security.c source code [Linux/security/security.c]

1	// SPDX-License-Identifier: GPL-2.0-or-later
2	/*
3	* Security plug functions
4	*
5	* Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
6	* Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com>
7	* Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
8	* Copyright (C) 2016 Mellanox Technologies
9	* Copyright (C) 2023 Microsoft Corporation <paul@paul-moore.com>
10	*/
11
12	#define pr_fmt(fmt) "LSM: " fmt
13
14	#include <linux/bpf.h>
15	#include <linux/capability.h>
16	#include <linux/dcache.h>
17	#include <linux/export.h>
18	#include <linux/init.h>
19	#include <linux/kernel.h>
20	#include <linux/kernel_read_file.h>
21	#include <linux/lsm_hooks.h>
22	#include <linux/mman.h>
23	#include <linux/mount.h>
24	#include <linux/personality.h>
25	#include <linux/backing-dev.h>
26	#include <linux/string.h>
27	#include <linux/xattr.h>
28	#include <linux/msg.h>
29	#include <linux/overflow.h>
30	#include <linux/perf_event.h>
31	#include <linux/fs.h>
32	#include <net/flow.h>
33	#include <net/sock.h>
34
35	#define SECURITY_HOOK_ACTIVE_KEY(HOOK, IDX) security_hook_active_##HOOK##_##IDX
36
37	/*
38	* Identifier for the LSM static calls.
39	* HOOK is an LSM hook as defined in linux/lsm_hookdefs.h
40	* IDX is the index of the static call. 0 <= NUM < MAX_LSM_COUNT
41	*/
42	#define LSM_STATIC_CALL(HOOK, IDX) lsm_static_call_##HOOK##_##IDX
43
44	/*
45	* Call the macro M for each LSM hook MAX_LSM_COUNT times.
46	*/
47	#define LSM_LOOP_UNROLL(M, ...) \
48	do { \
49	UNROLL(MAX_LSM_COUNT, M, __VA_ARGS__) \
50	} while (0)
51
52	#define LSM_DEFINE_UNROLL(M, ...) UNROLL(MAX_LSM_COUNT, M, __VA_ARGS__)
53
54	/*
55	* These are descriptions of the reasons that can be passed to the
56	* security_locked_down() LSM hook. Placing this array here allows
57	* all security modules to use the same descriptions for auditing
58	* purposes.
59	*/
60	const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX + `1`] = {
61	[LOCKDOWN_NONE] = "none",
62	[LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading",
63	[LOCKDOWN_DEV_MEM] = "/dev/mem,kmem,port",
64	[LOCKDOWN_EFI_TEST] = "/dev/efi_test access",
65	[LOCKDOWN_KEXEC] = "kexec of unsigned images",
66	[LOCKDOWN_HIBERNATION] = "hibernation",
67	[LOCKDOWN_PCI_ACCESS] = "direct PCI access",
68	[LOCKDOWN_IOPORT] = "raw io port access",
69	[LOCKDOWN_MSR] = "raw MSR access",
70	[LOCKDOWN_ACPI_TABLES] = "modifying ACPI tables",
71	[LOCKDOWN_DEVICE_TREE] = "modifying device tree contents",
72	[LOCKDOWN_PCMCIA_CIS] = "direct PCMCIA CIS storage",
73	[LOCKDOWN_TIOCSSERIAL] = "reconfiguration of serial port IO",
74	[LOCKDOWN_MODULE_PARAMETERS] = "unsafe module parameters",
75	[LOCKDOWN_MMIOTRACE] = "unsafe mmio",
76	[LOCKDOWN_DEBUGFS] = "debugfs access",
77	[LOCKDOWN_XMON_WR] = "xmon write access",
78	[LOCKDOWN_BPF_WRITE_USER] = "use of bpf to write user RAM",
79	[LOCKDOWN_DBG_WRITE_KERNEL] = "use of kgdb/kdb to write kernel RAM",
80	[LOCKDOWN_RTAS_ERROR_INJECTION] = "RTAS error injection",
81	[LOCKDOWN_INTEGRITY_MAX] = "integrity",
82	[LOCKDOWN_KCORE] = "/proc/kcore access",
83	[LOCKDOWN_KPROBES] = "use of kprobes",
84	[LOCKDOWN_BPF_READ_KERNEL] = "use of bpf to read kernel RAM",
85	[LOCKDOWN_DBG_READ_KERNEL] = "use of kgdb/kdb to read kernel RAM",
86	[LOCKDOWN_PERF] = "unsafe use of perf",
