aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2008-04-28 13:08:49 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2008-04-28 13:08:49 -0400
commitcfd299dffe6f47c04c47b95893708cdc65876fbd (patch)
tree469eb611cdda8ee2b0775e018756be8df2d3ffd4
parent6b8588f71890fba78742f90e22390028a6cd706f (diff)
parentc9b7b9793764b171a118d049d4b721a7f5d8ac82 (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6: SELinux: Fix a RCU free problem with the netport cache SELinux: Made netnode cache adds faster SELinux: include/security.h whitespace, syntax, and other cleanups SELinux: policydb.h whitespace, syntax, and other cleanups SELinux: mls_types.h whitespace, syntax, and other cleanups SELinux: mls.h whitespace, syntax, and other cleanups SELinux: hashtab.h whitespace, syntax, and other cleanups SELinux: context.h whitespace, syntax, and other cleanups SELinux: ss/conditional.h whitespace, syntax, and other cleanups SELinux: selinux/include/security.h whitespace, syntax, and other cleanups SELinux: objsec.h whitespace, syntax, and other cleanups SELinux: netlabel.h whitespace, syntax, and other cleanups SELinux: avc_ss.h whitespace, syntax, and other cleanups Fixed up conflict in include/linux/security.h manually
Diffstat
-rw-r--r--include/linux/security.h898
-rw-r--r--security/selinux/include/avc_ss.h9
-rw-r--r--security/selinux/include/netlabel.h2
-rw-r--r--security/selinux/include/objsec.h60
-rw-r--r--security/selinux/include/security.h4
-rw-r--r--security/selinux/netnode.c104
-rw-r--r--security/selinux/netport.c40
-rw-r--r--security/selinux/ss/conditional.h6
-rw-r--r--security/selinux/ss/context.h4
-rw-r--r--security/selinux/ss/hashtab.h6
-rw-r--r--security/selinux/ss/mls.h6
-rw-r--r--security/selinux/ss/mls_types.h4
-rw-r--r--security/selinux/ss/policydb.h10
13 files changed, 570 insertions, 583 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index e6299e50e210..d0a28fd1747a 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -44,27 +44,27 @@ struct audit_krule;
44 * These functions are in security/capability.c and are used 44 * These functions are in security/capability.c and are used
45 * as the default capabilities functions 45 * as the default capabilities functions
46 */ 46 */
47extern int cap_capable (struct task_struct *tsk, int cap); 47extern int cap_capable(struct task_struct *tsk, int cap);
48extern int cap_settime (struct timespec *ts, struct timezone *tz); 48extern int cap_settime(struct timespec *ts, struct timezone *tz);
49extern int cap_ptrace (struct task_struct *parent, struct task_struct *child); 49extern int cap_ptrace(struct task_struct *parent, struct task_struct *child);
50extern int cap_capget (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); 50extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
51extern int cap_capset_check (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); 51extern int cap_capset_check(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
52extern void cap_capset_set (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); 52extern void cap_capset_set(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
53extern int cap_bprm_set_security (struct linux_binprm *bprm); 53extern int cap_bprm_set_security(struct linux_binprm *bprm);
54extern void cap_bprm_apply_creds (struct linux_binprm *bprm, int unsafe); 54extern void cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe);
55extern int cap_bprm_secureexec(struct linux_binprm *bprm); 55extern int cap_bprm_secureexec(struct linux_binprm *bprm);
56extern int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags); 56extern int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags);
57extern int cap_inode_removexattr(struct dentry *dentry, char *name); 57extern int cap_inode_removexattr(struct dentry *dentry, char *name);
58extern int cap_inode_need_killpriv(struct dentry *dentry); 58extern int cap_inode_need_killpriv(struct dentry *dentry);
59extern int cap_inode_killpriv(struct dentry *dentry); 59extern int cap_inode_killpriv(struct dentry *dentry);
60extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); 60extern int cap_task_post_setuid(uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
61extern void cap_task_reparent_to_init (struct task_struct *p); 61extern void cap_task_reparent_to_init(struct task_struct *p);
62extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, 62extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
63 unsigned long arg4, unsigned long arg5, long *rc_p); 63 unsigned long arg4, unsigned long arg5, long *rc_p);
64extern int cap_task_setscheduler (struct task_struct *p, int policy, struct sched_param *lp); 64extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp);
65extern int cap_task_setioprio (struct task_struct *p, int ioprio); 65extern int cap_task_setioprio(struct task_struct *p, int ioprio);
66extern int cap_task_setnice (struct task_struct *p, int nice); 66extern int cap_task_setnice(struct task_struct *p, int nice);
67extern int cap_syslog (int type); 67extern int cap_syslog(int type);
68extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); 68extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
69 69
70struct msghdr; 70struct msghdr;
@@ -128,7 +128,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
128{ 128{
129 int i; 129 int i;
130 if (opts->mnt_opts) 130 if (opts->mnt_opts)
131 for(i = 0; i < opts->num_mnt_opts; i++) 131 for (i = 0; i < opts->num_mnt_opts; i++)
132 kfree(opts->mnt_opts[i]); 132 kfree(opts->mnt_opts[i]);
133 kfree(opts->mnt_opts); 133 kfree(opts->mnt_opts);
134 opts->mnt_opts = NULL; 134 opts->mnt_opts = NULL;
@@ -190,21 +190,21 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
190 * @bprm contains the linux_binprm structure. 190 * @bprm contains the linux_binprm structure.
191 * Return 0 if the hook is successful and permission is granted. 191 * Return 0 if the hook is successful and permission is granted.
192 * @bprm_check_security: 192 * @bprm_check_security:
193 * This hook mediates the point when a search for a binary handler will 193 * This hook mediates the point when a search for a binary handler will
194 * begin. It allows a check the @bprm->security value which is set in 194 * begin. It allows a check the @bprm->security value which is set in
195 * the preceding set_security call. The primary difference from 195 * the preceding set_security call. The primary difference from
196 * set_security is that the argv list and envp list are reliably 196 * set_security is that the argv list and envp list are reliably
197 * available in @bprm. This hook may be called multiple times 197 * available in @bprm. This hook may be called multiple times
198 * during a single execve; and in each pass set_security is called 198 * during a single execve; and in each pass set_security is called
199 * first. 199 * first.
200 * @bprm contains the linux_binprm structure. 200 * @bprm contains the linux_binprm structure.
201 * Return 0 if the hook is successful and permission is granted. 201 * Return 0 if the hook is successful and permission is granted.
202 * @bprm_secureexec: 202 * @bprm_secureexec:
203 * Return a boolean value (0 or 1) indicating whether a "secure exec" 203 * Return a boolean value (0 or 1) indicating whether a "secure exec"
204 * is required. The flag is passed in the auxiliary table 204 * is required. The flag is passed in the auxiliary table
205 * on the initial stack to the ELF interpreter to indicate whether libc 205 * on the initial stack to the ELF interpreter to indicate whether libc
206 * should enable secure mode. 206 * should enable secure mode.
207 * @bprm contains the linux_binprm structure. 207 * @bprm contains the linux_binprm structure.
208 * 208 *
209 * Security hooks for filesystem operations. 209 * Security hooks for filesystem operations.
210 * 210 *
@@ -221,7 +221,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
221 * Check permission before obtaining filesystem statistics for the @mnt 221 * Check permission before obtaining filesystem statistics for the @mnt
222 * mountpoint. 222 * mountpoint.
223 * @dentry is a handle on the superblock for the filesystem. 223 * @dentry is a handle on the superblock for the filesystem.
224 * Return 0 if permission is granted. 224 * Return 0 if permission is granted.
225 * @sb_mount: 225 * @sb_mount:
226 * Check permission before an object specified by @dev_name is mounted on 226 * Check permission before an object specified by @dev_name is mounted on
227 * the mount point named by @nd. For an ordinary mount, @dev_name 227 * the mount point named by @nd. For an ordinary mount, @dev_name
@@ -282,12 +282,12 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
282 * @sb_pivotroot: 282 * @sb_pivotroot:
283 * Check permission before pivoting the root filesystem. 283 * Check permission before pivoting the root filesystem.
284 * @old_path contains the path for the new location of the current root (put_old). 284 * @old_path contains the path for the new location of the current root (put_old).
285 * @new_path contains the path for the new root (new_root). 285 * @new_path contains the path for the new root (new_root).
286 * Return 0 if permission is granted. 286 * Return 0 if permission is granted.
287 * @sb_post_pivotroot: 287 * @sb_post_pivotroot:
288 * Update module state after a successful pivot. 288 * Update module state after a successful pivot.
289 * @old_path contains the path for the old root. 289 * @old_path contains the path for the old root.
290 * @new_path contains the path for the new root. 290 * @new_path contains the path for the new root.
291 * @sb_get_mnt_opts: 291 * @sb_get_mnt_opts:
292 * Get the security relevant mount options used for a superblock 292 * Get the security relevant mount options used for a superblock
293 * @sb the superblock to get security mount options from 293 * @sb the superblock to get security mount options from
@@ -316,9 +316,9 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
316 * @inode_free_security: 316 * @inode_free_security:
317 * @inode contains the inode structure. 317 * @inode contains the inode structure.
318 * Deallocate the inode security structure and set @inode->i_security to 318 * Deallocate the inode security structure and set @inode->i_security to
319 * NULL. 319 * NULL.
320 * @inode_init_security: 320 * @inode_init_security:
321 * Obtain the security attribute name suffix and value to set on a newly 321 * Obtain the security attribute name suffix and value to set on a newly
322 * created inode and set up the incore security field for the new inode. 322 * created inode and set up the incore security field for the new inode.
323 * This hook is called by the fs code as part of the inode creation 323 * This hook is called by the fs code as part of the inode creation
324 * transaction and provides for atomic labeling of the inode, unlike 324 * transaction and provides for atomic labeling of the inode, unlike
@@ -349,7 +349,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
349 * @new_dentry contains the dentry structure for the new link. 349 * @new_dentry contains the dentry structure for the new link.
350 * Return 0 if permission is granted. 350 * Return 0 if permission is granted.
351 * @inode_unlink: 351 * @inode_unlink:
352 * Check the permission to remove a hard link to a file. 352 * Check the permission to remove a hard link to a file.
353 * @dir contains the inode structure of parent directory of the file. 353 * @dir contains the inode structure of parent directory of the file.
354 * @dentry contains the dentry structure for file to be unlinked. 354 * @dentry contains the dentry structure for file to be unlinked.
355 * Return 0 if permission is granted. 355 * Return 0 if permission is granted.
@@ -361,7 +361,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
361 * Return 0 if permission is granted. 361 * Return 0 if permission is granted.
362 * @inode_mkdir: 362 * @inode_mkdir:
363 * Check permissions to create a new directory in the existing directory 363 * Check permissions to create a new directory in the existing directory
364 * associated with inode strcture @dir. 364 * associated with inode strcture @dir.
365 * @dir containst the inode structure of parent of the directory to be created. 365 * @dir containst the inode structure of parent of the directory to be created.
366 * @dentry contains the dentry structure of new directory. 366 * @dentry contains the dentry structure of new directory.
367 * @mode contains the mode of new directory. 367 * @mode contains the mode of new directory.
@@ -406,7 +406,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
406 * called when the actual read/write operations are performed. 406 * called when the actual read/write operations are performed.
407 * @inode contains the inode structure to check. 407 * @inode contains the inode structure to check.
408 * @mask contains the permission mask. 408 * @mask contains the permission mask.
409 * @nd contains the nameidata (may be NULL). 409 * @nd contains the nameidata (may be NULL).
410 * Return 0 if permission is granted. 410 * Return 0 if permission is granted.
411 * @inode_setattr: 411 * @inode_setattr:
412 * Check permission before setting file attributes. Note that the kernel 412 * Check permission before setting file attributes. Note that the kernel
@@ -428,24 +428,24 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
428 * can use this hook to release any persistent label associated with the 428 * can use this hook to release any persistent label associated with the
429 * inode. 429 * inode.
430 * @inode_setxattr: 430 * @inode_setxattr:
431 * Check permission before setting the extended attributes 431 * Check permission before setting the extended attributes
432 * @value identified by @name for @dentry. 432 * @value identified by @name for @dentry.
433 * Return 0 if permission is granted. 433 * Return 0 if permission is granted.
434 * @inode_post_setxattr: 434 * @inode_post_setxattr:
435 * Update inode security field after successful setxattr operation. 435 * Update inode security field after successful setxattr operation.
436 * @value identified by @name for @dentry. 436 * @value identified by @name for @dentry.
437 * @inode_getxattr: 437 * @inode_getxattr:
438 * Check permission before obtaining the extended attributes 438 * Check permission before obtaining the extended attributes
439 * identified by @name for @dentry. 439 * identified by @name for @dentry.
440 * Return 0 if permission is granted. 440 * Return 0 if permission is granted.
441 * @inode_listxattr: 441 * @inode_listxattr:
442 * Check permission before obtaining the list of extended attribute 442 * Check permission before obtaining the list of extended attribute
443 * names for @dentry. 443 * names for @dentry.
444 * Return 0 if permission is granted. 444 * Return 0 if permission is granted.
445 * @inode_removexattr: 445 * @inode_removexattr:
446 * Check permission before removing the extended attribute 446 * Check permission before removing the extended attribute
447 * identified by @name for @dentry. 447 * identified by @name for @dentry.
448 * Return 0 if permission is granted. 448 * Return 0 if permission is granted.
449 * @inode_getsecurity: 449 * @inode_getsecurity:
450 * Retrieve a copy of the extended attribute representation of the 450 * Retrieve a copy of the extended attribute representation of the
451 * security label associated with @name for @inode via @buffer. Note that 451 * security label associated with @name for @inode via @buffer. Note that
@@ -457,7 +457,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
457 * Set the security label associated with @name for @inode from the 457 * Set the security label associated with @name for @inode from the
458 * extended attribute value @value. @size indicates the size of the 458 * extended attribute value @value. @size indicates the size of the
459 * @value in bytes. @flags may be XATTR_CREATE, XATTR_REPLACE, or 0. 459 * @value in bytes. @flags may be XATTR_CREATE, XATTR_REPLACE, or 0.
460 * Note that @name is the remainder of the attribute name after the 460 * Note that @name is the remainder of the attribute name after the
461 * security. prefix has been removed. 461 * security. prefix has been removed.
462 * Return 0 on success. 462 * Return 0 on success.
463 * @inode_listsecurity: 463 * @inode_listsecurity:
@@ -564,7 +564,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
564 * struct file, so the file structure (and associated security information) 564 * struct file, so the file structure (and associated security information)
565 * can always be obtained: 565 * can always be obtained:
566 * container_of(fown, struct file, f_owner) 566 * container_of(fown, struct file, f_owner)
567 * @tsk contains the structure of task receiving signal. 567 * @tsk contains the structure of task receiving signal.
568 * @fown contains the file owner information. 568 * @fown contains the file owner information.
569 * @sig is the signal that will be sent. When 0, kernel sends SIGIO. 569 * @sig is the signal that will be sent. When 0, kernel sends SIGIO.
570 * Return 0 if permission is granted. 570 * Return 0 if permission is granted.
@@ -724,12 +724,12 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
724 * Return 0 if permission is granted, and non-zero if the security module 724 * Return 0 if permission is granted, and non-zero if the security module
725 * has taken responsibility (setting *rc_p) for the prctl call. 725 * has taken responsibility (setting *rc_p) for the prctl call.
726 * @task_reparent_to_init: 726 * @task_reparent_to_init:
727 * Set the security attributes in @p->security for a kernel thread that 727 * Set the security attributes in @p->security for a kernel thread that
728 * is being reparented to the init task. 728 * is being reparented to the init task.
729 * @p contains the task_struct for the kernel thread. 729 * @p contains the task_struct for the kernel thread.
730 * @task_to_inode: 730 * @task_to_inode:
731 * Set the security attributes for an inode based on an associated task's 731 * Set the security attributes for an inode based on an associated task's
732 * security attributes, e.g. for /proc/pid inodes. 732 * security attributes, e.g. for /proc/pid inodes.
733 * @p contains the task_struct for the task. 733 * @p contains the task_struct for the task.
734 * @inode contains the inode structure for the inode. 734 * @inode contains the inode structure for the inode.
735 * 735 *
@@ -739,7 +739,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
739 * Save security information for a netlink message so that permission 739 * Save security information for a netlink message so that permission
740 * checking can be performed when the message is processed. The security 740 * checking can be performed when the message is processed. The security
741 * information can be saved using the eff_cap field of the 741 * information can be saved using the eff_cap field of the
742 * netlink_skb_parms structure. Also may be used to provide fine 742 * netlink_skb_parms structure. Also may be used to provide fine
743 * grained control over message transmission. 743 * grained control over message transmission.
744 * @sk associated sock of task sending the message., 744 * @sk associated sock of task sending the message.,
745 * @skb contains the sk_buff structure for the netlink message. 745 * @skb contains the sk_buff structure for the netlink message.
