1 files changed, 26 insertions, 356 deletions
diff --git a/security/security.c b/security/security.c
index d0e07f269b2d..b9fea3999cf8 100644
--- a/security/security.c
+++ b/security/security.c
@@ -32,6 +32,7 @@
 /* Maximum number of letters for an LSM name string */
 #define SECURITY_NAME_MAX       10
+struct security_hook_heads security_hook_heads __lsm_ro_after_init;
 char *lsm_names;
 /* Boot-time LSM user choice */
 static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
@@ -54,6 +55,12 @@ static void __init do_security_initcalls(void)
 */
 int __init security_init(void)
 {
+        int i;
+        struct list_head *list = (struct list_head *) &security_hook_heads;
+        for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct list_head);
+             i++)
+                INIT_LIST_HEAD(&list[i]);
        pr_info("Security Framework initialized\n");
        /*
@@ -103,10 +110,14 @@ static int lsm_append(char *new, char **result)
 * to avoid security registration races. This method may also be used
 * to check if your LSM is currently loaded during kernel initialization.
 *
- * Return true if:
+ * Returns:
- *      -The passed LSM is the one chosen by user at boot time,
+ *
- *      -or the passed LSM is configured as the default and the user did not
+ * true if:
- *       choose an alternate LSM at boot time.
+ *
+ * - The passed LSM is the one chosen by user at boot time,
+ * - or the passed LSM is configured as the default and the user did not
+ *   choose an alternate LSM at boot time.
+ *
 * Otherwise, return false.
 */
 int __init security_module_enable(const char *module)
@@ -930,6 +941,11 @@ int security_task_create(unsigned long clone_flags)
        return call_int_hook(task_create, 0, clone_flags);
 }
+int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
+{
+        return call_int_hook(task_alloc, 0, task, clone_flags);
+}
 void security_task_free(struct task_struct *task)
 {
        call_void_hook(task_free, task);
@@ -1036,6 +1052,12 @@ int security_task_getioprio(struct task_struct *p)
        return call_int_hook(task_getioprio, 0, p);
 }
+int security_task_prlimit(const struct cred *cred, const struct cred *tcred,
+                          unsigned int flags)
+{
+        return call_int_hook(task_prlimit, 0, cred, tcred, flags);
+}
 int security_task_setrlimit(struct task_struct *p, unsigned int resource,
                struct rlimit *new_rlim)
 {
@@ -1621,355 +1643,3 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
                                actx);
 }
 #endif /* CONFIG_AUDIT */
-struct security_hook_heads security_hook_heads = {
-        .binder_set_context_mgr =
-                LIST_HEAD_INIT(security_hook_heads.binder_set_context_mgr),
-        .binder_transaction =
-                LIST_HEAD_INIT(security_hook_heads.binder_transaction),
-        .binder_transfer_binder =
-                LIST_HEAD_INIT(security_hook_heads.binder_transfer_binder),
-        .binder_transfer_file =
-                LIST_HEAD_INIT(security_hook_heads.binder_transfer_file),
-        .ptrace_access_check =
-                LIST_HEAD_INIT(security_hook_heads.ptrace_access_check),
-        .ptrace_traceme =
-                LIST_HEAD_INIT(security_hook_heads.ptrace_traceme),
-        .capget =       LIST_HEAD_INIT(security_hook_heads.capget),
-        .capset =       LIST_HEAD_INIT(security_hook_heads.capset),
-        .capable =      LIST_HEAD_INIT(security_hook_heads.capable),
-        .quotactl =     LIST_HEAD_INIT(security_hook_heads.quotactl),
-        .quota_on =     LIST_HEAD_INIT(security_hook_heads.quota_on),
-        .syslog =       LIST_HEAD_INIT(security_hook_heads.syslog),
-        .settime =      LIST_HEAD_INIT(security_hook_heads.settime),
-        .vm_enough_memory =
-                LIST_HEAD_INIT(security_hook_heads.vm_enough_memory),
-        .bprm_set_creds =
-                LIST_HEAD_INIT(security_hook_heads.bprm_set_creds),
-        .bprm_check_security =
-                LIST_HEAD_INIT(security_hook_heads.bprm_check_security),
-        .bprm_secureexec =
-                LIST_HEAD_INIT(security_hook_heads.bprm_secureexec),
-        .bprm_committing_creds =
-                LIST_HEAD_INIT(security_hook_heads.bprm_committing_creds),
-        .bprm_committed_creds =
-                LIST_HEAD_INIT(security_hook_heads.bprm_committed_creds),
-        .sb_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.sb_alloc_security),
-        .sb_free_security =
-                LIST_HEAD_INIT(security_hook_heads.sb_free_security),
-        .sb_copy_data = LIST_HEAD_INIT(security_hook_heads.sb_copy_data),
-        .sb_remount =   LIST_HEAD_INIT(security_hook_heads.sb_remount),
-        .sb_kern_mount =
-                LIST_HEAD_INIT(security_hook_heads.sb_kern_mount),
-        .sb_show_options =
-                LIST_HEAD_INIT(security_hook_heads.sb_show_options),
-        .sb_statfs =    LIST_HEAD_INIT(security_hook_heads.sb_statfs),
-        .sb_mount =     LIST_HEAD_INIT(security_hook_heads.sb_mount),
-        .sb_umount =    LIST_HEAD_INIT(security_hook_heads.sb_umount),
-        .sb_pivotroot = LIST_HEAD_INIT(security_hook_heads.sb_pivotroot),
-        .sb_set_mnt_opts =
-                LIST_HEAD_INIT(security_hook_heads.sb_set_mnt_opts),
-        .sb_clone_mnt_opts =
-                LIST_HEAD_INIT(security_hook_heads.sb_clone_mnt_opts),
-        .sb_parse_opts_str =
-                LIST_HEAD_INIT(security_hook_heads.sb_parse_opts_str),
-        .dentry_init_security =
-                LIST_HEAD_INIT(security_hook_heads.dentry_init_security),
-        .dentry_create_files_as =
-                LIST_HEAD_INIT(security_hook_heads.dentry_create_files_as),
-#ifdef CONFIG_SECURITY_PATH
