1	// SPDX-License-Identifier: GPL-2.0-or-later
2	/*
3	* Security plug functions
4	*
5	* Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
6	* Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com>
7	* Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
8	* Copyright (C) 2016 Mellanox Technologies
9	* Copyright (C) 2023 Microsoft Corporation <paul@paul-moore.com>
10	*/
11
12	#define pr_fmt(fmt) "LSM: " fmt
13
14	#include <linux/bpf.h>
15	#include <linux/capability.h>
16	#include <linux/dcache.h>
17	#include <linux/export.h>
18	#include <linux/init.h>
19	#include <linux/kernel.h>
20	#include <linux/kernel_read_file.h>
21	#include <linux/lsm_hooks.h>
22	#include <linux/fsnotify.h>
23	#include <linux/mman.h>
24	#include <linux/mount.h>
25	#include <linux/personality.h>
26	#include <linux/backing-dev.h>
27	#include <linux/string.h>
28	#include <linux/xattr.h>
29	#include <linux/msg.h>
30	#include <linux/overflow.h>
31	#include <net/flow.h>
32
33	/* How many LSMs were built into the kernel? */
34	#define LSM_COUNT (__end_lsm_info - __start_lsm_info)
35
36	/*
37	* How many LSMs are built into the kernel as determined at
38	* build time. Used to determine fixed array sizes.
39	* The capability module is accounted for by CONFIG_SECURITY
40	*/
41	#define LSM_CONFIG_COUNT ( \
42	(IS_ENABLED(CONFIG_SECURITY) ? 1 : 0) + \
43	(IS_ENABLED(CONFIG_SECURITY_SELINUX) ? 1 : 0) + \
44	(IS_ENABLED(CONFIG_SECURITY_SMACK) ? 1 : 0) + \
45	(IS_ENABLED(CONFIG_SECURITY_TOMOYO) ? 1 : 0) + \
46	(IS_ENABLED(CONFIG_SECURITY_APPARMOR) ? 1 : 0) + \
47	(IS_ENABLED(CONFIG_SECURITY_YAMA) ? 1 : 0) + \
48	(IS_ENABLED(CONFIG_SECURITY_LOADPIN) ? 1 : 0) + \
49	(IS_ENABLED(CONFIG_SECURITY_SAFESETID) ? 1 : 0) + \
50	(IS_ENABLED(CONFIG_SECURITY_LOCKDOWN_LSM) ? 1 : 0) + \
51	(IS_ENABLED(CONFIG_BPF_LSM) ? 1 : 0) + \
52	(IS_ENABLED(CONFIG_SECURITY_LANDLOCK) ? 1 : 0) + \
53	(IS_ENABLED(CONFIG_IMA) ? 1 : 0) + \
54	(IS_ENABLED(CONFIG_EVM) ? 1 : 0))
55
56	/*
57	* These are descriptions of the reasons that can be passed to the
58	* security_locked_down() LSM hook. Placing this array here allows
59	* all security modules to use the same descriptions for auditing
60	* purposes.
61	*/
62	const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX + 1] = {
63	[LOCKDOWN_NONE] = "none",
64	[LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading",
65	[LOCKDOWN_DEV_MEM] = "/dev/mem,kmem,port",
66	[LOCKDOWN_EFI_TEST] = "/dev/efi_test access",
67	[LOCKDOWN_KEXEC] = "kexec of unsigned images",
68	[LOCKDOWN_HIBERNATION] = "hibernation",
69	[LOCKDOWN_PCI_ACCESS] = "direct PCI access",
70	[LOCKDOWN_IOPORT] = "raw io port access",
71	[LOCKDOWN_MSR] = "raw MSR access",
72	[LOCKDOWN_ACPI_TABLES] = "modifying ACPI tables",
73	[LOCKDOWN_DEVICE_TREE] = "modifying device tree contents",
74	[LOCKDOWN_PCMCIA_CIS] = "direct PCMCIA CIS storage",
75	[LOCKDOWN_TIOCSSERIAL] = "reconfiguration of serial port IO",
76	[LOCKDOWN_MODULE_PARAMETERS] = "unsafe module parameters",
77	[LOCKDOWN_MMIOTRACE] = "unsafe mmio",
78	[LOCKDOWN_DEBUGFS] = "debugfs access",
79	[LOCKDOWN_XMON_WR] = "xmon write access",
80	[LOCKDOWN_BPF_WRITE_USER] = "use of bpf to write user RAM",
81	[LOCKDOWN_DBG_WRITE_KERNEL] = "use of kgdb/kdb to write kernel RAM",
82	[LOCKDOWN_RTAS_ERROR_INJECTION] = "RTAS error injection",
83	[LOCKDOWN_INTEGRITY_MAX] = "integrity",
84	[LOCKDOWN_KCORE] = "/proc/kcore access",
85	[LOCKDOWN_KPROBES] = "use of kprobes",
86	[LOCKDOWN_BPF_READ_KERNEL] = "use of bpf to read kernel RAM",
87	[LOCKDOWN_DBG_READ_KERNEL] = "use of kgdb/kdb to read kernel RAM",
88	[LOCKDOWN_PERF] = "unsafe use of perf",
89	[LOCKDOWN_TRACEFS] = "use of tracefs",
90	[LOCKDOWN_XMON_RW] = "xmon read and write access",
91	[LOCKDOWN_XFRM_SECRET] = "xfrm SA secret",
92	[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
93	};
94
95	struct security_hook_heads security_hook_heads __ro_after_init;
96	static BLOCKING_NOTIFIER_HEAD(blocking_lsm_notifier_chain);
97
98	static struct kmem_cache *lsm_file_cache;
99	static struct kmem_cache *lsm_inode_cache;
100
101	char *lsm_names;
102	static struct lsm_blob_sizes blob_sizes __ro_after_init;
103
104	/* Boot-time LSM user choice */
105	static __initdata const char *chosen_lsm_order;
106	static __initdata const char *chosen_major_lsm;
107
108	static __initconst const char *const builtin_lsm_order = CONFIG_LSM;
109
110	/* Ordered list of LSMs to initialize. */
111	static __initdata struct lsm_info **ordered_lsms;
112	static __initdata struct lsm_info *exclusive;
113
114	static __initdata bool debug;
115	#define init_debug(...) \
116	do { \
117	if (debug) \
118	pr_info(__VA_ARGS__); \
119	} while (0)
120
121	static bool __init is_enabled(struct lsm_info *lsm)
122	{
123	if (!lsm->enabled)
124	return false;
125
126	return *lsm->enabled;
127	}
128
129	/* Mark an LSM's enabled flag. */
130	static int lsm_enabled_true __initdata = 1;
131	static int lsm_enabled_false __initdata = 0;
132	static void __init set_enabled(struct lsm_info *lsm, bool enabled)
133	{
134	/*
135	* When an LSM hasn't configured an enable variable, we can use
136	* a hard-coded location for storing the default enabled state.
137	*/
138	if (!lsm->enabled) {
139	if (enabled)
140	lsm->enabled = &lsm_enabled_true;
141	else
142	lsm->enabled = &lsm_enabled_false;
143	} else if (lsm->enabled == &lsm_enabled_true) {
144	if (!enabled)
145	lsm->enabled = &lsm_enabled_false;
146	} else if (lsm->enabled == &lsm_enabled_false) {
147	if (enabled)
148	lsm->enabled = &lsm_enabled_true;
149	} else {
150	*lsm->enabled = enabled;
151	}
152	}
153
154	/* Is an LSM already listed in the ordered LSMs list? */
155	static bool __init exists_ordered_lsm(struct lsm_info *lsm)
156	{
157	struct lsm_info **check;
158
159	for (check = ordered_lsms; *check; check++)
160	if (*check == lsm)
161	return true;
162
163	return false;
164	}
165
166	/* Append an LSM to the list of ordered LSMs to initialize. */
167	static int last_lsm __initdata;
168	static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from)
169	{
170	/* Ignore duplicate selections. */
171	if (exists_ordered_lsm(lsm))
172	return;
173
174	if (WARN(last_lsm == LSM_COUNT, "%s: out of LSM slots!?\n", from))
175	return;
176
177	/* Enable this LSM, if it is not already set. */
178	if (!lsm->enabled)
179	lsm->enabled = &lsm_enabled_true;
180	ordered_lsms[last_lsm++] = lsm;
181
182	init_debug("%s ordered: %s (%s)\n", from, lsm->name,
183	is_enabled(lsm) ? "enabled" : "disabled");
184	}
185
186	/* Is an LSM allowed to be initialized? */
187	static bool __init lsm_allowed(struct lsm_info *lsm)
188	{
189	/* Skip if the LSM is disabled. */
190	if (!is_enabled(lsm))
191	return false;
192
193	/* Not allowed if another exclusive LSM already initialized. */
194	if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) {
195	init_debug("exclusive disabled: %s\n", lsm->name);
196	return false;
197	}
198
199	return true;
200	}
201
202	static void __init lsm_set_blob_size(int *need, int *lbs)
203	{
204	int offset;
205
206	if (*need <= 0)
207	return;
208
209	offset = ALIGN(*lbs, sizeof(void *));
210	*lbs = offset + *need;
211	*need = offset;
212	}
213
214	static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed)
215	{
216	if (!needed)
217	return;
218
219	lsm_set_blob_size(need: &needed->lbs_cred, lbs: &blob_sizes.lbs_cred);
220	lsm_set_blob_size(need: &needed->lbs_file, lbs: &blob_sizes.lbs_file);
221	/*
222	* The inode blob gets an rcu_head in addition to
223	* what the modules might need.
224	*/
225	if (needed->lbs_inode && blob_sizes.lbs_inode == 0)
226	blob_sizes.lbs_inode = sizeof(struct rcu_head);
227	lsm_set_blob_size(need: &needed->lbs_inode, lbs: &blob_sizes.lbs_inode);
228	lsm_set_blob_size(need: &needed->lbs_ipc, lbs: &blob_sizes.lbs_ipc);
229	lsm_set_blob_size(need: &needed->lbs_msg_msg, lbs: &blob_sizes.lbs_msg_msg);
230	lsm_set_blob_size(need: &needed->lbs_superblock, lbs: &blob_sizes.lbs_superblock);
231	lsm_set_blob_size(need: &needed->lbs_task, lbs: &blob_sizes.lbs_task);
232	lsm_set_blob_size(need: &needed->lbs_xattr_count,
233	lbs: &blob_sizes.lbs_xattr_count);
234	}
235
236	/* Prepare LSM for initialization. */
237	static void __init prepare_lsm(struct lsm_info *lsm)
238	{
239	int enabled = lsm_allowed(lsm);
240
241	/* Record enablement (to handle any following exclusive LSMs). */
242	set_enabled(lsm, enabled);
243
244	/* If enabled, do pre-initialization work. */
245	if (enabled) {
246	if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) {
247	exclusive = lsm;
248	init_debug("exclusive chosen: %s\n", lsm->name);
249	}
250
251	lsm_set_blob_sizes(needed: lsm->blobs);
252	}
253	}
254
255	/* Initialize a given LSM, if it is enabled. */
256	static void __init initialize_lsm(struct lsm_info *lsm)
257	{
258	if (is_enabled(lsm)) {
259	int ret;
260
261	init_debug("initializing %s\n", lsm->name);
262	ret = lsm->init();
263	WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret);
264	}
265	}
266
267	/*
268	* Current index to use while initializing the lsm id list.
269	*/
270	u32 lsm_active_cnt __ro_after_init;
271	const struct lsm_id *lsm_idlist[LSM_CONFIG_COUNT];
272
273	/* Populate ordered LSMs list from comma-separated LSM name list. */
274	static void __init ordered_lsm_parse(const char *order, const char *origin)
275	{
276	struct lsm_info *lsm;
277	char *sep, *name, *next;
278
279	/* LSM_ORDER_FIRST is always first. */
280	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
281	if (lsm->order == LSM_ORDER_FIRST)
282	append_ordered_lsm(lsm, from: " first");
283	}
284
285	/* Process "security=", if given. */
286	if (chosen_major_lsm) {
287	struct lsm_info *major;
288
289	/*
290	* To match the original "security=" behavior, this
291	* explicitly does NOT fallback to another Legacy Major
292	* if the selected one was separately disabled: disable
293	* all non-matching Legacy Major LSMs.
294	*/
295	for (major = __start_lsm_info; major < __end_lsm_info;
296	major++) {
297	if ((major->flags & LSM_FLAG_LEGACY_MAJOR) &&
298	strcmp(major->name, chosen_major_lsm) != 0) {
299	set_enabled(lsm: major, enabled: false);
300	init_debug("security=%s disabled: %s (only one legacy major LSM)\n",
301	chosen_major_lsm, major->name);
302	}
303	}
304	}
305
306	sep = kstrdup(s: order, GFP_KERNEL);
307	next = sep;
308	/* Walk the list, looking for matching LSMs. */
309	while ((name = strsep(&next, ",")) != NULL) {
310	bool found = false;
311
312	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
313	if (strcmp(lsm->name, name) == 0) {
314	if (lsm->order == LSM_ORDER_MUTABLE)
315	append_ordered_lsm(lsm, from: origin);
316	found = true;
317	}
318	}
319
320	if (!found)
321	init_debug("%s ignored: %s (not built into kernel)\n",
322	origin, name);
323	}
324
325	/* Process "security=", if given. */
326	if (chosen_major_lsm) {
327	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
328	if (exists_ordered_lsm(lsm))
329	continue;
330	if (strcmp(lsm->name, chosen_major_lsm) == 0)
331	append_ordered_lsm(lsm, from: "security=");
332	}
333	}
334
335	/* LSM_ORDER_LAST is always last. */
336	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
337	if (lsm->order == LSM_ORDER_LAST)
338	append_ordered_lsm(lsm, from: " last");
339	}
340
341	/* Disable all LSMs not in the ordered list. */
342	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
343	if (exists_ordered_lsm(lsm))
344	continue;
345	set_enabled(lsm, enabled: false);
346	init_debug("%s skipped: %s (not in requested order)\n",
347	origin, lsm->name);
348	}
349
350	kfree(objp: sep);
351	}
352
353	static void __init lsm_early_cred(struct cred *cred);
354	static void __init lsm_early_task(struct task_struct *task);
355
356	static int lsm_append(const char *new, char **result);
357
358	static void __init report_lsm_order(void)
359	{
360	struct lsm_info **lsm, *early;
361	int first = 0;
362
363	pr_info("initializing lsm=");
364
365	/* Report each enabled LSM name, comma separated. */
366	for (early = __start_early_lsm_info;
367	early < __end_early_lsm_info; early++)
368	if (is_enabled(lsm: early))
369	pr_cont("%s%s", first++ == 0 ? "" : ",", early->name);
370	for (lsm = ordered_lsms; *lsm; lsm++)
371	if (is_enabled(lsm: *lsm))
372	pr_cont("%s%s", first++ == 0 ? "" : ",", (*lsm)->name);
373
374	pr_cont("\n");
375	}
376
377	static void __init ordered_lsm_init(void)
378	{
379	struct lsm_info **lsm;
380
381	ordered_lsms = kcalloc(LSM_COUNT + 1, size: sizeof(*ordered_lsms),
382	GFP_KERNEL);
383
384	if (chosen_lsm_order) {
385	if (chosen_major_lsm) {
386	pr_warn("security=%s is ignored because it is superseded by lsm=%s\n",
387	chosen_major_lsm, chosen_lsm_order);
388	chosen_major_lsm = NULL;
389	}
390	ordered_lsm_parse(order: chosen_lsm_order, origin: "cmdline");
391	} else
392	ordered_lsm_parse(order: builtin_lsm_order, origin: "builtin");
393
394	for (lsm = ordered_lsms; *lsm; lsm++)
395	prepare_lsm(lsm: *lsm);
396
397	report_lsm_order();
398
399	init_debug("cred blob size = %d\n", blob_sizes.lbs_cred);
400	init_debug("file blob size = %d\n", blob_sizes.lbs_file);
401	init_debug("inode blob size = %d\n", blob_sizes.lbs_inode);
402	init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc);
403	init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg);
404	init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock);
405	init_debug("task blob size = %d\n", blob_sizes.lbs_task);
406	init_debug("xattr slots = %d\n", blob_sizes.lbs_xattr_count);
407
408	/*
409	* Create any kmem_caches needed for blobs
410	*/
411	if (blob_sizes.lbs_file)
412	lsm_file_cache = kmem_cache_create(name: "lsm_file_cache",
413	size: blob_sizes.lbs_file, align: 0,
414	SLAB_PANIC, NULL);
415	if (blob_sizes.lbs_inode)
416	lsm_inode_cache = kmem_cache_create(name: "lsm_inode_cache",
417	size: blob_sizes.lbs_inode, align: 0,
418	SLAB_PANIC, NULL);
419
420	lsm_early_cred(cred: (struct cred *) current->cred);
421	lsm_early_task(current);
422	for (lsm = ordered_lsms; *lsm; lsm++)
423	initialize_lsm(lsm: *lsm);
424
425	kfree(objp: ordered_lsms);
426	}
427
428	int __init early_security_init(void)
429	{
430	struct lsm_info *lsm;
431
432	#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
433	INIT_HLIST_HEAD(&security_hook_heads.NAME);
434	#include "linux/lsm_hook_defs.h"
435	#undef LSM_HOOK
436
437	for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
438	if (!lsm->enabled)
439	lsm->enabled = &lsm_enabled_true;
440	prepare_lsm(lsm);
441	initialize_lsm(lsm);
442	}
443
444	return 0;
445	}
446
447	/**
448	* security_init - initializes the security framework
449	*
450	* This should be called early in the kernel initialization sequence.
451	*/
452	int __init security_init(void)
453	{
454	struct lsm_info *lsm;
455
456	init_debug("legacy security=%s\n", chosen_major_lsm ? : " *unspecified*");
457	init_debug(" CONFIG_LSM=%s\n", builtin_lsm_order);
458	init_debug("boot arg lsm=%s\n", chosen_lsm_order ? : " *unspecified*");
459
460	/*
461	* Append the names of the early LSM modules now that kmalloc() is
462	* available
463	*/
464	for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
465	init_debug(" early started: %s (%s)\n", lsm->name,
466	is_enabled(lsm) ? "enabled" : "disabled");
467	if (lsm->enabled)
468	lsm_append(new: lsm->name, result: &lsm_names);
469	}
470
471	/* Load LSMs in specified order. */
472	ordered_lsm_init();
473
474	return 0;
475	}
476
477	/* Save user chosen LSM */
478	static int __init choose_major_lsm(char *str)
479	{
480	chosen_major_lsm = str;
481	return 1;
482	}
483	__setup("security=", choose_major_lsm);
484
485	/* Explicitly choose LSM initialization order. */
486	static int __init choose_lsm_order(char *str)
487	{
488	chosen_lsm_order = str;
489	return 1;
490	}
491	__setup("lsm=", choose_lsm_order);
492
493	/* Enable LSM order debugging. */
494	static int __init enable_debug(char *str)
495	{
496	debug = true;
497	return 1;
498	}
499	__setup("lsm.debug", enable_debug);
500
501	static bool match_last_lsm(const char *list, const char *lsm)
502	{
503	const char *last;
504
505	if (WARN_ON(!list || !lsm))
506	return false;
507	last = strrchr(list, ',');
508	if (last)
509	/* Pass the comma, strcmp() will check for '\0' */
510	last++;
511	else
512	last = list;
513	return !strcmp(last, lsm);
514	}
515
516	static int lsm_append(const char *new, char **result)
517	{
518	char *cp;
519
520	if (*result == NULL) {
521	*result = kstrdup(s: new, GFP_KERNEL);
522	if (*result == NULL)
523	return -ENOMEM;
524	} else {
525	/* Check if it is the last registered name */
526	if (match_last_lsm(list: *result, lsm: new))
527	return 0;
528	cp = kasprintf(GFP_KERNEL, fmt: "%s,%s", *result, new);
529	if (cp == NULL)
530	return -ENOMEM;
531	kfree(objp: *result);
532	*result = cp;
533	}
534	return 0;
535	}
536
537	/**
538	* security_add_hooks - Add a modules hooks to the hook lists.
539	* @hooks: the hooks to add
540	* @count: the number of hooks to add
541	* @lsmid: the identification information for the security module
542	*
543	* Each LSM has to register its hooks with the infrastructure.
544	*/
545	void __init security_add_hooks(struct security_hook_list *hooks, int count,
546	const struct lsm_id *lsmid)
547	{
548	int i;
549
550	/*
551	* A security module may call security_add_hooks() more
552	* than once during initialization, and LSM initialization
553	* is serialized. Landlock is one such case.
554	* Look at the previous entry, if there is one, for duplication.
555	*/
556	if (lsm_active_cnt == 0 || lsm_idlist[lsm_active_cnt - 1] != lsmid) {
557	if (lsm_active_cnt >= LSM_CONFIG_COUNT)
558	panic(fmt: "%s Too many LSMs registered.\n", __func__);
559	lsm_idlist[lsm_active_cnt++] = lsmid;
560	}
561
562	for (i = 0; i < count; i++) {
563	hooks[i].lsmid = lsmid;
564	hlist_add_tail_rcu(n: &hooks[i].list, h: hooks[i].head);
565	}
566
567	/*
568	* Don't try to append during early_security_init(), we'll come back
569	* and fix this up afterwards.
570	*/
571	if (slab_is_available()) {
572	if (lsm_append(new: lsmid->name, result: &lsm_names) < 0)
573	panic(fmt: "%s - Cannot get early memory.\n", __func__);
574	}
575	}
576
577	int call_blocking_lsm_notifier(enum lsm_event event, void *data)
578	{
579	return blocking_notifier_call_chain(nh: &blocking_lsm_notifier_chain,
580	val: event, v: data);
581	}
582	EXPORT_SYMBOL(call_blocking_lsm_notifier);
583
584	int register_blocking_lsm_notifier(struct notifier_block *nb)
585	{
586	return blocking_notifier_chain_register(nh: &blocking_lsm_notifier_chain,
587	nb);
588	}
589	EXPORT_SYMBOL(register_blocking_lsm_notifier);
590
591	int unregister_blocking_lsm_notifier(struct notifier_block *nb)
592	{
593	return blocking_notifier_chain_unregister(nh: &blocking_lsm_notifier_chain,
594	nb);
595	}
596	EXPORT_SYMBOL(unregister_blocking_lsm_notifier);
597
598	/**
599	* lsm_cred_alloc - allocate a composite cred blob
600	* @cred: the cred that needs a blob
601	* @gfp: allocation type
602	*
603	* Allocate the cred blob for all the modules
604	*
605	* Returns 0, or -ENOMEM if memory can't be allocated.
606	*/
607	static int lsm_cred_alloc(struct cred *cred, gfp_t gfp)
608	{
609	if (blob_sizes.lbs_cred == 0) {
610	cred->security = NULL;
611	return 0;
612	}
613
614	cred->security = kzalloc(size: blob_sizes.lbs_cred, flags: gfp);
615	if (cred->security == NULL)
616	return -ENOMEM;
617	return 0;
618	}
619
620	/**
621	* lsm_early_cred - during initialization allocate a composite cred blob
622	* @cred: the cred that needs a blob
623	*
624	* Allocate the cred blob for all the modules
625	*/
626	static void __init lsm_early_cred(struct cred *cred)
627	{
628	int rc = lsm_cred_alloc(cred, GFP_KERNEL);
629
630	if (rc)
631	panic(fmt: "%s: Early cred alloc failed.\n", __func__);
632	}
633
634	/**
635	* lsm_file_alloc - allocate a composite file blob
636	* @file: the file that needs a blob
637	*
638	* Allocate the file blob for all the modules
639	*
640	* Returns 0, or -ENOMEM if memory can't be allocated.
641	*/
642	static int lsm_file_alloc(struct file *file)
643	{
644	if (!lsm_file_cache) {
645	file->f_security = NULL;
646	return 0;
647	}
648
649	file->f_security = kmem_cache_zalloc(k: lsm_file_cache, GFP_KERNEL);
650	if (file->f_security == NULL)
651	return -ENOMEM;
652	return 0;
653	}
654
655	/**
656	* lsm_inode_alloc - allocate a composite inode blob
657	* @inode: the inode that needs a blob
658	*
659	* Allocate the inode blob for all the modules
660	*
661	* Returns 0, or -ENOMEM if memory can't be allocated.
662	*/
663	int lsm_inode_alloc(struct inode *inode)
664	{
665	if (!lsm_inode_cache) {
666	inode->i_security = NULL;
667	return 0;
668	}
669
670	inode->i_security = kmem_cache_zalloc(k: lsm_inode_cache, GFP_NOFS);
671	if (inode->i_security == NULL)
672	return -ENOMEM;
673	return 0;
674	}
675
676	/**
677	* lsm_task_alloc - allocate a composite task blob
678	* @task: the task that needs a blob
679	*
680	* Allocate the task blob for all the modules
681	*
682	* Returns 0, or -ENOMEM if memory can't be allocated.