@@ -807,14 +807,14 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
807 * @sock contains the socket structure. 807 * @sock contains the socket structure.
808 * @address contains the address to bind to. 808 * @address contains the address to bind to.
809 * @addrlen contains the length of address. 809 * @addrlen contains the length of address.
810 * Return 0 if permission is granted. 810 * Return 0 if permission is granted.
811 * @socket_connect: 811 * @socket_connect:
812 * Check permission before socket protocol layer connect operation 812 * Check permission before socket protocol layer connect operation
813 * attempts to connect socket @sock to a remote address, @address. 813 * attempts to connect socket @sock to a remote address, @address.
814 * @sock contains the socket structure. 814 * @sock contains the socket structure.
815 * @address contains the address of remote endpoint. 815 * @address contains the address of remote endpoint.
816 * @addrlen contains the length of address. 816 * @addrlen contains the length of address.
817 * Return 0 if permission is granted. 817 * Return 0 if permission is granted.
818 * @socket_listen: 818 * @socket_listen:
819 * Check permission before socket protocol layer listen operation. 819 * Check permission before socket protocol layer listen operation.
820 * @sock contains the socket structure. 820 * @sock contains the socket structure.
@@ -844,7 +844,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
844 * @msg contains the message structure. 844 * @msg contains the message structure.
845 * @size contains the size of message structure. 845 * @size contains the size of message structure.
846 * @flags contains the operational flags. 846 * @flags contains the operational flags.
847 * Return 0 if permission is granted. 847 * Return 0 if permission is granted.
848 * @socket_getsockname: 848 * @socket_getsockname:
849 * Check permission before the local address (name) of the socket object 849 * Check permission before the local address (name) of the socket object
850 * @sock is retrieved. 850 * @sock is retrieved.
@@ -868,7 +868,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
868 * @sock contains the socket structure. 868 * @sock contains the socket structure.
869 * @level contains the protocol level to set options for. 869 * @level contains the protocol level to set options for.
870 * @optname contains the name of the option to set. 870 * @optname contains the name of the option to set.
871 * Return 0 if permission is granted. 871 * Return 0 if permission is granted.
872 * @socket_shutdown: 872 * @socket_shutdown:
873 * Checks permission before all or part of a connection on the socket 873 * Checks permission before all or part of a connection on the socket
874 * @sock is shut down. 874 * @sock is shut down.
@@ -895,19 +895,19 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
895 * Return 0 if all is well, otherwise, typical getsockopt return 895 * Return 0 if all is well, otherwise, typical getsockopt return
896 * values. 896 * values.
897 * @socket_getpeersec_dgram: 897 * @socket_getpeersec_dgram:
898 * This hook allows the security module to provide peer socket security 898 * This hook allows the security module to provide peer socket security
899 * state for udp sockets on a per-packet basis to userspace via 899 * state for udp sockets on a per-packet basis to userspace via
900 * getsockopt SO_GETPEERSEC. The application must first have indicated 900 * getsockopt SO_GETPEERSEC. The application must first have indicated
901 * the IP_PASSSEC option via getsockopt. It can then retrieve the 901 * the IP_PASSSEC option via getsockopt. It can then retrieve the
902 * security state returned by this hook for a packet via the SCM_SECURITY 902 * security state returned by this hook for a packet via the SCM_SECURITY
903 * ancillary message type. 903 * ancillary message type.
904 * @skb is the skbuff for the packet being queried 904 * @skb is the skbuff for the packet being queried
905 * @secdata is a pointer to a buffer in which to copy the security data 905 * @secdata is a pointer to a buffer in which to copy the security data
906 * @seclen is the maximum length for @secdata 906 * @seclen is the maximum length for @secdata
907 * Return 0 on success, error on failure. 907 * Return 0 on success, error on failure.
908 * @sk_alloc_security: 908 * @sk_alloc_security:
909 * Allocate and attach a security structure to the sk->sk_security field, 909 * Allocate and attach a security structure to the sk->sk_security field,
910 * which is used to copy security attributes between local stream sockets. 910 * which is used to copy security attributes between local stream sockets.
911 * @sk_free_security: 911 * @sk_free_security:
912 * Deallocate security structure. 912 * Deallocate security structure.
913 * @sk_clone_security: 913 * @sk_clone_security:
@@ -922,7 +922,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
922 * @inet_csk_clone: 922 * @inet_csk_clone:
923 * Sets the new child socket's sid to the openreq sid. 923 * Sets the new child socket's sid to the openreq sid.
924 * @inet_conn_established: 924 * @inet_conn_established:
925 * Sets the connection's peersid to the secmark on skb. 925 * Sets the connection's peersid to the secmark on skb.
926 * @req_classify_flow: 926 * @req_classify_flow:
927 * Sets the flow's sid to the openreq sid. 927 * Sets the flow's sid to the openreq sid.
928 * 928 *
@@ -1001,13 +1001,13 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1001 * No return value. 1001 * No return value.
1002 * @key_permission: 1002 * @key_permission:
1003 * See whether a specific operational right is granted to a process on a 1003 * See whether a specific operational right is granted to a process on a
1004 * key. 1004 * key.
1005 * @key_ref refers to the key (key pointer + possession attribute bit). 1005 * @key_ref refers to the key (key pointer + possession attribute bit).
1006 * @context points to the process to provide the context against which to 1006 * @context points to the process to provide the context against which to
1007 * evaluate the security data on the key. 1007 * evaluate the security data on the key.
1008 * @perm describes the combination of permissions required of this key. 1008 * @perm describes the combination of permissions required of this key.
1009 * Return 1 if permission granted, 0 if permission denied and -ve it the 1009 * Return 1 if permission granted, 0 if permission denied and -ve it the
1010 * normal permissions model should be effected. 1010 * normal permissions model should be effected.
1011 * 1011 *
1012 * Security hooks affecting all System V IPC operations. 1012 * Security hooks affecting all System V IPC operations.
1013 * 1013 *
@@ -1058,7 +1058,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1058 * The @msq may be NULL, e.g. for IPC_INFO or MSG_INFO. 1058 * The @msq may be NULL, e.g. for IPC_INFO or MSG_INFO.
1059 * @msq contains the message queue to act upon. May be NULL. 1059 * @msq contains the message queue to act upon. May be NULL.
1060 * @cmd contains the operation to be performed. 1060 * @cmd contains the operation to be performed.
1061 * Return 0 if permission is granted. 1061 * Return 0 if permission is granted.
1062 * @msg_queue_msgsnd: 1062 * @msg_queue_msgsnd:
1063 * Check permission before a message, @msg, is enqueued on the message 1063 * Check permission before a message, @msg, is enqueued on the message
1064 * queue, @msq. 1064 * queue, @msq.
@@ -1068,8 +1068,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1068 * Return 0 if permission is granted. 1068 * Return 0 if permission is granted.
1069 * @msg_queue_msgrcv: 1069 * @msg_queue_msgrcv:
1070 * Check permission before a message, @msg, is removed from the message 1070 * Check permission before a message, @msg, is removed from the message
1071 * queue, @msq. The @target task structure contains a pointer to the 1071 * queue, @msq. The @target task structure contains a pointer to the
1072 * process that will be receiving the message (not equal to the current 1072 * process that will be receiving the message (not equal to the current
1073 * process when inline receives are being performed). 1073 * process when inline receives are being performed).
1074 * @msq contains the message queue to retrieve message from. 1074 * @msq contains the message queue to retrieve message from.
1075 * @msg contains the message destination. 1075 * @msg contains the message destination.
@@ -1134,15 +1134,15 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1134 * Return 0 if permission is granted. 1134 * Return 0 if permission is granted.
1135 * @sem_semctl: 1135 * @sem_semctl:
1136 * Check permission when a semaphore operation specified by @cmd is to be 1136 * Check permission when a semaphore operation specified by @cmd is to be
1137 * performed on the semaphore @sma. The @sma may be NULL, e.g. for 1137 * performed on the semaphore @sma. The @sma may be NULL, e.g. for
1138 * IPC_INFO or SEM_INFO. 1138 * IPC_INFO or SEM_INFO.
1139 * @sma contains the semaphore structure. May be NULL. 1139 * @sma contains the semaphore structure. May be NULL.
1140 * @cmd contains the operation to be performed. 1140 * @cmd contains the operation to be performed.
1141 * Return 0 if permission is granted. 1141 * Return 0 if permission is granted.
1142 * @sem_semop 1142 * @sem_semop
1143 * Check permissions before performing operations on members of the 1143 * Check permissions before performing operations on members of the
1144 * semaphore set @sma. If the @alter flag is nonzero, the semaphore set 1144 * semaphore set @sma. If the @alter flag is nonzero, the semaphore set
1145 * may be modified. 1145 * may be modified.
1146 * @sma contains the semaphore structure. 1146 * @sma contains the semaphore structure.
1147 * @sops contains the operations to perform. 1147 * @sops contains the operations to perform.
1148 * @nsops contains the number of operations to perform. 1148 * @nsops contains the number of operations to perform.
@@ -1213,7 +1213,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1213 * @syslog: 1213 * @syslog:
1214 * Check permission before accessing the kernel message ring or changing 1214 * Check permission before accessing the kernel message ring or changing
1215 * logging to the console. 1215 * logging to the console.
1216 * See the syslog(2) manual page for an explanation of the @type values. 1216 * See the syslog(2) manual page for an explanation of the @type values.
1217 * @type contains the type of action. 1217 * @type contains the type of action.
1218 * Return 0 if permission is granted. 1218 * Return 0 if permission is granted.
1219 * @settime: 1219 * @settime:
@@ -1225,22 +1225,22 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1225 * @vm_enough_memory: 1225 * @vm_enough_memory:
1226 * Check permissions for allocating a new virtual mapping. 1226 * Check permissions for allocating a new virtual mapping.
1227 * @mm contains the mm struct it is being added to. 1227 * @mm contains the mm struct it is being added to.
1228 * @pages contains the number of pages. 1228 * @pages contains the number of pages.
1229 * Return 0 if permission is granted. 1229 * Return 0 if permission is granted.
1230 * 1230 *
1231 * @register_security: 1231 * @register_security:
1232 * allow module stacking. 1232 * allow module stacking.
1233 * @name contains the name of the security module being stacked. 1233 * @name contains the name of the security module being stacked.
1234 * @ops contains a pointer to the struct security_operations of the module to stack. 1234 * @ops contains a pointer to the struct security_operations of the module to stack.
1235 * 1235 *
1236 * @secid_to_secctx: 1236 * @secid_to_secctx:
1237 * Convert secid to security context. 1237 * Convert secid to security context.
1238 * @secid contains the security ID. 1238 * @secid contains the security ID.
1239 * @secdata contains the pointer that stores the converted security context. 1239 * @secdata contains the pointer that stores the converted security context.
1240 * @secctx_to_secid: 1240 * @secctx_to_secid:
1241 * Convert security context to secid. 1241 * Convert security context to secid.
1242 * @secid contains the pointer to the generated security ID. 1242 * @secid contains the pointer to the generated security ID.
1243 * @secdata contains the security context. 1243 * @secdata contains the security context.
1244 * 1244 *
1245 * @release_secctx: 1245 * @release_secctx:
1246 * Release the security context. 1246 * Release the security context.
@@ -1283,49 +1283,49 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1283struct security_operations { 1283struct security_operations {
1284 char name[SECURITY_NAME_MAX + 1]; 1284 char name[SECURITY_NAME_MAX + 1];
1285 1285
1286 int (*ptrace) (struct task_struct * parent, struct task_struct * child); 1286 int (*ptrace) (struct task_struct *parent, struct task_struct *child);
1287 int (*capget) (struct task_struct * target, 1287 int (*capget) (struct task_struct *target,
1288 kernel_cap_t * effective, 1288 kernel_cap_t *effective,
1289 kernel_cap_t * inheritable, kernel_cap_t * permitted); 1289 kernel_cap_t *inheritable, kernel_cap_t *permitted);
1290 int (*capset_check) (struct task_struct * target, 1290 int (*capset_check) (struct task_struct *target,
1291 kernel_cap_t * effective, 1291 kernel_cap_t *effective,
1292 kernel_cap_t * inheritable, 1292 kernel_cap_t *inheritable,
1293 kernel_cap_t * permitted); 1293 kernel_cap_t *permitted);
1294 void (*capset_set) (struct task_struct * target, 1294 void (*capset_set) (struct task_struct *target,
1295 kernel_cap_t * effective, 1295 kernel_cap_t *effective,
1296 kernel_cap_t * inheritable, 1296 kernel_cap_t *inheritable,
1297 kernel_cap_t * permitted); 1297 kernel_cap_t *permitted);
1298 int (*capable) (struct task_struct * tsk, int cap); 1298 int (*capable) (struct task_struct *tsk, int cap);
1299 int (*acct) (struct file * file); 1299 int (*acct) (struct file *file);
1300 int (*sysctl) (struct ctl_table * table, int op); 1300 int (*sysctl) (struct ctl_table *table, int op);
1301 int (*quotactl) (int cmds, int type, int id, struct super_block * sb); 1301 int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
1302 int (*quota_on) (struct dentry * dentry); 1302 int (*quota_on) (struct dentry *dentry);
1303 int (*syslog) (int type); 1303 int (*syslog) (int type);
1304 int (*settime) (struct timespec *ts, struct timezone *tz); 1304 int (*settime) (struct timespec *ts, struct timezone *tz);
1305 int (*vm_enough_memory) (struct mm_struct *mm, long pages); 1305 int (*vm_enough_memory) (struct mm_struct *mm, long pages);
1306 1306
1307 int (*bprm_alloc_security) (struct linux_binprm * bprm); 1307 int (*bprm_alloc_security) (struct linux_binprm *bprm);
1308 void (*bprm_free_security) (struct linux_binprm * bprm); 1308 void (*bprm_free_security) (struct linux_binprm *bprm);
1309 void (*bprm_apply_creds) (struct linux_binprm * bprm, int unsafe); 1309 void (*bprm_apply_creds) (struct linux_binprm *bprm, int unsafe);
1310 void (*bprm_post_apply_creds) (struct linux_binprm * bprm); 1310 void (*bprm_post_apply_creds) (struct linux_binprm *bprm);
1311 int (*bprm_set_security) (struct linux_binprm * bprm); 1311 int (*bprm_set_security) (struct linux_binprm *bprm);
1312 int (*bprm_check_security) (struct linux_binprm * bprm); 1312 int (*bprm_check_security) (struct linux_binprm *bprm);
1313 int (*bprm_secureexec) (struct linux_binprm * bprm); 1313 int (*bprm_secureexec) (struct linux_binprm *bprm);
1314 1314
1315 int (*sb_alloc_security) (struct super_block * sb); 1315 int (*sb_alloc_security) (struct super_block *sb);
1316 void (*sb_free_security) (struct super_block * sb); 1316 void (*sb_free_security) (struct super_block *sb);
1317 int (*sb_copy_data)(char *orig, char *copy); 1317 int (*sb_copy_data) (char *orig, char *copy);
1318 int (*sb_kern_mount) (struct super_block *sb, void *data); 1318 int (*sb_kern_mount) (struct super_block *sb, void *data);
1319 int (*sb_statfs) (struct dentry *dentry); 1319 int (*sb_statfs) (struct dentry *dentry);
1320 int (*sb_mount) (char *dev_name, struct path *path, 1320 int (*sb_mount) (char *dev_name, struct path *path,
1321 char *type, unsigned long flags, void *data); 1321 char *type, unsigned long flags, void *data);
1322 int (*sb_check_sb) (struct vfsmount * mnt, struct path *path); 1322 int (*sb_check_sb) (struct vfsmount *mnt, struct path *path);
1323 int (*sb_umount) (struct vfsmount * mnt, int flags); 1323 int (*sb_umount) (struct vfsmount *mnt, int flags);
1324 void (*sb_umount_close) (struct vfsmount * mnt); 1324 void (*sb_umount_close) (struct vfsmount *mnt);
1325 void (*sb_umount_busy) (struct vfsmount * mnt); 1325 void (*sb_umount_busy) (struct vfsmount *mnt);
