1	// SPDX-License-Identifier: GPL-2.0-or-later
2	/*
3	* Security plug functions
4	*
5	* Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
6	* Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com>
7	* Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
8	* Copyright (C) 2016 Mellanox Technologies
9	* Copyright (C) 2023 Microsoft Corporation <paul@paul-moore.com>
10	*/
11
12	#define pr_fmt(fmt) "LSM: " fmt
13
14	#include <linux/bpf.h>
15	#include <linux/capability.h>
16	#include <linux/dcache.h>
17	#include <linux/export.h>
18	#include <linux/init.h>
19	#include <linux/kernel.h>
20	#include <linux/kernel_read_file.h>
21	#include <linux/lsm_hooks.h>
22	#include <linux/integrity.h>
23	#include <linux/ima.h>
24	#include <linux/evm.h>
25	#include <linux/fsnotify.h>
26	#include <linux/mman.h>
27	#include <linux/mount.h>
28	#include <linux/personality.h>
29	#include <linux/backing-dev.h>
30	#include <linux/string.h>
31	#include <linux/msg.h>
32	#include <net/flow.h>
33
34	/* How many LSMs were built into the kernel? */
35	#define LSM_COUNT (__end_lsm_info - __start_lsm_info)
36
37	/*
38	* These are descriptions of the reasons that can be passed to the
39	* security_locked_down() LSM hook. Placing this array here allows
40	* all security modules to use the same descriptions for auditing
41	* purposes.
42	*/
43	const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX + 1] = {
44	[LOCKDOWN_NONE] = "none",
45	[LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading",
46	[LOCKDOWN_DEV_MEM] = "/dev/mem,kmem,port",
47	[LOCKDOWN_EFI_TEST] = "/dev/efi_test access",
48	[LOCKDOWN_KEXEC] = "kexec of unsigned images",
49	[LOCKDOWN_HIBERNATION] = "hibernation",
50	[LOCKDOWN_PCI_ACCESS] = "direct PCI access",
51	[LOCKDOWN_IOPORT] = "raw io port access",
52	[LOCKDOWN_MSR] = "raw MSR access",
53	[LOCKDOWN_ACPI_TABLES] = "modifying ACPI tables",
54	[LOCKDOWN_DEVICE_TREE] = "modifying device tree contents",
55	[LOCKDOWN_PCMCIA_CIS] = "direct PCMCIA CIS storage",
56	[LOCKDOWN_TIOCSSERIAL] = "reconfiguration of serial port IO",
57	[LOCKDOWN_MODULE_PARAMETERS] = "unsafe module parameters",
58	[LOCKDOWN_MMIOTRACE] = "unsafe mmio",
59	[LOCKDOWN_DEBUGFS] = "debugfs access",
60	[LOCKDOWN_XMON_WR] = "xmon write access",
61	[LOCKDOWN_BPF_WRITE_USER] = "use of bpf to write user RAM",
62	[LOCKDOWN_DBG_WRITE_KERNEL] = "use of kgdb/kdb to write kernel RAM",
63	[LOCKDOWN_RTAS_ERROR_INJECTION] = "RTAS error injection",
64	[LOCKDOWN_INTEGRITY_MAX] = "integrity",
65	[LOCKDOWN_KCORE] = "/proc/kcore access",
66	[LOCKDOWN_KPROBES] = "use of kprobes",
67	[LOCKDOWN_BPF_READ_KERNEL] = "use of bpf to read kernel RAM",
68	[LOCKDOWN_DBG_READ_KERNEL] = "use of kgdb/kdb to read kernel RAM",
69	[LOCKDOWN_PERF] = "unsafe use of perf",
70	[LOCKDOWN_TRACEFS] = "use of tracefs",
71	[LOCKDOWN_XMON_RW] = "xmon read and write access",
72	[LOCKDOWN_XFRM_SECRET] = "xfrm SA secret",
73	[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
74	};
75
76	struct security_hook_heads security_hook_heads __ro_after_init;
77	static BLOCKING_NOTIFIER_HEAD(blocking_lsm_notifier_chain);
78
79	static struct kmem_cache *lsm_file_cache;
80	static struct kmem_cache *lsm_inode_cache;
81
82	char *lsm_names;
83	static struct lsm_blob_sizes blob_sizes __ro_after_init;
84
85	/* Boot-time LSM user choice */
86	static __initdata const char *chosen_lsm_order;
87	static __initdata const char *chosen_major_lsm;
88
89	static __initconst const char *const builtin_lsm_order = CONFIG_LSM;
90
91	/* Ordered list of LSMs to initialize. */
92	static __initdata struct lsm_info **ordered_lsms;
93	static __initdata struct lsm_info *exclusive;
94
95	static __initdata bool debug;
96	#define init_debug(...) \
97	do { \
98	if (debug) \
99	pr_info(__VA_ARGS__); \
100	} while (0)
101
102	static bool __init is_enabled(struct lsm_info *lsm)
103	{
104	if (!lsm->enabled)
105	return false;
106
107	return *lsm->enabled;
108	}
109
110	/* Mark an LSM's enabled flag. */
111	static int lsm_enabled_true __initdata = 1;
112	static int lsm_enabled_false __initdata = 0;
113	static void __init set_enabled(struct lsm_info *lsm, bool enabled)
114	{
115	/*
116	* When an LSM hasn't configured an enable variable, we can use
117	* a hard-coded location for storing the default enabled state.
118	*/
119	if (!lsm->enabled) {
120	if (enabled)
121	lsm->enabled = &lsm_enabled_true;
122	else
123	lsm->enabled = &lsm_enabled_false;
124	} else if (lsm->enabled == &lsm_enabled_true) {
125	if (!enabled)
126	lsm->enabled = &lsm_enabled_false;
127	} else if (lsm->enabled == &lsm_enabled_false) {
128	if (enabled)
129	lsm->enabled = &lsm_enabled_true;
130	} else {
131	*lsm->enabled = enabled;
132	}
133	}
134
135	/* Is an LSM already listed in the ordered LSMs list? */
136	static bool __init exists_ordered_lsm(struct lsm_info *lsm)
137	{
138	struct lsm_info **check;
139
140	for (check = ordered_lsms; *check; check++)
141	if (*check == lsm)
142	return true;
143
144	return false;
145	}
146
147	/* Append an LSM to the list of ordered LSMs to initialize. */
148	static int last_lsm __initdata;
149	static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from)
150	{
151	/* Ignore duplicate selections. */
152	if (exists_ordered_lsm(lsm))
153	return;
154
155	if (WARN(last_lsm == LSM_COUNT, "%s: out of LSM slots!?\n", from))
156	return;
157
158	/* Enable this LSM, if it is not already set. */
159	if (!lsm->enabled)
160	lsm->enabled = &lsm_enabled_true;
161	ordered_lsms[last_lsm++] = lsm;
162
163	init_debug("%s ordered: %s (%s)\n", from, lsm->name,
164	is_enabled(lsm) ? "enabled" : "disabled");
165	}
166
167	/* Is an LSM allowed to be initialized? */
168	static bool __init lsm_allowed(struct lsm_info *lsm)
169	{
170	/* Skip if the LSM is disabled. */
171	if (!is_enabled(lsm))
172	return false;
173
174	/* Not allowed if another exclusive LSM already initialized. */
175	if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) {
176	init_debug("exclusive disabled: %s\n", lsm->name);
177	return false;
178	}
179
180	return true;
181	}
182
183	static void __init lsm_set_blob_size(int *need, int *lbs)
184	{
185	int offset;
186
187	if (*need <= 0)
188	return;
189
190	offset = ALIGN(*lbs, sizeof(void *));
191	*lbs = offset + *need;
192	*need = offset;
193	}
194
195	static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed)
196	{
197	if (!needed)
198	return;
199
200	lsm_set_blob_size(need: &needed->lbs_cred, lbs: &blob_sizes.lbs_cred);
201	lsm_set_blob_size(need: &needed->lbs_file, lbs: &blob_sizes.lbs_file);
202	/*
203	* The inode blob gets an rcu_head in addition to
204	* what the modules might need.
205	*/
206	if (needed->lbs_inode && blob_sizes.lbs_inode == 0)
207	blob_sizes.lbs_inode = sizeof(struct rcu_head);
208	lsm_set_blob_size(need: &needed->lbs_inode, lbs: &blob_sizes.lbs_inode);
209	lsm_set_blob_size(need: &needed->lbs_ipc, lbs: &blob_sizes.lbs_ipc);
210	lsm_set_blob_size(need: &needed->lbs_msg_msg, lbs: &blob_sizes.lbs_msg_msg);
211	lsm_set_blob_size(need: &needed->lbs_superblock, lbs: &blob_sizes.lbs_superblock);
212	lsm_set_blob_size(need: &needed->lbs_task, lbs: &blob_sizes.lbs_task);
213	lsm_set_blob_size(need: &needed->lbs_xattr_count,
214	lbs: &blob_sizes.lbs_xattr_count);
215	}
216
217	/* Prepare LSM for initialization. */
218	static void __init prepare_lsm(struct lsm_info *lsm)
219	{
220	int enabled = lsm_allowed(lsm);
221
222	/* Record enablement (to handle any following exclusive LSMs). */
223	set_enabled(lsm, enabled);
224
225	/* If enabled, do pre-initialization work. */
226	if (enabled) {
227	if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) {
228	exclusive = lsm;
229	init_debug("exclusive chosen: %s\n", lsm->name);
230	}
231
232	lsm_set_blob_sizes(needed: lsm->blobs);
233	}
234	}
235
236	/* Initialize a given LSM, if it is enabled. */
237	static void __init initialize_lsm(struct lsm_info *lsm)
238	{
239	if (is_enabled(lsm)) {
240	int ret;
241
242	init_debug("initializing %s\n", lsm->name);
243	ret = lsm->init();
244	WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret);
245	}
246	}
247
248	/* Populate ordered LSMs list from comma-separated LSM name list. */
249	static void __init ordered_lsm_parse(const char *order, const char *origin)
250	{
251	struct lsm_info *lsm;
252	char *sep, *name, *next;
253
254	/* LSM_ORDER_FIRST is always first. */
255	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
256	if (lsm->order == LSM_ORDER_FIRST)
257	append_ordered_lsm(lsm, from: " first");
258	}
259
260	/* Process "security=", if given. */
261	if (chosen_major_lsm) {
262	struct lsm_info *major;
263
264	/*
265	* To match the original "security=" behavior, this
266	* explicitly does NOT fallback to another Legacy Major
267	* if the selected one was separately disabled: disable
268	* all non-matching Legacy Major LSMs.
269	*/
270	for (major = __start_lsm_info; major < __end_lsm_info;
271	major++) {
272	if ((major->flags & LSM_FLAG_LEGACY_MAJOR) &&
273	strcmp(major->name, chosen_major_lsm) != 0) {
274	set_enabled(lsm: major, enabled: false);
275	init_debug("security=%s disabled: %s (only one legacy major LSM)\n",
276	chosen_major_lsm, major->name);
277	}
278	}
279	}
280
281	sep = kstrdup(s: order, GFP_KERNEL);
282	next = sep;
283	/* Walk the list, looking for matching LSMs. */
284	while ((name = strsep(&next, ",")) != NULL) {
285	bool found = false;
286
287	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
288	if (strcmp(lsm->name, name) == 0) {
289	if (lsm->order == LSM_ORDER_MUTABLE)
290	append_ordered_lsm(lsm, from: origin);
291	found = true;
292	}
293	}
294
295	if (!found)
296	init_debug("%s ignored: %s (not built into kernel)\n",
297	origin, name);
298	}
299
300	/* Process "security=", if given. */
301	if (chosen_major_lsm) {
302	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
303	if (exists_ordered_lsm(lsm))
304	continue;
305	if (strcmp(lsm->name, chosen_major_lsm) == 0)
306	append_ordered_lsm(lsm, from: "security=");
307	}
308	}
309
310	/* LSM_ORDER_LAST is always last. */
311	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
312	if (lsm->order == LSM_ORDER_LAST)
313	append_ordered_lsm(lsm, from: " last");
314	}
315
316	/* Disable all LSMs not in the ordered list. */
317	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
318	if (exists_ordered_lsm(lsm))
319	continue;
320	set_enabled(lsm, enabled: false);
321	init_debug("%s skipped: %s (not in requested order)\n",
322	origin, lsm->name);
323	}
324
325	kfree(objp: sep);
326	}
327
328	static void __init lsm_early_cred(struct cred *cred);
329	static void __init lsm_early_task(struct task_struct *task);
330
331	static int lsm_append(const char *new, char **result);
332
333	static void __init report_lsm_order(void)
334	{
335	struct lsm_info **lsm, *early;
336	int first = 0;
337
338	pr_info("initializing lsm=");
339
340	/* Report each enabled LSM name, comma separated. */
341	for (early = __start_early_lsm_info;
342	early < __end_early_lsm_info; early++)
343	if (is_enabled(lsm: early))
344	pr_cont("%s%s", first++ == 0 ? "" : ",", early->name);
345	for (lsm = ordered_lsms; *lsm; lsm++)
346	if (is_enabled(lsm: *lsm))
347	pr_cont("%s%s", first++ == 0 ? "" : ",", (*lsm)->name);
348
349	pr_cont("\n");
350	}
351
352	static void __init ordered_lsm_init(void)
353	{
354	struct lsm_info **lsm;
355
356	ordered_lsms = kcalloc(LSM_COUNT + 1, size: sizeof(*ordered_lsms),
357	GFP_KERNEL);
358
359	if (chosen_lsm_order) {
360	if (chosen_major_lsm) {
361	pr_warn("security=%s is ignored because it is superseded by lsm=%s\n",
362	chosen_major_lsm, chosen_lsm_order);
363	chosen_major_lsm = NULL;
364	}
365	ordered_lsm_parse(order: chosen_lsm_order, origin: "cmdline");
366	} else
367	ordered_lsm_parse(order: builtin_lsm_order, origin: "builtin");
368
369	for (lsm = ordered_lsms; *lsm; lsm++)
370	prepare_lsm(lsm: *lsm);
371
372	report_lsm_order();
373
374	init_debug("cred blob size = %d\n", blob_sizes.lbs_cred);
375	init_debug("file blob size = %d\n", blob_sizes.lbs_file);
376	init_debug("inode blob size = %d\n", blob_sizes.lbs_inode);
377	init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc);
378	init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg);
379	init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock);
380	init_debug("task blob size = %d\n", blob_sizes.lbs_task);
381	init_debug("xattr slots = %d\n", blob_sizes.lbs_xattr_count);
382
383	/*
384	* Create any kmem_caches needed for blobs
385	*/
386	if (blob_sizes.lbs_file)
387	lsm_file_cache = kmem_cache_create(name: "lsm_file_cache",
388	size: blob_sizes.lbs_file, align: 0,
389	SLAB_PANIC, NULL);
390	if (blob_sizes.lbs_inode)
391	lsm_inode_cache = kmem_cache_create(name: "lsm_inode_cache",
392	size: blob_sizes.lbs_inode, align: 0,
393	SLAB_PANIC, NULL);
394
395	lsm_early_cred(cred: (struct cred *) current->cred);
396	lsm_early_task(current);
397	for (lsm = ordered_lsms; *lsm; lsm++)
398	initialize_lsm(lsm: *lsm);
399
400	kfree(objp: ordered_lsms);
401	}
402
403	int __init early_security_init(void)
404	{
405	struct lsm_info *lsm;
406
407	#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
408	INIT_HLIST_HEAD(&security_hook_heads.NAME);
409	#include "linux/lsm_hook_defs.h"
410	#undef LSM_HOOK
411
412	for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
413	if (!lsm->enabled)
414	lsm->enabled = &lsm_enabled_true;
415	prepare_lsm(lsm);
416	initialize_lsm(lsm);
417	}
418
419	return 0;
420	}
421
422	/**
423	* security_init - initializes the security framework
424	*
425	* This should be called early in the kernel initialization sequence.
426	*/
427	int __init security_init(void)
428	{
429	struct lsm_info *lsm;
430
431	init_debug("legacy security=%s\n", chosen_major_lsm ? : " *unspecified*");
432	init_debug(" CONFIG_LSM=%s\n", builtin_lsm_order);
433	init_debug("boot arg lsm=%s\n", chosen_lsm_order ? : " *unspecified*");
434
435	/*
436	* Append the names of the early LSM modules now that kmalloc() is
437	* available
438	*/
439	for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
440	init_debug(" early started: %s (%s)\n", lsm->name,
441	is_enabled(lsm) ? "enabled" : "disabled");
442	if (lsm->enabled)
443	lsm_append(new: lsm->name, result: &lsm_names);
444	}
445
446	/* Load LSMs in specified order. */
447	ordered_lsm_init();
448
449	return 0;
450	}
451
452	/* Save user chosen LSM */
453	static int __init choose_major_lsm(char *str)
454	{
455	chosen_major_lsm = str;
456	return 1;
457	}
458	__setup("security=", choose_major_lsm);
459
460	/* Explicitly choose LSM initialization order. */
461	static int __init choose_lsm_order(char *str)
462	{
463	chosen_lsm_order = str;
464	return 1;
465	}
466	__setup("lsm=", choose_lsm_order);
467
468	/* Enable LSM order debugging. */
469	static int __init enable_debug(char *str)
470	{
471	debug = true;
472	return 1;
473	}
474	__setup("lsm.debug", enable_debug);
475
476	static bool match_last_lsm(const char *list, const char *lsm)
477	{
478	const char *last;
479
480	if (WARN_ON(!list || !lsm))
481	return false;
482	last = strrchr(list, ',');
483	if (last)
484	/* Pass the comma, strcmp() will check for '\0' */
485	last++;
486	else
487	last = list;
488	return !strcmp(last, lsm);
489	}
490
491	static int lsm_append(const char *new, char **result)
492	{
493	char *cp;
494
495	if (*result == NULL) {
496	*result = kstrdup(s: new, GFP_KERNEL);
497	if (*result == NULL)
498	return -ENOMEM;
499	} else {
500	/* Check if it is the last registered name */
501	if (match_last_lsm(list: *result, lsm: new))
502	return 0;
503	cp = kasprintf(GFP_KERNEL, fmt: "%s,%s", *result, new);
504	if (cp == NULL)
505	return -ENOMEM;
506	kfree(objp: *result);
507	*result = cp;
508	}
509	return 0;
510	}
511
512	/**
513	* security_add_hooks - Add a modules hooks to the hook lists.
514	* @hooks: the hooks to add
515	* @count: the number of hooks to add
516	* @lsm: the name of the security module
517	*
518	* Each LSM has to register its hooks with the infrastructure.
519	*/
520	void __init security_add_hooks(struct security_hook_list *hooks, int count,
521	const char *lsm)
522	{
523	int i;
524
525	for (i = 0; i < count; i++) {
526	hooks[i].lsm = lsm;
527	hlist_add_tail_rcu(n: &hooks[i].list, h: hooks[i].head);
528	}
529
530	/*
531	* Don't try to append during early_security_init(), we'll come back
532	* and fix this up afterwards.
533	*/
534	if (slab_is_available()) {
535	if (lsm_append(new: lsm, result: &lsm_names) < 0)
536	panic(fmt: "%s - Cannot get early memory.\n", __func__);
537	}
538	}
539
540	int call_blocking_lsm_notifier(enum lsm_event event, void *data)
541	{
542	return blocking_notifier_call_chain(nh: &blocking_lsm_notifier_chain,
543	val: event, v: data);
544	}
545	EXPORT_SYMBOL(call_blocking_lsm_notifier);
546
547	int register_blocking_lsm_notifier(struct notifier_block *nb)
548	{
549	return blocking_notifier_chain_register(nh: &blocking_lsm_notifier_chain,
550	nb);
551	}
552	EXPORT_SYMBOL(register_blocking_lsm_notifier);
553
554	int unregister_blocking_lsm_notifier(struct notifier_block *nb)
555	{
556	return blocking_notifier_chain_unregister(nh: &blocking_lsm_notifier_chain,
557	nb);
558	}
559	EXPORT_SYMBOL(unregister_blocking_lsm_notifier);
560
561	/**
562	* lsm_cred_alloc - allocate a composite cred blob
563	* @cred: the cred that needs a blob
564	* @gfp: allocation type
565	*
566	* Allocate the cred blob for all the modules
567	*
568	* Returns 0, or -ENOMEM if memory can't be allocated.
569	*/
570	static int lsm_cred_alloc(struct cred *cred, gfp_t gfp)
571	{
572	if (blob_sizes.lbs_cred == 0) {
573	cred->security = NULL;
574	return 0;
575	}
576
577	cred->security = kzalloc(size: blob_sizes.lbs_cred, flags: gfp);
578	if (cred->security == NULL)
579	return -ENOMEM;
580	return 0;
581	}
582
583	/**
584	* lsm_early_cred - during initialization allocate a composite cred blob
585	* @cred: the cred that needs a blob
586	*
587	* Allocate the cred blob for all the modules
588	*/
589	static void __init lsm_early_cred(struct cred *cred)
590	{
591	int rc = lsm_cred_alloc(cred, GFP_KERNEL);
592
593	if (rc)
594	panic(fmt: "%s: Early cred alloc failed.\n", __func__);
595	}
596
597	/**
598	* lsm_file_alloc - allocate a composite file blob
599	* @file: the file that needs a blob
600	*
601	* Allocate the file blob for all the modules
602	*
603	* Returns 0, or -ENOMEM if memory can't be allocated.
604	*/
605	static int lsm_file_alloc(struct file *file)
606	{
607	if (!lsm_file_cache) {
608	file->f_security = NULL;
609	return 0;
610	}
611
612	file->f_security = kmem_cache_zalloc(k: lsm_file_cache, GFP_KERNEL);
613	if (file->f_security == NULL)
614	return -ENOMEM;
615	return 0;
616	}
617
618	/**
619	* lsm_inode_alloc - allocate a composite inode blob
620	* @inode: the inode that needs a blob
621	*
622	* Allocate the inode blob for all the modules
623	*
624	* Returns 0, or -ENOMEM if memory can't be allocated.
625	*/
626	int lsm_inode_alloc(struct inode *inode)
627	{
628	if (!lsm_inode_cache) {
629	inode->i_security = NULL;
630	return 0;
631	}
632
633	inode->i_security = kmem_cache_zalloc(k: lsm_inode_cache, GFP_NOFS);
634	if (inode->i_security == NULL)
635	return -ENOMEM;
636	return 0;
637	}
638
639	/**
640	* lsm_task_alloc - allocate a composite task blob
641	* @task: the task that needs a blob
642	*
643	* Allocate the task blob for all the modules
644	*
645	* Returns 0, or -ENOMEM if memory can't be allocated.
646	*/
647	static int lsm_task_alloc(struct task_struct *task)
648	{
649	if (blob_sizes.lbs_task == 0) {
650	task->security = NULL;
651	return 0;
652	}
653
654	task->security = kzalloc(size: blob_sizes.lbs_task, GFP_KERNEL);
655	if (task->security == NULL)
656	return -ENOMEM;
657	return 0;
658	}
659
660	/**
661	* lsm_ipc_alloc - allocate a composite ipc blob
662	* @kip: the ipc that needs a blob
663	*
664	* Allocate the ipc blob for all the modules
665	*
666	* Returns 0, or -ENOMEM if memory can't be allocated.
