aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c588
1 files changed, 279 insertions, 309 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 7dade28affba..564079c5c49d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -29,7 +29,7 @@
29#include <linux/tracehook.h> 29#include <linux/tracehook.h>
30#include <linux/errno.h> 30#include <linux/errno.h>
31#include <linux/sched.h> 31#include <linux/sched.h>
32#include <linux/security.h> 32#include <linux/lsm_hooks.h>
33#include <linux/xattr.h> 33#include <linux/xattr.h>
34#include <linux/capability.h> 34#include <linux/capability.h>
35#include <linux/unistd.h> 35#include <linux/unistd.h>
@@ -403,6 +403,7 @@ static int selinux_is_sblabel_mnt(struct super_block *sb)
403 return sbsec->behavior == SECURITY_FS_USE_XATTR || 403 return sbsec->behavior == SECURITY_FS_USE_XATTR ||
404 sbsec->behavior == SECURITY_FS_USE_TRANS || 404 sbsec->behavior == SECURITY_FS_USE_TRANS ||
405 sbsec->behavior == SECURITY_FS_USE_TASK || 405 sbsec->behavior == SECURITY_FS_USE_TASK ||
406 sbsec->behavior == SECURITY_FS_USE_NATIVE ||
406 /* Special handling. Genfs but also in-core setxattr handler */ 407 /* Special handling. Genfs but also in-core setxattr handler */
407 !strcmp(sb->s_type->name, "sysfs") || 408 !strcmp(sb->s_type->name, "sysfs") ||
408 !strcmp(sb->s_type->name, "pstore") || 409 !strcmp(sb->s_type->name, "pstore") ||
@@ -724,7 +725,12 @@ static int selinux_set_mnt_opts(struct super_block *sb,
724 } 725 }
725 726
726 if (strcmp(sb->s_type->name, "proc") == 0) 727 if (strcmp(sb->s_type->name, "proc") == 0)
727 sbsec->flags |= SE_SBPROC; 728 sbsec->flags |= SE_SBPROC | SE_SBGENFS;
729
730 if (!strcmp(sb->s_type->name, "debugfs") ||
731 !strcmp(sb->s_type->name, "sysfs") ||
732 !strcmp(sb->s_type->name, "pstore"))
733 sbsec->flags |= SE_SBGENFS;
728 734
729 if (!sbsec->behavior) { 735 if (!sbsec->behavior) {
730 /* 736 /*
@@ -1188,8 +1194,6 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
1188 switch (protocol) { 1194 switch (protocol) {
1189 case NETLINK_ROUTE: 1195 case NETLINK_ROUTE:
1190 return SECCLASS_NETLINK_ROUTE_SOCKET; 1196 return SECCLASS_NETLINK_ROUTE_SOCKET;
1191 case NETLINK_FIREWALL:
1192 return SECCLASS_NETLINK_FIREWALL_SOCKET;
1193 case NETLINK_SOCK_DIAG: 1197 case NETLINK_SOCK_DIAG:
1194 return SECCLASS_NETLINK_TCPDIAG_SOCKET; 1198 return SECCLASS_NETLINK_TCPDIAG_SOCKET;
1195 case NETLINK_NFLOG: 1199 case NETLINK_NFLOG:
@@ -1198,14 +1202,28 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
1198 return SECCLASS_NETLINK_XFRM_SOCKET; 1202 return SECCLASS_NETLINK_XFRM_SOCKET;
1199 case NETLINK_SELINUX: 1203 case NETLINK_SELINUX:
1200 return SECCLASS_NETLINK_SELINUX_SOCKET; 1204 return SECCLASS_NETLINK_SELINUX_SOCKET;
1205 case NETLINK_ISCSI:
1206 return SECCLASS_NETLINK_ISCSI_SOCKET;
1201 case NETLINK_AUDIT: 1207 case NETLINK_AUDIT:
1202 return SECCLASS_NETLINK_AUDIT_SOCKET; 1208 return SECCLASS_NETLINK_AUDIT_SOCKET;
1203 case NETLINK_IP6_FW: 1209 case NETLINK_FIB_LOOKUP:
1204 return SECCLASS_NETLINK_IP6FW_SOCKET; 1210 return SECCLASS_NETLINK_FIB_LOOKUP_SOCKET;
1211 case NETLINK_CONNECTOR:
1212 return SECCLASS_NETLINK_CONNECTOR_SOCKET;
1213 case NETLINK_NETFILTER:
1214 return SECCLASS_NETLINK_NETFILTER_SOCKET;
1205 case NETLINK_DNRTMSG: 1215 case NETLINK_DNRTMSG:
1206 return SECCLASS_NETLINK_DNRT_SOCKET; 1216 return SECCLASS_NETLINK_DNRT_SOCKET;
1207 case NETLINK_KOBJECT_UEVENT: 1217 case NETLINK_KOBJECT_UEVENT:
1208 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET; 1218 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
1219 case NETLINK_GENERIC:
1220 return SECCLASS_NETLINK_GENERIC_SOCKET;
1221 case NETLINK_SCSITRANSPORT:
1222 return SECCLASS_NETLINK_SCSITRANSPORT_SOCKET;
1223 case NETLINK_RDMA:
1224 return SECCLASS_NETLINK_RDMA_SOCKET;
1225 case NETLINK_CRYPTO:
1226 return SECCLASS_NETLINK_CRYPTO_SOCKET;
1209 default: 1227 default:
1210 return SECCLASS_NETLINK_SOCKET; 1228 return SECCLASS_NETLINK_SOCKET;
1211 } 1229 }
@@ -1220,12 +1238,13 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
1220 return SECCLASS_SOCKET; 1238 return SECCLASS_SOCKET;
1221} 1239}
1222 1240
1223#ifdef CONFIG_PROC_FS 1241static int selinux_genfs_get_sid(struct dentry *dentry,
1224static int selinux_proc_get_sid(struct dentry *dentry, 1242 u16 tclass,
1225 u16 tclass, 1243 u16 flags,
1226 u32 *sid) 1244 u32 *sid)
1227{ 1245{
1228 int rc; 1246 int rc;
1247 struct super_block *sb = dentry->d_inode->i_sb;
1229 char *buffer, *path; 1248 char *buffer, *path;
1230 1249
1231 buffer = (char *)__get_free_page(GFP_KERNEL); 1250 buffer = (char *)__get_free_page(GFP_KERNEL);
@@ -1236,26 +1255,20 @@ static int selinux_proc_get_sid(struct dentry *dentry,
1236 if (IS_ERR(path)) 1255 if (IS_ERR(path))
1237 rc = PTR_ERR(path); 1256 rc = PTR_ERR(path);
1238 else { 1257 else {
1239 /* each process gets a /proc/PID/ entry. Strip off the 1258 if (flags & SE_SBPROC) {
1240 * PID part to get a valid selinux labeling. 1259 /* each process gets a /proc/PID/ entry. Strip off the
1241 * e.g. /proc/1/net/rpc/nfs -> /net/rpc/nfs */ 1260 * PID part to get a valid selinux labeling.