-        .path_unlink =  LIST_HEAD_INIT(security_hook_heads.path_unlink),
-        .path_mkdir =   LIST_HEAD_INIT(security_hook_heads.path_mkdir),
-        .path_rmdir =   LIST_HEAD_INIT(security_hook_heads.path_rmdir),
-        .path_mknod =   LIST_HEAD_INIT(security_hook_heads.path_mknod),
-        .path_truncate =
-                LIST_HEAD_INIT(security_hook_heads.path_truncate),
-        .path_symlink = LIST_HEAD_INIT(security_hook_heads.path_symlink),
-        .path_link =    LIST_HEAD_INIT(security_hook_heads.path_link),
-        .path_rename =  LIST_HEAD_INIT(security_hook_heads.path_rename),
-        .path_chmod =   LIST_HEAD_INIT(security_hook_heads.path_chmod),
-        .path_chown =   LIST_HEAD_INIT(security_hook_heads.path_chown),
-        .path_chroot =  LIST_HEAD_INIT(security_hook_heads.path_chroot),
-#endif
-        .inode_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.inode_alloc_security),
-        .inode_free_security =
-                LIST_HEAD_INIT(security_hook_heads.inode_free_security),
-        .inode_init_security =
-                LIST_HEAD_INIT(security_hook_heads.inode_init_security),
-        .inode_create = LIST_HEAD_INIT(security_hook_heads.inode_create),
-        .inode_link =   LIST_HEAD_INIT(security_hook_heads.inode_link),
-        .inode_unlink = LIST_HEAD_INIT(security_hook_heads.inode_unlink),
-        .inode_symlink =
-                LIST_HEAD_INIT(security_hook_heads.inode_symlink),
-        .inode_mkdir =  LIST_HEAD_INIT(security_hook_heads.inode_mkdir),
-        .inode_rmdir =  LIST_HEAD_INIT(security_hook_heads.inode_rmdir),
-        .inode_mknod =  LIST_HEAD_INIT(security_hook_heads.inode_mknod),
-        .inode_rename = LIST_HEAD_INIT(security_hook_heads.inode_rename),
-        .inode_readlink =
-                LIST_HEAD_INIT(security_hook_heads.inode_readlink),
-        .inode_follow_link =
-                LIST_HEAD_INIT(security_hook_heads.inode_follow_link),
-        .inode_permission =
-                LIST_HEAD_INIT(security_hook_heads.inode_permission),
-        .inode_setattr =
-                LIST_HEAD_INIT(security_hook_heads.inode_setattr),
-        .inode_getattr =
-                LIST_HEAD_INIT(security_hook_heads.inode_getattr),
-        .inode_setxattr =
-                LIST_HEAD_INIT(security_hook_heads.inode_setxattr),
-        .inode_post_setxattr =
-                LIST_HEAD_INIT(security_hook_heads.inode_post_setxattr),
-        .inode_getxattr =
-                LIST_HEAD_INIT(security_hook_heads.inode_getxattr),
-        .inode_listxattr =
-                LIST_HEAD_INIT(security_hook_heads.inode_listxattr),
-        .inode_removexattr =
-                LIST_HEAD_INIT(security_hook_heads.inode_removexattr),
-        .inode_need_killpriv =
-                LIST_HEAD_INIT(security_hook_heads.inode_need_killpriv),
-        .inode_killpriv =
-                LIST_HEAD_INIT(security_hook_heads.inode_killpriv),
-        .inode_getsecurity =
-                LIST_HEAD_INIT(security_hook_heads.inode_getsecurity),
-        .inode_setsecurity =
-                LIST_HEAD_INIT(security_hook_heads.inode_setsecurity),
-        .inode_listsecurity =
-                LIST_HEAD_INIT(security_hook_heads.inode_listsecurity),
-        .inode_getsecid =
-                LIST_HEAD_INIT(security_hook_heads.inode_getsecid),
-        .inode_copy_up =
-                LIST_HEAD_INIT(security_hook_heads.inode_copy_up),
-        .inode_copy_up_xattr =
-                LIST_HEAD_INIT(security_hook_heads.inode_copy_up_xattr),
-        .file_permission =
-                LIST_HEAD_INIT(security_hook_heads.file_permission),
-        .file_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.file_alloc_security),
-        .file_free_security =
-                LIST_HEAD_INIT(security_hook_heads.file_free_security),
-        .file_ioctl =   LIST_HEAD_INIT(security_hook_heads.file_ioctl),
-        .mmap_addr =    LIST_HEAD_INIT(security_hook_heads.mmap_addr),
-        .mmap_file =    LIST_HEAD_INIT(security_hook_heads.mmap_file),
-        .file_mprotect =
-                LIST_HEAD_INIT(security_hook_heads.file_mprotect),
-        .file_lock =    LIST_HEAD_INIT(security_hook_heads.file_lock),
-        .file_fcntl =   LIST_HEAD_INIT(security_hook_heads.file_fcntl),
-        .file_set_fowner =
-                LIST_HEAD_INIT(security_hook_heads.file_set_fowner),
-        .file_send_sigiotask =
-                LIST_HEAD_INIT(security_hook_heads.file_send_sigiotask),
-        .file_receive = LIST_HEAD_INIT(security_hook_heads.file_receive),
-        .file_open =    LIST_HEAD_INIT(security_hook_heads.file_open),
-        .task_create =  LIST_HEAD_INIT(security_hook_heads.task_create),
-        .task_free =    LIST_HEAD_INIT(security_hook_heads.task_free),
-        .cred_alloc_blank =
-                LIST_HEAD_INIT(security_hook_heads.cred_alloc_blank),
-        .cred_free =    LIST_HEAD_INIT(security_hook_heads.cred_free),
-        .cred_prepare = LIST_HEAD_INIT(security_hook_heads.cred_prepare),
-        .cred_transfer =
-                LIST_HEAD_INIT(security_hook_heads.cred_transfer),
-        .kernel_act_as =
-                LIST_HEAD_INIT(security_hook_heads.kernel_act_as),
-        .kernel_create_files_as =
-                LIST_HEAD_INIT(security_hook_heads.kernel_create_files_as),
-        .kernel_module_request =
-                LIST_HEAD_INIT(security_hook_heads.kernel_module_request),
-        .kernel_read_file =
-                LIST_HEAD_INIT(security_hook_heads.kernel_read_file),
-        .kernel_post_read_file =
-                LIST_HEAD_INIT(security_hook_heads.kernel_post_read_file),
-        .task_fix_setuid =
-                LIST_HEAD_INIT(security_hook_heads.task_fix_setuid),
