1/* SPDX-License-Identifier: GPL-2.0 */
2
3/*
4 * Linux Security Module Hook declarations.
5 *
6 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
7 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
8 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
9 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
10 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
11 * Copyright (C) 2015 Intel Corporation.
12 * Copyright (C) 2015 Casey Schaufler <casey@schaufler-ca.com>
13 * Copyright (C) 2016 Mellanox Techonologies
14 * Copyright (C) 2020 Google LLC.
15 */
16
17/*
18 * The macro LSM_HOOK is used to define the data structures required by
19 * the LSM framework using the pattern:
20 *
21 * LSM_HOOK(<return_type>, <default_value>, <hook_name>, args...)
22 *
23 * struct security_hook_heads {
24 * #define LSM_HOOK(RET, DEFAULT, NAME, ...) struct hlist_head NAME;
25 * #include <linux/lsm_hook_defs.h>
26 * #undef LSM_HOOK
27 * };
28 */
29LSM_HOOK(int, 0, binder_set_context_mgr, const struct cred *mgr)
30LSM_HOOK(int, 0, binder_transaction, const struct cred *from,
31 const struct cred *to)
32LSM_HOOK(int, 0, binder_transfer_binder, const struct cred *from,
33 const struct cred *to)
34LSM_HOOK(int, 0, binder_transfer_file, const struct cred *from,
35 const struct cred *to, const struct file *file)
36LSM_HOOK(int, 0, ptrace_access_check, struct task_struct *child,
37 unsigned int mode)
38LSM_HOOK(int, 0, ptrace_traceme, struct task_struct *parent)
39LSM_HOOK(int, 0, capget, const struct task_struct *target, kernel_cap_t *effective,
40 kernel_cap_t *inheritable, kernel_cap_t *permitted)
41LSM_HOOK(int, 0, capset, struct cred *new, const struct cred *old,
42 const kernel_cap_t *effective, const kernel_cap_t *inheritable,
43 const kernel_cap_t *permitted)
44LSM_HOOK(int, 0, capable, const struct cred *cred, struct user_namespace *ns,
45 int cap, unsigned int opts)
46LSM_HOOK(int, 0, quotactl, int cmds, int type, int id, const struct super_block *sb)
47LSM_HOOK(int, 0, quota_on, struct dentry *dentry)
48LSM_HOOK(int, 0, syslog, int type)
49LSM_HOOK(int, 0, settime, const struct timespec64 *ts,
50 const struct timezone *tz)
51LSM_HOOK(int, 0, vm_enough_memory, struct mm_struct *mm, long pages)
52LSM_HOOK(int, 0, bprm_creds_for_exec, struct linux_binprm *bprm)
53LSM_HOOK(int, 0, bprm_creds_from_file, struct linux_binprm *bprm, const struct file *file)
54LSM_HOOK(int, 0, bprm_check_security, struct linux_binprm *bprm)
55LSM_HOOK(void, LSM_RET_VOID, bprm_committing_creds, const struct linux_binprm *bprm)
56LSM_HOOK(void, LSM_RET_VOID, bprm_committed_creds, const struct linux_binprm *bprm)
57LSM_HOOK(int, 0, fs_context_submount, struct fs_context *fc, struct super_block *reference)
58LSM_HOOK(int, 0, fs_context_dup, struct fs_context *fc,
59 struct fs_context *src_sc)
60LSM_HOOK(int, -ENOPARAM, fs_context_parse_param, struct fs_context *fc,
61 struct fs_parameter *param)
62LSM_HOOK(int, 0, sb_alloc_security, struct super_block *sb)
63LSM_HOOK(void, LSM_RET_VOID, sb_delete, struct super_block *sb)
64LSM_HOOK(void, LSM_RET_VOID, sb_free_security, struct super_block *sb)
65LSM_HOOK(void, LSM_RET_VOID, sb_free_mnt_opts, void *mnt_opts)
66LSM_HOOK(int, 0, sb_eat_lsm_opts, char *orig, void **mnt_opts)