1242 while (path[1] >= '0' && path[1] <= '9') { 1261 * e.g. /proc/1/net/rpc/nfs -> /net/rpc/nfs */
1243 path[1] = '/'; 1262 while (path[1] >= '0' && path[1] <= '9') {
1244 path++; 1263 path[1] = '/';
1264 path++;
1265 }
1245 } 1266 }
1246 rc = security_genfs_sid("proc", path, tclass, sid); 1267 rc = security_genfs_sid(sb->s_type->name, path, tclass, sid);
1247 } 1268 }
1248 free_page((unsigned long)buffer); 1269 free_page((unsigned long)buffer);
1249 return rc; 1270 return rc;
1250} 1271}
1251#else
1252static int selinux_proc_get_sid(struct dentry *dentry,
1253 u16 tclass,
1254 u32 *sid)
1255{
1256 return -EINVAL;
1257}
1258#endif
1259 1272
1260/* The inode's security attributes must be initialized before first use. */ 1273/* The inode's security attributes must be initialized before first use. */
1261static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry) 1274static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
@@ -1412,7 +1425,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
1412 /* Default to the fs superblock SID. */ 1425 /* Default to the fs superblock SID. */
1413 isec->sid = sbsec->sid; 1426 isec->sid = sbsec->sid;
1414 1427
1415 if ((sbsec->flags & SE_SBPROC) && !S_ISLNK(inode->i_mode)) { 1428 if ((sbsec->flags & SE_SBGENFS) && !S_ISLNK(inode->i_mode)) {
1416 /* We must have a dentry to determine the label on 1429 /* We must have a dentry to determine the label on
1417 * procfs inodes */ 1430 * procfs inodes */
1418 if (opt_dentry) 1431 if (opt_dentry)
@@ -1435,7 +1448,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
1435 if (!dentry) 1448 if (!dentry)
1436 goto out_unlock; 1449 goto out_unlock;
1437 isec->sclass = inode_mode_to_security_class(inode->i_mode); 1450 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1438 rc = selinux_proc_get_sid(dentry, isec->sclass, &sid); 1451 rc = selinux_genfs_get_sid(dentry, isec->sclass,
1452 sbsec->flags, &sid);
1439 dput(dentry); 1453 dput(dentry);
1440 if (rc) 1454 if (rc)
1441 goto out_unlock; 1455 goto out_unlock;
@@ -1564,7 +1578,7 @@ static int cred_has_capability(const struct cred *cred,
1564 1578
1565 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd); 1579 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1566 if (audit == SECURITY_CAP_AUDIT) { 1580 if (audit == SECURITY_CAP_AUDIT) {
1567 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad); 1581 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0);
1568 if (rc2) 1582 if (rc2)
1569 return rc2; 1583 return rc2;
1570 } 1584 }
@@ -1990,12 +2004,6 @@ static int selinux_binder_transfer_file(struct task_struct *from,
1990static int selinux_ptrace_access_check(struct task_struct *child, 2004static int selinux_ptrace_access_check(struct task_struct *child,
1991 unsigned int mode) 2005 unsigned int mode)
1992{ 2006{
1993 int rc;
1994
1995 rc = cap_ptrace_access_check(child, mode);
1996 if (rc)
1997 return rc;
1998
1999 if (mode & PTRACE_MODE_READ) { 2007 if (mode & PTRACE_MODE_READ) {
2000 u32 sid = current_sid(); 2008 u32 sid = current_sid();
2001 u32 csid = task_sid(child); 2009 u32 csid = task_sid(child);
@@ -2007,25 +2015,13 @@ static int selinux_ptrace_access_check(struct task_struct *child,
2007 2015
2008static int selinux_ptrace_traceme(struct task_struct *parent) 2016static int selinux_ptrace_traceme(struct task_struct *parent)
2009{ 2017{
2010 int rc;
2011
2012 rc = cap_ptrace_traceme(parent);
2013 if (rc)
2014 return rc;
2015
2016 return task_has_perm(parent, current, PROCESS__PTRACE); 2018 return task_has_perm(parent, current, PROCESS__PTRACE);
2017} 2019}
2018 2020
2019static int selinux_capget(struct task_struct *target, kernel_cap_t *effective, 2021static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
2020 kernel_cap_t *inheritable, kernel_cap_t *permitted) 2022 kernel_cap_t *inheritable, kernel_cap_t *permitted)
2021{ 2023{
2022 int error; 2024 return current_has_perm(target, PROCESS__GETCAP);
2023
2024 error = current_has_perm(target, PROCESS__GETCAP);
2025 if (error)
2026 return error;
2027
2028 return cap_capget(target, effective, inheritable, permitted);
2029} 2025}
2030 2026
2031static int selinux_capset(struct cred *new, const struct cred *old, 2027static int selinux_capset(struct cred *new, const struct cred *old,
@@ -2033,13 +2029,6 @@ static int selinux_capset(struct cred *new, const struct cred *old,
2033 const kernel_cap_t *inheritable, 2029 const kernel_cap_t *inheritable,
2034 const kernel_cap_t *permitted) 2030 const kernel_cap_t *permitted)
2035{ 2031{
2036 int error;
2037
2038 error = cap_capset(new, old,
2039 effective, inheritable, permitted);
2040 if (error)
2041 return error;
2042
2043 return cred_has_perm(old, new, PROCESS__SETCAP); 2032 return cred_has_perm(old, new, PROCESS__SETCAP);
2044} 2033}
2045 2034
@@ -2056,12 +2045,6 @@ static int selinux_capset(struct cred *new, const struct cred *old,
2056static int selinux_capable(const struct cred *cred, struct user_namespace *ns, 2045static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
2057 int cap, int audit) 2046 int cap, int audit)
2058{ 2047{
2059 int rc;
2060
2061 rc = cap_capable(cred, ns, cap, audit);
