2 files changed, 37 insertions, 0 deletions
diff --git a/security/capability.c b/security/capability.c
index 1b943f54b2ea..06400cf07757 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -706,10 +706,26 @@ static void cap_inet_conn_established(struct sock *sk, struct sk_buff *skb)
 {
 }
 static void cap_req_classify_flow(const struct request_sock *req,
                                  struct flowi *fl)
 {
 }
+static int cap_tun_dev_create(void)
+{
+        return 0;
+}
+static void cap_tun_dev_post_create(struct sock *sk)
+{
+}
+static int cap_tun_dev_attach(struct sock *sk)
+{
+        return 0;
+}
 #endif  /* CONFIG_SECURITY_NETWORK */
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
@@ -1026,6 +1042,9 @@ void security_fixup_ops(struct security_operations *ops)
        set_to_cap_if_null(ops, inet_csk_clone);
        set_to_cap_if_null(ops, inet_conn_established);
        set_to_cap_if_null(ops, req_classify_flow);
+        set_to_cap_if_null(ops, tun_dev_create);
+        set_to_cap_if_null(ops, tun_dev_post_create);
+        set_to_cap_if_null(ops, tun_dev_attach);
 #endif  /* CONFIG_SECURITY_NETWORK */
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
        set_to_cap_if_null(ops, xfrm_policy_alloc_security);
diff --git a/security/security.c b/security/security.c
index 0e993f42ce3d..f88eaf6b14cc 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1117,6 +1117,24 @@ void security_inet_conn_established(struct sock *sk,
        security_ops->inet_conn_established(sk, skb);
 }
+int security_tun_dev_create(void)
+{
+        return security_ops->tun_dev_create();
+}
+EXPORT_SYMBOL(security_tun_dev_create);
+void security_tun_dev_post_create(struct sock *sk)
+{
+        return security_ops->tun_dev_post_create(sk);
+}
+EXPORT_SYMBOL(security_tun_dev_post_create);
+int security_tun_dev_attach(struct sock *sk)
+{
+        return security_ops->tun_dev_attach(sk);
+}
+EXPORT_SYMBOL(security_tun_dev_attach);
 #endif  /* CONFIG_SECURITY_NETWORK */
 #ifdef CONFIG_SECURITY_NETWORK_XFRM

diff --git a/security/capability.c b/security/capability.c index 1b943f54b2ea..06400cf07757 100644 --- a/security/capability.c +++ b/security/capability.c
@@ -706,10 +706,26 @@ static void cap_inet_conn_established(struct sock sk, struct sk_buff skb)
706	{	706	{
707	}	707	}
708		708
		709
		710
709	static void cap_req_classify_flow(const struct request_sock *req,	711	static void cap_req_classify_flow(const struct request_sock *req,
710	struct flowi *fl)	712	struct flowi *fl)
711	{	713	{
712	}	714	}
		715
		716	static int cap_tun_dev_create(void)
		717	{
		718	return 0;
		719	}
		720
		721	static void cap_tun_dev_post_create(struct sock *sk)
		722	{
		723	}
		724
		725	static int cap_tun_dev_attach(struct sock *sk)
		726	{
		727	return 0;
		728	}
713	#endif /* CONFIG_SECURITY_NETWORK */	729	#endif /* CONFIG_SECURITY_NETWORK */
714		730
715	#ifdef CONFIG_SECURITY_NETWORK_XFRM	731	#ifdef CONFIG_SECURITY_NETWORK_XFRM
@@ -1026,6 +1042,9 @@ void security_fixup_ops(struct security_operations *ops)
1026	set_to_cap_if_null(ops, inet_csk_clone);	1042	set_to_cap_if_null(ops, inet_csk_clone);
1027	set_to_cap_if_null(ops, inet_conn_established);	1043	set_to_cap_if_null(ops, inet_conn_established);
1028	set_to_cap_if_null(ops, req_classify_flow);	1044	set_to_cap_if_null(ops, req_classify_flow);
		1045	set_to_cap_if_null(ops, tun_dev_create);
		1046	set_to_cap_if_null(ops, tun_dev_post_create);
		1047	set_to_cap_if_null(ops, tun_dev_attach);
1029	#endif /* CONFIG_SECURITY_NETWORK */	1048	#endif /* CONFIG_SECURITY_NETWORK */
1030	#ifdef CONFIG_SECURITY_NETWORK_XFRM	1049	#ifdef CONFIG_SECURITY_NETWORK_XFRM
1031	set_to_cap_if_null(ops, xfrm_policy_alloc_security);	1050	set_to_cap_if_null(ops, xfrm_policy_alloc_security);


diff --git a/security/security.c b/security/security.c index 0e993f42ce3d..f88eaf6b14cc 100644 --- a/security/security.c +++ b/security/security.c
@@ -1117,6 +1117,24 @@ void security_inet_conn_established(struct sock *sk,
1117	security_ops->inet_conn_established(sk, skb);	1117	security_ops->inet_conn_established(sk, skb);
1118	}	1118	}
1119		1119
		1120	int security_tun_dev_create(void)
		1121	{
		1122	return security_ops->tun_dev_create();
		1123	}
		1124	EXPORT_SYMBOL(security_tun_dev_create);
		1125
		1126	void security_tun_dev_post_create(struct sock *sk)
		1127	{
		1128	return security_ops->tun_dev_post_create(sk);
		1129	}
		1130	EXPORT_SYMBOL(security_tun_dev_post_create);
		1131
		1132	int security_tun_dev_attach(struct sock *sk)
		1133	{
		1134	return security_ops->tun_dev_attach(sk);
		1135	}
		1136	EXPORT_SYMBOL(security_tun_dev_attach);
		1137
1120	#endif /* CONFIG_SECURITY_NETWORK */	1138	#endif /* CONFIG_SECURITY_NETWORK */
1121		1139
1122	#ifdef CONFIG_SECURITY_NETWORK_XFRM	1140	#ifdef CONFIG_SECURITY_NETWORK_XFRM