67LSM_HOOK(int, 0, sb_mnt_opts_compat, struct super_block *sb, void *mnt_opts)
68LSM_HOOK(int, 0, sb_remount, struct super_block *sb, void *mnt_opts)
69LSM_HOOK(int, 0, sb_kern_mount, const struct super_block *sb)
70LSM_HOOK(int, 0, sb_show_options, struct seq_file *m, struct super_block *sb)
71LSM_HOOK(int, 0, sb_statfs, struct dentry *dentry)
72LSM_HOOK(int, 0, sb_mount, const char *dev_name, const struct path *path,
73 const char *type, unsigned long flags, void *data)
74LSM_HOOK(int, 0, sb_umount, struct vfsmount *mnt, int flags)
75LSM_HOOK(int, 0, sb_pivotroot, const struct path *old_path,
76 const struct path *new_path)
77LSM_HOOK(int, 0, sb_set_mnt_opts, struct super_block *sb, void *mnt_opts,
78 unsigned long kern_flags, unsigned long *set_kern_flags)
79LSM_HOOK(int, 0, sb_clone_mnt_opts, const struct super_block *oldsb,
80 struct super_block *newsb, unsigned long kern_flags,
81 unsigned long *set_kern_flags)
82LSM_HOOK(int, 0, move_mount, const struct path *from_path,
83 const struct path *to_path)
84LSM_HOOK(int, -EOPNOTSUPP, dentry_init_security, struct dentry *dentry,
85 int mode, const struct qstr *name, const char **xattr_name,
86 struct lsm_context *cp)
87LSM_HOOK(int, 0, dentry_create_files_as, struct dentry *dentry, int mode,
88 const struct qstr *name, const struct cred *old, struct cred *new)
89
90#ifdef CONFIG_SECURITY_PATH
91LSM_HOOK(int, 0, path_unlink, const struct path *dir, struct dentry *dentry)
92LSM_HOOK(int, 0, path_mkdir, const struct path *dir, struct dentry *dentry,
93 umode_t mode)
94LSM_HOOK(int, 0, path_rmdir, const struct path *dir, struct dentry *dentry)
95LSM_HOOK(int, 0, path_mknod, const struct path *dir, struct dentry *dentry,
96 umode_t mode, unsigned int dev)
97LSM_HOOK(void, LSM_RET_VOID, path_post_mknod, struct mnt_idmap *idmap,
98 struct dentry *dentry)
99LSM_HOOK(int, 0, path_truncate, const struct path *path)
100LSM_HOOK(int, 0, path_symlink, const struct path *dir, struct dentry *dentry,
101 const char *old_name)
102LSM_HOOK(int, 0, path_link, struct dentry *old_dentry,
103 const struct path *new_dir, struct dentry *new_dentry)
104LSM_HOOK(int, 0, path_rename, const struct path *old_dir,
105 struct dentry *old_dentry, const struct path *new_dir,
106 struct dentry *new_dentry, unsigned int flags)
107LSM_HOOK(int, 0, path_chmod, const struct path *path, umode_t mode)
108LSM_HOOK(int, 0, path_chown, const struct path *path, kuid_t uid, kgid_t gid)
109LSM_HOOK(int, 0, path_chroot, const struct path *path)
110#endif /* CONFIG_SECURITY_PATH */
111
112/* Needed for inode based security check */
113LSM_HOOK(int, 0, path_notify, const struct path *path, u64 mask,
114 unsigned int obj_type)
115LSM_HOOK(int, 0, inode_alloc_security, struct inode *inode)
116LSM_HOOK(void, LSM_RET_VOID, inode_free_security, struct inode *inode)
117LSM_HOOK(void, LSM_RET_VOID, inode_free_security_rcu, void *inode_security)
118LSM_HOOK(int, -EOPNOTSUPP, inode_init_security, struct inode *inode,
119 struct inode *dir, const struct qstr *qstr, struct xattr *xattrs,
120 int *xattr_count)
121LSM_HOOK(int, 0, inode_init_security_anon, struct inode *inode,
122 const struct qstr *name, const struct inode *context_inode)
123LSM_HOOK(int, 0, inode_create, struct inode *dir, struct dentry *dentry,