683	*/
684	static int lsm_task_alloc(struct task_struct *task)
685	{
686	if (blob_sizes.lbs_task == 0) {
687	task->security = NULL;
688	return 0;
689	}
690
691	task->security = kzalloc(size: blob_sizes.lbs_task, GFP_KERNEL);
692	if (task->security == NULL)
693	return -ENOMEM;
694	return 0;
695	}
696
697	/**
698	* lsm_ipc_alloc - allocate a composite ipc blob
699	* @kip: the ipc that needs a blob
700	*
701	* Allocate the ipc blob for all the modules
702	*
703	* Returns 0, or -ENOMEM if memory can't be allocated.
704	*/
705	static int lsm_ipc_alloc(struct kern_ipc_perm *kip)
706	{
707	if (blob_sizes.lbs_ipc == 0) {
708	kip->security = NULL;
709	return 0;
710	}
711
712	kip->security = kzalloc(size: blob_sizes.lbs_ipc, GFP_KERNEL);
713	if (kip->security == NULL)
714	return -ENOMEM;
715	return 0;
716	}
717
718	/**
719	* lsm_msg_msg_alloc - allocate a composite msg_msg blob
720	* @mp: the msg_msg that needs a blob
721	*
722	* Allocate the ipc blob for all the modules
723	*
724	* Returns 0, or -ENOMEM if memory can't be allocated.
725	*/
726	static int lsm_msg_msg_alloc(struct msg_msg *mp)
727	{
728	if (blob_sizes.lbs_msg_msg == 0) {
729	mp->security = NULL;
730	return 0;
731	}
732
733	mp->security = kzalloc(size: blob_sizes.lbs_msg_msg, GFP_KERNEL);
734	if (mp->security == NULL)
735	return -ENOMEM;
736	return 0;
737	}
738
739	/**
740	* lsm_early_task - during initialization allocate a composite task blob
741	* @task: the task that needs a blob
742	*
743	* Allocate the task blob for all the modules
744	*/
745	static void __init lsm_early_task(struct task_struct *task)
746	{
747	int rc = lsm_task_alloc(task);
748
749	if (rc)
750	panic(fmt: "%s: Early task alloc failed.\n", __func__);
751	}
752
753	/**
754	* lsm_superblock_alloc - allocate a composite superblock blob
755	* @sb: the superblock that needs a blob
756	*
757	* Allocate the superblock blob for all the modules
758	*
759	* Returns 0, or -ENOMEM if memory can't be allocated.
760	*/
761	static int lsm_superblock_alloc(struct super_block *sb)
762	{
763	if (blob_sizes.lbs_superblock == 0) {
764	sb->s_security = NULL;
765	return 0;
766	}
767
768	sb->s_security = kzalloc(size: blob_sizes.lbs_superblock, GFP_KERNEL);
769	if (sb->s_security == NULL)
770	return -ENOMEM;
771	return 0;
772	}
773
774	/**
775	* lsm_fill_user_ctx - Fill a user space lsm_ctx structure
776	* @uctx: a userspace LSM context to be filled
777	* @uctx_len: available uctx size (input), used uctx size (output)
778	* @val: the new LSM context value
779	* @val_len: the size of the new LSM context value
780	* @id: LSM id
781	* @flags: LSM defined flags
782	*
783	* Fill all of the fields in a userspace lsm_ctx structure. If @uctx is NULL
784	* simply calculate the required size to output via @utc_len and return
785	* success.
786	*
787	* Returns 0 on success, -E2BIG if userspace buffer is not large enough,
788	* -EFAULT on a copyout error, -ENOMEM if memory can't be allocated.
789	*/
790	int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, u32 *uctx_len,
791	void *val, size_t val_len,
792	u64 id, u64 flags)
793	{
794	struct lsm_ctx *nctx = NULL;
795	size_t nctx_len;
796	int rc = 0;
797
798	nctx_len = ALIGN(struct_size(nctx, ctx, val_len), sizeof(void *));
799	if (nctx_len > *uctx_len) {
800	rc = -E2BIG;
801	goto out;
802	}
803
804	/* no buffer - return success/0 and set @uctx_len to the req size */
805	if (!uctx)
806	goto out;
807
808	nctx = kzalloc(size: nctx_len, GFP_KERNEL);
809	if (nctx == NULL) {
810	rc = -ENOMEM;
811	goto out;
812	}
813	nctx->id = id;
814	nctx->flags = flags;
815	nctx->len = nctx_len;
816	nctx->ctx_len = val_len;
817	memcpy(nctx->ctx, val, val_len);
818
819	if (copy_to_user(to: uctx, from: nctx, n: nctx_len))
820	rc = -EFAULT;
821
822	out:
823	kfree(objp: nctx);
824	*uctx_len = nctx_len;
825	return rc;
826	}
827
828	/*
829	* The default value of the LSM hook is defined in linux/lsm_hook_defs.h and
830	* can be accessed with:
831	*
832	* LSM_RET_DEFAULT(<hook_name>)
833	*
834	* The macros below define static constants for the default value of each
835	* LSM hook.
836	*/
837	#define LSM_RET_DEFAULT(NAME) (NAME##_default)
838	#define DECLARE_LSM_RET_DEFAULT_void(DEFAULT, NAME)
839	#define DECLARE_LSM_RET_DEFAULT_int(DEFAULT, NAME) \
840	static const int __maybe_unused LSM_RET_DEFAULT(NAME) = (DEFAULT);
841	#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
842	DECLARE_LSM_RET_DEFAULT_##RET(DEFAULT, NAME)
843
844	#include <linux/lsm_hook_defs.h>
845	#undef LSM_HOOK
846
847	/*
848	* Hook list operation macros.
849	*
850	* call_void_hook:
851	* This is a hook that does not return a value.
852	*
853	* call_int_hook:
854	* This is a hook that returns a value.
855	*/
856
857	#define call_void_hook(FUNC, ...) \
858	do { \
859	struct security_hook_list *P; \
860	\
861	hlist_for_each_entry(P, &security_hook_heads.FUNC, list) \
862	P->hook.FUNC(__VA_ARGS__); \
863	} while (0)
864
865	#define call_int_hook(FUNC, ...) ({ \
866	int RC = LSM_RET_DEFAULT(FUNC); \
867	do { \
868	struct security_hook_list *P; \
869	\
870	hlist_for_each_entry(P, &security_hook_heads.FUNC, list) { \
871	RC = P->hook.FUNC(__VA_ARGS__); \
872	if (RC != LSM_RET_DEFAULT(FUNC)) \
873	break; \
874	} \
875	} while (0); \
876	RC; \
877	})
878
879	/* Security operations */
880
881	/**
882	* security_binder_set_context_mgr() - Check if becoming binder ctx mgr is ok
883	* @mgr: task credentials of current binder process
884	*
885	* Check whether @mgr is allowed to be the binder context manager.
886	*
887	* Return: Return 0 if permission is granted.
888	*/
889	int security_binder_set_context_mgr(const struct cred *mgr)
890	{
891	return call_int_hook(binder_set_context_mgr, mgr);
892	}
893
894	/**
895	* security_binder_transaction() - Check if a binder transaction is allowed
896	* @from: sending process
897	* @to: receiving process
898	*
899	* Check whether @from is allowed to invoke a binder transaction call to @to.
900	*
901	* Return: Returns 0 if permission is granted.
902	*/
903	int security_binder_transaction(const struct cred *from,
904	const struct cred *to)
905	{
906	return call_int_hook(binder_transaction, from, to);
907	}
908
909	/**
910	* security_binder_transfer_binder() - Check if a binder transfer is allowed
911	* @from: sending process
912	* @to: receiving process
913	*
914	* Check whether @from is allowed to transfer a binder reference to @to.
915	*
916	* Return: Returns 0 if permission is granted.
917	*/
918	int security_binder_transfer_binder(const struct cred *from,
919	const struct cred *to)
920	{
921	return call_int_hook(binder_transfer_binder, from, to);
922	}
923
924	/**
925	* security_binder_transfer_file() - Check if a binder file xfer is allowed
926	* @from: sending process
927	* @to: receiving process
928	* @file: file being transferred
929	*
930	* Check whether @from is allowed to transfer @file to @to.
931	*
932	* Return: Returns 0 if permission is granted.
933	*/
934	int security_binder_transfer_file(const struct cred *from,
935	const struct cred *to, const struct file *file)
936	{
937	return call_int_hook(binder_transfer_file, from, to, file);
938	}
939
940	/**
941	* security_ptrace_access_check() - Check if tracing is allowed
942	* @child: target process
943	* @mode: PTRACE_MODE flags
944	*
945	* Check permission before allowing the current process to trace the @child
946	* process. Security modules may also want to perform a process tracing check
947	* during an execve in the set_security or apply_creds hooks of tracing check
948	* during an execve in the bprm_set_creds hook of binprm_security_ops if the
949	* process is being traced and its security attributes would be changed by the
950	* execve.
951	*
952	* Return: Returns 0 if permission is granted.
953	*/
954	int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
955	{
956	return call_int_hook(ptrace_access_check, child, mode);
957	}
958
959	/**
960	* security_ptrace_traceme() - Check if tracing is allowed
961	* @parent: tracing process
962	*
963	* Check that the @parent process has sufficient permission to trace the
964	* current process before allowing the current process to present itself to the
965	* @parent process for tracing.
966	*
967	* Return: Returns 0 if permission is granted.
968	*/
969	int security_ptrace_traceme(struct task_struct *parent)
970	{
971	return call_int_hook(ptrace_traceme, parent);
972	}
973
974	/**
975	* security_capget() - Get the capability sets for a process
976	* @target: target process
977	* @effective: effective capability set
978	* @inheritable: inheritable capability set
979	* @permitted: permitted capability set
980	*
981	* Get the @effective, @inheritable, and @permitted capability sets for the
982	* @target process. The hook may also perform permission checking to determine
983	* if the current process is allowed to see the capability sets of the @target
984	* process.
985	*
986	* Return: Returns 0 if the capability sets were successfully obtained.
987	*/
988	int security_capget(const struct task_struct *target,
989	kernel_cap_t *effective,
990	kernel_cap_t *inheritable,
991	kernel_cap_t *permitted)
992	{
993	return call_int_hook(capget, target, effective, inheritable, permitted);
994	}
995
996	/**
997	* security_capset() - Set the capability sets for a process
998	* @new: new credentials for the target process
999	* @old: current credentials of the target process
1000	* @effective: effective capability set
1001	* @inheritable: inheritable capability set
1002	* @permitted: permitted capability set
1003	*
1004	* Set the @effective, @inheritable, and @permitted capability sets for the
1005	* current process.
1006	*
1007	* Return: Returns 0 and update @new if permission is granted.
1008	*/
1009	int security_capset(struct cred *new, const struct cred *old,
1010	const kernel_cap_t *effective,
1011	const kernel_cap_t *inheritable,
1012	const kernel_cap_t *permitted)
1013	{
1014	return call_int_hook(capset, new, old, effective, inheritable,
1015	permitted);
1016	}
1017
1018	/**
1019	* security_capable() - Check if a process has the necessary capability
1020	* @cred: credentials to examine
1021	* @ns: user namespace
1022	* @cap: capability requested
1023	* @opts: capability check options
1024	*
1025	* Check whether the @tsk process has the @cap capability in the indicated
1026	* credentials. @cap contains the capability <include/linux/capability.h>.
1027	* @opts contains options for the capable check <include/linux/security.h>.
1028	*
1029	* Return: Returns 0 if the capability is granted.
1030	*/
1031	int security_capable(const struct cred *cred,
1032	struct user_namespace *ns,
1033	int cap,
1034	unsigned int opts)
1035	{
1036	return call_int_hook(capable, cred, ns, cap, opts);
1037	}
1038
1039	/**
1040	* security_quotactl() - Check if a quotactl() syscall is allowed for this fs
1041	* @cmds: commands
1042	* @type: type
1043	* @id: id
1044	* @sb: filesystem
1045	*
1046	* Check whether the quotactl syscall is allowed for this @sb.
1047	*
1048	* Return: Returns 0 if permission is granted.
1049	*/
1050	int security_quotactl(int cmds, int type, int id, const struct super_block *sb)
1051	{
1052	return call_int_hook(quotactl, cmds, type, id, sb);
1053	}
1054
1055	/**
1056	* security_quota_on() - Check if QUOTAON is allowed for a dentry
1057	* @dentry: dentry
1058	*
1059	* Check whether QUOTAON is allowed for @dentry.
1060	*
1061	* Return: Returns 0 if permission is granted.
1062	*/
1063	int security_quota_on(struct dentry *dentry)
1064	{
1065	return call_int_hook(quota_on, dentry);
1066	}
1067
1068	/**
1069	* security_syslog() - Check if accessing the kernel message ring is allowed
1070	* @type: SYSLOG_ACTION_* type
1071	*
1072	* Check permission before accessing the kernel message ring or changing
1073	* logging to the console. See the syslog(2) manual page for an explanation of
1074	* the @type values.
1075	*
1076	* Return: Return 0 if permission is granted.
1077	*/
1078	int security_syslog(int type)
1079	{
1080	return call_int_hook(syslog, type);
1081	}
1082
1083	/**
1084	* security_settime64() - Check if changing the system time is allowed
1085	* @ts: new time
1086	* @tz: timezone
1087	*
1088	* Check permission to change the system time, struct timespec64 is defined in
1089	* <include/linux/time64.h> and timezone is defined in <include/linux/time.h>.
1090	*
1091	* Return: Returns 0 if permission is granted.
1092	*/
1093	int security_settime64(const struct timespec64 *ts, const struct timezone *tz)
1094	{
1095	return call_int_hook(settime, ts, tz);
1096	}
1097
1098	/**
1099	* security_vm_enough_memory_mm() - Check if allocating a new mem map is allowed
1100	* @mm: mm struct
1101	* @pages: number of pages
1102	*
1103	* Check permissions for allocating a new virtual mapping. If all LSMs return
1104	* a positive value, __vm_enough_memory() will be called with cap_sys_admin
1105	* set. If at least one LSM returns 0 or negative, __vm_enough_memory() will be
1106	* called with cap_sys_admin cleared.
1107	*
1108	* Return: Returns 0 if permission is granted by the LSM infrastructure to the
1109	* caller.
1110	*/
1111	int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
1112	{
1113	struct security_hook_list *hp;
1114	int cap_sys_admin = 1;
1115	int rc;
1116
1117	/*
1118	* The module will respond with a positive value if
1119	* it thinks the __vm_enough_memory() call should be
1120	* made with the cap_sys_admin set. If all of the modules
1121	* agree that it should be set it will. If any module
1122	* thinks it should not be set it won't.
1123	*/
1124	hlist_for_each_entry(hp, &security_hook_heads.vm_enough_memory, list) {
1125	rc = hp->hook.vm_enough_memory(mm, pages);
1126	if (rc <= 0) {
1127	cap_sys_admin = 0;
1128	break;
1129	}
1130	}
1131	return __vm_enough_memory(mm, pages, cap_sys_admin);
1132	}
1133
1134	/**
1135	* security_bprm_creds_for_exec() - Prepare the credentials for exec()
1136	* @bprm: binary program information
1137	*
1138	* If the setup in prepare_exec_creds did not setup @bprm->cred->security
1139	* properly for executing @bprm->file, update the LSM's portion of
1140	* @bprm->cred->security to be what commit_creds needs to install for the new
1141	* program. This hook may also optionally check permissions (e.g. for
1142	* transitions between security domains). The hook must set @bprm->secureexec
1143	* to 1 if AT_SECURE should be set to request libc enable secure mode. @bprm
1144	* contains the linux_binprm structure.
1145	*
1146	* Return: Returns 0 if the hook is successful and permission is granted.
1147	*/
1148	int security_bprm_creds_for_exec(struct linux_binprm *bprm)
1149	{
1150	return call_int_hook(bprm_creds_for_exec, bprm);
1151	}
1152
1153	/**
1154	* security_bprm_creds_from_file() - Update linux_binprm creds based on file
1155	* @bprm: binary program information
1156	* @file: associated file
1157	*
1158	* If @file is setpcap, suid, sgid or otherwise marked to change privilege upon
1159	* exec, update @bprm->cred to reflect that change. This is called after
1160	* finding the binary that will be executed without an interpreter. This
1161	* ensures that the credentials will not be derived from a script that the
1162	* binary will need to reopen, which when reopend may end up being a completely
1163	* different file. This hook may also optionally check permissions (e.g. for
1164	* transitions between security domains). The hook must set @bprm->secureexec
1165	* to 1 if AT_SECURE should be set to request libc enable secure mode. The
1166	* hook must add to @bprm->per_clear any personality flags that should be
1167	* cleared from current->personality. @bprm contains the linux_binprm
1168	* structure.
1169	*
1170	* Return: Returns 0 if the hook is successful and permission is granted.
1171	*/
1172	int security_bprm_creds_from_file(struct linux_binprm *bprm, const struct file *file)
1173	{
1174	return call_int_hook(bprm_creds_from_file, bprm, file);
1175	}
1176
1177	/**
1178	* security_bprm_check() - Mediate binary handler search
1179	* @bprm: binary program information
1180	*
1181	* This hook mediates the point when a search for a binary handler will begin.
1182	* It allows a check against the @bprm->cred->security value which was set in
1183	* the preceding creds_for_exec call. The argv list and envp list are reliably
1184	* available in @bprm. This hook may be called multiple times during a single
1185	* execve. @bprm contains the linux_binprm structure.
1186	*
1187	* Return: Returns 0 if the hook is successful and permission is granted.
1188	*/
1189	int security_bprm_check(struct linux_binprm *bprm)
1190	{
1191	return call_int_hook(bprm_check_security, bprm);
1192	}
1193
1194	/**
1195	* security_bprm_committing_creds() - Install creds for a process during exec()
1196	* @bprm: binary program information
1197	*
1198	* Prepare to install the new security attributes of a process being
1199	* transformed by an execve operation, based on the old credentials pointed to
1200	* by @current->cred and the information set in @bprm->cred by the
1201	* bprm_creds_for_exec hook. @bprm points to the linux_binprm structure. This
1202	* hook is a good place to perform state changes on the process such as closing
1203	* open file descriptors to which access will no longer be granted when the
1204	* attributes are changed. This is called immediately before commit_creds().
1205	*/
1206	void security_bprm_committing_creds(const struct linux_binprm *bprm)
1207	{
1208	call_void_hook(bprm_committing_creds, bprm);
1209	}
1210
1211	/**
1212	* security_bprm_committed_creds() - Tidy up after cred install during exec()
1213	* @bprm: binary program information
1214	*
1215	* Tidy up after the installation of the new security attributes of a process
1216	* being transformed by an execve operation. The new credentials have, by this
1217	* point, been set to @current->cred. @bprm points to the linux_binprm
1218	* structure. This hook is a good place to perform state changes on the
1219	* process such as clearing out non-inheritable signal state. This is called
1220	* immediately after commit_creds().
1221	*/
1222	void security_bprm_committed_creds(const struct linux_binprm *bprm)
1223	{
1224	call_void_hook(bprm_committed_creds, bprm);
1225	}
1226
1227	/**
1228	* security_fs_context_submount() - Initialise fc->security
1229	* @fc: new filesystem context
1230	* @reference: dentry reference for submount/remount
1231	*
1232	* Fill out the ->security field for a new fs_context.
1233	*
1234	* Return: Returns 0 on success or negative error code on failure.
1235	*/
1236	int security_fs_context_submount(struct fs_context *fc, struct super_block *reference)
1237	{
1238	return call_int_hook(fs_context_submount, fc, reference);
1239	}
1240
1241	/**
1242	* security_fs_context_dup() - Duplicate a fs_context LSM blob
1243	* @fc: destination filesystem context
1244	* @src_fc: source filesystem context
1245	*
1246	* Allocate and attach a security structure to sc->security. This pointer is
1247	* initialised to NULL by the caller. @fc indicates the new filesystem context.
1248	* @src_fc indicates the original filesystem context.
1249	*
1250	* Return: Returns 0 on success or a negative error code on failure.
1251	*/
1252	int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc)
1253	{
1254	return call_int_hook(fs_context_dup, fc, src_fc);
1255	}
1256
1257	/**
1258	* security_fs_context_parse_param() - Configure a filesystem context
1259	* @fc: filesystem context
1260	* @param: filesystem parameter
1261	*
1262	* Userspace provided a parameter to configure a superblock. The LSM can
1263	* consume the parameter or return it to the caller for use elsewhere.
1264	*
1265	* Return: If the parameter is used by the LSM it should return 0, if it is
1266	* returned to the caller -ENOPARAM is returned, otherwise a negative
1267	* error code is returned.
1268	*/
1269	int security_fs_context_parse_param(struct fs_context *fc,
1270	struct fs_parameter *param)
1271	{
1272	struct security_hook_list *hp;
1273	int trc;
1274	int rc = -ENOPARAM;
1275
1276	hlist_for_each_entry(hp, &security_hook_heads.fs_context_parse_param,
1277	list) {
1278	trc = hp->hook.fs_context_parse_param(fc, param);
1279	if (trc == 0)
1280	rc = 0;
1281	else if (trc != -ENOPARAM)
1282	return trc;
1283	}
1284	return rc;
1285	}
1286
1287	/**
1288	* security_sb_alloc() - Allocate a super_block LSM blob
1289	* @sb: filesystem superblock
1290	*
1291	* Allocate and attach a security structure to the sb->s_security field. The
1292	* s_security field is initialized to NULL when the structure is allocated.
1293	* @sb contains the super_block structure to be modified.
1294	*
1295	* Return: Returns 0 if operation was successful.
1296	*/
1297	int security_sb_alloc(struct super_block *sb)
1298	{
1299	int rc = lsm_superblock_alloc(sb);
1300
1301	if (unlikely(rc))
1302	return rc;
1303	rc = call_int_hook(sb_alloc_security, sb);
1304	if (unlikely(rc))
1305	security_sb_free(sb);
1306	return rc;
1307	}
1308
1309	/**
1310	* security_sb_delete() - Release super_block LSM associated objects
1311	* @sb: filesystem superblock
1312	*
1313	* Release objects tied to a superblock (e.g. inodes). @sb contains the
1314	* super_block structure being released.
1315	*/
1316	void security_sb_delete(struct super_block *sb)
1317	{
1318	call_void_hook(sb_delete, sb);
1319	}
1320
1321	/**
1322	* security_sb_free() - Free a super_block LSM blob
1323	* @sb: filesystem superblock
1324	*
1325	* Deallocate and clear the sb->s_security field. @sb contains the super_block
1326	* structure to be modified.
1327	*/
1328	void security_sb_free(struct super_block *sb)
1329	{
1330	call_void_hook(sb_free_security, sb);
1331	kfree(objp: sb->s_security);
1332	sb->s_security = NULL;
1333	}
1334
1335	/**
1336	* security_free_mnt_opts() - Free memory associated with mount options
1337	* @mnt_opts: LSM processed mount options
1338	*
1339	* Free memory associated with @mnt_ops.
1340	*/
1341	void security_free_mnt_opts(void **mnt_opts)
1342	{
1343	if (!*mnt_opts)
1344	return;
1345	call_void_hook(sb_free_mnt_opts, *mnt_opts);
1346	*mnt_opts = NULL;
1347	}
1348	EXPORT_SYMBOL(security_free_mnt_opts);
1349
1350	/**
1351	* security_sb_eat_lsm_opts() - Consume LSM mount options
1352	* @options: mount options
1353	* @mnt_opts: LSM processed mount options
1354	*
1355	* Eat (scan @options) and save them in @mnt_opts.
1356	*
1357	* Return: Returns 0 on success, negative values on failure.
1358	*/
1359	int security_sb_eat_lsm_opts(char *options, void **mnt_opts)
1360	{
1361	return call_int_hook(sb_eat_lsm_opts, options, mnt_opts);
1362	}
1363	EXPORT_SYMBOL(security_sb_eat_lsm_opts);
1364
1365	/**
1366	* security_sb_mnt_opts_compat() - Check if new mount options are allowed
1367	* @sb: filesystem superblock
1368	* @mnt_opts: new mount options
1369	*
1370	* Determine if the new mount options in @mnt_opts are allowed given the
1371	* existing mounted filesystem at @sb. @sb superblock being compared.
1372	*
1373	* Return: Returns 0 if options are compatible.
1374	*/
1375	int security_sb_mnt_opts_compat(struct super_block *sb,
1376	void *mnt_opts)
1377	{
1378	return call_int_hook(sb_mnt_opts_compat, sb, mnt_opts);
1379	}
1380	EXPORT_SYMBOL(security_sb_mnt_opts_compat);
1381
1382	/**
1383	* security_sb_remount() - Verify no incompatible mount changes during remount
1384	* @sb: filesystem superblock
1385	* @mnt_opts: (re)mount options
1386	*
1387	* Extracts security system specific mount options and verifies no changes are
1388	* being made to those options.
1389	*
1390	* Return: Returns 0 if permission is granted.