1326 void (*sb_post_remount) (struct vfsmount * mnt, 1326 void (*sb_post_remount) (struct vfsmount *mnt,
1327 unsigned long flags, void *data); 1327 unsigned long flags, void *data);
1328 void (*sb_post_addmount) (struct vfsmount * mnt, 1328 void (*sb_post_addmount) (struct vfsmount *mnt,
1329 struct path *mountpoint); 1329 struct path *mountpoint);
1330 int (*sb_pivotroot) (struct path *old_path, 1330 int (*sb_pivotroot) (struct path *old_path,
1331 struct path *new_path); 1331 struct path *new_path);
@@ -1339,29 +1339,29 @@ struct security_operations {
1339 struct super_block *newsb); 1339 struct super_block *newsb);
1340 int (*sb_parse_opts_str) (char *options, struct security_mnt_opts *opts); 1340 int (*sb_parse_opts_str) (char *options, struct security_mnt_opts *opts);
1341 1341
1342 int (*inode_alloc_security) (struct inode *inode); 1342 int (*inode_alloc_security) (struct inode *inode);
1343 void (*inode_free_security) (struct inode *inode); 1343 void (*inode_free_security) (struct inode *inode);
1344 int (*inode_init_security) (struct inode *inode, struct inode *dir, 1344 int (*inode_init_security) (struct inode *inode, struct inode *dir,
1345 char **name, void **value, size_t *len); 1345 char **name, void **value, size_t *len);
1346 int (*inode_create) (struct inode *dir, 1346 int (*inode_create) (struct inode *dir,
1347 struct dentry *dentry, int mode); 1347 struct dentry *dentry, int mode);
1348 int (*inode_link) (struct dentry *old_dentry, 1348 int (*inode_link) (struct dentry *old_dentry,
1349 struct inode *dir, struct dentry *new_dentry); 1349 struct inode *dir, struct dentry *new_dentry);
1350 int (*inode_unlink) (struct inode *dir, struct dentry *dentry); 1350 int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
1351 int (*inode_symlink) (struct inode *dir, 1351 int (*inode_symlink) (struct inode *dir,
1352 struct dentry *dentry, const char *old_name); 1352 struct dentry *dentry, const char *old_name);
1353 int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, int mode); 1353 int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, int mode);
1354 int (*inode_rmdir) (struct inode *dir, struct dentry *dentry); 1354 int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
1355 int (*inode_mknod) (struct inode *dir, struct dentry *dentry, 1355 int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
1356 int mode, dev_t dev); 1356 int mode, dev_t dev);
1357 int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry, 1357 int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
1358 struct inode *new_dir, struct dentry *new_dentry); 1358 struct inode *new_dir, struct dentry *new_dentry);
1359 int (*inode_readlink) (struct dentry *dentry); 1359 int (*inode_readlink) (struct dentry *dentry);
1360 int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd); 1360 int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
1361 int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd); 1361 int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd);
1362 int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); 1362 int (*inode_setattr) (struct dentry *dentry, struct iattr *attr);
1363 int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); 1363 int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry);
1364 void (*inode_delete) (struct inode *inode); 1364 void (*inode_delete) (struct inode *inode);
1365 int (*inode_setxattr) (struct dentry *dentry, char *name, void *value, 1365 int (*inode_setxattr) (struct dentry *dentry, char *name, void *value,
1366 size_t size, int flags); 1366 size_t size, int flags);
1367 void (*inode_post_setxattr) (struct dentry *dentry, char *name, void *value, 1367 void (*inode_post_setxattr) (struct dentry *dentry, char *name, void *value,
@@ -1371,145 +1371,145 @@ struct security_operations {
1371 int (*inode_removexattr) (struct dentry *dentry, char *name); 1371 int (*inode_removexattr) (struct dentry *dentry, char *name);
1372 int (*inode_need_killpriv) (struct dentry *dentry); 1372 int (*inode_need_killpriv) (struct dentry *dentry);
1373 int (*inode_killpriv) (struct dentry *dentry); 1373 int (*inode_killpriv) (struct dentry *dentry);
1374 int (*inode_getsecurity)(const struct inode *inode, const char *name, void **buffer, bool alloc); 1374 int (*inode_getsecurity) (const struct inode *inode, const char *name, void **buffer, bool alloc);
1375 int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); 1375 int (*inode_setsecurity) (struct inode *inode, const char *name, const void *value, size_t size, int flags);
1376 int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); 1376 int (*inode_listsecurity) (struct inode *inode, char *buffer, size_t buffer_size);
1377 void (*inode_getsecid)(const struct inode *inode, u32 *secid); 1377 void (*inode_getsecid) (const struct inode *inode, u32 *secid);
1378 1378
1379 int (*file_permission) (struct file * file, int mask); 1379 int (*file_permission) (struct file *file, int mask);
1380 int (*file_alloc_security) (struct file * file); 1380 int (*file_alloc_security) (struct file *file);
1381 void (*file_free_security) (struct file * file); 1381 void (*file_free_security) (struct file *file);
1382 int (*file_ioctl) (struct file * file, unsigned int cmd, 1382 int (*file_ioctl) (struct file *file, unsigned int cmd,
1383 unsigned long arg); 1383 unsigned long arg);
1384 int (*file_mmap) (struct file * file, 1384 int (*file_mmap) (struct file *file,
1385 unsigned long reqprot, unsigned long prot, 1385 unsigned long reqprot, unsigned long prot,
1386 unsigned long flags, unsigned long addr, 1386 unsigned long flags, unsigned long addr,
1387 unsigned long addr_only); 1387 unsigned long addr_only);
1388 int (*file_mprotect) (struct vm_area_struct * vma, 1388 int (*file_mprotect) (struct vm_area_struct *vma,
1389 unsigned long reqprot, 1389 unsigned long reqprot,
1390 unsigned long prot); 1390 unsigned long prot);
1391 int (*file_lock) (struct file * file, unsigned int cmd); 1391 int (*file_lock) (struct file *file, unsigned int cmd);
1392 int (*file_fcntl) (struct file * file, unsigned int cmd, 1392 int (*file_fcntl) (struct file *file, unsigned int cmd,
1393 unsigned long arg); 1393 unsigned long arg);
1394 int (*file_set_fowner) (struct file * file); 1394 int (*file_set_fowner) (struct file *file);
1395 int (*file_send_sigiotask) (struct task_struct * tsk, 1395 int (*file_send_sigiotask) (struct task_struct *tsk,
1396 struct fown_struct * fown, int sig); 1396 struct fown_struct *fown, int sig);
1397 int (*file_receive) (struct file * file); 1397 int (*file_receive) (struct file *file);
1398 int (*dentry_open) (struct file *file); 1398 int (*dentry_open) (struct file *file);
1399 1399
1400 int (*task_create) (unsigned long clone_flags); 1400 int (*task_create) (unsigned long clone_flags);
1401 int (*task_alloc_security) (struct task_struct * p); 1401 int (*task_alloc_security) (struct task_struct *p);
1402 void (*task_free_security) (struct task_struct * p); 1402 void (*task_free_security) (struct task_struct *p);
1403 int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); 1403 int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags);
1404 int (*task_post_setuid) (uid_t old_ruid /* or fsuid */ , 1404 int (*task_post_setuid) (uid_t old_ruid /* or fsuid */ ,
1405 uid_t old_euid, uid_t old_suid, int flags); 1405 uid_t old_euid, uid_t old_suid, int flags);
1406 int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); 1406 int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags);
1407 int (*task_setpgid) (struct task_struct * p, pid_t pgid); 1407 int (*task_setpgid) (struct task_struct *p, pid_t pgid);
1408 int (*task_getpgid) (struct task_struct * p); 1408 int (*task_getpgid) (struct task_struct *p);
1409 int (*task_getsid) (struct task_struct * p); 1409 int (*task_getsid) (struct task_struct *p);
1410 void (*task_getsecid) (struct task_struct * p, u32 * secid); 1410 void (*task_getsecid) (struct task_struct *p, u32 *secid);
1411 int (*task_setgroups) (struct group_info *group_info); 1411 int (*task_setgroups) (struct group_info *group_info);
1412 int (*task_setnice) (struct task_struct * p, int nice); 1412 int (*task_setnice) (struct task_struct *p, int nice);
1413 int (*task_setioprio) (struct task_struct * p, int ioprio); 1413 int (*task_setioprio) (struct task_struct *p, int ioprio);
1414 int (*task_getioprio) (struct task_struct * p); 1414 int (*task_getioprio) (struct task_struct *p);
1415 int (*task_setrlimit) (unsigned int resource, struct rlimit * new_rlim); 1415 int (*task_setrlimit) (unsigned int resource, struct rlimit *new_rlim);
1416 int (*task_setscheduler) (struct task_struct * p, int policy, 1416 int (*task_setscheduler) (struct task_struct *p, int policy,
1417 struct sched_param * lp); 1417 struct sched_param *lp);
1418 int (*task_getscheduler) (struct task_struct * p); 1418 int (*task_getscheduler) (struct task_struct *p);
1419 int (*task_movememory) (struct task_struct * p); 1419 int (*task_movememory) (struct task_struct *p);
1420 int (*task_kill) (struct task_struct * p, 1420 int (*task_kill) (struct task_struct *p,
1421 struct siginfo * info, int sig, u32 secid); 1421 struct siginfo *info, int sig, u32 secid);
1422 int (*task_wait) (struct task_struct * p); 1422 int (*task_wait) (struct task_struct *p);
1423 int (*task_prctl) (int option, unsigned long arg2, 1423 int (*task_prctl) (int option, unsigned long arg2,
1424 unsigned long arg3, unsigned long arg4, 1424 unsigned long arg3, unsigned long arg4,
1425 unsigned long arg5, long *rc_p); 1425 unsigned long arg5, long *rc_p);
1426 void (*task_reparent_to_init) (struct task_struct * p); 1426 void (*task_reparent_to_init) (struct task_struct *p);
1427 void (*task_to_inode)(struct task_struct *p, struct inode *inode); 1427 void (*task_to_inode) (struct task_struct *p, struct inode *inode);
1428 1428
1429 int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); 1429 int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag);
1430 void (*ipc_getsecid) (struct kern_ipc_perm *ipcp, u32 *secid); 1430 void (*ipc_getsecid) (struct kern_ipc_perm *ipcp, u32 *secid);
1431 1431
1432 int (*msg_msg_alloc_security) (struct msg_msg * msg); 1432 int (*msg_msg_alloc_security) (struct msg_msg *msg);
1433 void (*msg_msg_free_security) (struct msg_msg * msg); 1433 void (*msg_msg_free_security) (struct msg_msg *msg);
1434 1434
1435 int (*msg_queue_alloc_security) (struct msg_queue * msq); 1435 int (*msg_queue_alloc_security) (struct msg_queue *msq);
1436 void (*msg_queue_free_security) (struct msg_queue * msq); 1436 void (*msg_queue_free_security) (struct msg_queue *msq);
1437 int (*msg_queue_associate) (struct msg_queue * msq, int msqflg); 1437 int (*msg_queue_associate) (struct msg_queue *msq, int msqflg);
1438 int (*msg_queue_msgctl) (struct msg_queue * msq, int cmd); 1438 int (*msg_queue_msgctl) (struct msg_queue *msq, int cmd);
1439 int (*msg_queue_msgsnd) (struct msg_queue * msq, 1439 int (*msg_queue_msgsnd) (struct msg_queue *msq,
1440 struct msg_msg * msg, int msqflg); 1440 struct msg_msg *msg, int msqflg);
1441 int (*msg_queue_msgrcv) (struct msg_queue * msq, 1441 int (*msg_queue_msgrcv) (struct msg_queue *msq,
1442 struct msg_msg * msg, 1442 struct msg_msg *msg,
1443 struct task_struct * target, 1443 struct task_struct *target,
1444 long type, int mode); 1444 long type, int mode);
1445 1445
1446 int (*shm_alloc_security) (struct shmid_kernel * shp); 1446 int (*shm_alloc_security) (struct shmid_kernel *shp);
1447 void (*shm_free_security) (struct shmid_kernel * shp); 1447 void (*shm_free_security) (struct shmid_kernel *shp);
1448 int (*shm_associate) (struct shmid_kernel * shp, int shmflg); 1448 int (*shm_associate) (struct shmid_kernel *shp, int shmflg);
1449 int (*shm_shmctl) (struct shmid_kernel * shp, int cmd); 1449 int (*shm_shmctl) (struct shmid_kernel *shp, int cmd);
1450 int (*shm_shmat) (struct shmid_kernel * shp, 1450 int (*shm_shmat) (struct shmid_kernel *shp,
1451 char __user *shmaddr, int shmflg); 1451 char __user *shmaddr, int shmflg);
1452 1452
1453 int (*sem_alloc_security) (struct sem_array * sma); 1453 int (*sem_alloc_security) (struct sem_array *sma);
1454 void (*sem_free_security) (struct sem_array * sma); 1454 void (*sem_free_security) (struct sem_array *sma);
1455 int (*sem_associate) (struct sem_array * sma, int semflg); 1455 int (*sem_associate) (struct sem_array *sma, int semflg);
1456 int (*sem_semctl) (struct sem_array * sma, int cmd); 1456 int (*sem_semctl) (struct sem_array *sma, int cmd);
1457 int (*sem_semop) (struct sem_array * sma, 1457 int (*sem_semop) (struct sem_array *sma,
1458 struct sembuf * sops, unsigned nsops, int alter); 1458 struct sembuf *sops, unsigned nsops, int alter);
1459 1459
1460 int (*netlink_send) (struct sock * sk, struct sk_buff * skb); 1460 int (*netlink_send) (struct sock *sk, struct sk_buff *skb);
1461 int (*netlink_recv) (struct sk_buff * skb, int cap); 1461 int (*netlink_recv) (struct sk_buff *skb, int cap);
1462 1462
1463 /* allow module stacking */ 1463 /* allow module stacking */
1464 int (*register_security) (const char *name, 1464 int (*register_security) (const char *name,
1465 struct security_operations *ops); 1465 struct security_operations *ops);
1466 1466
1467 void (*d_instantiate) (struct dentry *dentry, struct inode *inode); 1467 void (*d_instantiate) (struct dentry *dentry, struct inode *inode);
1468 1468
1469 int (*getprocattr)(struct task_struct *p, char *name, char **value); 1469 int (*getprocattr) (struct task_struct *p, char *name, char **value);
1470 int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size); 1470 int (*setprocattr) (struct task_struct *p, char *name, void *value, size_t size);
1471 int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen); 1471 int (*secid_to_secctx) (u32 secid, char **secdata, u32 *seclen);
1472 int (*secctx_to_secid)(char *secdata, u32 seclen, u32 *secid); 1472 int (*secctx_to_secid) (char *secdata, u32 seclen, u32 *secid);
1473 void (*release_secctx)(char *secdata, u32 seclen); 1473 void (*release_secctx) (char *secdata, u32 seclen);
1474 1474
1475#ifdef CONFIG_SECURITY_NETWORK 1475#ifdef CONFIG_SECURITY_NETWORK
1476 int (*unix_stream_connect) (struct socket * sock, 1476 int (*unix_stream_connect) (struct socket *sock,
1477 struct socket * other, struct sock * newsk); 1477 struct socket *other, struct sock *newsk);
1478 int (*unix_may_send) (struct socket * sock, struct socket * other); 1478 int (*unix_may_send) (struct socket *sock, struct socket *other);
1479 1479
1480 int (*socket_create) (int family, int type, int protocol, int kern); 1480 int (*socket_create) (int family, int type, int protocol, int kern);
1481 int (*socket_post_create) (struct socket * sock, int family, 1481 int (*socket_post_create) (struct socket *sock, int family,
1482 int type, int protocol, int kern); 1482 int type, int protocol, int kern);
1483 int (*socket_bind) (struct socket * sock, 1483 int (*socket_bind) (struct socket *sock,
1484 struct sockaddr * address, int addrlen); 1484 struct sockaddr *address, int addrlen);
1485 int (*socket_connect) (struct socket * sock, 1485 int (*socket_connect) (struct socket *sock,
1486 struct sockaddr * address, int addrlen); 1486 struct sockaddr *address, int addrlen);
1487 int (*socket_listen) (struct socket * sock, int backlog); 1487 int (*socket_listen) (struct socket *sock, int backlog);
1488 int (*socket_accept) (struct socket * sock, struct socket * newsock); 1488 int (*socket_accept) (struct socket *sock, struct socket *newsock);
1489 void (*socket_post_accept) (struct socket * sock, 1489 void (*socket_post_accept) (struct socket *sock,
1490 struct socket * newsock); 1490 struct socket *newsock);
1491 int (*socket_sendmsg) (struct socket * sock, 1491 int (*socket_sendmsg) (struct socket *sock,
1492 struct msghdr * msg, int size); 1492 struct msghdr *msg, int size);
1493 int (*socket_recvmsg) (struct socket * sock, 1493 int (*socket_recvmsg) (struct socket *sock,
1494 struct msghdr * msg, int size, int flags); 1494 struct msghdr *msg, int size, int flags);
1495 int (*socket_getsockname) (struct socket * sock); 1495 int (*socket_getsockname) (struct socket *sock);
1496 int (*socket_getpeername) (struct socket * sock); 1496 int (*socket_getpeername) (struct socket *sock);
1497 int (*socket_getsockopt) (struct socket * sock, int level, int optname); 1497 int (*socket_getsockopt) (struct socket *sock, int level, int optname);
1498 int (*socket_setsockopt) (struct socket * sock, int level, int optname); 1498 int (*socket_setsockopt) (struct socket *sock, int level, int optname);
1499 int (*socket_shutdown) (struct socket * sock, int how); 1499 int (*socket_shutdown) (struct socket *sock, int how);