87	[LOCKDOWN_TRACEFS] = "use of tracefs",
88	[LOCKDOWN_XMON_RW] = "xmon read and write access",
89	[LOCKDOWN_XFRM_SECRET] = "xfrm SA secret",
90	[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
91	};
92
93	static BLOCKING_NOTIFIER_HEAD(blocking_lsm_notifier_chain);
94
95	static struct kmem_cache *lsm_file_cache;
96	static struct kmem_cache *lsm_inode_cache;
97
98	char *lsm_names;
99	static struct lsm_blob_sizes blob_sizes __ro_after_init;
100
101	/ Boot-time LSM user choice /
102	static __initdata const char *chosen_lsm_order;
103	static __initdata const char *chosen_major_lsm;
104
105	static __initconst const char *const builtin_lsm_order = CONFIG_LSM;
106
107	/ Ordered list of LSMs to initialize. /
108	static __initdata struct lsm_info *ordered_lsms[MAX_LSM_COUNT + `1`];
109	static __initdata struct lsm_info *exclusive;
110
111	#ifdef CONFIG_HAVE_STATIC_CALL
112	#define LSM_HOOK_TRAMP(NAME, NUM) \
113	&STATIC_CALL_TRAMP(LSM_STATIC_CALL(NAME, NUM))
114	#else
115	#define LSM_HOOK_TRAMP(NAME, NUM) NULL
116	#endif
117
118	/*
119	* Define static calls and static keys for each LSM hook.
120	*/
121	#define DEFINE_LSM_STATIC_CALL(NUM, NAME, RET, ...) \
122	DEFINE_STATIC_CALL_NULL(LSM_STATIC_CALL(NAME, NUM), \
123	((RET()(__VA_ARGS__))NULL)); \
124	DEFINE_STATIC_KEY_FALSE(SECURITY_HOOK_ACTIVE_KEY(NAME, NUM));
125
126	#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
127	LSM_DEFINE_UNROLL(DEFINE_LSM_STATIC_CALL, NAME, RET, __VA_ARGS__)
128	#include <linux/lsm_hook_defs.h>
129	#undef LSM_HOOK
130	#undef DEFINE_LSM_STATIC_CALL
131
132	/*
133	* Initialise a table of static calls for each LSM hook.
134	* DEFINE_STATIC_CALL_NULL invocation above generates a key (STATIC_CALL_KEY)
135	* and a trampoline (STATIC_CALL_TRAMP) which are used to call
136	* __static_call_update when updating the static call.
137	*
138	* The static calls table is used by early LSMs, some architectures can fault on
139	* unaligned accesses and the fault handling code may not be ready by then.
140	* Thus, the static calls table should be aligned to avoid any unhandled faults
141	* in early init.
142	*/
143	struct lsm_static_calls_table
144	static_calls_table __ro_after_init __aligned(sizeof(u64)) = {
145	#define INIT_LSM_STATIC_CALL(NUM, NAME) \
146	(struct lsm_static_call) { \
147	.key = &STATIC_CALL_KEY(LSM_STATIC_CALL(NAME, NUM)), \
148	.trampoline = LSM_HOOK_TRAMP(NAME, NUM), \
149	.active = &SECURITY_HOOK_ACTIVE_KEY(NAME, NUM), \
150	},
151	#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
152	.NAME = { \
153	LSM_DEFINE_UNROLL(INIT_LSM_STATIC_CALL, NAME) \
154	},
155	#include <linux/lsm_hook_defs.h>
156	#undef LSM_HOOK
157	#undef INIT_LSM_STATIC_CALL
158	};
159
160	static __initdata bool debug;
161	#define init_debug(...) \
162	do { \
163	if (debug) \
164	pr_info(__VA_ARGS__); \
165	} while (0)
166
167	static bool __init is_enabled(struct lsm_info *lsm)
168	{
169	if (!lsm->enabled)
170	return false;
171
172	return *lsm->enabled;
173	}
174
175	/ Mark an LSM's enabled flag. /
176	static int lsm_enabled_true __initdata = `1`;
177	static int lsm_enabled_false __initdata = `0`;
178	static void __init set_enabled(struct lsm_info *lsm, bool enabled)
179	{
180	/*
181	* When an LSM hasn't configured an enable variable, we can use
182	* a hard-coded location for storing the default enabled state.