2062 if (rc)
2063 return rc;
2064
2065 return cred_has_capability(cred, cap, audit); 2048 return cred_has_capability(cred, cap, audit);
2066} 2049}
2067 2050
@@ -2139,12 +2122,12 @@ static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
2139{ 2122{
2140 int rc, cap_sys_admin = 0; 2123 int rc, cap_sys_admin = 0;
2141 2124
2142 rc = selinux_capable(current_cred(), &init_user_ns, CAP_SYS_ADMIN, 2125 rc = cred_has_capability(current_cred(), CAP_SYS_ADMIN,
2143 SECURITY_CAP_NOAUDIT); 2126 SECURITY_CAP_NOAUDIT);
2144 if (rc == 0) 2127 if (rc == 0)
2145 cap_sys_admin = 1; 2128 cap_sys_admin = 1;
2146 2129
2147 return __vm_enough_memory(mm, pages, cap_sys_admin); 2130 return cap_sys_admin;
2148} 2131}
2149 2132
2150/* binprm security operations */ 2133/* binprm security operations */
@@ -2193,10 +2176,6 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2193 struct inode *inode = file_inode(bprm->file); 2176 struct inode *inode = file_inode(bprm->file);
2194 int rc; 2177 int rc;
2195 2178
2196 rc = cap_bprm_set_creds(bprm);
2197 if (rc)
2198 return rc;
2199
2200 /* SELinux context only depends on initial program or script and not 2179 /* SELinux context only depends on initial program or script and not
2201 * the script interpreter */ 2180 * the script interpreter */
2202 if (bprm->cred_prepared) 2181 if (bprm->cred_prepared)
@@ -2320,7 +2299,7 @@ static int selinux_bprm_secureexec(struct linux_binprm *bprm)
2320 PROCESS__NOATSECURE, NULL); 2299 PROCESS__NOATSECURE, NULL);
2321 } 2300 }
2322 2301
2323 return (atsecure || cap_bprm_secureexec(bprm)); 2302 return !!atsecure;
2324} 2303}
2325 2304
2326static int match_file(const void *p, struct file *file, unsigned fd) 2305static int match_file(const void *p, struct file *file, unsigned fd)
@@ -2451,10 +2430,12 @@ static void selinux_bprm_committed_creds(struct linux_binprm *bprm)
2451 for (i = 0; i < 3; i++) 2430 for (i = 0; i < 3; i++)
2452 do_setitimer(i, &itimer, NULL); 2431 do_setitimer(i, &itimer, NULL);
2453 spin_lock_irq(&current->sighand->siglock); 2432 spin_lock_irq(&current->sighand->siglock);
2454 if (!(current->signal->flags & SIGNAL_GROUP_EXIT)) { 2433 if (!fatal_signal_pending(current)) {
2455 __flush_signals(current); 2434 flush_sigqueue(&current->pending);
2435 flush_sigqueue(&current->signal->shared_pending);
2456 flush_signal_handlers(current, 1); 2436 flush_signal_handlers(current, 1);
2457 sigemptyset(&current->blocked); 2437 sigemptyset(&current->blocked);
2438 recalc_sigpending();
2458 } 2439 }
2459 spin_unlock_irq(&current->sighand->siglock); 2440 spin_unlock_irq(&current->sighand->siglock);
2460 } 2441 }
@@ -2861,11 +2842,23 @@ static int selinux_inode_readlink(struct dentry *dentry)
2861 return dentry_has_perm(cred, dentry, FILE__READ); 2842 return dentry_has_perm(cred, dentry, FILE__READ);
2862} 2843}
2863 2844
2864static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *nameidata) 2845static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
2846 bool rcu)
2865{ 2847{
2866 const struct cred *cred = current_cred(); 2848 const struct cred *cred = current_cred();
2849 struct common_audit_data ad;
2850 struct inode_security_struct *isec;
2851 u32 sid;
2867 2852
2868 return dentry_has_perm(cred, dentry, FILE__READ); 2853 validate_creds(cred);
2854
2855 ad.type = LSM_AUDIT_DATA_DENTRY;
2856 ad.u.dentry = dentry;
2857 sid = cred_sid(cred);
2858 isec = inode->i_security;
2859
2860 return avc_has_perm_flags(sid, isec->sid, isec->sclass, FILE__READ, &ad,
2861 rcu ? MAY_NOT_BLOCK : 0);
2869} 2862}
2870 2863
2871static noinline int audit_inode_permission(struct inode *inode, 2864static noinline int audit_inode_permission(struct inode *inode,
@@ -3132,8 +3125,11 @@ static int selinux_inode_getsecurity(const struct inode *inode, const char *name
3132 * and lack of permission just means that we fall back to the 3125 * and lack of permission just means that we fall back to the
3133 * in-core context value, not a denial. 3126 * in-core context value, not a denial.
3134 */ 3127 */
3135 error = selinux_capable(current_cred(), &init_user_ns, CAP_MAC_ADMIN, 3128 error = cap_capable(current_cred(), &init_user_ns, CAP_MAC_ADMIN,
3136 SECURITY_CAP_NOAUDIT); 3129 SECURITY_CAP_NOAUDIT);
3130 if (!error)
3131 error = cred_has_capability(current_cred(), CAP_MAC_ADMIN,
3132 SECURITY_CAP_NOAUDIT);
3137 if (!error) 3133 if (!error)
3138 error = security_sid_to_context_force(isec->sid, &context, 3134 error = security_sid_to_context_force(isec->sid, &context,
3139 &size); 3135 &size);
@@ -3287,7 +3283,8 @@ static int file_map_prot_check(struct file *file, unsigned long prot, int shared
3287 int rc = 0; 3283 int rc = 0;
3288 3284
3289 if (default_noexec && 3285 if (default_noexec &&
3290 (prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) { 3286 (prot & PROT_EXEC) && (!file || IS_PRIVATE(file_inode(file)) ||
3287 (!shared && (prot & PROT_WRITE)))) {
3291 /* 3288 /*
3292 * We are making executable an anonymous mapping or a 3289 * We are making executable an anonymous mapping or a
3293 * private file mapping that will also be writable. 3290 * private file mapping that will also be writable.
