1 files changed, 35 insertions, 10 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index a22219afff09..b8246a8df7d2 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -74,7 +74,7 @@ extern int cap_file_mmap(struct file *file, unsigned long reqprot,
 extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
 extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
                          unsigned long arg4, unsigned long arg5);
-extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp);
+extern int cap_task_setscheduler(struct task_struct *p);
 extern int cap_task_setioprio(struct task_struct *p, int ioprio);
 extern int cap_task_setnice(struct task_struct *p, int nice);
 extern int cap_syslog(int type, bool from_file);
@@ -959,6 +959,12 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 *      Sets the new child socket's sid to the openreq sid.
 * @inet_conn_established:
 *      Sets the connection's peersid to the secmark on skb.
+ * @secmark_relabel_packet:
+ *      check if the process should be allowed to relabel packets to the given secid
+ * @security_secmark_refcount_inc
+ *      tells the LSM to increment the number of secmark labeling rules loaded
+ * @security_secmark_refcount_dec
+ *      tells the LSM to decrement the number of secmark labeling rules loaded
 * @req_classify_flow:
 *      Sets the flow's sid to the openreq sid.
 * @tun_dev_create:
@@ -1279,9 +1285,13 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 *      Return 0 if permission is granted.
 *
 * @secid_to_secctx:
- *      Convert secid to security context.
+ *      Convert secid to security context.  If secdata is NULL the length of
+ *      the result will be returned in seclen, but no secdata will be returned.
+ *      This does mean that the length could change between calls to check the
+ *      length and the next call which actually allocates and returns the secdata.
 *      @secid contains the security ID.
 *      @secdata contains the pointer that stores the converted security context.
+ *      @seclen pointer which contains the length of the data
 * @secctx_to_secid:
 *      Convert security context to secid.
 *      @secid contains the pointer to the generated security ID.
@@ -1501,8 +1511,7 @@ struct security_operations {
        int (*task_getioprio) (struct task_struct *p);
        int (*task_setrlimit) (struct task_struct *p, unsigned int resource,
                        struct rlimit *new_rlim);
-        int (*task_setscheduler) (struct task_struct *p, int policy,
+        int (*task_setscheduler) (struct task_struct *p);
-                                  struct sched_param *lp);
        int (*task_getscheduler) (struct task_struct *p);
        int (*task_movememory) (struct task_struct *p);
        int (*task_kill) (struct task_struct *p,
@@ -1594,6 +1603,9 @@ struct security_operations {
                                  struct request_sock *req);
        void (*inet_csk_clone) (struct sock *newsk, const struct request_sock *req);
        void (*inet_conn_established) (struct sock *sk, struct sk_buff *skb);
+        int (*secmark_relabel_packet) (u32 secid);
+        void (*secmark_refcount_inc) (void);
+        void (*secmark_refcount_dec) (void);
        void (*req_classify_flow) (const struct request_sock *req, struct flowi *fl);
        int (*tun_dev_create)(void);
        void (*tun_dev_post_create)(struct sock *sk);
@@ -1752,8 +1764,7 @@ int security_task_setioprio(struct task_struct *p, int ioprio);
 int security_task_getioprio(struct task_struct *p);
 int security_task_setrlimit(struct task_struct *p, unsigned int resource,
                struct rlimit *new_rlim);
-int security_task_setscheduler(struct task_struct *p,
+int security_task_setscheduler(struct task_struct *p);
-                                int policy, struct sched_param *lp);
 int security_task_getscheduler(struct task_struct *p);
 int security_task_movememory(struct task_struct *p);
 int security_task_kill(struct task_struct *p, struct siginfo *info,
@@ -2320,11 +2331,9 @@ static inline int security_task_setrlimit(struct task_struct *p,
        return 0;
 }
-static inline int security_task_setscheduler(struct task_struct *p,
+static inline int security_task_setscheduler(struct task_struct *p)
-                                             int policy,
-                                             struct sched_param *lp)
 {
-        return cap_task_setscheduler(p, policy, lp);
+        return cap_task_setscheduler(p);
 }
 static inline int security_task_getscheduler(struct task_struct *p)
@@ -2551,6 +2560,9 @@ void security_inet_csk_clone(struct sock *newsk,
                        const struct request_sock *req);
 void security_inet_conn_established(struct sock *sk,
                        struct sk_buff *skb);
+int security_secmark_relabel_packet(u32 secid);
+void security_secmark_refcount_inc(void);
+void security_secmark_refcount_dec(void);
 int security_tun_dev_create(void);
 void security_tun_dev_post_create(struct sock *sk);
 int security_tun_dev_attach(struct sock *sk);
@@ -2705,6 +2717,19 @@ static inline void security_inet_conn_established(struct sock *sk,
 {
 }
+static inline int security_secmark_relabel_packet(u32 secid)
+{
+        return 0;
+}
+static inline void security_secmark_refcount_inc(void)
+{
+}
+static inline void security_secmark_refcount_dec(void)
+{
+}
 static inline int security_tun_dev_create(void)
 {
        return 0;