183	*/
184	if (!lsm->enabled) {
185	if (enabled)
186	lsm->enabled = &lsm_enabled_true;
187	else
188	lsm->enabled = &lsm_enabled_false;
189	} else if (lsm->enabled == &lsm_enabled_true) {
190	if (!enabled)
191	lsm->enabled = &lsm_enabled_false;
192	} else if (lsm->enabled == &lsm_enabled_false) {
193	if (enabled)
194	lsm->enabled = &lsm_enabled_true;
195	} else {
196	*lsm->enabled = enabled;
197	}
198	}
199
200	/ Is an LSM already listed in the ordered LSMs list? /
201	static bool __init exists_ordered_lsm(struct lsm_info *lsm)
202	{
203	struct lsm_info **check;
204
205	for (check = ordered_lsms; *check; check++)
206	if (*check == lsm)
207	return true;
208
209	return false;
210	}
211
212	/ Append an LSM to the list of ordered LSMs to initialize. /
213	static int last_lsm __initdata;
214	static void __init append_ordered_lsm(struct lsm_info lsm, const* char *from)
215	{
216	/ Ignore duplicate selections. /
217	if (exists_ordered_lsm(lsm))
218	return;
219
220	if (WARN(last_lsm == MAX_LSM_COUNT, "%s: out of LSM static calls!?\n", from))
221	return;
222
223	/ Enable this LSM, if it is not already set. /
224	if (!lsm->enabled)
225	lsm->enabled = &lsm_enabled_true;
226	ordered_lsms[last_lsm++] = lsm;
227
228	init_debug("%s ordered: %s (%s)\n", from, lsm->name,
229	is_enabled(lsm) ? "enabled" : "disabled");
230	}
231
232	/ Is an LSM allowed to be initialized? /
233	static bool __init lsm_allowed(struct lsm_info *lsm)
234	{
235	/ Skip if the LSM is disabled. /
236	if (!is_enabled(lsm))
237	return false;
238
239	/ Not allowed if another exclusive LSM already initialized. /
240	if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) {
241	init_debug("exclusive disabled: %s\n", lsm->name);
242	return false;
243	}
244
245	return true;
246	}
247
248	static void __init lsm_set_blob_size(int need, int* *lbs)
249	{
250	int offset;
251
252	if (*need <= `0`)
253	return;
254
255	offset = ALIGN(lbs, sizeof(void* *));
256	lbs = offset + need;
257	*need = offset;
258	}
259
260	static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed)
261	{
262	if (!needed)
263	return;
264
265	lsm_set_blob_size(need: &needed->lbs_cred, lbs: &blob_sizes.lbs_cred);
266	lsm_set_blob_size(need: &needed->lbs_file, lbs: &blob_sizes.lbs_file);
267	lsm_set_blob_size(need: &needed->lbs_ib, lbs: &blob_sizes.lbs_ib);
268	/*
269	* The inode blob gets an rcu_head in addition to
270	* what the modules might need.