1500 int (*socket_sock_rcv_skb) (struct sock * sk, struct sk_buff * skb); 1500 int (*socket_sock_rcv_skb) (struct sock *sk, struct sk_buff *skb);
1501 int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len); 1501 int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
1502 int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid); 1502 int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
1503 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority); 1503 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
1504 void (*sk_free_security) (struct sock *sk); 1504 void (*sk_free_security) (struct sock *sk);
1505 void (*sk_clone_security) (const struct sock *sk, struct sock *newsk); 1505 void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
1506 void (*sk_getsecid) (struct sock *sk, u32 *secid); 1506 void (*sk_getsecid) (struct sock *sk, u32 *secid);
1507 void (*sock_graft)(struct sock* sk, struct socket *parent); 1507 void (*sock_graft) (struct sock *sk, struct socket *parent);
1508 int (*inet_conn_request)(struct sock *sk, struct sk_buff *skb, 1508 int (*inet_conn_request) (struct sock *sk, struct sk_buff *skb,
1509 struct request_sock *req); 1509 struct request_sock *req);
1510 void (*inet_csk_clone)(struct sock *newsk, const struct request_sock *req); 1510 void (*inet_csk_clone) (struct sock *newsk, const struct request_sock *req);
1511 void (*inet_conn_established)(struct sock *sk, struct sk_buff *skb); 1511 void (*inet_conn_established) (struct sock *sk, struct sk_buff *skb);
1512 void (*req_classify_flow)(const struct request_sock *req, struct flowi *fl); 1512 void (*req_classify_flow) (const struct request_sock *req, struct flowi *fl);
1513#endif /* CONFIG_SECURITY_NETWORK */ 1513#endif /* CONFIG_SECURITY_NETWORK */
1514 1514
1515#ifdef CONFIG_SECURITY_NETWORK_XFRM 1515#ifdef CONFIG_SECURITY_NETWORK_XFRM
@@ -1523,57 +1523,57 @@ struct security_operations {
1523 u32 secid); 1523 u32 secid);
1524 void (*xfrm_state_free_security) (struct xfrm_state *x); 1524 void (*xfrm_state_free_security) (struct xfrm_state *x);
1525 int (*xfrm_state_delete_security) (struct xfrm_state *x); 1525 int (*xfrm_state_delete_security) (struct xfrm_state *x);
1526 int (*xfrm_policy_lookup)(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir); 1526 int (*xfrm_policy_lookup) (struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
1527 int (*xfrm_state_pol_flow_match)(struct xfrm_state *x, 1527 int (*xfrm_state_pol_flow_match) (struct xfrm_state *x,
1528 struct xfrm_policy *xp, struct flowi *fl); 1528 struct xfrm_policy *xp,
1529 int (*xfrm_decode_session)(struct sk_buff *skb, u32 *secid, int ckall); 1529 struct flowi *fl);
1530 int (*xfrm_decode_session) (struct sk_buff *skb, u32 *secid, int ckall);
1530#endif /* CONFIG_SECURITY_NETWORK_XFRM */ 1531#endif /* CONFIG_SECURITY_NETWORK_XFRM */
1531 1532
1532 /* key management security hooks */ 1533 /* key management security hooks */
1533#ifdef CONFIG_KEYS 1534#ifdef CONFIG_KEYS
1534 int (*key_alloc)(struct key *key, struct task_struct *tsk, unsigned long flags); 1535 int (*key_alloc) (struct key *key, struct task_struct *tsk, unsigned long flags);
1535 void (*key_free)(struct key *key); 1536 void (*key_free) (struct key *key);
1536 int (*key_permission)(key_ref_t key_ref, 1537 int (*key_permission) (key_ref_t key_ref,
1537 struct task_struct *context, 1538 struct task_struct *context,
1538 key_perm_t perm); 1539 key_perm_t perm);
1539 1540
1540#endif /* CONFIG_KEYS */ 1541#endif /* CONFIG_KEYS */
1541 1542
1542#ifdef CONFIG_AUDIT 1543#ifdef CONFIG_AUDIT
1543 int (*audit_rule_init)(u32 field, u32 op, char *rulestr, void **lsmrule); 1544 int (*audit_rule_init) (u32 field, u32 op, char *rulestr, void **lsmrule);
1544 int (*audit_rule_known)(struct audit_krule *krule); 1545 int (*audit_rule_known) (struct audit_krule *krule);
1545 int (*audit_rule_match)(u32 secid, u32 field, u32 op, void *lsmrule, 1546 int (*audit_rule_match) (u32 secid, u32 field, u32 op, void *lsmrule,
1546 struct audit_context *actx); 1547 struct audit_context *actx);
1547 void (*audit_rule_free)(void *lsmrule); 1548 void (*audit_rule_free) (void *lsmrule);
1548#endif /* CONFIG_AUDIT */ 1549#endif /* CONFIG_AUDIT */
1549}; 1550};
1550 1551
1551/* prototypes */ 1552/* prototypes */
1552extern int security_init (void); 1553extern int security_init(void);
1553extern int security_module_enable(struct security_operations *ops); 1554extern int security_module_enable(struct security_operations *ops);
1554extern int register_security (struct security_operations *ops); 1555extern int register_security(struct security_operations *ops);
1555extern int mod_reg_security (const char *name, struct security_operations *ops); 1556extern int mod_reg_security(const char *name, struct security_operations *ops);
1556extern struct dentry *securityfs_create_file(const char *name, mode_t mode, 1557extern struct dentry *securityfs_create_file(const char *name, mode_t mode,
1557 struct dentry *parent, void *data, 1558 struct dentry *parent, void *data,
1558 const struct file_operations *fops); 1559 const struct file_operations *fops);
1559extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent); 1560extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
1560extern void securityfs_remove(struct dentry *dentry); 1561extern void securityfs_remove(struct dentry *dentry);
1561 1562
1562
1563/* Security operations */ 1563/* Security operations */
1564int security_ptrace(struct task_struct *parent, struct task_struct *child); 1564int security_ptrace(struct task_struct *parent, struct task_struct *child);
1565int security_capget(struct task_struct *target, 1565int security_capget(struct task_struct *target,
1566 kernel_cap_t *effective, 1566 kernel_cap_t *effective,
1567 kernel_cap_t *inheritable, 1567 kernel_cap_t *inheritable,
1568 kernel_cap_t *permitted); 1568 kernel_cap_t *permitted);
1569int security_capset_check(struct task_struct *target, 1569int security_capset_check(struct task_struct *target,
1570 kernel_cap_t *effective,
1571 kernel_cap_t *inheritable,
1572 kernel_cap_t *permitted);
1573void security_capset_set(struct task_struct *target,
1574 kernel_cap_t *effective, 1570 kernel_cap_t *effective,
1575 kernel_cap_t *inheritable, 1571 kernel_cap_t *inheritable,
1576 kernel_cap_t *permitted); 1572 kernel_cap_t *permitted);
1573void security_capset_set(struct task_struct *target,
1574 kernel_cap_t *effective,
1575 kernel_cap_t *inheritable,
1576 kernel_cap_t *permitted);
1577int security_capable(struct task_struct *tsk, int cap); 1577int security_capable(struct task_struct *tsk, int cap);
1578int security_acct(struct file *file); 1578int security_acct(struct file *file);
1579int security_sysctl(struct ctl_table *table, int op); 1579int security_sysctl(struct ctl_table *table, int op);
@@ -1596,7 +1596,7 @@ int security_sb_copy_data(char *orig, char *copy);
1596int security_sb_kern_mount(struct super_block *sb, void *data); 1596int security_sb_kern_mount(struct super_block *sb, void *data);
1597int security_sb_statfs(struct dentry *dentry); 1597int security_sb_statfs(struct dentry *dentry);
1598int security_sb_mount(char *dev_name, struct path *path, 1598int security_sb_mount(char *dev_name, struct path *path,
1599 char *type, unsigned long flags, void *data); 1599 char *type, unsigned long flags, void *data);
1600int security_sb_check_sb(struct vfsmount *mnt, struct path *path); 1600int security_sb_check_sb(struct vfsmount *mnt, struct path *path);
1601int security_sb_umount(struct vfsmount *mnt, int flags); 1601int security_sb_umount(struct vfsmount *mnt, int flags);
1602void security_sb_umount_close(struct vfsmount *mnt); 1602void security_sb_umount_close(struct vfsmount *mnt);
@@ -1621,12 +1621,12 @@ int security_inode_link(struct dentry *old_dentry, struct inode *dir,
1621 struct dentry *new_dentry); 1621 struct dentry *new_dentry);
1622int security_inode_unlink(struct inode *dir, struct dentry *dentry); 1622int security_inode_unlink(struct inode *dir, struct dentry *dentry);
1623int security_inode_symlink(struct inode *dir, struct dentry *dentry, 1623int security_inode_symlink(struct inode *dir, struct dentry *dentry,
1624 const char *old_name); 1624 const char *old_name);
1625int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode); 1625int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode);
1626int security_inode_rmdir(struct inode *dir, struct dentry *dentry); 1626int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
1627int security_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev); 1627int security_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev);
1628int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, 1628int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
1629 struct inode *new_dir, struct dentry *new_dentry); 1629 struct inode *new_dir, struct dentry *new_dentry);
1630int security_inode_readlink(struct dentry *dentry); 1630int security_inode_readlink(struct dentry *dentry);
1631int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); 1631int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd);
1632int security_inode_permission(struct inode *inode, int mask, struct nameidata *nd); 1632int security_inode_permission(struct inode *inode, int mask, struct nameidata *nd);
@@ -1634,9 +1634,9 @@ int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
1634int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); 1634int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry);
1635void security_inode_delete(struct inode *inode); 1635void security_inode_delete(struct inode *inode);
1636int security_inode_setxattr(struct dentry *dentry, char *name, 1636int security_inode_setxattr(struct dentry *dentry, char *name,
1637 void *value, size_t size, int flags); 1637 void *value, size_t size, int flags);
1638void security_inode_post_setxattr(struct dentry *dentry, char *name, 1638void security_inode_post_setxattr(struct dentry *dentry, char *name,
1639 void *value, size_t size, int flags); 1639 void *value, size_t size, int flags);
1640int security_inode_getxattr(struct dentry *dentry, char *name); 1640int security_inode_getxattr(struct dentry *dentry, char *name);
1641int security_inode_listxattr(struct dentry *dentry); 1641int security_inode_listxattr(struct dentry *dentry);
1642int security_inode_removexattr(struct dentry *dentry, char *name); 1642int security_inode_removexattr(struct dentry *dentry, char *name);
@@ -1654,12 +1654,12 @@ int security_file_mmap(struct file *file, unsigned long reqprot,
1654 unsigned long prot, unsigned long flags, 1654 unsigned long prot, unsigned long flags,
1655 unsigned long addr, unsigned long addr_only); 1655 unsigned long addr, unsigned long addr_only);
1656int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, 1656int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
1657 unsigned long prot); 1657 unsigned long prot);
1658int security_file_lock(struct file *file, unsigned int cmd); 1658int security_file_lock(struct file *file, unsigned int cmd);
1659int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg); 1659int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
1660int security_file_set_fowner(struct file *file); 1660int security_file_set_fowner(struct file *file);
1661int security_file_send_sigiotask(struct task_struct *tsk, 1661int security_file_send_sigiotask(struct task_struct *tsk,
1662 struct fown_struct *fown, int sig); 1662 struct fown_struct *fown, int sig);
1663int security_file_receive(struct file *file); 1663int security_file_receive(struct file *file);
1664int security_dentry_open(struct file *file); 1664int security_dentry_open(struct file *file);
1665int security_task_create(unsigned long clone_flags); 1665int security_task_create(unsigned long clone_flags);
@@ -1667,7 +1667,7 @@ int security_task_alloc(struct task_struct *p);
1667void security_task_free(struct task_struct *p); 1667void security_task_free(struct task_struct *p);
1668int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); 1668int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags);
1669int security_task_post_setuid(uid_t old_ruid, uid_t old_euid, 1669int security_task_post_setuid(uid_t old_ruid, uid_t old_euid,
1670 uid_t old_suid, int flags); 1670 uid_t old_suid, int flags);
1671int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); 1671int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags);
1672int security_task_setpgid(struct task_struct *p, pid_t pgid); 1672int security_task_setpgid(struct task_struct *p, pid_t pgid);
1673int security_task_getpgid(struct task_struct *p); 1673int security_task_getpgid(struct task_struct *p);
@@ -1698,9 +1698,9 @@ void security_msg_queue_free(struct msg_queue *msq);
1698int security_msg_queue_associate(struct msg_queue *msq, int msqflg); 1698int security_msg_queue_associate(struct msg_queue *msq, int msqflg);
1699int security_msg_queue_msgctl(struct msg_queue *msq, int cmd); 1699int security_msg_queue_msgctl(struct msg_queue *msq, int cmd);
1700int security_msg_queue_msgsnd(struct msg_queue *msq, 1700int security_msg_queue_msgsnd(struct msg_queue *msq,
1701 struct msg_msg *msg, int msqflg); 1701 struct msg_msg *msg, int msqflg);
1702int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, 1702int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
1703 struct task_struct *target, long type, int mode); 1703 struct task_struct *target, long type, int mode);
1704int security_shm_alloc(struct shmid_kernel *shp); 1704int security_shm_alloc(struct shmid_kernel *shp);
1705void security_shm_free(struct shmid_kernel *shp); 1705void security_shm_free(struct shmid_kernel *shp);
1706int security_shm_associate(struct shmid_kernel *shp, int shmflg); 1706int security_shm_associate(struct shmid_kernel *shp, int shmflg);
@@ -1712,7 +1712,7 @@ int security_sem_associate(struct sem_array *sma, int semflg);
1712int security_sem_semctl(struct sem_array *sma, int cmd); 1712int security_sem_semctl(struct sem_array *sma, int cmd);
1713int security_sem_semop(struct sem_array *sma, struct sembuf *sops, 1713int security_sem_semop(struct sem_array *sma, struct sembuf *sops,
1714 unsigned nsops, int alter); 1714 unsigned nsops, int alter);
1715void security_d_instantiate (struct dentry *dentry, struct inode *inode); 1715void security_d_instantiate(struct dentry *dentry, struct inode *inode);
1716int security_getprocattr(struct task_struct *p, char *name, char **value); 1716int security_getprocattr(struct task_struct *p, char *name, char **value);
1717int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size); 1717int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size);
1718int security_netlink_send(struct sock *sk, struct sk_buff *skb); 1718int security_netlink_send(struct sock *sk, struct sk_buff *skb);
@@ -1743,33 +1743,33 @@ static inline int security_init(void)
1743 return 0; 1743 return 0;
1744} 1744}
1745 1745
1746static inline int security_ptrace (struct task_struct *parent, struct task_struct * child) 1746static inline int security_ptrace(struct task_struct *parent, struct task_struct *child)
1747{ 1747{
1748 return cap_ptrace (parent, child); 1748 return cap_ptrace(parent, child);
1749} 1749}
1750 1750
1751static inline int security_capget (struct task_struct *target, 1751static inline int security_capget(struct task_struct *target,
1752 kernel_cap_t *effective, 1752 kernel_cap_t *effective,
1753 kernel_cap_t *inheritable, 1753 kernel_cap_t *inheritable,
1754 kernel_cap_t *permitted) 1754 kernel_cap_t *permitted)
1755{ 1755{
1756 return cap_capget (target, effective, inheritable, permitted); 1756 return cap_capget(target, effective, inheritable, permitted);
1757} 1757}
1758 1758
1759static inline int security_capset_check (struct task_struct *target, 1759static inline int security_capset_check(struct task_struct *target,
1760 kernel_cap_t *effective, 1760 kernel_cap_t *effective,
1761 kernel_cap_t *inheritable, 1761 kernel_cap_t *inheritable,
1762 kernel_cap_t *permitted) 1762 kernel_cap_t *permitted)
1763{ 1763{
1764 return cap_capset_check (target, effective, inheritable, permitted); 1764 return cap_capset_check(target, effective, inheritable, permitted);
1765} 1765}
1766 1766
1767static inline void security_capset_set (struct task_struct *target, 1767static inline void security_capset_set(struct task_struct *target,
1768 kernel_cap_t *effective, 1768 kernel_cap_t *effective,
1769 kernel_cap_t *inheritable, 1769 kernel_cap_t *inheritable,
1770 kernel_cap_t *permitted) 1770 kernel_cap_t *permitted)
1771{ 1771{
1772 cap_capset_set (target, effective, inheritable, permitted); 1772 cap_capset_set(target, effective, inheritable, permitted);
1773} 1773}
1774 1774
1775static inline int security_capable(struct task_struct *tsk, int cap) 1775static inline int security_capable(struct task_struct *tsk, int cap)