667	*/
668	static int lsm_ipc_alloc(struct kern_ipc_perm *kip)
669	{
670	if (blob_sizes.lbs_ipc == 0) {
671	kip->security = NULL;
672	return 0;
673	}
674
675	kip->security = kzalloc(size: blob_sizes.lbs_ipc, GFP_KERNEL);
676	if (kip->security == NULL)
677	return -ENOMEM;
678	return 0;
679	}
680
681	/**
682	* lsm_msg_msg_alloc - allocate a composite msg_msg blob
683	* @mp: the msg_msg that needs a blob
684	*
685	* Allocate the ipc blob for all the modules
686	*
687	* Returns 0, or -ENOMEM if memory can't be allocated.
688	*/
689	static int lsm_msg_msg_alloc(struct msg_msg *mp)
690	{
691	if (blob_sizes.lbs_msg_msg == 0) {
692	mp->security = NULL;
693	return 0;
694	}
695
696	mp->security = kzalloc(size: blob_sizes.lbs_msg_msg, GFP_KERNEL);
697	if (mp->security == NULL)
698	return -ENOMEM;
699	return 0;
700	}
701
702	/**
703	* lsm_early_task - during initialization allocate a composite task blob
704	* @task: the task that needs a blob
705	*
706	* Allocate the task blob for all the modules
707	*/
708	static void __init lsm_early_task(struct task_struct *task)
709	{
710	int rc = lsm_task_alloc(task);
711
712	if (rc)
713	panic(fmt: "%s: Early task alloc failed.\n", __func__);
714	}
715
716	/**
717	* lsm_superblock_alloc - allocate a composite superblock blob
718	* @sb: the superblock that needs a blob
719	*
720	* Allocate the superblock blob for all the modules
721	*
722	* Returns 0, or -ENOMEM if memory can't be allocated.
723	*/
724	static int lsm_superblock_alloc(struct super_block *sb)
725	{
726	if (blob_sizes.lbs_superblock == 0) {
727	sb->s_security = NULL;
728	return 0;
729	}
730
731	sb->s_security = kzalloc(size: blob_sizes.lbs_superblock, GFP_KERNEL);
732	if (sb->s_security == NULL)
733	return -ENOMEM;
734	return 0;
735	}
736
737	/*
738	* The default value of the LSM hook is defined in linux/lsm_hook_defs.h and
739	* can be accessed with:
740	*
741	* LSM_RET_DEFAULT(<hook_name>)
742	*
743	* The macros below define static constants for the default value of each
744	* LSM hook.
745	*/
746	#define LSM_RET_DEFAULT(NAME) (NAME##_default)
747	#define DECLARE_LSM_RET_DEFAULT_void(DEFAULT, NAME)
748	#define DECLARE_LSM_RET_DEFAULT_int(DEFAULT, NAME) \
749	static const int __maybe_unused LSM_RET_DEFAULT(NAME) = (DEFAULT);
750	#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
751	DECLARE_LSM_RET_DEFAULT_##RET(DEFAULT, NAME)
752
753	#include <linux/lsm_hook_defs.h>
754	#undef LSM_HOOK
755
756	/*
757	* Hook list operation macros.
758	*
759	* call_void_hook:
760	* This is a hook that does not return a value.
761	*
762	* call_int_hook:
763	* This is a hook that returns a value.
764	*/
765
766	#define call_void_hook(FUNC, ...) \
767	do { \
768	struct security_hook_list *P; \
769	\
770	hlist_for_each_entry(P, &security_hook_heads.FUNC, list) \
771	P->hook.FUNC(__VA_ARGS__); \
772	} while (0)
773
774	#define call_int_hook(FUNC, IRC, ...) ({ \
775	int RC = IRC; \
776	do { \
777	struct security_hook_list *P; \
778	\
779	hlist_for_each_entry(P, &security_hook_heads.FUNC, list) { \
780	RC = P->hook.FUNC(__VA_ARGS__); \
781	if (RC != 0) \
782	break; \
783	} \
784	} while (0); \
785	RC; \
786	})
787
788	/* Security operations */
789
790	/**
791	* security_binder_set_context_mgr() - Check if becoming binder ctx mgr is ok
792	* @mgr: task credentials of current binder process
793	*
794	* Check whether @mgr is allowed to be the binder context manager.
795	*
796	* Return: Return 0 if permission is granted.
797	*/
798	int security_binder_set_context_mgr(const struct cred *mgr)
799	{
800	return call_int_hook(binder_set_context_mgr, 0, mgr);
801	}
802
803	/**
804	* security_binder_transaction() - Check if a binder transaction is allowed
805	* @from: sending process
806	* @to: receiving process
807	*
808	* Check whether @from is allowed to invoke a binder transaction call to @to.
809	*
810	* Return: Returns 0 if permission is granted.
811	*/
812	int security_binder_transaction(const struct cred *from,
813	const struct cred *to)
814	{
815	return call_int_hook(binder_transaction, 0, from, to);
816	}
817
818	/**
819	* security_binder_transfer_binder() - Check if a binder transfer is allowed
820	* @from: sending process
821	* @to: receiving process
822	*
823	* Check whether @from is allowed to transfer a binder reference to @to.
824	*
825	* Return: Returns 0 if permission is granted.
826	*/
827	int security_binder_transfer_binder(const struct cred *from,
828	const struct cred *to)
829	{
830	return call_int_hook(binder_transfer_binder, 0, from, to);
831	}
832
833	/**
834	* security_binder_transfer_file() - Check if a binder file xfer is allowed
835	* @from: sending process
836	* @to: receiving process
837	* @file: file being transferred
838	*
839	* Check whether @from is allowed to transfer @file to @to.
840	*
841	* Return: Returns 0 if permission is granted.
842	*/
843	int security_binder_transfer_file(const struct cred *from,
844	const struct cred *to, const struct file *file)
845	{
846	return call_int_hook(binder_transfer_file, 0, from, to, file);
847	}
848
849	/**
850	* security_ptrace_access_check() - Check if tracing is allowed
851	* @child: target process
852	* @mode: PTRACE_MODE flags
853	*
854	* Check permission before allowing the current process to trace the @child
855	* process. Security modules may also want to perform a process tracing check
856	* during an execve in the set_security or apply_creds hooks of tracing check
857	* during an execve in the bprm_set_creds hook of binprm_security_ops if the
858	* process is being traced and its security attributes would be changed by the
859	* execve.
860	*
861	* Return: Returns 0 if permission is granted.
862	*/
863	int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
864	{
865	return call_int_hook(ptrace_access_check, 0, child, mode);
866	}
867
868	/**
869	* security_ptrace_traceme() - Check if tracing is allowed
870	* @parent: tracing process
871	*
872	* Check that the @parent process has sufficient permission to trace the
873	* current process before allowing the current process to present itself to the
874	* @parent process for tracing.
875	*
876	* Return: Returns 0 if permission is granted.
877	*/
878	int security_ptrace_traceme(struct task_struct *parent)
879	{
880	return call_int_hook(ptrace_traceme, 0, parent);
881	}
882
883	/**
884	* security_capget() - Get the capability sets for a process
885	* @target: target process
886	* @effective: effective capability set
887	* @inheritable: inheritable capability set
888	* @permitted: permitted capability set
889	*
890	* Get the @effective, @inheritable, and @permitted capability sets for the
891	* @target process. The hook may also perform permission checking to determine
892	* if the current process is allowed to see the capability sets of the @target
893	* process.
894	*
895	* Return: Returns 0 if the capability sets were successfully obtained.
896	*/
897	int security_capget(const struct task_struct *target,
898	kernel_cap_t *effective,
899	kernel_cap_t *inheritable,
900	kernel_cap_t *permitted)
901	{
902	return call_int_hook(capget, 0, target,
903	effective, inheritable, permitted);
904	}
905
906	/**
907	* security_capset() - Set the capability sets for a process
908	* @new: new credentials for the target process
909	* @old: current credentials of the target process
910	* @effective: effective capability set
911	* @inheritable: inheritable capability set
912	* @permitted: permitted capability set
913	*
914	* Set the @effective, @inheritable, and @permitted capability sets for the
915	* current process.
916	*
917	* Return: Returns 0 and update @new if permission is granted.
918	*/
919	int security_capset(struct cred *new, const struct cred *old,
920	const kernel_cap_t *effective,
921	const kernel_cap_t *inheritable,
922	const kernel_cap_t *permitted)
923	{
924	return call_int_hook(capset, 0, new, old,
925	effective, inheritable, permitted);
926	}
927
928	/**
929	* security_capable() - Check if a process has the necessary capability
930	* @cred: credentials to examine
931	* @ns: user namespace
932	* @cap: capability requested
933	* @opts: capability check options
934	*
935	* Check whether the @tsk process has the @cap capability in the indicated
936	* credentials. @cap contains the capability <include/linux/capability.h>.
937	* @opts contains options for the capable check <include/linux/security.h>.
938	*
939	* Return: Returns 0 if the capability is granted.
940	*/
941	int security_capable(const struct cred *cred,
942	struct user_namespace *ns,
943	int cap,
944	unsigned int opts)
945	{
946	return call_int_hook(capable, 0, cred, ns, cap, opts);
947	}
948
949	/**
950	* security_quotactl() - Check if a quotactl() syscall is allowed for this fs
951	* @cmds: commands
952	* @type: type
953	* @id: id
954	* @sb: filesystem
955	*
956	* Check whether the quotactl syscall is allowed for this @sb.
957	*
958	* Return: Returns 0 if permission is granted.
959	*/
960	int security_quotactl(int cmds, int type, int id, const struct super_block *sb)
961	{
962	return call_int_hook(quotactl, 0, cmds, type, id, sb);
963	}
964
965	/**
966	* security_quota_on() - Check if QUOTAON is allowed for a dentry
967	* @dentry: dentry
968	*
969	* Check whether QUOTAON is allowed for @dentry.
970	*
971	* Return: Returns 0 if permission is granted.
972	*/
973	int security_quota_on(struct dentry *dentry)
974	{
975	return call_int_hook(quota_on, 0, dentry);
976	}
977
978	/**
979	* security_syslog() - Check if accessing the kernel message ring is allowed
980	* @type: SYSLOG_ACTION_* type
981	*
982	* Check permission before accessing the kernel message ring or changing
983	* logging to the console. See the syslog(2) manual page for an explanation of
984	* the @type values.
985	*
986	* Return: Return 0 if permission is granted.
987	*/
988	int security_syslog(int type)
989	{
990	return call_int_hook(syslog, 0, type);
991	}
992
993	/**
994	* security_settime64() - Check if changing the system time is allowed
995	* @ts: new time
996	* @tz: timezone
997	*
998	* Check permission to change the system time, struct timespec64 is defined in
999	* <include/linux/time64.h> and timezone is defined in <include/linux/time.h>.
1000	*
1001	* Return: Returns 0 if permission is granted.
1002	*/
1003	int security_settime64(const struct timespec64 *ts, const struct timezone *tz)
1004	{
1005	return call_int_hook(settime, 0, ts, tz);
1006	}
1007
1008	/**
1009	* security_vm_enough_memory_mm() - Check if allocating a new mem map is allowed
1010	* @mm: mm struct
1011	* @pages: number of pages
1012	*
1013	* Check permissions for allocating a new virtual mapping. If all LSMs return
1014	* a positive value, __vm_enough_memory() will be called with cap_sys_admin
1015	* set. If at least one LSM returns 0 or negative, __vm_enough_memory() will be
1016	* called with cap_sys_admin cleared.
1017	*
1018	* Return: Returns 0 if permission is granted by the LSM infrastructure to the
1019	* caller.
1020	*/
1021	int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
1022	{
1023	struct security_hook_list *hp;
1024	int cap_sys_admin = 1;
1025	int rc;
1026
1027	/*
1028	* The module will respond with a positive value if
1029	* it thinks the __vm_enough_memory() call should be
1030	* made with the cap_sys_admin set. If all of the modules
1031	* agree that it should be set it will. If any module
1032	* thinks it should not be set it won't.
1033	*/
1034	hlist_for_each_entry(hp, &security_hook_heads.vm_enough_memory, list) {
1035	rc = hp->hook.vm_enough_memory(mm, pages);
1036	if (rc <= 0) {
1037	cap_sys_admin = 0;
1038	break;
1039	}
1040	}
1041	return __vm_enough_memory(mm, pages, cap_sys_admin);
1042	}
1043
1044	/**
1045	* security_bprm_creds_for_exec() - Prepare the credentials for exec()
1046	* @bprm: binary program information
1047	*
1048	* If the setup in prepare_exec_creds did not setup @bprm->cred->security
1049	* properly for executing @bprm->file, update the LSM's portion of
1050	* @bprm->cred->security to be what commit_creds needs to install for the new
1051	* program. This hook may also optionally check permissions (e.g. for
1052	* transitions between security domains). The hook must set @bprm->secureexec
1053	* to 1 if AT_SECURE should be set to request libc enable secure mode. @bprm
1054	* contains the linux_binprm structure.
1055	*
1056	* Return: Returns 0 if the hook is successful and permission is granted.
1057	*/
1058	int security_bprm_creds_for_exec(struct linux_binprm *bprm)
1059	{
1060	return call_int_hook(bprm_creds_for_exec, 0, bprm);
1061	}
1062
1063	/**
1064	* security_bprm_creds_from_file() - Update linux_binprm creds based on file
1065	* @bprm: binary program information
1066	* @file: associated file
1067	*
1068	* If @file is setpcap, suid, sgid or otherwise marked to change privilege upon
1069	* exec, update @bprm->cred to reflect that change. This is called after
1070	* finding the binary that will be executed without an interpreter. This
1071	* ensures that the credentials will not be derived from a script that the
1072	* binary will need to reopen, which when reopend may end up being a completely
1073	* different file. This hook may also optionally check permissions (e.g. for
1074	* transitions between security domains). The hook must set @bprm->secureexec
1075	* to 1 if AT_SECURE should be set to request libc enable secure mode. The
1076	* hook must add to @bprm->per_clear any personality flags that should be
1077	* cleared from current->personality. @bprm contains the linux_binprm
1078	* structure.
1079	*
1080	* Return: Returns 0 if the hook is successful and permission is granted.
1081	*/
1082	int security_bprm_creds_from_file(struct linux_binprm *bprm, const struct file *file)
1083	{
1084	return call_int_hook(bprm_creds_from_file, 0, bprm, file);
1085	}
1086
1087	/**
1088	* security_bprm_check() - Mediate binary handler search
1089	* @bprm: binary program information
1090	*
1091	* This hook mediates the point when a search for a binary handler will begin.
1092	* It allows a check against the @bprm->cred->security value which was set in
1093	* the preceding creds_for_exec call. The argv list and envp list are reliably
1094	* available in @bprm. This hook may be called multiple times during a single
1095	* execve. @bprm contains the linux_binprm structure.
1096	*
1097	* Return: Returns 0 if the hook is successful and permission is granted.
1098	*/
1099	int security_bprm_check(struct linux_binprm *bprm)
1100	{
1101	int ret;
1102
1103	ret = call_int_hook(bprm_check_security, 0, bprm);
1104	if (ret)
1105	return ret;
1106	return ima_bprm_check(bprm);
1107	}
1108
1109	/**
1110	* security_bprm_committing_creds() - Install creds for a process during exec()
1111	* @bprm: binary program information
1112	*
1113	* Prepare to install the new security attributes of a process being
1114	* transformed by an execve operation, based on the old credentials pointed to
1115	* by @current->cred and the information set in @bprm->cred by the
1116	* bprm_creds_for_exec hook. @bprm points to the linux_binprm structure. This
1117	* hook is a good place to perform state changes on the process such as closing
1118	* open file descriptors to which access will no longer be granted when the
1119	* attributes are changed. This is called immediately before commit_creds().
1120	*/
1121	void security_bprm_committing_creds(const struct linux_binprm *bprm)
1122	{
1123	call_void_hook(bprm_committing_creds, bprm);
1124	}
1125
1126	/**
1127	* security_bprm_committed_creds() - Tidy up after cred install during exec()
1128	* @bprm: binary program information
1129	*
1130	* Tidy up after the installation of the new security attributes of a process
1131	* being transformed by an execve operation. The new credentials have, by this
1132	* point, been set to @current->cred. @bprm points to the linux_binprm
1133	* structure. This hook is a good place to perform state changes on the
1134	* process such as clearing out non-inheritable signal state. This is called
1135	* immediately after commit_creds().
1136	*/
1137	void security_bprm_committed_creds(const struct linux_binprm *bprm)
1138	{
1139	call_void_hook(bprm_committed_creds, bprm);
1140	}
1141
1142	/**
1143	* security_fs_context_submount() - Initialise fc->security
1144	* @fc: new filesystem context
1145	* @reference: dentry reference for submount/remount
1146	*
1147	* Fill out the ->security field for a new fs_context.
1148	*
1149	* Return: Returns 0 on success or negative error code on failure.
1150	*/
1151	int security_fs_context_submount(struct fs_context *fc, struct super_block *reference)
1152	{
1153	return call_int_hook(fs_context_submount, 0, fc, reference);
1154	}
1155
1156	/**
1157	* security_fs_context_dup() - Duplicate a fs_context LSM blob
1158	* @fc: destination filesystem context
1159	* @src_fc: source filesystem context
1160	*
1161	* Allocate and attach a security structure to sc->security. This pointer is
1162	* initialised to NULL by the caller. @fc indicates the new filesystem context.
1163	* @src_fc indicates the original filesystem context.
1164	*
1165	* Return: Returns 0 on success or a negative error code on failure.
1166	*/
1167	int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc)
1168	{
1169	return call_int_hook(fs_context_dup, 0, fc, src_fc);
1170	}
1171
1172	/**
1173	* security_fs_context_parse_param() - Configure a filesystem context
1174	* @fc: filesystem context
1175	* @param: filesystem parameter
1176	*
1177	* Userspace provided a parameter to configure a superblock. The LSM can
1178	* consume the parameter or return it to the caller for use elsewhere.
1179	*
1180	* Return: If the parameter is used by the LSM it should return 0, if it is
1181	* returned to the caller -ENOPARAM is returned, otherwise a negative
1182	* error code is returned.
1183	*/
1184	int security_fs_context_parse_param(struct fs_context *fc,
1185	struct fs_parameter *param)
1186	{
1187	struct security_hook_list *hp;
1188	int trc;
1189	int rc = -ENOPARAM;
1190
1191	hlist_for_each_entry(hp, &security_hook_heads.fs_context_parse_param,
1192	list) {
1193	trc = hp->hook.fs_context_parse_param(fc, param);
1194	if (trc == 0)
1195	rc = 0;
1196	else if (trc != -ENOPARAM)
1197	return trc;
1198	}
1199	return rc;
1200	}
1201
1202	/**
1203	* security_sb_alloc() - Allocate a super_block LSM blob
1204	* @sb: filesystem superblock
1205	*
1206	* Allocate and attach a security structure to the sb->s_security field. The
1207	* s_security field is initialized to NULL when the structure is allocated.
1208	* @sb contains the super_block structure to be modified.
1209	*
1210	* Return: Returns 0 if operation was successful.
1211	*/
1212	int security_sb_alloc(struct super_block *sb)
1213	{
1214	int rc = lsm_superblock_alloc(sb);
1215
1216	if (unlikely(rc))
1217	return rc;
1218	rc = call_int_hook(sb_alloc_security, 0, sb);
1219	if (unlikely(rc))
1220	security_sb_free(sb);
1221	return rc;
1222	}
1223
1224	/**
1225	* security_sb_delete() - Release super_block LSM associated objects
1226	* @sb: filesystem superblock
1227	*
1228	* Release objects tied to a superblock (e.g. inodes). @sb contains the
1229	* super_block structure being released.
1230	*/
1231	void security_sb_delete(struct super_block *sb)
1232	{
1233	call_void_hook(sb_delete, sb);
1234	}
1235
1236	/**
1237	* security_sb_free() - Free a super_block LSM blob
1238	* @sb: filesystem superblock
1239	*
1240	* Deallocate and clear the sb->s_security field. @sb contains the super_block
1241	* structure to be modified.
1242	*/
1243	void security_sb_free(struct super_block *sb)
1244	{
1245	call_void_hook(sb_free_security, sb);
1246	kfree(objp: sb->s_security);
1247	sb->s_security = NULL;
1248	}
1249
1250	/**
1251	* security_free_mnt_opts() - Free memory associated with mount options
1252	* @mnt_opts: LSM processed mount options
1253	*
1254	* Free memory associated with @mnt_ops.
1255	*/
1256	void security_free_mnt_opts(void **mnt_opts)
1257	{
1258	if (!*mnt_opts)
1259	return;
1260	call_void_hook(sb_free_mnt_opts, *mnt_opts);
1261	*mnt_opts = NULL;
1262	}
1263	EXPORT_SYMBOL(security_free_mnt_opts);
1264
1265	/**
1266	* security_sb_eat_lsm_opts() - Consume LSM mount options
1267	* @options: mount options
1268	* @mnt_opts: LSM processed mount options
1269	*
1270	* Eat (scan @options) and save them in @mnt_opts.
1271	*
1272	* Return: Returns 0 on success, negative values on failure.
1273	*/
1274	int security_sb_eat_lsm_opts(char *options, void **mnt_opts)
1275	{
1276	return call_int_hook(sb_eat_lsm_opts, 0, options, mnt_opts);
1277	}
1278	EXPORT_SYMBOL(security_sb_eat_lsm_opts);
1279
1280	/**
1281	* security_sb_mnt_opts_compat() - Check if new mount options are allowed
1282	* @sb: filesystem superblock
1283	* @mnt_opts: new mount options
1284	*
1285	* Determine if the new mount options in @mnt_opts are allowed given the
1286	* existing mounted filesystem at @sb. @sb superblock being compared.
1287	*
1288	* Return: Returns 0 if options are compatible.
1289	*/
1290	int security_sb_mnt_opts_compat(struct super_block *sb,
1291	void *mnt_opts)
1292	{
1293	return call_int_hook(sb_mnt_opts_compat, 0, sb, mnt_opts);
1294	}
1295	EXPORT_SYMBOL(security_sb_mnt_opts_compat);
1296
1297	/**
1298	* security_sb_remount() - Verify no incompatible mount changes during remount
1299	* @sb: filesystem superblock
1300	* @mnt_opts: (re)mount options
1301	*
1302	* Extracts security system specific mount options and verifies no changes are
1303	* being made to those options.
1304	*
1305	* Return: Returns 0 if permission is granted.
1306	*/
1307	int security_sb_remount(struct super_block *sb,
1308	void *mnt_opts)
1309	{
1310	return call_int_hook(sb_remount, 0, sb, mnt_opts);
1311	}
1312	EXPORT_SYMBOL(security_sb_remount);
1313
1314	/**
1315	* security_sb_kern_mount() - Check if a kernel mount is allowed
1316	* @sb: filesystem superblock
1317	*
1318	* Mount this @sb if allowed by permissions.
1319	*
1320	* Return: Returns 0 if permission is granted.
1321	*/
1322	int security_sb_kern_mount(const struct super_block *sb)
1323	{
1324	return call_int_hook(sb_kern_mount, 0, sb);
1325	}
1326
1327	/**
1328	* security_sb_show_options() - Output the mount options for a superblock
1329	* @m: output file
1330	* @sb: filesystem superblock
1331	*
1332	* Show (print on @m) mount options for this @sb.
1333	*
1334	* Return: Returns 0 on success, negative values on failure.
1335	*/
1336	int security_sb_show_options(struct seq_file *m, struct super_block *sb)
1337	{
1338	return call_int_hook(sb_show_options, 0, m, sb);
1339	}
1340
1341	/**
1342	* security_sb_statfs() - Check if accessing fs stats is allowed
1343	* @dentry: superblock handle
1344	*
1345	* Check permission before obtaining filesystem statistics for the @mnt
1346	* mountpoint. @dentry is a handle on the superblock for the filesystem.