271	*/
272	if (needed->lbs_inode && blob_sizes.lbs_inode == `0`)
273	blob_sizes.lbs_inode = sizeof(struct rcu_head);
274	lsm_set_blob_size(need: &needed->lbs_inode, lbs: &blob_sizes.lbs_inode);
275	lsm_set_blob_size(need: &needed->lbs_ipc, lbs: &blob_sizes.lbs_ipc);
276	lsm_set_blob_size(need: &needed->lbs_key, lbs: &blob_sizes.lbs_key);
277	lsm_set_blob_size(need: &needed->lbs_msg_msg, lbs: &blob_sizes.lbs_msg_msg);
278	lsm_set_blob_size(need: &needed->lbs_perf_event, lbs: &blob_sizes.lbs_perf_event);
279	lsm_set_blob_size(need: &needed->lbs_sock, lbs: &blob_sizes.lbs_sock);
280	lsm_set_blob_size(need: &needed->lbs_superblock, lbs: &blob_sizes.lbs_superblock);
281	lsm_set_blob_size(need: &needed->lbs_task, lbs: &blob_sizes.lbs_task);
282	lsm_set_blob_size(need: &needed->lbs_tun_dev, lbs: &blob_sizes.lbs_tun_dev);
283	lsm_set_blob_size(need: &needed->lbs_xattr_count,
284	lbs: &blob_sizes.lbs_xattr_count);
285	lsm_set_blob_size(need: &needed->lbs_bdev, lbs: &blob_sizes.lbs_bdev);
286	lsm_set_blob_size(need: &needed->lbs_bpf_map, lbs: &blob_sizes.lbs_bpf_map);
287	lsm_set_blob_size(need: &needed->lbs_bpf_prog, lbs: &blob_sizes.lbs_bpf_prog);
288	lsm_set_blob_size(need: &needed->lbs_bpf_token, lbs: &blob_sizes.lbs_bpf_token);
289	}
290
291	/ Prepare LSM for initialization. /
292	static void __init prepare_lsm(struct lsm_info *lsm)
293	{
294	int enabled = lsm_allowed(lsm);
295
296	/ Record enablement (to handle any following exclusive LSMs). /
297	set_enabled(lsm, enabled);
298
299	/ If enabled, do pre-initialization work. /
300	if (enabled) {
301	if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) {
302	exclusive = lsm;
303	init_debug("exclusive chosen: %s\n", lsm->name);
304	}
305
306	lsm_set_blob_sizes(needed: lsm->blobs);
307	}
308	}
309
310	/ Initialize a given LSM, if it is enabled. /
311	static void __init initialize_lsm(struct lsm_info *lsm)
312	{
313	if (is_enabled(lsm)) {
314	int ret;
315
316	init_debug("initializing %s\n", lsm->name);
317	ret = lsm->init();
318	WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret);
319	}
320	}
321
322	/*
323	* Current index to use while initializing the lsm id list.
324	*/
325	u32 lsm_active_cnt __ro_after_init;
326	const struct lsm_id *lsm_idlist[MAX_LSM_COUNT];
327
328	/ Populate ordered LSMs list from comma-separated LSM name list. /
329	static void __init ordered_lsm_parse(const char order, const* char *origin)
330	{
331	struct lsm_info *lsm;
332	char sep, name, *next;
333
334	/ LSM_ORDER_FIRST is always first. /
335	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
336	if (lsm->order == LSM_ORDER_FIRST)
337	append_ordered_lsm(lsm, from: " first");
338	}
339
340	/ Process "security=", if given. /
341	if (chosen_major_lsm) {
342	struct lsm_info *major;
343
344	/*
345	* To match the original "security=" behavior, this
346	* explicitly does NOT fallback to another Legacy Major
347	* if the selected one was separately disabled: disable
348	* all non-matching Legacy Major LSMs.