1391	*/
1392	int security_sb_remount(struct super_block *sb,
1393	void *mnt_opts)
1394	{
1395	return call_int_hook(sb_remount, sb, mnt_opts);
1396	}
1397	EXPORT_SYMBOL(security_sb_remount);
1398
1399	/**
1400	* security_sb_kern_mount() - Check if a kernel mount is allowed
1401	* @sb: filesystem superblock
1402	*
1403	* Mount this @sb if allowed by permissions.
1404	*
1405	* Return: Returns 0 if permission is granted.
1406	*/
1407	int security_sb_kern_mount(const struct super_block *sb)
1408	{
1409	return call_int_hook(sb_kern_mount, sb);
1410	}
1411
1412	/**
1413	* security_sb_show_options() - Output the mount options for a superblock
1414	* @m: output file
1415	* @sb: filesystem superblock
1416	*
1417	* Show (print on @m) mount options for this @sb.
1418	*
1419	* Return: Returns 0 on success, negative values on failure.
1420	*/
1421	int security_sb_show_options(struct seq_file *m, struct super_block *sb)
1422	{
1423	return call_int_hook(sb_show_options, m, sb);
1424	}
1425
1426	/**
1427	* security_sb_statfs() - Check if accessing fs stats is allowed
1428	* @dentry: superblock handle
1429	*
1430	* Check permission before obtaining filesystem statistics for the @mnt
1431	* mountpoint. @dentry is a handle on the superblock for the filesystem.
1432	*
1433	* Return: Returns 0 if permission is granted.
1434	*/
1435	int security_sb_statfs(struct dentry *dentry)
1436	{
1437	return call_int_hook(sb_statfs, dentry);
1438	}
1439
1440	/**
1441	* security_sb_mount() - Check permission for mounting a filesystem
1442	* @dev_name: filesystem backing device
1443	* @path: mount point
1444	* @type: filesystem type
1445	* @flags: mount flags
1446	* @data: filesystem specific data
1447	*
1448	* Check permission before an object specified by @dev_name is mounted on the
1449	* mount point named by @nd. For an ordinary mount, @dev_name identifies a
1450	* device if the file system type requires a device. For a remount
1451	* (@flags & MS_REMOUNT), @dev_name is irrelevant. For a loopback/bind mount
1452	* (@flags & MS_BIND), @dev_name identifies the pathname of the object being
1453	* mounted.
1454	*
1455	* Return: Returns 0 if permission is granted.
1456	*/
1457	int security_sb_mount(const char *dev_name, const struct path *path,
1458	const char *type, unsigned long flags, void *data)
1459	{
1460	return call_int_hook(sb_mount, dev_name, path, type, flags, data);
1461	}
1462
1463	/**
1464	* security_sb_umount() - Check permission for unmounting a filesystem
1465	* @mnt: mounted filesystem
1466	* @flags: unmount flags
1467	*
1468	* Check permission before the @mnt file system is unmounted.
1469	*
1470	* Return: Returns 0 if permission is granted.
1471	*/
1472	int security_sb_umount(struct vfsmount *mnt, int flags)
1473	{
1474	return call_int_hook(sb_umount, mnt, flags);
1475	}
1476
1477	/**
1478	* security_sb_pivotroot() - Check permissions for pivoting the rootfs
1479	* @old_path: new location for current rootfs
1480	* @new_path: location of the new rootfs
1481	*
1482	* Check permission before pivoting the root filesystem.
1483	*
1484	* Return: Returns 0 if permission is granted.
1485	*/
1486	int security_sb_pivotroot(const struct path *old_path,
1487	const struct path *new_path)
1488	{
1489	return call_int_hook(sb_pivotroot, old_path, new_path);
1490	}
1491
1492	/**
1493	* security_sb_set_mnt_opts() - Set the mount options for a filesystem
1494	* @sb: filesystem superblock
1495	* @mnt_opts: binary mount options
1496	* @kern_flags: kernel flags (in)
1497	* @set_kern_flags: kernel flags (out)
1498	*
1499	* Set the security relevant mount options used for a superblock.
1500	*
1501	* Return: Returns 0 on success, error on failure.
1502	*/
1503	int security_sb_set_mnt_opts(struct super_block *sb,
1504	void *mnt_opts,
1505	unsigned long kern_flags,
1506	unsigned long *set_kern_flags)
1507	{
1508	struct security_hook_list *hp;
1509	int rc = mnt_opts ? -EOPNOTSUPP : LSM_RET_DEFAULT(sb_set_mnt_opts);
1510
1511	hlist_for_each_entry(hp, &security_hook_heads.sb_set_mnt_opts,
1512	list) {
1513	rc = hp->hook.sb_set_mnt_opts(sb, mnt_opts, kern_flags,
1514	set_kern_flags);
1515	if (rc != LSM_RET_DEFAULT(sb_set_mnt_opts))
1516	break;
1517	}
1518	return rc;
1519	}
1520	EXPORT_SYMBOL(security_sb_set_mnt_opts);
1521
1522	/**
1523	* security_sb_clone_mnt_opts() - Duplicate superblock mount options
1524	* @oldsb: source superblock
1525	* @newsb: destination superblock
1526	* @kern_flags: kernel flags (in)
1527	* @set_kern_flags: kernel flags (out)
1528	*
1529	* Copy all security options from a given superblock to another.
1530	*
1531	* Return: Returns 0 on success, error on failure.
1532	*/
1533	int security_sb_clone_mnt_opts(const struct super_block *oldsb,
1534	struct super_block *newsb,
1535	unsigned long kern_flags,
1536	unsigned long *set_kern_flags)
1537	{
1538	return call_int_hook(sb_clone_mnt_opts, oldsb, newsb,
1539	kern_flags, set_kern_flags);
1540	}
1541	EXPORT_SYMBOL(security_sb_clone_mnt_opts);
1542
1543	/**
1544	* security_move_mount() - Check permissions for moving a mount
1545	* @from_path: source mount point
1546	* @to_path: destination mount point
1547	*
1548	* Check permission before a mount is moved.
1549	*
1550	* Return: Returns 0 if permission is granted.
1551	*/
1552	int security_move_mount(const struct path *from_path,
1553	const struct path *to_path)
1554	{
1555	return call_int_hook(move_mount, from_path, to_path);
1556	}
1557
1558	/**
1559	* security_path_notify() - Check if setting a watch is allowed
1560	* @path: file path
1561	* @mask: event mask
1562	* @obj_type: file path type
1563	*
1564	* Check permissions before setting a watch on events as defined by @mask, on
1565	* an object at @path, whose type is defined by @obj_type.
1566	*
1567	* Return: Returns 0 if permission is granted.
1568	*/
1569	int security_path_notify(const struct path *path, u64 mask,
1570	unsigned int obj_type)
1571	{
1572	return call_int_hook(path_notify, path, mask, obj_type);
1573	}
1574
1575	/**
1576	* security_inode_alloc() - Allocate an inode LSM blob
1577	* @inode: the inode
1578	*
1579	* Allocate and attach a security structure to @inode->i_security. The
1580	* i_security field is initialized to NULL when the inode structure is
1581	* allocated.
1582	*
1583	* Return: Return 0 if operation was successful.
1584	*/
1585	int security_inode_alloc(struct inode *inode)
1586	{
1587	int rc = lsm_inode_alloc(inode);
1588
1589	if (unlikely(rc))
1590	return rc;
1591	rc = call_int_hook(inode_alloc_security, inode);
1592	if (unlikely(rc))
1593	security_inode_free(inode);
1594	return rc;
1595	}
1596
1597	static void inode_free_by_rcu(struct rcu_head *head)
1598	{
1599	/*
1600	* The rcu head is at the start of the inode blob
1601	*/
1602	kmem_cache_free(s: lsm_inode_cache, objp: head);
1603	}
1604
1605	/**
1606	* security_inode_free() - Free an inode's LSM blob
1607	* @inode: the inode
1608	*
1609	* Deallocate the inode security structure and set @inode->i_security to NULL.
1610	*/
1611	void security_inode_free(struct inode *inode)
1612	{
1613	call_void_hook(inode_free_security, inode);
1614	/*
1615	* The inode may still be referenced in a path walk and
1616	* a call to security_inode_permission() can be made
1617	* after inode_free_security() is called. Ideally, the VFS
1618	* wouldn't do this, but fixing that is a much harder
1619	* job. For now, simply free the i_security via RCU, and
1620	* leave the current inode->i_security pointer intact.
1621	* The inode will be freed after the RCU grace period too.
1622	*/
1623	if (inode->i_security)
1624	call_rcu(head: (struct rcu_head *)inode->i_security,
1625	func: inode_free_by_rcu);
1626	}
1627
1628	/**
1629	* security_dentry_init_security() - Perform dentry initialization
1630	* @dentry: the dentry to initialize
1631	* @mode: mode used to determine resource type
1632	* @name: name of the last path component
1633	* @xattr_name: name of the security/LSM xattr
1634	* @ctx: pointer to the resulting LSM context
1635	* @ctxlen: length of @ctx
1636	*
1637	* Compute a context for a dentry as the inode is not yet available since NFSv4
1638	* has no label backed by an EA anyway. It is important to note that
1639	* @xattr_name does not need to be free'd by the caller, it is a static string.
1640	*
1641	* Return: Returns 0 on success, negative values on failure.
1642	*/
1643	int security_dentry_init_security(struct dentry *dentry, int mode,
1644	const struct qstr *name,
1645	const char **xattr_name, void **ctx,
1646	u32 *ctxlen)
1647	{
1648	return call_int_hook(dentry_init_security, dentry, mode, name,
1649	xattr_name, ctx, ctxlen);
1650	}
1651	EXPORT_SYMBOL(security_dentry_init_security);
1652
1653	/**
1654	* security_dentry_create_files_as() - Perform dentry initialization
1655	* @dentry: the dentry to initialize
1656	* @mode: mode used to determine resource type
1657	* @name: name of the last path component
1658	* @old: creds to use for LSM context calculations
1659	* @new: creds to modify
1660	*
1661	* Compute a context for a dentry as the inode is not yet available and set
1662	* that context in passed in creds so that new files are created using that
1663	* context. Context is calculated using the passed in creds and not the creds
1664	* of the caller.
1665	*
1666	* Return: Returns 0 on success, error on failure.
1667	*/
1668	int security_dentry_create_files_as(struct dentry *dentry, int mode,
1669	struct qstr *name,
1670	const struct cred *old, struct cred *new)
1671	{
1672	return call_int_hook(dentry_create_files_as, dentry, mode,
1673	name, old, new);
1674	}
1675	EXPORT_SYMBOL(security_dentry_create_files_as);
1676
1677	/**
1678	* security_inode_init_security() - Initialize an inode's LSM context
1679	* @inode: the inode
1680	* @dir: parent directory
1681	* @qstr: last component of the pathname
1682	* @initxattrs: callback function to write xattrs
1683	* @fs_data: filesystem specific data
1684	*
1685	* Obtain the security attribute name suffix and value to set on a newly
1686	* created inode and set up the incore security field for the new inode. This
1687	* hook is called by the fs code as part of the inode creation transaction and
1688	* provides for atomic labeling of the inode, unlike the post_create/mkdir/...
1689	* hooks called by the VFS.
1690	*
1691	* The hook function is expected to populate the xattrs array, by calling
1692	* lsm_get_xattr_slot() to retrieve the slots reserved by the security module
1693	* with the lbs_xattr_count field of the lsm_blob_sizes structure. For each
1694	* slot, the hook function should set ->name to the attribute name suffix
1695	* (e.g. selinux), to allocate ->value (will be freed by the caller) and set it
1696	* to the attribute value, to set ->value_len to the length of the value. If
1697	* the security module does not use security attributes or does not wish to put
1698	* a security attribute on this particular inode, then it should return
1699	* -EOPNOTSUPP to skip this processing.
1700	*
1701	* Return: Returns 0 if the LSM successfully initialized all of the inode
1702	* security attributes that are required, negative values otherwise.
1703	*/
1704	int security_inode_init_security(struct inode *inode, struct inode *dir,
1705	const struct qstr *qstr,
1706	const initxattrs initxattrs, void *fs_data)
1707	{
1708	struct security_hook_list *hp;
1709	struct xattr *new_xattrs = NULL;
1710	int ret = -EOPNOTSUPP, xattr_count = 0;
1711
1712	if (unlikely(IS_PRIVATE(inode)))
1713	return 0;
1714
1715	if (!blob_sizes.lbs_xattr_count)
1716	return 0;
1717
1718	if (initxattrs) {
1719	/* Allocate +1 as terminator. */
1720	new_xattrs = kcalloc(n: blob_sizes.lbs_xattr_count + 1,
1721	size: sizeof(*new_xattrs), GFP_NOFS);
1722	if (!new_xattrs)
1723	return -ENOMEM;
1724	}
1725
1726	hlist_for_each_entry(hp, &security_hook_heads.inode_init_security,
1727	list) {
1728	ret = hp->hook.inode_init_security(inode, dir, qstr, new_xattrs,
1729	&xattr_count);
1730	if (ret && ret != -EOPNOTSUPP)
1731	goto out;
1732	/*
1733	* As documented in lsm_hooks.h, -EOPNOTSUPP in this context
1734	* means that the LSM is not willing to provide an xattr, not
1735	* that it wants to signal an error. Thus, continue to invoke
1736	* the remaining LSMs.
1737	*/
1738	}
1739
1740	/* If initxattrs() is NULL, xattr_count is zero, skip the call. */
1741	if (!xattr_count)
1742	goto out;
1743
1744	ret = initxattrs(inode, new_xattrs, fs_data);
1745	out:
1746	for (; xattr_count > 0; xattr_count--)
1747	kfree(objp: new_xattrs[xattr_count - 1].value);
1748	kfree(objp: new_xattrs);
1749	return (ret == -EOPNOTSUPP) ? 0 : ret;
1750	}
1751	EXPORT_SYMBOL(security_inode_init_security);
1752
1753	/**
1754	* security_inode_init_security_anon() - Initialize an anonymous inode
1755	* @inode: the inode
1756	* @name: the anonymous inode class
1757	* @context_inode: an optional related inode
1758	*
1759	* Set up the incore security field for the new anonymous inode and return
1760	* whether the inode creation is permitted by the security module or not.
1761	*
1762	* Return: Returns 0 on success, -EACCES if the security module denies the
1763	* creation of this inode, or another -errno upon other errors.
1764	*/
1765	int security_inode_init_security_anon(struct inode *inode,
1766	const struct qstr *name,
1767	const struct inode *context_inode)
1768	{
1769	return call_int_hook(inode_init_security_anon, inode, name,
1770	context_inode);
1771	}
1772
1773	#ifdef CONFIG_SECURITY_PATH
1774	/**
1775	* security_path_mknod() - Check if creating a special file is allowed
1776	* @dir: parent directory
1777	* @dentry: new file
1778	* @mode: new file mode
1779	* @dev: device number
1780	*
1781	* Check permissions when creating a file. Note that this hook is called even
1782	* if mknod operation is being done for a regular file.
1783	*
1784	* Return: Returns 0 if permission is granted.
1785	*/
1786	int security_path_mknod(const struct path *dir, struct dentry *dentry,
1787	umode_t mode, unsigned int dev)
1788	{
1789	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
1790	return 0;
1791	return call_int_hook(path_mknod, dir, dentry, mode, dev);
1792	}
1793	EXPORT_SYMBOL(security_path_mknod);
1794
1795	/**
1796	* security_path_post_mknod() - Update inode security after reg file creation
1797	* @idmap: idmap of the mount
1798	* @dentry: new file
1799	*
1800	* Update inode security field after a regular file has been created.
1801	*/
1802	void security_path_post_mknod(struct mnt_idmap *idmap, struct dentry *dentry)
1803	{
1804	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
1805	return;
1806	call_void_hook(path_post_mknod, idmap, dentry);
1807	}
1808
1809	/**
1810	* security_path_mkdir() - Check if creating a new directory is allowed
1811	* @dir: parent directory
1812	* @dentry: new directory
1813	* @mode: new directory mode
1814	*
1815	* Check permissions to create a new directory in the existing directory.
1816	*
1817	* Return: Returns 0 if permission is granted.
1818	*/
1819	int security_path_mkdir(const struct path *dir, struct dentry *dentry,
1820	umode_t mode)
1821	{
1822	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
1823	return 0;
1824	return call_int_hook(path_mkdir, dir, dentry, mode);
1825	}
1826	EXPORT_SYMBOL(security_path_mkdir);
1827
1828	/**
1829	* security_path_rmdir() - Check if removing a directory is allowed
1830	* @dir: parent directory
1831	* @dentry: directory to remove
1832	*
1833	* Check the permission to remove a directory.
1834	*
1835	* Return: Returns 0 if permission is granted.
1836	*/
1837	int security_path_rmdir(const struct path *dir, struct dentry *dentry)
1838	{
1839	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
1840	return 0;
1841	return call_int_hook(path_rmdir, dir, dentry);
1842	}
1843
1844	/**
1845	* security_path_unlink() - Check if removing a hard link is allowed
1846	* @dir: parent directory
1847	* @dentry: file
1848	*
1849	* Check the permission to remove a hard link to a file.
1850	*
1851	* Return: Returns 0 if permission is granted.
1852	*/
1853	int security_path_unlink(const struct path *dir, struct dentry *dentry)
1854	{
1855	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
1856	return 0;
1857	return call_int_hook(path_unlink, dir, dentry);
1858	}
1859	EXPORT_SYMBOL(security_path_unlink);
1860
1861	/**
1862	* security_path_symlink() - Check if creating a symbolic link is allowed
1863	* @dir: parent directory
1864	* @dentry: symbolic link
1865	* @old_name: file pathname
1866	*
1867	* Check the permission to create a symbolic link to a file.
1868	*
1869	* Return: Returns 0 if permission is granted.
1870	*/
1871	int security_path_symlink(const struct path *dir, struct dentry *dentry,
1872	const char *old_name)
1873	{
1874	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
1875	return 0;
1876	return call_int_hook(path_symlink, dir, dentry, old_name);
1877	}
1878
1879	/**
1880	* security_path_link - Check if creating a hard link is allowed
1881	* @old_dentry: existing file
1882	* @new_dir: new parent directory
1883	* @new_dentry: new link
1884	*
1885	* Check permission before creating a new hard link to a file.
1886	*
1887	* Return: Returns 0 if permission is granted.
1888	*/
1889	int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
1890	struct dentry *new_dentry)
1891	{
1892	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry))))
1893	return 0;
1894	return call_int_hook(path_link, old_dentry, new_dir, new_dentry);
1895	}
1896
1897	/**
1898	* security_path_rename() - Check if renaming a file is allowed
1899	* @old_dir: parent directory of the old file
1900	* @old_dentry: the old file
1901	* @new_dir: parent directory of the new file
1902	* @new_dentry: the new file
1903	* @flags: flags
1904	*
1905	* Check for permission to rename a file or directory.
1906	*
1907	* Return: Returns 0 if permission is granted.
1908	*/
1909	int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
1910	const struct path *new_dir, struct dentry *new_dentry,
1911	unsigned int flags)
1912	{
1913	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) ||
1914	(d_is_positive(new_dentry) &&
1915	IS_PRIVATE(d_backing_inode(new_dentry)))))
1916	return 0;
1917
1918	return call_int_hook(path_rename, old_dir, old_dentry, new_dir,
1919	new_dentry, flags);
1920	}
1921	EXPORT_SYMBOL(security_path_rename);
1922
1923	/**
1924	* security_path_truncate() - Check if truncating a file is allowed
1925	* @path: file
1926	*
1927	* Check permission before truncating the file indicated by path. Note that
1928	* truncation permissions may also be checked based on already opened files,
1929	* using the security_file_truncate() hook.
1930	*
1931	* Return: Returns 0 if permission is granted.
1932	*/
1933	int security_path_truncate(const struct path *path)
1934	{
1935	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
1936	return 0;
1937	return call_int_hook(path_truncate, path);
1938	}
1939
1940	/**
1941	* security_path_chmod() - Check if changing the file's mode is allowed
1942	* @path: file
1943	* @mode: new mode
1944	*
1945	* Check for permission to change a mode of the file @path. The new mode is
1946	* specified in @mode which is a bitmask of constants from
1947	* <include/uapi/linux/stat.h>.
1948	*
1949	* Return: Returns 0 if permission is granted.
1950	*/
1951	int security_path_chmod(const struct path *path, umode_t mode)
1952	{
1953	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
1954	return 0;
1955	return call_int_hook(path_chmod, path, mode);
1956	}
1957
1958	/**
1959	* security_path_chown() - Check if changing the file's owner/group is allowed
1960	* @path: file
1961	* @uid: file owner
1962	* @gid: file group
1963	*
1964	* Check for permission to change owner/group of a file or directory.
1965	*
1966	* Return: Returns 0 if permission is granted.
1967	*/
1968	int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
1969	{
1970	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
1971	return 0;
1972	return call_int_hook(path_chown, path, uid, gid);
1973	}
1974
1975	/**
1976	* security_path_chroot() - Check if changing the root directory is allowed
1977	* @path: directory
1978	*
1979	* Check for permission to change root directory.
1980	*
1981	* Return: Returns 0 if permission is granted.
1982	*/
1983	int security_path_chroot(const struct path *path)
1984	{
1985	return call_int_hook(path_chroot, path);
1986	}
1987	#endif /* CONFIG_SECURITY_PATH */
1988
1989	/**
1990	* security_inode_create() - Check if creating a file is allowed
1991	* @dir: the parent directory
1992	* @dentry: the file being created
1993	* @mode: requested file mode
1994	*
1995	* Check permission to create a regular file.
1996	*
1997	* Return: Returns 0 if permission is granted.
1998	*/
1999	int security_inode_create(struct inode *dir, struct dentry *dentry,
2000	umode_t mode)
2001	{
2002	if (unlikely(IS_PRIVATE(dir)))
2003	return 0;
2004	return call_int_hook(inode_create, dir, dentry, mode);
2005	}
2006	EXPORT_SYMBOL_GPL(security_inode_create);
2007
2008	/**
2009	* security_inode_post_create_tmpfile() - Update inode security of new tmpfile
2010	* @idmap: idmap of the mount
2011	* @inode: inode of the new tmpfile
2012	*
2013	* Update inode security data after a tmpfile has been created.
2014	*/
2015	void security_inode_post_create_tmpfile(struct mnt_idmap *idmap,
2016	struct inode *inode)
2017	{
2018	if (unlikely(IS_PRIVATE(inode)))
2019	return;
2020	call_void_hook(inode_post_create_tmpfile, idmap, inode);
2021	}
2022
2023	/**
2024	* security_inode_link() - Check if creating a hard link is allowed
2025	* @old_dentry: existing file
2026	* @dir: new parent directory
2027	* @new_dentry: new link
2028	*
2029	* Check permission before creating a new hard link to a file.
2030	*
2031	* Return: Returns 0 if permission is granted.
2032	*/
2033	int security_inode_link(struct dentry *old_dentry, struct inode *dir,
2034	struct dentry *new_dentry)
2035	{
2036	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry))))
2037	return 0;
2038	return call_int_hook(inode_link, old_dentry, dir, new_dentry);
2039	}
2040
2041	/**
2042	* security_inode_unlink() - Check if removing a hard link is allowed
2043	* @dir: parent directory
2044	* @dentry: file
2045	*
2046	* Check the permission to remove a hard link to a file.
2047	*
2048	* Return: Returns 0 if permission is granted.
2049	*/
2050	int security_inode_unlink(struct inode *dir, struct dentry *dentry)
2051	{
2052	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2053	return 0;
2054	return call_int_hook(inode_unlink, dir, dentry);
2055	}
2056
2057	/**
2058	* security_inode_symlink() - Check if creating a symbolic link is allowed
2059	* @dir: parent directory
2060	* @dentry: symbolic link
2061	* @old_name: existing filename
2062	*
2063	* Check the permission to create a symbolic link to a file.
2064	*
2065	* Return: Returns 0 if permission is granted.
2066	*/
2067	int security_inode_symlink(struct inode *dir, struct dentry *dentry,
2068	const char *old_name)
2069	{
2070	if (unlikely(IS_PRIVATE(dir)))
2071	return 0;
2072	return call_int_hook(inode_symlink, dir, dentry, old_name);
2073	}
2074
2075	/**
2076	* security_inode_mkdir() - Check if creation a new director is allowed
2077	* @dir: parent directory
2078	* @dentry: new directory
2079	* @mode: new directory mode
2080	*
2081	* Check permissions to create a new directory in the existing directory
2082	* associated with inode structure @dir.
2083	*
2084	* Return: Returns 0 if permission is granted.
2085	*/
2086	int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
2087	{
2088	if (unlikely(IS_PRIVATE(dir)))
2089	return 0;
2090	return call_int_hook(inode_mkdir, dir, dentry, mode);
2091	}
2092	EXPORT_SYMBOL_GPL(security_inode_mkdir);
2093
2094	/**
2095	* security_inode_rmdir() - Check if removing a directory is allowed
2096	* @dir: parent directory
2097	* @dentry: directory to be removed
2098	*
2099	* Check the permission to remove a directory.
2100	*
2101	* Return: Returns 0 if permission is granted.