1347	*
1348	* Return: Returns 0 if permission is granted.
1349	*/
1350	int security_sb_statfs(struct dentry *dentry)
1351	{
1352	return call_int_hook(sb_statfs, 0, dentry);
1353	}
1354
1355	/**
1356	* security_sb_mount() - Check permission for mounting a filesystem
1357	* @dev_name: filesystem backing device
1358	* @path: mount point
1359	* @type: filesystem type
1360	* @flags: mount flags
1361	* @data: filesystem specific data
1362	*
1363	* Check permission before an object specified by @dev_name is mounted on the
1364	* mount point named by @nd. For an ordinary mount, @dev_name identifies a
1365	* device if the file system type requires a device. For a remount
1366	* (@flags & MS_REMOUNT), @dev_name is irrelevant. For a loopback/bind mount
1367	* (@flags & MS_BIND), @dev_name identifies the pathname of the object being
1368	* mounted.
1369	*
1370	* Return: Returns 0 if permission is granted.
1371	*/
1372	int security_sb_mount(const char *dev_name, const struct path *path,
1373	const char *type, unsigned long flags, void *data)
1374	{
1375	return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data);
1376	}
1377
1378	/**
1379	* security_sb_umount() - Check permission for unmounting a filesystem
1380	* @mnt: mounted filesystem
1381	* @flags: unmount flags
1382	*
1383	* Check permission before the @mnt file system is unmounted.
1384	*
1385	* Return: Returns 0 if permission is granted.
1386	*/
1387	int security_sb_umount(struct vfsmount *mnt, int flags)
1388	{
1389	return call_int_hook(sb_umount, 0, mnt, flags);
1390	}
1391
1392	/**
1393	* security_sb_pivotroot() - Check permissions for pivoting the rootfs
1394	* @old_path: new location for current rootfs
1395	* @new_path: location of the new rootfs
1396	*
1397	* Check permission before pivoting the root filesystem.
1398	*
1399	* Return: Returns 0 if permission is granted.
1400	*/
1401	int security_sb_pivotroot(const struct path *old_path,
1402	const struct path *new_path)
1403	{
1404	return call_int_hook(sb_pivotroot, 0, old_path, new_path);
1405	}
1406
1407	/**
1408	* security_sb_set_mnt_opts() - Set the mount options for a filesystem
1409	* @sb: filesystem superblock
1410	* @mnt_opts: binary mount options
1411	* @kern_flags: kernel flags (in)
1412	* @set_kern_flags: kernel flags (out)
1413	*
1414	* Set the security relevant mount options used for a superblock.
1415	*
1416	* Return: Returns 0 on success, error on failure.
1417	*/
1418	int security_sb_set_mnt_opts(struct super_block *sb,
1419	void *mnt_opts,
1420	unsigned long kern_flags,
1421	unsigned long *set_kern_flags)
1422	{
1423	return call_int_hook(sb_set_mnt_opts,
1424	mnt_opts ? -EOPNOTSUPP : 0, sb,
1425	mnt_opts, kern_flags, set_kern_flags);
1426	}
1427	EXPORT_SYMBOL(security_sb_set_mnt_opts);
1428
1429	/**
1430	* security_sb_clone_mnt_opts() - Duplicate superblock mount options
1431	* @oldsb: source superblock
1432	* @newsb: destination superblock
1433	* @kern_flags: kernel flags (in)
1434	* @set_kern_flags: kernel flags (out)
1435	*
1436	* Copy all security options from a given superblock to another.
1437	*
1438	* Return: Returns 0 on success, error on failure.
1439	*/
1440	int security_sb_clone_mnt_opts(const struct super_block *oldsb,
1441	struct super_block *newsb,
1442	unsigned long kern_flags,
1443	unsigned long *set_kern_flags)
1444	{
1445	return call_int_hook(sb_clone_mnt_opts, 0, oldsb, newsb,
1446	kern_flags, set_kern_flags);
1447	}
1448	EXPORT_SYMBOL(security_sb_clone_mnt_opts);
1449
1450	/**
1451	* security_move_mount() - Check permissions for moving a mount
1452	* @from_path: source mount point
1453	* @to_path: destination mount point
1454	*
1455	* Check permission before a mount is moved.
1456	*
1457	* Return: Returns 0 if permission is granted.
1458	*/
1459	int security_move_mount(const struct path *from_path,
1460	const struct path *to_path)
1461	{
1462	return call_int_hook(move_mount, 0, from_path, to_path);
1463	}
1464
1465	/**
1466	* security_path_notify() - Check if setting a watch is allowed
1467	* @path: file path
1468	* @mask: event mask
1469	* @obj_type: file path type
1470	*
1471	* Check permissions before setting a watch on events as defined by @mask, on
1472	* an object at @path, whose type is defined by @obj_type.
1473	*
1474	* Return: Returns 0 if permission is granted.
1475	*/
1476	int security_path_notify(const struct path *path, u64 mask,
1477	unsigned int obj_type)
1478	{
1479	return call_int_hook(path_notify, 0, path, mask, obj_type);
1480	}
1481
1482	/**
1483	* security_inode_alloc() - Allocate an inode LSM blob
1484	* @inode: the inode
1485	*
1486	* Allocate and attach a security structure to @inode->i_security. The
1487	* i_security field is initialized to NULL when the inode structure is
1488	* allocated.
1489	*
1490	* Return: Return 0 if operation was successful.
1491	*/
1492	int security_inode_alloc(struct inode *inode)
1493	{
1494	int rc = lsm_inode_alloc(inode);
1495
1496	if (unlikely(rc))
1497	return rc;
1498	rc = call_int_hook(inode_alloc_security, 0, inode);
1499	if (unlikely(rc))
1500	security_inode_free(inode);
1501	return rc;
1502	}
1503
1504	static void inode_free_by_rcu(struct rcu_head *head)
1505	{
1506	/*
1507	* The rcu head is at the start of the inode blob
1508	*/
1509	kmem_cache_free(s: lsm_inode_cache, objp: head);
1510	}
1511
1512	/**
1513	* security_inode_free() - Free an inode's LSM blob
1514	* @inode: the inode
1515	*
1516	* Deallocate the inode security structure and set @inode->i_security to NULL.
1517	*/
1518	void security_inode_free(struct inode *inode)
1519	{
1520	integrity_inode_free(inode);
1521	call_void_hook(inode_free_security, inode);
1522	/*
1523	* The inode may still be referenced in a path walk and
1524	* a call to security_inode_permission() can be made
1525	* after inode_free_security() is called. Ideally, the VFS
1526	* wouldn't do this, but fixing that is a much harder
1527	* job. For now, simply free the i_security via RCU, and
1528	* leave the current inode->i_security pointer intact.
1529	* The inode will be freed after the RCU grace period too.
1530	*/
1531	if (inode->i_security)
1532	call_rcu(head: (struct rcu_head *)inode->i_security,
1533	func: inode_free_by_rcu);
1534	}
1535
1536	/**
1537	* security_dentry_init_security() - Perform dentry initialization
1538	* @dentry: the dentry to initialize
1539	* @mode: mode used to determine resource type
1540	* @name: name of the last path component
1541	* @xattr_name: name of the security/LSM xattr
1542	* @ctx: pointer to the resulting LSM context
1543	* @ctxlen: length of @ctx
1544	*
1545	* Compute a context for a dentry as the inode is not yet available since NFSv4
1546	* has no label backed by an EA anyway. It is important to note that
1547	* @xattr_name does not need to be free'd by the caller, it is a static string.
1548	*
1549	* Return: Returns 0 on success, negative values on failure.
1550	*/
1551	int security_dentry_init_security(struct dentry *dentry, int mode,
1552	const struct qstr *name,
1553	const char **xattr_name, void **ctx,
1554	u32 *ctxlen)
1555	{
1556	struct security_hook_list *hp;
1557	int rc;
1558
1559	/*
1560	* Only one module will provide a security context.
1561	*/
1562	hlist_for_each_entry(hp, &security_hook_heads.dentry_init_security,
1563	list) {
1564	rc = hp->hook.dentry_init_security(dentry, mode, name,
1565	xattr_name, ctx, ctxlen);
1566	if (rc != LSM_RET_DEFAULT(dentry_init_security))
1567	return rc;
1568	}
1569	return LSM_RET_DEFAULT(dentry_init_security);
1570	}
1571	EXPORT_SYMBOL(security_dentry_init_security);
1572
1573	/**
1574	* security_dentry_create_files_as() - Perform dentry initialization
1575	* @dentry: the dentry to initialize
1576	* @mode: mode used to determine resource type
1577	* @name: name of the last path component
1578	* @old: creds to use for LSM context calculations
1579	* @new: creds to modify
1580	*
1581	* Compute a context for a dentry as the inode is not yet available and set
1582	* that context in passed in creds so that new files are created using that
1583	* context. Context is calculated using the passed in creds and not the creds
1584	* of the caller.
1585	*
1586	* Return: Returns 0 on success, error on failure.
1587	*/
1588	int security_dentry_create_files_as(struct dentry *dentry, int mode,
1589	struct qstr *name,
1590	const struct cred *old, struct cred *new)
1591	{
1592	return call_int_hook(dentry_create_files_as, 0, dentry, mode,
1593	name, old, new);
1594	}
1595	EXPORT_SYMBOL(security_dentry_create_files_as);
1596
1597	/**
1598	* security_inode_init_security() - Initialize an inode's LSM context
1599	* @inode: the inode
1600	* @dir: parent directory
1601	* @qstr: last component of the pathname
1602	* @initxattrs: callback function to write xattrs
1603	* @fs_data: filesystem specific data
1604	*
1605	* Obtain the security attribute name suffix and value to set on a newly
1606	* created inode and set up the incore security field for the new inode. This
1607	* hook is called by the fs code as part of the inode creation transaction and
1608	* provides for atomic labeling of the inode, unlike the post_create/mkdir/...
1609	* hooks called by the VFS.
1610	*
1611	* The hook function is expected to populate the xattrs array, by calling
1612	* lsm_get_xattr_slot() to retrieve the slots reserved by the security module
1613	* with the lbs_xattr_count field of the lsm_blob_sizes structure. For each
1614	* slot, the hook function should set ->name to the attribute name suffix
1615	* (e.g. selinux), to allocate ->value (will be freed by the caller) and set it
1616	* to the attribute value, to set ->value_len to the length of the value. If
1617	* the security module does not use security attributes or does not wish to put
1618	* a security attribute on this particular inode, then it should return
1619	* -EOPNOTSUPP to skip this processing.
1620	*
1621	* Return: Returns 0 if the LSM successfully initialized all of the inode
1622	* security attributes that are required, negative values otherwise.
1623	*/
1624	int security_inode_init_security(struct inode *inode, struct inode *dir,
1625	const struct qstr *qstr,
1626	const initxattrs initxattrs, void *fs_data)
1627	{
1628	struct security_hook_list *hp;
1629	struct xattr *new_xattrs = NULL;
1630	int ret = -EOPNOTSUPP, xattr_count = 0;
1631
1632	if (unlikely(IS_PRIVATE(inode)))
1633	return 0;
1634
1635	if (!blob_sizes.lbs_xattr_count)
1636	return 0;
1637
1638	if (initxattrs) {
1639	/* Allocate +1 for EVM and +1 as terminator. */
1640	new_xattrs = kcalloc(n: blob_sizes.lbs_xattr_count + 2,
1641	size: sizeof(*new_xattrs), GFP_NOFS);
1642	if (!new_xattrs)
1643	return -ENOMEM;
1644	}
1645
1646	hlist_for_each_entry(hp, &security_hook_heads.inode_init_security,
1647	list) {
1648	ret = hp->hook.inode_init_security(inode, dir, qstr, new_xattrs,
1649	&xattr_count);
1650	if (ret && ret != -EOPNOTSUPP)
1651	goto out;
1652	/*
1653	* As documented in lsm_hooks.h, -EOPNOTSUPP in this context
1654	* means that the LSM is not willing to provide an xattr, not
1655	* that it wants to signal an error. Thus, continue to invoke
1656	* the remaining LSMs.
1657	*/
1658	}
1659
1660	/* If initxattrs() is NULL, xattr_count is zero, skip the call. */
1661	if (!xattr_count)
1662	goto out;
1663
1664	ret = evm_inode_init_security(inode, dir, qstr, xattrs: new_xattrs,
1665	xattr_count: &xattr_count);
1666	if (ret)
1667	goto out;
1668	ret = initxattrs(inode, new_xattrs, fs_data);
1669	out:
1670	for (; xattr_count > 0; xattr_count--)
1671	kfree(objp: new_xattrs[xattr_count - 1].value);
1672	kfree(objp: new_xattrs);
1673	return (ret == -EOPNOTSUPP) ? 0 : ret;
1674	}
1675	EXPORT_SYMBOL(security_inode_init_security);
1676
1677	/**
1678	* security_inode_init_security_anon() - Initialize an anonymous inode
1679	* @inode: the inode
1680	* @name: the anonymous inode class
1681	* @context_inode: an optional related inode
1682	*
1683	* Set up the incore security field for the new anonymous inode and return
1684	* whether the inode creation is permitted by the security module or not.
1685	*
1686	* Return: Returns 0 on success, -EACCES if the security module denies the
1687	* creation of this inode, or another -errno upon other errors.
1688	*/
1689	int security_inode_init_security_anon(struct inode *inode,
1690	const struct qstr *name,
1691	const struct inode *context_inode)
1692	{
1693	return call_int_hook(inode_init_security_anon, 0, inode, name,
1694	context_inode);
1695	}
1696
1697	#ifdef CONFIG_SECURITY_PATH
1698	/**
1699	* security_path_mknod() - Check if creating a special file is allowed
1700	* @dir: parent directory
1701	* @dentry: new file
1702	* @mode: new file mode
1703	* @dev: device number
1704	*
1705	* Check permissions when creating a file. Note that this hook is called even
1706	* if mknod operation is being done for a regular file.
1707	*
1708	* Return: Returns 0 if permission is granted.
1709	*/
1710	int security_path_mknod(const struct path *dir, struct dentry *dentry,
1711	umode_t mode, unsigned int dev)
1712	{
1713	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
1714	return 0;
1715	return call_int_hook(path_mknod, 0, dir, dentry, mode, dev);
1716	}
1717	EXPORT_SYMBOL(security_path_mknod);
1718
1719	/**
1720	* security_path_mkdir() - Check if creating a new directory is allowed
1721	* @dir: parent directory
1722	* @dentry: new directory
1723	* @mode: new directory mode
1724	*
1725	* Check permissions to create a new directory in the existing directory.
1726	*
1727	* Return: Returns 0 if permission is granted.
1728	*/
1729	int security_path_mkdir(const struct path *dir, struct dentry *dentry,
1730	umode_t mode)
1731	{
1732	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
1733	return 0;
1734	return call_int_hook(path_mkdir, 0, dir, dentry, mode);
1735	}
1736	EXPORT_SYMBOL(security_path_mkdir);
1737
1738	/**
1739	* security_path_rmdir() - Check if removing a directory is allowed
1740	* @dir: parent directory
1741	* @dentry: directory to remove
1742	*
1743	* Check the permission to remove a directory.
1744	*
1745	* Return: Returns 0 if permission is granted.
1746	*/
1747	int security_path_rmdir(const struct path *dir, struct dentry *dentry)
1748	{
1749	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
1750	return 0;
1751	return call_int_hook(path_rmdir, 0, dir, dentry);
1752	}
1753
1754	/**
1755	* security_path_unlink() - Check if removing a hard link is allowed
1756	* @dir: parent directory
1757	* @dentry: file
1758	*
1759	* Check the permission to remove a hard link to a file.
1760	*
1761	* Return: Returns 0 if permission is granted.
1762	*/
1763	int security_path_unlink(const struct path *dir, struct dentry *dentry)
1764	{
1765	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
1766	return 0;
1767	return call_int_hook(path_unlink, 0, dir, dentry);
1768	}
1769	EXPORT_SYMBOL(security_path_unlink);
1770
1771	/**
1772	* security_path_symlink() - Check if creating a symbolic link is allowed
1773	* @dir: parent directory
1774	* @dentry: symbolic link
1775	* @old_name: file pathname
1776	*
1777	* Check the permission to create a symbolic link to a file.
1778	*
1779	* Return: Returns 0 if permission is granted.
1780	*/
1781	int security_path_symlink(const struct path *dir, struct dentry *dentry,
1782	const char *old_name)
1783	{
1784	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
1785	return 0;
1786	return call_int_hook(path_symlink, 0, dir, dentry, old_name);
1787	}
1788
1789	/**
1790	* security_path_link - Check if creating a hard link is allowed
1791	* @old_dentry: existing file
1792	* @new_dir: new parent directory
1793	* @new_dentry: new link
1794	*
1795	* Check permission before creating a new hard link to a file.
1796	*
1797	* Return: Returns 0 if permission is granted.
1798	*/
1799	int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
1800	struct dentry *new_dentry)
1801	{
1802	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry))))
1803	return 0;
1804	return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry);
1805	}
1806
1807	/**
1808	* security_path_rename() - Check if renaming a file is allowed
1809	* @old_dir: parent directory of the old file
1810	* @old_dentry: the old file
1811	* @new_dir: parent directory of the new file
1812	* @new_dentry: the new file
1813	* @flags: flags
1814	*
1815	* Check for permission to rename a file or directory.
1816	*
1817	* Return: Returns 0 if permission is granted.
1818	*/
1819	int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
1820	const struct path *new_dir, struct dentry *new_dentry,
1821	unsigned int flags)
1822	{
1823	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) ||
1824	(d_is_positive(new_dentry) &&
1825	IS_PRIVATE(d_backing_inode(new_dentry)))))
1826	return 0;
1827
1828	return call_int_hook(path_rename, 0, old_dir, old_dentry, new_dir,
1829	new_dentry, flags);
1830	}
1831	EXPORT_SYMBOL(security_path_rename);
1832
1833	/**
1834	* security_path_truncate() - Check if truncating a file is allowed
1835	* @path: file
1836	*
1837	* Check permission before truncating the file indicated by path. Note that
1838	* truncation permissions may also be checked based on already opened files,
1839	* using the security_file_truncate() hook.
1840	*
1841	* Return: Returns 0 if permission is granted.
1842	*/
1843	int security_path_truncate(const struct path *path)
1844	{
1845	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
1846	return 0;
1847	return call_int_hook(path_truncate, 0, path);
1848	}
1849
1850	/**
1851	* security_path_chmod() - Check if changing the file's mode is allowed
1852	* @path: file
1853	* @mode: new mode
1854	*
1855	* Check for permission to change a mode of the file @path. The new mode is
1856	* specified in @mode which is a bitmask of constants from
1857	* <include/uapi/linux/stat.h>.
1858	*
1859	* Return: Returns 0 if permission is granted.
1860	*/
1861	int security_path_chmod(const struct path *path, umode_t mode)
1862	{
1863	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
1864	return 0;
1865	return call_int_hook(path_chmod, 0, path, mode);
1866	}
1867
1868	/**
1869	* security_path_chown() - Check if changing the file's owner/group is allowed
1870	* @path: file
1871	* @uid: file owner
1872	* @gid: file group
1873	*
1874	* Check for permission to change owner/group of a file or directory.
1875	*
1876	* Return: Returns 0 if permission is granted.
1877	*/
1878	int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
1879	{
1880	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
1881	return 0;
1882	return call_int_hook(path_chown, 0, path, uid, gid);
1883	}
1884
1885	/**
1886	* security_path_chroot() - Check if changing the root directory is allowed
1887	* @path: directory
1888	*
1889	* Check for permission to change root directory.
1890	*
1891	* Return: Returns 0 if permission is granted.
1892	*/
1893	int security_path_chroot(const struct path *path)
1894	{
1895	return call_int_hook(path_chroot, 0, path);
1896	}
1897	#endif /* CONFIG_SECURITY_PATH */
1898
1899	/**
1900	* security_inode_create() - Check if creating a file is allowed
1901	* @dir: the parent directory
1902	* @dentry: the file being created
1903	* @mode: requested file mode
1904	*
1905	* Check permission to create a regular file.
1906	*
1907	* Return: Returns 0 if permission is granted.
1908	*/
1909	int security_inode_create(struct inode *dir, struct dentry *dentry,
1910	umode_t mode)
1911	{
1912	if (unlikely(IS_PRIVATE(dir)))
1913	return 0;
1914	return call_int_hook(inode_create, 0, dir, dentry, mode);
1915	}
1916	EXPORT_SYMBOL_GPL(security_inode_create);
1917
1918	/**
1919	* security_inode_link() - Check if creating a hard link is allowed
1920	* @old_dentry: existing file
1921	* @dir: new parent directory
1922	* @new_dentry: new link
1923	*
1924	* Check permission before creating a new hard link to a file.
1925	*
1926	* Return: Returns 0 if permission is granted.
1927	*/
1928	int security_inode_link(struct dentry *old_dentry, struct inode *dir,
1929	struct dentry *new_dentry)
1930	{
1931	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry))))
1932	return 0;
1933	return call_int_hook(inode_link, 0, old_dentry, dir, new_dentry);
1934	}
1935
1936	/**
1937	* security_inode_unlink() - Check if removing a hard link is allowed
1938	* @dir: parent directory
1939	* @dentry: file
1940	*
1941	* Check the permission to remove a hard link to a file.
1942	*
1943	* Return: Returns 0 if permission is granted.
1944	*/
1945	int security_inode_unlink(struct inode *dir, struct dentry *dentry)
1946	{
1947	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
1948	return 0;
1949	return call_int_hook(inode_unlink, 0, dir, dentry);
1950	}
1951
1952	/**
1953	* security_inode_symlink() - Check if creating a symbolic link is allowed
1954	* @dir: parent directory
1955	* @dentry: symbolic link
1956	* @old_name: existing filename
1957	*
1958	* Check the permission to create a symbolic link to a file.
1959	*
1960	* Return: Returns 0 if permission is granted.
1961	*/
1962	int security_inode_symlink(struct inode *dir, struct dentry *dentry,
1963	const char *old_name)
1964	{
1965	if (unlikely(IS_PRIVATE(dir)))
1966	return 0;
1967	return call_int_hook(inode_symlink, 0, dir, dentry, old_name);
1968	}
1969
1970	/**
1971	* security_inode_mkdir() - Check if creation a new director is allowed
1972	* @dir: parent directory
1973	* @dentry: new directory
1974	* @mode: new directory mode
1975	*
1976	* Check permissions to create a new directory in the existing directory
1977	* associated with inode structure @dir.
1978	*
1979	* Return: Returns 0 if permission is granted.
1980	*/
1981	int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
1982	{
1983	if (unlikely(IS_PRIVATE(dir)))
1984	return 0;
1985	return call_int_hook(inode_mkdir, 0, dir, dentry, mode);
1986	}
1987	EXPORT_SYMBOL_GPL(security_inode_mkdir);
1988
1989	/**
1990	* security_inode_rmdir() - Check if removing a directory is allowed
1991	* @dir: parent directory
1992	* @dentry: directory to be removed
1993	*
1994	* Check the permission to remove a directory.
1995	*
1996	* Return: Returns 0 if permission is granted.