@@ -1777,7 +1777,7 @@ static inline int security_capable(struct task_struct *tsk, int cap)
1777 return cap_capable(tsk, cap); 1777 return cap_capable(tsk, cap);
1778} 1778}
1779 1779
1780static inline int security_acct (struct file *file) 1780static inline int security_acct(struct file *file)
1781{ 1781{
1782 return 0; 1782 return 0;
1783} 1783}
@@ -1787,13 +1787,13 @@ static inline int security_sysctl(struct ctl_table *table, int op)
1787 return 0; 1787 return 0;
1788} 1788}
1789 1789
1790static inline int security_quotactl (int cmds, int type, int id, 1790static inline int security_quotactl(int cmds, int type, int id,
1791 struct super_block * sb) 1791 struct super_block *sb)
1792{ 1792{
1793 return 0; 1793 return 0;
1794} 1794}
1795 1795
1796static inline int security_quota_on (struct dentry * dentry) 1796static inline int security_quota_on(struct dentry *dentry)
1797{ 1797{
1798 return 0; 1798 return 0;
1799} 1799}
@@ -1818,102 +1818,102 @@ static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
1818 return cap_vm_enough_memory(mm, pages); 1818 return cap_vm_enough_memory(mm, pages);
1819} 1819}
1820 1820
1821static inline int security_bprm_alloc (struct linux_binprm *bprm) 1821static inline int security_bprm_alloc(struct linux_binprm *bprm)
1822{ 1822{
1823 return 0; 1823 return 0;
1824} 1824}
1825 1825
1826static inline void security_bprm_free (struct linux_binprm *bprm) 1826static inline void security_bprm_free(struct linux_binprm *bprm)
1827{ } 1827{ }
1828 1828
1829static inline void security_bprm_apply_creds (struct linux_binprm *bprm, int unsafe) 1829static inline void security_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
1830{ 1830{
1831 cap_bprm_apply_creds (bprm, unsafe); 1831 cap_bprm_apply_creds(bprm, unsafe);
1832} 1832}
1833 1833
1834static inline void security_bprm_post_apply_creds (struct linux_binprm *bprm) 1834static inline void security_bprm_post_apply_creds(struct linux_binprm *bprm)
1835{ 1835{
1836 return; 1836 return;
1837} 1837}
1838 1838
1839static inline int security_bprm_set (struct linux_binprm *bprm) 1839static inline int security_bprm_set(struct linux_binprm *bprm)
1840{ 1840{
1841 return cap_bprm_set_security (bprm); 1841 return cap_bprm_set_security(bprm);
1842} 1842}
1843 1843
1844static inline int security_bprm_check (struct linux_binprm *bprm) 1844static inline int security_bprm_check(struct linux_binprm *bprm)
1845{ 1845{
1846 return 0; 1846 return 0;
1847} 1847}
1848 1848
1849static inline int security_bprm_secureexec (struct linux_binprm *bprm) 1849static inline int security_bprm_secureexec(struct linux_binprm *bprm)
1850{ 1850{
1851 return cap_bprm_secureexec(bprm); 1851 return cap_bprm_secureexec(bprm);
1852} 1852}
1853 1853
1854static inline int security_sb_alloc (struct super_block *sb) 1854static inline int security_sb_alloc(struct super_block *sb)
1855{ 1855{
1856 return 0; 1856 return 0;
1857} 1857}
1858 1858
1859static inline void security_sb_free (struct super_block *sb) 1859static inline void security_sb_free(struct super_block *sb)
1860{ } 1860{ }
1861 1861
1862static inline int security_sb_copy_data (char *orig, char *copy) 1862static inline int security_sb_copy_data(char *orig, char *copy)
1863{ 1863{
1864 return 0; 1864 return 0;
1865} 1865}
1866 1866
1867static inline int security_sb_kern_mount (struct super_block *sb, void *data) 1867static inline int security_sb_kern_mount(struct super_block *sb, void *data)
1868{ 1868{
1869 return 0; 1869 return 0;
1870} 1870}
1871 1871
1872static inline int security_sb_statfs (struct dentry *dentry) 1872static inline int security_sb_statfs(struct dentry *dentry)
1873{ 1873{
1874 return 0; 1874 return 0;
1875} 1875}
1876 1876
1877static inline int security_sb_mount (char *dev_name, struct path *path, 1877static inline int security_sb_mount(char *dev_name, struct path *path,
1878 char *type, unsigned long flags, 1878 char *type, unsigned long flags,
1879 void *data) 1879 void *data)
1880{ 1880{
1881 return 0; 1881 return 0;
1882} 1882}
1883 1883
1884static inline int security_sb_check_sb (struct vfsmount *mnt, 1884static inline int security_sb_check_sb(struct vfsmount *mnt,
1885 struct path *path) 1885 struct path *path)
1886{ 1886{
1887 return 0; 1887 return 0;
1888} 1888}
1889 1889
1890static inline int security_sb_umount (struct vfsmount *mnt, int flags) 1890static inline int security_sb_umount(struct vfsmount *mnt, int flags)
1891{ 1891{
1892 return 0; 1892 return 0;
1893} 1893}
1894 1894
1895static inline void security_sb_umount_close (struct vfsmount *mnt) 1895static inline void security_sb_umount_close(struct vfsmount *mnt)
1896{ } 1896{ }
1897 1897
1898static inline void security_sb_umount_busy (struct vfsmount *mnt) 1898static inline void security_sb_umount_busy(struct vfsmount *mnt)
1899{ } 1899{ }
1900 1900
1901static inline void security_sb_post_remount (struct vfsmount *mnt, 1901static inline void security_sb_post_remount(struct vfsmount *mnt,
1902 unsigned long flags, void *data) 1902 unsigned long flags, void *data)
1903{ } 1903{ }
1904 1904
1905static inline void security_sb_post_addmount (struct vfsmount *mnt, 1905static inline void security_sb_post_addmount(struct vfsmount *mnt,
1906 struct path *mountpoint) 1906 struct path *mountpoint)
1907{ } 1907{ }
1908 1908
1909static inline int security_sb_pivotroot (struct path *old_path, 1909static inline int security_sb_pivotroot(struct path *old_path,
1910 struct path *new_path) 1910 struct path *new_path)
1911{ 1911{
1912 return 0; 1912 return 0;
1913} 1913}
1914 1914
1915static inline void security_sb_post_pivotroot (struct path *old_path, 1915static inline void security_sb_post_pivotroot(struct path *old_path,
1916 struct path *new_path) 1916 struct path *new_path)
1917{ } 1917{ }
1918static inline int security_sb_get_mnt_opts(const struct super_block *sb, 1918static inline int security_sb_get_mnt_opts(const struct super_block *sb,
1919 struct security_mnt_opts *opts) 1919 struct security_mnt_opts *opts)
@@ -1937,15 +1937,15 @@ static inline int security_sb_parse_opts_str(char *options, struct security_mnt_
1937 return 0; 1937 return 0;
1938} 1938}
1939 1939
1940static inline int security_inode_alloc (struct inode *inode) 1940static inline int security_inode_alloc(struct inode *inode)
1941{ 1941{
1942 return 0; 1942 return 0;
1943} 1943}
1944 1944
1945static inline void security_inode_free (struct inode *inode) 1945static inline void security_inode_free(struct inode *inode)
1946{ } 1946{ }
1947 1947
1948static inline int security_inode_init_security (struct inode *inode, 1948static inline int security_inode_init_security(struct inode *inode,
1949 struct inode *dir, 1949 struct inode *dir,
1950 char **name, 1950 char **name,
1951 void **value, 1951 void **value,
@@ -1953,55 +1953,55 @@ static inline int security_inode_init_security (struct inode *inode,
1953{ 1953{
1954 return -EOPNOTSUPP; 1954 return -EOPNOTSUPP;
1955} 1955}
1956 1956
1957static inline int security_inode_create (struct inode *dir, 1957static inline int security_inode_create(struct inode *dir,
1958 struct dentry *dentry, 1958 struct dentry *dentry,
1959 int mode) 1959 int mode)
1960{ 1960{
1961 return 0; 1961 return 0;
1962} 1962}
1963 1963
1964static inline int security_inode_link (struct dentry *old_dentry, 1964static inline int security_inode_link(struct dentry *old_dentry,
1965 struct inode *dir, 1965 struct inode *dir,
1966 struct dentry *new_dentry) 1966 struct dentry *new_dentry)
1967{ 1967{
1968 return 0; 1968 return 0;
1969} 1969}
1970 1970
1971static inline int security_inode_unlink (struct inode *dir, 1971static inline int security_inode_unlink(struct inode *dir,
1972 struct dentry *dentry) 1972 struct dentry *dentry)
1973{ 1973{
1974 return 0; 1974 return 0;
1975} 1975}
1976 1976
1977static inline int security_inode_symlink (struct inode *dir, 1977static inline int security_inode_symlink(struct inode *dir,
1978 struct dentry *dentry, 1978 struct dentry *dentry,
1979 const char *old_name) 1979 const char *old_name)
1980{ 1980{
1981 return 0; 1981 return 0;
1982} 1982}
1983 1983
1984static inline int security_inode_mkdir (struct inode *dir, 1984static inline int security_inode_mkdir(struct inode *dir,
1985 struct dentry *dentry, 1985 struct dentry *dentry,
1986 int mode) 1986 int mode)
1987{ 1987{
1988 return 0; 1988 return 0;
1989} 1989}
1990 1990
1991static inline int security_inode_rmdir (struct inode *dir, 1991static inline int security_inode_rmdir(struct inode *dir,
1992 struct dentry *dentry) 1992 struct dentry *dentry)
1993{ 1993{
1994 return 0; 1994 return 0;
1995} 1995}
1996 1996
1997static inline int security_inode_mknod (struct inode *dir, 1997static inline int security_inode_mknod(struct inode *dir,
1998 struct dentry *dentry, 1998 struct dentry *dentry,
1999 int mode, dev_t dev) 1999 int mode, dev_t dev)
2000{ 2000{
2001 return 0; 2001 return 0;
2002} 2002}
2003 2003
2004static inline int security_inode_rename (struct inode *old_dir, 2004static inline int security_inode_rename(struct inode *old_dir,
2005 struct dentry *old_dentry, 2005 struct dentry *old_dentry,
2006 struct inode *new_dir, 2006 struct inode *new_dir,
2007 struct dentry *new_dentry) 2007 struct dentry *new_dentry)
@@ -2009,59 +2009,59 @@ static inline int security_inode_rename (struct inode *old_dir,
2009 return 0; 2009 return 0;
2010} 2010}
2011 2011
2012static inline int security_inode_readlink (struct dentry *dentry) 2012static inline int security_inode_readlink(struct dentry *dentry)
2013{ 2013{
2014 return 0; 2014 return 0;
2015} 2015}
2016 2016
2017static inline int security_inode_follow_link (struct dentry *dentry, 2017static inline int security_inode_follow_link(struct dentry *dentry,
2018 struct nameidata *nd) 2018 struct nameidata *nd)
2019{ 2019{
2020 return 0; 2020 return 0;
2021} 2021}
2022 2022
2023static inline int security_inode_permission (struct inode *inode, int mask, 2023static inline int security_inode_permission(struct inode *inode, int mask,
2024 struct nameidata *nd) 2024 struct nameidata *nd)
2025{ 2025{
2026 return 0; 2026 return 0;
2027} 2027}
2028 2028
2029static inline int security_inode_setattr (struct dentry *dentry, 2029static inline int security_inode_setattr(struct dentry *dentry,
2030 struct iattr *attr) 2030 struct iattr *attr)
2031{ 2031{
2032 return 0; 2032 return 0;
2033} 2033}
2034 2034
2035static inline int security_inode_getattr (struct vfsmount *mnt, 2035static inline int security_inode_getattr(struct vfsmount *mnt,
2036 struct dentry *dentry) 2036 struct dentry *dentry)
2037{ 2037{
2038 return 0; 2038 return 0;
2039} 2039}
2040 2040
2041static inline void security_inode_delete (struct inode *inode) 2041static inline void security_inode_delete(struct inode *inode)
2042{ } 2042{ }
2043 2043
2044static inline int security_inode_setxattr (struct dentry *dentry, char *name, 2044static inline int security_inode_setxattr(struct dentry *dentry, char *name,
2045 void *value, size_t size, int flags) 2045 void *value, size_t size, int flags)
2046{ 2046{
2047 return cap_inode_setxattr(dentry, name, value, size, flags); 2047 return cap_inode_setxattr(dentry, name, value, size, flags);
2048} 2048}
2049 2049
2050static inline void security_inode_post_setxattr (struct dentry *dentry, char *name, 2050static inline void security_inode_post_setxattr(struct dentry *dentry, char *name,
2051 void *value, size_t size, int flags) 2051 void *value, size_t size, int flags)
2052{ } 2052{ }
2053 2053
2054static inline int security_inode_getxattr (struct dentry *dentry, char *name) 2054static inline int security_inode_getxattr(struct dentry *dentry, char *name)
2055{ 2055{
2056 return 0; 2056 return 0;
2057} 2057}
2058 2058
2059static inline int security_inode_listxattr (struct dentry *dentry) 2059static inline int security_inode_listxattr(struct dentry *dentry)
2060{ 2060{
2061 return 0; 2061 return 0;
2062} 2062}
2063 2063
2064static inline int security_inode_removexattr (struct dentry *dentry, char *name) 2064static inline int security_inode_removexattr(struct dentry *dentry, char *name)
2065{ 2065{
2066 return cap_inode_removexattr(dentry, name); 2066 return cap_inode_removexattr(dentry, name);
2067} 2067}
@@ -2096,198 +2096,198 @@ static inline void security_inode_getsecid(const struct inode *inode, u32 *secid
2096 *secid = 0; 2096 *secid = 0;
2097} 2097}
2098 2098
2099static inline int security_file_permission (struct file *file, int mask) 2099static inline int security_file_permission(struct file *file, int mask)
2100{ 2100{
2101 return 0; 2101 return 0;
2102} 2102}
2103 2103
2104static inline int security_file_alloc (struct file *file) 2104static inline int security_file_alloc(struct file *file)
2105{ 2105{
2106 return 0; 2106 return 0;
2107} 2107}
2108 2108
2109static inline void security_file_free (struct file *file) 2109static inline void security_file_free(struct file *file)
2110{ } 2110{ }
2111 2111
2112static inline int security_file_ioctl (struct file *file, unsigned int cmd, 2112static inline int security_file_ioctl(struct file *file, unsigned int cmd,
2113 unsigned long arg) 2113 unsigned long arg)
2114{ 2114{
2115 return 0; 2115 return 0;
2116} 2116}
2117 2117
2118static inline int security_file_mmap (struct file *file, unsigned long reqprot, 2118static inline int security_file_mmap(struct file *file, unsigned long reqprot,
2119 unsigned long prot, 2119 unsigned long prot,
2120 unsigned long flags, 2120 unsigned long flags,
2121 unsigned long addr, 2121 unsigned long addr,
2122 unsigned long addr_only) 2122 unsigned long addr_only)
2123{ 2123{
2124 return 0; 2124 return 0;
2125} 2125}
2126 2126
2127static inline int security_file_mprotect (struct vm_area_struct *vma, 2127static inline int security_file_mprotect(struct vm_area_struct *vma,
2128 unsigned long reqprot, 2128 unsigned long reqprot,
2129 unsigned long prot) 2129 unsigned long prot)
2130{ 2130{
2131 return 0; 2131 return 0;
2132} 2132}
2133 2133
2134static inline int security_file_lock (struct file *file, unsigned int cmd) 2134static inline int security_file_lock(struct file *file, unsigned int cmd)
2135{ 2135{
2136 return 0; 2136 return 0;
2137} 2137}
2138 2138
2139static inline int security_file_fcntl (struct file *file, unsigned int cmd, 2139static inline int security_file_fcntl(struct file *file, unsigned int cmd,
2140 unsigned long arg) 2140 unsigned long arg)
2141{ 2141{
2142 return 0; 2142 return 0;
2143} 2143}
2144 2144
2145static inline int security_file_set_fowner (struct file *file) 2145static inline int security_file_set_fowner(struct file *file)
2146{ 2146{
2147 return 0; 2147 return 0;
2148} 2148}
2149 2149
2150static inline int security_file_send_sigiotask (struct task_struct *tsk, 2150static inline int security_file_send_sigiotask(struct task_struct *tsk,
2151 struct fown_struct *fown, 2151 struct fown_struct *fown,
2152 int sig) 2152 int sig)
2153{ 2153{
2154 return 0; 2154 return 0;
2155} 2155}
2156 2156
2157static inline int security_file_receive (struct file *file) 2157static inline int security_file_receive(struct file *file)
2158{ 2158{
2159 return 0; 2159 return 0;
2160} 2160}
2161 2161
2162static inline int security_dentry_open (struct file *file) 2162static inline int security_dentry_open(struct file *file)
2163{ 2163{
2164 return 0; 2164 return 0;
2165} 2165}
2166 2166
2167static inline int security_task_create (unsigned long clone_flags) 2167static inline int security_task_create(unsigned long clone_flags)
2168{ 2168{
2169 return 0; 2169 return 0;
2170} 2170}
2171 2171
2172static inline int security_task_alloc (struct task_struct *p) 2172static inline int security_task_alloc(struct task_struct *p)
2173{ 2173{
2174 return 0; 2174 return 0;
2175} 2175}
2176 2176
2177static inline void security_task_free (struct task_struct *p) 2177static inline void security_task_free(struct task_struct *p)
2178{ } 2178{ }
2179 2179
2180static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2, 2180static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2,
2181 int flags) 2181 int flags)
2182{ 2182{
2183 return 0; 2183 return 0;
2184} 2184}
2185 2185
2186static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid, 2186static inline int security_task_post_setuid(uid_t old_ruid, uid_t old_euid,
2187 uid_t old_suid, int flags) 2187 uid_t old_suid, int flags)
2188{ 2188{
2189 return cap_task_post_setuid (old_ruid, old_euid, old_suid, flags); 2189 return cap_task_post_setuid(old_ruid, old_euid, old_suid, flags);
2190} 2190}
2191 2191
2192static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2, 2192static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2,
2193 int flags) 2193 int flags)
2194{ 2194{
2195 return 0; 2195 return 0;
2196} 2196}