@@ -3318,12 +3315,7 @@ error:
3318 3315
3319static int selinux_mmap_addr(unsigned long addr) 3316static int selinux_mmap_addr(unsigned long addr)
3320{ 3317{
3321 int rc; 3318 int rc = 0;
3322
3323 /* do DAC check on address space usage */
3324 rc = cap_mmap_addr(addr);
3325 if (rc)
3326 return rc;
3327 3319
3328 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) { 3320 if (addr < CONFIG_LSM_MMAP_MIN_ADDR) {
3329 u32 sid = current_sid(); 3321 u32 sid = current_sid();
@@ -3639,23 +3631,11 @@ static void selinux_task_getsecid(struct task_struct *p, u32 *secid)
3639 3631
3640static int selinux_task_setnice(struct task_struct *p, int nice) 3632static int selinux_task_setnice(struct task_struct *p, int nice)
3641{ 3633{
3642 int rc;
3643
3644 rc = cap_task_setnice(p, nice);
3645 if (rc)
3646 return rc;
3647
3648 return current_has_perm(p, PROCESS__SETSCHED); 3634 return current_has_perm(p, PROCESS__SETSCHED);
3649} 3635}
3650 3636
3651static int selinux_task_setioprio(struct task_struct *p, int ioprio) 3637static int selinux_task_setioprio(struct task_struct *p, int ioprio)
3652{ 3638{
3653 int rc;
3654
3655 rc = cap_task_setioprio(p, ioprio);
3656 if (rc)
3657 return rc;
3658
3659 return current_has_perm(p, PROCESS__SETSCHED); 3639 return current_has_perm(p, PROCESS__SETSCHED);
3660} 3640}
3661 3641
@@ -3681,12 +3661,6 @@ static int selinux_task_setrlimit(struct task_struct *p, unsigned int resource,
3681 3661
3682static int selinux_task_setscheduler(struct task_struct *p) 3662static int selinux_task_setscheduler(struct task_struct *p)
3683{ 3663{
3684 int rc;
3685
3686 rc = cap_task_setscheduler(p);
3687 if (rc)
3688 return rc;
3689
3690 return current_has_perm(p, PROCESS__SETSCHED); 3664 return current_has_perm(p, PROCESS__SETSCHED);
3691} 3665}
3692 3666
@@ -4768,8 +4742,9 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
4768 if (err == -EINVAL) { 4742 if (err == -EINVAL) {
4769 printk(KERN_WARNING 4743 printk(KERN_WARNING
4770 "SELinux: unrecognized netlink message:" 4744 "SELinux: unrecognized netlink message:"
4771 " protocol=%hu nlmsg_type=%hu sclass=%hu\n", 4745 " protocol=%hu nlmsg_type=%hu sclass=%s\n",
4772 sk->sk_protocol, nlh->nlmsg_type, sksec->sclass); 4746 sk->sk_protocol, nlh->nlmsg_type,
4747 secclass_map[sksec->sclass - 1].name);
4773 if (!selinux_enforcing || security_get_allow_unknown()) 4748 if (!selinux_enforcing || security_get_allow_unknown())
4774 err = 0; 4749 err = 0;
4775 } 4750 }
@@ -5097,12 +5072,6 @@ static unsigned int selinux_ipv6_postroute(const struct nf_hook_ops *ops,
5097 5072
5098static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) 5073static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
5099{ 5074{
5100 int err;
5101
5102 err = cap_netlink_send(sk, skb);
5103 if (err)
5104 return err;
5105
5106 return selinux_nlmsg_perm(sk, skb); 5075 return selinux_nlmsg_perm(sk, skb);
5107} 5076}
5108 5077
@@ -5840,218 +5809,220 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
5840 5809
5841#endif 5810#endif
5842 5811
5843static struct security_operations selinux_ops = { 5812static struct security_hook_list selinux_hooks[] = {
5844 .name = "selinux", 5813 LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr),
5845 5814 LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
5846 .binder_set_context_mgr = selinux_binder_set_context_mgr, 5815 LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder),
5847 .binder_transaction = selinux_binder_transaction, 5816 LSM_HOOK_INIT(binder_transfer_file, selinux_binder_transfer_file),
5848 .binder_transfer_binder = selinux_binder_transfer_binder, 5817
5849 .binder_transfer_file = selinux_binder_transfer_file, 5818 LSM_HOOK_INIT(ptrace_access_check, selinux_ptrace_access_check),
5850 5819 LSM_HOOK_INIT(ptrace_traceme, selinux_ptrace_traceme),
5851 .ptrace_access_check = selinux_ptrace_access_check, 5820 LSM_HOOK_INIT(capget, selinux_capget),
5852 .ptrace_traceme = selinux_ptrace_traceme, 5821 LSM_HOOK_INIT(capset, selinux_capset),
5853 .capget = selinux_capget, 5822 LSM_HOOK_INIT(capable, selinux_capable),
5854 .capset = selinux_capset, 5823 LSM_HOOK_INIT(quotactl, selinux_quotactl),
5855 .capable = selinux_capable, 5824 LSM_HOOK_INIT(quota_on, selinux_quota_on),
5856 .quotactl = selinux_quotactl, 5825 LSM_HOOK_INIT(syslog, selinux_syslog),
5857 .quota_on = selinux_quota_on, 5826 LSM_HOOK_INIT(vm_enough_memory, selinux_vm_enough_memory),
5858 .syslog = selinux_syslog, 5827
5859 .vm_enough_memory = selinux_vm_enough_memory, 5828 LSM_HOOK_INIT(netlink_send, selinux_netlink_send),
5860 5829
5861 .netlink_send = selinux_netlink_send, 5830 LSM_HOOK_INIT(bprm_set_creds, selinux_bprm_set_creds),
5862 5831 LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),
5863 .bprm_set_creds = selinux_bprm_set_creds, 5832 LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
5864 .bprm_committing_creds = selinux_bprm_committing_creds, 5833 LSM_HOOK_INIT(bprm_secureexec, selinux_bprm_secureexec),