1997	*/
1998	int security_inode_rmdir(struct inode *dir, struct dentry *dentry)
1999	{
2000	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2001	return 0;
2002	return call_int_hook(inode_rmdir, 0, dir, dentry);
2003	}
2004
2005	/**
2006	* security_inode_mknod() - Check if creating a special file is allowed
2007	* @dir: parent directory
2008	* @dentry: new file
2009	* @mode: new file mode
2010	* @dev: device number
2011	*
2012	* Check permissions when creating a special file (or a socket or a fifo file
2013	* created via the mknod system call). Note that if mknod operation is being
2014	* done for a regular file, then the create hook will be called and not this
2015	* hook.
2016	*
2017	* Return: Returns 0 if permission is granted.
2018	*/
2019	int security_inode_mknod(struct inode *dir, struct dentry *dentry,
2020	umode_t mode, dev_t dev)
2021	{
2022	if (unlikely(IS_PRIVATE(dir)))
2023	return 0;
2024	return call_int_hook(inode_mknod, 0, dir, dentry, mode, dev);
2025	}
2026
2027	/**
2028	* security_inode_rename() - Check if renaming a file is allowed
2029	* @old_dir: parent directory of the old file
2030	* @old_dentry: the old file
2031	* @new_dir: parent directory of the new file
2032	* @new_dentry: the new file
2033	* @flags: flags
2034	*
2035	* Check for permission to rename a file or directory.
2036	*
2037	* Return: Returns 0 if permission is granted.
2038	*/
2039	int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
2040	struct inode *new_dir, struct dentry *new_dentry,
2041	unsigned int flags)
2042	{
2043	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) ||
2044	(d_is_positive(new_dentry) &&
2045	IS_PRIVATE(d_backing_inode(new_dentry)))))
2046	return 0;
2047
2048	if (flags & RENAME_EXCHANGE) {
2049	int err = call_int_hook(inode_rename, 0, new_dir, new_dentry,
2050	old_dir, old_dentry);
2051	if (err)
2052	return err;
2053	}
2054
2055	return call_int_hook(inode_rename, 0, old_dir, old_dentry,
2056	new_dir, new_dentry);
2057	}
2058
2059	/**
2060	* security_inode_readlink() - Check if reading a symbolic link is allowed
2061	* @dentry: link
2062	*
2063	* Check the permission to read the symbolic link.
2064	*
2065	* Return: Returns 0 if permission is granted.
2066	*/
2067	int security_inode_readlink(struct dentry *dentry)
2068	{
2069	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2070	return 0;
2071	return call_int_hook(inode_readlink, 0, dentry);
2072	}
2073
2074	/**
2075	* security_inode_follow_link() - Check if following a symbolic link is allowed
2076	* @dentry: link dentry
2077	* @inode: link inode
2078	* @rcu: true if in RCU-walk mode
2079	*
2080	* Check permission to follow a symbolic link when looking up a pathname. If
2081	* @rcu is true, @inode is not stable.
2082	*
2083	* Return: Returns 0 if permission is granted.
2084	*/
2085	int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
2086	bool rcu)
2087	{
2088	if (unlikely(IS_PRIVATE(inode)))
2089	return 0;
2090	return call_int_hook(inode_follow_link, 0, dentry, inode, rcu);
2091	}
2092
2093	/**
2094	* security_inode_permission() - Check if accessing an inode is allowed
2095	* @inode: inode
2096	* @mask: access mask
2097	*
2098	* Check permission before accessing an inode. This hook is called by the
2099	* existing Linux permission function, so a security module can use it to
2100	* provide additional checking for existing Linux permission checks. Notice
2101	* that this hook is called when a file is opened (as well as many other
2102	* operations), whereas the file_security_ops permission hook is called when
2103	* the actual read/write operations are performed.
2104	*
2105	* Return: Returns 0 if permission is granted.
2106	*/
2107	int security_inode_permission(struct inode *inode, int mask)
2108	{
2109	if (unlikely(IS_PRIVATE(inode)))
2110	return 0;
2111	return call_int_hook(inode_permission, 0, inode, mask);
2112	}
2113
2114	/**
2115	* security_inode_setattr() - Check if setting file attributes is allowed
2116	* @idmap: idmap of the mount
2117	* @dentry: file
2118	* @attr: new attributes
2119	*
2120	* Check permission before setting file attributes. Note that the kernel call
2121	* to notify_change is performed from several locations, whenever file
2122	* attributes change (such as when a file is truncated, chown/chmod operations,
2123	* transferring disk quotas, etc).
2124	*
2125	* Return: Returns 0 if permission is granted.
2126	*/
2127	int security_inode_setattr(struct mnt_idmap *idmap,
2128	struct dentry *dentry, struct iattr *attr)
2129	{
2130	int ret;
2131
2132	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2133	return 0;
2134	ret = call_int_hook(inode_setattr, 0, dentry, attr);
2135	if (ret)
2136	return ret;
2137	return evm_inode_setattr(idmap, dentry, attr);
2138	}
2139	EXPORT_SYMBOL_GPL(security_inode_setattr);
2140
2141	/**
2142	* security_inode_getattr() - Check if getting file attributes is allowed
2143	* @path: file
2144	*
2145	* Check permission before obtaining file attributes.
2146	*
2147	* Return: Returns 0 if permission is granted.
2148	*/
2149	int security_inode_getattr(const struct path *path)
2150	{
2151	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
2152	return 0;
2153	return call_int_hook(inode_getattr, 0, path);
2154	}
2155
2156	/**
2157	* security_inode_setxattr() - Check if setting file xattrs is allowed
2158	* @idmap: idmap of the mount
2159	* @dentry: file
2160	* @name: xattr name
2161	* @value: xattr value
2162	* @size: size of xattr value
2163	* @flags: flags
2164	*
2165	* Check permission before setting the extended attributes.
2166	*
2167	* Return: Returns 0 if permission is granted.
2168	*/
2169	int security_inode_setxattr(struct mnt_idmap *idmap,
2170	struct dentry *dentry, const char *name,
2171	const void *value, size_t size, int flags)
2172	{
2173	int ret;
2174
2175	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2176	return 0;
2177	/*
2178	* SELinux and Smack integrate the cap call,
2179	* so assume that all LSMs supplying this call do so.
2180	*/
2181	ret = call_int_hook(inode_setxattr, 1, idmap, dentry, name, value,
2182	size, flags);
2183
2184	if (ret == 1)
2185	ret = cap_inode_setxattr(dentry, name, value, size, flags);
2186	if (ret)
2187	return ret;
2188	ret = ima_inode_setxattr(dentry, xattr_name: name, xattr_value: value, xattr_value_len: size);
2189	if (ret)
2190	return ret;
2191	return evm_inode_setxattr(idmap, dentry, name, value, size);
2192	}
2193
2194	/**
2195	* security_inode_set_acl() - Check if setting posix acls is allowed
2196	* @idmap: idmap of the mount
2197	* @dentry: file
2198	* @acl_name: acl name
2199	* @kacl: acl struct
2200	*
2201	* Check permission before setting posix acls, the posix acls in @kacl are
2202	* identified by @acl_name.
2203	*
2204	* Return: Returns 0 if permission is granted.
2205	*/
2206	int security_inode_set_acl(struct mnt_idmap *idmap,
2207	struct dentry *dentry, const char *acl_name,
2208	struct posix_acl *kacl)
2209	{
2210	int ret;
2211
2212	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2213	return 0;
2214	ret = call_int_hook(inode_set_acl, 0, idmap, dentry, acl_name,
2215	kacl);
2216	if (ret)
2217	return ret;
2218	ret = ima_inode_set_acl(idmap, dentry, acl_name, kacl);
2219	if (ret)
2220	return ret;
2221	return evm_inode_set_acl(idmap, dentry, acl_name, kacl);
2222	}
2223
2224	/**
2225	* security_inode_get_acl() - Check if reading posix acls is allowed
2226	* @idmap: idmap of the mount
2227	* @dentry: file
2228	* @acl_name: acl name
2229	*
2230	* Check permission before getting osix acls, the posix acls are identified by
2231	* @acl_name.
2232	*
2233	* Return: Returns 0 if permission is granted.
2234	*/
2235	int security_inode_get_acl(struct mnt_idmap *idmap,
2236	struct dentry *dentry, const char *acl_name)
2237	{
2238	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2239	return 0;
2240	return call_int_hook(inode_get_acl, 0, idmap, dentry, acl_name);
2241	}
2242
2243	/**
2244	* security_inode_remove_acl() - Check if removing a posix acl is allowed
2245	* @idmap: idmap of the mount
2246	* @dentry: file
2247	* @acl_name: acl name
2248	*
2249	* Check permission before removing posix acls, the posix acls are identified
2250	* by @acl_name.
2251	*
2252	* Return: Returns 0 if permission is granted.
2253	*/
2254	int security_inode_remove_acl(struct mnt_idmap *idmap,
2255	struct dentry *dentry, const char *acl_name)
2256	{
2257	int ret;
2258
2259	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2260	return 0;
2261	ret = call_int_hook(inode_remove_acl, 0, idmap, dentry, acl_name);
2262	if (ret)
2263	return ret;
2264	ret = ima_inode_remove_acl(idmap, dentry, acl_name);
2265	if (ret)
2266	return ret;
2267	return evm_inode_remove_acl(idmap, dentry, acl_name);
2268	}
2269
2270	/**
2271	* security_inode_post_setxattr() - Update the inode after a setxattr operation
2272	* @dentry: file
2273	* @name: xattr name
2274	* @value: xattr value
2275	* @size: xattr value size
2276	* @flags: flags
2277	*
2278	* Update inode security field after successful setxattr operation.
2279	*/
2280	void security_inode_post_setxattr(struct dentry *dentry, const char *name,
2281	const void *value, size_t size, int flags)
2282	{
2283	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2284	return;
2285	call_void_hook(inode_post_setxattr, dentry, name, value, size, flags);
2286	evm_inode_post_setxattr(dentry, xattr_name: name, xattr_value: value, xattr_value_len: size);
2287	}
2288
2289	/**
2290	* security_inode_getxattr() - Check if xattr access is allowed
2291	* @dentry: file
2292	* @name: xattr name
2293	*
2294	* Check permission before obtaining the extended attributes identified by
2295	* @name for @dentry.
2296	*
2297	* Return: Returns 0 if permission is granted.
2298	*/
2299	int security_inode_getxattr(struct dentry *dentry, const char *name)
2300	{
2301	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2302	return 0;
2303	return call_int_hook(inode_getxattr, 0, dentry, name);
2304	}
2305
2306	/**
2307	* security_inode_listxattr() - Check if listing xattrs is allowed
2308	* @dentry: file
2309	*
2310	* Check permission before obtaining the list of extended attribute names for
2311	* @dentry.
2312	*
2313	* Return: Returns 0 if permission is granted.
2314	*/
2315	int security_inode_listxattr(struct dentry *dentry)
2316	{
2317	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2318	return 0;
2319	return call_int_hook(inode_listxattr, 0, dentry);
2320	}
2321
2322	/**
2323	* security_inode_removexattr() - Check if removing an xattr is allowed
2324	* @idmap: idmap of the mount
2325	* @dentry: file
2326	* @name: xattr name
2327	*
2328	* Check permission before removing the extended attribute identified by @name
2329	* for @dentry.
2330	*
2331	* Return: Returns 0 if permission is granted.
2332	*/
2333	int security_inode_removexattr(struct mnt_idmap *idmap,
2334	struct dentry *dentry, const char *name)
2335	{
2336	int ret;
2337
2338	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2339	return 0;
2340	/*
2341	* SELinux and Smack integrate the cap call,
2342	* so assume that all LSMs supplying this call do so.
2343	*/
2344	ret = call_int_hook(inode_removexattr, 1, idmap, dentry, name);
2345	if (ret == 1)
2346	ret = cap_inode_removexattr(idmap, dentry, name);
2347	if (ret)
2348	return ret;
2349	ret = ima_inode_removexattr(dentry, xattr_name: name);
2350	if (ret)
2351	return ret;
2352	return evm_inode_removexattr(idmap, dentry, xattr_name: name);
2353	}
2354
2355	/**
2356	* security_inode_need_killpriv() - Check if security_inode_killpriv() required
2357	* @dentry: associated dentry
2358	*
2359	* Called when an inode has been changed to determine if
2360	* security_inode_killpriv() should be called.
2361	*
2362	* Return: Return <0 on error to abort the inode change operation, return 0 if
2363	* security_inode_killpriv() does not need to be called, return >0 if
2364	* security_inode_killpriv() does need to be called.
2365	*/
2366	int security_inode_need_killpriv(struct dentry *dentry)
2367	{
2368	return call_int_hook(inode_need_killpriv, 0, dentry);
2369	}
2370
2371	/**
2372	* security_inode_killpriv() - The setuid bit is removed, update LSM state
2373	* @idmap: idmap of the mount
2374	* @dentry: associated dentry
2375	*
2376	* The @dentry's setuid bit is being removed. Remove similar security labels.
2377	* Called with the dentry->d_inode->i_mutex held.
2378	*
2379	* Return: Return 0 on success. If error is returned, then the operation
2380	* causing setuid bit removal is failed.
2381	*/
2382	int security_inode_killpriv(struct mnt_idmap *idmap,
2383	struct dentry *dentry)
2384	{
2385	return call_int_hook(inode_killpriv, 0, idmap, dentry);
2386	}
2387
2388	/**
2389	* security_inode_getsecurity() - Get the xattr security label of an inode
2390	* @idmap: idmap of the mount
2391	* @inode: inode
2392	* @name: xattr name
2393	* @buffer: security label buffer
2394	* @alloc: allocation flag
2395	*
2396	* Retrieve a copy of the extended attribute representation of the security
2397	* label associated with @name for @inode via @buffer. Note that @name is the
2398	* remainder of the attribute name after the security prefix has been removed.
2399	* @alloc is used to specify if the call should return a value via the buffer
2400	* or just the value length.
2401	*
2402	* Return: Returns size of buffer on success.
2403	*/
2404	int security_inode_getsecurity(struct mnt_idmap *idmap,
2405	struct inode *inode, const char *name,
2406	void **buffer, bool alloc)
2407	{
2408	struct security_hook_list *hp;
2409	int rc;
2410
2411	if (unlikely(IS_PRIVATE(inode)))
2412	return LSM_RET_DEFAULT(inode_getsecurity);
2413	/*
2414	* Only one module will provide an attribute with a given name.
2415	*/
2416	hlist_for_each_entry(hp, &security_hook_heads.inode_getsecurity, list) {
2417	rc = hp->hook.inode_getsecurity(idmap, inode, name, buffer,
2418	alloc);
2419	if (rc != LSM_RET_DEFAULT(inode_getsecurity))
2420	return rc;
2421	}
2422	return LSM_RET_DEFAULT(inode_getsecurity);
2423	}
2424
2425	/**
2426	* security_inode_setsecurity() - Set the xattr security label of an inode
2427	* @inode: inode
2428	* @name: xattr name
2429	* @value: security label
2430	* @size: length of security label
2431	* @flags: flags
2432	*
2433	* Set the security label associated with @name for @inode from the extended
2434	* attribute value @value. @size indicates the size of the @value in bytes.
2435	* @flags may be XATTR_CREATE, XATTR_REPLACE, or 0. Note that @name is the
2436	* remainder of the attribute name after the security. prefix has been removed.
2437	*
2438	* Return: Returns 0 on success.
2439	*/
2440	int security_inode_setsecurity(struct inode *inode, const char *name,
2441	const void *value, size_t size, int flags)
2442	{
2443	struct security_hook_list *hp;
2444	int rc;
2445
2446	if (unlikely(IS_PRIVATE(inode)))
2447	return LSM_RET_DEFAULT(inode_setsecurity);
2448	/*
2449	* Only one module will provide an attribute with a given name.
2450	*/
2451	hlist_for_each_entry(hp, &security_hook_heads.inode_setsecurity, list) {
2452	rc = hp->hook.inode_setsecurity(inode, name, value, size,
2453	flags);
2454	if (rc != LSM_RET_DEFAULT(inode_setsecurity))
2455	return rc;
2456	}
2457	return LSM_RET_DEFAULT(inode_setsecurity);
2458	}
2459
2460	/**
2461	* security_inode_listsecurity() - List the xattr security label names
2462	* @inode: inode
2463	* @buffer: buffer
2464	* @buffer_size: size of buffer
2465	*
2466	* Copy the extended attribute names for the security labels associated with
2467	* @inode into @buffer. The maximum size of @buffer is specified by
2468	* @buffer_size. @buffer may be NULL to request the size of the buffer
2469	* required.
2470	*
2471	* Return: Returns number of bytes used/required on success.
2472	*/
2473	int security_inode_listsecurity(struct inode *inode,
2474	char *buffer, size_t buffer_size)
2475	{
2476	if (unlikely(IS_PRIVATE(inode)))
2477	return 0;
2478	return call_int_hook(inode_listsecurity, 0, inode, buffer, buffer_size);
2479	}
2480	EXPORT_SYMBOL(security_inode_listsecurity);
2481
2482	/**
2483	* security_inode_getsecid() - Get an inode's secid
2484	* @inode: inode
2485	* @secid: secid to return
2486	*
2487	* Get the secid associated with the node. In case of failure, @secid will be
2488	* set to zero.
2489	*/
2490	void security_inode_getsecid(struct inode *inode, u32 *secid)
2491	{
2492	call_void_hook(inode_getsecid, inode, secid);
2493	}
2494
2495	/**
2496	* security_inode_copy_up() - Create new creds for an overlayfs copy-up op
2497	* @src: union dentry of copy-up file
2498	* @new: newly created creds
2499	*
2500	* A file is about to be copied up from lower layer to upper layer of overlay
2501	* filesystem. Security module can prepare a set of new creds and modify as
2502	* need be and return new creds. Caller will switch to new creds temporarily to
2503	* create new file and release newly allocated creds.
2504	*
2505	* Return: Returns 0 on success or a negative error code on error.
2506	*/
2507	int security_inode_copy_up(struct dentry *src, struct cred **new)
2508	{
2509	return call_int_hook(inode_copy_up, 0, src, new);
2510	}
2511	EXPORT_SYMBOL(security_inode_copy_up);
2512
2513	/**
2514	* security_inode_copy_up_xattr() - Filter xattrs in an overlayfs copy-up op
2515	* @name: xattr name
2516	*
2517	* Filter the xattrs being copied up when a unioned file is copied up from a
2518	* lower layer to the union/overlay layer. The caller is responsible for
2519	* reading and writing the xattrs, this hook is merely a filter.
2520	*
2521	* Return: Returns 0 to accept the xattr, 1 to discard the xattr, -EOPNOTSUPP
2522	* if the security module does not know about attribute, or a negative
2523	* error code to abort the copy up.
2524	*/
2525	int security_inode_copy_up_xattr(const char *name)
2526	{
2527	struct security_hook_list *hp;
2528	int rc;
2529
2530	/*
2531	* The implementation can return 0 (accept the xattr), 1 (discard the
2532	* xattr), -EOPNOTSUPP if it does not know anything about the xattr or
2533	* any other error code in case of an error.
2534	*/
2535	hlist_for_each_entry(hp,
2536	&security_hook_heads.inode_copy_up_xattr, list) {
2537	rc = hp->hook.inode_copy_up_xattr(name);
2538	if (rc != LSM_RET_DEFAULT(inode_copy_up_xattr))
2539	return rc;
2540	}
2541
2542	return LSM_RET_DEFAULT(inode_copy_up_xattr);
2543	}
2544	EXPORT_SYMBOL(security_inode_copy_up_xattr);
2545
2546	/**
2547	* security_kernfs_init_security() - Init LSM context for a kernfs node
2548	* @kn_dir: parent kernfs node
2549	* @kn: the kernfs node to initialize
2550	*
2551	* Initialize the security context of a newly created kernfs node based on its
2552	* own and its parent's attributes.
2553	*
2554	* Return: Returns 0 if permission is granted.
2555	*/
2556	int security_kernfs_init_security(struct kernfs_node *kn_dir,
2557	struct kernfs_node *kn)
2558	{
2559	return call_int_hook(kernfs_init_security, 0, kn_dir, kn);
2560	}
2561
2562	/**
2563	* security_file_permission() - Check file permissions
2564	* @file: file
2565	* @mask: requested permissions
2566	*
2567	* Check file permissions before accessing an open file. This hook is called
2568	* by various operations that read or write files. A security module can use
2569	* this hook to perform additional checking on these operations, e.g. to
2570	* revalidate permissions on use to support privilege bracketing or policy
2571	* changes. Notice that this hook is used when the actual read/write
2572	* operations are performed, whereas the inode_security_ops hook is called when
2573	* a file is opened (as well as many other operations). Although this hook can
2574	* be used to revalidate permissions for various system call operations that
2575	* read or write files, it does not address the revalidation of permissions for
2576	* memory-mapped files. Security modules must handle this separately if they
2577	* need such revalidation.
2578	*
2579	* Return: Returns 0 if permission is granted.
2580	*/
2581	int security_file_permission(struct file *file, int mask)
2582	{
2583	int ret;
2584
2585	ret = call_int_hook(file_permission, 0, file, mask);
2586	if (ret)
2587	return ret;
2588
2589	return fsnotify_perm(file, mask);
2590	}
2591
2592	/**
2593	* security_file_alloc() - Allocate and init a file's LSM blob
2594	* @file: the file
2595	*
2596	* Allocate and attach a security structure to the file->f_security field. The
2597	* security field is initialized to NULL when the structure is first created.
2598	*
2599	* Return: Return 0 if the hook is successful and permission is granted.
2600	*/
2601	int security_file_alloc(struct file *file)
2602	{
2603	int rc = lsm_file_alloc(file);
2604
2605	if (rc)
2606	return rc;
2607	rc = call_int_hook(file_alloc_security, 0, file);
2608	if (unlikely(rc))
2609	security_file_free(file);
2610	return rc;
2611	}
2612
2613	/**
2614	* security_file_free() - Free a file's LSM blob
2615	* @file: the file
2616	*
2617	* Deallocate and free any security structures stored in file->f_security.
2618	*/
2619	void security_file_free(struct file *file)
2620	{
2621	void *blob;
2622
2623	call_void_hook(file_free_security, file);
2624
2625	blob = file->f_security;
2626	if (blob) {
2627	file->f_security = NULL;
2628	kmem_cache_free(s: lsm_file_cache, objp: blob);
2629	}
2630	}
2631
2632	/**
2633	* security_file_ioctl() - Check if an ioctl is allowed
2634	* @file: associated file
2635	* @cmd: ioctl cmd
2636	* @arg: ioctl arguments
2637	*
2638	* Check permission for an ioctl operation on @file. Note that @arg sometimes
2639	* represents a user space pointer; in other cases, it may be a simple integer
2640	* value. When @arg represents a user space pointer, it should never be used
2641	* by the security module.
2642	*
2643	* Return: Returns 0 if permission is granted.
2644	*/
2645	int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2646	{
2647	return call_int_hook(file_ioctl, 0, file, cmd, arg);
2648	}
2649	EXPORT_SYMBOL_GPL(security_file_ioctl);
2650
2651	static inline unsigned long mmap_prot(struct file *file, unsigned long prot)
2652	{
2653	/*
2654	* Does we have PROT_READ and does the application expect
2655	* it to imply PROT_EXEC? If not, nothing to talk about...
2656	*/
2657	if ((prot & (PROT_READ | PROT_EXEC)) != PROT_READ)
2658	return prot;
2659	if (!(current->personality & READ_IMPLIES_EXEC))
2660	return prot;
2661	/*
2662	* if that's an anonymous mapping, let it.