2102	*/
2103	int security_inode_rmdir(struct inode *dir, struct dentry *dentry)
2104	{
2105	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2106	return 0;
2107	return call_int_hook(inode_rmdir, dir, dentry);
2108	}
2109
2110	/**
2111	* security_inode_mknod() - Check if creating a special file is allowed
2112	* @dir: parent directory
2113	* @dentry: new file
2114	* @mode: new file mode
2115	* @dev: device number
2116	*
2117	* Check permissions when creating a special file (or a socket or a fifo file
2118	* created via the mknod system call). Note that if mknod operation is being
2119	* done for a regular file, then the create hook will be called and not this
2120	* hook.
2121	*
2122	* Return: Returns 0 if permission is granted.
2123	*/
2124	int security_inode_mknod(struct inode *dir, struct dentry *dentry,
2125	umode_t mode, dev_t dev)
2126	{
2127	if (unlikely(IS_PRIVATE(dir)))
2128	return 0;
2129	return call_int_hook(inode_mknod, dir, dentry, mode, dev);
2130	}
2131
2132	/**
2133	* security_inode_rename() - Check if renaming a file is allowed
2134	* @old_dir: parent directory of the old file
2135	* @old_dentry: the old file
2136	* @new_dir: parent directory of the new file
2137	* @new_dentry: the new file
2138	* @flags: flags
2139	*
2140	* Check for permission to rename a file or directory.
2141	*
2142	* Return: Returns 0 if permission is granted.
2143	*/
2144	int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
2145	struct inode *new_dir, struct dentry *new_dentry,
2146	unsigned int flags)
2147	{
2148	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) ||
2149	(d_is_positive(new_dentry) &&
2150	IS_PRIVATE(d_backing_inode(new_dentry)))))
2151	return 0;
2152
2153	if (flags & RENAME_EXCHANGE) {
2154	int err = call_int_hook(inode_rename, new_dir, new_dentry,
2155	old_dir, old_dentry);
2156	if (err)
2157	return err;
2158	}
2159
2160	return call_int_hook(inode_rename, old_dir, old_dentry,
2161	new_dir, new_dentry);
2162	}
2163
2164	/**
2165	* security_inode_readlink() - Check if reading a symbolic link is allowed
2166	* @dentry: link
2167	*
2168	* Check the permission to read the symbolic link.
2169	*
2170	* Return: Returns 0 if permission is granted.
2171	*/
2172	int security_inode_readlink(struct dentry *dentry)
2173	{
2174	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2175	return 0;
2176	return call_int_hook(inode_readlink, dentry);
2177	}
2178
2179	/**
2180	* security_inode_follow_link() - Check if following a symbolic link is allowed
2181	* @dentry: link dentry
2182	* @inode: link inode
2183	* @rcu: true if in RCU-walk mode
2184	*
2185	* Check permission to follow a symbolic link when looking up a pathname. If
2186	* @rcu is true, @inode is not stable.
2187	*
2188	* Return: Returns 0 if permission is granted.
2189	*/
2190	int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
2191	bool rcu)
2192	{
2193	if (unlikely(IS_PRIVATE(inode)))
2194	return 0;
2195	return call_int_hook(inode_follow_link, dentry, inode, rcu);
2196	}
2197
2198	/**
2199	* security_inode_permission() - Check if accessing an inode is allowed
2200	* @inode: inode
2201	* @mask: access mask
2202	*
2203	* Check permission before accessing an inode. This hook is called by the
2204	* existing Linux permission function, so a security module can use it to
2205	* provide additional checking for existing Linux permission checks. Notice
2206	* that this hook is called when a file is opened (as well as many other
2207	* operations), whereas the file_security_ops permission hook is called when
2208	* the actual read/write operations are performed.
2209	*
2210	* Return: Returns 0 if permission is granted.
2211	*/
2212	int security_inode_permission(struct inode *inode, int mask)
2213	{
2214	if (unlikely(IS_PRIVATE(inode)))
2215	return 0;
2216	return call_int_hook(inode_permission, inode, mask);
2217	}
2218
2219	/**
2220	* security_inode_setattr() - Check if setting file attributes is allowed
2221	* @idmap: idmap of the mount
2222	* @dentry: file
2223	* @attr: new attributes
2224	*
2225	* Check permission before setting file attributes. Note that the kernel call
2226	* to notify_change is performed from several locations, whenever file
2227	* attributes change (such as when a file is truncated, chown/chmod operations,
2228	* transferring disk quotas, etc).
2229	*
2230	* Return: Returns 0 if permission is granted.
2231	*/
2232	int security_inode_setattr(struct mnt_idmap *idmap,
2233	struct dentry *dentry, struct iattr *attr)
2234	{
2235	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2236	return 0;
2237	return call_int_hook(inode_setattr, idmap, dentry, attr);
2238	}
2239	EXPORT_SYMBOL_GPL(security_inode_setattr);
2240
2241	/**
2242	* security_inode_post_setattr() - Update the inode after a setattr operation
2243	* @idmap: idmap of the mount
2244	* @dentry: file
2245	* @ia_valid: file attributes set
2246	*
2247	* Update inode security field after successful setting file attributes.
2248	*/
2249	void security_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
2250	int ia_valid)
2251	{
2252	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2253	return;
2254	call_void_hook(inode_post_setattr, idmap, dentry, ia_valid);
2255	}
2256
2257	/**
2258	* security_inode_getattr() - Check if getting file attributes is allowed
2259	* @path: file
2260	*
2261	* Check permission before obtaining file attributes.
2262	*
2263	* Return: Returns 0 if permission is granted.
2264	*/
2265	int security_inode_getattr(const struct path *path)
2266	{
2267	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
2268	return 0;
2269	return call_int_hook(inode_getattr, path);
2270	}
2271
2272	/**
2273	* security_inode_setxattr() - Check if setting file xattrs is allowed
2274	* @idmap: idmap of the mount
2275	* @dentry: file
2276	* @name: xattr name
2277	* @value: xattr value
2278	* @size: size of xattr value
2279	* @flags: flags
2280	*
2281	* Check permission before setting the extended attributes.
2282	*
2283	* Return: Returns 0 if permission is granted.
2284	*/
2285	int security_inode_setxattr(struct mnt_idmap *idmap,
2286	struct dentry *dentry, const char *name,
2287	const void *value, size_t size, int flags)
2288	{
2289	int ret;
2290
2291	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2292	return 0;
2293	/*
2294	* SELinux and Smack integrate the cap call,
2295	* so assume that all LSMs supplying this call do so.
2296	*/
2297	ret = call_int_hook(inode_setxattr, idmap, dentry, name, value, size,
2298	flags);
2299
2300	if (ret == 1)
2301	ret = cap_inode_setxattr(dentry, name, value, size, flags);
2302	return ret;
2303	}
2304
2305	/**
2306	* security_inode_set_acl() - Check if setting posix acls is allowed
2307	* @idmap: idmap of the mount
2308	* @dentry: file
2309	* @acl_name: acl name
2310	* @kacl: acl struct
2311	*
2312	* Check permission before setting posix acls, the posix acls in @kacl are
2313	* identified by @acl_name.
2314	*
2315	* Return: Returns 0 if permission is granted.
2316	*/
2317	int security_inode_set_acl(struct mnt_idmap *idmap,
2318	struct dentry *dentry, const char *acl_name,
2319	struct posix_acl *kacl)
2320	{
2321	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2322	return 0;
2323	return call_int_hook(inode_set_acl, idmap, dentry, acl_name, kacl);
2324	}
2325
2326	/**
2327	* security_inode_post_set_acl() - Update inode security from posix acls set
2328	* @dentry: file
2329	* @acl_name: acl name
2330	* @kacl: acl struct
2331	*
2332	* Update inode security data after successfully setting posix acls on @dentry.
2333	* The posix acls in @kacl are identified by @acl_name.
2334	*/
2335	void security_inode_post_set_acl(struct dentry *dentry, const char *acl_name,
2336	struct posix_acl *kacl)
2337	{
2338	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2339	return;
2340	call_void_hook(inode_post_set_acl, dentry, acl_name, kacl);
2341	}
2342
2343	/**
2344	* security_inode_get_acl() - Check if reading posix acls is allowed
2345	* @idmap: idmap of the mount
2346	* @dentry: file
2347	* @acl_name: acl name
2348	*
2349	* Check permission before getting osix acls, the posix acls are identified by
2350	* @acl_name.
2351	*
2352	* Return: Returns 0 if permission is granted.
2353	*/
2354	int security_inode_get_acl(struct mnt_idmap *idmap,
2355	struct dentry *dentry, const char *acl_name)
2356	{
2357	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2358	return 0;
2359	return call_int_hook(inode_get_acl, idmap, dentry, acl_name);
2360	}
2361
2362	/**
2363	* security_inode_remove_acl() - Check if removing a posix acl is allowed
2364	* @idmap: idmap of the mount
2365	* @dentry: file
2366	* @acl_name: acl name
2367	*
2368	* Check permission before removing posix acls, the posix acls are identified
2369	* by @acl_name.
2370	*
2371	* Return: Returns 0 if permission is granted.
2372	*/
2373	int security_inode_remove_acl(struct mnt_idmap *idmap,
2374	struct dentry *dentry, const char *acl_name)
2375	{
2376	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2377	return 0;
2378	return call_int_hook(inode_remove_acl, idmap, dentry, acl_name);
2379	}
2380
2381	/**
2382	* security_inode_post_remove_acl() - Update inode security after rm posix acls
2383	* @idmap: idmap of the mount
2384	* @dentry: file
2385	* @acl_name: acl name
2386	*
2387	* Update inode security data after successfully removing posix acls on
2388	* @dentry in @idmap. The posix acls are identified by @acl_name.
2389	*/
2390	void security_inode_post_remove_acl(struct mnt_idmap *idmap,
2391	struct dentry *dentry, const char *acl_name)
2392	{
2393	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2394	return;
2395	call_void_hook(inode_post_remove_acl, idmap, dentry, acl_name);
2396	}
2397
2398	/**
2399	* security_inode_post_setxattr() - Update the inode after a setxattr operation
2400	* @dentry: file
2401	* @name: xattr name
2402	* @value: xattr value
2403	* @size: xattr value size
2404	* @flags: flags
2405	*
2406	* Update inode security field after successful setxattr operation.
2407	*/
2408	void security_inode_post_setxattr(struct dentry *dentry, const char *name,
2409	const void *value, size_t size, int flags)
2410	{
2411	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2412	return;
2413	call_void_hook(inode_post_setxattr, dentry, name, value, size, flags);
2414	}
2415
2416	/**
2417	* security_inode_getxattr() - Check if xattr access is allowed
2418	* @dentry: file
2419	* @name: xattr name
2420	*
2421	* Check permission before obtaining the extended attributes identified by
2422	* @name for @dentry.
2423	*
2424	* Return: Returns 0 if permission is granted.
2425	*/
2426	int security_inode_getxattr(struct dentry *dentry, const char *name)
2427	{
2428	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2429	return 0;
2430	return call_int_hook(inode_getxattr, dentry, name);
2431	}
2432
2433	/**
2434	* security_inode_listxattr() - Check if listing xattrs is allowed
2435	* @dentry: file
2436	*
2437	* Check permission before obtaining the list of extended attribute names for
2438	* @dentry.
2439	*
2440	* Return: Returns 0 if permission is granted.
2441	*/
2442	int security_inode_listxattr(struct dentry *dentry)
2443	{
2444	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2445	return 0;
2446	return call_int_hook(inode_listxattr, dentry);
2447	}
2448
2449	/**
2450	* security_inode_removexattr() - Check if removing an xattr is allowed
2451	* @idmap: idmap of the mount
2452	* @dentry: file
2453	* @name: xattr name
2454	*
2455	* Check permission before removing the extended attribute identified by @name
2456	* for @dentry.
2457	*
2458	* Return: Returns 0 if permission is granted.
2459	*/
2460	int security_inode_removexattr(struct mnt_idmap *idmap,
2461	struct dentry *dentry, const char *name)
2462	{
2463	int ret;
2464
2465	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2466	return 0;
2467	/*
2468	* SELinux and Smack integrate the cap call,
2469	* so assume that all LSMs supplying this call do so.
2470	*/
2471	ret = call_int_hook(inode_removexattr, idmap, dentry, name);
2472	if (ret == 1)
2473	ret = cap_inode_removexattr(idmap, dentry, name);
2474	return ret;
2475	}
2476
2477	/**
2478	* security_inode_post_removexattr() - Update the inode after a removexattr op
2479	* @dentry: file
2480	* @name: xattr name
2481	*
2482	* Update the inode after a successful removexattr operation.
2483	*/
2484	void security_inode_post_removexattr(struct dentry *dentry, const char *name)
2485	{
2486	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2487	return;
2488	call_void_hook(inode_post_removexattr, dentry, name);
2489	}
2490
2491	/**
2492	* security_inode_need_killpriv() - Check if security_inode_killpriv() required
2493	* @dentry: associated dentry
2494	*
2495	* Called when an inode has been changed to determine if
2496	* security_inode_killpriv() should be called.
2497	*
2498	* Return: Return <0 on error to abort the inode change operation, return 0 if
2499	* security_inode_killpriv() does not need to be called, return >0 if
2500	* security_inode_killpriv() does need to be called.
2501	*/
2502	int security_inode_need_killpriv(struct dentry *dentry)
2503	{
2504	return call_int_hook(inode_need_killpriv, dentry);
2505	}
2506
2507	/**
2508	* security_inode_killpriv() - The setuid bit is removed, update LSM state
2509	* @idmap: idmap of the mount
2510	* @dentry: associated dentry
2511	*
2512	* The @dentry's setuid bit is being removed. Remove similar security labels.
2513	* Called with the dentry->d_inode->i_mutex held.
2514	*
2515	* Return: Return 0 on success. If error is returned, then the operation
2516	* causing setuid bit removal is failed.
2517	*/
2518	int security_inode_killpriv(struct mnt_idmap *idmap,
2519	struct dentry *dentry)
2520	{
2521	return call_int_hook(inode_killpriv, idmap, dentry);
2522	}
2523
2524	/**
2525	* security_inode_getsecurity() - Get the xattr security label of an inode
2526	* @idmap: idmap of the mount
2527	* @inode: inode
2528	* @name: xattr name
2529	* @buffer: security label buffer
2530	* @alloc: allocation flag
2531	*
2532	* Retrieve a copy of the extended attribute representation of the security
2533	* label associated with @name for @inode via @buffer. Note that @name is the
2534	* remainder of the attribute name after the security prefix has been removed.
2535	* @alloc is used to specify if the call should return a value via the buffer
2536	* or just the value length.
2537	*
2538	* Return: Returns size of buffer on success.
2539	*/
2540	int security_inode_getsecurity(struct mnt_idmap *idmap,
2541	struct inode *inode, const char *name,
2542	void **buffer, bool alloc)
2543	{
2544	if (unlikely(IS_PRIVATE(inode)))
2545	return LSM_RET_DEFAULT(inode_getsecurity);
2546
2547	return call_int_hook(inode_getsecurity, idmap, inode, name, buffer,
2548	alloc);
2549	}
2550
2551	/**
2552	* security_inode_setsecurity() - Set the xattr security label of an inode
2553	* @inode: inode
2554	* @name: xattr name
2555	* @value: security label
2556	* @size: length of security label
2557	* @flags: flags
2558	*
2559	* Set the security label associated with @name for @inode from the extended
2560	* attribute value @value. @size indicates the size of the @value in bytes.
2561	* @flags may be XATTR_CREATE, XATTR_REPLACE, or 0. Note that @name is the
2562	* remainder of the attribute name after the security. prefix has been removed.
2563	*
2564	* Return: Returns 0 on success.
2565	*/
2566	int security_inode_setsecurity(struct inode *inode, const char *name,
2567	const void *value, size_t size, int flags)
2568	{
2569	if (unlikely(IS_PRIVATE(inode)))
2570	return LSM_RET_DEFAULT(inode_setsecurity);
2571
2572	return call_int_hook(inode_setsecurity, inode, name, value, size,
2573	flags);
2574	}
2575
2576	/**
2577	* security_inode_listsecurity() - List the xattr security label names
2578	* @inode: inode
2579	* @buffer: buffer
2580	* @buffer_size: size of buffer
2581	*
2582	* Copy the extended attribute names for the security labels associated with
2583	* @inode into @buffer. The maximum size of @buffer is specified by
2584	* @buffer_size. @buffer may be NULL to request the size of the buffer
2585	* required.
2586	*
2587	* Return: Returns number of bytes used/required on success.
2588	*/
2589	int security_inode_listsecurity(struct inode *inode,
2590	char *buffer, size_t buffer_size)
2591	{
2592	if (unlikely(IS_PRIVATE(inode)))
2593	return 0;
2594	return call_int_hook(inode_listsecurity, inode, buffer, buffer_size);
2595	}
2596	EXPORT_SYMBOL(security_inode_listsecurity);
2597
2598	/**
2599	* security_inode_getsecid() - Get an inode's secid
2600	* @inode: inode
2601	* @secid: secid to return
2602	*
2603	* Get the secid associated with the node. In case of failure, @secid will be
2604	* set to zero.
2605	*/
2606	void security_inode_getsecid(struct inode *inode, u32 *secid)
2607	{
2608	call_void_hook(inode_getsecid, inode, secid);
2609	}
2610
2611	/**
2612	* security_inode_copy_up() - Create new creds for an overlayfs copy-up op
2613	* @src: union dentry of copy-up file
2614	* @new: newly created creds
2615	*
2616	* A file is about to be copied up from lower layer to upper layer of overlay
2617	* filesystem. Security module can prepare a set of new creds and modify as
2618	* need be and return new creds. Caller will switch to new creds temporarily to
2619	* create new file and release newly allocated creds.
2620	*
2621	* Return: Returns 0 on success or a negative error code on error.
2622	*/
2623	int security_inode_copy_up(struct dentry *src, struct cred **new)
2624	{
2625	return call_int_hook(inode_copy_up, src, new);
2626	}
2627	EXPORT_SYMBOL(security_inode_copy_up);
2628
2629	/**
2630	* security_inode_copy_up_xattr() - Filter xattrs in an overlayfs copy-up op
2631	* @name: xattr name
2632	*
2633	* Filter the xattrs being copied up when a unioned file is copied up from a
2634	* lower layer to the union/overlay layer. The caller is responsible for
2635	* reading and writing the xattrs, this hook is merely a filter.
2636	*
2637	* Return: Returns 0 to accept the xattr, 1 to discard the xattr, -EOPNOTSUPP
2638	* if the security module does not know about attribute, or a negative
2639	* error code to abort the copy up.
2640	*/
2641	int security_inode_copy_up_xattr(const char *name)
2642	{
2643	int rc;
2644
2645	/*
2646	* The implementation can return 0 (accept the xattr), 1 (discard the
2647	* xattr), -EOPNOTSUPP if it does not know anything about the xattr or
2648	* any other error code in case of an error.
2649	*/
2650	rc = call_int_hook(inode_copy_up_xattr, name);
2651	if (rc != LSM_RET_DEFAULT(inode_copy_up_xattr))
2652	return rc;
2653
2654	return LSM_RET_DEFAULT(inode_copy_up_xattr);
2655	}
2656	EXPORT_SYMBOL(security_inode_copy_up_xattr);
2657
2658	/**
2659	* security_kernfs_init_security() - Init LSM context for a kernfs node
2660	* @kn_dir: parent kernfs node
2661	* @kn: the kernfs node to initialize
2662	*
2663	* Initialize the security context of a newly created kernfs node based on its
2664	* own and its parent's attributes.
2665	*
2666	* Return: Returns 0 if permission is granted.
2667	*/
2668	int security_kernfs_init_security(struct kernfs_node *kn_dir,
2669	struct kernfs_node *kn)
2670	{
2671	return call_int_hook(kernfs_init_security, kn_dir, kn);
2672	}
2673
2674	/**
2675	* security_file_permission() - Check file permissions
2676	* @file: file
2677	* @mask: requested permissions
2678	*
2679	* Check file permissions before accessing an open file. This hook is called
2680	* by various operations that read or write files. A security module can use
2681	* this hook to perform additional checking on these operations, e.g. to
2682	* revalidate permissions on use to support privilege bracketing or policy
2683	* changes. Notice that this hook is used when the actual read/write
2684	* operations are performed, whereas the inode_security_ops hook is called when
2685	* a file is opened (as well as many other operations). Although this hook can
2686	* be used to revalidate permissions for various system call operations that
2687	* read or write files, it does not address the revalidation of permissions for
2688	* memory-mapped files. Security modules must handle this separately if they
2689	* need such revalidation.
2690	*
2691	* Return: Returns 0 if permission is granted.
2692	*/
2693	int security_file_permission(struct file *file, int mask)
2694	{
2695	return call_int_hook(file_permission, file, mask);
2696	}
2697
2698	/**
2699	* security_file_alloc() - Allocate and init a file's LSM blob
2700	* @file: the file
2701	*
2702	* Allocate and attach a security structure to the file->f_security field. The
2703	* security field is initialized to NULL when the structure is first created.
2704	*
2705	* Return: Return 0 if the hook is successful and permission is granted.
2706	*/
2707	int security_file_alloc(struct file *file)
2708	{
2709	int rc = lsm_file_alloc(file);
2710
2711	if (rc)
2712	return rc;
2713	rc = call_int_hook(file_alloc_security, file);
2714	if (unlikely(rc))
2715	security_file_free(file);
2716	return rc;
2717	}
2718
2719	/**
2720	* security_file_release() - Perform actions before releasing the file ref
2721	* @file: the file
2722	*
2723	* Perform actions before releasing the last reference to a file.
2724	*/
2725	void security_file_release(struct file *file)
2726	{
2727	call_void_hook(file_release, file);
2728	}
2729
2730	/**
2731	* security_file_free() - Free a file's LSM blob
2732	* @file: the file
2733	*
2734	* Deallocate and free any security structures stored in file->f_security.
2735	*/
2736	void security_file_free(struct file *file)
2737	{
2738	void *blob;
2739
2740	call_void_hook(file_free_security, file);
2741
2742	blob = file->f_security;
2743	if (blob) {
2744	file->f_security = NULL;
2745	kmem_cache_free(s: lsm_file_cache, objp: blob);
2746	}
2747	}
2748
2749	/**
2750	* security_file_ioctl() - Check if an ioctl is allowed
2751	* @file: associated file
2752	* @cmd: ioctl cmd
2753	* @arg: ioctl arguments
2754	*
2755	* Check permission for an ioctl operation on @file. Note that @arg sometimes
2756	* represents a user space pointer; in other cases, it may be a simple integer
2757	* value. When @arg represents a user space pointer, it should never be used
2758	* by the security module.
2759	*
2760	* Return: Returns 0 if permission is granted.
2761	*/
2762	int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2763	{
2764	return call_int_hook(file_ioctl, file, cmd, arg);
2765	}
2766	EXPORT_SYMBOL_GPL(security_file_ioctl);
2767
2768	/**
2769	* security_file_ioctl_compat() - Check if an ioctl is allowed in compat mode
2770	* @file: associated file
2771	* @cmd: ioctl cmd
2772	* @arg: ioctl arguments
2773	*
2774	* Compat version of security_file_ioctl() that correctly handles 32-bit
2775	* processes running on 64-bit kernels.
2776	*
2777	* Return: Returns 0 if permission is granted.
2778	*/
2779	int security_file_ioctl_compat(struct file *file, unsigned int cmd,
2780	unsigned long arg)
2781	{
2782	return call_int_hook(file_ioctl_compat, file, cmd, arg);
2783	}
2784	EXPORT_SYMBOL_GPL(security_file_ioctl_compat);
2785
2786	static inline unsigned long mmap_prot(struct file *file, unsigned long prot)
2787	{
2788	/*
2789	* Does we have PROT_READ and does the application expect
2790	* it to imply PROT_EXEC? If not, nothing to talk about...
2791	*/
2792	if ((prot & (PROT_READ | PROT_EXEC)) != PROT_READ)
2793	return prot;
2794	if (!(current->personality & READ_IMPLIES_EXEC))
2795	return prot;
2796	/*
2797	* if that's an anonymous mapping, let it.
2798	*/
2799	if (!file)
2800	return prot | PROT_EXEC;
2801	/*
2802	* ditto if it's not on noexec mount, except that on !MMU we need
2803	* NOMMU_MAP_EXEC (== VM_MAYEXEC) in this case
2804	*/
2805	if (!path_noexec(path: &file->f_path)) {
2806	#ifndef CONFIG_MMU
2807	if (file->f_op->mmap_capabilities) {
2808	unsigned caps = file->f_op->mmap_capabilities(file);
2809	if (!(caps & NOMMU_MAP_EXEC))
2810	return prot;
2811	}
2812	#endif
2813	return prot | PROT_EXEC;
2814	}
2815	/* anything on noexec mount won't get PROT_EXEC */
2816	return prot;
2817	}
2818
2819	/**
2820	* security_mmap_file() - Check if mmap'ing a file is allowed
2821	* @file: file
2822	* @prot: protection applied by the kernel
2823	* @flags: flags
2824	*
2825	* Check permissions for a mmap operation. The @file may be NULL, e.g. if
2826	* mapping anonymous memory.