-        .task_setpgid = LIST_HEAD_INIT(security_hook_heads.task_setpgid),
-        .task_getpgid = LIST_HEAD_INIT(security_hook_heads.task_getpgid),
-        .task_getsid =  LIST_HEAD_INIT(security_hook_heads.task_getsid),
-        .task_getsecid =
-                LIST_HEAD_INIT(security_hook_heads.task_getsecid),
-        .task_setnice = LIST_HEAD_INIT(security_hook_heads.task_setnice),
-        .task_setioprio =
-                LIST_HEAD_INIT(security_hook_heads.task_setioprio),
-        .task_getioprio =
-                LIST_HEAD_INIT(security_hook_heads.task_getioprio),
-        .task_setrlimit =
-                LIST_HEAD_INIT(security_hook_heads.task_setrlimit),
-        .task_setscheduler =
-                LIST_HEAD_INIT(security_hook_heads.task_setscheduler),
-        .task_getscheduler =
-                LIST_HEAD_INIT(security_hook_heads.task_getscheduler),
-        .task_movememory =
-                LIST_HEAD_INIT(security_hook_heads.task_movememory),
-        .task_kill =    LIST_HEAD_INIT(security_hook_heads.task_kill),
-        .task_prctl =   LIST_HEAD_INIT(security_hook_heads.task_prctl),
-        .task_to_inode =
-                LIST_HEAD_INIT(security_hook_heads.task_to_inode),
-        .ipc_permission =
-                LIST_HEAD_INIT(security_hook_heads.ipc_permission),
-        .ipc_getsecid = LIST_HEAD_INIT(security_hook_heads.ipc_getsecid),
-        .msg_msg_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.msg_msg_alloc_security),
-        .msg_msg_free_security =
-                LIST_HEAD_INIT(security_hook_heads.msg_msg_free_security),
-        .msg_queue_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.msg_queue_alloc_security),
-        .msg_queue_free_security =
-                LIST_HEAD_INIT(security_hook_heads.msg_queue_free_security),
-        .msg_queue_associate =
-                LIST_HEAD_INIT(security_hook_heads.msg_queue_associate),
-        .msg_queue_msgctl =
-                LIST_HEAD_INIT(security_hook_heads.msg_queue_msgctl),
-        .msg_queue_msgsnd =
-                LIST_HEAD_INIT(security_hook_heads.msg_queue_msgsnd),
-        .msg_queue_msgrcv =
-                LIST_HEAD_INIT(security_hook_heads.msg_queue_msgrcv),
-        .shm_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.shm_alloc_security),
-        .shm_free_security =
-                LIST_HEAD_INIT(security_hook_heads.shm_free_security),
-        .shm_associate =
-                LIST_HEAD_INIT(security_hook_heads.shm_associate),
-        .shm_shmctl =   LIST_HEAD_INIT(security_hook_heads.shm_shmctl),
-        .shm_shmat =    LIST_HEAD_INIT(security_hook_heads.shm_shmat),
-        .sem_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.sem_alloc_security),
-        .sem_free_security =
-                LIST_HEAD_INIT(security_hook_heads.sem_free_security),
-        .sem_associate =
-                LIST_HEAD_INIT(security_hook_heads.sem_associate),
-        .sem_semctl =   LIST_HEAD_INIT(security_hook_heads.sem_semctl),
-        .sem_semop =    LIST_HEAD_INIT(security_hook_heads.sem_semop),
-        .netlink_send = LIST_HEAD_INIT(security_hook_heads.netlink_send),
-        .d_instantiate =
-                LIST_HEAD_INIT(security_hook_heads.d_instantiate),
-        .getprocattr =  LIST_HEAD_INIT(security_hook_heads.getprocattr),
-        .setprocattr =  LIST_HEAD_INIT(security_hook_heads.setprocattr),
-        .ismaclabel =   LIST_HEAD_INIT(security_hook_heads.ismaclabel),
-        .secid_to_secctx =
-                LIST_HEAD_INIT(security_hook_heads.secid_to_secctx),
-        .secctx_to_secid =
-                LIST_HEAD_INIT(security_hook_heads.secctx_to_secid),
-        .release_secctx =
-                LIST_HEAD_INIT(security_hook_heads.release_secctx),
-        .inode_invalidate_secctx =
-                LIST_HEAD_INIT(security_hook_heads.inode_invalidate_secctx),
-        .inode_notifysecctx =
-                LIST_HEAD_INIT(security_hook_heads.inode_notifysecctx),
-        .inode_setsecctx =
-                LIST_HEAD_INIT(security_hook_heads.inode_setsecctx),
-        .inode_getsecctx =
-                LIST_HEAD_INIT(security_hook_heads.inode_getsecctx),
-#ifdef CONFIG_SECURITY_NETWORK
-        .unix_stream_connect =
-                LIST_HEAD_INIT(security_hook_heads.unix_stream_connect),
-        .unix_may_send =
-                LIST_HEAD_INIT(security_hook_heads.unix_may_send),
-        .socket_create =
-                LIST_HEAD_INIT(security_hook_heads.socket_create),
-        .socket_post_create =
-                LIST_HEAD_INIT(security_hook_heads.socket_post_create),
-        .socket_bind =  LIST_HEAD_INIT(security_hook_heads.socket_bind),
-        .socket_connect =
-                LIST_HEAD_INIT(security_hook_heads.socket_connect),
-        .socket_listen =
-                LIST_HEAD_INIT(security_hook_heads.socket_listen),
-        .socket_accept =
-                LIST_HEAD_INIT(security_hook_heads.socket_accept),
-        .socket_sendmsg =
-                LIST_HEAD_INIT(security_hook_heads.socket_sendmsg),
-        .socket_recvmsg =
-                LIST_HEAD_INIT(security_hook_heads.socket_recvmsg),
-        .socket_getsockname =
-                LIST_HEAD_INIT(security_hook_heads.socket_getsockname),
-        .socket_getpeername =
-                LIST_HEAD_INIT(security_hook_heads.socket_getpeername),
-        .socket_getsockopt =
-                LIST_HEAD_INIT(security_hook_heads.socket_getsockopt),
-        .socket_setsockopt =
-                LIST_HEAD_INIT(security_hook_heads.socket_setsockopt),
-        .socket_shutdown =
-                LIST_HEAD_INIT(security_hook_heads.socket_shutdown),
-        .socket_sock_rcv_skb =