2197 2197
2198static inline int security_task_setpgid (struct task_struct *p, pid_t pgid) 2198static inline int security_task_setpgid(struct task_struct *p, pid_t pgid)
2199{ 2199{
2200 return 0; 2200 return 0;
2201} 2201}
2202 2202
2203static inline int security_task_getpgid (struct task_struct *p) 2203static inline int security_task_getpgid(struct task_struct *p)
2204{ 2204{
2205 return 0; 2205 return 0;
2206} 2206}
2207 2207
2208static inline int security_task_getsid (struct task_struct *p) 2208static inline int security_task_getsid(struct task_struct *p)
2209{ 2209{
2210 return 0; 2210 return 0;
2211} 2211}
2212 2212
2213static inline void security_task_getsecid (struct task_struct *p, u32 *secid) 2213static inline void security_task_getsecid(struct task_struct *p, u32 *secid)
2214{ 2214{
2215 *secid = 0; 2215 *secid = 0;
2216} 2216}
2217 2217
2218static inline int security_task_setgroups (struct group_info *group_info) 2218static inline int security_task_setgroups(struct group_info *group_info)
2219{ 2219{
2220 return 0; 2220 return 0;
2221} 2221}
2222 2222
2223static inline int security_task_setnice (struct task_struct *p, int nice) 2223static inline int security_task_setnice(struct task_struct *p, int nice)
2224{ 2224{
2225 return cap_task_setnice(p, nice); 2225 return cap_task_setnice(p, nice);
2226} 2226}
2227 2227
2228static inline int security_task_setioprio (struct task_struct *p, int ioprio) 2228static inline int security_task_setioprio(struct task_struct *p, int ioprio)
2229{ 2229{
2230 return cap_task_setioprio(p, ioprio); 2230 return cap_task_setioprio(p, ioprio);
2231} 2231}
2232 2232
2233static inline int security_task_getioprio (struct task_struct *p) 2233static inline int security_task_getioprio(struct task_struct *p)
2234{ 2234{
2235 return 0; 2235 return 0;
2236} 2236}
2237 2237
2238static inline int security_task_setrlimit (unsigned int resource, 2238static inline int security_task_setrlimit(unsigned int resource,
2239 struct rlimit *new_rlim) 2239 struct rlimit *new_rlim)
2240{ 2240{
2241 return 0; 2241 return 0;
2242} 2242}
2243 2243
2244static inline int security_task_setscheduler (struct task_struct *p, 2244static inline int security_task_setscheduler(struct task_struct *p,
2245 int policy, 2245 int policy,
2246 struct sched_param *lp) 2246 struct sched_param *lp)
2247{ 2247{
2248 return cap_task_setscheduler(p, policy, lp); 2248 return cap_task_setscheduler(p, policy, lp);
2249} 2249}
2250 2250
2251static inline int security_task_getscheduler (struct task_struct *p) 2251static inline int security_task_getscheduler(struct task_struct *p)
2252{ 2252{
2253 return 0; 2253 return 0;
2254} 2254}
2255 2255
2256static inline int security_task_movememory (struct task_struct *p) 2256static inline int security_task_movememory(struct task_struct *p)
2257{ 2257{
2258 return 0; 2258 return 0;
2259} 2259}
2260 2260
2261static inline int security_task_kill (struct task_struct *p, 2261static inline int security_task_kill(struct task_struct *p,
2262 struct siginfo *info, int sig, 2262 struct siginfo *info, int sig,
2263 u32 secid) 2263 u32 secid)
2264{ 2264{
2265 return 0; 2265 return 0;
2266} 2266}
2267 2267
2268static inline int security_task_wait (struct task_struct *p) 2268static inline int security_task_wait(struct task_struct *p)
2269{ 2269{
2270 return 0; 2270 return 0;
2271} 2271}
2272 2272
2273static inline int security_task_prctl (int option, unsigned long arg2, 2273static inline int security_task_prctl(int option, unsigned long arg2,
2274 unsigned long arg3, 2274 unsigned long arg3,
2275 unsigned long arg4, 2275 unsigned long arg4,
2276 unsigned long arg5, long *rc_p) 2276 unsigned long arg5, long *rc_p)
2277{ 2277{
2278 return cap_task_prctl(option, arg2, arg3, arg3, arg5, rc_p); 2278 return cap_task_prctl(option, arg2, arg3, arg3, arg5, rc_p);
2279} 2279}
2280 2280
2281static inline void security_task_reparent_to_init (struct task_struct *p) 2281static inline void security_task_reparent_to_init(struct task_struct *p)
2282{ 2282{
2283 cap_task_reparent_to_init (p); 2283 cap_task_reparent_to_init(p);
2284} 2284}
2285 2285
2286static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) 2286static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
2287{ } 2287{ }
2288 2288
2289static inline int security_ipc_permission (struct kern_ipc_perm *ipcp, 2289static inline int security_ipc_permission(struct kern_ipc_perm *ipcp,
2290 short flag) 2290 short flag)
2291{ 2291{
2292 return 0; 2292 return 0;
2293} 2293}
@@ -2297,98 +2297,98 @@ static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
2297 *secid = 0; 2297 *secid = 0;
2298} 2298}
2299 2299
2300static inline int security_msg_msg_alloc (struct msg_msg * msg) 2300static inline int security_msg_msg_alloc(struct msg_msg *msg)
2301{ 2301{
2302 return 0; 2302 return 0;
2303} 2303}
2304 2304
2305static inline void security_msg_msg_free (struct msg_msg * msg) 2305static inline void security_msg_msg_free(struct msg_msg *msg)
2306{ } 2306{ }
2307 2307
2308static inline int security_msg_queue_alloc (struct msg_queue *msq) 2308static inline int security_msg_queue_alloc(struct msg_queue *msq)
2309{ 2309{
2310 return 0; 2310 return 0;
2311} 2311}
2312 2312
2313static inline void security_msg_queue_free (struct msg_queue *msq) 2313static inline void security_msg_queue_free(struct msg_queue *msq)
2314{ } 2314{ }
2315 2315
2316static inline int security_msg_queue_associate (struct msg_queue * msq, 2316static inline int security_msg_queue_associate(struct msg_queue *msq,
2317 int msqflg) 2317 int msqflg)
2318{ 2318{
2319 return 0; 2319 return 0;
2320} 2320}
2321 2321
2322static inline int security_msg_queue_msgctl (struct msg_queue * msq, int cmd) 2322static inline int security_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2323{ 2323{
2324 return 0; 2324 return 0;
2325} 2325}
2326 2326
2327static inline int security_msg_queue_msgsnd (struct msg_queue * msq, 2327static inline int security_msg_queue_msgsnd(struct msg_queue *msq,
2328 struct msg_msg * msg, int msqflg) 2328 struct msg_msg *msg, int msqflg)
2329{ 2329{
2330 return 0; 2330 return 0;
2331} 2331}
2332 2332
2333static inline int security_msg_queue_msgrcv (struct msg_queue * msq, 2333static inline int security_msg_queue_msgrcv(struct msg_queue *msq,
2334 struct msg_msg * msg, 2334 struct msg_msg *msg,
2335 struct task_struct * target, 2335 struct task_struct *target,
2336 long type, int mode) 2336 long type, int mode)
2337{ 2337{
2338 return 0; 2338 return 0;
2339} 2339}
2340 2340
2341static inline int security_shm_alloc (struct shmid_kernel *shp) 2341static inline int security_shm_alloc(struct shmid_kernel *shp)
2342{ 2342{
2343 return 0; 2343 return 0;
2344} 2344}
2345 2345
2346static inline void security_shm_free (struct shmid_kernel *shp) 2346static inline void security_shm_free(struct shmid_kernel *shp)
2347{ } 2347{ }
2348 2348
2349static inline int security_shm_associate (struct shmid_kernel * shp, 2349static inline int security_shm_associate(struct shmid_kernel *shp,
2350 int shmflg) 2350 int shmflg)
2351{ 2351{
2352 return 0; 2352 return 0;
2353} 2353}
2354 2354
2355static inline int security_shm_shmctl (struct shmid_kernel * shp, int cmd) 2355static inline int security_shm_shmctl(struct shmid_kernel *shp, int cmd)
2356{ 2356{
2357 return 0; 2357 return 0;
2358} 2358}
2359 2359
2360static inline int security_shm_shmat (struct shmid_kernel * shp, 2360static inline int security_shm_shmat(struct shmid_kernel *shp,
2361 char __user *shmaddr, int shmflg) 2361 char __user *shmaddr, int shmflg)
2362{ 2362{
2363 return 0; 2363 return 0;
2364} 2364}
2365 2365
2366static inline int security_sem_alloc (struct sem_array *sma) 2366static inline int security_sem_alloc(struct sem_array *sma)
2367{ 2367{
2368 return 0; 2368 return 0;
2369} 2369}
2370 2370
2371static inline void security_sem_free (struct sem_array *sma) 2371static inline void security_sem_free(struct sem_array *sma)
2372{ } 2372{ }
2373 2373
2374static inline int security_sem_associate (struct sem_array * sma, int semflg) 2374static inline int security_sem_associate(struct sem_array *sma, int semflg)
2375{ 2375{
2376 return 0; 2376 return 0;
2377} 2377}
2378 2378
2379static inline int security_sem_semctl (struct sem_array * sma, int cmd) 2379static inline int security_sem_semctl(struct sem_array *sma, int cmd)
2380{ 2380{
2381 return 0; 2381 return 0;
2382} 2382}
2383 2383
2384static inline int security_sem_semop (struct sem_array * sma, 2384static inline int security_sem_semop(struct sem_array *sma,
2385 struct sembuf * sops, unsigned nsops, 2385 struct sembuf *sops, unsigned nsops,
2386 int alter) 2386 int alter)
2387{ 2387{
2388 return 0; 2388 return 0;
2389} 2389}
2390 2390
2391static inline void security_d_instantiate (struct dentry *dentry, struct inode *inode) 2391static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode)
2392{ } 2392{ }
2393 2393
2394static inline int security_getprocattr(struct task_struct *p, char *name, char **value) 2394static inline int security_getprocattr(struct task_struct *p, char *name, char **value)
@@ -2401,14 +2401,14 @@ static inline int security_setprocattr(struct task_struct *p, char *name, void *
2401 return -EINVAL; 2401 return -EINVAL;
2402} 2402}
2403 2403
2404static inline int security_netlink_send (struct sock *sk, struct sk_buff *skb) 2404static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb)
2405{ 2405{
2406 return cap_netlink_send (sk, skb); 2406 return cap_netlink_send(sk, skb);
2407} 2407}
2408 2408
2409static inline int security_netlink_recv (struct sk_buff *skb, int cap) 2409static inline int security_netlink_recv(struct sk_buff *skb, int cap)
2410{ 2410{
2411 return cap_netlink_recv (skb, cap); 2411 return cap_netlink_recv(skb, cap);
2412} 2412}
2413 2413
2414static inline struct dentry *securityfs_create_dir(const char *name, 2414static inline struct dentry *securityfs_create_dir(const char *name,
@@ -2486,26 +2486,26 @@ void security_inet_conn_established(struct sock *sk,
2486 struct sk_buff *skb); 2486 struct sk_buff *skb);
2487 2487
2488#else /* CONFIG_SECURITY_NETWORK */ 2488#else /* CONFIG_SECURITY_NETWORK */
2489static inline int security_unix_stream_connect(struct socket * sock, 2489static inline int security_unix_stream_connect(struct socket *sock,
2490 struct socket * other, 2490 struct socket *other,
2491 struct sock * newsk) 2491 struct sock *newsk)
2492{ 2492{
2493 return 0; 2493 return 0;
2494} 2494}
2495 2495
2496static inline int security_unix_may_send(struct socket * sock, 2496static inline int security_unix_may_send(struct socket *sock,
2497 struct socket * other) 2497 struct socket *other)
2498{ 2498{
2499 return 0; 2499 return 0;
2500} 2500}
2501 2501
2502static inline int security_socket_create (int family, int type, 2502static inline int security_socket_create(int family, int type,
2503 int protocol, int kern) 2503 int protocol, int kern)
2504{ 2504{
2505 return 0; 2505 return 0;
2506} 2506}
2507 2507
2508static inline int security_socket_post_create(struct socket * sock, 2508static inline int security_socket_post_create(struct socket *sock,
2509 int family, 2509 int family,
2510 int type, 2510 int type,
2511 int protocol, int kern) 2511 int protocol, int kern)
@@ -2513,77 +2513,77 @@ static inline int security_socket_post_create(struct socket * sock,
2513 return 0; 2513 return 0;
2514} 2514}
2515 2515
2516static inline int security_socket_bind(struct socket * sock, 2516static inline int security_socket_bind(struct socket *sock,
2517 struct sockaddr * address, 2517 struct sockaddr *address,
2518 int addrlen) 2518 int addrlen)
2519{ 2519{
2520 return 0; 2520 return 0;
2521} 2521}
2522 2522
2523static inline int security_socket_connect(struct socket * sock, 2523static inline int security_socket_connect(struct socket *sock,
2524 struct sockaddr * address, 2524 struct sockaddr *address,
2525 int addrlen) 2525 int addrlen)
2526{ 2526{
2527 return 0; 2527 return 0;
2528} 2528}
2529 2529
2530static inline int security_socket_listen(struct socket * sock, int backlog) 2530static inline int security_socket_listen(struct socket *sock, int backlog)
2531{ 2531{
2532 return 0; 2532 return 0;
2533} 2533}
2534 2534
2535static inline int security_socket_accept(struct socket * sock, 2535static inline int security_socket_accept(struct socket *sock,
2536 struct socket * newsock) 2536 struct socket *newsock)
2537{ 2537{
2538 return 0; 2538 return 0;
2539} 2539}
2540 2540
2541static inline void security_socket_post_accept(struct socket * sock, 2541static inline void security_socket_post_accept(struct socket *sock,
2542 struct socket * newsock) 2542 struct socket *newsock)
2543{ 2543{
2544} 2544}
2545 2545
2546static inline int security_socket_sendmsg(struct socket * sock, 2546static inline int security_socket_sendmsg(struct socket *sock,
2547 struct msghdr * msg, int size) 2547 struct msghdr *msg, int size)
2548{ 2548{
2549 return 0; 2549 return 0;
2550} 2550}
2551 2551
2552static inline int security_socket_recvmsg(struct socket * sock, 2552static inline int security_socket_recvmsg(struct socket *sock,
2553 struct msghdr * msg, int size, 2553 struct msghdr *msg, int size,
2554 int flags) 2554 int flags)
2555{ 2555{
2556 return 0; 2556 return 0;
2557} 2557}
2558 2558
2559static inline int security_socket_getsockname(struct socket * sock) 2559static inline int security_socket_getsockname(struct socket *sock)
2560{ 2560{
2561 return 0; 2561 return 0;
2562} 2562}
2563 2563
2564static inline int security_socket_getpeername(struct socket * sock) 2564static inline int security_socket_getpeername(struct socket *sock)
2565{ 2565{
2566 return 0; 2566 return 0;
2567} 2567}
2568 2568
2569static inline int security_socket_getsockopt(struct socket * sock, 2569static inline int security_socket_getsockopt(struct socket *sock,
2570 int level, int optname) 2570 int level, int optname)
2571{ 2571{
2572 return 0; 2572 return 0;
2573} 2573}
2574 2574
2575static inline int security_socket_setsockopt(struct socket * sock, 2575static inline int security_socket_setsockopt(struct socket *sock,
2576 int level, int optname) 2576 int level, int optname)
2577{ 2577{
2578 return 0; 2578 return 0;
2579} 2579}
2580 2580
2581static inline int security_socket_shutdown(struct socket * sock, int how) 2581static inline int security_socket_shutdown(struct socket *sock, int how)
2582{ 2582{
2583 return 0; 2583 return 0;
2584} 2584}
2585static inline int security_sock_rcv_skb (struct sock * sk, 2585static inline int security_sock_rcv_skb(struct sock *sk,
2586 struct sk_buff * skb) 2586 struct sk_buff *skb)
2587{ 2587{
2588 return 0; 2588 return 0;
2589} 2589}
@@ -2620,7 +2620,7 @@ static inline void security_req_classify_flow(const struct request_sock *req, st
2620{ 2620{
2621} 2621}
2622 2622
2623static inline void security_sock_graft(struct sock* sk, struct socket *parent) 2623static inline void security_sock_graft(struct sock *sk, struct socket *parent)
2624{ 2624{
2625} 2625}
2626 2626
diff --git a/security/selinux/include/avc_ss.h b/security/selinux/include/avc_ss.h
index ff869e8b6f4a..c0d314d9f8e1 100644
--- a/security/selinux/include/avc_ss.h
+++ b/security/selinux/include/avc_ss.h
@@ -10,22 +10,19 @@
10 10
11int avc_ss_reset(u32 seqno); 11int avc_ss_reset(u32 seqno);
12 12
13struct av_perm_to_string 13struct av_perm_to_string {
14{
15 u16 tclass; 14 u16 tclass;
16 u32 value; 15 u32 value;
17 const char *name; 16 const char *name;
18}; 17};
19 18
20struct av_inherit 19struct av_inherit {
21{
22 u16 tclass; 20 u16 tclass;
23 const char **common_pts; 21 const char **common_pts;
24 u32 common_base; 22 u32 common_base;
25}; 23};
26 24
27struct selinux_class_perm 25struct selinux_class_perm {
28{
29 const struct av_perm_to_string *av_perm_to_string; 26 const struct av_perm_to_string *av_perm_to_string;
30 u32 av_pts_len; 27 u32 av_pts_len;
31 const char **class_to_string; 28 const char **class_to_string;
diff --git a/security/selinux/include/netlabel.h b/security/selinux/include/netlabel.h
index 9a9e7cd9a379..487a7d81fe20 100644
--- a/security/selinux/include/netlabel.h
+++ b/security/selinux/include/netlabel.h
@@ -64,7 +64,7 @@ static inline void selinux_netlbl_cache_invalidate(void)
64} 64}
65 65
66static inline void selinux_netlbl_sk_security_reset( 66static inline void selinux_netlbl_sk_security_reset(
67 struct sk_security_struct *ssec, 67 struct sk_security_struct *ssec,
68 int family) 68 int family)
69{ 69{
70 return; 70 return;
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 300b61bad7b3..032c2357dad1 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -4,16 +4,16 @@
4 * This file contains the SELinux security data structures for kernel objects. 4 * This file contains the SELinux security data structures for kernel objects.