5865 .bprm_committed_creds = selinux_bprm_committed_creds, 5834
5866 .bprm_secureexec = selinux_bprm_secureexec, 5835 LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security),
5867 5836 LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security),
5868 .sb_alloc_security = selinux_sb_alloc_security, 5837 LSM_HOOK_INIT(sb_copy_data, selinux_sb_copy_data),
5869 .sb_free_security = selinux_sb_free_security, 5838 LSM_HOOK_INIT(sb_remount, selinux_sb_remount),
5870 .sb_copy_data = selinux_sb_copy_data, 5839 LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount),
5871 .sb_remount = selinux_sb_remount, 5840 LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options),
5872 .sb_kern_mount = selinux_sb_kern_mount, 5841 LSM_HOOK_INIT(sb_statfs, selinux_sb_statfs),
5873 .sb_show_options = selinux_sb_show_options, 5842 LSM_HOOK_INIT(sb_mount, selinux_mount),
5874 .sb_statfs = selinux_sb_statfs, 5843 LSM_HOOK_INIT(sb_umount, selinux_umount),
5875 .sb_mount = selinux_mount, 5844 LSM_HOOK_INIT(sb_set_mnt_opts, selinux_set_mnt_opts),
5876 .sb_umount = selinux_umount, 5845 LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts),
5877 .sb_set_mnt_opts = selinux_set_mnt_opts, 5846 LSM_HOOK_INIT(sb_parse_opts_str, selinux_parse_opts_str),
5878 .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts, 5847
5879 .sb_parse_opts_str = selinux_parse_opts_str, 5848 LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security),
5880 5849
5881 .dentry_init_security = selinux_dentry_init_security, 5850 LSM_HOOK_INIT(inode_alloc_security, selinux_inode_alloc_security),
5882 5851 LSM_HOOK_INIT(inode_free_security, selinux_inode_free_security),
5883 .inode_alloc_security = selinux_inode_alloc_security, 5852 LSM_HOOK_INIT(inode_init_security, selinux_inode_init_security),
5884 .inode_free_security = selinux_inode_free_security, 5853 LSM_HOOK_INIT(inode_create, selinux_inode_create),
5885 .inode_init_security = selinux_inode_init_security, 5854 LSM_HOOK_INIT(inode_link, selinux_inode_link),
5886 .inode_create = selinux_inode_create, 5855 LSM_HOOK_INIT(inode_unlink, selinux_inode_unlink),
5887 .inode_link = selinux_inode_link, 5856 LSM_HOOK_INIT(inode_symlink, selinux_inode_symlink),
5888 .inode_unlink = selinux_inode_unlink, 5857 LSM_HOOK_INIT(inode_mkdir, selinux_inode_mkdir),
5889 .inode_symlink = selinux_inode_symlink, 5858 LSM_HOOK_INIT(inode_rmdir, selinux_inode_rmdir),
5890 .inode_mkdir = selinux_inode_mkdir, 5859 LSM_HOOK_INIT(inode_mknod, selinux_inode_mknod),
5891 .inode_rmdir = selinux_inode_rmdir, 5860 LSM_HOOK_INIT(inode_rename, selinux_inode_rename),
5892 .inode_mknod = selinux_inode_mknod, 5861 LSM_HOOK_INIT(inode_readlink, selinux_inode_readlink),
5893 .inode_rename = selinux_inode_rename, 5862 LSM_HOOK_INIT(inode_follow_link, selinux_inode_follow_link),
5894 .inode_readlink = selinux_inode_readlink, 5863 LSM_HOOK_INIT(inode_permission, selinux_inode_permission),
5895 .inode_follow_link = selinux_inode_follow_link, 5864 LSM_HOOK_INIT(inode_setattr, selinux_inode_setattr),
5896 .inode_permission = selinux_inode_permission, 5865 LSM_HOOK_INIT(inode_getattr, selinux_inode_getattr),
5897 .inode_setattr = selinux_inode_setattr, 5866 LSM_HOOK_INIT(inode_setxattr, selinux_inode_setxattr),
5898 .inode_getattr = selinux_inode_getattr, 5867 LSM_HOOK_INIT(inode_post_setxattr, selinux_inode_post_setxattr),
5899 .inode_setxattr = selinux_inode_setxattr, 5868 LSM_HOOK_INIT(inode_getxattr, selinux_inode_getxattr),
5900 .inode_post_setxattr = selinux_inode_post_setxattr, 5869 LSM_HOOK_INIT(inode_listxattr, selinux_inode_listxattr),
5901 .inode_getxattr = selinux_inode_getxattr, 5870 LSM_HOOK_INIT(inode_removexattr, selinux_inode_removexattr),
5902 .inode_listxattr = selinux_inode_listxattr, 5871 LSM_HOOK_INIT(inode_getsecurity, selinux_inode_getsecurity),
5903 .inode_removexattr = selinux_inode_removexattr, 5872 LSM_HOOK_INIT(inode_setsecurity, selinux_inode_setsecurity),
5904 .inode_getsecurity = selinux_inode_getsecurity, 5873 LSM_HOOK_INIT(inode_listsecurity, selinux_inode_listsecurity),
5905 .inode_setsecurity = selinux_inode_setsecurity, 5874 LSM_HOOK_INIT(inode_getsecid, selinux_inode_getsecid),
5906 .inode_listsecurity = selinux_inode_listsecurity, 5875
5907 .inode_getsecid = selinux_inode_getsecid, 5876 LSM_HOOK_INIT(file_permission, selinux_file_permission),
5908 5877 LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security),
5909 .file_permission = selinux_file_permission, 5878 LSM_HOOK_INIT(file_free_security, selinux_file_free_security),
5910 .file_alloc_security = selinux_file_alloc_security, 5879 LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl),
5911 .file_free_security = selinux_file_free_security, 5880 LSM_HOOK_INIT(mmap_file, selinux_mmap_file),
5912 .file_ioctl = selinux_file_ioctl, 5881 LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr),
5913 .mmap_file = selinux_mmap_file, 5882 LSM_HOOK_INIT(file_mprotect, selinux_file_mprotect),