-                LIST_HEAD_INIT(security_hook_heads.socket_sock_rcv_skb),
-        .socket_getpeersec_stream =
-                LIST_HEAD_INIT(security_hook_heads.socket_getpeersec_stream),
-        .socket_getpeersec_dgram =
-                LIST_HEAD_INIT(security_hook_heads.socket_getpeersec_dgram),
-        .sk_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.sk_alloc_security),
-        .sk_free_security =
-                LIST_HEAD_INIT(security_hook_heads.sk_free_security),
-        .sk_clone_security =
-                LIST_HEAD_INIT(security_hook_heads.sk_clone_security),
-        .sk_getsecid =  LIST_HEAD_INIT(security_hook_heads.sk_getsecid),
-        .sock_graft =   LIST_HEAD_INIT(security_hook_heads.sock_graft),
-        .inet_conn_request =
-                LIST_HEAD_INIT(security_hook_heads.inet_conn_request),
-        .inet_csk_clone =
-                LIST_HEAD_INIT(security_hook_heads.inet_csk_clone),
-        .inet_conn_established =
-                LIST_HEAD_INIT(security_hook_heads.inet_conn_established),
-        .secmark_relabel_packet =
-                LIST_HEAD_INIT(security_hook_heads.secmark_relabel_packet),
-        .secmark_refcount_inc =
-                LIST_HEAD_INIT(security_hook_heads.secmark_refcount_inc),
-        .secmark_refcount_dec =
-                LIST_HEAD_INIT(security_hook_heads.secmark_refcount_dec),
-        .req_classify_flow =
-                LIST_HEAD_INIT(security_hook_heads.req_classify_flow),
-        .tun_dev_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.tun_dev_alloc_security),
-        .tun_dev_free_security =
-                LIST_HEAD_INIT(security_hook_heads.tun_dev_free_security),
-        .tun_dev_create =
-                LIST_HEAD_INIT(security_hook_heads.tun_dev_create),
-        .tun_dev_attach_queue =
-                LIST_HEAD_INIT(security_hook_heads.tun_dev_attach_queue),
-        .tun_dev_attach =
-                LIST_HEAD_INIT(security_hook_heads.tun_dev_attach),
-        .tun_dev_open = LIST_HEAD_INIT(security_hook_heads.tun_dev_open),
-#endif  /* CONFIG_SECURITY_NETWORK */
-#ifdef CONFIG_SECURITY_NETWORK_XFRM
-        .xfrm_policy_alloc_security =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_policy_alloc_security),
-        .xfrm_policy_clone_security =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_policy_clone_security),
-        .xfrm_policy_free_security =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_policy_free_security),
-        .xfrm_policy_delete_security =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_policy_delete_security),
-        .xfrm_state_alloc =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_state_alloc),
-        .xfrm_state_alloc_acquire =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_state_alloc_acquire),
-        .xfrm_state_free_security =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_state_free_security),
-        .xfrm_state_delete_security =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_state_delete_security),
-        .xfrm_policy_lookup =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_policy_lookup),
-        .xfrm_state_pol_flow_match =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_state_pol_flow_match),
-        .xfrm_decode_session =
-                LIST_HEAD_INIT(security_hook_heads.xfrm_decode_session),
-#endif  /* CONFIG_SECURITY_NETWORK_XFRM */
-#ifdef CONFIG_KEYS
-        .key_alloc =    LIST_HEAD_INIT(security_hook_heads.key_alloc),
-        .key_free =     LIST_HEAD_INIT(security_hook_heads.key_free),
-        .key_permission =
-                LIST_HEAD_INIT(security_hook_heads.key_permission),
-        .key_getsecurity =
-                LIST_HEAD_INIT(security_hook_heads.key_getsecurity),
-#endif  /* CONFIG_KEYS */
-#ifdef CONFIG_AUDIT
-        .audit_rule_init =
-                LIST_HEAD_INIT(security_hook_heads.audit_rule_init),
-        .audit_rule_known =
-                LIST_HEAD_INIT(security_hook_heads.audit_rule_known),
-        .audit_rule_match =
-                LIST_HEAD_INIT(security_hook_heads.audit_rule_match),
-        .audit_rule_free =
-                LIST_HEAD_INIT(security_hook_heads.audit_rule_free),
-#endif /* CONFIG_AUDIT */
-};

diff --git a/security/security.c b/security/security.c index d0e07f269b2d..b9fea3999cf8 100644 --- a/security/security.c +++ b/security/security.c
@@ -32,6 +32,7 @@
32	/* Maximum number of letters for an LSM name string */	32	/* Maximum number of letters for an LSM name string */
33	#define SECURITY_NAME_MAX 10	33	#define SECURITY_NAME_MAX 10
34		34
		35	struct security_hook_heads security_hook_heads __lsm_ro_after_init;
35	char *lsm_names;	36	char *lsm_names;
36	/* Boot-time LSM user choice */	37	/* Boot-time LSM user choice */
37	static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =	38	static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
@@ -54,6 +55,12 @@ static void __init do_security_initcalls(void)
54	*/	55	*/
55	int __init security_init(void)	56	int __init security_init(void)
56	{	57	{
		58	int i;
		59	struct list_head list = (struct list_head ) &security_hook_heads;
		60
		61	for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct list_head);
		62	i++)
		63	INIT_LIST_HEAD(&list[i]);
57	pr_info("Security Framework initialized\n");	64	pr_info("Security Framework initialized\n");
58		65
59	/*	66	/*
@@ -103,10 +110,14 @@ static int lsm_append(char new, char *result)
103	* to avoid security registration races. This method may also be used	110	* to avoid security registration races. This method may also be used
104	* to check if your LSM is currently loaded during kernel initialization.	111	* to check if your LSM is currently loaded during kernel initialization.