124 umode_t mode)
125LSM_HOOK(void, LSM_RET_VOID, inode_post_create_tmpfile, struct mnt_idmap *idmap,
126 struct inode *inode)
127LSM_HOOK(int, 0, inode_link, struct dentry *old_dentry, struct inode *dir,
128 struct dentry *new_dentry)
129LSM_HOOK(int, 0, inode_unlink, struct inode *dir, struct dentry *dentry)
130LSM_HOOK(int, 0, inode_symlink, struct inode *dir, struct dentry *dentry,
131 const char *old_name)
132LSM_HOOK(int, 0, inode_mkdir, struct inode *dir, struct dentry *dentry,
133 umode_t mode)
134LSM_HOOK(int, 0, inode_rmdir, struct inode *dir, struct dentry *dentry)
135LSM_HOOK(int, 0, inode_mknod, struct inode *dir, struct dentry *dentry,
136 umode_t mode, dev_t dev)
137LSM_HOOK(int, 0, inode_rename, struct inode *old_dir, struct dentry *old_dentry,
138 struct inode *new_dir, struct dentry *new_dentry)
139LSM_HOOK(int, 0, inode_readlink, struct dentry *dentry)
140LSM_HOOK(int, 0, inode_follow_link, struct dentry *dentry, struct inode *inode,
141 bool rcu)
142LSM_HOOK(int, 0, inode_permission, struct inode *inode, int mask)
143LSM_HOOK(int, 0, inode_setattr, struct mnt_idmap *idmap, struct dentry *dentry,
144 struct iattr *attr)
145LSM_HOOK(void, LSM_RET_VOID, inode_post_setattr, struct mnt_idmap *idmap,
146 struct dentry *dentry, int ia_valid)
147LSM_HOOK(int, 0, inode_getattr, const struct path *path)
148LSM_HOOK(int, 0, inode_xattr_skipcap, const char *name)
149LSM_HOOK(int, 0, inode_setxattr, struct mnt_idmap *idmap,
150 struct dentry *dentry, const char *name, const void *value,
151 size_t size, int flags)
152LSM_HOOK(void, LSM_RET_VOID, inode_post_setxattr, struct dentry *dentry,
153 const char *name, const void *value, size_t size, int flags)
154LSM_HOOK(int, 0, inode_getxattr, struct dentry *dentry, const char *name)
155LSM_HOOK(int, 0, inode_listxattr, struct dentry *dentry)
156LSM_HOOK(int, 0, inode_removexattr, struct mnt_idmap *idmap,
157 struct dentry *dentry, const char *name)
158LSM_HOOK(void, LSM_RET_VOID, inode_post_removexattr, struct dentry *dentry,
159 const char *name)
160LSM_HOOK(int, 0, inode_file_setattr, struct dentry *dentry, struct file_kattr *fa)
161LSM_HOOK(int, 0, inode_file_getattr, struct dentry *dentry, struct file_kattr *fa)
162LSM_HOOK(int, 0, inode_set_acl, struct mnt_idmap *idmap,
163 struct dentry *dentry, const char *acl_name, struct posix_acl *kacl)
164LSM_HOOK(void, LSM_RET_VOID, inode_post_set_acl, struct dentry *dentry,
165 const char *acl_name, struct posix_acl *kacl)
166LSM_HOOK(int, 0, inode_get_acl, struct mnt_idmap *idmap,
167 struct dentry *dentry, const char *acl_name)
168LSM_HOOK(int, 0, inode_remove_acl, struct mnt_idmap *idmap,
169 struct dentry *dentry, const char *acl_name)
170LSM_HOOK(void, LSM_RET_VOID, inode_post_remove_acl, struct mnt_idmap *idmap,
171 struct dentry *dentry, const char *acl_name)
172LSM_HOOK(int, 0, inode_need_killpriv, struct dentry *dentry)
173LSM_HOOK(int, 0, inode_killpriv, struct mnt_idmap *idmap,
174 struct dentry *dentry)
175LSM_HOOK(int, -EOPNOTSUPP, inode_getsecurity, struct mnt_idmap *idmap,
176 struct inode *inode, const char *name, void **buffer, bool alloc)
177LSM_HOOK(int, -EOPNOTSUPP, inode_setsecurity, struct inode *inode,