5 * 5 *
6 * Author(s): Stephen Smalley, <sds@epoch.ncsc.mil> 6 * Author(s): Stephen Smalley, <sds@epoch.ncsc.mil>
7 * Chris Vance, <cvance@nai.com> 7 * Chris Vance, <cvance@nai.com>
8 * Wayne Salamon, <wsalamon@nai.com> 8 * Wayne Salamon, <wsalamon@nai.com>
9 * James Morris <jmorris@redhat.com> 9 * James Morris <jmorris@redhat.com>
10 * 10 *
11 * Copyright (C) 2001,2002 Networks Associates Technology, Inc. 11 * Copyright (C) 2001,2002 Networks Associates Technology, Inc.
12 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> 12 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
13 * 13 *
14 * This program is free software; you can redistribute it and/or modify 14 * This program is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License version 2, 15 * it under the terms of the GNU General Public License version 2,
16 * as published by the Free Software Foundation. 16 * as published by the Free Software Foundation.
17 */ 17 */
18#ifndef _SELINUX_OBJSEC_H_ 18#ifndef _SELINUX_OBJSEC_H_
19#define _SELINUX_OBJSEC_H_ 19#define _SELINUX_OBJSEC_H_
@@ -28,58 +28,58 @@
28#include "avc.h" 28#include "avc.h"
29 29
30struct task_security_struct { 30struct task_security_struct {
31 u32 osid; /* SID prior to last execve */ 31 u32 osid; /* SID prior to last execve */
32 u32 sid; /* current SID */ 32 u32 sid; /* current SID */
33 u32 exec_sid; /* exec SID */ 33 u32 exec_sid; /* exec SID */
34 u32 create_sid; /* fscreate SID */ 34 u32 create_sid; /* fscreate SID */
35 u32 keycreate_sid; /* keycreate SID */ 35 u32 keycreate_sid; /* keycreate SID */
36 u32 sockcreate_sid; /* fscreate SID */ 36 u32 sockcreate_sid; /* fscreate SID */
37}; 37};
38 38
39struct inode_security_struct { 39struct inode_security_struct {
40 struct inode *inode; /* back pointer to inode object */ 40 struct inode *inode; /* back pointer to inode object */
41 struct list_head list; /* list of inode_security_struct */ 41 struct list_head list; /* list of inode_security_struct */
42 u32 task_sid; /* SID of creating task */ 42 u32 task_sid; /* SID of creating task */
43 u32 sid; /* SID of this object */ 43 u32 sid; /* SID of this object */
44 u16 sclass; /* security class of this object */ 44 u16 sclass; /* security class of this object */
45 unsigned char initialized; /* initialization flag */ 45 unsigned char initialized; /* initialization flag */
46 struct mutex lock; 46 struct mutex lock;
47 unsigned char inherit; /* inherit SID from parent entry */ 47 unsigned char inherit; /* inherit SID from parent entry */
48}; 48};
49 49
50struct file_security_struct { 50struct file_security_struct {
51 u32 sid; /* SID of open file description */ 51 u32 sid; /* SID of open file description */
52 u32 fown_sid; /* SID of file owner (for SIGIO) */ 52 u32 fown_sid; /* SID of file owner (for SIGIO) */
53 u32 isid; /* SID of inode at the time of file open */ 53 u32 isid; /* SID of inode at the time of file open */
54 u32 pseqno; /* Policy seqno at the time of file open */ 54 u32 pseqno; /* Policy seqno at the time of file open */
55}; 55};
56 56
57struct superblock_security_struct { 57struct superblock_security_struct {
58 struct super_block *sb; /* back pointer to sb object */ 58 struct super_block *sb; /* back pointer to sb object */
59 struct list_head list; /* list of superblock_security_struct */ 59 struct list_head list; /* list of superblock_security_struct */
60 u32 sid; /* SID of file system superblock */ 60 u32 sid; /* SID of file system superblock */
61 u32 def_sid; /* default SID for labeling */ 61 u32 def_sid; /* default SID for labeling */
62 u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */ 62 u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */
63 unsigned int behavior; /* labeling behavior */ 63 unsigned int behavior; /* labeling behavior */
64 unsigned char initialized; /* initialization flag */ 64 unsigned char initialized; /* initialization flag */
65 unsigned char flags; /* which mount options were specified */ 65 unsigned char flags; /* which mount options were specified */
66 unsigned char proc; /* proc fs */ 66 unsigned char proc; /* proc fs */
67 struct mutex lock; 67 struct mutex lock;
68 struct list_head isec_head; 68 struct list_head isec_head;
69 spinlock_t isec_lock; 69 spinlock_t isec_lock;
70}; 70};
71 71
72struct msg_security_struct { 72struct msg_security_struct {
73 u32 sid; /* SID of message */ 73 u32 sid; /* SID of message */
74}; 74};
75 75
76struct ipc_security_struct { 76struct ipc_security_struct {
77 u16 sclass; /* security class of this object */ 77 u16 sclass; /* security class of this object */
78 u32 sid; /* SID of IPC resource */ 78 u32 sid; /* SID of IPC resource */
79}; 79};
80 80
81struct bprm_security_struct { 81struct bprm_security_struct {
82 u32 sid; /* SID for transformed process */ 82 u32 sid; /* SID for transformed process */
83 unsigned char set; 83 unsigned char set;
84 84
85 /* 85 /*
@@ -123,7 +123,7 @@ struct sk_security_struct {
123}; 123};
124 124
125struct key_security_struct { 125struct key_security_struct {
126 u32 sid; /* SID of key */ 126 u32 sid; /* SID of key */
127}; 127};
128 128
129extern unsigned int selinux_checkreqprot; 129extern unsigned int selinux_checkreqprot;
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 1904c462a605..6445b6440648 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -62,7 +62,7 @@ enum {
62extern int selinux_policycap_netpeer; 62extern int selinux_policycap_netpeer;
63extern int selinux_policycap_openperm; 63extern int selinux_policycap_openperm;
64 64
65int security_load_policy(void * data, size_t len); 65int security_load_policy(void *data, size_t len);
66 66
67int security_policycap_supported(unsigned int req_cap); 67int security_policycap_supported(unsigned int req_cap);
68 68
@@ -110,7 +110,7 @@ int security_node_sid(u16 domain, void *addr, u32 addrlen,
110 u32 *out_sid); 110 u32 *out_sid);
111 111
112int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, 112int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
113 u16 tclass); 113 u16 tclass);
114 114
115int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid); 115int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid);
116 116
diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
index 2edc4c5e0c61..b6ccd09379f1 100644
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c
@@ -40,11 +40,17 @@
40#include <net/ipv6.h> 40#include <net/ipv6.h>
41#include <asm/bug.h> 41#include <asm/bug.h>
42 42
43#include "netnode.h"
43#include "objsec.h" 44#include "objsec.h"
44 45
45#define SEL_NETNODE_HASH_SIZE 256 46#define SEL_NETNODE_HASH_SIZE 256
46#define SEL_NETNODE_HASH_BKT_LIMIT 16 47#define SEL_NETNODE_HASH_BKT_LIMIT 16
47 48
49struct sel_netnode_bkt {
50 unsigned int size;
51 struct list_head list;
52};
53
48struct sel_netnode { 54struct sel_netnode {
49 struct netnode_security_struct nsec; 55 struct netnode_security_struct nsec;
50 56
@@ -60,7 +66,7 @@ struct sel_netnode {
60 66
61static LIST_HEAD(sel_netnode_list); 67static LIST_HEAD(sel_netnode_list);
62static DEFINE_SPINLOCK(sel_netnode_lock); 68static DEFINE_SPINLOCK(sel_netnode_lock);
63static struct list_head sel_netnode_hash[SEL_NETNODE_HASH_SIZE]; 69static struct sel_netnode_bkt sel_netnode_hash[SEL_NETNODE_HASH_SIZE];
64 70
65/** 71/**
66 * sel_netnode_free - Frees a node entry 72 * sel_netnode_free - Frees a node entry
@@ -87,7 +93,7 @@ static void sel_netnode_free(struct rcu_head *p)
87 * the bucket number for the given IP address. 93 * the bucket number for the given IP address.
88 * 94 *
89 */ 95 */
90static u32 sel_netnode_hashfn_ipv4(__be32 addr) 96static unsigned int sel_netnode_hashfn_ipv4(__be32 addr)
91{ 97{
92 /* at some point we should determine if the mismatch in byte order 98 /* at some point we should determine if the mismatch in byte order
93 * affects the hash function dramatically */ 99 * affects the hash function dramatically */
@@ -103,7 +109,7 @@ static u32 sel_netnode_hashfn_ipv4(__be32 addr)
103 * the bucket number for the given IP address. 109 * the bucket number for the given IP address.
104 * 110 *
105 */ 111 */
106static u32 sel_netnode_hashfn_ipv6(const struct in6_addr *addr) 112static unsigned int sel_netnode_hashfn_ipv6(const struct in6_addr *addr)
107{ 113{
108 /* just hash the least significant 32 bits to keep things fast (they 114 /* just hash the least significant 32 bits to keep things fast (they
109 * are the most likely to be different anyway), we can revisit this 115 * are the most likely to be different anyway), we can revisit this
@@ -123,7 +129,7 @@ static u32 sel_netnode_hashfn_ipv6(const struct in6_addr *addr)
123 */ 129 */
124static struct sel_netnode *sel_netnode_find(const void *addr, u16 family) 130static struct sel_netnode *sel_netnode_find(const void *addr, u16 family)
125{ 131{
126 u32 idx; 132 unsigned int idx;
127 struct sel_netnode *node; 133 struct sel_netnode *node;
128 134
129 switch (family) { 135 switch (family) {
@@ -137,7 +143,7 @@ static struct sel_netnode *sel_netnode_find(const void *addr, u16 family)
137 BUG(); 143 BUG();
138 } 144 }
139 145
140 list_for_each_entry_rcu(node, &sel_netnode_hash[idx], list) 146 list_for_each_entry_rcu(node, &sel_netnode_hash[idx].list, list)
141 if (node->nsec.family == family) 147 if (node->nsec.family == family)
142 switch (family) { 148 switch (family) {
143 case PF_INET: 149 case PF_INET:
@@ -159,15 +165,12 @@ static struct sel_netnode *sel_netnode_find(const void *addr, u16 family)
159 * @node: the new node record 165 * @node: the new node record
160 * 166 *
161 * Description: 167 * Description:
162 * Add a new node record to the network address hash table. Returns zero on 168 * Add a new node record to the network address hash table.
163 * success, negative values on failure.
164 * 169 *
165 */ 170 */
166static int sel_netnode_insert(struct sel_netnode *node) 171static void sel_netnode_insert(struct sel_netnode *node)
167{ 172{
168 u32 idx; 173 unsigned int idx;
169 u32 count = 0;
170 struct sel_netnode *iter;
171 174
172 switch (node->nsec.family) { 175 switch (node->nsec.family) {
173 case PF_INET: 176 case PF_INET:
@@ -179,32 +182,21 @@ static int sel_netnode_insert(struct sel_netnode *node)
179 default: 182 default:
180 BUG(); 183 BUG();
181 } 184 }
182 list_add_rcu(&node->list, &sel_netnode_hash[idx]); 185
186 INIT_RCU_HEAD(&node->rcu);
183 187
184 /* we need to impose a limit on the growth of the hash table so check 188 /* we need to impose a limit on the growth of the hash table so check
185 * this bucket to make sure it is within the specified bounds */ 189 * this bucket to make sure it is within the specified bounds */
186 list_for_each_entry(iter, &sel_netnode_hash[idx], list) 190 list_add_rcu(&node->list, &sel_netnode_hash[idx].list);
187 if (++count > SEL_NETNODE_HASH_BKT_LIMIT) { 191 if (sel_netnode_hash[idx].size == SEL_NETNODE_HASH_BKT_LIMIT) {
188 list_del_rcu(&iter->list); 192 struct sel_netnode *tail;
189 call_rcu(&iter->rcu, sel_netnode_free); 193 tail = list_entry(
190 break; 194 rcu_dereference(sel_netnode_hash[idx].list.prev),
191 } 195 struct sel_netnode, list);
192 196 list_del_rcu(&tail->list);
193 return 0; 197 call_rcu(&tail->rcu, sel_netnode_free);
194} 198 } else
195 199 sel_netnode_hash[idx].size++;
196/**
197 * sel_netnode_destroy - Remove a node record from the table
198 * @node: the existing node record
199 *
200 * Description:
201 * Remove an existing node record from the network address table.
