policy_delete_security, 0, ctx);
 }
 int security_xfrm_state_alloc(struct xfrm_state *x,
                              struct xfrm_user_sec_ctx *sec_ctx)
 {
-        return security_ops->xfrm_state_alloc(x, sec_ctx);
+        return call_int_hook(xfrm_state_alloc, 0, x, sec_ctx);
 }
 EXPORT_SYMBOL(security_xfrm_state_alloc);
 int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
                                      struct xfrm_sec_ctx *polsec, u32 secid)
 {
-        return security_ops->xfrm_state_alloc_acquire(x, polsec, secid);
+        return call_int_hook(xfrm_state_alloc_acquire, 0, x, polsec, secid);
 }
 int security_xfrm_state_delete(struct xfrm_state *x)
 {
-        return security_ops->xfrm_state_delete_security(x);
+        return call_int_hook(xfrm_state_delete_security, 0, x);
 }
 EXPORT_SYMBOL(security_xfrm_state_delete);
 void security_xfrm_state_free(struct xfrm_state *x)
 {
-        security_ops->xfrm_state_free_security(x);
+        call_void_hook(xfrm_state_free_security, x);
 }
 int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
 {
-        return security_ops->xfrm_policy_lookup(ctx, fl_secid, dir);
+        return call_int_hook(xfrm_policy_lookup, 0, ctx, fl_secid, dir);
 }
 int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
                                       struct xfrm_policy *xp,
                                       const struct flowi *fl)
 {
-        return security_ops->xfrm_state_pol_flow_match(x, xp, fl);
+        return call_int_hook(xfrm_state_pol_flow_match, 0, x, xp, fl);
 }
 int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
 {
-        return security_ops->xfrm_decode_session(skb, secid, 1);
+        return call_int_hook(xfrm_decode_session, 0, skb, secid, 1);
 }
 void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
 {
-        int rc = security_ops->xfrm_decode_session(skb, &fl->flowi_secid, 0);
+        int rc = call_int_hook(xfrm_decode_session, 0, skb, &fl->flowi_secid,
+                                0);
        BUG_ON(rc);
 }
@@ -1444,23 +1462,23 @@ EXPORT_SYMBOL(security_skb_classify_flow);
 int security_key_alloc(struct key *key, const struct cred *cred,
                       unsigned long flags)
 {
-        return security_ops->key_alloc(key, cred, flags);
+        return call_int_hook(key_alloc, 0, key, cred, flags);
 }
 void security_key_free(struct key *key)
 {
-        security_ops->key_free(key);
+        call_void_hook(key_free, key);
 }
 int security_key_permission(key_ref_t key_ref,
                            const struct cred *cred, unsigned perm)
 {
-        return security_ops->key_permission(key_ref, cred, perm);
+        return call_int_hook(key_permission, 0, key_ref, cred, perm);
 }
 int security_key_getsecurity(struct key *key, char **_buffer)
 {
-        return security_ops->key_getsecurity(key, _buffer);
+        return call_int_hook(key_getsecurity, 0, key, _buffer);
 }
 #endif  /* CONFIG_KEYS */
@@ -1469,23 +1487,24 @@ int security_key_getsecurity(struct key *key, char **_buffer)
 int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
 {
-        return security_ops->audit_rule_init(field, op, rulestr, lsmrule);
+        return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule);
 }
 int security_audit_rule_known(struct audit_krule *krule)
 {
-        return security_ops->audit_rule_known(krule);
+        return call_int_hook(audit_rule_known, 0, krule);
 }
 void security_audit_rule_free(void *lsmrule)
 {
-        security_ops->audit_rule_free(lsmrule);
+        call_void_hook(audit_rule_free, lsmrule);
 }
 int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
                              struct audit_context *actx)
 {
-        return security_ops->audit_rule_match(secid, field, op, lsmrule, actx);
+        return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule,
+                                actx);
 }
 #endif /* CONFIG_AUDIT */