178 const char *name, const void *value, size_t size, int flags)
179LSM_HOOK(int, 0, inode_listsecurity, struct inode *inode, char *buffer,
180 size_t buffer_size)
181LSM_HOOK(void, LSM_RET_VOID, inode_getlsmprop, struct inode *inode,
182 struct lsm_prop *prop)
183LSM_HOOK(int, 0, inode_copy_up, struct dentry *src, struct cred **new)
184LSM_HOOK(int, -EOPNOTSUPP, inode_copy_up_xattr, struct dentry *src,
185 const char *name)
186LSM_HOOK(int, 0, inode_setintegrity, const struct inode *inode,
187 enum lsm_integrity_type type, const void *value, size_t size)
188LSM_HOOK(int, 0, kernfs_init_security, struct kernfs_node *kn_dir,
189 struct kernfs_node *kn)
190LSM_HOOK(int, 0, file_permission, struct file *file, int mask)
191LSM_HOOK(int, 0, file_alloc_security, struct file *file)
192LSM_HOOK(void, LSM_RET_VOID, file_release, struct file *file)
193LSM_HOOK(void, LSM_RET_VOID, file_free_security, struct file *file)
194LSM_HOOK(int, 0, file_ioctl, struct file *file, unsigned int cmd,
195 unsigned long arg)
196LSM_HOOK(int, 0, file_ioctl_compat, struct file *file, unsigned int cmd,
197 unsigned long arg)
198LSM_HOOK(int, 0, mmap_addr, unsigned long addr)
199LSM_HOOK(int, 0, mmap_file, struct file *file, unsigned long reqprot,
200 unsigned long prot, unsigned long flags)
201LSM_HOOK(int, 0, file_mprotect, struct vm_area_struct *vma,
202 unsigned long reqprot, unsigned long prot)
203LSM_HOOK(int, 0, file_lock, struct file *file, unsigned int cmd)
204LSM_HOOK(int, 0, file_fcntl, struct file *file, unsigned int cmd,
205 unsigned long arg)
206LSM_HOOK(void, LSM_RET_VOID, file_set_fowner, struct file *file)
207LSM_HOOK(int, 0, file_send_sigiotask, struct task_struct *tsk,
208 struct fown_struct *fown, int sig)
209LSM_HOOK(int, 0, file_receive, struct file *file)
210LSM_HOOK(int, 0, file_open, struct file *file)
211LSM_HOOK(int, 0, file_post_open, struct file *file, int mask)
212LSM_HOOK(int, 0, file_truncate, struct file *file)
213LSM_HOOK(int, 0, task_alloc, struct task_struct *task,
214 u64 clone_flags)
215LSM_HOOK(void, LSM_RET_VOID, task_free, struct task_struct *task)
216LSM_HOOK(int, 0, cred_alloc_blank, struct cred *cred, gfp_t gfp)
217LSM_HOOK(void, LSM_RET_VOID, cred_free, struct cred *cred)
218LSM_HOOK(int, 0, cred_prepare, struct cred *new, const struct cred *old,
219 gfp_t gfp)
220LSM_HOOK(void, LSM_RET_VOID, cred_transfer, struct cred *new,
221 const struct cred *old)
222LSM_HOOK(void, LSM_RET_VOID, cred_getsecid, const struct cred *c, u32 *secid)
223LSM_HOOK(void, LSM_RET_VOID, cred_getlsmprop, const struct cred *c,
224 struct lsm_prop *prop)
225LSM_HOOK(int, 0, kernel_act_as, struct cred *new, u32 secid)
226LSM_HOOK(int, 0, kernel_create_files_as, struct cred *new, struct inode *inode)
227LSM_HOOK(int, 0, kernel_module_request, char *kmod_name)
228LSM_HOOK(int, 0, kernel_load_data, enum kernel_load_data_id id, bool contents)
229LSM_HOOK(int, 0, kernel_post_load_data, char *buf, loff_t size,
230 enum kernel_load_data_id id, char *description)
231LSM_HOOK(int, 0, kernel_read_file, struct file *file,
232 enum kernel_read_file_id id, bool contents)
233LSM_HOOK(int, 0, kernel_post_read_file, struct file *file, char *buf,
234 loff_t size, enum kernel_read_file_id id)
235LSM_HOOK(int, 0, task_fix_setuid, struct cred *new, const struct cred *old,