5914 .mmap_addr = selinux_mmap_addr, 5883 LSM_HOOK_INIT(file_lock, selinux_file_lock),
5915 .file_mprotect = selinux_file_mprotect, 5884 LSM_HOOK_INIT(file_fcntl, selinux_file_fcntl),
5916 .file_lock = selinux_file_lock, 5885 LSM_HOOK_INIT(file_set_fowner, selinux_file_set_fowner),
5917 .file_fcntl = selinux_file_fcntl, 5886 LSM_HOOK_INIT(file_send_sigiotask, selinux_file_send_sigiotask),
5918 .file_set_fowner = selinux_file_set_fowner, 5887 LSM_HOOK_INIT(file_receive, selinux_file_receive),
5919 .file_send_sigiotask = selinux_file_send_sigiotask, 5888
5920 .file_receive = selinux_file_receive, 5889 LSM_HOOK_INIT(file_open, selinux_file_open),
5921 5890
5922 .file_open = selinux_file_open, 5891 LSM_HOOK_INIT(task_create, selinux_task_create),
5923 5892 LSM_HOOK_INIT(cred_alloc_blank, selinux_cred_alloc_blank),
5924 .task_create = selinux_task_create, 5893 LSM_HOOK_INIT(cred_free, selinux_cred_free),
5925 .cred_alloc_blank = selinux_cred_alloc_blank, 5894 LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare),
5926 .cred_free = selinux_cred_free, 5895 LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer),
5927 .cred_prepare = selinux_cred_prepare, 5896 LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as),
5928 .cred_transfer = selinux_cred_transfer, 5897 LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as),
5929 .kernel_act_as = selinux_kernel_act_as, 5898 LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request),
5930 .kernel_create_files_as = selinux_kernel_create_files_as, 5899 LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid),
5931 .kernel_module_request = selinux_kernel_module_request, 5900 LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid),
5932 .task_setpgid = selinux_task_setpgid, 5901 LSM_HOOK_INIT(task_getsid, selinux_task_getsid),
5933 .task_getpgid = selinux_task_getpgid, 5902 LSM_HOOK_INIT(task_getsecid, selinux_task_getsecid),
5934 .task_getsid = selinux_task_getsid, 5903 LSM_HOOK_INIT(task_setnice, selinux_task_setnice),
5935 .task_getsecid = selinux_task_getsecid, 5904 LSM_HOOK_INIT(task_setioprio, selinux_task_setioprio),
5936 .task_setnice = selinux_task_setnice, 5905 LSM_HOOK_INIT(task_getioprio, selinux_task_getioprio),
5937 .task_setioprio = selinux_task_setioprio, 5906 LSM_HOOK_INIT(task_setrlimit, selinux_task_setrlimit),
5938 .task_getioprio = selinux_task_getioprio, 5907 LSM_HOOK_INIT(task_setscheduler, selinux_task_setscheduler),
5939 .task_setrlimit = selinux_task_setrlimit, 5908 LSM_HOOK_INIT(task_getscheduler, selinux_task_getscheduler),
5940 .task_setscheduler = selinux_task_setscheduler, 5909 LSM_HOOK_INIT(task_movememory, selinux_task_movememory),
5941 .task_getscheduler = selinux_task_getscheduler, 5910 LSM_HOOK_INIT(task_kill, selinux_task_kill),
5942 .task_movememory = selinux_task_movememory, 5911 LSM_HOOK_INIT(task_wait, selinux_task_wait),
5943 .task_kill = selinux_task_kill, 5912 LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode),
5944 .task_wait = selinux_task_wait, 5913
5945 .task_to_inode = selinux_task_to_inode, 5914 LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission),
5946 5915 LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid),
5947 .ipc_permission = selinux_ipc_permission, 5916
5948 .ipc_getsecid = selinux_ipc_getsecid, 5917 LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security),
5949 5918 LSM_HOOK_INIT(msg_msg_free_security, selinux_msg_msg_free_security),
5950 .msg_msg_alloc_security = selinux_msg_msg_alloc_security, 5919
5951 .msg_msg_free_security = selinux_msg_msg_free_security, 5920 LSM_HOOK_INIT(msg_queue_alloc_security,
5952 5921 selinux_msg_queue_alloc_security),
5953 .msg_queue_alloc_security = selinux_msg_queue_alloc_security, 5922 LSM_HOOK_INIT(msg_queue_free_security, selinux_msg_queue_free_security),
5954 .msg_queue_free_security = selinux_msg_queue_free_security, 5923 LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate),
5955 .msg_queue_associate = selinux_msg_queue_associate, 5924 LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl),
5956 .msg_queue_msgctl = selinux_msg_queue_msgctl, 5925 LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd),
5957 .msg_queue_msgsnd = selinux_msg_queue_msgsnd, 5926 LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv),
5958 .msg_queue_msgrcv = selinux_msg_queue_msgrcv, 5927
5959 5928 LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security),
5960 .shm_alloc_security = selinux_shm_alloc_security, 5929 LSM_HOOK_INIT(shm_free_security, selinux_shm_free_security),
5961 .shm_free_security = selinux_shm_free_security, 5930 LSM_HOOK_INIT(shm_associate, selinux_shm_associate),
5962 .shm_associate = selinux_shm_associate, 5931 LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl),
5963 .shm_shmctl = selinux_shm_shmctl, 5932 LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat),
5964 .shm_shmat = selinux_shm_shmat, 5933