2827	*
2828	* Return: Returns 0 if permission is granted.
2829	*/
2830	int security_mmap_file(struct file *file, unsigned long prot,
2831	unsigned long flags)
2832	{
2833	return call_int_hook(mmap_file, file, prot, mmap_prot(file, prot),
2834	flags);
2835	}
2836
2837	/**
2838	* security_mmap_addr() - Check if mmap'ing an address is allowed
2839	* @addr: address
2840	*
2841	* Check permissions for a mmap operation at @addr.
2842	*
2843	* Return: Returns 0 if permission is granted.
2844	*/
2845	int security_mmap_addr(unsigned long addr)
2846	{
2847	return call_int_hook(mmap_addr, addr);
2848	}
2849
2850	/**
2851	* security_file_mprotect() - Check if changing memory protections is allowed
2852	* @vma: memory region
2853	* @reqprot: application requested protection
2854	* @prot: protection applied by the kernel
2855	*
2856	* Check permissions before changing memory access permissions.
2857	*
2858	* Return: Returns 0 if permission is granted.
2859	*/
2860	int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
2861	unsigned long prot)
2862	{
2863	return call_int_hook(file_mprotect, vma, reqprot, prot);
2864	}
2865
2866	/**
2867	* security_file_lock() - Check if a file lock is allowed
2868	* @file: file
2869	* @cmd: lock operation (e.g. F_RDLCK, F_WRLCK)
2870	*
2871	* Check permission before performing file locking operations. Note the hook
2872	* mediates both flock and fcntl style locks.
2873	*
2874	* Return: Returns 0 if permission is granted.
2875	*/
2876	int security_file_lock(struct file *file, unsigned int cmd)
2877	{
2878	return call_int_hook(file_lock, file, cmd);
2879	}
2880
2881	/**
2882	* security_file_fcntl() - Check if fcntl() op is allowed
2883	* @file: file
2884	* @cmd: fcntl command
2885	* @arg: command argument
2886	*
2887	* Check permission before allowing the file operation specified by @cmd from
2888	* being performed on the file @file. Note that @arg sometimes represents a
2889	* user space pointer; in other cases, it may be a simple integer value. When
2890	* @arg represents a user space pointer, it should never be used by the
2891	* security module.
2892	*
2893	* Return: Returns 0 if permission is granted.
2894	*/
2895	int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
2896	{
2897	return call_int_hook(file_fcntl, file, cmd, arg);
2898	}
2899
2900	/**
2901	* security_file_set_fowner() - Set the file owner info in the LSM blob
2902	* @file: the file
2903	*
2904	* Save owner security information (typically from current->security) in
2905	* file->f_security for later use by the send_sigiotask hook.
2906	*
2907	* Return: Returns 0 on success.
2908	*/
2909	void security_file_set_fowner(struct file *file)
2910	{
2911	call_void_hook(file_set_fowner, file);
2912	}
2913
2914	/**
2915	* security_file_send_sigiotask() - Check if sending SIGIO/SIGURG is allowed
2916	* @tsk: target task
2917	* @fown: signal sender
2918	* @sig: signal to be sent, SIGIO is sent if 0
2919	*
2920	* Check permission for the file owner @fown to send SIGIO or SIGURG to the
2921	* process @tsk. Note that this hook is sometimes called from interrupt. Note
2922	* that the fown_struct, @fown, is never outside the context of a struct file,
2923	* so the file structure (and associated security information) can always be
2924	* obtained: container_of(fown, struct file, f_owner).
2925	*
2926	* Return: Returns 0 if permission is granted.
2927	*/
2928	int security_file_send_sigiotask(struct task_struct *tsk,
2929	struct fown_struct *fown, int sig)
2930	{
2931	return call_int_hook(file_send_sigiotask, tsk, fown, sig);
2932	}
2933
2934	/**
2935	* security_file_receive() - Check if receiving a file via IPC is allowed
2936	* @file: file being received
2937	*
2938	* This hook allows security modules to control the ability of a process to
2939	* receive an open file descriptor via socket IPC.
2940	*
2941	* Return: Returns 0 if permission is granted.
2942	*/
2943	int security_file_receive(struct file *file)
2944	{
2945	return call_int_hook(file_receive, file);
2946	}
2947
2948	/**
2949	* security_file_open() - Save open() time state for late use by the LSM
2950	* @file:
2951	*
2952	* Save open-time permission checking state for later use upon file_permission,
2953	* and recheck access if anything has changed since inode_permission.
2954	*
2955	* Return: Returns 0 if permission is granted.
2956	*/
2957	int security_file_open(struct file *file)
2958	{
2959	int ret;
2960
2961	ret = call_int_hook(file_open, file);
2962	if (ret)
2963	return ret;
2964
2965	return fsnotify_open_perm(file);
2966	}
2967
2968	/**
2969	* security_file_post_open() - Evaluate a file after it has been opened
2970	* @file: the file
2971	* @mask: access mask
2972	*
2973	* Evaluate an opened file and the access mask requested with open(). The hook
2974	* is useful for LSMs that require the file content to be available in order to
2975	* make decisions.
2976	*
2977	* Return: Returns 0 if permission is granted.
2978	*/
2979	int security_file_post_open(struct file *file, int mask)
2980	{
2981	return call_int_hook(file_post_open, file, mask);
2982	}
2983	EXPORT_SYMBOL_GPL(security_file_post_open);
2984
2985	/**
2986	* security_file_truncate() - Check if truncating a file is allowed
2987	* @file: file
2988	*
2989	* Check permission before truncating a file, i.e. using ftruncate. Note that
2990	* truncation permission may also be checked based on the path, using the
2991	* @path_truncate hook.
2992	*
2993	* Return: Returns 0 if permission is granted.
2994	*/
2995	int security_file_truncate(struct file *file)
2996	{
2997	return call_int_hook(file_truncate, file);
2998	}
2999
3000	/**
3001	* security_task_alloc() - Allocate a task's LSM blob
3002	* @task: the task
3003	* @clone_flags: flags indicating what is being shared
3004	*
3005	* Handle allocation of task-related resources.
3006	*
3007	* Return: Returns a zero on success, negative values on failure.
3008	*/
3009	int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
3010	{
3011	int rc = lsm_task_alloc(task);
3012
3013	if (rc)
3014	return rc;
3015	rc = call_int_hook(task_alloc, task, clone_flags);
3016	if (unlikely(rc))
3017	security_task_free(task);
3018	return rc;
3019	}
3020
3021	/**
3022	* security_task_free() - Free a task's LSM blob and related resources
3023	* @task: task
3024	*
3025	* Handle release of task-related resources. Note that this can be called from
3026	* interrupt context.
3027	*/
3028	void security_task_free(struct task_struct *task)
3029	{
3030	call_void_hook(task_free, task);
3031
3032	kfree(objp: task->security);
3033	task->security = NULL;
3034	}
3035
3036	/**
3037	* security_cred_alloc_blank() - Allocate the min memory to allow cred_transfer
3038	* @cred: credentials
3039	* @gfp: gfp flags
3040	*
3041	* Only allocate sufficient memory and attach to @cred such that
3042	* cred_transfer() will not get ENOMEM.
3043	*
3044	* Return: Returns 0 on success, negative values on failure.
3045	*/
3046	int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3047	{
3048	int rc = lsm_cred_alloc(cred, gfp);
3049
3050	if (rc)
3051	return rc;
3052
3053	rc = call_int_hook(cred_alloc_blank, cred, gfp);
3054	if (unlikely(rc))
3055	security_cred_free(cred);
3056	return rc;
3057	}
3058
3059	/**
3060	* security_cred_free() - Free the cred's LSM blob and associated resources
3061	* @cred: credentials
3062	*
3063	* Deallocate and clear the cred->security field in a set of credentials.
3064	*/
3065	void security_cred_free(struct cred *cred)
3066	{
3067	/*
3068	* There is a failure case in prepare_creds() that
3069	* may result in a call here with ->security being NULL.
3070	*/
3071	if (unlikely(cred->security == NULL))
3072	return;
3073
3074	call_void_hook(cred_free, cred);
3075
3076	kfree(objp: cred->security);
3077	cred->security = NULL;
3078	}
3079
3080	/**
3081	* security_prepare_creds() - Prepare a new set of credentials
3082	* @new: new credentials
3083	* @old: original credentials
3084	* @gfp: gfp flags
3085	*
3086	* Prepare a new set of credentials by copying the data from the old set.
3087	*
3088	* Return: Returns 0 on success, negative values on failure.
3089	*/
3090	int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp)
3091	{
3092	int rc = lsm_cred_alloc(cred: new, gfp);
3093
3094	if (rc)
3095	return rc;
3096
3097	rc = call_int_hook(cred_prepare, new, old, gfp);
3098	if (unlikely(rc))
3099	security_cred_free(cred: new);
3100	return rc;
3101	}
3102
3103	/**
3104	* security_transfer_creds() - Transfer creds
3105	* @new: target credentials
3106	* @old: original credentials
3107	*
3108	* Transfer data from original creds to new creds.
3109	*/
3110	void security_transfer_creds(struct cred *new, const struct cred *old)
3111	{
3112	call_void_hook(cred_transfer, new, old);
3113	}
3114
3115	/**
3116	* security_cred_getsecid() - Get the secid from a set of credentials
3117	* @c: credentials
3118	* @secid: secid value
3119	*
3120	* Retrieve the security identifier of the cred structure @c. In case of
3121	* failure, @secid will be set to zero.
3122	*/
3123	void security_cred_getsecid(const struct cred *c, u32 *secid)
3124	{
3125	*secid = 0;
3126	call_void_hook(cred_getsecid, c, secid);
3127	}
3128	EXPORT_SYMBOL(security_cred_getsecid);
3129
3130	/**
3131	* security_kernel_act_as() - Set the kernel credentials to act as secid
3132	* @new: credentials
3133	* @secid: secid
3134	*
3135	* Set the credentials for a kernel service to act as (subjective context).
3136	* The current task must be the one that nominated @secid.
3137	*
3138	* Return: Returns 0 if successful.
3139	*/
3140	int security_kernel_act_as(struct cred *new, u32 secid)
3141	{
3142	return call_int_hook(kernel_act_as, new, secid);
3143	}
3144
3145	/**
3146	* security_kernel_create_files_as() - Set file creation context using an inode
3147	* @new: target credentials
3148	* @inode: reference inode
3149	*
3150	* Set the file creation context in a set of credentials to be the same as the
3151	* objective context of the specified inode. The current task must be the one
3152	* that nominated @inode.
3153	*
3154	* Return: Returns 0 if successful.
3155	*/
3156	int security_kernel_create_files_as(struct cred *new, struct inode *inode)
3157	{
3158	return call_int_hook(kernel_create_files_as, new, inode);
3159	}
3160
3161	/**
3162	* security_kernel_module_request() - Check if loading a module is allowed
3163	* @kmod_name: module name
3164	*
3165	* Ability to trigger the kernel to automatically upcall to userspace for
3166	* userspace to load a kernel module with the given name.
3167	*
3168	* Return: Returns 0 if successful.
3169	*/
3170	int security_kernel_module_request(char *kmod_name)
3171	{
3172	return call_int_hook(kernel_module_request, kmod_name);
3173	}
3174
3175	/**
3176	* security_kernel_read_file() - Read a file specified by userspace
3177	* @file: file
3178	* @id: file identifier
3179	* @contents: trust if security_kernel_post_read_file() will be called
3180	*
3181	* Read a file specified by userspace.
3182	*
3183	* Return: Returns 0 if permission is granted.
3184	*/
3185	int security_kernel_read_file(struct file *file, enum kernel_read_file_id id,
3186	bool contents)
3187	{
3188	return call_int_hook(kernel_read_file, file, id, contents);
3189	}
3190	EXPORT_SYMBOL_GPL(security_kernel_read_file);
3191
3192	/**
3193	* security_kernel_post_read_file() - Read a file specified by userspace
3194	* @file: file
3195	* @buf: file contents
3196	* @size: size of file contents
3197	* @id: file identifier
3198	*
3199	* Read a file specified by userspace. This must be paired with a prior call
3200	* to security_kernel_read_file() call that indicated this hook would also be
3201	* called, see security_kernel_read_file() for more information.
3202	*
3203	* Return: Returns 0 if permission is granted.
3204	*/
3205	int security_kernel_post_read_file(struct file *file, char *buf, loff_t size,
3206	enum kernel_read_file_id id)
3207	{
3208	return call_int_hook(kernel_post_read_file, file, buf, size, id);
3209	}
3210	EXPORT_SYMBOL_GPL(security_kernel_post_read_file);
3211
3212	/**
3213	* security_kernel_load_data() - Load data provided by userspace
3214	* @id: data identifier
3215	* @contents: true if security_kernel_post_load_data() will be called
3216	*
3217	* Load data provided by userspace.
3218	*
3219	* Return: Returns 0 if permission is granted.
3220	*/
3221	int security_kernel_load_data(enum kernel_load_data_id id, bool contents)
3222	{
3223	return call_int_hook(kernel_load_data, id, contents);
3224	}
3225	EXPORT_SYMBOL_GPL(security_kernel_load_data);
3226
3227	/**
3228	* security_kernel_post_load_data() - Load userspace data from a non-file source
3229	* @buf: data
3230	* @size: size of data
3231	* @id: data identifier
3232	* @description: text description of data, specific to the id value
3233	*
3234	* Load data provided by a non-file source (usually userspace buffer). This
3235	* must be paired with a prior security_kernel_load_data() call that indicated
3236	* this hook would also be called, see security_kernel_load_data() for more
3237	* information.
3238	*
3239	* Return: Returns 0 if permission is granted.
3240	*/
3241	int security_kernel_post_load_data(char *buf, loff_t size,
3242	enum kernel_load_data_id id,
3243	char *description)
3244	{
3245	return call_int_hook(kernel_post_load_data, buf, size, id, description);
3246	}
3247	EXPORT_SYMBOL_GPL(security_kernel_post_load_data);
3248
3249	/**
3250	* security_task_fix_setuid() - Update LSM with new user id attributes
3251	* @new: updated credentials
3252	* @old: credentials being replaced
3253	* @flags: LSM_SETID_* flag values
3254	*
3255	* Update the module's state after setting one or more of the user identity
3256	* attributes of the current process. The @flags parameter indicates which of
3257	* the set*uid system calls invoked this hook. If @new is the set of
3258	* credentials that will be installed. Modifications should be made to this
3259	* rather than to @current->cred.
3260	*
3261	* Return: Returns 0 on success.
3262	*/
3263	int security_task_fix_setuid(struct cred *new, const struct cred *old,
3264	int flags)
3265	{
3266	return call_int_hook(task_fix_setuid, new, old, flags);
3267	}
3268
3269	/**
3270	* security_task_fix_setgid() - Update LSM with new group id attributes
3271	* @new: updated credentials
3272	* @old: credentials being replaced
3273	* @flags: LSM_SETID_* flag value
3274	*
3275	* Update the module's state after setting one or more of the group identity
3276	* attributes of the current process. The @flags parameter indicates which of
3277	* the set*gid system calls invoked this hook. @new is the set of credentials
3278	* that will be installed. Modifications should be made to this rather than to
3279	* @current->cred.
3280	*
3281	* Return: Returns 0 on success.
3282	*/
3283	int security_task_fix_setgid(struct cred *new, const struct cred *old,
3284	int flags)
3285	{
3286	return call_int_hook(task_fix_setgid, new, old, flags);
3287	}
3288
3289	/**
3290	* security_task_fix_setgroups() - Update LSM with new supplementary groups
3291	* @new: updated credentials
3292	* @old: credentials being replaced
3293	*
3294	* Update the module's state after setting the supplementary group identity
3295	* attributes of the current process. @new is the set of credentials that will
3296	* be installed. Modifications should be made to this rather than to
3297	* @current->cred.
3298	*
3299	* Return: Returns 0 on success.
3300	*/
3301	int security_task_fix_setgroups(struct cred *new, const struct cred *old)
3302	{
3303	return call_int_hook(task_fix_setgroups, new, old);
3304	}
3305
3306	/**
3307	* security_task_setpgid() - Check if setting the pgid is allowed
3308	* @p: task being modified
3309	* @pgid: new pgid
3310	*
3311	* Check permission before setting the process group identifier of the process
3312	* @p to @pgid.
3313	*
3314	* Return: Returns 0 if permission is granted.
3315	*/
3316	int security_task_setpgid(struct task_struct *p, pid_t pgid)
3317	{
3318	return call_int_hook(task_setpgid, p, pgid);
3319	}
3320
3321	/**
3322	* security_task_getpgid() - Check if getting the pgid is allowed
3323	* @p: task
3324	*
3325	* Check permission before getting the process group identifier of the process
3326	* @p.
3327	*
3328	* Return: Returns 0 if permission is granted.
3329	*/
3330	int security_task_getpgid(struct task_struct *p)
3331	{
3332	return call_int_hook(task_getpgid, p);
3333	}
3334
3335	/**
3336	* security_task_getsid() - Check if getting the session id is allowed
3337	* @p: task
3338	*
3339	* Check permission before getting the session identifier of the process @p.
3340	*
3341	* Return: Returns 0 if permission is granted.
3342	*/
3343	int security_task_getsid(struct task_struct *p)
3344	{
3345	return call_int_hook(task_getsid, p);
3346	}
3347
3348	/**
3349	* security_current_getsecid_subj() - Get the current task's subjective secid
3350	* @secid: secid value
3351	*
3352	* Retrieve the subjective security identifier of the current task and return
3353	* it in @secid. In case of failure, @secid will be set to zero.
3354	*/
3355	void security_current_getsecid_subj(u32 *secid)
3356	{
3357	*secid = 0;
3358	call_void_hook(current_getsecid_subj, secid);
3359	}
3360	EXPORT_SYMBOL(security_current_getsecid_subj);
3361
3362	/**
3363	* security_task_getsecid_obj() - Get a task's objective secid
3364	* @p: target task
3365	* @secid: secid value
3366	*
3367	* Retrieve the objective security identifier of the task_struct in @p and
3368	* return it in @secid. In case of failure, @secid will be set to zero.
3369	*/
3370	void security_task_getsecid_obj(struct task_struct *p, u32 *secid)
3371	{
3372	*secid = 0;
3373	call_void_hook(task_getsecid_obj, p, secid);
3374	}
3375	EXPORT_SYMBOL(security_task_getsecid_obj);
3376
3377	/**
3378	* security_task_setnice() - Check if setting a task's nice value is allowed
3379	* @p: target task
3380	* @nice: nice value
3381	*
3382	* Check permission before setting the nice value of @p to @nice.
3383	*
3384	* Return: Returns 0 if permission is granted.
3385	*/
3386	int security_task_setnice(struct task_struct *p, int nice)
3387	{
3388	return call_int_hook(task_setnice, p, nice);
3389	}
3390
3391	/**
3392	* security_task_setioprio() - Check if setting a task's ioprio is allowed
3393	* @p: target task
3394	* @ioprio: ioprio value
3395	*
3396	* Check permission before setting the ioprio value of @p to @ioprio.
3397	*
3398	* Return: Returns 0 if permission is granted.
3399	*/
3400	int security_task_setioprio(struct task_struct *p, int ioprio)
3401	{
3402	return call_int_hook(task_setioprio, p, ioprio);
3403	}
3404
3405	/**
3406	* security_task_getioprio() - Check if getting a task's ioprio is allowed
3407	* @p: task
3408	*
3409	* Check permission before getting the ioprio value of @p.
3410	*
3411	* Return: Returns 0 if permission is granted.
3412	*/
3413	int security_task_getioprio(struct task_struct *p)
3414	{
3415	return call_int_hook(task_getioprio, p);
3416	}
3417
3418	/**
3419	* security_task_prlimit() - Check if get/setting resources limits is allowed
3420	* @cred: current task credentials
3421	* @tcred: target task credentials
3422	* @flags: LSM_PRLIMIT_* flag bits indicating a get/set/both
3423	*
3424	* Check permission before getting and/or setting the resource limits of
3425	* another task.
3426	*
3427	* Return: Returns 0 if permission is granted.
3428	*/
3429	int security_task_prlimit(const struct cred *cred, const struct cred *tcred,
3430	unsigned int flags)
3431	{
3432	return call_int_hook(task_prlimit, cred, tcred, flags);
3433	}
3434
3435	/**
3436	* security_task_setrlimit() - Check if setting a new rlimit value is allowed
3437	* @p: target task's group leader
3438	* @resource: resource whose limit is being set
3439	* @new_rlim: new resource limit
3440	*
3441	* Check permission before setting the resource limits of process @p for
3442	* @resource to @new_rlim. The old resource limit values can be examined by
3443	* dereferencing (p->signal->rlim + resource).
3444	*
3445	* Return: Returns 0 if permission is granted.
3446	*/
3447	int security_task_setrlimit(struct task_struct *p, unsigned int resource,
3448	struct rlimit *new_rlim)
3449	{
3450	return call_int_hook(task_setrlimit, p, resource, new_rlim);
3451	}
3452
3453	/**
3454	* security_task_setscheduler() - Check if setting sched policy/param is allowed
3455	* @p: target task
3456	*
3457	* Check permission before setting scheduling policy and/or parameters of
3458	* process @p.
3459	*
3460	* Return: Returns 0 if permission is granted.
3461	*/
3462	int security_task_setscheduler(struct task_struct *p)
3463	{
3464	return call_int_hook(task_setscheduler, p);
3465	}
3466
3467	/**
3468	* security_task_getscheduler() - Check if getting scheduling info is allowed
3469	* @p: target task
3470	*
3471	* Check permission before obtaining scheduling information for process @p.
3472	*
3473	* Return: Returns 0 if permission is granted.
3474	*/
3475	int security_task_getscheduler(struct task_struct *p)
3476	{
3477	return call_int_hook(task_getscheduler, p);
3478	}
3479
3480	/**
3481	* security_task_movememory() - Check if moving memory is allowed
3482	* @p: task
3483	*
3484	* Check permission before moving memory owned by process @p.
3485	*
3486	* Return: Returns 0 if permission is granted.
3487	*/
3488	int security_task_movememory(struct task_struct *p)
3489	{
3490	return call_int_hook(task_movememory, p);
3491	}
3492
3493	/**
3494	* security_task_kill() - Check if sending a signal is allowed
3495	* @p: target process
3496	* @info: signal information
3497	* @sig: signal value
3498	* @cred: credentials of the signal sender, NULL if @current
3499	*
3500	* Check permission before sending signal @sig to @p. @info can be NULL, the
3501	* constant 1, or a pointer to a kernel_siginfo structure. If @info is 1 or
3502	* SI_FROMKERNEL(info) is true, then the signal should be viewed as coming from
3503	* the kernel and should typically be permitted. SIGIO signals are handled
3504	* separately by the send_sigiotask hook in file_security_ops.
3505	*
3506	* Return: Returns 0 if permission is granted.
3507	*/
3508	int security_task_kill(struct task_struct *p, struct kernel_siginfo *info,
3509	int sig, const struct cred *cred)
3510	{
3511	return call_int_hook(task_kill, p, info, sig, cred);
3512	}
3513
3514	/**
3515	* security_task_prctl() - Check if a prctl op is allowed
3516	* @option: operation
3517	* @arg2: argument
3518	* @arg3: argument
3519	* @arg4: argument
3520	* @arg5: argument
3521	*
3522	* Check permission before performing a process control operation on the
3523	* current process.
3524	*
3525	* Return: Return -ENOSYS if no-one wanted to handle this op, any other value
3526	* to cause prctl() to return immediately with that value.
3527	*/
3528	int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
3529	unsigned long arg4, unsigned long arg5)
3530	{
3531	int thisrc;
3532	int rc = LSM_RET_DEFAULT(task_prctl);
3533	struct security_hook_list *hp;
3534
3535	hlist_for_each_entry(hp, &security_hook_heads.task_prctl, list) {
3536	thisrc = hp->hook.task_prctl(option, arg2, arg3, arg4, arg5);
3537	if (thisrc != LSM_RET_DEFAULT(task_prctl)) {
3538	rc = thisrc;
3539	if (thisrc != 0)
3540	break;
3541	}
3542	}
3543	return rc;
3544	}
3545
3546	/**
3547	* security_task_to_inode() - Set the security attributes of a task's inode
3548	* @p: task
3549	* @inode: inode
3550	*
3551	* Set the security attributes for an inode based on an associated task's
3552	* security attributes, e.g. for /proc/pid inodes.
3553	*/
3554	void security_task_to_inode(struct task_struct *p, struct inode *inode)
3555	{
3556	call_void_hook(task_to_inode, p, inode);
3557	}
3558
3559	/**
3560	* security_create_user_ns() - Check if creating a new userns is allowed
3561	* @cred: prepared creds
3562	*
3563	* Check permission prior to creating a new user namespace.
3564	*
3565	* Return: Returns 0 if successful, otherwise < 0 error code.