236 int flags)
237LSM_HOOK(int, 0, task_fix_setgid, struct cred *new, const struct cred * old,
238 int flags)
239LSM_HOOK(int, 0, task_fix_setgroups, struct cred *new, const struct cred * old)
240LSM_HOOK(int, 0, task_setpgid, struct task_struct *p, pid_t pgid)
241LSM_HOOK(int, 0, task_getpgid, struct task_struct *p)
242LSM_HOOK(int, 0, task_getsid, struct task_struct *p)
243LSM_HOOK(void, LSM_RET_VOID, current_getlsmprop_subj, struct lsm_prop *prop)
244LSM_HOOK(void, LSM_RET_VOID, task_getlsmprop_obj,
245 struct task_struct *p, struct lsm_prop *prop)
246LSM_HOOK(int, 0, task_setnice, struct task_struct *p, int nice)
247LSM_HOOK(int, 0, task_setioprio, struct task_struct *p, int ioprio)
248LSM_HOOK(int, 0, task_getioprio, struct task_struct *p)
249LSM_HOOK(int, 0, task_prlimit, const struct cred *cred,
250 const struct cred *tcred, unsigned int flags)
251LSM_HOOK(int, 0, task_setrlimit, struct task_struct *p, unsigned int resource,
252 struct rlimit *new_rlim)
253LSM_HOOK(int, 0, task_setscheduler, struct task_struct *p)
254LSM_HOOK(int, 0, task_getscheduler, struct task_struct *p)
255LSM_HOOK(int, 0, task_movememory, struct task_struct *p)
256LSM_HOOK(int, 0, task_kill, struct task_struct *p, struct kernel_siginfo *info,
257 int sig, const struct cred *cred)
258LSM_HOOK(int, -ENOSYS, task_prctl, int option, unsigned long arg2,
259 unsigned long arg3, unsigned long arg4, unsigned long arg5)
260LSM_HOOK(void, LSM_RET_VOID, task_to_inode, struct task_struct *p,
261 struct inode *inode)
262LSM_HOOK(int, 0, userns_create, const struct cred *cred)
263LSM_HOOK(int, 0, ipc_permission, struct kern_ipc_perm *ipcp, short flag)
264LSM_HOOK(void, LSM_RET_VOID, ipc_getlsmprop, struct kern_ipc_perm *ipcp,
265 struct lsm_prop *prop)
266LSM_HOOK(int, 0, msg_msg_alloc_security, struct msg_msg *msg)
267LSM_HOOK(void, LSM_RET_VOID, msg_msg_free_security, struct msg_msg *msg)
268LSM_HOOK(int, 0, msg_queue_alloc_security, struct kern_ipc_perm *perm)
269LSM_HOOK(void, LSM_RET_VOID, msg_queue_free_security,
270 struct kern_ipc_perm *perm)
271LSM_HOOK(int, 0, msg_queue_associate, struct kern_ipc_perm *perm, int msqflg)
272LSM_HOOK(int, 0, msg_queue_msgctl, struct kern_ipc_perm *perm, int cmd)
273LSM_HOOK(int, 0, msg_queue_msgsnd, struct kern_ipc_perm *perm,
274 struct msg_msg *msg, int msqflg)
275LSM_HOOK(int, 0, msg_queue_msgrcv, struct kern_ipc_perm *perm,
276 struct msg_msg *msg, struct task_struct *target, long type, int mode)
277LSM_HOOK(int, 0, shm_alloc_security, struct kern_ipc_perm *perm)
278LSM_HOOK(void, LSM_RET_VOID, shm_free_security, struct kern_ipc_perm *perm)
279LSM_HOOK(int, 0, shm_associate, struct kern_ipc_perm *perm, int shmflg)
280LSM_HOOK(int, 0, shm_shmctl, struct kern_ipc_perm *perm, int cmd)
281LSM_HOOK(int, 0, shm_shmat, struct kern_ipc_perm *perm, char __user *shmaddr,
282 int shmflg)
283LSM_HOOK(int, 0, sem_alloc_security, struct kern_ipc_perm *perm)
284LSM_HOOK(void, LSM_RET_VOID, sem_free_security, struct kern_ipc_perm *perm)
285LSM_HOOK(int, 0, sem_associate, struct kern_ipc_perm *perm, int semflg)
286LSM_HOOK(int, 0, sem_semctl, struct kern_ipc_perm *perm, int cmd)
287LSM_HOOK(int, 0, sem_semop, struct kern_ipc_perm *perm, struct sembuf *sops,