2663	*/
2664	if (!file)
2665	return prot | PROT_EXEC;
2666	/*
2667	* ditto if it's not on noexec mount, except that on !MMU we need
2668	* NOMMU_MAP_EXEC (== VM_MAYEXEC) in this case
2669	*/
2670	if (!path_noexec(path: &file->f_path)) {
2671	#ifndef CONFIG_MMU
2672	if (file->f_op->mmap_capabilities) {
2673	unsigned caps = file->f_op->mmap_capabilities(file);
2674	if (!(caps & NOMMU_MAP_EXEC))
2675	return prot;
2676	}
2677	#endif
2678	return prot | PROT_EXEC;
2679	}
2680	/* anything on noexec mount won't get PROT_EXEC */
2681	return prot;
2682	}
2683
2684	/**
2685	* security_mmap_file() - Check if mmap'ing a file is allowed
2686	* @file: file
2687	* @prot: protection applied by the kernel
2688	* @flags: flags
2689	*
2690	* Check permissions for a mmap operation. The @file may be NULL, e.g. if
2691	* mapping anonymous memory.
2692	*
2693	* Return: Returns 0 if permission is granted.
2694	*/
2695	int security_mmap_file(struct file *file, unsigned long prot,
2696	unsigned long flags)
2697	{
2698	unsigned long prot_adj = mmap_prot(file, prot);
2699	int ret;
2700
2701	ret = call_int_hook(mmap_file, 0, file, prot, prot_adj, flags);
2702	if (ret)
2703	return ret;
2704	return ima_file_mmap(file, reqprot: prot, prot: prot_adj, flags);
2705	}
2706
2707	/**
2708	* security_mmap_addr() - Check if mmap'ing an address is allowed
2709	* @addr: address
2710	*
2711	* Check permissions for a mmap operation at @addr.
2712	*
2713	* Return: Returns 0 if permission is granted.
2714	*/
2715	int security_mmap_addr(unsigned long addr)
2716	{
2717	return call_int_hook(mmap_addr, 0, addr);
2718	}
2719
2720	/**
2721	* security_file_mprotect() - Check if changing memory protections is allowed
2722	* @vma: memory region
2723	* @reqprot: application requested protection
2724	* @prot: protection applied by the kernel
2725	*
2726	* Check permissions before changing memory access permissions.
2727	*
2728	* Return: Returns 0 if permission is granted.
2729	*/
2730	int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
2731	unsigned long prot)
2732	{
2733	int ret;
2734
2735	ret = call_int_hook(file_mprotect, 0, vma, reqprot, prot);
2736	if (ret)
2737	return ret;
2738	return ima_file_mprotect(vma, prot);
2739	}
2740
2741	/**
2742	* security_file_lock() - Check if a file lock is allowed
2743	* @file: file
2744	* @cmd: lock operation (e.g. F_RDLCK, F_WRLCK)
2745	*
2746	* Check permission before performing file locking operations. Note the hook
2747	* mediates both flock and fcntl style locks.
2748	*
2749	* Return: Returns 0 if permission is granted.
2750	*/
2751	int security_file_lock(struct file *file, unsigned int cmd)
2752	{
2753	return call_int_hook(file_lock, 0, file, cmd);
2754	}
2755
2756	/**
2757	* security_file_fcntl() - Check if fcntl() op is allowed
2758	* @file: file
2759	* @cmd: fcntl command
2760	* @arg: command argument
2761	*
2762	* Check permission before allowing the file operation specified by @cmd from
2763	* being performed on the file @file. Note that @arg sometimes represents a
2764	* user space pointer; in other cases, it may be a simple integer value. When
2765	* @arg represents a user space pointer, it should never be used by the
2766	* security module.
2767	*
2768	* Return: Returns 0 if permission is granted.
2769	*/
2770	int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
2771	{
2772	return call_int_hook(file_fcntl, 0, file, cmd, arg);
2773	}
2774
2775	/**
2776	* security_file_set_fowner() - Set the file owner info in the LSM blob
2777	* @file: the file
2778	*
2779	* Save owner security information (typically from current->security) in
2780	* file->f_security for later use by the send_sigiotask hook.
2781	*
2782	* Return: Returns 0 on success.
2783	*/
2784	void security_file_set_fowner(struct file *file)
2785	{
2786	call_void_hook(file_set_fowner, file);
2787	}
2788
2789	/**
2790	* security_file_send_sigiotask() - Check if sending SIGIO/SIGURG is allowed
2791	* @tsk: target task
2792	* @fown: signal sender
2793	* @sig: signal to be sent, SIGIO is sent if 0
2794	*
2795	* Check permission for the file owner @fown to send SIGIO or SIGURG to the
2796	* process @tsk. Note that this hook is sometimes called from interrupt. Note
2797	* that the fown_struct, @fown, is never outside the context of a struct file,
2798	* so the file structure (and associated security information) can always be
2799	* obtained: container_of(fown, struct file, f_owner).
2800	*
2801	* Return: Returns 0 if permission is granted.
2802	*/
2803	int security_file_send_sigiotask(struct task_struct *tsk,
2804	struct fown_struct *fown, int sig)
2805	{
2806	return call_int_hook(file_send_sigiotask, 0, tsk, fown, sig);
2807	}
2808
2809	/**
2810	* security_file_receive() - Check is receiving a file via IPC is allowed
2811	* @file: file being received
2812	*
2813	* This hook allows security modules to control the ability of a process to
2814	* receive an open file descriptor via socket IPC.
2815	*
2816	* Return: Returns 0 if permission is granted.
2817	*/
2818	int security_file_receive(struct file *file)
2819	{
2820	return call_int_hook(file_receive, 0, file);
2821	}
2822
2823	/**
2824	* security_file_open() - Save open() time state for late use by the LSM
2825	* @file:
2826	*
2827	* Save open-time permission checking state for later use upon file_permission,
2828	* and recheck access if anything has changed since inode_permission.
2829	*
2830	* Return: Returns 0 if permission is granted.
2831	*/
2832	int security_file_open(struct file *file)
2833	{
2834	int ret;
2835
2836	ret = call_int_hook(file_open, 0, file);
2837	if (ret)
2838	return ret;
2839
2840	return fsnotify_perm(file, MAY_OPEN);
2841	}
2842
2843	/**
2844	* security_file_truncate() - Check if truncating a file is allowed
2845	* @file: file
2846	*
2847	* Check permission before truncating a file, i.e. using ftruncate. Note that
2848	* truncation permission may also be checked based on the path, using the
2849	* @path_truncate hook.
2850	*
2851	* Return: Returns 0 if permission is granted.
2852	*/
2853	int security_file_truncate(struct file *file)
2854	{
2855	return call_int_hook(file_truncate, 0, file);
2856	}
2857
2858	/**
2859	* security_task_alloc() - Allocate a task's LSM blob
2860	* @task: the task
2861	* @clone_flags: flags indicating what is being shared
2862	*
2863	* Handle allocation of task-related resources.
2864	*
2865	* Return: Returns a zero on success, negative values on failure.
2866	*/
2867	int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
2868	{
2869	int rc = lsm_task_alloc(task);
2870
2871	if (rc)
2872	return rc;
2873	rc = call_int_hook(task_alloc, 0, task, clone_flags);
2874	if (unlikely(rc))
2875	security_task_free(task);
2876	return rc;
2877	}
2878
2879	/**
2880	* security_task_free() - Free a task's LSM blob and related resources
2881	* @task: task
2882	*
2883	* Handle release of task-related resources. Note that this can be called from
2884	* interrupt context.
2885	*/
2886	void security_task_free(struct task_struct *task)
2887	{
2888	call_void_hook(task_free, task);
2889
2890	kfree(objp: task->security);
2891	task->security = NULL;
2892	}
2893
2894	/**
2895	* security_cred_alloc_blank() - Allocate the min memory to allow cred_transfer
2896	* @cred: credentials
2897	* @gfp: gfp flags
2898	*
2899	* Only allocate sufficient memory and attach to @cred such that
2900	* cred_transfer() will not get ENOMEM.
2901	*
2902	* Return: Returns 0 on success, negative values on failure.
2903	*/
2904	int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
2905	{
2906	int rc = lsm_cred_alloc(cred, gfp);
2907
2908	if (rc)
2909	return rc;
2910
2911	rc = call_int_hook(cred_alloc_blank, 0, cred, gfp);
2912	if (unlikely(rc))
2913	security_cred_free(cred);
2914	return rc;
2915	}
2916
2917	/**
2918	* security_cred_free() - Free the cred's LSM blob and associated resources
2919	* @cred: credentials
2920	*
2921	* Deallocate and clear the cred->security field in a set of credentials.
2922	*/
2923	void security_cred_free(struct cred *cred)
2924	{
2925	/*
2926	* There is a failure case in prepare_creds() that
2927	* may result in a call here with ->security being NULL.
2928	*/
2929	if (unlikely(cred->security == NULL))
2930	return;
2931
2932	call_void_hook(cred_free, cred);
2933
2934	kfree(objp: cred->security);
2935	cred->security = NULL;
2936	}
2937
2938	/**
2939	* security_prepare_creds() - Prepare a new set of credentials
2940	* @new: new credentials
2941	* @old: original credentials
2942	* @gfp: gfp flags
2943	*
2944	* Prepare a new set of credentials by copying the data from the old set.
2945	*
2946	* Return: Returns 0 on success, negative values on failure.
2947	*/
2948	int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp)
2949	{
2950	int rc = lsm_cred_alloc(cred: new, gfp);
2951
2952	if (rc)
2953	return rc;
2954
2955	rc = call_int_hook(cred_prepare, 0, new, old, gfp);
2956	if (unlikely(rc))
2957	security_cred_free(cred: new);
2958	return rc;
2959	}
2960
2961	/**
2962	* security_transfer_creds() - Transfer creds
2963	* @new: target credentials
2964	* @old: original credentials
2965	*
2966	* Transfer data from original creds to new creds.
2967	*/
2968	void security_transfer_creds(struct cred *new, const struct cred *old)
2969	{
2970	call_void_hook(cred_transfer, new, old);
2971	}
2972
2973	/**
2974	* security_cred_getsecid() - Get the secid from a set of credentials
2975	* @c: credentials
2976	* @secid: secid value
2977	*
2978	* Retrieve the security identifier of the cred structure @c. In case of
2979	* failure, @secid will be set to zero.
2980	*/
2981	void security_cred_getsecid(const struct cred *c, u32 *secid)
2982	{
2983	*secid = 0;
2984	call_void_hook(cred_getsecid, c, secid);
2985	}
2986	EXPORT_SYMBOL(security_cred_getsecid);
2987
2988	/**
2989	* security_kernel_act_as() - Set the kernel credentials to act as secid
2990	* @new: credentials
2991	* @secid: secid
2992	*
2993	* Set the credentials for a kernel service to act as (subjective context).
2994	* The current task must be the one that nominated @secid.
2995	*
2996	* Return: Returns 0 if successful.
2997	*/
2998	int security_kernel_act_as(struct cred *new, u32 secid)
2999	{
3000	return call_int_hook(kernel_act_as, 0, new, secid);
3001	}
3002
3003	/**
3004	* security_kernel_create_files_as() - Set file creation context using an inode
3005	* @new: target credentials
3006	* @inode: reference inode
3007	*
3008	* Set the file creation context in a set of credentials to be the same as the
3009	* objective context of the specified inode. The current task must be the one
3010	* that nominated @inode.
3011	*
3012	* Return: Returns 0 if successful.
3013	*/
3014	int security_kernel_create_files_as(struct cred *new, struct inode *inode)
3015	{
3016	return call_int_hook(kernel_create_files_as, 0, new, inode);
3017	}
3018
3019	/**
3020	* security_kernel_module_request() - Check is loading a module is allowed
3021	* @kmod_name: module name
3022	*
3023	* Ability to trigger the kernel to automatically upcall to userspace for
3024	* userspace to load a kernel module with the given name.
3025	*
3026	* Return: Returns 0 if successful.
3027	*/
3028	int security_kernel_module_request(char *kmod_name)
3029	{
3030	int ret;
3031
3032	ret = call_int_hook(kernel_module_request, 0, kmod_name);
3033	if (ret)
3034	return ret;
3035	return integrity_kernel_module_request(kmod_name);
3036	}
3037
3038	/**
3039	* security_kernel_read_file() - Read a file specified by userspace
3040	* @file: file
3041	* @id: file identifier
3042	* @contents: trust if security_kernel_post_read_file() will be called
3043	*
3044	* Read a file specified by userspace.
3045	*
3046	* Return: Returns 0 if permission is granted.
3047	*/
3048	int security_kernel_read_file(struct file *file, enum kernel_read_file_id id,
3049	bool contents)
3050	{
3051	int ret;
3052
3053	ret = call_int_hook(kernel_read_file, 0, file, id, contents);
3054	if (ret)
3055	return ret;
3056	return ima_read_file(file, id, contents);
3057	}
3058	EXPORT_SYMBOL_GPL(security_kernel_read_file);
3059
3060	/**
3061	* security_kernel_post_read_file() - Read a file specified by userspace
3062	* @file: file
3063	* @buf: file contents
3064	* @size: size of file contents
3065	* @id: file identifier
3066	*
3067	* Read a file specified by userspace. This must be paired with a prior call
3068	* to security_kernel_read_file() call that indicated this hook would also be
3069	* called, see security_kernel_read_file() for more information.
3070	*
3071	* Return: Returns 0 if permission is granted.
3072	*/
3073	int security_kernel_post_read_file(struct file *file, char *buf, loff_t size,
3074	enum kernel_read_file_id id)
3075	{
3076	int ret;
3077
3078	ret = call_int_hook(kernel_post_read_file, 0, file, buf, size, id);
3079	if (ret)
3080	return ret;
3081	return ima_post_read_file(file, buf, size, id);
3082	}
3083	EXPORT_SYMBOL_GPL(security_kernel_post_read_file);
3084
3085	/**
3086	* security_kernel_load_data() - Load data provided by userspace
3087	* @id: data identifier
3088	* @contents: true if security_kernel_post_load_data() will be called
3089	*
3090	* Load data provided by userspace.
3091	*
3092	* Return: Returns 0 if permission is granted.
3093	*/
3094	int security_kernel_load_data(enum kernel_load_data_id id, bool contents)
3095	{
3096	int ret;
3097
3098	ret = call_int_hook(kernel_load_data, 0, id, contents);
3099	if (ret)
3100	return ret;
3101	return ima_load_data(id, contents);
3102	}
3103	EXPORT_SYMBOL_GPL(security_kernel_load_data);
3104
3105	/**
3106	* security_kernel_post_load_data() - Load userspace data from a non-file source
3107	* @buf: data
3108	* @size: size of data
3109	* @id: data identifier
3110	* @description: text description of data, specific to the id value
3111	*
3112	* Load data provided by a non-file source (usually userspace buffer). This
3113	* must be paired with a prior security_kernel_load_data() call that indicated
3114	* this hook would also be called, see security_kernel_load_data() for more
3115	* information.
3116	*
3117	* Return: Returns 0 if permission is granted.
3118	*/
3119	int security_kernel_post_load_data(char *buf, loff_t size,
3120	enum kernel_load_data_id id,
3121	char *description)
3122	{
3123	int ret;
3124
3125	ret = call_int_hook(kernel_post_load_data, 0, buf, size, id,
3126	description);
3127	if (ret)
3128	return ret;
3129	return ima_post_load_data(buf, size, id, description);
3130	}
3131	EXPORT_SYMBOL_GPL(security_kernel_post_load_data);
3132
3133	/**
3134	* security_task_fix_setuid() - Update LSM with new user id attributes
3135	* @new: updated credentials
3136	* @old: credentials being replaced
3137	* @flags: LSM_SETID_* flag values
3138	*
3139	* Update the module's state after setting one or more of the user identity
3140	* attributes of the current process. The @flags parameter indicates which of
3141	* the set*uid system calls invoked this hook. If @new is the set of
3142	* credentials that will be installed. Modifications should be made to this
3143	* rather than to @current->cred.
3144	*
3145	* Return: Returns 0 on success.
3146	*/
3147	int security_task_fix_setuid(struct cred *new, const struct cred *old,
3148	int flags)
3149	{
3150	return call_int_hook(task_fix_setuid, 0, new, old, flags);
3151	}
3152
3153	/**
3154	* security_task_fix_setgid() - Update LSM with new group id attributes
3155	* @new: updated credentials
3156	* @old: credentials being replaced
3157	* @flags: LSM_SETID_* flag value
3158	*
3159	* Update the module's state after setting one or more of the group identity
3160	* attributes of the current process. The @flags parameter indicates which of
3161	* the set*gid system calls invoked this hook. @new is the set of credentials
3162	* that will be installed. Modifications should be made to this rather than to
3163	* @current->cred.
3164	*
3165	* Return: Returns 0 on success.
3166	*/
3167	int security_task_fix_setgid(struct cred *new, const struct cred *old,
3168	int flags)
3169	{
3170	return call_int_hook(task_fix_setgid, 0, new, old, flags);
3171	}
3172
3173	/**
3174	* security_task_fix_setgroups() - Update LSM with new supplementary groups
3175	* @new: updated credentials
3176	* @old: credentials being replaced
3177	*
3178	* Update the module's state after setting the supplementary group identity
3179	* attributes of the current process. @new is the set of credentials that will
3180	* be installed. Modifications should be made to this rather than to
3181	* @current->cred.
3182	*
3183	* Return: Returns 0 on success.
3184	*/
3185	int security_task_fix_setgroups(struct cred *new, const struct cred *old)
3186	{
3187	return call_int_hook(task_fix_setgroups, 0, new, old);
3188	}
3189
3190	/**
3191	* security_task_setpgid() - Check if setting the pgid is allowed
3192	* @p: task being modified
3193	* @pgid: new pgid
3194	*
3195	* Check permission before setting the process group identifier of the process
3196	* @p to @pgid.
3197	*
3198	* Return: Returns 0 if permission is granted.
3199	*/
3200	int security_task_setpgid(struct task_struct *p, pid_t pgid)
3201	{
3202	return call_int_hook(task_setpgid, 0, p, pgid);
3203	}
3204
3205	/**
3206	* security_task_getpgid() - Check if getting the pgid is allowed
3207	* @p: task
3208	*
3209	* Check permission before getting the process group identifier of the process
3210	* @p.
3211	*
3212	* Return: Returns 0 if permission is granted.
3213	*/
3214	int security_task_getpgid(struct task_struct *p)
3215	{
3216	return call_int_hook(task_getpgid, 0, p);
3217	}
3218
3219	/**
3220	* security_task_getsid() - Check if getting the session id is allowed
3221	* @p: task
3222	*
3223	* Check permission before getting the session identifier of the process @p.
3224	*
3225	* Return: Returns 0 if permission is granted.
3226	*/
3227	int security_task_getsid(struct task_struct *p)
3228	{
3229	return call_int_hook(task_getsid, 0, p);
3230	}
3231
3232	/**
3233	* security_current_getsecid_subj() - Get the current task's subjective secid
3234	* @secid: secid value
3235	*
3236	* Retrieve the subjective security identifier of the current task and return
3237	* it in @secid. In case of failure, @secid will be set to zero.
3238	*/
3239	void security_current_getsecid_subj(u32 *secid)
3240	{
3241	*secid = 0;
3242	call_void_hook(current_getsecid_subj, secid);
3243	}
3244	EXPORT_SYMBOL(security_current_getsecid_subj);
3245
3246	/**
3247	* security_task_getsecid_obj() - Get a task's objective secid
3248	* @p: target task
3249	* @secid: secid value
3250	*
3251	* Retrieve the objective security identifier of the task_struct in @p and
3252	* return it in @secid. In case of failure, @secid will be set to zero.
3253	*/
3254	void security_task_getsecid_obj(struct task_struct *p, u32 *secid)
3255	{
3256	*secid = 0;
3257	call_void_hook(task_getsecid_obj, p, secid);
3258	}
3259	EXPORT_SYMBOL(security_task_getsecid_obj);
3260
3261	/**
3262	* security_task_setnice() - Check if setting a task's nice value is allowed
3263	* @p: target task
3264	* @nice: nice value
3265	*
3266	* Check permission before setting the nice value of @p to @nice.
3267	*
3268	* Return: Returns 0 if permission is granted.
3269	*/
3270	int security_task_setnice(struct task_struct *p, int nice)
3271	{
3272	return call_int_hook(task_setnice, 0, p, nice);
3273	}
3274
3275	/**
3276	* security_task_setioprio() - Check if setting a task's ioprio is allowed
3277	* @p: target task
3278	* @ioprio: ioprio value
3279	*
3280	* Check permission before setting the ioprio value of @p to @ioprio.
3281	*
3282	* Return: Returns 0 if permission is granted.
3283	*/
3284	int security_task_setioprio(struct task_struct *p, int ioprio)
3285	{
3286	return call_int_hook(task_setioprio, 0, p, ioprio);
3287	}
3288
3289	/**
3290	* security_task_getioprio() - Check if getting a task's ioprio is allowed
3291	* @p: task
3292	*
3293	* Check permission before getting the ioprio value of @p.
3294	*
3295	* Return: Returns 0 if permission is granted.
3296	*/
3297	int security_task_getioprio(struct task_struct *p)
3298	{
3299	return call_int_hook(task_getioprio, 0, p);
3300	}
3301
3302	/**
3303	* security_task_prlimit() - Check if get/setting resources limits is allowed
3304	* @cred: current task credentials
3305	* @tcred: target task credentials
3306	* @flags: LSM_PRLIMIT_* flag bits indicating a get/set/both
3307	*
3308	* Check permission before getting and/or setting the resource limits of
3309	* another task.
3310	*
3311	* Return: Returns 0 if permission is granted.
3312	*/
3313	int security_task_prlimit(const struct cred *cred, const struct cred *tcred,
3314	unsigned int flags)
3315	{
3316	return call_int_hook(task_prlimit, 0, cred, tcred, flags);
3317	}
3318
3319	/**
3320	* security_task_setrlimit() - Check if setting a new rlimit value is allowed
3321	* @p: target task's group leader
3322	* @resource: resource whose limit is being set
3323	* @new_rlim: new resource limit
3324	*
3325	* Check permission before setting the resource limits of process @p for
3326	* @resource to @new_rlim. The old resource limit values can be examined by
3327	* dereferencing (p->signal->rlim + resource).
3328	*
3329	* Return: Returns 0 if permission is granted.
3330	*/
3331	int security_task_setrlimit(struct task_struct *p, unsigned int resource,
3332	struct rlimit *new_rlim)
3333	{
3334	return call_int_hook(task_setrlimit, 0, p, resource, new_rlim);
3335	}
3336
3337	/**
3338	* security_task_setscheduler() - Check if setting sched policy/param is allowed
3339	* @p: target task
3340	*
3341	* Check permission before setting scheduling policy and/or parameters of
3342	* process @p.
3343	*
3344	* Return: Returns 0 if permission is granted.
3345	*/
3346	int security_task_setscheduler(struct task_struct *p)
3347	{
3348	return call_int_hook(task_setscheduler, 0, p);
3349	}
3350
3351	/**
3352	* security_task_getscheduler() - Check if getting scheduling info is allowed
3353	* @p: target task
3354	*
3355	* Check permission before obtaining scheduling information for process @p.
3356	*
3357	* Return: Returns 0 if permission is granted.
3358	*/
3359	int security_task_getscheduler(struct task_struct *p)
3360	{
3361	return call_int_hook(task_getscheduler, 0, p);
3362	}
3363
3364	/**
3365	* security_task_movememory() - Check if moving memory is allowed
3366	* @p: task
3367	*
3368	* Check permission before moving memory owned by process @p.