3566	*/
3567	int security_create_user_ns(const struct cred *cred)
3568	{
3569	return call_int_hook(userns_create, cred);
3570	}
3571
3572	/**
3573	* security_ipc_permission() - Check if sysv ipc access is allowed
3574	* @ipcp: ipc permission structure
3575	* @flag: requested permissions
3576	*
3577	* Check permissions for access to IPC.
3578	*
3579	* Return: Returns 0 if permission is granted.
3580	*/
3581	int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
3582	{
3583	return call_int_hook(ipc_permission, ipcp, flag);
3584	}
3585
3586	/**
3587	* security_ipc_getsecid() - Get the sysv ipc object's secid
3588	* @ipcp: ipc permission structure
3589	* @secid: secid pointer
3590	*
3591	* Get the secid associated with the ipc object. In case of failure, @secid
3592	* will be set to zero.
3593	*/
3594	void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
3595	{
3596	*secid = 0;
3597	call_void_hook(ipc_getsecid, ipcp, secid);
3598	}
3599
3600	/**
3601	* security_msg_msg_alloc() - Allocate a sysv ipc message LSM blob
3602	* @msg: message structure
3603	*
3604	* Allocate and attach a security structure to the msg->security field. The
3605	* security field is initialized to NULL when the structure is first created.
3606	*
3607	* Return: Return 0 if operation was successful and permission is granted.
3608	*/
3609	int security_msg_msg_alloc(struct msg_msg *msg)
3610	{
3611	int rc = lsm_msg_msg_alloc(mp: msg);
3612
3613	if (unlikely(rc))
3614	return rc;
3615	rc = call_int_hook(msg_msg_alloc_security, msg);
3616	if (unlikely(rc))
3617	security_msg_msg_free(msg);
3618	return rc;
3619	}
3620
3621	/**
3622	* security_msg_msg_free() - Free a sysv ipc message LSM blob
3623	* @msg: message structure
3624	*
3625	* Deallocate the security structure for this message.
3626	*/
3627	void security_msg_msg_free(struct msg_msg *msg)
3628	{
3629	call_void_hook(msg_msg_free_security, msg);
3630	kfree(objp: msg->security);
3631	msg->security = NULL;
3632	}
3633
3634	/**
3635	* security_msg_queue_alloc() - Allocate a sysv ipc msg queue LSM blob
3636	* @msq: sysv ipc permission structure
3637	*
3638	* Allocate and attach a security structure to @msg. The security field is
3639	* initialized to NULL when the structure is first created.
3640	*
3641	* Return: Returns 0 if operation was successful and permission is granted.
3642	*/
3643	int security_msg_queue_alloc(struct kern_ipc_perm *msq)
3644	{
3645	int rc = lsm_ipc_alloc(kip: msq);
3646
3647	if (unlikely(rc))
3648	return rc;
3649	rc = call_int_hook(msg_queue_alloc_security, msq);
3650	if (unlikely(rc))
3651	security_msg_queue_free(msq);
3652	return rc;
3653	}
3654
3655	/**
3656	* security_msg_queue_free() - Free a sysv ipc msg queue LSM blob
3657	* @msq: sysv ipc permission structure
3658	*
3659	* Deallocate security field @perm->security for the message queue.
3660	*/
3661	void security_msg_queue_free(struct kern_ipc_perm *msq)
3662	{
3663	call_void_hook(msg_queue_free_security, msq);
3664	kfree(objp: msq->security);
3665	msq->security = NULL;
3666	}
3667
3668	/**
3669	* security_msg_queue_associate() - Check if a msg queue operation is allowed
3670	* @msq: sysv ipc permission structure
3671	* @msqflg: operation flags
3672	*
3673	* Check permission when a message queue is requested through the msgget system
3674	* call. This hook is only called when returning the message queue identifier
3675	* for an existing message queue, not when a new message queue is created.
3676	*
3677	* Return: Return 0 if permission is granted.
3678	*/
3679	int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
3680	{
3681	return call_int_hook(msg_queue_associate, msq, msqflg);
3682	}
3683
3684	/**
3685	* security_msg_queue_msgctl() - Check if a msg queue operation is allowed
3686	* @msq: sysv ipc permission structure
3687	* @cmd: operation
3688	*
3689	* Check permission when a message control operation specified by @cmd is to be
3690	* performed on the message queue with permissions.
3691	*
3692	* Return: Returns 0 if permission is granted.
3693	*/
3694	int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
3695	{
3696	return call_int_hook(msg_queue_msgctl, msq, cmd);
3697	}
3698
3699	/**
3700	* security_msg_queue_msgsnd() - Check if sending a sysv ipc message is allowed
3701	* @msq: sysv ipc permission structure
3702	* @msg: message
3703	* @msqflg: operation flags
3704	*
3705	* Check permission before a message, @msg, is enqueued on the message queue
3706	* with permissions specified in @msq.
3707	*
3708	* Return: Returns 0 if permission is granted.
3709	*/
3710	int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
3711	struct msg_msg *msg, int msqflg)
3712	{
3713	return call_int_hook(msg_queue_msgsnd, msq, msg, msqflg);
3714	}
3715
3716	/**
3717	* security_msg_queue_msgrcv() - Check if receiving a sysv ipc msg is allowed
3718	* @msq: sysv ipc permission structure
3719	* @msg: message
3720	* @target: target task
3721	* @type: type of message requested
3722	* @mode: operation flags
3723	*
3724	* Check permission before a message, @msg, is removed from the message queue.
3725	* The @target task structure contains a pointer to the process that will be
3726	* receiving the message (not equal to the current process when inline receives
3727	* are being performed).
3728	*
3729	* Return: Returns 0 if permission is granted.
3730	*/
3731	int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
3732	struct task_struct *target, long type, int mode)
3733	{
3734	return call_int_hook(msg_queue_msgrcv, msq, msg, target, type, mode);
3735	}
3736
3737	/**
3738	* security_shm_alloc() - Allocate a sysv shm LSM blob
3739	* @shp: sysv ipc permission structure
3740	*
3741	* Allocate and attach a security structure to the @shp security field. The
3742	* security field is initialized to NULL when the structure is first created.
3743	*
3744	* Return: Returns 0 if operation was successful and permission is granted.
3745	*/
3746	int security_shm_alloc(struct kern_ipc_perm *shp)
3747	{
3748	int rc = lsm_ipc_alloc(kip: shp);
3749
3750	if (unlikely(rc))
3751	return rc;
3752	rc = call_int_hook(shm_alloc_security, shp);
3753	if (unlikely(rc))
3754	security_shm_free(shp);
3755	return rc;
3756	}
3757
3758	/**
3759	* security_shm_free() - Free a sysv shm LSM blob
3760	* @shp: sysv ipc permission structure
3761	*
3762	* Deallocate the security structure @perm->security for the memory segment.
3763	*/
3764	void security_shm_free(struct kern_ipc_perm *shp)
3765	{
3766	call_void_hook(shm_free_security, shp);
3767	kfree(objp: shp->security);
3768	shp->security = NULL;
3769	}
3770
3771	/**
3772	* security_shm_associate() - Check if a sysv shm operation is allowed
3773	* @shp: sysv ipc permission structure
3774	* @shmflg: operation flags
3775	*
3776	* Check permission when a shared memory region is requested through the shmget
3777	* system call. This hook is only called when returning the shared memory
3778	* region identifier for an existing region, not when a new shared memory
3779	* region is created.
3780	*
3781	* Return: Returns 0 if permission is granted.
3782	*/
3783	int security_shm_associate(struct kern_ipc_perm *shp, int shmflg)
3784	{
3785	return call_int_hook(shm_associate, shp, shmflg);
3786	}
3787
3788	/**
3789	* security_shm_shmctl() - Check if a sysv shm operation is allowed
3790	* @shp: sysv ipc permission structure
3791	* @cmd: operation
3792	*
3793	* Check permission when a shared memory control operation specified by @cmd is
3794	* to be performed on the shared memory region with permissions in @shp.
3795	*
3796	* Return: Return 0 if permission is granted.
3797	*/
3798	int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
3799	{
3800	return call_int_hook(shm_shmctl, shp, cmd);
3801	}
3802
3803	/**
3804	* security_shm_shmat() - Check if a sysv shm attach operation is allowed
3805	* @shp: sysv ipc permission structure
3806	* @shmaddr: address of memory region to attach
3807	* @shmflg: operation flags
3808	*
3809	* Check permissions prior to allowing the shmat system call to attach the
3810	* shared memory segment with permissions @shp to the data segment of the
3811	* calling process. The attaching address is specified by @shmaddr.
3812	*
3813	* Return: Returns 0 if permission is granted.
3814	*/
3815	int security_shm_shmat(struct kern_ipc_perm *shp,
3816	char __user *shmaddr, int shmflg)
3817	{
3818	return call_int_hook(shm_shmat, shp, shmaddr, shmflg);
3819	}
3820
3821	/**
3822	* security_sem_alloc() - Allocate a sysv semaphore LSM blob
3823	* @sma: sysv ipc permission structure
3824	*
3825	* Allocate and attach a security structure to the @sma security field. The
3826	* security field is initialized to NULL when the structure is first created.
3827	*
3828	* Return: Returns 0 if operation was successful and permission is granted.
3829	*/
3830	int security_sem_alloc(struct kern_ipc_perm *sma)
3831	{
3832	int rc = lsm_ipc_alloc(kip: sma);
3833
3834	if (unlikely(rc))
3835	return rc;
3836	rc = call_int_hook(sem_alloc_security, sma);
3837	if (unlikely(rc))
3838	security_sem_free(sma);
3839	return rc;
3840	}
3841
3842	/**
3843	* security_sem_free() - Free a sysv semaphore LSM blob
3844	* @sma: sysv ipc permission structure
3845	*
3846	* Deallocate security structure @sma->security for the semaphore.
3847	*/
3848	void security_sem_free(struct kern_ipc_perm *sma)
3849	{
3850	call_void_hook(sem_free_security, sma);
3851	kfree(objp: sma->security);
3852	sma->security = NULL;
3853	}
3854
3855	/**
3856	* security_sem_associate() - Check if a sysv semaphore operation is allowed
3857	* @sma: sysv ipc permission structure
3858	* @semflg: operation flags
3859	*
3860	* Check permission when a semaphore is requested through the semget system
3861	* call. This hook is only called when returning the semaphore identifier for
3862	* an existing semaphore, not when a new one must be created.
3863	*
3864	* Return: Returns 0 if permission is granted.
3865	*/
3866	int security_sem_associate(struct kern_ipc_perm *sma, int semflg)
3867	{
3868	return call_int_hook(sem_associate, sma, semflg);
3869	}
3870
3871	/**
3872	* security_sem_semctl() - Check if a sysv semaphore operation is allowed
3873	* @sma: sysv ipc permission structure
3874	* @cmd: operation
3875	*
3876	* Check permission when a semaphore operation specified by @cmd is to be
3877	* performed on the semaphore.
3878	*
3879	* Return: Returns 0 if permission is granted.
3880	*/
3881	int security_sem_semctl(struct kern_ipc_perm *sma, int cmd)
3882	{
3883	return call_int_hook(sem_semctl, sma, cmd);
3884	}
3885
3886	/**
3887	* security_sem_semop() - Check if a sysv semaphore operation is allowed
3888	* @sma: sysv ipc permission structure
3889	* @sops: operations to perform
3890	* @nsops: number of operations
3891	* @alter: flag indicating changes will be made
3892	*
3893	* Check permissions before performing operations on members of the semaphore
3894	* set. If the @alter flag is nonzero, the semaphore set may be modified.
3895	*
3896	* Return: Returns 0 if permission is granted.
3897	*/
3898	int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops,
3899	unsigned nsops, int alter)
3900	{
3901	return call_int_hook(sem_semop, sma, sops, nsops, alter);
3902	}
3903
3904	/**
3905	* security_d_instantiate() - Populate an inode's LSM state based on a dentry
3906	* @dentry: dentry
3907	* @inode: inode
3908	*
3909	* Fill in @inode security information for a @dentry if allowed.
3910	*/
3911	void security_d_instantiate(struct dentry *dentry, struct inode *inode)
3912	{
3913	if (unlikely(inode && IS_PRIVATE(inode)))
3914	return;
3915	call_void_hook(d_instantiate, dentry, inode);
3916	}
3917	EXPORT_SYMBOL(security_d_instantiate);
3918
3919	/*
3920	* Please keep this in sync with it's counterpart in security/lsm_syscalls.c
3921	*/
3922
3923	/**
3924	* security_getselfattr - Read an LSM attribute of the current process.
3925	* @attr: which attribute to return
3926	* @uctx: the user-space destination for the information, or NULL
3927	* @size: pointer to the size of space available to receive the data
3928	* @flags: special handling options. LSM_FLAG_SINGLE indicates that only
3929	* attributes associated with the LSM identified in the passed @ctx be
3930	* reported.
3931	*
3932	* A NULL value for @uctx can be used to get both the number of attributes
3933	* and the size of the data.
3934	*
3935	* Returns the number of attributes found on success, negative value
3936	* on error. @size is reset to the total size of the data.
3937	* If @size is insufficient to contain the data -E2BIG is returned.
3938	*/
3939	int security_getselfattr(unsigned int attr, struct lsm_ctx __user *uctx,
3940	u32 __user *size, u32 flags)
3941	{
3942	struct security_hook_list *hp;
3943	struct lsm_ctx lctx = { .id = LSM_ID_UNDEF, };
3944	u8 __user *base = (u8 __user *)uctx;
3945	u32 entrysize;
3946	u32 total = 0;
3947	u32 left;
3948	bool toobig = false;
3949	bool single = false;
3950	int count = 0;
3951	int rc;
3952
3953	if (attr == LSM_ATTR_UNDEF)
3954	return -EINVAL;
3955	if (size == NULL)
3956	return -EINVAL;
3957	if (get_user(left, size))
3958	return -EFAULT;
3959
3960	if (flags) {
3961	/*
3962	* Only flag supported is LSM_FLAG_SINGLE
3963	*/
3964	if (flags != LSM_FLAG_SINGLE || !uctx)
3965	return -EINVAL;
3966	if (copy_from_user(to: &lctx, from: uctx, n: sizeof(lctx)))
3967	return -EFAULT;
3968	/*
3969	* If the LSM ID isn't specified it is an error.
3970	*/
3971	if (lctx.id == LSM_ID_UNDEF)
3972	return -EINVAL;
3973	single = true;
3974	}
3975
3976	/*
3977	* In the usual case gather all the data from the LSMs.
3978	* In the single case only get the data from the LSM specified.
3979	*/
3980	hlist_for_each_entry(hp, &security_hook_heads.getselfattr, list) {
3981	if (single && lctx.id != hp->lsmid->id)
3982	continue;
3983	entrysize = left;
3984	if (base)
3985	uctx = (struct lsm_ctx __user *)(base + total);
3986	rc = hp->hook.getselfattr(attr, uctx, &entrysize, flags);
3987	if (rc == -EOPNOTSUPP) {
3988	rc = 0;
3989	continue;
3990	}
3991	if (rc == -E2BIG) {
3992	rc = 0;
3993	left = 0;
3994	toobig = true;
3995	} else if (rc < 0)
3996	return rc;
3997	else
3998	left -= entrysize;
3999
4000	total += entrysize;
4001	count += rc;
4002	if (single)
4003	break;
4004	}
4005	if (put_user(total, size))
4006	return -EFAULT;
4007	if (toobig)
4008	return -E2BIG;
4009	if (count == 0)
4010	return LSM_RET_DEFAULT(getselfattr);
4011	return count;
4012	}
4013
4014	/*
4015	* Please keep this in sync with it's counterpart in security/lsm_syscalls.c
4016	*/
4017
4018	/**
4019	* security_setselfattr - Set an LSM attribute on the current process.
4020	* @attr: which attribute to set
4021	* @uctx: the user-space source for the information
4022	* @size: the size of the data
4023	* @flags: reserved for future use, must be 0
4024	*
4025	* Set an LSM attribute for the current process. The LSM, attribute
4026	* and new value are included in @uctx.
4027	*
4028	* Returns 0 on success, -EINVAL if the input is inconsistent, -EFAULT
4029	* if the user buffer is inaccessible, E2BIG if size is too big, or an
4030	* LSM specific failure.
4031	*/
4032	int security_setselfattr(unsigned int attr, struct lsm_ctx __user *uctx,
4033	u32 size, u32 flags)
4034	{
4035	struct security_hook_list *hp;
4036	struct lsm_ctx *lctx;
4037	int rc = LSM_RET_DEFAULT(setselfattr);
4038	u64 required_len;
4039
4040	if (flags)
4041	return -EINVAL;
4042	if (size < sizeof(*lctx))
4043	return -EINVAL;
4044	if (size > PAGE_SIZE)
4045	return -E2BIG;
4046
4047	lctx = memdup_user(uctx, size);
4048	if (IS_ERR(ptr: lctx))
4049	return PTR_ERR(ptr: lctx);
4050
4051	if (size < lctx->len ||
4052	check_add_overflow(sizeof(*lctx), lctx->ctx_len, &required_len) ||
4053	lctx->len < required_len) {
4054	rc = -EINVAL;
4055	goto free_out;
4056	}
4057
4058	hlist_for_each_entry(hp, &security_hook_heads.setselfattr, list)
4059	if ((hp->lsmid->id) == lctx->id) {
4060	rc = hp->hook.setselfattr(attr, lctx, size, flags);
4061	break;
4062	}
4063
4064	free_out:
4065	kfree(objp: lctx);
4066	return rc;
4067	}
4068
4069	/**
4070	* security_getprocattr() - Read an attribute for a task
4071	* @p: the task
4072	* @lsmid: LSM identification
4073	* @name: attribute name
4074	* @value: attribute value
4075	*
4076	* Read attribute @name for task @p and store it into @value if allowed.
4077	*
4078	* Return: Returns the length of @value on success, a negative value otherwise.
4079	*/
4080	int security_getprocattr(struct task_struct *p, int lsmid, const char *name,
4081	char **value)
4082	{
4083	struct security_hook_list *hp;
4084
4085	hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) {
4086	if (lsmid != 0 && lsmid != hp->lsmid->id)
4087	continue;
4088	return hp->hook.getprocattr(p, name, value);
4089	}
4090	return LSM_RET_DEFAULT(getprocattr);
4091	}
4092
4093	/**
4094	* security_setprocattr() - Set an attribute for a task
4095	* @lsmid: LSM identification
4096	* @name: attribute name
4097	* @value: attribute value
4098	* @size: attribute value size
4099	*
4100	* Write (set) the current task's attribute @name to @value, size @size if
4101	* allowed.
4102	*
4103	* Return: Returns bytes written on success, a negative value otherwise.
4104	*/
4105	int security_setprocattr(int lsmid, const char *name, void *value, size_t size)
4106	{
4107	struct security_hook_list *hp;
4108
4109	hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) {
4110	if (lsmid != 0 && lsmid != hp->lsmid->id)
4111	continue;
4112	return hp->hook.setprocattr(name, value, size);
4113	}
4114	return LSM_RET_DEFAULT(setprocattr);
4115	}
4116
4117	/**
4118	* security_netlink_send() - Save info and check if netlink sending is allowed
4119	* @sk: sending socket
4120	* @skb: netlink message
4121	*
4122	* Save security information for a netlink message so that permission checking
4123	* can be performed when the message is processed. The security information
4124	* can be saved using the eff_cap field of the netlink_skb_parms structure.
4125	* Also may be used to provide fine grained control over message transmission.
4126	*
4127	* Return: Returns 0 if the information was successfully saved and message is
4128	* allowed to be transmitted.
4129	*/
4130	int security_netlink_send(struct sock *sk, struct sk_buff *skb)
4131	{
4132	return call_int_hook(netlink_send, sk, skb);
4133	}
4134
4135	/**
4136	* security_ismaclabel() - Check if the named attribute is a MAC label
4137	* @name: full extended attribute name
4138	*
4139	* Check if the extended attribute specified by @name represents a MAC label.
4140	*
4141	* Return: Returns 1 if name is a MAC attribute otherwise returns 0.
4142	*/
4143	int security_ismaclabel(const char *name)
4144	{
4145	return call_int_hook(ismaclabel, name);
4146	}
4147	EXPORT_SYMBOL(security_ismaclabel);
4148
4149	/**
4150	* security_secid_to_secctx() - Convert a secid to a secctx
4151	* @secid: secid
4152	* @secdata: secctx
4153	* @seclen: secctx length
4154	*
4155	* Convert secid to security context. If @secdata is NULL the length of the
4156	* result will be returned in @seclen, but no @secdata will be returned. This
4157	* does mean that the length could change between calls to check the length and
4158	* the next call which actually allocates and returns the @secdata.
4159	*
4160	* Return: Return 0 on success, error on failure.
4161	*/
4162	int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4163	{
4164	return call_int_hook(secid_to_secctx, secid, secdata, seclen);
4165	}
4166	EXPORT_SYMBOL(security_secid_to_secctx);
4167
4168	/**
4169	* security_secctx_to_secid() - Convert a secctx to a secid
4170	* @secdata: secctx
4171	* @seclen: length of secctx
4172	* @secid: secid
4173	*
4174	* Convert security context to secid.
4175	*
4176	* Return: Returns 0 on success, error on failure.
4177	*/
4178	int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4179	{
4180	*secid = 0;
4181	return call_int_hook(secctx_to_secid, secdata, seclen, secid);
4182	}
4183	EXPORT_SYMBOL(security_secctx_to_secid);
4184
4185	/**
4186	* security_release_secctx() - Free a secctx buffer
4187	* @secdata: secctx
4188	* @seclen: length of secctx
4189	*
4190	* Release the security context.
4191	*/
4192	void security_release_secctx(char *secdata, u32 seclen)
4193	{
4194	call_void_hook(release_secctx, secdata, seclen);
4195	}
4196	EXPORT_SYMBOL(security_release_secctx);
4197
4198	/**
4199	* security_inode_invalidate_secctx() - Invalidate an inode's security label
4200	* @inode: inode
4201	*
4202	* Notify the security module that it must revalidate the security context of
4203	* an inode.
4204	*/
4205	void security_inode_invalidate_secctx(struct inode *inode)
4206	{
4207	call_void_hook(inode_invalidate_secctx, inode);
4208	}
4209	EXPORT_SYMBOL(security_inode_invalidate_secctx);
4210
4211	/**
4212	* security_inode_notifysecctx() - Notify the LSM of an inode's security label
4213	* @inode: inode
4214	* @ctx: secctx
4215	* @ctxlen: length of secctx
4216	*
4217	* Notify the security module of what the security context of an inode should
4218	* be. Initializes the incore security context managed by the security module
4219	* for this inode. Example usage: NFS client invokes this hook to initialize
4220	* the security context in its incore inode to the value provided by the server
4221	* for the file when the server returned the file's attributes to the client.
4222	* Must be called with inode->i_mutex locked.
4223	*
4224	* Return: Returns 0 on success, error on failure.
4225	*/
4226	int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4227	{
4228	return call_int_hook(inode_notifysecctx, inode, ctx, ctxlen);
4229	}
4230	EXPORT_SYMBOL(security_inode_notifysecctx);
4231
4232	/**
4233	* security_inode_setsecctx() - Change the security label of an inode
4234	* @dentry: inode
4235	* @ctx: secctx
4236	* @ctxlen: length of secctx
4237	*
4238	* Change the security context of an inode. Updates the incore security
4239	* context managed by the security module and invokes the fs code as needed
4240	* (via __vfs_setxattr_noperm) to update any backing xattrs that represent the
4241	* context. Example usage: NFS server invokes this hook to change the security
4242	* context in its incore inode and on the backing filesystem to a value
4243	* provided by the client on a SETATTR operation. Must be called with
4244	* inode->i_mutex locked.
4245	*
4246	* Return: Returns 0 on success, error on failure.
4247	*/
4248	int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4249	{
4250	return call_int_hook(inode_setsecctx, dentry, ctx, ctxlen);
4251	}
4252	EXPORT_SYMBOL(security_inode_setsecctx);
4253
4254	/**
4255	* security_inode_getsecctx() - Get the security label of an inode
4256	* @inode: inode
4257	* @ctx: secctx
4258	* @ctxlen: length of secctx
4259	*
4260	* On success, returns 0 and fills out @ctx and @ctxlen with the security
4261	* context for the given @inode.
4262	*
4263	* Return: Returns 0 on success, error on failure.
4264	*/
4265	int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4266	{
4267	return call_int_hook(inode_getsecctx, inode, ctx, ctxlen);
4268	}
4269	EXPORT_SYMBOL(security_inode_getsecctx);
4270
4271	#ifdef CONFIG_WATCH_QUEUE
4272	/**
4273	* security_post_notification() - Check if a watch notification can be posted
4274	* @w_cred: credentials of the task that set the watch
4275	* @cred: credentials of the task which triggered the watch
4276	* @n: the notification
4277	*
4278	* Check to see if a watch notification can be posted to a particular queue.
4279	*
4280	* Return: Returns 0 if permission is granted.