349	*/
350	for (major = __start_lsm_info; major < __end_lsm_info;
351	major++) {
352	if ((major->flags & LSM_FLAG_LEGACY_MAJOR) &&
353	strcmp(major->name, chosen_major_lsm) != `0`) {
354	set_enabled(lsm: major, enabled: false);
355	init_debug("security=%s disabled: %s (only one legacy major LSM)\n",
356	chosen_major_lsm, major->name);
357	}
358	}
359	}
360
361	sep = kstrdup(s: order, GFP_KERNEL);
362	next = sep;
363	/ Walk the list, looking for matching LSMs. /
364	while ((name = strsep(&next, ",")) != NULL) {
365	bool found = false;
366
367	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
368	if (strcmp(lsm->name, name) == `0`) {
369	if (lsm->order == LSM_ORDER_MUTABLE)
370	append_ordered_lsm(lsm, from: origin);
371	found = true;
372	}
373	}
374
375	if (!found)
376	init_debug("%s ignored: %s (not built into kernel)\n",
377	origin, name);
378	}
379
380	/ Process "security=", if given. /
381	if (chosen_major_lsm) {
382	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
383	if (exists_ordered_lsm(lsm))
384	continue;
385	if (strcmp(lsm->name, chosen_major_lsm) == `0`)
386	append_ordered_lsm(lsm, from: "security=");
387	}
388	}
389
390	/ LSM_ORDER_LAST is always last. /
391	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
392	if (lsm->order == LSM_ORDER_LAST)
393	append_ordered_lsm(lsm, from: " last");
394	}
395
396	/ Disable all LSMs not in the ordered list. /
397	for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
398	if (exists_ordered_lsm(lsm))
399	continue;
400	set_enabled(lsm, enabled: false);
401	init_debug("%s skipped: %s (not in requested order)\n",
402	origin, lsm->name);
403	}
404
405	kfree(objp: sep);
406	}
407
408	static void __init lsm_static_call_init(struct security_hook_list *hl)
409	{
410	struct lsm_static_call *scall = hl->scalls;
411	int i;
412
413	for (i = `0`; i < MAX_LSM_COUNT; i++) {
414	/ Update the first static call that is not used yet /
415	if (!scall->hl) {
416	__static_call_update(key: scall->key, tramp: scall->trampoline,
417	func: hl->hook.lsm_func_addr);
418	scall->hl = hl;
419	static_branch_enable(scall->active);
420	return;
421	}
422	scall++;
423	}
424	panic(fmt: "%s - Ran out of static slots.\n", __func__);
425	}
426
427	static void __init lsm_early_cred(struct cred *cred);
428	static void __init lsm_early_task(struct task_struct *task);
429
430	static int lsm_append(const char new, char* **result);
431
432	static void __init report_lsm_order(void)
433	{
434	struct lsm_info *lsm, early;
435	int first = `0`;
436
437	pr_info("initializing lsm=");
438
439	/ Report each enabled LSM name, comma separated. /
440	for (early = __start_early_lsm_info;
441	early < __end_early_lsm_info; early++)
442	if (is_enabled(lsm: early))
443	pr_cont("%s%s", first++ == `0` ? "" : ",", early->name);
444	for (lsm = ordered_lsms; *lsm; lsm++)
445	if (is_enabled(lsm: *lsm))
446	pr_cont("%s%s", first++ == `0` ? "" : ",", (*lsm)->name);
447
448	pr_cont("\n");
449	}
450
451	static void __init ordered_lsm_init(void)
452	{
453	struct lsm_info **lsm;
454
455	if (chosen_lsm_order) {
456	if (chosen_major_lsm) {
457	pr_warn("security=%s is ignored because it is superseded by lsm=%s\n",
458	chosen_major_lsm, chosen_lsm_order);
459	chosen_major_lsm = NULL;
460	}
461	ordered_lsm_parse(order: chosen_lsm_order, origin: "cmdline");
462	} else
463	ordered_lsm_parse(order: builtin_lsm_order, origin: "builtin");
464
465	for (lsm = ordered_lsms; *lsm; lsm++)
466	prepare_lsm(lsm: *lsm);
467
468	report_lsm_order();
469
470	init_debug("cred blob size = %d\n", blob_sizes.lbs_cred);
471	init_debug("file blob size = %d\n", blob_sizes.lbs_file);
472	init_debug("ib blob size = %d\n", blob_sizes.lbs_ib);
473	init_debug("inode blob size = %d\n", blob_sizes.lbs_inode);
474	init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc);
475	#ifdef CONFIG_KEYS
476	init_debug("key blob size = %d\n", blob_sizes.lbs_key);