5965 5934 LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security),
5966 .sem_alloc_security = selinux_sem_alloc_security, 5935 LSM_HOOK_INIT(sem_free_security, selinux_sem_free_security),
5967 .sem_free_security = selinux_sem_free_security, 5936 LSM_HOOK_INIT(sem_associate, selinux_sem_associate),
5968 .sem_associate = selinux_sem_associate, 5937 LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl),
5969 .sem_semctl = selinux_sem_semctl, 5938 LSM_HOOK_INIT(sem_semop, selinux_sem_semop),
5970 .sem_semop = selinux_sem_semop, 5939
5971 5940 LSM_HOOK_INIT(d_instantiate, selinux_d_instantiate),
5972 .d_instantiate = selinux_d_instantiate, 5941
5973 5942 LSM_HOOK_INIT(getprocattr, selinux_getprocattr),
5974 .getprocattr = selinux_getprocattr, 5943 LSM_HOOK_INIT(setprocattr, selinux_setprocattr),
5975 .setprocattr = selinux_setprocattr, 5944
5976 5945 LSM_HOOK_INIT(ismaclabel, selinux_ismaclabel),
5977 .ismaclabel = selinux_ismaclabel, 5946 LSM_HOOK_INIT(secid_to_secctx, selinux_secid_to_secctx),
5978 .secid_to_secctx = selinux_secid_to_secctx, 5947 LSM_HOOK_INIT(secctx_to_secid, selinux_secctx_to_secid),
5979 .secctx_to_secid = selinux_secctx_to_secid, 5948 LSM_HOOK_INIT(release_secctx, selinux_release_secctx),
5980 .release_secctx = selinux_release_secctx, 5949 LSM_HOOK_INIT(inode_notifysecctx, selinux_inode_notifysecctx),
5981 .inode_notifysecctx = selinux_inode_notifysecctx, 5950 LSM_HOOK_INIT(inode_setsecctx, selinux_inode_setsecctx),
5982 .inode_setsecctx = selinux_inode_setsecctx, 5951 LSM_HOOK_INIT(inode_getsecctx, selinux_inode_getsecctx),
5983 .inode_getsecctx = selinux_inode_getsecctx, 5952
5984 5953 LSM_HOOK_INIT(unix_stream_connect, selinux_socket_unix_stream_connect),
5985 .unix_stream_connect = selinux_socket_unix_stream_connect, 5954 LSM_HOOK_INIT(unix_may_send, selinux_socket_unix_may_send),
5986 .unix_may_send = selinux_socket_unix_may_send, 5955
5987 5956 LSM_HOOK_INIT(socket_create, selinux_socket_create),
5988 .socket_create = selinux_socket_create, 5957 LSM_HOOK_INIT(socket_post_create, selinux_socket_post_create),
5989 .socket_post_create = selinux_socket_post_create, 5958 LSM_HOOK_INIT(socket_bind, selinux_socket_bind),
5990 .socket_bind = selinux_socket_bind, 5959 LSM_HOOK_INIT(socket_connect, selinux_socket_connect),
5991 .socket_connect = selinux_socket_connect, 5960 LSM_HOOK_INIT(socket_listen, selinux_socket_listen),
5992 .socket_listen = selinux_socket_listen, 5961 LSM_HOOK_INIT(socket_accept, selinux_socket_accept),
5993 .socket_accept = selinux_socket_accept, 5962 LSM_HOOK_INIT(socket_sendmsg, selinux_socket_sendmsg),
5994 .socket_sendmsg = selinux_socket_sendmsg, 5963 LSM_HOOK_INIT(socket_recvmsg, selinux_socket_recvmsg),
5995 .socket_recvmsg = selinux_socket_recvmsg, 5964 LSM_HOOK_INIT(socket_getsockname, selinux_socket_getsockname),
5996 .socket_getsockname = selinux_socket_getsockname, 5965 LSM_HOOK_INIT(socket_getpeername, selinux_socket_getpeername),
5997 .socket_getpeername = selinux_socket_getpeername, 5966 LSM_HOOK_INIT(socket_getsockopt, selinux_socket_getsockopt),
5998 .socket_getsockopt = selinux_socket_getsockopt, 5967 LSM_HOOK_INIT(socket_setsockopt, selinux_socket_setsockopt),
5999 .socket_setsockopt = selinux_socket_setsockopt, 5968 LSM_HOOK_INIT(socket_shutdown, selinux_socket_shutdown),
6000 .socket_shutdown = selinux_socket_shutdown, 5969 LSM_HOOK_INIT(socket_sock_rcv_skb, selinux_socket_sock_rcv_skb),
6001 .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb, 5970 LSM_HOOK_INIT(socket_getpeersec_stream,
6002 .socket_getpeersec_stream = selinux_socket_getpeersec_stream, 5971 selinux_socket_getpeersec_stream),
6003 .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram, 5972 LSM_HOOK_INIT(socket_getpeersec_dgram, selinux_socket_getpeersec_dgram),
6004 .sk_alloc_security = selinux_sk_alloc_security, 5973 LSM_HOOK_INIT(sk_alloc_security, selinux_sk_alloc_security),
6005 .sk_free_security = selinux_sk_free_security, 5974 LSM_HOOK_INIT(sk_free_security, selinux_sk_free_security),
6006 .sk_clone_security = selinux_sk_clone_security, 5975 LSM_HOOK_INIT(sk_clone_security, selinux_sk_clone_security),
6007 .sk_getsecid = selinux_sk_getsecid, 5976 LSM_HOOK_INIT(sk_getsecid, selinux_sk_getsecid),
6008 .sock_graft = selinux_sock_graft, 5977 LSM_HOOK_INIT(sock_graft, selinux_sock_graft),
6009 .inet_conn_request = selinux_inet_conn_request, 5978 LSM_HOOK_INIT(inet_conn_request, selinux_inet_conn_request),
6010 .inet_csk_clone = selinux_inet_csk_clone, 5979 LSM_HOOK_INIT(inet_csk_clone, selinux_inet_csk_clone),
6011 .inet_conn_established = selinux_inet_conn_established, 5980 LSM_HOOK_INIT(inet_conn_established, selinux_inet_conn_established),
6012 .secmark_relabel_packet = selinux_secmark_relabel_packet, 5981 LSM_HOOK_INIT(secmark_relabel_packet, selinux_secmark_relabel_packet),
6013 .secmark_refcount_inc = selinux_secmark_refcount_inc, 5982 LSM_HOOK_INIT(secmark_refcount_inc, selinux_secmark_refcount_inc),