288 unsigned nsops, int alter)
289LSM_HOOK(int, 0, netlink_send, struct sock *sk, struct sk_buff *skb)
290LSM_HOOK(void, LSM_RET_VOID, d_instantiate, struct dentry *dentry,
291 struct inode *inode)
292LSM_HOOK(int, -EOPNOTSUPP, getselfattr, unsigned int attr,
293 struct lsm_ctx __user *ctx, u32 *size, u32 flags)
294LSM_HOOK(int, -EOPNOTSUPP, setselfattr, unsigned int attr,
295 struct lsm_ctx *ctx, u32 size, u32 flags)
296LSM_HOOK(int, -EINVAL, getprocattr, struct task_struct *p, const char *name,
297 char **value)
298LSM_HOOK(int, -EINVAL, setprocattr, const char *name, void *value, size_t size)
299LSM_HOOK(int, 0, ismaclabel, const char *name)
300LSM_HOOK(int, -EOPNOTSUPP, secid_to_secctx, u32 secid, struct lsm_context *cp)
301LSM_HOOK(int, -EOPNOTSUPP, lsmprop_to_secctx, struct lsm_prop *prop,
302 struct lsm_context *cp)
303LSM_HOOK(int, 0, secctx_to_secid, const char *secdata, u32 seclen, u32 *secid)
304LSM_HOOK(void, LSM_RET_VOID, release_secctx, struct lsm_context *cp)
305LSM_HOOK(void, LSM_RET_VOID, inode_invalidate_secctx, struct inode *inode)
306LSM_HOOK(int, 0, inode_notifysecctx, struct inode *inode, void *ctx, u32 ctxlen)
307LSM_HOOK(int, 0, inode_setsecctx, struct dentry *dentry, void *ctx, u32 ctxlen)
308LSM_HOOK(int, -EOPNOTSUPP, inode_getsecctx, struct inode *inode,
309 struct lsm_context *cp)
310
311#if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)
312LSM_HOOK(int, 0, post_notification, const struct cred *w_cred,
313 const struct cred *cred, struct watch_notification *n)
314#endif /* CONFIG_SECURITY && CONFIG_WATCH_QUEUE */
315
316#if defined(CONFIG_SECURITY) && defined(CONFIG_KEY_NOTIFICATIONS)
317LSM_HOOK(int, 0, watch_key, struct key *key)
318#endif /* CONFIG_SECURITY && CONFIG_KEY_NOTIFICATIONS */
319
320#ifdef CONFIG_SECURITY_NETWORK
321LSM_HOOK(int, 0, unix_stream_connect, struct sock *sock, struct sock *other,
322 struct sock *newsk)
323LSM_HOOK(int, 0, unix_may_send, struct socket *sock, struct socket *other)
324LSM_HOOK(int, 0, socket_create, int family, int type, int protocol, int kern)
325LSM_HOOK(int, 0, socket_post_create, struct socket *sock, int family, int type,
326 int protocol, int kern)
327LSM_HOOK(int, 0, socket_socketpair, struct socket *socka, struct socket *sockb)
328LSM_HOOK(int, 0, socket_bind, struct socket *sock, struct sockaddr *address,
329 int addrlen)
330LSM_HOOK(int, 0, socket_connect, struct socket *sock, struct sockaddr *address,
331 int addrlen)
332LSM_HOOK(int, 0, socket_listen, struct socket *sock, int backlog)
333LSM_HOOK(int, 0, socket_accept, struct socket *sock, struct socket *newsock)
334LSM_HOOK(int, 0, socket_sendmsg, struct socket *sock, struct msghdr *msg,
335 int size)
336LSM_HOOK(int, 0, socket_recvmsg, struct socket *sock, struct msghdr *msg,
337 int size, int flags)
338LSM_HOOK(int, 0, socket_getsockname, struct socket *sock)
339LSM_HOOK(int, 0, socket_getpeername, struct socket *sock)
340LSM_HOOK(int, 0, socket_getsockopt, struct socket *sock, int level, int optname)
341LSM_HOOK(int, 0, socket_setsockopt, struct socket *sock, int level, int optname)
342LSM_HOOK(int, 0, socket_shutdown, struct socket *sock, int how)
343LSM_HOOK(int, 0, socket_sock_rcv_skb, struct sock *sk, struct sk_buff *skb)