4281	*/
4282	int security_post_notification(const struct cred *w_cred,
4283	const struct cred *cred,
4284	struct watch_notification *n)
4285	{
4286	return call_int_hook(post_notification, w_cred, cred, n);
4287	}
4288	#endif /* CONFIG_WATCH_QUEUE */
4289
4290	#ifdef CONFIG_KEY_NOTIFICATIONS
4291	/**
4292	* security_watch_key() - Check if a task is allowed to watch for key events
4293	* @key: the key to watch
4294	*
4295	* Check to see if a process is allowed to watch for event notifications from
4296	* a key or keyring.
4297	*
4298	* Return: Returns 0 if permission is granted.
4299	*/
4300	int security_watch_key(struct key *key)
4301	{
4302	return call_int_hook(watch_key, key);
4303	}
4304	#endif /* CONFIG_KEY_NOTIFICATIONS */
4305
4306	#ifdef CONFIG_SECURITY_NETWORK
4307	/**
4308	* security_unix_stream_connect() - Check if a AF_UNIX stream is allowed
4309	* @sock: originating sock
4310	* @other: peer sock
4311	* @newsk: new sock
4312	*
4313	* Check permissions before establishing a Unix domain stream connection
4314	* between @sock and @other.
4315	*
4316	* The @unix_stream_connect and @unix_may_send hooks were necessary because
4317	* Linux provides an alternative to the conventional file name space for Unix
4318	* domain sockets. Whereas binding and connecting to sockets in the file name
4319	* space is mediated by the typical file permissions (and caught by the mknod
4320	* and permission hooks in inode_security_ops), binding and connecting to
4321	* sockets in the abstract name space is completely unmediated. Sufficient
4322	* control of Unix domain sockets in the abstract name space isn't possible
4323	* using only the socket layer hooks, since we need to know the actual target
4324	* socket, which is not looked up until we are inside the af_unix code.
4325	*
4326	* Return: Returns 0 if permission is granted.
4327	*/
4328	int security_unix_stream_connect(struct sock *sock, struct sock *other,
4329	struct sock *newsk)
4330	{
4331	return call_int_hook(unix_stream_connect, sock, other, newsk);
4332	}
4333	EXPORT_SYMBOL(security_unix_stream_connect);
4334
4335	/**
4336	* security_unix_may_send() - Check if AF_UNIX socket can send datagrams
4337	* @sock: originating sock
4338	* @other: peer sock
4339	*
4340	* Check permissions before connecting or sending datagrams from @sock to
4341	* @other.
4342	*
4343	* The @unix_stream_connect and @unix_may_send hooks were necessary because
4344	* Linux provides an alternative to the conventional file name space for Unix
4345	* domain sockets. Whereas binding and connecting to sockets in the file name
4346	* space is mediated by the typical file permissions (and caught by the mknod
4347	* and permission hooks in inode_security_ops), binding and connecting to
4348	* sockets in the abstract name space is completely unmediated. Sufficient
4349	* control of Unix domain sockets in the abstract name space isn't possible
4350	* using only the socket layer hooks, since we need to know the actual target
4351	* socket, which is not looked up until we are inside the af_unix code.
4352	*
4353	* Return: Returns 0 if permission is granted.
4354	*/
4355	int security_unix_may_send(struct socket *sock, struct socket *other)
4356	{
4357	return call_int_hook(unix_may_send, sock, other);
4358	}
4359	EXPORT_SYMBOL(security_unix_may_send);
4360
4361	/**
4362	* security_socket_create() - Check if creating a new socket is allowed
4363	* @family: protocol family
4364	* @type: communications type
4365	* @protocol: requested protocol
4366	* @kern: set to 1 if a kernel socket is requested
4367	*
4368	* Check permissions prior to creating a new socket.
4369	*
4370	* Return: Returns 0 if permission is granted.
4371	*/
4372	int security_socket_create(int family, int type, int protocol, int kern)
4373	{
4374	return call_int_hook(socket_create, family, type, protocol, kern);
4375	}
4376
4377	/**
4378	* security_socket_post_create() - Initialize a newly created socket
4379	* @sock: socket
4380	* @family: protocol family
4381	* @type: communications type
4382	* @protocol: requested protocol
4383	* @kern: set to 1 if a kernel socket is requested
4384	*
4385	* This hook allows a module to update or allocate a per-socket security
4386	* structure. Note that the security field was not added directly to the socket
4387	* structure, but rather, the socket security information is stored in the
4388	* associated inode. Typically, the inode alloc_security hook will allocate
4389	* and attach security information to SOCK_INODE(sock)->i_security. This hook
4390	* may be used to update the SOCK_INODE(sock)->i_security field with additional
4391	* information that wasn't available when the inode was allocated.
4392	*
4393	* Return: Returns 0 if permission is granted.
4394	*/
4395	int security_socket_post_create(struct socket *sock, int family,
4396	int type, int protocol, int kern)
4397	{
4398	return call_int_hook(socket_post_create, sock, family, type,
4399	protocol, kern);
4400	}
4401
4402	/**
4403	* security_socket_socketpair() - Check if creating a socketpair is allowed
4404	* @socka: first socket
4405	* @sockb: second socket
4406	*
4407	* Check permissions before creating a fresh pair of sockets.
4408	*
4409	* Return: Returns 0 if permission is granted and the connection was
4410	* established.
4411	*/
4412	int security_socket_socketpair(struct socket *socka, struct socket *sockb)
4413	{
4414	return call_int_hook(socket_socketpair, socka, sockb);
4415	}
4416	EXPORT_SYMBOL(security_socket_socketpair);
4417
4418	/**
4419	* security_socket_bind() - Check if a socket bind operation is allowed
4420	* @sock: socket
4421	* @address: requested bind address
4422	* @addrlen: length of address
4423	*
4424	* Check permission before socket protocol layer bind operation is performed
4425	* and the socket @sock is bound to the address specified in the @address
4426	* parameter.
4427	*
4428	* Return: Returns 0 if permission is granted.
4429	*/
4430	int security_socket_bind(struct socket *sock,
4431	struct sockaddr *address, int addrlen)
4432	{
4433	return call_int_hook(socket_bind, sock, address, addrlen);
4434	}
4435
4436	/**
4437	* security_socket_connect() - Check if a socket connect operation is allowed
4438	* @sock: socket
4439	* @address: address of remote connection point
4440	* @addrlen: length of address
4441	*
4442	* Check permission before socket protocol layer connect operation attempts to
4443	* connect socket @sock to a remote address, @address.
4444	*
4445	* Return: Returns 0 if permission is granted.
4446	*/
4447	int security_socket_connect(struct socket *sock,
4448	struct sockaddr *address, int addrlen)
4449	{
4450	return call_int_hook(socket_connect, sock, address, addrlen);
4451	}
4452
4453	/**
4454	* security_socket_listen() - Check if a socket is allowed to listen
4455	* @sock: socket
4456	* @backlog: connection queue size
4457	*
4458	* Check permission before socket protocol layer listen operation.
4459	*
4460	* Return: Returns 0 if permission is granted.
4461	*/
4462	int security_socket_listen(struct socket *sock, int backlog)
4463	{
4464	return call_int_hook(socket_listen, sock, backlog);
4465	}
4466
4467	/**
4468	* security_socket_accept() - Check if a socket is allowed to accept connections
4469	* @sock: listening socket
4470	* @newsock: newly creation connection socket
4471	*
4472	* Check permission before accepting a new connection. Note that the new
4473	* socket, @newsock, has been created and some information copied to it, but
4474	* the accept operation has not actually been performed.
4475	*
4476	* Return: Returns 0 if permission is granted.
4477	*/
4478	int security_socket_accept(struct socket *sock, struct socket *newsock)
4479	{
4480	return call_int_hook(socket_accept, sock, newsock);
4481	}
4482
4483	/**
4484	* security_socket_sendmsg() - Check if sending a message is allowed
4485	* @sock: sending socket
4486	* @msg: message to send
4487	* @size: size of message
4488	*
4489	* Check permission before transmitting a message to another socket.
4490	*
4491	* Return: Returns 0 if permission is granted.
4492	*/
4493	int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
4494	{
4495	return call_int_hook(socket_sendmsg, sock, msg, size);
4496	}
4497
4498	/**
4499	* security_socket_recvmsg() - Check if receiving a message is allowed
4500	* @sock: receiving socket
4501	* @msg: message to receive
4502	* @size: size of message
4503	* @flags: operational flags
4504	*
4505	* Check permission before receiving a message from a socket.
4506	*
4507	* Return: Returns 0 if permission is granted.
4508	*/
4509	int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
4510	int size, int flags)
4511	{
4512	return call_int_hook(socket_recvmsg, sock, msg, size, flags);
4513	}
4514
4515	/**
4516	* security_socket_getsockname() - Check if reading the socket addr is allowed
4517	* @sock: socket
4518	*
4519	* Check permission before reading the local address (name) of the socket
4520	* object.
4521	*
4522	* Return: Returns 0 if permission is granted.
4523	*/
4524	int security_socket_getsockname(struct socket *sock)
4525	{
4526	return call_int_hook(socket_getsockname, sock);
4527	}
4528
4529	/**
4530	* security_socket_getpeername() - Check if reading the peer's addr is allowed
4531	* @sock: socket
4532	*
4533	* Check permission before the remote address (name) of a socket object.
4534	*
4535	* Return: Returns 0 if permission is granted.
4536	*/
4537	int security_socket_getpeername(struct socket *sock)
4538	{
4539	return call_int_hook(socket_getpeername, sock);
4540	}
4541
4542	/**
4543	* security_socket_getsockopt() - Check if reading a socket option is allowed
4544	* @sock: socket
4545	* @level: option's protocol level
4546	* @optname: option name
4547	*
4548	* Check permissions before retrieving the options associated with socket
4549	* @sock.
4550	*
4551	* Return: Returns 0 if permission is granted.
4552	*/
4553	int security_socket_getsockopt(struct socket *sock, int level, int optname)
4554	{
4555	return call_int_hook(socket_getsockopt, sock, level, optname);
4556	}
4557
4558	/**
4559	* security_socket_setsockopt() - Check if setting a socket option is allowed
4560	* @sock: socket
4561	* @level: option's protocol level
4562	* @optname: option name
4563	*
4564	* Check permissions before setting the options associated with socket @sock.
4565	*
4566	* Return: Returns 0 if permission is granted.
4567	*/
4568	int security_socket_setsockopt(struct socket *sock, int level, int optname)
4569	{
4570	return call_int_hook(socket_setsockopt, sock, level, optname);
4571	}
4572
4573	/**
4574	* security_socket_shutdown() - Checks if shutting down the socket is allowed
4575	* @sock: socket
4576	* @how: flag indicating how sends and receives are handled
4577	*
4578	* Checks permission before all or part of a connection on the socket @sock is
4579	* shut down.
4580	*
4581	* Return: Returns 0 if permission is granted.
4582	*/
4583	int security_socket_shutdown(struct socket *sock, int how)
4584	{
4585	return call_int_hook(socket_shutdown, sock, how);
4586	}
4587
4588	/**
4589	* security_sock_rcv_skb() - Check if an incoming network packet is allowed
4590	* @sk: destination sock
4591	* @skb: incoming packet
4592	*
4593	* Check permissions on incoming network packets. This hook is distinct from
4594	* Netfilter's IP input hooks since it is the first time that the incoming
4595	* sk_buff @skb has been associated with a particular socket, @sk. Must not
4596	* sleep inside this hook because some callers hold spinlocks.
4597	*
4598	* Return: Returns 0 if permission is granted.
4599	*/
4600	int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4601	{
4602	return call_int_hook(socket_sock_rcv_skb, sk, skb);
4603	}
4604	EXPORT_SYMBOL(security_sock_rcv_skb);
4605
4606	/**
4607	* security_socket_getpeersec_stream() - Get the remote peer label
4608	* @sock: socket
4609	* @optval: destination buffer
4610	* @optlen: size of peer label copied into the buffer
4611	* @len: maximum size of the destination buffer
4612	*
4613	* This hook allows the security module to provide peer socket security state
4614	* for unix or connected tcp sockets to userspace via getsockopt SO_GETPEERSEC.
4615	* For tcp sockets this can be meaningful if the socket is associated with an
4616	* ipsec SA.
4617	*
4618	* Return: Returns 0 if all is well, otherwise, typical getsockopt return
4619	* values.
4620	*/
4621	int security_socket_getpeersec_stream(struct socket *sock, sockptr_t optval,
4622	sockptr_t optlen, unsigned int len)
4623	{
4624	return call_int_hook(socket_getpeersec_stream, sock, optval, optlen,
4625	len);
4626	}
4627
4628	/**
4629	* security_socket_getpeersec_dgram() - Get the remote peer label
4630	* @sock: socket
4631	* @skb: datagram packet
4632	* @secid: remote peer label secid
4633	*
4634	* This hook allows the security module to provide peer socket security state
4635	* for udp sockets on a per-packet basis to userspace via getsockopt
4636	* SO_GETPEERSEC. The application must first have indicated the IP_PASSSEC
4637	* option via getsockopt. It can then retrieve the security state returned by
4638	* this hook for a packet via the SCM_SECURITY ancillary message type.
4639	*
4640	* Return: Returns 0 on success, error on failure.
4641	*/
4642	int security_socket_getpeersec_dgram(struct socket *sock,
4643	struct sk_buff *skb, u32 *secid)
4644	{
4645	return call_int_hook(socket_getpeersec_dgram, sock, skb, secid);
4646	}
4647	EXPORT_SYMBOL(security_socket_getpeersec_dgram);
4648
4649	/**
4650	* security_sk_alloc() - Allocate and initialize a sock's LSM blob
4651	* @sk: sock
4652	* @family: protocol family
4653	* @priority: gfp flags
4654	*
4655	* Allocate and attach a security structure to the sk->sk_security field, which
4656	* is used to copy security attributes between local stream sockets.
4657	*
4658	* Return: Returns 0 on success, error on failure.
4659	*/
4660	int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
4661	{
4662	return call_int_hook(sk_alloc_security, sk, family, priority);
4663	}
4664
4665	/**
4666	* security_sk_free() - Free the sock's LSM blob
4667	* @sk: sock
4668	*
4669	* Deallocate security structure.
4670	*/
4671	void security_sk_free(struct sock *sk)
4672	{
4673	call_void_hook(sk_free_security, sk);
4674	}
4675
4676	/**
4677	* security_sk_clone() - Clone a sock's LSM state
4678	* @sk: original sock
4679	* @newsk: target sock
4680	*
4681	* Clone/copy security structure.
4682	*/
4683	void security_sk_clone(const struct sock *sk, struct sock *newsk)
4684	{
4685	call_void_hook(sk_clone_security, sk, newsk);
4686	}
4687	EXPORT_SYMBOL(security_sk_clone);
4688
4689	/**
4690	* security_sk_classify_flow() - Set a flow's secid based on socket
4691	* @sk: original socket
4692	* @flic: target flow
4693	*
4694	* Set the target flow's secid to socket's secid.
4695	*/
4696	void security_sk_classify_flow(const struct sock *sk, struct flowi_common *flic)
4697	{
4698	call_void_hook(sk_getsecid, sk, &flic->flowic_secid);
4699	}
4700	EXPORT_SYMBOL(security_sk_classify_flow);
4701
4702	/**
4703	* security_req_classify_flow() - Set a flow's secid based on request_sock
4704	* @req: request_sock
4705	* @flic: target flow
4706	*
4707	* Sets @flic's secid to @req's secid.
4708	*/
4709	void security_req_classify_flow(const struct request_sock *req,
4710	struct flowi_common *flic)
4711	{
4712	call_void_hook(req_classify_flow, req, flic);
4713	}
4714	EXPORT_SYMBOL(security_req_classify_flow);
4715
4716	/**
4717	* security_sock_graft() - Reconcile LSM state when grafting a sock on a socket
4718	* @sk: sock being grafted
4719	* @parent: target parent socket
4720	*
4721	* Sets @parent's inode secid to @sk's secid and update @sk with any necessary
4722	* LSM state from @parent.
4723	*/
4724	void security_sock_graft(struct sock *sk, struct socket *parent)
4725	{
4726	call_void_hook(sock_graft, sk, parent);
4727	}
4728	EXPORT_SYMBOL(security_sock_graft);
4729
4730	/**
4731	* security_inet_conn_request() - Set request_sock state using incoming connect
4732	* @sk: parent listening sock
4733	* @skb: incoming connection
4734	* @req: new request_sock
4735	*
4736	* Initialize the @req LSM state based on @sk and the incoming connect in @skb.
4737	*
4738	* Return: Returns 0 if permission is granted.
4739	*/
4740	int security_inet_conn_request(const struct sock *sk,
4741	struct sk_buff *skb, struct request_sock *req)
4742	{
4743	return call_int_hook(inet_conn_request, sk, skb, req);
4744	}
4745	EXPORT_SYMBOL(security_inet_conn_request);
4746
4747	/**
4748	* security_inet_csk_clone() - Set new sock LSM state based on request_sock
4749	* @newsk: new sock
4750	* @req: connection request_sock
4751	*
4752	* Set that LSM state of @sock using the LSM state from @req.
4753	*/
4754	void security_inet_csk_clone(struct sock *newsk,
4755	const struct request_sock *req)
4756	{
4757	call_void_hook(inet_csk_clone, newsk, req);
4758	}
4759
4760	/**
4761	* security_inet_conn_established() - Update sock's LSM state with connection
4762	* @sk: sock
4763	* @skb: connection packet
4764	*
4765	* Update @sock's LSM state to represent a new connection from @skb.
4766	*/
4767	void security_inet_conn_established(struct sock *sk,
4768	struct sk_buff *skb)
4769	{
4770	call_void_hook(inet_conn_established, sk, skb);
4771	}
4772	EXPORT_SYMBOL(security_inet_conn_established);
4773
4774	/**
4775	* security_secmark_relabel_packet() - Check if setting a secmark is allowed
4776	* @secid: new secmark value
4777	*
4778	* Check if the process should be allowed to relabel packets to @secid.
4779	*
4780	* Return: Returns 0 if permission is granted.
4781	*/
4782	int security_secmark_relabel_packet(u32 secid)
4783	{
4784	return call_int_hook(secmark_relabel_packet, secid);
4785	}
4786	EXPORT_SYMBOL(security_secmark_relabel_packet);
4787
4788	/**
4789	* security_secmark_refcount_inc() - Increment the secmark labeling rule count
4790	*
4791	* Tells the LSM to increment the number of secmark labeling rules loaded.
4792	*/
4793	void security_secmark_refcount_inc(void)
4794	{
4795	call_void_hook(secmark_refcount_inc);
4796	}
4797	EXPORT_SYMBOL(security_secmark_refcount_inc);
4798
4799	/**
4800	* security_secmark_refcount_dec() - Decrement the secmark labeling rule count
4801	*
4802	* Tells the LSM to decrement the number of secmark labeling rules loaded.
4803	*/
4804	void security_secmark_refcount_dec(void)
4805	{
4806	call_void_hook(secmark_refcount_dec);
4807	}
4808	EXPORT_SYMBOL(security_secmark_refcount_dec);
4809
4810	/**
4811	* security_tun_dev_alloc_security() - Allocate a LSM blob for a TUN device
4812	* @security: pointer to the LSM blob
4813	*
4814	* This hook allows a module to allocate a security structure for a TUN device,
4815	* returning the pointer in @security.
4816	*
4817	* Return: Returns a zero on success, negative values on failure.
4818	*/
4819	int security_tun_dev_alloc_security(void **security)
4820	{
4821	return call_int_hook(tun_dev_alloc_security, security);
4822	}
4823	EXPORT_SYMBOL(security_tun_dev_alloc_security);
4824
4825	/**
4826	* security_tun_dev_free_security() - Free a TUN device LSM blob
4827	* @security: LSM blob
4828	*
4829	* This hook allows a module to free the security structure for a TUN device.
4830	*/
4831	void security_tun_dev_free_security(void *security)
4832	{
4833	call_void_hook(tun_dev_free_security, security);
4834	}
4835	EXPORT_SYMBOL(security_tun_dev_free_security);
4836
4837	/**
4838	* security_tun_dev_create() - Check if creating a TUN device is allowed
4839	*
4840	* Check permissions prior to creating a new TUN device.
4841	*
4842	* Return: Returns 0 if permission is granted.
4843	*/
4844	int security_tun_dev_create(void)
4845	{
4846	return call_int_hook(tun_dev_create);
4847	}
4848	EXPORT_SYMBOL(security_tun_dev_create);
4849
4850	/**
4851	* security_tun_dev_attach_queue() - Check if attaching a TUN queue is allowed
4852	* @security: TUN device LSM blob
4853	*
4854	* Check permissions prior to attaching to a TUN device queue.
4855	*
4856	* Return: Returns 0 if permission is granted.
4857	*/
4858	int security_tun_dev_attach_queue(void *security)
4859	{
4860	return call_int_hook(tun_dev_attach_queue, security);
4861	}
4862	EXPORT_SYMBOL(security_tun_dev_attach_queue);
4863
4864	/**
4865	* security_tun_dev_attach() - Update TUN device LSM state on attach
4866	* @sk: associated sock
4867	* @security: TUN device LSM blob
4868	*
4869	* This hook can be used by the module to update any security state associated
4870	* with the TUN device's sock structure.
4871	*
4872	* Return: Returns 0 if permission is granted.
4873	*/
4874	int security_tun_dev_attach(struct sock *sk, void *security)
4875	{
4876	return call_int_hook(tun_dev_attach, sk, security);
4877	}
4878	EXPORT_SYMBOL(security_tun_dev_attach);
4879
4880	/**
4881	* security_tun_dev_open() - Update TUN device LSM state on open
4882	* @security: TUN device LSM blob
4883	*
4884	* This hook can be used by the module to update any security state associated
4885	* with the TUN device's security structure.
4886	*
4887	* Return: Returns 0 if permission is granted.
4888	*/
4889	int security_tun_dev_open(void *security)
4890	{
4891	return call_int_hook(tun_dev_open, security);
4892	}
4893	EXPORT_SYMBOL(security_tun_dev_open);
4894
4895	/**
4896	* security_sctp_assoc_request() - Update the LSM on a SCTP association req
4897	* @asoc: SCTP association
4898	* @skb: packet requesting the association
4899	*
4900	* Passes the @asoc and @chunk->skb of the association INIT packet to the LSM.
4901	*
4902	* Return: Returns 0 on success, error on failure.
4903	*/
4904	int security_sctp_assoc_request(struct sctp_association *asoc,
4905	struct sk_buff *skb)
4906	{
4907	return call_int_hook(sctp_assoc_request, asoc, skb);
4908	}
4909	EXPORT_SYMBOL(security_sctp_assoc_request);
4910
4911	/**
4912	* security_sctp_bind_connect() - Validate a list of addrs for a SCTP option
4913	* @sk: socket
4914	* @optname: SCTP option to validate
4915	* @address: list of IP addresses to validate
4916	* @addrlen: length of the address list
4917	*
4918	* Validiate permissions required for each address associated with sock @sk.
4919	* Depending on @optname, the addresses will be treated as either a connect or
4920	* bind service. The @addrlen is calculated on each IPv4 and IPv6 address using
4921	* sizeof(struct sockaddr_in) or sizeof(struct sockaddr_in6).
4922	*
4923	* Return: Returns 0 on success, error on failure.
4924	*/
4925	int security_sctp_bind_connect(struct sock *sk, int optname,
4926	struct sockaddr *address, int addrlen)
4927	{
4928	return call_int_hook(sctp_bind_connect, sk, optname, address, addrlen);
4929	}
4930	EXPORT_SYMBOL(security_sctp_bind_connect);
4931
4932	/**
4933	* security_sctp_sk_clone() - Clone a SCTP sock's LSM state
4934	* @asoc: SCTP association
4935	* @sk: original sock
4936	* @newsk: target sock
4937	*
4938	* Called whenever a new socket is created by accept(2) (i.e. a TCP style
4939	* socket) or when a socket is 'peeled off' e.g userspace calls
4940	* sctp_peeloff(3).
4941	*/
4942	void security_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk,
4943	struct sock *newsk)
4944	{
4945	call_void_hook(sctp_sk_clone, asoc, sk, newsk);
4946	}
4947	EXPORT_SYMBOL(security_sctp_sk_clone);
4948
4949	/**
4950	* security_sctp_assoc_established() - Update LSM state when assoc established
4951	* @asoc: SCTP association
4952	* @skb: packet establishing the association
4953	*
4954	* Passes the @asoc and @chunk->skb of the association COOKIE_ACK packet to the
4955	* security module.
4956	*
4957	* Return: Returns 0 if permission is granted.
4958	*/
4959	int security_sctp_assoc_established(struct sctp_association *asoc,
4960	struct sk_buff *skb)
4961	{
4962	return call_int_hook(sctp_assoc_established, asoc, skb);
4963	}
4964	EXPORT_SYMBOL(security_sctp_assoc_established);
4965
4966	/**
4967	* security_mptcp_add_subflow() - Inherit the LSM label from the MPTCP socket
4968	* @sk: the owning MPTCP socket
4969	* @ssk: the new subflow
4970	*
4971	* Update the labeling for the given MPTCP subflow, to match the one of the
4972	* owning MPTCP socket. This hook has to be called after the socket creation and
4973	* initialization via the security_socket_create() and
4974	* security_socket_post_create() LSM hooks.