477	#endif /* CONFIG_KEYS */
478	init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg);
479	init_debug("sock blob size = %d\n", blob_sizes.lbs_sock);
480	init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock);
481	init_debug("perf event blob size = %d\n", blob_sizes.lbs_perf_event);
482	init_debug("task blob size = %d\n", blob_sizes.lbs_task);
483	init_debug("tun device blob size = %d\n", blob_sizes.lbs_tun_dev);
484	init_debug("xattr slots = %d\n", blob_sizes.lbs_xattr_count);
485	init_debug("bdev blob size = %d\n", blob_sizes.lbs_bdev);
486	init_debug("bpf map blob size = %d\n", blob_sizes.lbs_bpf_map);
487	init_debug("bpf prog blob size = %d\n", blob_sizes.lbs_bpf_prog);
488	init_debug("bpf token blob size = %d\n", blob_sizes.lbs_bpf_token);
489
490	/*
491	* Create any kmem_caches needed for blobs
492	*/
493	if (blob_sizes.lbs_file)
494	lsm_file_cache = kmem_cache_create("lsm_file_cache",
495	blob_sizes.lbs_file, `0`,
496	SLAB_PANIC, NULL);
497	if (blob_sizes.lbs_inode)
498	lsm_inode_cache = kmem_cache_create("lsm_inode_cache",
499	blob_sizes.lbs_inode, `0`,
500	SLAB_PANIC, NULL);
501
502	lsm_early_cred(cred: (struct cred *) current->cred);
503	lsm_early_task(current);
504	for (lsm = ordered_lsms; *lsm; lsm++)
505	initialize_lsm(lsm: *lsm);
506	}
507
508	int __init early_security_init(void)
509	{
510	struct lsm_info *lsm;
511
512	for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
513	if (!lsm->enabled)
514	lsm->enabled = &lsm_enabled_true;
515	prepare_lsm(lsm);
516	initialize_lsm(lsm);
517	}
518
519	return `0`;
520	}
521
522	/**
523	* security_init - initializes the security framework
524	*
525	* This should be called early in the kernel initialization sequence.
526	*/
527	int __init security_init(void)
528	{
529	struct lsm_info *lsm;
530
531	init_debug("legacy security=%s\n", chosen_major_lsm ? : " unspecified");
532	init_debug(" CONFIG_LSM=%s\n", builtin_lsm_order);
533	init_debug("boot arg lsm=%s\n", chosen_lsm_order ? : " unspecified");
534
535	/*
536	* Append the names of the early LSM modules now that kmalloc() is
537	* available
538	*/
539	for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
540	init_debug(" early started: %s (%s)\n", lsm->name,
541	is_enabled(lsm) ? "enabled" : "disabled");
542	if (lsm->enabled)
543	lsm_append(new: lsm->name, result: &lsm_names);
544	}
545
546	/ Load LSMs in specified order. /
547	ordered_lsm_init();
548
549	return `0`;
550	}
551
552	/ Save user chosen LSM /
553	static int __init choose_major_lsm(char *str)
554	{
555	chosen_major_lsm = str;
556	return `1`;
557	}
558	__setup("security=", choose_major_lsm);
559
560	/ Explicitly choose LSM initialization order. /
561	static int __init choose_lsm_order(char *str)
562	{
563	chosen_lsm_order = str;
564	return `1`;
565	}
566	__setup("lsm=", choose_lsm_order);
567
568	/ Enable LSM order debugging. /
569	static int __init enable_debug(char *str)
570	{
571	debug = true;
572	return `1`;
573	}
574	__setup("lsm.debug", enable_debug);
575
576	static bool match_last_lsm(const char list, const* char *lsm)
577	{
578	const char *last;
579
580	if (WARN_ON(!list \|\| !lsm))
581	return false;
582	last = strrchr(list, `','`);
583	if (last)
584	/ Pass the comma, strcmp() will check for '\0' /
585	last++;
586	else
587	last = list;
588	return !strcmp(last, lsm);
589	}
590
591	static int lsm_append(const char new, char* **result)
592	{
593	char *cp;
594
595	if (*result == NULL) {
596	*result = kstrdup(s: new, GFP_KERNEL);
597	if (*result == NULL)
598	return -ENOMEM;
599	} else {
600	/ Check if it is the last registered name /
601	if (match_last_lsm(list: *result, lsm: new))
602	return `0`;
603	cp = kasprintf(GFP_KERNEL, fmt: "%s,%s", *result, new);
604	if (cp == NULL)
605	return -ENOMEM;
606	kfree(objp: *result);
607	*result = cp;
608	}
609	return `0`;
610	}
611
612	/**
613	* security_add_hooks - Add a modules hooks to the hook lists.