344LSM_HOOK(int, -ENOPROTOOPT, socket_getpeersec_stream, struct socket *sock,
345 sockptr_t optval, sockptr_t optlen, unsigned int len)
346LSM_HOOK(int, -ENOPROTOOPT, socket_getpeersec_dgram, struct socket *sock,
347 struct sk_buff *skb, u32 *secid)
348LSM_HOOK(int, 0, sk_alloc_security, struct sock *sk, int family, gfp_t priority)
349LSM_HOOK(void, LSM_RET_VOID, sk_free_security, struct sock *sk)
350LSM_HOOK(void, LSM_RET_VOID, sk_clone_security, const struct sock *sk,
351 struct sock *newsk)
352LSM_HOOK(void, LSM_RET_VOID, sk_getsecid, const struct sock *sk, u32 *secid)
353LSM_HOOK(void, LSM_RET_VOID, sock_graft, struct sock *sk, struct socket *parent)
354LSM_HOOK(int, 0, inet_conn_request, const struct sock *sk, struct sk_buff *skb,
355 struct request_sock *req)
356LSM_HOOK(void, LSM_RET_VOID, inet_csk_clone, struct sock *newsk,
357 const struct request_sock *req)
358LSM_HOOK(void, LSM_RET_VOID, inet_conn_established, struct sock *sk,
359 struct sk_buff *skb)
360LSM_HOOK(int, 0, secmark_relabel_packet, u32 secid)
361LSM_HOOK(void, LSM_RET_VOID, secmark_refcount_inc, void)
362LSM_HOOK(void, LSM_RET_VOID, secmark_refcount_dec, void)
363LSM_HOOK(void, LSM_RET_VOID, req_classify_flow, const struct request_sock *req,
364 struct flowi_common *flic)
365LSM_HOOK(int, 0, tun_dev_alloc_security, void *security)
366LSM_HOOK(int, 0, tun_dev_create, void)
367LSM_HOOK(int, 0, tun_dev_attach_queue, void *security)
368LSM_HOOK(int, 0, tun_dev_attach, struct sock *sk, void *security)
369LSM_HOOK(int, 0, tun_dev_open, void *security)
370LSM_HOOK(int, 0, sctp_assoc_request, struct sctp_association *asoc,
371 struct sk_buff *skb)
372LSM_HOOK(int, 0, sctp_bind_connect, struct sock *sk, int optname,
373 struct sockaddr *address, int addrlen)
374LSM_HOOK(void, LSM_RET_VOID, sctp_sk_clone, struct sctp_association *asoc,
375 struct sock *sk, struct sock *newsk)
376LSM_HOOK(int, 0, sctp_assoc_established, struct sctp_association *asoc,
377 struct sk_buff *skb)
378LSM_HOOK(int, 0, mptcp_add_subflow, struct sock *sk, struct sock *ssk)
379#endif /* CONFIG_SECURITY_NETWORK */
380
381#ifdef CONFIG_SECURITY_INFINIBAND
382LSM_HOOK(int, 0, ib_pkey_access, void *sec, u64 subnet_prefix, u16 pkey)
383LSM_HOOK(int, 0, ib_endport_manage_subnet, void *sec, const char *dev_name,
384 u8 port_num)
385LSM_HOOK(int, 0, ib_alloc_security, void *sec)
386#endif /* CONFIG_SECURITY_INFINIBAND */
387
388#ifdef CONFIG_SECURITY_NETWORK_XFRM
389LSM_HOOK(int, 0, xfrm_policy_alloc_security, struct xfrm_sec_ctx **ctxp,
390 struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp)
391LSM_HOOK(int, 0, xfrm_policy_clone_security, struct xfrm_sec_ctx *old_ctx,
392 struct xfrm_sec_ctx **new_ctx)
393LSM_HOOK(void, LSM_RET_VOID, xfrm_policy_free_security,
394 struct xfrm_sec_ctx *ctx)
395LSM_HOOK(int, 0, xfrm_policy_delete_security, struct xfrm_sec_ctx *ctx)
396LSM_HOOK(int, 0, xfrm_state_alloc, struct xfrm_state *x,
397 struct xfrm_user_sec_ctx *sec_ctx)
398LSM_HOOK(int, 0, xfrm_state_alloc_acquire, struct xfrm_state *x,
399 struct xfrm_sec_ctx *polsec, u32 secid)
400LSM_HOOK(void, LSM_RET_VOID, xfrm_state_free_security, struct xfrm_state *x)
401LSM_HOOK(int, 0, xfrm_state_delete_security, struct xfrm_state *x)