3369	*
3370	* Return: Returns 0 if permission is granted.
3371	*/
3372	int security_task_movememory(struct task_struct *p)
3373	{
3374	return call_int_hook(task_movememory, 0, p);
3375	}
3376
3377	/**
3378	* security_task_kill() - Check if sending a signal is allowed
3379	* @p: target process
3380	* @info: signal information
3381	* @sig: signal value
3382	* @cred: credentials of the signal sender, NULL if @current
3383	*
3384	* Check permission before sending signal @sig to @p. @info can be NULL, the
3385	* constant 1, or a pointer to a kernel_siginfo structure. If @info is 1 or
3386	* SI_FROMKERNEL(info) is true, then the signal should be viewed as coming from
3387	* the kernel and should typically be permitted. SIGIO signals are handled
3388	* separately by the send_sigiotask hook in file_security_ops.
3389	*
3390	* Return: Returns 0 if permission is granted.
3391	*/
3392	int security_task_kill(struct task_struct *p, struct kernel_siginfo *info,
3393	int sig, const struct cred *cred)
3394	{
3395	return call_int_hook(task_kill, 0, p, info, sig, cred);
3396	}
3397
3398	/**
3399	* security_task_prctl() - Check if a prctl op is allowed
3400	* @option: operation
3401	* @arg2: argument
3402	* @arg3: argument
3403	* @arg4: argument
3404	* @arg5: argument
3405	*
3406	* Check permission before performing a process control operation on the
3407	* current process.
3408	*
3409	* Return: Return -ENOSYS if no-one wanted to handle this op, any other value
3410	* to cause prctl() to return immediately with that value.
3411	*/
3412	int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
3413	unsigned long arg4, unsigned long arg5)
3414	{
3415	int thisrc;
3416	int rc = LSM_RET_DEFAULT(task_prctl);
3417	struct security_hook_list *hp;
3418
3419	hlist_for_each_entry(hp, &security_hook_heads.task_prctl, list) {
3420	thisrc = hp->hook.task_prctl(option, arg2, arg3, arg4, arg5);
3421	if (thisrc != LSM_RET_DEFAULT(task_prctl)) {
3422	rc = thisrc;
3423	if (thisrc != 0)
3424	break;
3425	}
3426	}
3427	return rc;
3428	}
3429
3430	/**
3431	* security_task_to_inode() - Set the security attributes of a task's inode
3432	* @p: task
3433	* @inode: inode
3434	*
3435	* Set the security attributes for an inode based on an associated task's
3436	* security attributes, e.g. for /proc/pid inodes.
3437	*/
3438	void security_task_to_inode(struct task_struct *p, struct inode *inode)
3439	{
3440	call_void_hook(task_to_inode, p, inode);
3441	}
3442
3443	/**
3444	* security_create_user_ns() - Check if creating a new userns is allowed
3445	* @cred: prepared creds
3446	*
3447	* Check permission prior to creating a new user namespace.
3448	*
3449	* Return: Returns 0 if successful, otherwise < 0 error code.
3450	*/
3451	int security_create_user_ns(const struct cred *cred)
3452	{
3453	return call_int_hook(userns_create, 0, cred);
3454	}
3455
3456	/**
3457	* security_ipc_permission() - Check if sysv ipc access is allowed
3458	* @ipcp: ipc permission structure
3459	* @flag: requested permissions
3460	*
3461	* Check permissions for access to IPC.
3462	*
3463	* Return: Returns 0 if permission is granted.
3464	*/
3465	int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
3466	{
3467	return call_int_hook(ipc_permission, 0, ipcp, flag);
3468	}
3469
3470	/**
3471	* security_ipc_getsecid() - Get the sysv ipc object's secid
3472	* @ipcp: ipc permission structure
3473	* @secid: secid pointer
3474	*
3475	* Get the secid associated with the ipc object. In case of failure, @secid
3476	* will be set to zero.
3477	*/
3478	void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
3479	{
3480	*secid = 0;
3481	call_void_hook(ipc_getsecid, ipcp, secid);
3482	}
3483
3484	/**
3485	* security_msg_msg_alloc() - Allocate a sysv ipc message LSM blob
3486	* @msg: message structure
3487	*
3488	* Allocate and attach a security structure to the msg->security field. The
3489	* security field is initialized to NULL when the structure is first created.
3490	*
3491	* Return: Return 0 if operation was successful and permission is granted.
3492	*/
3493	int security_msg_msg_alloc(struct msg_msg *msg)
3494	{
3495	int rc = lsm_msg_msg_alloc(mp: msg);
3496
3497	if (unlikely(rc))
3498	return rc;
3499	rc = call_int_hook(msg_msg_alloc_security, 0, msg);
3500	if (unlikely(rc))
3501	security_msg_msg_free(msg);
3502	return rc;
3503	}
3504
3505	/**
3506	* security_msg_msg_free() - Free a sysv ipc message LSM blob
3507	* @msg: message structure
3508	*
3509	* Deallocate the security structure for this message.
3510	*/
3511	void security_msg_msg_free(struct msg_msg *msg)
3512	{
3513	call_void_hook(msg_msg_free_security, msg);
3514	kfree(objp: msg->security);
3515	msg->security = NULL;
3516	}
3517
3518	/**
3519	* security_msg_queue_alloc() - Allocate a sysv ipc msg queue LSM blob
3520	* @msq: sysv ipc permission structure
3521	*
3522	* Allocate and attach a security structure to @msg. The security field is
3523	* initialized to NULL when the structure is first created.
3524	*
3525	* Return: Returns 0 if operation was successful and permission is granted.
3526	*/
3527	int security_msg_queue_alloc(struct kern_ipc_perm *msq)
3528	{
3529	int rc = lsm_ipc_alloc(kip: msq);
3530
3531	if (unlikely(rc))
3532	return rc;
3533	rc = call_int_hook(msg_queue_alloc_security, 0, msq);
3534	if (unlikely(rc))
3535	security_msg_queue_free(msq);
3536	return rc;
3537	}
3538
3539	/**
3540	* security_msg_queue_free() - Free a sysv ipc msg queue LSM blob
3541	* @msq: sysv ipc permission structure
3542	*
3543	* Deallocate security field @perm->security for the message queue.
3544	*/
3545	void security_msg_queue_free(struct kern_ipc_perm *msq)
3546	{
3547	call_void_hook(msg_queue_free_security, msq);
3548	kfree(objp: msq->security);
3549	msq->security = NULL;
3550	}
3551
3552	/**
3553	* security_msg_queue_associate() - Check if a msg queue operation is allowed
3554	* @msq: sysv ipc permission structure
3555	* @msqflg: operation flags
3556	*
3557	* Check permission when a message queue is requested through the msgget system
3558	* call. This hook is only called when returning the message queue identifier
3559	* for an existing message queue, not when a new message queue is created.
3560	*
3561	* Return: Return 0 if permission is granted.
3562	*/
3563	int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
3564	{
3565	return call_int_hook(msg_queue_associate, 0, msq, msqflg);
3566	}
3567
3568	/**
3569	* security_msg_queue_msgctl() - Check if a msg queue operation is allowed
3570	* @msq: sysv ipc permission structure
3571	* @cmd: operation
3572	*
3573	* Check permission when a message control operation specified by @cmd is to be
3574	* performed on the message queue with permissions.
3575	*
3576	* Return: Returns 0 if permission is granted.
3577	*/
3578	int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
3579	{
3580	return call_int_hook(msg_queue_msgctl, 0, msq, cmd);
3581	}
3582
3583	/**
3584	* security_msg_queue_msgsnd() - Check if sending a sysv ipc message is allowed
3585	* @msq: sysv ipc permission structure
3586	* @msg: message
3587	* @msqflg: operation flags
3588	*
3589	* Check permission before a message, @msg, is enqueued on the message queue
3590	* with permissions specified in @msq.
3591	*
3592	* Return: Returns 0 if permission is granted.
3593	*/
3594	int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
3595	struct msg_msg *msg, int msqflg)
3596	{
3597	return call_int_hook(msg_queue_msgsnd, 0, msq, msg, msqflg);
3598	}
3599
3600	/**
3601	* security_msg_queue_msgrcv() - Check if receiving a sysv ipc msg is allowed
3602	* @msq: sysv ipc permission structure
3603	* @msg: message
3604	* @target: target task
3605	* @type: type of message requested
3606	* @mode: operation flags
3607	*
3608	* Check permission before a message, @msg, is removed from the message queue.
3609	* The @target task structure contains a pointer to the process that will be
3610	* receiving the message (not equal to the current process when inline receives
3611	* are being performed).
3612	*
3613	* Return: Returns 0 if permission is granted.
3614	*/
3615	int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
3616	struct task_struct *target, long type, int mode)
3617	{
3618	return call_int_hook(msg_queue_msgrcv, 0, msq, msg, target, type, mode);
3619	}
3620
3621	/**
3622	* security_shm_alloc() - Allocate a sysv shm LSM blob
3623	* @shp: sysv ipc permission structure
3624	*
3625	* Allocate and attach a security structure to the @shp security field. The
3626	* security field is initialized to NULL when the structure is first created.
3627	*
3628	* Return: Returns 0 if operation was successful and permission is granted.
3629	*/
3630	int security_shm_alloc(struct kern_ipc_perm *shp)
3631	{
3632	int rc = lsm_ipc_alloc(kip: shp);
3633
3634	if (unlikely(rc))
3635	return rc;
3636	rc = call_int_hook(shm_alloc_security, 0, shp);
3637	if (unlikely(rc))
3638	security_shm_free(shp);
3639	return rc;
3640	}
3641
3642	/**
3643	* security_shm_free() - Free a sysv shm LSM blob
3644	* @shp: sysv ipc permission structure
3645	*
3646	* Deallocate the security structure @perm->security for the memory segment.
3647	*/
3648	void security_shm_free(struct kern_ipc_perm *shp)
3649	{
3650	call_void_hook(shm_free_security, shp);
3651	kfree(objp: shp->security);
3652	shp->security = NULL;
3653	}
3654
3655	/**
3656	* security_shm_associate() - Check if a sysv shm operation is allowed
3657	* @shp: sysv ipc permission structure
3658	* @shmflg: operation flags
3659	*
3660	* Check permission when a shared memory region is requested through the shmget
3661	* system call. This hook is only called when returning the shared memory
3662	* region identifier for an existing region, not when a new shared memory
3663	* region is created.
3664	*
3665	* Return: Returns 0 if permission is granted.
3666	*/
3667	int security_shm_associate(struct kern_ipc_perm *shp, int shmflg)
3668	{
3669	return call_int_hook(shm_associate, 0, shp, shmflg);
3670	}
3671
3672	/**
3673	* security_shm_shmctl() - Check if a sysv shm operation is allowed
3674	* @shp: sysv ipc permission structure
3675	* @cmd: operation
3676	*
3677	* Check permission when a shared memory control operation specified by @cmd is
3678	* to be performed on the shared memory region with permissions in @shp.
3679	*
3680	* Return: Return 0 if permission is granted.
3681	*/
3682	int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
3683	{
3684	return call_int_hook(shm_shmctl, 0, shp, cmd);
3685	}
3686
3687	/**
3688	* security_shm_shmat() - Check if a sysv shm attach operation is allowed
3689	* @shp: sysv ipc permission structure
3690	* @shmaddr: address of memory region to attach
3691	* @shmflg: operation flags
3692	*
3693	* Check permissions prior to allowing the shmat system call to attach the
3694	* shared memory segment with permissions @shp to the data segment of the
3695	* calling process. The attaching address is specified by @shmaddr.
3696	*
3697	* Return: Returns 0 if permission is granted.
3698	*/
3699	int security_shm_shmat(struct kern_ipc_perm *shp,
3700	char __user *shmaddr, int shmflg)
3701	{
3702	return call_int_hook(shm_shmat, 0, shp, shmaddr, shmflg);
3703	}
3704
3705	/**
3706	* security_sem_alloc() - Allocate a sysv semaphore LSM blob
3707	* @sma: sysv ipc permission structure
3708	*
3709	* Allocate and attach a security structure to the @sma security field. The
3710	* security field is initialized to NULL when the structure is first created.
3711	*
3712	* Return: Returns 0 if operation was successful and permission is granted.
3713	*/
3714	int security_sem_alloc(struct kern_ipc_perm *sma)
3715	{
3716	int rc = lsm_ipc_alloc(kip: sma);
3717
3718	if (unlikely(rc))
3719	return rc;
3720	rc = call_int_hook(sem_alloc_security, 0, sma);
3721	if (unlikely(rc))
3722	security_sem_free(sma);
3723	return rc;
3724	}
3725
3726	/**
3727	* security_sem_free() - Free a sysv semaphore LSM blob
3728	* @sma: sysv ipc permission structure
3729	*
3730	* Deallocate security structure @sma->security for the semaphore.
3731	*/
3732	void security_sem_free(struct kern_ipc_perm *sma)
3733	{
3734	call_void_hook(sem_free_security, sma);
3735	kfree(objp: sma->security);
3736	sma->security = NULL;
3737	}
3738
3739	/**
3740	* security_sem_associate() - Check if a sysv semaphore operation is allowed
3741	* @sma: sysv ipc permission structure
3742	* @semflg: operation flags
3743	*
3744	* Check permission when a semaphore is requested through the semget system
3745	* call. This hook is only called when returning the semaphore identifier for
3746	* an existing semaphore, not when a new one must be created.
3747	*
3748	* Return: Returns 0 if permission is granted.
3749	*/
3750	int security_sem_associate(struct kern_ipc_perm *sma, int semflg)
3751	{
3752	return call_int_hook(sem_associate, 0, sma, semflg);
3753	}
3754
3755	/**
3756	* security_sem_semctl() - Check if a sysv semaphore operation is allowed
3757	* @sma: sysv ipc permission structure
3758	* @cmd: operation
3759	*
3760	* Check permission when a semaphore operation specified by @cmd is to be
3761	* performed on the semaphore.
3762	*
3763	* Return: Returns 0 if permission is granted.
3764	*/
3765	int security_sem_semctl(struct kern_ipc_perm *sma, int cmd)
3766	{
3767	return call_int_hook(sem_semctl, 0, sma, cmd);
3768	}
3769
3770	/**
3771	* security_sem_semop() - Check if a sysv semaphore operation is allowed
3772	* @sma: sysv ipc permission structure
3773	* @sops: operations to perform
3774	* @nsops: number of operations
3775	* @alter: flag indicating changes will be made
3776	*
3777	* Check permissions before performing operations on members of the semaphore
3778	* set. If the @alter flag is nonzero, the semaphore set may be modified.
3779	*
3780	* Return: Returns 0 if permission is granted.
3781	*/
3782	int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops,
3783	unsigned nsops, int alter)
3784	{
3785	return call_int_hook(sem_semop, 0, sma, sops, nsops, alter);
3786	}
3787
3788	/**
3789	* security_d_instantiate() - Populate an inode's LSM state based on a dentry
3790	* @dentry: dentry
3791	* @inode: inode
3792	*
3793	* Fill in @inode security information for a @dentry if allowed.
3794	*/
3795	void security_d_instantiate(struct dentry *dentry, struct inode *inode)
3796	{
3797	if (unlikely(inode && IS_PRIVATE(inode)))
3798	return;
3799	call_void_hook(d_instantiate, dentry, inode);
3800	}
3801	EXPORT_SYMBOL(security_d_instantiate);
3802
3803	/**
3804	* security_getprocattr() - Read an attribute for a task
3805	* @p: the task
3806	* @lsm: LSM name
3807	* @name: attribute name
3808	* @value: attribute value
3809	*
3810	* Read attribute @name for task @p and store it into @value if allowed.
3811	*
3812	* Return: Returns the length of @value on success, a negative value otherwise.
3813	*/
3814	int security_getprocattr(struct task_struct *p, const char *lsm,
3815	const char *name, char **value)
3816	{
3817	struct security_hook_list *hp;
3818
3819	hlist_for_each_entry(hp, &security_hook_heads.getprocattr, list) {
3820	if (lsm != NULL && strcmp(lsm, hp->lsm))
3821	continue;
3822	return hp->hook.getprocattr(p, name, value);
3823	}
3824	return LSM_RET_DEFAULT(getprocattr);
3825	}
3826
3827	/**
3828	* security_setprocattr() - Set an attribute for a task
3829	* @lsm: LSM name
3830	* @name: attribute name
3831	* @value: attribute value
3832	* @size: attribute value size
3833	*
3834	* Write (set) the current task's attribute @name to @value, size @size if
3835	* allowed.
3836	*
3837	* Return: Returns bytes written on success, a negative value otherwise.
3838	*/
3839	int security_setprocattr(const char *lsm, const char *name, void *value,
3840	size_t size)
3841	{
3842	struct security_hook_list *hp;
3843
3844	hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) {
3845	if (lsm != NULL && strcmp(lsm, hp->lsm))
3846	continue;
3847	return hp->hook.setprocattr(name, value, size);
3848	}
3849	return LSM_RET_DEFAULT(setprocattr);
3850	}
3851
3852	/**
3853	* security_netlink_send() - Save info and check if netlink sending is allowed
3854	* @sk: sending socket
3855	* @skb: netlink message
3856	*
3857	* Save security information for a netlink message so that permission checking
3858	* can be performed when the message is processed. The security information
3859	* can be saved using the eff_cap field of the netlink_skb_parms structure.
3860	* Also may be used to provide fine grained control over message transmission.
3861	*
3862	* Return: Returns 0 if the information was successfully saved and message is
3863	* allowed to be transmitted.
3864	*/
3865	int security_netlink_send(struct sock *sk, struct sk_buff *skb)
3866	{
3867	return call_int_hook(netlink_send, 0, sk, skb);
3868	}
3869
3870	/**
3871	* security_ismaclabel() - Check is the named attribute is a MAC label
3872	* @name: full extended attribute name
3873	*
3874	* Check if the extended attribute specified by @name represents a MAC label.
3875	*
3876	* Return: Returns 1 if name is a MAC attribute otherwise returns 0.
3877	*/
3878	int security_ismaclabel(const char *name)
3879	{
3880	return call_int_hook(ismaclabel, 0, name);
3881	}
3882	EXPORT_SYMBOL(security_ismaclabel);
3883
3884	/**
3885	* security_secid_to_secctx() - Convert a secid to a secctx
3886	* @secid: secid
3887	* @secdata: secctx
3888	* @seclen: secctx length
3889	*
3890	* Convert secid to security context. If @secdata is NULL the length of the
3891	* result will be returned in @seclen, but no @secdata will be returned. This
3892	* does mean that the length could change between calls to check the length and
3893	* the next call which actually allocates and returns the @secdata.
3894	*
3895	* Return: Return 0 on success, error on failure.
3896	*/
3897	int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
3898	{
3899	struct security_hook_list *hp;
3900	int rc;
3901
3902	/*
3903	* Currently, only one LSM can implement secid_to_secctx (i.e this
3904	* LSM hook is not "stackable").
3905	*/
3906	hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) {
3907	rc = hp->hook.secid_to_secctx(secid, secdata, seclen);
3908	if (rc != LSM_RET_DEFAULT(secid_to_secctx))
3909	return rc;
3910	}
3911
3912	return LSM_RET_DEFAULT(secid_to_secctx);
3913	}
3914	EXPORT_SYMBOL(security_secid_to_secctx);
3915
3916	/**
3917	* security_secctx_to_secid() - Convert a secctx to a secid
3918	* @secdata: secctx
3919	* @seclen: length of secctx
3920	* @secid: secid
3921	*
3922	* Convert security context to secid.
3923	*
3924	* Return: Returns 0 on success, error on failure.
3925	*/
3926	int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
3927	{
3928	*secid = 0;
3929	return call_int_hook(secctx_to_secid, 0, secdata, seclen, secid);
3930	}
3931	EXPORT_SYMBOL(security_secctx_to_secid);
3932
3933	/**
3934	* security_release_secctx() - Free a secctx buffer
3935	* @secdata: secctx
3936	* @seclen: length of secctx
3937	*
3938	* Release the security context.
3939	*/
3940	void security_release_secctx(char *secdata, u32 seclen)
3941	{
3942	call_void_hook(release_secctx, secdata, seclen);
3943	}
3944	EXPORT_SYMBOL(security_release_secctx);
3945
3946	/**
3947	* security_inode_invalidate_secctx() - Invalidate an inode's security label
3948	* @inode: inode
3949	*
3950	* Notify the security module that it must revalidate the security context of
3951	* an inode.
3952	*/
3953	void security_inode_invalidate_secctx(struct inode *inode)
3954	{
3955	call_void_hook(inode_invalidate_secctx, inode);
3956	}
3957	EXPORT_SYMBOL(security_inode_invalidate_secctx);
3958
3959	/**
3960	* security_inode_notifysecctx() - Notify the LSM of an inode's security label
3961	* @inode: inode
3962	* @ctx: secctx
3963	* @ctxlen: length of secctx
3964	*
3965	* Notify the security module of what the security context of an inode should
3966	* be. Initializes the incore security context managed by the security module
3967	* for this inode. Example usage: NFS client invokes this hook to initialize
3968	* the security context in its incore inode to the value provided by the server
3969	* for the file when the server returned the file's attributes to the client.
3970	* Must be called with inode->i_mutex locked.
3971	*
3972	* Return: Returns 0 on success, error on failure.
3973	*/
3974	int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
3975	{
3976	return call_int_hook(inode_notifysecctx, 0, inode, ctx, ctxlen);
3977	}
3978	EXPORT_SYMBOL(security_inode_notifysecctx);
3979
3980	/**
3981	* security_inode_setsecctx() - Change the security label of an inode
3982	* @dentry: inode
3983	* @ctx: secctx
3984	* @ctxlen: length of secctx
3985	*
3986	* Change the security context of an inode. Updates the incore security
3987	* context managed by the security module and invokes the fs code as needed
3988	* (via __vfs_setxattr_noperm) to update any backing xattrs that represent the
3989	* context. Example usage: NFS server invokes this hook to change the security
3990	* context in its incore inode and on the backing filesystem to a value
3991	* provided by the client on a SETATTR operation. Must be called with
3992	* inode->i_mutex locked.
3993	*
3994	* Return: Returns 0 on success, error on failure.
3995	*/
3996	int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
3997	{
3998	return call_int_hook(inode_setsecctx, 0, dentry, ctx, ctxlen);
3999	}
4000	EXPORT_SYMBOL(security_inode_setsecctx);
4001
4002	/**
4003	* security_inode_getsecctx() - Get the security label of an inode
4004	* @inode: inode
4005	* @ctx: secctx
4006	* @ctxlen: length of secctx
4007	*
4008	* On success, returns 0 and fills out @ctx and @ctxlen with the security
4009	* context for the given @inode.
4010	*
4011	* Return: Returns 0 on success, error on failure.
4012	*/
4013	int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4014	{
4015	return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, ctx, ctxlen);
4016	}
4017	EXPORT_SYMBOL(security_inode_getsecctx);
4018
4019	#ifdef CONFIG_WATCH_QUEUE
4020	/**
4021	* security_post_notification() - Check if a watch notification can be posted
4022	* @w_cred: credentials of the task that set the watch
4023	* @cred: credentials of the task which triggered the watch
4024	* @n: the notification
4025	*
4026	* Check to see if a watch notification can be posted to a particular queue.
4027	*
4028	* Return: Returns 0 if permission is granted.