6014 .secmark_refcount_dec = selinux_secmark_refcount_dec, 5983 LSM_HOOK_INIT(secmark_refcount_dec, selinux_secmark_refcount_dec),
6015 .req_classify_flow = selinux_req_classify_flow, 5984 LSM_HOOK_INIT(req_classify_flow, selinux_req_classify_flow),
6016 .tun_dev_alloc_security = selinux_tun_dev_alloc_security, 5985 LSM_HOOK_INIT(tun_dev_alloc_security, selinux_tun_dev_alloc_security),
6017 .tun_dev_free_security = selinux_tun_dev_free_security, 5986 LSM_HOOK_INIT(tun_dev_free_security, selinux_tun_dev_free_security),
6018 .tun_dev_create = selinux_tun_dev_create, 5987 LSM_HOOK_INIT(tun_dev_create, selinux_tun_dev_create),
6019 .tun_dev_attach_queue = selinux_tun_dev_attach_queue, 5988 LSM_HOOK_INIT(tun_dev_attach_queue, selinux_tun_dev_attach_queue),
6020 .tun_dev_attach = selinux_tun_dev_attach, 5989 LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach),
6021 .tun_dev_open = selinux_tun_dev_open, 5990 LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open),
6022 5991
6023#ifdef CONFIG_SECURITY_NETWORK_XFRM 5992#ifdef CONFIG_SECURITY_NETWORK_XFRM
6024 .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc, 5993 LSM_HOOK_INIT(xfrm_policy_alloc_security, selinux_xfrm_policy_alloc),
6025 .xfrm_policy_clone_security = selinux_xfrm_policy_clone, 5994 LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),
6026 .xfrm_policy_free_security = selinux_xfrm_policy_free, 5995 LSM_HOOK_INIT(xfrm_policy_free_security, selinux_xfrm_policy_free),
6027 .xfrm_policy_delete_security = selinux_xfrm_policy_delete, 5996 LSM_HOOK_INIT(xfrm_policy_delete_security, selinux_xfrm_policy_delete),
6028 .xfrm_state_alloc = selinux_xfrm_state_alloc, 5997 LSM_HOOK_INIT(xfrm_state_alloc, selinux_xfrm_state_alloc),
6029 .xfrm_state_alloc_acquire = selinux_xfrm_state_alloc_acquire, 5998 LSM_HOOK_INIT(xfrm_state_alloc_acquire,
6030 .xfrm_state_free_security = selinux_xfrm_state_free, 5999 selinux_xfrm_state_alloc_acquire),
6031 .xfrm_state_delete_security = selinux_xfrm_state_delete, 6000 LSM_HOOK_INIT(xfrm_state_free_security, selinux_xfrm_state_free),
6032 .xfrm_policy_lookup = selinux_xfrm_policy_lookup, 6001 LSM_HOOK_INIT(xfrm_state_delete_security, selinux_xfrm_state_delete),
6033 .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match, 6002 LSM_HOOK_INIT(xfrm_policy_lookup, selinux_xfrm_policy_lookup),
6034 .xfrm_decode_session = selinux_xfrm_decode_session, 6003 LSM_HOOK_INIT(xfrm_state_pol_flow_match,
6004 selinux_xfrm_state_pol_flow_match),
6005 LSM_HOOK_INIT(xfrm_decode_session, selinux_xfrm_decode_session),
6035#endif 6006#endif
6036 6007
6037#ifdef CONFIG_KEYS 6008#ifdef CONFIG_KEYS
6038 .key_alloc = selinux_key_alloc, 6009 LSM_HOOK_INIT(key_alloc, selinux_key_alloc),
6039 .key_free = selinux_key_free, 6010 LSM_HOOK_INIT(key_free, selinux_key_free),
6040 .key_permission = selinux_key_permission, 6011 LSM_HOOK_INIT(key_permission, selinux_key_permission),
6041 .key_getsecurity = selinux_key_getsecurity, 6012 LSM_HOOK_INIT(key_getsecurity, selinux_key_getsecurity),
6042#endif 6013#endif
6043 6014
6044#ifdef CONFIG_AUDIT 6015#ifdef CONFIG_AUDIT
6045 .audit_rule_init = selinux_audit_rule_init, 6016 LSM_HOOK_INIT(audit_rule_init, selinux_audit_rule_init),
6046 .audit_rule_known = selinux_audit_rule_known, 6017 LSM_HOOK_INIT(audit_rule_known, selinux_audit_rule_known),
6047 .audit_rule_match = selinux_audit_rule_match, 6018 LSM_HOOK_INIT(audit_rule_match, selinux_audit_rule_match),
6048 .audit_rule_free = selinux_audit_rule_free, 6019 LSM_HOOK_INIT(audit_rule_free, selinux_audit_rule_free),
6049#endif 6020#endif
6050}; 6021};
6051 6022
6052static __init int selinux_init(void) 6023static __init int selinux_init(void)
6053{ 6024{
6054 if (!security_module_enable(&selinux_ops)) { 6025 if (!security_module_enable("selinux")) {
6055 selinux_enabled = 0; 6026 selinux_enabled = 0;
6056 return 0; 6027 return 0;
6057 } 6028 }
@@ -6073,8 +6044,7 @@ static __init int selinux_init(void)
6073 0, SLAB_PANIC, NULL); 6044 0, SLAB_PANIC, NULL);
6074 avc_init(); 6045 avc_init();
6075 6046
6076 if (register_security(&selinux_ops)) 6047 security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
6077 panic("SELinux: Unable to register with kernel.\n");
6078 6048
6079 if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET)) 6049 if (avc_add_callback(selinux_netcache_avc_callback, AVC_CALLBACK_RESET))
6080 panic("SELinux: Unable to register AVC netcache callback\n"); 6050 panic("SELinux: Unable to register AVC netcache callback\n");
@@ -6202,7 +6172,7 @@ int selinux_disable(void)
6202 selinux_disabled = 1; 6172 selinux_disabled = 1;
6203 selinux_enabled = 0; 6173 selinux_enabled = 0;
6204 6174
6205 reset_security_ops(); 6175 security_delete_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks));
6206 6176
6207 /* Try to destroy the avc node cache */ 6177 /* Try to destroy the avc node cache */
6208 avc_disable(); 6178 avc_disable();
generated by cgit v1.2.2 (git 2.25.0) at 2025-10-02 06:19:39 -0400