614	* @hooks: the hooks to add
615	* @count: the number of hooks to add
616	* @lsmid: the identification information for the security module
617	*
618	* Each LSM has to register its hooks with the infrastructure.
619	*/
620	void __init security_add_hooks(struct security_hook_list hooks, int* count,
621	const struct lsm_id *lsmid)
622	{
623	int i;
624
625	/*
626	* A security module may call security_add_hooks() more
627	* than once during initialization, and LSM initialization
628	* is serialized. Landlock is one such case.
629	* Look at the previous entry, if there is one, for duplication.
630	*/
631	if (lsm_active_cnt == `0` \|\| lsm_idlist[lsm_active_cnt - `1`] != lsmid) {
632	if (lsm_active_cnt >= MAX_LSM_COUNT)
633	panic(fmt: "%s Too many LSMs registered.\n", __func__);
634	lsm_idlist[lsm_active_cnt++] = lsmid;
635	}
636
637	for (i = `0`; i < count; i++) {
638	hooks[i].lsmid = lsmid;
639	lsm_static_call_init(hl: &hooks[i]);
640	}
641
642	/*
643	* Don't try to append during early_security_init(), we'll come back
644	* and fix this up afterwards.
645	*/
646	if (slab_is_available()) {
647	if (lsm_append(new: lsmid->name, result: &lsm_names) < `0`)
648	panic(fmt: "%s - Cannot get early memory.\n", __func__);
649	}
650	}
651
652	int call_blocking_lsm_notifier(enum lsm_event event, void *data)
653	{
654	return blocking_notifier_call_chain(nh: &blocking_lsm_notifier_chain,
655	val: event, v: data);
656	}
657	EXPORT_SYMBOL(call_blocking_lsm_notifier);
658
659	int register_blocking_lsm_notifier(struct notifier_block *nb)
660	{
661	return blocking_notifier_chain_register(nh: &blocking_lsm_notifier_chain,
662	nb);
663	}
664	EXPORT_SYMBOL(register_blocking_lsm_notifier);
665
666	int unregister_blocking_lsm_notifier(struct notifier_block *nb)
667	{
668	return blocking_notifier_chain_unregister(nh: &blocking_lsm_notifier_chain,
669	nb);
670	}
671	EXPORT_SYMBOL(unregister_blocking_lsm_notifier);
672
673	/**
674	* lsm_blob_alloc - allocate a composite blob
675	* @dest: the destination for the blob
676	* @size: the size of the blob
677	* @gfp: allocation type
678	*
679	* Allocate a blob for all the modules
680	*
681	* Returns 0, or -ENOMEM if memory can't be allocated.
682	*/
683	static int lsm_blob_alloc(void **dest, size_t size, gfp_t gfp)
684	{
685	if (size == `0`) {
686	*dest = NULL;
687	return `0`;
688	}
689
690	*dest = kzalloc(size, gfp);
691	if (*dest == NULL)
692	return -ENOMEM;
693	return `0`;
694	}
695
696	/**
697	* lsm_cred_alloc - allocate a composite cred blob
698	* @cred: the cred that needs a blob
699	* @gfp: allocation type
700	*
701	* Allocate the cred blob for all the modules
702	*
703	* Returns 0, or -ENOMEM if memory can't be allocated.
704	*/
705	static int lsm_cred_alloc(struct cred *cred, gfp_t gfp)
706	{
707	return lsm_blob_alloc(dest: &cred->security, size: blob_sizes.lbs_cred, gfp);
708	}
709
710	/**
711	* lsm_early_cred - during initialization allocate a composite cred blob
712	* @cred: the cred that needs a blob
713	*
714	* Allocate the cred blob for all the modules
715	*/
716	static void __init lsm_early_cred(struct cred *cred)
717	{
718	int rc = lsm_cred_alloc(cred, GFP_KERNEL);
719
720	if (rc)
721	panic(fmt: "%s: Early cred alloc failed.\n", __func__);
722	}
723
724	/**
725	* lsm_file_alloc - allocate a composite file blob
726	* @file: the file that needs a blob
727	*
728	* Allocate the file blob for all the modules
729	*
730	* Returns 0, or -ENOMEM if memory can't be allocated.