4029	*/
4030	int security_post_notification(const struct cred *w_cred,
4031	const struct cred *cred,
4032	struct watch_notification *n)
4033	{
4034	return call_int_hook(post_notification, 0, w_cred, cred, n);
4035	}
4036	#endif /* CONFIG_WATCH_QUEUE */
4037
4038	#ifdef CONFIG_KEY_NOTIFICATIONS
4039	/**
4040	* security_watch_key() - Check if a task is allowed to watch for key events
4041	* @key: the key to watch
4042	*
4043	* Check to see if a process is allowed to watch for event notifications from
4044	* a key or keyring.
4045	*
4046	* Return: Returns 0 if permission is granted.
4047	*/
4048	int security_watch_key(struct key *key)
4049	{
4050	return call_int_hook(watch_key, 0, key);
4051	}
4052	#endif /* CONFIG_KEY_NOTIFICATIONS */
4053
4054	#ifdef CONFIG_SECURITY_NETWORK
4055	/**
4056	* security_unix_stream_connect() - Check if a AF_UNIX stream is allowed
4057	* @sock: originating sock
4058	* @other: peer sock
4059	* @newsk: new sock
4060	*
4061	* Check permissions before establishing a Unix domain stream connection
4062	* between @sock and @other.
4063	*
4064	* The @unix_stream_connect and @unix_may_send hooks were necessary because
4065	* Linux provides an alternative to the conventional file name space for Unix
4066	* domain sockets. Whereas binding and connecting to sockets in the file name
4067	* space is mediated by the typical file permissions (and caught by the mknod
4068	* and permission hooks in inode_security_ops), binding and connecting to
4069	* sockets in the abstract name space is completely unmediated. Sufficient
4070	* control of Unix domain sockets in the abstract name space isn't possible
4071	* using only the socket layer hooks, since we need to know the actual target
4072	* socket, which is not looked up until we are inside the af_unix code.
4073	*
4074	* Return: Returns 0 if permission is granted.
4075	*/
4076	int security_unix_stream_connect(struct sock *sock, struct sock *other,
4077	struct sock *newsk)
4078	{
4079	return call_int_hook(unix_stream_connect, 0, sock, other, newsk);
4080	}
4081	EXPORT_SYMBOL(security_unix_stream_connect);
4082
4083	/**
4084	* security_unix_may_send() - Check if AF_UNIX socket can send datagrams
4085	* @sock: originating sock
4086	* @other: peer sock
4087	*
4088	* Check permissions before connecting or sending datagrams from @sock to
4089	* @other.
4090	*
4091	* The @unix_stream_connect and @unix_may_send hooks were necessary because
4092	* Linux provides an alternative to the conventional file name space for Unix
4093	* domain sockets. Whereas binding and connecting to sockets in the file name
4094	* space is mediated by the typical file permissions (and caught by the mknod
4095	* and permission hooks in inode_security_ops), binding and connecting to
4096	* sockets in the abstract name space is completely unmediated. Sufficient
4097	* control of Unix domain sockets in the abstract name space isn't possible
4098	* using only the socket layer hooks, since we need to know the actual target
4099	* socket, which is not looked up until we are inside the af_unix code.
4100	*
4101	* Return: Returns 0 if permission is granted.
4102	*/
4103	int security_unix_may_send(struct socket *sock, struct socket *other)
4104	{
4105	return call_int_hook(unix_may_send, 0, sock, other);
4106	}
4107	EXPORT_SYMBOL(security_unix_may_send);
4108
4109	/**
4110	* security_socket_create() - Check if creating a new socket is allowed
4111	* @family: protocol family
4112	* @type: communications type
4113	* @protocol: requested protocol
4114	* @kern: set to 1 if a kernel socket is requested
4115	*
4116	* Check permissions prior to creating a new socket.
4117	*
4118	* Return: Returns 0 if permission is granted.
4119	*/
4120	int security_socket_create(int family, int type, int protocol, int kern)
4121	{
4122	return call_int_hook(socket_create, 0, family, type, protocol, kern);
4123	}
4124
4125	/**
4126	* security_socket_post_create() - Initialize a newly created socket
4127	* @sock: socket
4128	* @family: protocol family
4129	* @type: communications type
4130	* @protocol: requested protocol
4131	* @kern: set to 1 if a kernel socket is requested
4132	*
4133	* This hook allows a module to update or allocate a per-socket security
4134	* structure. Note that the security field was not added directly to the socket
4135	* structure, but rather, the socket security information is stored in the
4136	* associated inode. Typically, the inode alloc_security hook will allocate
4137	* and attach security information to SOCK_INODE(sock)->i_security. This hook
4138	* may be used to update the SOCK_INODE(sock)->i_security field with additional
4139	* information that wasn't available when the inode was allocated.
4140	*
4141	* Return: Returns 0 if permission is granted.
4142	*/
4143	int security_socket_post_create(struct socket *sock, int family,
4144	int type, int protocol, int kern)
4145	{
4146	return call_int_hook(socket_post_create, 0, sock, family, type,
4147	protocol, kern);
4148	}
4149
4150	/**
4151	* security_socket_socketpair() - Check if creating a socketpair is allowed
4152	* @socka: first socket
4153	* @sockb: second socket
4154	*
4155	* Check permissions before creating a fresh pair of sockets.
4156	*
4157	* Return: Returns 0 if permission is granted and the connection was
4158	* established.
4159	*/
4160	int security_socket_socketpair(struct socket *socka, struct socket *sockb)
4161	{
4162	return call_int_hook(socket_socketpair, 0, socka, sockb);
4163	}
4164	EXPORT_SYMBOL(security_socket_socketpair);
4165
4166	/**
4167	* security_socket_bind() - Check if a socket bind operation is allowed
4168	* @sock: socket
4169	* @address: requested bind address
4170	* @addrlen: length of address
4171	*
4172	* Check permission before socket protocol layer bind operation is performed
4173	* and the socket @sock is bound to the address specified in the @address
4174	* parameter.
4175	*
4176	* Return: Returns 0 if permission is granted.
4177	*/
4178	int security_socket_bind(struct socket *sock,
4179	struct sockaddr *address, int addrlen)
4180	{
4181	return call_int_hook(socket_bind, 0, sock, address, addrlen);
4182	}
4183
4184	/**
4185	* security_socket_connect() - Check if a socket connect operation is allowed
4186	* @sock: socket
4187	* @address: address of remote connection point
4188	* @addrlen: length of address
4189	*
4190	* Check permission before socket protocol layer connect operation attempts to
4191	* connect socket @sock to a remote address, @address.
4192	*
4193	* Return: Returns 0 if permission is granted.
4194	*/
4195	int security_socket_connect(struct socket *sock,
4196	struct sockaddr *address, int addrlen)
4197	{
4198	return call_int_hook(socket_connect, 0, sock, address, addrlen);
4199	}
4200
4201	/**
4202	* security_socket_listen() - Check if a socket is allowed to listen
4203	* @sock: socket
4204	* @backlog: connection queue size
4205	*
4206	* Check permission before socket protocol layer listen operation.
4207	*
4208	* Return: Returns 0 if permission is granted.
4209	*/
4210	int security_socket_listen(struct socket *sock, int backlog)
4211	{
4212	return call_int_hook(socket_listen, 0, sock, backlog);
4213	}
4214
4215	/**
4216	* security_socket_accept() - Check if a socket is allowed to accept connections
4217	* @sock: listening socket
4218	* @newsock: newly creation connection socket
4219	*
4220	* Check permission before accepting a new connection. Note that the new
4221	* socket, @newsock, has been created and some information copied to it, but
4222	* the accept operation has not actually been performed.
4223	*
4224	* Return: Returns 0 if permission is granted.
4225	*/
4226	int security_socket_accept(struct socket *sock, struct socket *newsock)
4227	{
4228	return call_int_hook(socket_accept, 0, sock, newsock);
4229	}
4230
4231	/**
4232	* security_socket_sendmsg() - Check is sending a message is allowed
4233	* @sock: sending socket
4234	* @msg: message to send
4235	* @size: size of message
4236	*
4237	* Check permission before transmitting a message to another socket.
4238	*
4239	* Return: Returns 0 if permission is granted.
4240	*/
4241	int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
4242	{
4243	return call_int_hook(socket_sendmsg, 0, sock, msg, size);
4244	}
4245
4246	/**
4247	* security_socket_recvmsg() - Check if receiving a message is allowed
4248	* @sock: receiving socket
4249	* @msg: message to receive
4250	* @size: size of message
4251	* @flags: operational flags
4252	*
4253	* Check permission before receiving a message from a socket.
4254	*
4255	* Return: Returns 0 if permission is granted.
4256	*/
4257	int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
4258	int size, int flags)
4259	{
4260	return call_int_hook(socket_recvmsg, 0, sock, msg, size, flags);
4261	}
4262
4263	/**
4264	* security_socket_getsockname() - Check if reading the socket addr is allowed
4265	* @sock: socket
4266	*
4267	* Check permission before reading the local address (name) of the socket
4268	* object.
4269	*
4270	* Return: Returns 0 if permission is granted.
4271	*/
4272	int security_socket_getsockname(struct socket *sock)
4273	{
4274	return call_int_hook(socket_getsockname, 0, sock);
4275	}
4276
4277	/**
4278	* security_socket_getpeername() - Check if reading the peer's addr is allowed
4279	* @sock: socket
4280	*
4281	* Check permission before the remote address (name) of a socket object.
4282	*
4283	* Return: Returns 0 if permission is granted.
4284	*/
4285	int security_socket_getpeername(struct socket *sock)
4286	{
4287	return call_int_hook(socket_getpeername, 0, sock);
4288	}
4289
4290	/**
4291	* security_socket_getsockopt() - Check if reading a socket option is allowed
4292	* @sock: socket
4293	* @level: option's protocol level
4294	* @optname: option name
4295	*
4296	* Check permissions before retrieving the options associated with socket
4297	* @sock.
4298	*
4299	* Return: Returns 0 if permission is granted.
4300	*/
4301	int security_socket_getsockopt(struct socket *sock, int level, int optname)
4302	{
4303	return call_int_hook(socket_getsockopt, 0, sock, level, optname);
4304	}
4305
4306	/**
4307	* security_socket_setsockopt() - Check if setting a socket option is allowed
4308	* @sock: socket
4309	* @level: option's protocol level
4310	* @optname: option name
4311	*
4312	* Check permissions before setting the options associated with socket @sock.
4313	*
4314	* Return: Returns 0 if permission is granted.
4315	*/
4316	int security_socket_setsockopt(struct socket *sock, int level, int optname)
4317	{
4318	return call_int_hook(socket_setsockopt, 0, sock, level, optname);
4319	}
4320
4321	/**
4322	* security_socket_shutdown() - Checks if shutting down the socket is allowed
4323	* @sock: socket
4324	* @how: flag indicating how sends and receives are handled
4325	*
4326	* Checks permission before all or part of a connection on the socket @sock is
4327	* shut down.
4328	*
4329	* Return: Returns 0 if permission is granted.
4330	*/
4331	int security_socket_shutdown(struct socket *sock, int how)
4332	{
4333	return call_int_hook(socket_shutdown, 0, sock, how);
4334	}
4335
4336	/**
4337	* security_sock_rcv_skb() - Check if an incoming network packet is allowed
4338	* @sk: destination sock
4339	* @skb: incoming packet
4340	*
4341	* Check permissions on incoming network packets. This hook is distinct from
4342	* Netfilter's IP input hooks since it is the first time that the incoming
4343	* sk_buff @skb has been associated with a particular socket, @sk. Must not
4344	* sleep inside this hook because some callers hold spinlocks.
4345	*
4346	* Return: Returns 0 if permission is granted.
4347	*/
4348	int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4349	{
4350	return call_int_hook(socket_sock_rcv_skb, 0, sk, skb);
4351	}
4352	EXPORT_SYMBOL(security_sock_rcv_skb);
4353
4354	/**
4355	* security_socket_getpeersec_stream() - Get the remote peer label
4356	* @sock: socket
4357	* @optval: destination buffer
4358	* @optlen: size of peer label copied into the buffer
4359	* @len: maximum size of the destination buffer
4360	*
4361	* This hook allows the security module to provide peer socket security state
4362	* for unix or connected tcp sockets to userspace via getsockopt SO_GETPEERSEC.
4363	* For tcp sockets this can be meaningful if the socket is associated with an
4364	* ipsec SA.
4365	*
4366	* Return: Returns 0 if all is well, otherwise, typical getsockopt return
4367	* values.
4368	*/
4369	int security_socket_getpeersec_stream(struct socket *sock, sockptr_t optval,
4370	sockptr_t optlen, unsigned int len)
4371	{
4372	return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock,
4373	optval, optlen, len);
4374	}
4375
4376	/**
4377	* security_socket_getpeersec_dgram() - Get the remote peer label
4378	* @sock: socket
4379	* @skb: datagram packet
4380	* @secid: remote peer label secid
4381	*
4382	* This hook allows the security module to provide peer socket security state
4383	* for udp sockets on a per-packet basis to userspace via getsockopt
4384	* SO_GETPEERSEC. The application must first have indicated the IP_PASSSEC
4385	* option via getsockopt. It can then retrieve the security state returned by
4386	* this hook for a packet via the SCM_SECURITY ancillary message type.
4387	*
4388	* Return: Returns 0 on success, error on failure.
4389	*/
4390	int security_socket_getpeersec_dgram(struct socket *sock,
4391	struct sk_buff *skb, u32 *secid)
4392	{
4393	return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock,
4394	skb, secid);
4395	}
4396	EXPORT_SYMBOL(security_socket_getpeersec_dgram);
4397
4398	/**
4399	* security_sk_alloc() - Allocate and initialize a sock's LSM blob
4400	* @sk: sock
4401	* @family: protocol family
4402	* @priority: gfp flags
4403	*
4404	* Allocate and attach a security structure to the sk->sk_security field, which
4405	* is used to copy security attributes between local stream sockets.
4406	*
4407	* Return: Returns 0 on success, error on failure.
4408	*/
4409	int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
4410	{
4411	return call_int_hook(sk_alloc_security, 0, sk, family, priority);
4412	}
4413
4414	/**
4415	* security_sk_free() - Free the sock's LSM blob
4416	* @sk: sock
4417	*
4418	* Deallocate security structure.
4419	*/
4420	void security_sk_free(struct sock *sk)
4421	{
4422	call_void_hook(sk_free_security, sk);
4423	}
4424
4425	/**
4426	* security_sk_clone() - Clone a sock's LSM state
4427	* @sk: original sock
4428	* @newsk: target sock
4429	*
4430	* Clone/copy security structure.
4431	*/
4432	void security_sk_clone(const struct sock *sk, struct sock *newsk)
4433	{
4434	call_void_hook(sk_clone_security, sk, newsk);
4435	}
4436	EXPORT_SYMBOL(security_sk_clone);
4437
4438	/**
4439	* security_sk_classify_flow() - Set a flow's secid based on socket
4440	* @sk: original socket
4441	* @flic: target flow
4442	*
4443	* Set the target flow's secid to socket's secid.
4444	*/
4445	void security_sk_classify_flow(const struct sock *sk, struct flowi_common *flic)
4446	{
4447	call_void_hook(sk_getsecid, sk, &flic->flowic_secid);
4448	}
4449	EXPORT_SYMBOL(security_sk_classify_flow);
4450
4451	/**
4452	* security_req_classify_flow() - Set a flow's secid based on request_sock
4453	* @req: request_sock
4454	* @flic: target flow
4455	*
4456	* Sets @flic's secid to @req's secid.
4457	*/
4458	void security_req_classify_flow(const struct request_sock *req,
4459	struct flowi_common *flic)
4460	{
4461	call_void_hook(req_classify_flow, req, flic);
4462	}
4463	EXPORT_SYMBOL(security_req_classify_flow);
4464
4465	/**
4466	* security_sock_graft() - Reconcile LSM state when grafting a sock on a socket
4467	* @sk: sock being grafted
4468	* @parent: target parent socket
4469	*
4470	* Sets @parent's inode secid to @sk's secid and update @sk with any necessary
4471	* LSM state from @parent.
4472	*/
4473	void security_sock_graft(struct sock *sk, struct socket *parent)
4474	{
4475	call_void_hook(sock_graft, sk, parent);
4476	}
4477	EXPORT_SYMBOL(security_sock_graft);
4478
4479	/**
4480	* security_inet_conn_request() - Set request_sock state using incoming connect
4481	* @sk: parent listening sock
4482	* @skb: incoming connection
4483	* @req: new request_sock
4484	*
4485	* Initialize the @req LSM state based on @sk and the incoming connect in @skb.
4486	*
4487	* Return: Returns 0 if permission is granted.
4488	*/
4489	int security_inet_conn_request(const struct sock *sk,
4490	struct sk_buff *skb, struct request_sock *req)
4491	{
4492	return call_int_hook(inet_conn_request, 0, sk, skb, req);
4493	}
4494	EXPORT_SYMBOL(security_inet_conn_request);
4495
4496	/**
4497	* security_inet_csk_clone() - Set new sock LSM state based on request_sock
4498	* @newsk: new sock
4499	* @req: connection request_sock
4500	*
4501	* Set that LSM state of @sock using the LSM state from @req.
4502	*/
4503	void security_inet_csk_clone(struct sock *newsk,
4504	const struct request_sock *req)
4505	{
4506	call_void_hook(inet_csk_clone, newsk, req);
4507	}
4508
4509	/**
4510	* security_inet_conn_established() - Update sock's LSM state with connection
4511	* @sk: sock
4512	* @skb: connection packet
4513	*
4514	* Update @sock's LSM state to represent a new connection from @skb.
4515	*/
4516	void security_inet_conn_established(struct sock *sk,
4517	struct sk_buff *skb)
4518	{
4519	call_void_hook(inet_conn_established, sk, skb);
4520	}
4521	EXPORT_SYMBOL(security_inet_conn_established);
4522
4523	/**
4524	* security_secmark_relabel_packet() - Check if setting a secmark is allowed
4525	* @secid: new secmark value
4526	*
4527	* Check if the process should be allowed to relabel packets to @secid.
4528	*
4529	* Return: Returns 0 if permission is granted.
4530	*/
4531	int security_secmark_relabel_packet(u32 secid)
4532	{
4533	return call_int_hook(secmark_relabel_packet, 0, secid);
4534	}
4535	EXPORT_SYMBOL(security_secmark_relabel_packet);
4536
4537	/**
4538	* security_secmark_refcount_inc() - Increment the secmark labeling rule count
4539	*
4540	* Tells the LSM to increment the number of secmark labeling rules loaded.
4541	*/
4542	void security_secmark_refcount_inc(void)
4543	{
4544	call_void_hook(secmark_refcount_inc);
4545	}
4546	EXPORT_SYMBOL(security_secmark_refcount_inc);
4547
4548	/**
4549	* security_secmark_refcount_dec() - Decrement the secmark labeling rule count
4550	*
4551	* Tells the LSM to decrement the number of secmark labeling rules loaded.
4552	*/
4553	void security_secmark_refcount_dec(void)
4554	{
4555	call_void_hook(secmark_refcount_dec);
4556	}
4557	EXPORT_SYMBOL(security_secmark_refcount_dec);
4558
4559	/**
4560	* security_tun_dev_alloc_security() - Allocate a LSM blob for a TUN device
4561	* @security: pointer to the LSM blob
4562	*
4563	* This hook allows a module to allocate a security structure for a TUN device,
4564	* returning the pointer in @security.
4565	*
4566	* Return: Returns a zero on success, negative values on failure.
4567	*/
4568	int security_tun_dev_alloc_security(void **security)
4569	{
4570	return call_int_hook(tun_dev_alloc_security, 0, security);
4571	}
4572	EXPORT_SYMBOL(security_tun_dev_alloc_security);
4573
4574	/**
4575	* security_tun_dev_free_security() - Free a TUN device LSM blob
4576	* @security: LSM blob
4577	*
4578	* This hook allows a module to free the security structure for a TUN device.
4579	*/
4580	void security_tun_dev_free_security(void *security)
4581	{
4582	call_void_hook(tun_dev_free_security, security);
4583	}
4584	EXPORT_SYMBOL(security_tun_dev_free_security);
4585
4586	/**
4587	* security_tun_dev_create() - Check if creating a TUN device is allowed
4588	*
4589	* Check permissions prior to creating a new TUN device.
4590	*
4591	* Return: Returns 0 if permission is granted.
4592	*/
4593	int security_tun_dev_create(void)
4594	{
4595	return call_int_hook(tun_dev_create, 0);
4596	}
4597	EXPORT_SYMBOL(security_tun_dev_create);
4598
4599	/**
4600	* security_tun_dev_attach_queue() - Check if attaching a TUN queue is allowed
4601	* @security: TUN device LSM blob
4602	*
4603	* Check permissions prior to attaching to a TUN device queue.
4604	*
4605	* Return: Returns 0 if permission is granted.
4606	*/
4607	int security_tun_dev_attach_queue(void *security)
4608	{
4609	return call_int_hook(tun_dev_attach_queue, 0, security);
4610	}
4611	EXPORT_SYMBOL(security_tun_dev_attach_queue);
4612
4613	/**
4614	* security_tun_dev_attach() - Update TUN device LSM state on attach
4615	* @sk: associated sock
4616	* @security: TUN device LSM blob
4617	*
4618	* This hook can be used by the module to update any security state associated
4619	* with the TUN device's sock structure.
4620	*
4621	* Return: Returns 0 if permission is granted.
4622	*/
4623	int security_tun_dev_attach(struct sock *sk, void *security)
4624	{
4625	return call_int_hook(tun_dev_attach, 0, sk, security);
4626	}
4627	EXPORT_SYMBOL(security_tun_dev_attach);
4628
4629	/**
4630	* security_tun_dev_open() - Update TUN device LSM state on open
4631	* @security: TUN device LSM blob
4632	*
4633	* This hook can be used by the module to update any security state associated
4634	* with the TUN device's security structure.
4635	*
4636	* Return: Returns 0 if permission is granted.
4637	*/
4638	int security_tun_dev_open(void *security)
4639	{
4640	return call_int_hook(tun_dev_open, 0, security);
4641	}
4642	EXPORT_SYMBOL(security_tun_dev_open);
4643
4644	/**
4645	* security_sctp_assoc_request() - Update the LSM on a SCTP association req
4646	* @asoc: SCTP association
4647	* @skb: packet requesting the association
4648	*
4649	* Passes the @asoc and @chunk->skb of the association INIT packet to the LSM.
4650	*
4651	* Return: Returns 0 on success, error on failure.
4652	*/
4653	int security_sctp_assoc_request(struct sctp_association *asoc,
4654	struct sk_buff *skb)
4655	{
4656	return call_int_hook(sctp_assoc_request, 0, asoc, skb);
4657	}
4658	EXPORT_SYMBOL(security_sctp_assoc_request);
4659
4660	/**
4661	* security_sctp_bind_connect() - Validate a list of addrs for a SCTP option
4662	* @sk: socket
4663	* @optname: SCTP option to validate
4664	* @address: list of IP addresses to validate
4665	* @addrlen: length of the address list
4666	*
4667	* Validiate permissions required for each address associated with sock @sk.
4668	* Depending on @optname, the addresses will be treated as either a connect or
4669	* bind service. The @addrlen is calculated on each IPv4 and IPv6 address using
4670	* sizeof(struct sockaddr_in) or sizeof(struct sockaddr_in6).
4671	*
4672	* Return: Returns 0 on success, error on failure.