402LSM_HOOK(int, 0, xfrm_policy_lookup, struct xfrm_sec_ctx *ctx, u32 fl_secid)
403LSM_HOOK(int, 1, xfrm_state_pol_flow_match, struct xfrm_state *x,
404 struct xfrm_policy *xp, const struct flowi_common *flic)
405LSM_HOOK(int, 0, xfrm_decode_session, struct sk_buff *skb, u32 *secid,
406 int ckall)
407#endif /* CONFIG_SECURITY_NETWORK_XFRM */
408
409/* key management security hooks */
410#ifdef CONFIG_KEYS
411LSM_HOOK(int, 0, key_alloc, struct key *key, const struct cred *cred,
412 unsigned long flags)
413LSM_HOOK(int, 0, key_permission, key_ref_t key_ref, const struct cred *cred,
414 enum key_need_perm need_perm)
415LSM_HOOK(int, 0, key_getsecurity, struct key *key, char **buffer)
416LSM_HOOK(void, LSM_RET_VOID, key_post_create_or_update, struct key *keyring,
417 struct key *key, const void *payload, size_t payload_len,
418 unsigned long flags, bool create)
419#endif /* CONFIG_KEYS */
420
421#ifdef CONFIG_AUDIT
422LSM_HOOK(int, 0, audit_rule_init, u32 field, u32 op, char *rulestr,
423 void **lsmrule, gfp_t gfp)
424LSM_HOOK(int, 0, audit_rule_known, struct audit_krule *krule)
425LSM_HOOK(int, 0, audit_rule_match, struct lsm_prop *prop, u32 field, u32 op,
426 void *lsmrule)
427LSM_HOOK(void, LSM_RET_VOID, audit_rule_free, void *lsmrule)
428#endif /* CONFIG_AUDIT */
429
430#ifdef CONFIG_BPF_SYSCALL
431LSM_HOOK(int, 0, bpf, int cmd, union bpf_attr *attr, unsigned int size, bool kernel)
432LSM_HOOK(int, 0, bpf_map, struct bpf_map *map, fmode_t fmode)
433LSM_HOOK(int, 0, bpf_prog, struct bpf_prog *prog)
434LSM_HOOK(int, 0, bpf_map_create, struct bpf_map *map, union bpf_attr *attr,
435 struct bpf_token *token, bool kernel)
436LSM_HOOK(void, LSM_RET_VOID, bpf_map_free, struct bpf_map *map)
437LSM_HOOK(int, 0, bpf_prog_load, struct bpf_prog *prog, union bpf_attr *attr,
438 struct bpf_token *token, bool kernel)
439LSM_HOOK(void, LSM_RET_VOID, bpf_prog_free, struct bpf_prog *prog)
440LSM_HOOK(int, 0, bpf_token_create, struct bpf_token *token, union bpf_attr *attr,
441 const struct path *path)
442LSM_HOOK(void, LSM_RET_VOID, bpf_token_free, struct bpf_token *token)
443LSM_HOOK(int, 0, bpf_token_cmd, const struct bpf_token *token, enum bpf_cmd cmd)
444LSM_HOOK(int, 0, bpf_token_capable, const struct bpf_token *token, int cap)
445#endif /* CONFIG_BPF_SYSCALL */
446
447LSM_HOOK(int, 0, locked_down, enum lockdown_reason what)
448
449#ifdef CONFIG_PERF_EVENTS
450LSM_HOOK(int, 0, perf_event_open, int type)
451LSM_HOOK(int, 0, perf_event_alloc, struct perf_event *event)
452LSM_HOOK(int, 0, perf_event_read, struct perf_event *event)
453LSM_HOOK(int, 0, perf_event_write, struct perf_event *event)
454#endif /* CONFIG_PERF_EVENTS */
455
456#ifdef CONFIG_IO_URING
457LSM_HOOK(int, 0, uring_override_creds, const struct cred *new)
458LSM_HOOK(int, 0, uring_sqpoll, void)
459LSM_HOOK(int, 0, uring_cmd, struct io_uring_cmd *ioucmd)
460LSM_HOOK(int, 0, uring_allowed, void)
461#endif /* CONFIG_IO_URING */
462
463LSM_HOOK(void, LSM_RET_VOID, initramfs_populated, void)
464
465LSM_HOOK(int, 0, bdev_alloc_security, struct block_device *bdev)
466LSM_HOOK(void, LSM_RET_VOID, bdev_free_security, struct block_device *bdev)
467LSM_HOOK(int, 0, bdev_setintegrity, struct block_device *bdev,
468 enum lsm_integrity_type type, const void *value, size_t size)
469