105	*	112	*
106	* Return true if:	113	* Returns:
107	* -The passed LSM is the one chosen by user at boot time,	114	*
108	* -or the passed LSM is configured as the default and the user did not	115	* true if:
109	* choose an alternate LSM at boot time.	116	*
		117	* - The passed LSM is the one chosen by user at boot time,
		118	* - or the passed LSM is configured as the default and the user did not
		119	* choose an alternate LSM at boot time.
		120	*
110	* Otherwise, return false.	121	* Otherwise, return false.
111	*/	122	*/
112	int __init security_module_enable(const char *module)	123	int __init security_module_enable(const char *module)
@@ -930,6 +941,11 @@ int security_task_create(unsigned long clone_flags)
930	return call_int_hook(task_create, 0, clone_flags);	941	return call_int_hook(task_create, 0, clone_flags);
931	}	942	}
932		943
		944	int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
		945	{
		946	return call_int_hook(task_alloc, 0, task, clone_flags);
		947	}
		948
933	void security_task_free(struct task_struct *task)	949	void security_task_free(struct task_struct *task)
934	{	950	{
935	call_void_hook(task_free, task);	951	call_void_hook(task_free, task);
@@ -1036,6 +1052,12 @@ int security_task_getioprio(struct task_struct *p)
1036	return call_int_hook(task_getioprio, 0, p);	1052	return call_int_hook(task_getioprio, 0, p);
1037	}	1053	}
1038		1054
		1055	int security_task_prlimit(const struct cred cred, const struct cred tcred,
		1056	unsigned int flags)
		1057	{
		1058	return call_int_hook(task_prlimit, 0, cred, tcred, flags);
		1059	}
		1060
1039	int security_task_setrlimit(struct task_struct *p, unsigned int resource,	1061	int security_task_setrlimit(struct task_struct *p, unsigned int resource,
1040	struct rlimit *new_rlim)	1062	struct rlimit *new_rlim)
1041	{	1063	{
@@ -1621,355 +1643,3 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
1621	actx);	1643	actx);
1622	}	1644	}
1623	#endif /* CONFIG_AUDIT */	1645	#endif /* CONFIG_AUDIT */
1624
1625	struct security_hook_heads security_hook_heads = {
1626	.binder_set_context_mgr =
1627	LIST_HEAD_INIT(security_hook_heads.binder_set_context_mgr),
1628	.binder_transaction =
1629	LIST_HEAD_INIT(security_hook_heads.binder_transaction),
1630	.binder_transfer_binder =
1631	LIST_HEAD_INIT(security_hook_heads.binder_transfer_binder),
1632	.binder_transfer_file =
1633	LIST_HEAD_INIT(security_hook_heads.binder_transfer_file),
1634
1635	.ptrace_access_check =
1636	LIST_HEAD_INIT(security_hook_heads.ptrace_access_check),
1637	.ptrace_traceme =
1638	LIST_HEAD_INIT(security_hook_heads.ptrace_traceme),
1639	.capget = LIST_HEAD_INIT(security_hook_heads.capget),
1640	.capset = LIST_HEAD_INIT(security_hook_heads.capset),
1641	.capable = LIST_HEAD_INIT(security_hook_heads.capable),
1642	.quotactl = LIST_HEAD_INIT(security_hook_heads.quotactl),
1643	.quota_on = LIST_HEAD_INIT(security_hook_heads.quota_on),
1644	.syslog = LIST_HEAD_INIT(security_hook_heads.syslog),
1645	.settime = LIST_HEAD_INIT(security_hook_heads.settime),
1646	.vm_enough_memory =
1647	LIST_HEAD_INIT(security_hook_heads.vm_enough_memory),
1648	.bprm_set_creds =
1649	LIST_HEAD_INIT(security_hook_heads.bprm_set_creds),
1650	.bprm_check_security =
1651	LIST_HEAD_INIT(security_hook_heads.bprm_check_security),
1652	.bprm_secureexec =
1653	LIST_HEAD_INIT(security_hook_heads.bprm_secureexec),
1654	.bprm_committing_creds =
1655	LIST_HEAD_INIT(security_hook_heads.bprm_committing_creds),
1656	.bprm_committed_creds =
1657	LIST_HEAD_INIT(security_hook_heads.bprm_committed_creds),
1658	.sb_alloc_security =
1659	LIST_HEAD_INIT(security_hook_heads.sb_alloc_security),
1660	.sb_free_security =
1661	LIST_HEAD_INIT(security_hook_heads.sb_free_security),
1662	.sb_copy_data = LIST_HEAD_INIT(security_hook_heads.sb_copy_data),
1663	.sb_remount = LIST_HEAD_INIT(security_hook_heads.sb_remount),
1664	.sb_kern_mount =
1665	LIST_HEAD_INIT(security_hook_heads.sb_kern_mount),
1666	.sb_show_options =
1667	LIST_HEAD_INIT(security_hook_heads.sb_show_options),
1668	.sb_statfs = LIST_HEAD_INIT(security_hook_heads.sb_statfs),
1669	.sb_mount = LIST_HEAD_INIT(security_hook_heads.sb_mount),
1670	.sb_umount = LIST_HEAD_INIT(security_hook_heads.sb_umount),
1671	.sb_pivotroot = LIST_HEAD_INIT(security_hook_heads.sb_pivotroot),
1672	.sb_set_mnt_opts =
1673	LIST_HEAD_INIT(security_hook_heads.sb_set_mnt_opts),
1674	.sb_clone_mnt_opts =
1675	LIST_HEAD_INIT(security_hook_heads.sb_clone_mnt_opts),
1676	.sb_parse_opts_str =
1677	LIST_HEAD_INIT(security_hook_heads.sb_parse_opts_str),
1678	.dentry_init_security =
1679	LIST_HEAD_INIT(security_hook_heads.dentry_init_security),