202 *
203 */
204static void sel_netnode_destroy(struct sel_netnode *node)
205{
206 list_del_rcu(&node->list);
207 call_rcu(&node->rcu, sel_netnode_free);
208} 200}
209 201
210/** 202/**
@@ -222,7 +214,7 @@ static void sel_netnode_destroy(struct sel_netnode *node)
222 */ 214 */
223static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid) 215static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid)
224{ 216{
225 int ret; 217 int ret = -ENOMEM;
226 struct sel_netnode *node; 218 struct sel_netnode *node;
227 struct sel_netnode *new = NULL; 219 struct sel_netnode *new = NULL;
228 220
@@ -230,25 +222,21 @@ static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid)
230 node = sel_netnode_find(addr, family); 222 node = sel_netnode_find(addr, family);
231 if (node != NULL) { 223 if (node != NULL) {
232 *sid = node->nsec.sid; 224 *sid = node->nsec.sid;
233 ret = 0; 225 spin_unlock_bh(&sel_netnode_lock);
234 goto out; 226 return 0;
235 } 227 }
236 new = kzalloc(sizeof(*new), GFP_ATOMIC); 228 new = kzalloc(sizeof(*new), GFP_ATOMIC);
237 if (new == NULL) { 229 if (new == NULL)
238 ret = -ENOMEM;
239 goto out; 230 goto out;
240 }
241 switch (family) { 231 switch (family) {
242 case PF_INET: 232 case PF_INET:
243 ret = security_node_sid(PF_INET, 233 ret = security_node_sid(PF_INET,
244 addr, sizeof(struct in_addr), 234 addr, sizeof(struct in_addr), sid);
245 &new->nsec.sid);
246 new->nsec.addr.ipv4 = *(__be32 *)addr; 235 new->nsec.addr.ipv4 = *(__be32 *)addr;
247 break; 236 break;
248 case PF_INET6: 237 case PF_INET6:
249 ret = security_node_sid(PF_INET6, 238 ret = security_node_sid(PF_INET6,
250 addr, sizeof(struct in6_addr), 239 addr, sizeof(struct in6_addr), sid);
251 &new->nsec.sid);
252 ipv6_addr_copy(&new->nsec.addr.ipv6, addr); 240 ipv6_addr_copy(&new->nsec.addr.ipv6, addr);
253 break; 241 break;
254 default: 242 default:
@@ -256,11 +244,10 @@ static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid)
256 } 244 }
257 if (ret != 0) 245 if (ret != 0)
258 goto out; 246 goto out;
247
259 new->nsec.family = family; 248 new->nsec.family = family;
260 ret = sel_netnode_insert(new); 249 new->nsec.sid = *sid;
261 if (ret != 0) 250 sel_netnode_insert(new);
262 goto out;
263 *sid = new->nsec.sid;
264 251
265out: 252out:
266 spin_unlock_bh(&sel_netnode_lock); 253 spin_unlock_bh(&sel_netnode_lock);
@@ -312,13 +299,18 @@ int sel_netnode_sid(void *addr, u16 family, u32 *sid)
312 */ 299 */
313static void sel_netnode_flush(void) 300static void sel_netnode_flush(void)
314{ 301{
315 u32 idx; 302 unsigned int idx;
316 struct sel_netnode *node; 303 struct sel_netnode *node, *node_tmp;
317 304
318 spin_lock_bh(&sel_netnode_lock); 305 spin_lock_bh(&sel_netnode_lock);
319 for (idx = 0; idx < SEL_NETNODE_HASH_SIZE; idx++) 306 for (idx = 0; idx < SEL_NETNODE_HASH_SIZE; idx++) {
320 list_for_each_entry(node, &sel_netnode_hash[idx], list) 307 list_for_each_entry_safe(node, node_tmp,
321 sel_netnode_destroy(node); 308 &sel_netnode_hash[idx].list, list) {
309 list_del_rcu(&node->list);
310 call_rcu(&node->rcu, sel_netnode_free);
311 }
312 sel_netnode_hash[idx].size = 0;
313 }
322 spin_unlock_bh(&sel_netnode_lock); 314 spin_unlock_bh(&sel_netnode_lock);
323} 315}
324 316
@@ -340,8 +332,10 @@ static __init int sel_netnode_init(void)
340 if (!selinux_enabled) 332 if (!selinux_enabled)
341 return 0; 333 return 0;
342 334
343 for (iter = 0; iter < SEL_NETNODE_HASH_SIZE; iter++) 335 for (iter = 0; iter < SEL_NETNODE_HASH_SIZE; iter++) {
344 INIT_LIST_HEAD(&sel_netnode_hash[iter]); 336 INIT_LIST_HEAD(&sel_netnode_hash[iter].list);
337 sel_netnode_hash[iter].size = 0;
338 }
345 339
346 ret = avc_add_callback(sel_netnode_avc_callback, AVC_CALLBACK_RESET, 340 ret = avc_add_callback(sel_netnode_avc_callback, AVC_CALLBACK_RESET,
347 SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0); 341 SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
diff --git a/security/selinux/netport.c b/security/selinux/netport.c
index 68ede3c498ab..90b4cff7c350 100644
--- a/security/selinux/netport.c
+++ b/security/selinux/netport.c
@@ -114,8 +114,7 @@ static struct sel_netport *sel_netport_find(u8 protocol, u16 pnum)
114 114
115 idx = sel_netport_hashfn(pnum); 115 idx = sel_netport_hashfn(pnum);
116 list_for_each_entry_rcu(port, &sel_netport_hash[idx].list, list) 116 list_for_each_entry_rcu(port, &sel_netport_hash[idx].list, list)
117 if (port->psec.port == pnum && 117 if (port->psec.port == pnum && port->psec.protocol == protocol)
118 port->psec.protocol == protocol)
119 return port; 118 return port;
120 119
121 return NULL; 120 return NULL;
@@ -126,11 +125,10 @@ static struct sel_netport *sel_netport_find(u8 protocol, u16 pnum)
126 * @port: the new port record 125 * @port: the new port record
127 * 126 *
128 * Description: 127 * Description:
129 * Add a new port record to the network address hash table. Returns zero on 128 * Add a new port record to the network address hash table.
130 * success, negative values on failure.
131 * 129 *
132 */ 130 */
133static int sel_netport_insert(struct sel_netport *port) 131static void sel_netport_insert(struct sel_netport *port)
134{ 132{
135 unsigned int idx; 133 unsigned int idx;
136 134
@@ -140,13 +138,13 @@ static int sel_netport_insert(struct sel_netport *port)
140 list_add_rcu(&port->list, &sel_netport_hash[idx].list); 138 list_add_rcu(&port->list, &sel_netport_hash[idx].list);
141 if (sel_netport_hash[idx].size == SEL_NETPORT_HASH_BKT_LIMIT) { 139 if (sel_netport_hash[idx].size == SEL_NETPORT_HASH_BKT_LIMIT) {
142 struct sel_netport *tail; 140 struct sel_netport *tail;
143 tail = list_entry(port->list.prev, struct sel_netport, list); 141 tail = list_entry(
144 list_del_rcu(port->list.prev); 142 rcu_dereference(sel_netport_hash[idx].list.prev),
143 struct sel_netport, list);
144 list_del_rcu(&tail->list);
145 call_rcu(&tail->rcu, sel_netport_free); 145 call_rcu(&tail->rcu, sel_netport_free);
146 } else 146 } else
147 sel_netport_hash[idx].size++; 147 sel_netport_hash[idx].size++;
148
149 return 0;
150} 148}
151 149
152/** 150/**
@@ -163,7 +161,7 @@ static int sel_netport_insert(struct sel_netport *port)
163 */ 161 */
164static int sel_netport_sid_slow(u8 protocol, u16 pnum, u32 *sid) 162static int sel_netport_sid_slow(u8 protocol, u16 pnum, u32 *sid)
165{ 163{
166 int ret; 164 int ret = -ENOMEM;
167 struct sel_netport *port; 165 struct sel_netport *port;
168 struct sel_netport *new = NULL; 166 struct sel_netport *new = NULL;
169 167
@@ -171,23 +169,20 @@ static int sel_netport_sid_slow(u8 protocol, u16 pnum, u32 *sid)
171 port = sel_netport_find(protocol, pnum); 169 port = sel_netport_find(protocol, pnum);
172 if (port != NULL) { 170 if (port != NULL) {
173 *sid = port->psec.sid; 171 *sid = port->psec.sid;
174 ret = 0; 172 spin_unlock_bh(&sel_netport_lock);
175 goto out; 173 return 0;
176 } 174 }
177 new = kzalloc(sizeof(*new), GFP_ATOMIC); 175 new = kzalloc(sizeof(*new), GFP_ATOMIC);
178 if (new == NULL) { 176 if (new == NULL)
179 ret = -ENOMEM;
180 goto out; 177 goto out;
181 } 178 ret = security_port_sid(protocol, pnum, sid);
182 ret = security_port_sid(protocol, pnum, &new->psec.sid);
183 if (ret != 0) 179 if (ret != 0)
184 goto out; 180 goto out;
181
185 new->psec.port = pnum; 182 new->psec.port = pnum;
186 new->psec.protocol = protocol; 183 new->psec.protocol = protocol;
187 ret = sel_netport_insert(new); 184 new->psec.sid = *sid;
188 if (ret != 0) 185 sel_netport_insert(new);
189 goto out;
190 *sid = new->psec.sid;
191 186
192out: 187out:
193 spin_unlock_bh(&sel_netport_lock); 188 spin_unlock_bh(&sel_netport_lock);
@@ -239,11 +234,12 @@ int sel_netport_sid(u8 protocol, u16 pnum, u32 *sid)
239static void sel_netport_flush(void) 234static void sel_netport_flush(void)
240{ 235{
241 unsigned int idx; 236 unsigned int idx;
242 struct sel_netport *port; 237 struct sel_netport *port, *port_tmp;
243 238
244 spin_lock_bh(&sel_netport_lock); 239 spin_lock_bh(&sel_netport_lock);
245 for (idx = 0; idx < SEL_NETPORT_HASH_SIZE; idx++) { 240 for (idx = 0; idx < SEL_NETPORT_HASH_SIZE; idx++) {
246 list_for_each_entry(port, &sel_netport_hash[idx].list, list) { 241 list_for_each_entry_safe(port, port_tmp,
242 &sel_netport_hash[idx].list, list) {
247 list_del_rcu(&port->list); 243 list_del_rcu(&port->list);
248 call_rcu(&port->rcu, sel_netport_free); 244 call_rcu(&port->rcu, sel_netport_free);
249 } 245 }
diff --git a/security/selinux/ss/conditional.h b/security/selinux/ss/conditional.h
index f3a1fc6e5d66..65b9f8366e9c 100644
--- a/security/selinux/ss/conditional.h
+++ b/security/selinux/ss/conditional.h
@@ -59,10 +59,10 @@ struct cond_node {
59 struct cond_node *next; 59 struct cond_node *next;
60}; 60};
61 61
62int cond_policydb_init(struct policydb* p); 62int cond_policydb_init(struct policydb *p);
63void cond_policydb_destroy(struct policydb* p); 63void cond_policydb_destroy(struct policydb *p);
64 64
65int cond_init_bool_indexes(struct policydb* p); 65int cond_init_bool_indexes(struct policydb *p);
66int cond_destroy_bool(void *key, void *datum, void *p); 66int cond_destroy_bool(void *key, void *datum, void *p);
67 67
68int cond_index_bool(void *key, void *datum, void *datap); 68int cond_index_bool(void *key, void *datum, void *datap);
diff --git a/security/selinux/ss/context.h b/security/selinux/ss/context.h
index 2eee0dab524d..b9a6f7fc62fc 100644
--- a/security/selinux/ss/context.h
+++ b/security/selinux/ss/context.h
@@ -84,9 +84,9 @@ static inline int mls_context_cmp(struct context *c1, struct context *c2)
84 return 1; 84 return 1;
85 85
86 return ((c1->range.level[0].sens == c2->range.level[0].sens) && 86 return ((c1->range.level[0].sens == c2->range.level[0].sens) &&
87 ebitmap_cmp(&c1->range.level[0].cat,&c2->range.level[0].cat) && 87 ebitmap_cmp(&c1->range.level[0].cat, &c2->range.level[0].cat) &&
88 (c1->range.level[1].sens == c2->range.level[1].sens) && 88 (c1->range.level[1].sens == c2->range.level[1].sens) &&
89 ebitmap_cmp(&c1->range.level[1].cat,&c2->range.level[1].cat)); 89 ebitmap_cmp(&c1->range.level[1].cat, &c2->range.level[1].cat));
90} 90}
91 91
92static inline void mls_context_destroy(struct context *c) 92static inline void mls_context_destroy(struct context *c)
diff --git a/security/selinux/ss/hashtab.h b/security/selinux/ss/hashtab.h
index 7e2ff3e3c6d2..953872cd84ab 100644
--- a/security/selinux/ss/hashtab.h
+++ b/security/selinux/ss/hashtab.h
@@ -40,8 +40,8 @@ struct hashtab_info {
40 * the new hash table otherwise. 40 * the new hash table otherwise.
41 */ 41 */
42struct hashtab *hashtab_create(u32 (*hash_value)(struct hashtab *h, const void *key), 42struct hashtab *hashtab_create(u32 (*hash_value)(struct hashtab *h, const void *key),
43 int (*keycmp)(struct hashtab *h, const void *key1, const void *key2), 43 int (*keycmp)(struct hashtab *h, const void *key1, const void *key2),
44 u32 size); 44 u32 size);
45 45
46/* 46/*
47 * Inserts the specified (key, datum) pair into the specified hash table. 47 * Inserts the specified (key, datum) pair into the specified hash table.
@@ -49,7 +49,7 @@ struct hashtab *hashtab_create(u32 (*hash_value)(struct hashtab *h, const void *
49 * Returns -ENOMEM on memory allocation error, 49 * Returns -ENOMEM on memory allocation error,
50 * -EEXIST if there is already an entry with the same key, 50 * -EEXIST if there is already an entry with the same key,
51 * -EINVAL for general errors or 51 * -EINVAL for general errors or
52 * 0 otherwise. 52 0 otherwise.
53 */ 53 */
54int hashtab_insert(struct hashtab *h, void *k, void *d); 54int hashtab_insert(struct hashtab *h, void *k, void *d);
55 55
diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h
index ab53663d9f5f..0fdf6257ef64 100644
--- a/security/selinux/ss/mls.h
+++ b/security/selinux/ss/mls.h
@@ -13,7 +13,7 @@
13/* 13/*
14 * Updated: Hewlett-Packard <paul.moore@hp.com> 14 * Updated: Hewlett-Packard <paul.moore@hp.com>
15 * 15 *
16 * Added support to import/export the MLS label from NetLabel 16 * Added support to import/export the MLS label from NetLabel
17 * 17 *
18 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 18 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
19 */ 19 */
@@ -31,7 +31,7 @@ int mls_range_isvalid(struct policydb *p, struct mls_range *r);
31int mls_level_isvalid(struct policydb *p, struct mls_level *l); 31int mls_level_isvalid(struct policydb *p, struct mls_level *l);
32 32
33int mls_context_to_sid(char oldc, 33int mls_context_to_sid(char oldc,
34 char **scontext, 34 char **scontext,
35 struct context *context, 35 struct context *context,
36 struct sidtab *s, 36 struct sidtab *s,
37 u32 def_sid); 37 u32 def_sid);
@@ -49,7 +49,7 @@ int mls_compute_sid(struct context *scontext,
49 struct context *newcontext); 49 struct context *newcontext);
50 50
51int mls_setup_user_range(struct context *fromcon, struct user_datum *user, 51int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
52 struct context *usercon); 52 struct context *usercon);
53 53
54#ifdef CONFIG_NETLABEL 54#ifdef CONFIG_NETLABEL
55void mls_export_netlbl_lvl(struct context *context, 55void mls_export_netlbl_lvl(struct context *context,
diff --git a/security/selinux/ss/mls_types.h b/security/selinux/ss/mls_types.h
index 0c692d58d489..b6e943a21061 100644
--- a/security/selinux/ss/mls_types.h
+++ b/security/selinux/ss/mls_types.h
@@ -31,7 +31,7 @@ static inline int mls_level_eq(struct mls_level *l1, struct mls_level *l2)
31 return 1; 31 return 1;
32 32
33 return ((l1->sens == l2->sens) && 33 return ((l1->sens == l2->sens) &&
34 ebitmap_cmp(&l1->cat, &l2->cat)); 34 ebitmap_cmp(&l1->cat, &l2->cat));
35} 35}
36 36
37static inline int mls_level_dom(struct mls_level *l1, struct mls_level *l2) 37static inline int mls_level_dom(struct mls_level *l1, struct mls_level *l2)
@@ -40,7 +40,7 @@ static inline int mls_level_dom(struct mls_level *l1, struct mls_level *l2)
40 return 1; 40 return 1;
41 41
42 return ((l1->sens >= l2->sens) && 42 return ((l1->sens >= l2->sens) &&
43 ebitmap_contains(&l1->cat, &l2->cat)); 43 ebitmap_contains(&l1->cat, &l2->cat));
44} 44}
45 45
46#define mls_level_incomp(l1, l2) \ 46#define mls_level_incomp(l1, l2) \
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index ba593a3da877..4253370fda6a 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -12,12 +12,12 @@
12 * 12 *
13 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 13 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
14 * 14 *
15 * Added conditional policy language extensions 15 * Added conditional policy language extensions
16 * 16 *
17 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 17 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
18 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 18 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
19 * This program is free software; you can redistribute it and/or modify 19 * This program is free software; you can redistribute it and/or modify
20 * it under the terms of the GNU General Public License as published by 20 * it under the terms of the GNU General Public License as published by
21 * the Free Software Foundation, version 2. 21 * the Free Software Foundation, version 2.
22 */ 22 */
23 23
@@ -221,7 +221,7 @@ struct policydb {
221 /* type enforcement conditional access vectors and transitions */ 221 /* type enforcement conditional access vectors and transitions */
222 struct avtab te_cond_avtab; 222 struct avtab te_cond_avtab;
223 /* linked list indexing te_cond_avtab by conditional */ 223 /* linked list indexing te_cond_avtab by conditional */
224 struct cond_node* cond_list; 224 struct cond_node *cond_list;
225 225
226 /* role allows */ 226 /* role allows */
227 struct role_allow *role_allow; 227 struct role_allow *role_allow;
@@ -230,10 +230,10 @@ struct policydb {
230 TCP or UDP port numbers, network interfaces and nodes */ 230 TCP or UDP port numbers, network interfaces and nodes */
231 struct ocontext *ocontexts[OCON_NUM]; 231 struct ocontext *ocontexts[OCON_NUM];
232 232
233 /* security contexts for files in filesystems that cannot support 233 /* security contexts for files in filesystems that cannot support
234 a persistent label mapping or use another 234 a persistent label mapping or use another
235 fixed labeling behavior. */ 235 fixed labeling behavior. */
236 struct genfs *genfs; 236 struct genfs *genfs;
237 237
238 /* range transitions */ 238 /* range transitions */
239 struct range_trans *range_tr; 239 struct range_trans *range_tr;
generated by cgit v1.2.2 (git 2.25.0) at 2024-09-20 01:43:31 -0400