4975	*
4976	* Return: Returns 0 on success or a negative error code on failure.
4977	*/
4978	int security_mptcp_add_subflow(struct sock *sk, struct sock *ssk)
4979	{
4980	return call_int_hook(mptcp_add_subflow, sk, ssk);
4981	}
4982
4983	#endif /* CONFIG_SECURITY_NETWORK */
4984
4985	#ifdef CONFIG_SECURITY_INFINIBAND
4986	/**
4987	* security_ib_pkey_access() - Check if access to an IB pkey is allowed
4988	* @sec: LSM blob
4989	* @subnet_prefix: subnet prefix of the port
4990	* @pkey: IB pkey
4991	*
4992	* Check permission to access a pkey when modifying a QP.
4993	*
4994	* Return: Returns 0 if permission is granted.
4995	*/
4996	int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey)
4997	{
4998	return call_int_hook(ib_pkey_access, sec, subnet_prefix, pkey);
4999	}
5000	EXPORT_SYMBOL(security_ib_pkey_access);
5001
5002	/**
5003	* security_ib_endport_manage_subnet() - Check if SMPs traffic is allowed
5004	* @sec: LSM blob
5005	* @dev_name: IB device name
5006	* @port_num: port number
5007	*
5008	* Check permissions to send and receive SMPs on a end port.
5009	*
5010	* Return: Returns 0 if permission is granted.
5011	*/
5012	int security_ib_endport_manage_subnet(void *sec,
5013	const char *dev_name, u8 port_num)
5014	{
5015	return call_int_hook(ib_endport_manage_subnet, sec, dev_name, port_num);
5016	}
5017	EXPORT_SYMBOL(security_ib_endport_manage_subnet);
5018
5019	/**
5020	* security_ib_alloc_security() - Allocate an Infiniband LSM blob
5021	* @sec: LSM blob
5022	*
5023	* Allocate a security structure for Infiniband objects.
5024	*
5025	* Return: Returns 0 on success, non-zero on failure.
5026	*/
5027	int security_ib_alloc_security(void **sec)
5028	{
5029	return call_int_hook(ib_alloc_security, sec);
5030	}
5031	EXPORT_SYMBOL(security_ib_alloc_security);
5032
5033	/**
5034	* security_ib_free_security() - Free an Infiniband LSM blob
5035	* @sec: LSM blob
5036	*
5037	* Deallocate an Infiniband security structure.
5038	*/
5039	void security_ib_free_security(void *sec)
5040	{
5041	call_void_hook(ib_free_security, sec);
5042	}
5043	EXPORT_SYMBOL(security_ib_free_security);
5044	#endif /* CONFIG_SECURITY_INFINIBAND */
5045
5046	#ifdef CONFIG_SECURITY_NETWORK_XFRM
5047	/**
5048	* security_xfrm_policy_alloc() - Allocate a xfrm policy LSM blob
5049	* @ctxp: xfrm security context being added to the SPD
5050	* @sec_ctx: security label provided by userspace
5051	* @gfp: gfp flags
5052	*
5053	* Allocate a security structure to the xp->security field; the security field
5054	* is initialized to NULL when the xfrm_policy is allocated.
5055	*
5056	* Return: Return 0 if operation was successful.
5057	*/
5058	int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
5059	struct xfrm_user_sec_ctx *sec_ctx,
5060	gfp_t gfp)
5061	{
5062	return call_int_hook(xfrm_policy_alloc_security, ctxp, sec_ctx, gfp);
5063	}
5064	EXPORT_SYMBOL(security_xfrm_policy_alloc);
5065
5066	/**
5067	* security_xfrm_policy_clone() - Clone xfrm policy LSM state
5068	* @old_ctx: xfrm security context
5069	* @new_ctxp: target xfrm security context
5070	*
5071	* Allocate a security structure in new_ctxp that contains the information from
5072	* the old_ctx structure.
5073	*
5074	* Return: Return 0 if operation was successful.
5075	*/
5076	int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
5077	struct xfrm_sec_ctx **new_ctxp)
5078	{
5079	return call_int_hook(xfrm_policy_clone_security, old_ctx, new_ctxp);
5080	}
5081
5082	/**
5083	* security_xfrm_policy_free() - Free a xfrm security context
5084	* @ctx: xfrm security context
5085	*
5086	* Free LSM resources associated with @ctx.
5087	*/
5088	void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
5089	{
5090	call_void_hook(xfrm_policy_free_security, ctx);
5091	}
5092	EXPORT_SYMBOL(security_xfrm_policy_free);
5093
5094	/**
5095	* security_xfrm_policy_delete() - Check if deleting a xfrm policy is allowed
5096	* @ctx: xfrm security context
5097	*
5098	* Authorize deletion of a SPD entry.
5099	*
5100	* Return: Returns 0 if permission is granted.
5101	*/
5102	int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
5103	{
5104	return call_int_hook(xfrm_policy_delete_security, ctx);
5105	}
5106
5107	/**
5108	* security_xfrm_state_alloc() - Allocate a xfrm state LSM blob
5109	* @x: xfrm state being added to the SAD
5110	* @sec_ctx: security label provided by userspace
5111	*
5112	* Allocate a security structure to the @x->security field; the security field
5113	* is initialized to NULL when the xfrm_state is allocated. Set the context to
5114	* correspond to @sec_ctx.
5115	*
5116	* Return: Return 0 if operation was successful.
5117	*/
5118	int security_xfrm_state_alloc(struct xfrm_state *x,
5119	struct xfrm_user_sec_ctx *sec_ctx)
5120	{
5121	return call_int_hook(xfrm_state_alloc, x, sec_ctx);
5122	}
5123	EXPORT_SYMBOL(security_xfrm_state_alloc);
5124
5125	/**
5126	* security_xfrm_state_alloc_acquire() - Allocate a xfrm state LSM blob
5127	* @x: xfrm state being added to the SAD
5128	* @polsec: associated policy's security context
5129	* @secid: secid from the flow
5130	*
5131	* Allocate a security structure to the x->security field; the security field
5132	* is initialized to NULL when the xfrm_state is allocated. Set the context to
5133	* correspond to secid.
5134	*
5135	* Return: Returns 0 if operation was successful.
5136	*/
5137	int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
5138	struct xfrm_sec_ctx *polsec, u32 secid)
5139	{
5140	return call_int_hook(xfrm_state_alloc_acquire, x, polsec, secid);
5141	}
5142
5143	/**
5144	* security_xfrm_state_delete() - Check if deleting a xfrm state is allowed
5145	* @x: xfrm state
5146	*
5147	* Authorize deletion of x->security.
5148	*
5149	* Return: Returns 0 if permission is granted.
5150	*/
5151	int security_xfrm_state_delete(struct xfrm_state *x)
5152	{
5153	return call_int_hook(xfrm_state_delete_security, x);
5154	}
5155	EXPORT_SYMBOL(security_xfrm_state_delete);
5156
5157	/**
5158	* security_xfrm_state_free() - Free a xfrm state
5159	* @x: xfrm state
5160	*
5161	* Deallocate x->security.
5162	*/
5163	void security_xfrm_state_free(struct xfrm_state *x)
5164	{
5165	call_void_hook(xfrm_state_free_security, x);
5166	}
5167
5168	/**
5169	* security_xfrm_policy_lookup() - Check if using a xfrm policy is allowed
5170	* @ctx: target xfrm security context
5171	* @fl_secid: flow secid used to authorize access
5172	*
5173	* Check permission when a flow selects a xfrm_policy for processing XFRMs on a
5174	* packet. The hook is called when selecting either a per-socket policy or a
5175	* generic xfrm policy.
5176	*
5177	* Return: Return 0 if permission is granted, -ESRCH otherwise, or -errno on
5178	* other errors.
5179	*/
5180	int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid)
5181	{
5182	return call_int_hook(xfrm_policy_lookup, ctx, fl_secid);
5183	}
5184
5185	/**
5186	* security_xfrm_state_pol_flow_match() - Check for a xfrm match
5187	* @x: xfrm state to match
5188	* @xp: xfrm policy to check for a match
5189	* @flic: flow to check for a match.
5190	*
5191	* Check @xp and @flic for a match with @x.
5192	*
5193	* Return: Returns 1 if there is a match.
5194	*/
5195	int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
5196	struct xfrm_policy *xp,
5197	const struct flowi_common *flic)
5198	{
5199	struct security_hook_list *hp;
5200	int rc = LSM_RET_DEFAULT(xfrm_state_pol_flow_match);
5201
5202	/*
5203	* Since this function is expected to return 0 or 1, the judgment
5204	* becomes difficult if multiple LSMs supply this call. Fortunately,
5205	* we can use the first LSM's judgment because currently only SELinux
5206	* supplies this call.
5207	*
5208	* For speed optimization, we explicitly break the loop rather than
5209	* using the macro
5210	*/
5211	hlist_for_each_entry(hp, &security_hook_heads.xfrm_state_pol_flow_match,
5212	list) {
5213	rc = hp->hook.xfrm_state_pol_flow_match(x, xp, flic);
5214	break;
5215	}
5216	return rc;
5217	}
5218
5219	/**
5220	* security_xfrm_decode_session() - Determine the xfrm secid for a packet
5221	* @skb: xfrm packet
5222	* @secid: secid
5223	*
5224	* Decode the packet in @skb and return the security label in @secid.
5225	*
5226	* Return: Return 0 if all xfrms used have the same secid.
5227	*/
5228	int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
5229	{
5230	return call_int_hook(xfrm_decode_session, skb, secid, 1);
5231	}
5232
5233	void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic)
5234	{
5235	int rc = call_int_hook(xfrm_decode_session, skb, &flic->flowic_secid,
5236	0);
5237
5238	BUG_ON(rc);
5239	}
5240	EXPORT_SYMBOL(security_skb_classify_flow);
5241	#endif /* CONFIG_SECURITY_NETWORK_XFRM */
5242
5243	#ifdef CONFIG_KEYS
5244	/**
5245	* security_key_alloc() - Allocate and initialize a kernel key LSM blob
5246	* @key: key
5247	* @cred: credentials
5248	* @flags: allocation flags
5249	*
5250	* Permit allocation of a key and assign security data. Note that key does not
5251	* have a serial number assigned at this point.
5252	*
5253	* Return: Return 0 if permission is granted, -ve error otherwise.
5254	*/
5255	int security_key_alloc(struct key *key, const struct cred *cred,
5256	unsigned long flags)
5257	{
5258	return call_int_hook(key_alloc, key, cred, flags);
5259	}
5260
5261	/**
5262	* security_key_free() - Free a kernel key LSM blob
5263	* @key: key
5264	*
5265	* Notification of destruction; free security data.
5266	*/
5267	void security_key_free(struct key *key)
5268	{
5269	call_void_hook(key_free, key);
5270	}
5271
5272	/**
5273	* security_key_permission() - Check if a kernel key operation is allowed
5274	* @key_ref: key reference
5275	* @cred: credentials of actor requesting access
5276	* @need_perm: requested permissions
5277	*
5278	* See whether a specific operational right is granted to a process on a key.
5279	*
5280	* Return: Return 0 if permission is granted, -ve error otherwise.
5281	*/
5282	int security_key_permission(key_ref_t key_ref, const struct cred *cred,
5283	enum key_need_perm need_perm)
5284	{
5285	return call_int_hook(key_permission, key_ref, cred, need_perm);
5286	}
5287
5288	/**
5289	* security_key_getsecurity() - Get the key's security label
5290	* @key: key
5291	* @buffer: security label buffer
5292	*
5293	* Get a textual representation of the security context attached to a key for
5294	* the purposes of honouring KEYCTL_GETSECURITY. This function allocates the
5295	* storage for the NUL-terminated string and the caller should free it.
5296	*
5297	* Return: Returns the length of @buffer (including terminating NUL) or -ve if
5298	* an error occurs. May also return 0 (and a NULL buffer pointer) if
5299	* there is no security label assigned to the key.
5300	*/
5301	int security_key_getsecurity(struct key *key, char **buffer)
5302	{
5303	*buffer = NULL;
5304	return call_int_hook(key_getsecurity, key, buffer);
5305	}
5306
5307	/**
5308	* security_key_post_create_or_update() - Notification of key create or update
5309	* @keyring: keyring to which the key is linked to
5310	* @key: created or updated key
5311	* @payload: data used to instantiate or update the key
5312	* @payload_len: length of payload
5313	* @flags: key flags
5314	* @create: flag indicating whether the key was created or updated
5315	*
5316	* Notify the caller of a key creation or update.
5317	*/
5318	void security_key_post_create_or_update(struct key *keyring, struct key *key,
5319	const void *payload, size_t payload_len,
5320	unsigned long flags, bool create)
5321	{
5322	call_void_hook(key_post_create_or_update, keyring, key, payload,
5323	payload_len, flags, create);
5324	}
5325	#endif /* CONFIG_KEYS */
5326
5327	#ifdef CONFIG_AUDIT
5328	/**
5329	* security_audit_rule_init() - Allocate and init an LSM audit rule struct
5330	* @field: audit action
5331	* @op: rule operator
5332	* @rulestr: rule context
5333	* @lsmrule: receive buffer for audit rule struct
5334	*
5335	* Allocate and initialize an LSM audit rule structure.
5336	*
5337	* Return: Return 0 if @lsmrule has been successfully set, -EINVAL in case of
5338	* an invalid rule.
5339	*/
5340	int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
5341	{
5342	return call_int_hook(audit_rule_init, field, op, rulestr, lsmrule);
5343	}
5344
5345	/**
5346	* security_audit_rule_known() - Check if an audit rule contains LSM fields
5347	* @krule: audit rule
5348	*
5349	* Specifies whether given @krule contains any fields related to the current
5350	* LSM.
5351	*
5352	* Return: Returns 1 in case of relation found, 0 otherwise.
5353	*/
5354	int security_audit_rule_known(struct audit_krule *krule)
5355	{
5356	return call_int_hook(audit_rule_known, krule);
5357	}
5358
5359	/**
5360	* security_audit_rule_free() - Free an LSM audit rule struct
5361	* @lsmrule: audit rule struct
5362	*
5363	* Deallocate the LSM audit rule structure previously allocated by
5364	* audit_rule_init().
5365	*/
5366	void security_audit_rule_free(void *lsmrule)
5367	{
5368	call_void_hook(audit_rule_free, lsmrule);
5369	}
5370
5371	/**
5372	* security_audit_rule_match() - Check if a label matches an audit rule
5373	* @secid: security label
5374	* @field: LSM audit field
5375	* @op: matching operator
5376	* @lsmrule: audit rule
5377	*
5378	* Determine if given @secid matches a rule previously approved by
5379	* security_audit_rule_known().
5380	*
5381	* Return: Returns 1 if secid matches the rule, 0 if it does not, -ERRNO on
5382	* failure.
5383	*/
5384	int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule)
5385	{
5386	return call_int_hook(audit_rule_match, secid, field, op, lsmrule);
5387	}
5388	#endif /* CONFIG_AUDIT */
5389
5390	#ifdef CONFIG_BPF_SYSCALL
5391	/**
5392	* security_bpf() - Check if the bpf syscall operation is allowed
5393	* @cmd: command
5394	* @attr: bpf attribute
5395	* @size: size
5396	*
5397	* Do a initial check for all bpf syscalls after the attribute is copied into
5398	* the kernel. The actual security module can implement their own rules to
5399	* check the specific cmd they need.
5400	*
5401	* Return: Returns 0 if permission is granted.
5402	*/
5403	int security_bpf(int cmd, union bpf_attr *attr, unsigned int size)
5404	{
5405	return call_int_hook(bpf, cmd, attr, size);
5406	}
5407
5408	/**
5409	* security_bpf_map() - Check if access to a bpf map is allowed
5410	* @map: bpf map
5411	* @fmode: mode
5412	*
5413	* Do a check when the kernel generates and returns a file descriptor for eBPF
5414	* maps.
5415	*
5416	* Return: Returns 0 if permission is granted.
5417	*/
5418	int security_bpf_map(struct bpf_map *map, fmode_t fmode)
5419	{
5420	return call_int_hook(bpf_map, map, fmode);
5421	}
5422
5423	/**
5424	* security_bpf_prog() - Check if access to a bpf program is allowed
5425	* @prog: bpf program
5426	*
5427	* Do a check when the kernel generates and returns a file descriptor for eBPF
5428	* programs.
5429	*
5430	* Return: Returns 0 if permission is granted.
5431	*/
5432	int security_bpf_prog(struct bpf_prog *prog)
5433	{
5434	return call_int_hook(bpf_prog, prog);
5435	}
5436
5437	/**
5438	* security_bpf_map_create() - Check if BPF map creation is allowed
5439	* @map: BPF map object
5440	* @attr: BPF syscall attributes used to create BPF map
5441	* @token: BPF token used to grant user access
5442	*
5443	* Do a check when the kernel creates a new BPF map. This is also the
5444	* point where LSM blob is allocated for LSMs that need them.
5445	*
5446	* Return: Returns 0 on success, error on failure.
5447	*/
5448	int security_bpf_map_create(struct bpf_map *map, union bpf_attr *attr,
5449	struct bpf_token *token)
5450	{
5451	return call_int_hook(bpf_map_create, map, attr, token);
5452	}
5453
5454	/**
5455	* security_bpf_prog_load() - Check if loading of BPF program is allowed
5456	* @prog: BPF program object
5457	* @attr: BPF syscall attributes used to create BPF program
5458	* @token: BPF token used to grant user access to BPF subsystem
5459	*
5460	* Perform an access control check when the kernel loads a BPF program and
5461	* allocates associated BPF program object. This hook is also responsible for
5462	* allocating any required LSM state for the BPF program.
5463	*
5464	* Return: Returns 0 on success, error on failure.
5465	*/
5466	int security_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr,
5467	struct bpf_token *token)
5468	{
5469	return call_int_hook(bpf_prog_load, prog, attr, token);
5470	}
5471
5472	/**
5473	* security_bpf_token_create() - Check if creating of BPF token is allowed
5474	* @token: BPF token object
5475	* @attr: BPF syscall attributes used to create BPF token
5476	* @path: path pointing to BPF FS mount point from which BPF token is created
5477	*
5478	* Do a check when the kernel instantiates a new BPF token object from BPF FS
5479	* instance. This is also the point where LSM blob can be allocated for LSMs.
5480	*
5481	* Return: Returns 0 on success, error on failure.
5482	*/
5483	int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr,
5484	struct path *path)
5485	{
5486	return call_int_hook(bpf_token_create, token, attr, path);
5487	}
5488
5489	/**
5490	* security_bpf_token_cmd() - Check if BPF token is allowed to delegate
5491	* requested BPF syscall command
5492	* @token: BPF token object
5493	* @cmd: BPF syscall command requested to be delegated by BPF token
5494	*
5495	* Do a check when the kernel decides whether provided BPF token should allow
5496	* delegation of requested BPF syscall command.
5497	*
5498	* Return: Returns 0 on success, error on failure.
5499	*/
5500	int security_bpf_token_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
5501	{
5502	return call_int_hook(bpf_token_cmd, token, cmd);
5503	}
5504
5505	/**
5506	* security_bpf_token_capable() - Check if BPF token is allowed to delegate
5507	* requested BPF-related capability
5508	* @token: BPF token object
5509	* @cap: capabilities requested to be delegated by BPF token
5510	*
5511	* Do a check when the kernel decides whether provided BPF token should allow
5512	* delegation of requested BPF-related capabilities.
5513	*
5514	* Return: Returns 0 on success, error on failure.
5515	*/
5516	int security_bpf_token_capable(const struct bpf_token *token, int cap)
5517	{
5518	return call_int_hook(bpf_token_capable, token, cap);
5519	}
5520
5521	/**
5522	* security_bpf_map_free() - Free a bpf map's LSM blob
5523	* @map: bpf map
5524	*
5525	* Clean up the security information stored inside bpf map.
5526	*/
5527	void security_bpf_map_free(struct bpf_map *map)
5528	{
5529	call_void_hook(bpf_map_free, map);
5530	}
5531
5532	/**
5533	* security_bpf_prog_free() - Free a BPF program's LSM blob
5534	* @prog: BPF program struct
5535	*
5536	* Clean up the security information stored inside BPF program.
5537	*/
5538	void security_bpf_prog_free(struct bpf_prog *prog)
5539	{
5540	call_void_hook(bpf_prog_free, prog);
5541	}
5542
5543	/**
5544	* security_bpf_token_free() - Free a BPF token's LSM blob
5545	* @token: BPF token struct
5546	*
5547	* Clean up the security information stored inside BPF token.
5548	*/
5549	void security_bpf_token_free(struct bpf_token *token)
5550	{
5551	call_void_hook(bpf_token_free, token);
5552	}
5553	#endif /* CONFIG_BPF_SYSCALL */
5554
5555	/**
5556	* security_locked_down() - Check if a kernel feature is allowed
5557	* @what: requested kernel feature
5558	*
5559	* Determine whether a kernel feature that potentially enables arbitrary code
5560	* execution in kernel space should be permitted.
5561	*
5562	* Return: Returns 0 if permission is granted.
5563	*/
5564	int security_locked_down(enum lockdown_reason what)
5565	{
5566	return call_int_hook(locked_down, what);
5567	}
5568	EXPORT_SYMBOL(security_locked_down);
5569
5570	#ifdef CONFIG_PERF_EVENTS
5571	/**
5572	* security_perf_event_open() - Check if a perf event open is allowed
5573	* @attr: perf event attribute
5574	* @type: type of event
5575	*
5576	* Check whether the @type of perf_event_open syscall is allowed.
5577	*
5578	* Return: Returns 0 if permission is granted.
5579	*/
5580	int security_perf_event_open(struct perf_event_attr *attr, int type)
5581	{
5582	return call_int_hook(perf_event_open, attr, type);
5583	}
5584
5585	/**
5586	* security_perf_event_alloc() - Allocate a perf event LSM blob
5587	* @event: perf event
5588	*
5589	* Allocate and save perf_event security info.
5590	*
5591	* Return: Returns 0 on success, error on failure.
5592	*/
5593	int security_perf_event_alloc(struct perf_event *event)
5594	{
5595	return call_int_hook(perf_event_alloc, event);
5596	}
5597
5598	/**
5599	* security_perf_event_free() - Free a perf event LSM blob
5600	* @event: perf event
5601	*
5602	* Release (free) perf_event security info.
5603	*/
5604	void security_perf_event_free(struct perf_event *event)
5605	{
5606	call_void_hook(perf_event_free, event);
5607	}
5608
5609	/**
5610	* security_perf_event_read() - Check if reading a perf event label is allowed
5611	* @event: perf event
5612	*
5613	* Read perf_event security info if allowed.
5614	*
5615	* Return: Returns 0 if permission is granted.
5616	*/
5617	int security_perf_event_read(struct perf_event *event)
5618	{
5619	return call_int_hook(perf_event_read, event);
5620	}
5621
5622	/**
5623	* security_perf_event_write() - Check if writing a perf event label is allowed
5624	* @event: perf event
5625	*
5626	* Write perf_event security info if allowed.
5627	*
5628	* Return: Returns 0 if permission is granted.
5629	*/
5630	int security_perf_event_write(struct perf_event *event)
5631	{
5632	return call_int_hook(perf_event_write, event);
5633	}
5634	#endif /* CONFIG_PERF_EVENTS */
5635
5636	#ifdef CONFIG_IO_URING
5637	/**
5638	* security_uring_override_creds() - Check if overriding creds is allowed
5639	* @new: new credentials
5640	*
5641	* Check if the current task, executing an io_uring operation, is allowed to
5642	* override it's credentials with @new.
5643	*
5644	* Return: Returns 0 if permission is granted.
5645	*/
5646	int security_uring_override_creds(const struct cred *new)
5647	{
5648	return call_int_hook(uring_override_creds, new);
5649	}
5650
5651	/**
5652	* security_uring_sqpoll() - Check if IORING_SETUP_SQPOLL is allowed
5653	*
5654	* Check whether the current task is allowed to spawn a io_uring polling thread
5655	* (IORING_SETUP_SQPOLL).
5656	*
5657	* Return: Returns 0 if permission is granted.
5658	*/
5659	int security_uring_sqpoll(void)
5660	{
5661	return call_int_hook(uring_sqpoll);
5662	}
5663
5664	/**
5665	* security_uring_cmd() - Check if a io_uring passthrough command is allowed
5666	* @ioucmd: command
5667	*
5668	* Check whether the file_operations uring_cmd is allowed to run.
5669	*
5670	* Return: Returns 0 if permission is granted.
5671	*/
5672	int security_uring_cmd(struct io_uring_cmd *ioucmd)
5673	{
5674	return call_int_hook(uring_cmd, ioucmd);
5675	}
5676	#endif /* CONFIG_IO_URING */
5677