1680	.dentry_create_files_as =
1681	LIST_HEAD_INIT(security_hook_heads.dentry_create_files_as),
1682	#ifdef CONFIG_SECURITY_PATH
1683	.path_unlink = LIST_HEAD_INIT(security_hook_heads.path_unlink),
1684	.path_mkdir = LIST_HEAD_INIT(security_hook_heads.path_mkdir),
1685	.path_rmdir = LIST_HEAD_INIT(security_hook_heads.path_rmdir),
1686	.path_mknod = LIST_HEAD_INIT(security_hook_heads.path_mknod),
1687	.path_truncate =
1688	LIST_HEAD_INIT(security_hook_heads.path_truncate),
1689	.path_symlink = LIST_HEAD_INIT(security_hook_heads.path_symlink),
1690	.path_link = LIST_HEAD_INIT(security_hook_heads.path_link),
1691	.path_rename = LIST_HEAD_INIT(security_hook_heads.path_rename),
1692	.path_chmod = LIST_HEAD_INIT(security_hook_heads.path_chmod),
1693	.path_chown = LIST_HEAD_INIT(security_hook_heads.path_chown),
1694	.path_chroot = LIST_HEAD_INIT(security_hook_heads.path_chroot),
1695	#endif
1696	.inode_alloc_security =
1697	LIST_HEAD_INIT(security_hook_heads.inode_alloc_security),
1698	.inode_free_security =
1699	LIST_HEAD_INIT(security_hook_heads.inode_free_security),
1700	.inode_init_security =
1701	LIST_HEAD_INIT(security_hook_heads.inode_init_security),
1702	.inode_create = LIST_HEAD_INIT(security_hook_heads.inode_create),
1703	.inode_link = LIST_HEAD_INIT(security_hook_heads.inode_link),
1704	.inode_unlink = LIST_HEAD_INIT(security_hook_heads.inode_unlink),
1705	.inode_symlink =
1706	LIST_HEAD_INIT(security_hook_heads.inode_symlink),
1707	.inode_mkdir = LIST_HEAD_INIT(security_hook_heads.inode_mkdir),
1708	.inode_rmdir = LIST_HEAD_INIT(security_hook_heads.inode_rmdir),
1709	.inode_mknod = LIST_HEAD_INIT(security_hook_heads.inode_mknod),
1710	.inode_rename = LIST_HEAD_INIT(security_hook_heads.inode_rename),
1711	.inode_readlink =
1712	LIST_HEAD_INIT(security_hook_heads.inode_readlink),
1713	.inode_follow_link =
1714	LIST_HEAD_INIT(security_hook_heads.inode_follow_link),
1715	.inode_permission =
1716	LIST_HEAD_INIT(security_hook_heads.inode_permission),
1717	.inode_setattr =
1718	LIST_HEAD_INIT(security_hook_heads.inode_setattr),
1719	.inode_getattr =
1720	LIST_HEAD_INIT(security_hook_heads.inode_getattr),
1721	.inode_setxattr =
1722	LIST_HEAD_INIT(security_hook_heads.inode_setxattr),
1723	.inode_post_setxattr =
1724	LIST_HEAD_INIT(security_hook_heads.inode_post_setxattr),
1725	.inode_getxattr =
1726	LIST_HEAD_INIT(security_hook_heads.inode_getxattr),
1727	.inode_listxattr =
1728	LIST_HEAD_INIT(security_hook_heads.inode_listxattr),
1729	.inode_removexattr =
1730	LIST_HEAD_INIT(security_hook_heads.inode_removexattr),
1731	.inode_need_killpriv =
1732	LIST_HEAD_INIT(security_hook_heads.inode_need_killpriv),
1733	.inode_killpriv =
1734	LIST_HEAD_INIT(security_hook_heads.inode_killpriv),
1735	.inode_getsecurity =
1736	LIST_HEAD_INIT(security_hook_heads.inode_getsecurity),
1737	.inode_setsecurity =
1738	LIST_HEAD_INIT(security_hook_heads.inode_setsecurity),
1739	.inode_listsecurity =
1740	LIST_HEAD_INIT(security_hook_heads.inode_listsecurity),
1741	.inode_getsecid =
1742	LIST_HEAD_INIT(security_hook_heads.inode_getsecid),
1743	.inode_copy_up =
1744	LIST_HEAD_INIT(security_hook_heads.inode_copy_up),
1745	.inode_copy_up_xattr =
1746	LIST_HEAD_INIT(security_hook_heads.inode_copy_up_xattr),
1747	.file_permission =
1748	LIST_HEAD_INIT(security_hook_heads.file_permission),
1749	.file_alloc_security =
1750	LIST_HEAD_INIT(security_hook_heads.file_alloc_security),
1751	.file_free_security =
1752	LIST_HEAD_INIT(security_hook_heads.file_free_security),
1753	.file_ioctl = LIST_HEAD_INIT(security_hook_heads.file_ioctl),
1754	.mmap_addr = LIST_HEAD_INIT(security_hook_heads.mmap_addr),
1755	.mmap_file = LIST_HEAD_INIT(security_hook_heads.mmap_file),
1756	.file_mprotect =
1757	LIST_HEAD_INIT(security_hook_heads.file_mprotect),
1758	.file_lock = LIST_HEAD_INIT(security_hook_heads.file_lock),
1759	.file_fcntl = LIST_HEAD_INIT(security_hook_heads.file_fcntl),
1760	.file_set_fowner =
1761	LIST_HEAD_INIT(security_hook_heads.file_set_fowner),
1762	.file_send_sigiotask =
1763	LIST_HEAD_INIT(security_hook_heads.file_send_sigiotask),
1764	.file_receive = LIST_HEAD_INIT(security_hook_heads.file_receive),
1765	.file_open = LIST_HEAD_INIT(security_hook_heads.file_open),
1766	.task_create = LIST_HEAD_INIT(security_hook_heads.task_create),
1767	.task_free = LIST_HEAD_INIT(security_hook_heads.task_free),
1768	.cred_alloc_blank =
1769	LIST_HEAD_INIT(security_hook_heads.cred_alloc_blank),
1770	.cred_free = LIST_HEAD_INIT(security_hook_heads.cred_free),
1771	.cred_prepare = LIST_HEAD_INIT(security_hook_heads.cred_prepare),
1772	.cred_transfer =
1773	LIST_HEAD_INIT(security_hook_heads.cred_transfer),