4673	*/
4674	int security_sctp_bind_connect(struct sock *sk, int optname,
4675	struct sockaddr *address, int addrlen)
4676	{
4677	return call_int_hook(sctp_bind_connect, 0, sk, optname,
4678	address, addrlen);
4679	}
4680	EXPORT_SYMBOL(security_sctp_bind_connect);
4681
4682	/**
4683	* security_sctp_sk_clone() - Clone a SCTP sock's LSM state
4684	* @asoc: SCTP association
4685	* @sk: original sock
4686	* @newsk: target sock
4687	*
4688	* Called whenever a new socket is created by accept(2) (i.e. a TCP style
4689	* socket) or when a socket is 'peeled off' e.g userspace calls
4690	* sctp_peeloff(3).
4691	*/
4692	void security_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk,
4693	struct sock *newsk)
4694	{
4695	call_void_hook(sctp_sk_clone, asoc, sk, newsk);
4696	}
4697	EXPORT_SYMBOL(security_sctp_sk_clone);
4698
4699	/**
4700	* security_sctp_assoc_established() - Update LSM state when assoc established
4701	* @asoc: SCTP association
4702	* @skb: packet establishing the association
4703	*
4704	* Passes the @asoc and @chunk->skb of the association COOKIE_ACK packet to the
4705	* security module.
4706	*
4707	* Return: Returns 0 if permission is granted.
4708	*/
4709	int security_sctp_assoc_established(struct sctp_association *asoc,
4710	struct sk_buff *skb)
4711	{
4712	return call_int_hook(sctp_assoc_established, 0, asoc, skb);
4713	}
4714	EXPORT_SYMBOL(security_sctp_assoc_established);
4715
4716	/**
4717	* security_mptcp_add_subflow() - Inherit the LSM label from the MPTCP socket
4718	* @sk: the owning MPTCP socket
4719	* @ssk: the new subflow
4720	*
4721	* Update the labeling for the given MPTCP subflow, to match the one of the
4722	* owning MPTCP socket. This hook has to be called after the socket creation and
4723	* initialization via the security_socket_create() and
4724	* security_socket_post_create() LSM hooks.
4725	*
4726	* Return: Returns 0 on success or a negative error code on failure.
4727	*/
4728	int security_mptcp_add_subflow(struct sock *sk, struct sock *ssk)
4729	{
4730	return call_int_hook(mptcp_add_subflow, 0, sk, ssk);
4731	}
4732
4733	#endif /* CONFIG_SECURITY_NETWORK */
4734
4735	#ifdef CONFIG_SECURITY_INFINIBAND
4736	/**
4737	* security_ib_pkey_access() - Check if access to an IB pkey is allowed
4738	* @sec: LSM blob
4739	* @subnet_prefix: subnet prefix of the port
4740	* @pkey: IB pkey
4741	*
4742	* Check permission to access a pkey when modifying a QP.
4743	*
4744	* Return: Returns 0 if permission is granted.
4745	*/
4746	int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey)
4747	{
4748	return call_int_hook(ib_pkey_access, 0, sec, subnet_prefix, pkey);
4749	}
4750	EXPORT_SYMBOL(security_ib_pkey_access);
4751
4752	/**
4753	* security_ib_endport_manage_subnet() - Check if SMPs traffic is allowed
4754	* @sec: LSM blob
4755	* @dev_name: IB device name
4756	* @port_num: port number
4757	*
4758	* Check permissions to send and receive SMPs on a end port.
4759	*
4760	* Return: Returns 0 if permission is granted.
4761	*/
4762	int security_ib_endport_manage_subnet(void *sec,
4763	const char *dev_name, u8 port_num)
4764	{
4765	return call_int_hook(ib_endport_manage_subnet, 0, sec,
4766	dev_name, port_num);
4767	}
4768	EXPORT_SYMBOL(security_ib_endport_manage_subnet);
4769
4770	/**
4771	* security_ib_alloc_security() - Allocate an Infiniband LSM blob
4772	* @sec: LSM blob
4773	*
4774	* Allocate a security structure for Infiniband objects.
4775	*
4776	* Return: Returns 0 on success, non-zero on failure.
4777	*/
4778	int security_ib_alloc_security(void **sec)
4779	{
4780	return call_int_hook(ib_alloc_security, 0, sec);
4781	}
4782	EXPORT_SYMBOL(security_ib_alloc_security);
4783
4784	/**
4785	* security_ib_free_security() - Free an Infiniband LSM blob
4786	* @sec: LSM blob
4787	*
4788	* Deallocate an Infiniband security structure.
4789	*/
4790	void security_ib_free_security(void *sec)
4791	{
4792	call_void_hook(ib_free_security, sec);
4793	}
4794	EXPORT_SYMBOL(security_ib_free_security);
4795	#endif /* CONFIG_SECURITY_INFINIBAND */
4796
4797	#ifdef CONFIG_SECURITY_NETWORK_XFRM
4798	/**
4799	* security_xfrm_policy_alloc() - Allocate a xfrm policy LSM blob
4800	* @ctxp: xfrm security context being added to the SPD
4801	* @sec_ctx: security label provided by userspace
4802	* @gfp: gfp flags
4803	*
4804	* Allocate a security structure to the xp->security field; the security field
4805	* is initialized to NULL when the xfrm_policy is allocated.
4806	*
4807	* Return: Return 0 if operation was successful.
4808	*/
4809	int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
4810	struct xfrm_user_sec_ctx *sec_ctx,
4811	gfp_t gfp)
4812	{
4813	return call_int_hook(xfrm_policy_alloc_security, 0, ctxp, sec_ctx, gfp);
4814	}
4815	EXPORT_SYMBOL(security_xfrm_policy_alloc);
4816
4817	/**
4818	* security_xfrm_policy_clone() - Clone xfrm policy LSM state
4819	* @old_ctx: xfrm security context
4820	* @new_ctxp: target xfrm security context
4821	*
4822	* Allocate a security structure in new_ctxp that contains the information from
4823	* the old_ctx structure.
4824	*
4825	* Return: Return 0 if operation was successful.
4826	*/
4827	int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
4828	struct xfrm_sec_ctx **new_ctxp)
4829	{
4830	return call_int_hook(xfrm_policy_clone_security, 0, old_ctx, new_ctxp);
4831	}
4832
4833	/**
4834	* security_xfrm_policy_free() - Free a xfrm security context
4835	* @ctx: xfrm security context
4836	*
4837	* Free LSM resources associated with @ctx.
4838	*/
4839	void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
4840	{
4841	call_void_hook(xfrm_policy_free_security, ctx);
4842	}
4843	EXPORT_SYMBOL(security_xfrm_policy_free);
4844
4845	/**
4846	* security_xfrm_policy_delete() - Check if deleting a xfrm policy is allowed
4847	* @ctx: xfrm security context
4848	*
4849	* Authorize deletion of a SPD entry.
4850	*
4851	* Return: Returns 0 if permission is granted.
4852	*/
4853	int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
4854	{
4855	return call_int_hook(xfrm_policy_delete_security, 0, ctx);
4856	}
4857
4858	/**
4859	* security_xfrm_state_alloc() - Allocate a xfrm state LSM blob
4860	* @x: xfrm state being added to the SAD
4861	* @sec_ctx: security label provided by userspace
4862	*
4863	* Allocate a security structure to the @x->security field; the security field
4864	* is initialized to NULL when the xfrm_state is allocated. Set the context to
4865	* correspond to @sec_ctx.
4866	*
4867	* Return: Return 0 if operation was successful.
4868	*/
4869	int security_xfrm_state_alloc(struct xfrm_state *x,
4870	struct xfrm_user_sec_ctx *sec_ctx)
4871	{
4872	return call_int_hook(xfrm_state_alloc, 0, x, sec_ctx);
4873	}
4874	EXPORT_SYMBOL(security_xfrm_state_alloc);
4875
4876	/**
4877	* security_xfrm_state_alloc_acquire() - Allocate a xfrm state LSM blob
4878	* @x: xfrm state being added to the SAD
4879	* @polsec: associated policy's security context
4880	* @secid: secid from the flow
4881	*
4882	* Allocate a security structure to the x->security field; the security field
4883	* is initialized to NULL when the xfrm_state is allocated. Set the context to
4884	* correspond to secid.
4885	*
4886	* Return: Returns 0 if operation was successful.
4887	*/
4888	int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
4889	struct xfrm_sec_ctx *polsec, u32 secid)
4890	{
4891	return call_int_hook(xfrm_state_alloc_acquire, 0, x, polsec, secid);
4892	}
4893
4894	/**
4895	* security_xfrm_state_delete() - Check if deleting a xfrm state is allowed
4896	* @x: xfrm state
4897	*
4898	* Authorize deletion of x->security.
4899	*
4900	* Return: Returns 0 if permission is granted.
4901	*/
4902	int security_xfrm_state_delete(struct xfrm_state *x)
4903	{
4904	return call_int_hook(xfrm_state_delete_security, 0, x);
4905	}
4906	EXPORT_SYMBOL(security_xfrm_state_delete);
4907
4908	/**
4909	* security_xfrm_state_free() - Free a xfrm state
4910	* @x: xfrm state
4911	*
4912	* Deallocate x->security.
4913	*/
4914	void security_xfrm_state_free(struct xfrm_state *x)
4915	{
4916	call_void_hook(xfrm_state_free_security, x);
4917	}
4918
4919	/**
4920	* security_xfrm_policy_lookup() - Check if using a xfrm policy is allowed
4921	* @ctx: target xfrm security context
4922	* @fl_secid: flow secid used to authorize access
4923	*
4924	* Check permission when a flow selects a xfrm_policy for processing XFRMs on a
4925	* packet. The hook is called when selecting either a per-socket policy or a
4926	* generic xfrm policy.
4927	*
4928	* Return: Return 0 if permission is granted, -ESRCH otherwise, or -errno on
4929	* other errors.
4930	*/
4931	int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid)
4932	{
4933	return call_int_hook(xfrm_policy_lookup, 0, ctx, fl_secid);
4934	}
4935
4936	/**
4937	* security_xfrm_state_pol_flow_match() - Check for a xfrm match
4938	* @x: xfrm state to match
4939	* @xp: xfrm policy to check for a match
4940	* @flic: flow to check for a match.
4941	*
4942	* Check @xp and @flic for a match with @x.
4943	*
4944	* Return: Returns 1 if there is a match.
4945	*/
4946	int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
4947	struct xfrm_policy *xp,
4948	const struct flowi_common *flic)
4949	{
4950	struct security_hook_list *hp;
4951	int rc = LSM_RET_DEFAULT(xfrm_state_pol_flow_match);
4952
4953	/*
4954	* Since this function is expected to return 0 or 1, the judgment
4955	* becomes difficult if multiple LSMs supply this call. Fortunately,
4956	* we can use the first LSM's judgment because currently only SELinux
4957	* supplies this call.
4958	*
4959	* For speed optimization, we explicitly break the loop rather than
4960	* using the macro
4961	*/
4962	hlist_for_each_entry(hp, &security_hook_heads.xfrm_state_pol_flow_match,
4963	list) {
4964	rc = hp->hook.xfrm_state_pol_flow_match(x, xp, flic);
4965	break;
4966	}
4967	return rc;
4968	}
4969
4970	/**
4971	* security_xfrm_decode_session() - Determine the xfrm secid for a packet
4972	* @skb: xfrm packet
4973	* @secid: secid
4974	*
4975	* Decode the packet in @skb and return the security label in @secid.
4976	*
4977	* Return: Return 0 if all xfrms used have the same secid.
4978	*/
4979	int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
4980	{
4981	return call_int_hook(xfrm_decode_session, 0, skb, secid, 1);
4982	}
4983
4984	void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic)
4985	{
4986	int rc = call_int_hook(xfrm_decode_session, 0, skb, &flic->flowic_secid,
4987	0);
4988
4989	BUG_ON(rc);
4990	}
4991	EXPORT_SYMBOL(security_skb_classify_flow);
4992	#endif /* CONFIG_SECURITY_NETWORK_XFRM */
4993
4994	#ifdef CONFIG_KEYS
4995	/**
4996	* security_key_alloc() - Allocate and initialize a kernel key LSM blob
4997	* @key: key
4998	* @cred: credentials
4999	* @flags: allocation flags
5000	*
5001	* Permit allocation of a key and assign security data. Note that key does not
5002	* have a serial number assigned at this point.
5003	*
5004	* Return: Return 0 if permission is granted, -ve error otherwise.
5005	*/
5006	int security_key_alloc(struct key *key, const struct cred *cred,
5007	unsigned long flags)
5008	{
5009	return call_int_hook(key_alloc, 0, key, cred, flags);
5010	}
5011
5012	/**
5013	* security_key_free() - Free a kernel key LSM blob
5014	* @key: key
5015	*
5016	* Notification of destruction; free security data.
5017	*/
5018	void security_key_free(struct key *key)
5019	{
5020	call_void_hook(key_free, key);
5021	}
5022
5023	/**
5024	* security_key_permission() - Check if a kernel key operation is allowed
5025	* @key_ref: key reference
5026	* @cred: credentials of actor requesting access
5027	* @need_perm: requested permissions
5028	*
5029	* See whether a specific operational right is granted to a process on a key.
5030	*
5031	* Return: Return 0 if permission is granted, -ve error otherwise.
5032	*/
5033	int security_key_permission(key_ref_t key_ref, const struct cred *cred,
5034	enum key_need_perm need_perm)
5035	{
5036	return call_int_hook(key_permission, 0, key_ref, cred, need_perm);
5037	}
5038
5039	/**
5040	* security_key_getsecurity() - Get the key's security label
5041	* @key: key
5042	* @buffer: security label buffer
5043	*
5044	* Get a textual representation of the security context attached to a key for
5045	* the purposes of honouring KEYCTL_GETSECURITY. This function allocates the
5046	* storage for the NUL-terminated string and the caller should free it.
5047	*
5048	* Return: Returns the length of @buffer (including terminating NUL) or -ve if
5049	* an error occurs. May also return 0 (and a NULL buffer pointer) if
5050	* there is no security label assigned to the key.
5051	*/
5052	int security_key_getsecurity(struct key *key, char **buffer)
5053	{
5054	*buffer = NULL;
5055	return call_int_hook(key_getsecurity, 0, key, buffer);
5056	}
5057	#endif /* CONFIG_KEYS */
5058
5059	#ifdef CONFIG_AUDIT
5060	/**
5061	* security_audit_rule_init() - Allocate and init an LSM audit rule struct
5062	* @field: audit action
5063	* @op: rule operator
5064	* @rulestr: rule context
5065	* @lsmrule: receive buffer for audit rule struct
5066	*
5067	* Allocate and initialize an LSM audit rule structure.
5068	*
5069	* Return: Return 0 if @lsmrule has been successfully set, -EINVAL in case of
5070	* an invalid rule.
5071	*/
5072	int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
5073	{
5074	return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule);
5075	}
5076
5077	/**
5078	* security_audit_rule_known() - Check if an audit rule contains LSM fields
5079	* @krule: audit rule
5080	*
5081	* Specifies whether given @krule contains any fields related to the current
5082	* LSM.
5083	*
5084	* Return: Returns 1 in case of relation found, 0 otherwise.
5085	*/
5086	int security_audit_rule_known(struct audit_krule *krule)
5087	{
5088	return call_int_hook(audit_rule_known, 0, krule);
5089	}
5090
5091	/**
5092	* security_audit_rule_free() - Free an LSM audit rule struct
5093	* @lsmrule: audit rule struct
5094	*
5095	* Deallocate the LSM audit rule structure previously allocated by
5096	* audit_rule_init().
5097	*/
5098	void security_audit_rule_free(void *lsmrule)
5099	{
5100	call_void_hook(audit_rule_free, lsmrule);
5101	}
5102
5103	/**
5104	* security_audit_rule_match() - Check if a label matches an audit rule
5105	* @secid: security label
5106	* @field: LSM audit field
5107	* @op: matching operator
5108	* @lsmrule: audit rule
5109	*
5110	* Determine if given @secid matches a rule previously approved by
5111	* security_audit_rule_known().
5112	*
5113	* Return: Returns 1 if secid matches the rule, 0 if it does not, -ERRNO on
5114	* failure.
5115	*/
5116	int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule)
5117	{
5118	return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule);
5119	}
5120	#endif /* CONFIG_AUDIT */
5121
5122	#ifdef CONFIG_BPF_SYSCALL
5123	/**
5124	* security_bpf() - Check if the bpf syscall operation is allowed
5125	* @cmd: command
5126	* @attr: bpf attribute
5127	* @size: size
5128	*
5129	* Do a initial check for all bpf syscalls after the attribute is copied into
5130	* the kernel. The actual security module can implement their own rules to
5131	* check the specific cmd they need.
5132	*
5133	* Return: Returns 0 if permission is granted.
5134	*/
5135	int security_bpf(int cmd, union bpf_attr *attr, unsigned int size)
5136	{
5137	return call_int_hook(bpf, 0, cmd, attr, size);
5138	}
5139
5140	/**
5141	* security_bpf_map() - Check if access to a bpf map is allowed
5142	* @map: bpf map
5143	* @fmode: mode
5144	*
5145	* Do a check when the kernel generates and returns a file descriptor for eBPF
5146	* maps.
5147	*
5148	* Return: Returns 0 if permission is granted.
5149	*/
5150	int security_bpf_map(struct bpf_map *map, fmode_t fmode)
5151	{
5152	return call_int_hook(bpf_map, 0, map, fmode);
5153	}
5154
5155	/**
5156	* security_bpf_prog() - Check if access to a bpf program is allowed
5157	* @prog: bpf program
5158	*
5159	* Do a check when the kernel generates and returns a file descriptor for eBPF
5160	* programs.
5161	*
5162	* Return: Returns 0 if permission is granted.
5163	*/
5164	int security_bpf_prog(struct bpf_prog *prog)
5165	{
5166	return call_int_hook(bpf_prog, 0, prog);
5167	}
5168
5169	/**
5170	* security_bpf_map_alloc() - Allocate a bpf map LSM blob
5171	* @map: bpf map
5172	*
5173	* Initialize the security field inside bpf map.
5174	*
5175	* Return: Returns 0 on success, error on failure.
5176	*/
5177	int security_bpf_map_alloc(struct bpf_map *map)
5178	{
5179	return call_int_hook(bpf_map_alloc_security, 0, map);
5180	}
5181
5182	/**
5183	* security_bpf_prog_alloc() - Allocate a bpf program LSM blob
5184	* @aux: bpf program aux info struct
5185	*
5186	* Initialize the security field inside bpf program.
5187	*
5188	* Return: Returns 0 on success, error on failure.
5189	*/
5190	int security_bpf_prog_alloc(struct bpf_prog_aux *aux)
5191	{
5192	return call_int_hook(bpf_prog_alloc_security, 0, aux);
5193	}
5194
5195	/**
5196	* security_bpf_map_free() - Free a bpf map's LSM blob
5197	* @map: bpf map
5198	*
5199	* Clean up the security information stored inside bpf map.
5200	*/
5201	void security_bpf_map_free(struct bpf_map *map)
5202	{
5203	call_void_hook(bpf_map_free_security, map);
5204	}
5205
5206	/**
5207	* security_bpf_prog_free() - Free a bpf program's LSM blob
5208	* @aux: bpf program aux info struct
5209	*
5210	* Clean up the security information stored inside bpf prog.
5211	*/
5212	void security_bpf_prog_free(struct bpf_prog_aux *aux)
5213	{
5214	call_void_hook(bpf_prog_free_security, aux);
5215	}
5216	#endif /* CONFIG_BPF_SYSCALL */
5217
5218	/**
5219	* security_locked_down() - Check if a kernel feature is allowed
5220	* @what: requested kernel feature
5221	*
5222	* Determine whether a kernel feature that potentially enables arbitrary code
5223	* execution in kernel space should be permitted.
5224	*
5225	* Return: Returns 0 if permission is granted.
5226	*/
5227	int security_locked_down(enum lockdown_reason what)
5228	{
5229	return call_int_hook(locked_down, 0, what);
5230	}
5231	EXPORT_SYMBOL(security_locked_down);
5232
5233	#ifdef CONFIG_PERF_EVENTS
5234	/**
5235	* security_perf_event_open() - Check if a perf event open is allowed
5236	* @attr: perf event attribute
5237	* @type: type of event
5238	*
5239	* Check whether the @type of perf_event_open syscall is allowed.
5240	*
5241	* Return: Returns 0 if permission is granted.
5242	*/
5243	int security_perf_event_open(struct perf_event_attr *attr, int type)
5244	{
5245	return call_int_hook(perf_event_open, 0, attr, type);
5246	}
5247
5248	/**
5249	* security_perf_event_alloc() - Allocate a perf event LSM blob
5250	* @event: perf event
5251	*
5252	* Allocate and save perf_event security info.
5253	*
5254	* Return: Returns 0 on success, error on failure.
5255	*/
5256	int security_perf_event_alloc(struct perf_event *event)
5257	{
5258	return call_int_hook(perf_event_alloc, 0, event);
5259	}
5260
5261	/**
5262	* security_perf_event_free() - Free a perf event LSM blob
5263	* @event: perf event
5264	*
5265	* Release (free) perf_event security info.
5266	*/
5267	void security_perf_event_free(struct perf_event *event)
5268	{
5269	call_void_hook(perf_event_free, event);
5270	}
5271
5272	/**
5273	* security_perf_event_read() - Check if reading a perf event label is allowed
5274	* @event: perf event
5275	*
5276	* Read perf_event security info if allowed.
5277	*
5278	* Return: Returns 0 if permission is granted.
5279	*/
5280	int security_perf_event_read(struct perf_event *event)
5281	{
5282	return call_int_hook(perf_event_read, 0, event);
5283	}
5284
5285	/**
5286	* security_perf_event_write() - Check if writing a perf event label is allowed
5287	* @event: perf event
5288	*
5289	* Write perf_event security info if allowed.
5290	*
5291	* Return: Returns 0 if permission is granted.
5292	*/
5293	int security_perf_event_write(struct perf_event *event)
5294	{
5295	return call_int_hook(perf_event_write, 0, event);
5296	}
5297	#endif /* CONFIG_PERF_EVENTS */
5298
5299	#ifdef CONFIG_IO_URING
5300	/**
5301	* security_uring_override_creds() - Check if overriding creds is allowed
5302	* @new: new credentials
5303	*
5304	* Check if the current task, executing an io_uring operation, is allowed to
5305	* override it's credentials with @new.
5306	*
5307	* Return: Returns 0 if permission is granted.
5308	*/
5309	int security_uring_override_creds(const struct cred *new)
5310	{
5311	return call_int_hook(uring_override_creds, 0, new);
5312	}
5313
5314	/**
5315	* security_uring_sqpoll() - Check if IORING_SETUP_SQPOLL is allowed
5316	*
5317	* Check whether the current task is allowed to spawn a io_uring polling thread
5318	* (IORING_SETUP_SQPOLL).
5319	*
5320	* Return: Returns 0 if permission is granted.
5321	*/
5322	int security_uring_sqpoll(void)
5323	{
5324	return call_int_hook(uring_sqpoll, 0);
5325	}
5326
5327	/**
5328	* security_uring_cmd() - Check if a io_uring passthrough command is allowed
5329	* @ioucmd: command
5330	*
5331	* Check whether the file_operations uring_cmd is allowed to run.
5332	*
5333	* Return: Returns 0 if permission is granted.
5334	*/
5335	int security_uring_cmd(struct io_uring_cmd *ioucmd)
5336	{
5337	return call_int_hook(uring_cmd, 0, ioucmd);
5338	}
5339	#endif /* CONFIG_IO_URING */
5340