1774	.kernel_act_as =
1775	LIST_HEAD_INIT(security_hook_heads.kernel_act_as),
1776	.kernel_create_files_as =
1777	LIST_HEAD_INIT(security_hook_heads.kernel_create_files_as),
1778	.kernel_module_request =
1779	LIST_HEAD_INIT(security_hook_heads.kernel_module_request),
1780	.kernel_read_file =
1781	LIST_HEAD_INIT(security_hook_heads.kernel_read_file),
1782	.kernel_post_read_file =
1783	LIST_HEAD_INIT(security_hook_heads.kernel_post_read_file),
1784	.task_fix_setuid =
1785	LIST_HEAD_INIT(security_hook_heads.task_fix_setuid),
1786	.task_setpgid = LIST_HEAD_INIT(security_hook_heads.task_setpgid),
1787	.task_getpgid = LIST_HEAD_INIT(security_hook_heads.task_getpgid),
1788	.task_getsid = LIST_HEAD_INIT(security_hook_heads.task_getsid),
1789	.task_getsecid =
1790	LIST_HEAD_INIT(security_hook_heads.task_getsecid),
1791	.task_setnice = LIST_HEAD_INIT(security_hook_heads.task_setnice),
1792	.task_setioprio =
1793	LIST_HEAD_INIT(security_hook_heads.task_setioprio),
1794	.task_getioprio =
1795	LIST_HEAD_INIT(security_hook_heads.task_getioprio),
1796	.task_setrlimit =
1797	LIST_HEAD_INIT(security_hook_heads.task_setrlimit),
1798	.task_setscheduler =
1799	LIST_HEAD_INIT(security_hook_heads.task_setscheduler),
1800	.task_getscheduler =
1801	LIST_HEAD_INIT(security_hook_heads.task_getscheduler),
1802	.task_movememory =
1803	LIST_HEAD_INIT(security_hook_heads.task_movememory),
1804	.task_kill = LIST_HEAD_INIT(security_hook_heads.task_kill),
1805	.task_prctl = LIST_HEAD_INIT(security_hook_heads.task_prctl),
1806	.task_to_inode =
1807	LIST_HEAD_INIT(security_hook_heads.task_to_inode),
1808	.ipc_permission =
1809	LIST_HEAD_INIT(security_hook_heads.ipc_permission),
1810	.ipc_getsecid = LIST_HEAD_INIT(security_hook_heads.ipc_getsecid),
1811	.msg_msg_alloc_security =
1812	LIST_HEAD_INIT(security_hook_heads.msg_msg_alloc_security),
1813	.msg_msg_free_security =
1814	LIST_HEAD_INIT(security_hook_heads.msg_msg_free_security),
1815	.msg_queue_alloc_security =
1816	LIST_HEAD_INIT(security_hook_heads.msg_queue_alloc_security),
1817	.msg_queue_free_security =
1818	LIST_HEAD_INIT(security_hook_heads.msg_queue_free_security),
1819	.msg_queue_associate =
1820	LIST_HEAD_INIT(security_hook_heads.msg_queue_associate),
1821	.msg_queue_msgctl =
1822	LIST_HEAD_INIT(security_hook_heads.msg_queue_msgctl),
1823	.msg_queue_msgsnd =
1824	LIST_HEAD_INIT(security_hook_heads.msg_queue_msgsnd),
1825	.msg_queue_msgrcv =
1826	LIST_HEAD_INIT(security_hook_heads.msg_queue_msgrcv),
1827	.shm_alloc_security =
1828	LIST_HEAD_INIT(security_hook_heads.shm_alloc_security),
1829	.shm_free_security =
1830	LIST_HEAD_INIT(security_hook_heads.shm_free_security),
1831	.shm_associate =
1832	LIST_HEAD_INIT(security_hook_heads.shm_associate),
1833	.shm_shmctl = LIST_HEAD_INIT(security_hook_heads.shm_shmctl),
1834	.shm_shmat = LIST_HEAD_INIT(security_hook_heads.shm_shmat),
1835	.sem_alloc_security =
1836	LIST_HEAD_INIT(security_hook_heads.sem_alloc_security),
1837	.sem_free_security =
1838	LIST_HEAD_INIT(security_hook_heads.sem_free_security),
1839	.sem_associate =
1840	LIST_HEAD_INIT(security_hook_heads.sem_associate),
1841	.sem_semctl = LIST_HEAD_INIT(security_hook_heads.sem_semctl),
1842	.sem_semop = LIST_HEAD_INIT(security_hook_heads.sem_semop),
1843	.netlink_send = LIST_HEAD_INIT(security_hook_heads.netlink_send),
1844	.d_instantiate =
1845	LIST_HEAD_INIT(security_hook_heads.d_instantiate),
1846	.getprocattr = LIST_HEAD_INIT(security_hook_heads.getprocattr),
1847	.setprocattr = LIST_HEAD_INIT(security_hook_heads.setprocattr),
1848	.ismaclabel = LIST_HEAD_INIT(security_hook_heads.ismaclabel),
1849	.secid_to_secctx =
1850	LIST_HEAD_INIT(security_hook_heads.secid_to_secctx),
1851	.secctx_to_secid =
1852	LIST_HEAD_INIT(security_hook_heads.secctx_to_secid),
1853	.release_secctx =
1854	LIST_HEAD_INIT(security_hook_heads.release_secctx),
1855	.inode_invalidate_secctx =
1856	LIST_HEAD_INIT(security_hook_heads.inode_invalidate_secctx),
1857	.inode_notifysecctx =
1858	LIST_HEAD_INIT(security_hook_heads.inode_notifysecctx),
1859	.inode_setsecctx =
1860	LIST_HEAD_INIT(security_hook_heads.inode_setsecctx),
1861	.inode_getsecctx =
1862	LIST_HEAD_INIT(security_hook_heads.inode_getsecctx),
1863	#ifdef CONFIG_SECURITY_NETWORK
1864	.unix_stream_connect =
1865	LIST_HEAD_INIT(security_hook_heads.unix_stream_connect),
1866	.unix_may_send =
1867	LIST_HEAD_INIT(security_hook_heads.unix_may_send),
1868	.socket_create =
1869	LIST_HEAD_INIT(security_hook_heads.socket_create),
1870	.socket_post_create =
1871	LIST_HEAD_INIT(security_hook_heads.socket_post_create),
1872	.socket_bind = LIST_HEAD_INIT(security_hook_heads.socket_bind),
1873	.socket_connect =
1874	LIST_HEAD_INIT(security_hook_heads.socket_connect),
1875	.socket_listen =
1876	LIST_HEAD_INIT(security_hook_heads.socket_listen),
1877	.socket_accept =
1878	LIST_HEAD_INIT(security_hook_heads.socket_accept),
1879	.socket_sendmsg =
1880	LIST_HEAD_INIT(security_hook_heads.socket_sendmsg),
1881	.socket_recvmsg =
1882	LIST_HEAD_INIT(security_hook_heads.socket_recvmsg),
1883	.socket_getsockname =
1884	LIST_HEAD_INIT(security_hook_heads.socket_getsockname),
1885	.socket_getpeername =
1886	LIST_HEAD_INIT(security_hook_heads.socket_getpeername),
1887	.socket_getsockopt =
1888	LIST_HEAD_INIT(security_hook_heads.socket_getsockopt),
1889	.socket_setsockopt =
1890	LIST_HEAD_INIT(security_hook_heads.socket_setsockopt),
1891	.socket_shutdown =
1892	LIST_HEAD_INIT(security_hook_heads.socket_shutdown),
1893	.socket_sock_rcv_skb =
1894	LIST_HEAD_INIT(security_hook_heads.socket_sock_rcv_skb),
1895	.socket_getpeersec_stream =
1896	LIST_HEAD_INIT(security_hook_heads.socket_getpeersec_stream),
1897	.socket_getpeersec_dgram =
1898	LIST_HEAD_INIT(security_hook_heads.socket_getpeersec_dgram),
1899	.sk_alloc_security =
1900	LIST_HEAD_INIT(security_hook_heads.sk_alloc_security),
1901	.sk_free_security =
1902	LIST_HEAD_INIT(security_hook_heads.sk_free_security),
1903	.sk_clone_security =
1904	LIST_HEAD_INIT(security_hook_heads.sk_clone_security),
1905	.sk_getsecid = LIST_HEAD_INIT(security_hook_heads.sk_getsecid),
1906	.sock_graft = LIST_HEAD_INIT(security_hook_heads.sock_graft),
1907	.inet_conn_request =
1908	LIST_HEAD_INIT(security_hook_heads.inet_conn_request),
1909	.inet_csk_clone =
1910	LIST_HEAD_INIT(security_hook_heads.inet_csk_clone),
1911	.inet_conn_established =
1912	LIST_HEAD_INIT(security_hook_heads.inet_conn_established),
1913	.secmark_relabel_packet =
1914	LIST_HEAD_INIT(security_hook_heads.secmark_relabel_packet),
1915	.secmark_refcount_inc =
1916	LIST_HEAD_INIT(security_hook_heads.secmark_refcount_inc),
1917	.secmark_refcount_dec =
1918	LIST_HEAD_INIT(security_hook_heads.secmark_refcount_dec),
1919	.req_classify_flow =
1920	LIST_HEAD_INIT(security_hook_heads.req_classify_flow),
1921	.tun_dev_alloc_security =
1922	LIST_HEAD_INIT(security_hook_heads.tun_dev_alloc_security),
1923	.tun_dev_free_security =
1924	LIST_HEAD_INIT(security_hook_heads.tun_dev_free_security),
1925	.tun_dev_create =
1926	LIST_HEAD_INIT(security_hook_heads.tun_dev_create),
1927	.tun_dev_attach_queue =
1928	LIST_HEAD_INIT(security_hook_heads.tun_dev_attach_queue),
1929	.tun_dev_attach =
1930	LIST_HEAD_INIT(security_hook_heads.tun_dev_attach),
1931	.tun_dev_open = LIST_HEAD_INIT(security_hook_heads.tun_dev_open),
1932	#endif /* CONFIG_SECURITY_NETWORK */
1933	#ifdef CONFIG_SECURITY_NETWORK_XFRM
1934	.xfrm_policy_alloc_security =
1935	LIST_HEAD_INIT(security_hook_heads.xfrm_policy_alloc_security),
1936	.xfrm_policy_clone_security =
1937	LIST_HEAD_INIT(security_hook_heads.xfrm_policy_clone_security),
1938	.xfrm_policy_free_security =
1939	LIST_HEAD_INIT(security_hook_heads.xfrm_policy_free_security),
1940	.xfrm_policy_delete_security =
1941	LIST_HEAD_INIT(security_hook_heads.xfrm_policy_delete_security),
1942	.xfrm_state_alloc =
1943	LIST_HEAD_INIT(security_hook_heads.xfrm_state_alloc),
1944	.xfrm_state_alloc_acquire =
1945	LIST_HEAD_INIT(security_hook_heads.xfrm_state_alloc_acquire),
1946	.xfrm_state_free_security =
1947	LIST_HEAD_INIT(security_hook_heads.xfrm_state_free_security),
1948	.xfrm_state_delete_security =
1949	LIST_HEAD_INIT(security_hook_heads.xfrm_state_delete_security),
1950	.xfrm_policy_lookup =
1951	LIST_HEAD_INIT(security_hook_heads.xfrm_policy_lookup),
1952	.xfrm_state_pol_flow_match =
1953	LIST_HEAD_INIT(security_hook_heads.xfrm_state_pol_flow_match),
1954	.xfrm_decode_session =
1955	LIST_HEAD_INIT(security_hook_heads.xfrm_decode_session),
1956	#endif /* CONFIG_SECURITY_NETWORK_XFRM */
1957	#ifdef CONFIG_KEYS
1958	.key_alloc = LIST_HEAD_INIT(security_hook_heads.key_alloc),
1959	.key_free = LIST_HEAD_INIT(security_hook_heads.key_free),
1960	.key_permission =
1961	LIST_HEAD_INIT(security_hook_heads.key_permission),
1962	.key_getsecurity =
1963	LIST_HEAD_INIT(security_hook_heads.key_getsecurity),
1964	#endif /* CONFIG_KEYS */
1965	#ifdef CONFIG_AUDIT
1966	.audit_rule_init =
1967	LIST_HEAD_INIT(security_hook_heads.audit_rule_init),
1968	.audit_rule_known =
1969	LIST_HEAD_INIT(security_hook_heads.audit_rule_known),
1970	.audit_rule_match =
1971	LIST_HEAD_INIT(security_hook_heads.audit_rule_match),
1972	.audit_rule_free =
1973	LIST_HEAD_INIT(security_hook_heads.audit_rule_free),
1974	#endif /* CONFIG_AUDIT */
1975	};