731	*/
732	static int lsm_file_alloc(struct file *file)
733	{
734	if (!lsm_file_cache) {
735	file->f_security = NULL;
736	return `0`;
737	}
738
739	file->f_security = kmem_cache_zalloc(lsm_file_cache, GFP_KERNEL);
740	if (file->f_security == NULL)
741	return -ENOMEM;
742	return `0`;
743	}
744
745	/**
746	* lsm_inode_alloc - allocate a composite inode blob
747	* @inode: the inode that needs a blob
748	* @gfp: allocation flags
749	*
750	* Allocate the inode blob for all the modules
751	*
752	* Returns 0, or -ENOMEM if memory can't be allocated.
753	*/
754	static int lsm_inode_alloc(struct inode *inode, gfp_t gfp)
755	{
756	if (!lsm_inode_cache) {
757	inode->i_security = NULL;
758	return `0`;
759	}
760
761	inode->i_security = kmem_cache_zalloc(lsm_inode_cache, gfp);
762	if (inode->i_security == NULL)
763	return -ENOMEM;
764	return `0`;
765	}
766
767	/**
768	* lsm_task_alloc - allocate a composite task blob
769	* @task: the task that needs a blob
770	*
771	* Allocate the task blob for all the modules
772	*
773	* Returns 0, or -ENOMEM if memory can't be allocated.
774	*/
775	static int lsm_task_alloc(struct task_struct *task)
776	{
777	return lsm_blob_alloc(dest: &task->security, size: blob_sizes.lbs_task, GFP_KERNEL);
778	}
779
780	/**
781	* lsm_ipc_alloc - allocate a composite ipc blob
782	* @kip: the ipc that needs a blob
783	*
784	* Allocate the ipc blob for all the modules
785	*
786	* Returns 0, or -ENOMEM if memory can't be allocated.
787	*/
788	static int lsm_ipc_alloc(struct kern_ipc_perm *kip)
789	{
790	return lsm_blob_alloc(dest: &kip->security, size: blob_sizes.lbs_ipc, GFP_KERNEL);
791	}
792
793	#ifdef CONFIG_KEYS
794	/**
795	* lsm_key_alloc - allocate a composite key blob
796	* @key: the key that needs a blob
797	*
798	* Allocate the key blob for all the modules
799	*
800	* Returns 0, or -ENOMEM if memory can't be allocated.
801	*/
802	static int lsm_key_alloc(struct key *key)
803	{
804	return lsm_blob_alloc(dest: &key->security, size: blob_sizes.lbs_key, GFP_KERNEL);
805	}
806	#endif /* CONFIG_KEYS */
807
808	/**
809	* lsm_msg_msg_alloc - allocate a composite msg_msg blob
810	* @mp: the msg_msg that needs a blob
811	*
812	* Allocate the ipc blob for all the modules
813	*
814	* Returns 0, or -ENOMEM if memory can't be allocated.
815	*/
816	static int lsm_msg_msg_alloc(struct msg_msg *mp)
817	{
818	return lsm_blob_alloc(dest: &mp->security, size: blob_sizes.lbs_msg_msg,
819	GFP_KERNEL);
820	}
821
822	/**
823	* lsm_bdev_alloc - allocate a composite block_device blob
824	* @bdev: the block_device that needs a blob
825	*
826	* Allocate the block_device blob for all the modules
827	*
828	* Returns 0, or -ENOMEM if memory can't be allocated.
829	*/
830	static int lsm_bdev_alloc(struct block_device *bdev)
831	{
832	return lsm_blob_alloc(dest: &bdev->bd_security, size: blob_sizes.lbs_bdev,
833	GFP_KERNEL);
834	}
835
836	#ifdef CONFIG_BPF_SYSCALL
837	/**
838	* lsm_bpf_map_alloc - allocate a composite bpf_map blob
839	* @map: the bpf_map that needs a blob
840	*
841	* Allocate the bpf_map blob for all the modules
842	*
843	* Returns 0, or -ENOMEM if memory can't be allocated.
844	*/
845	static int lsm_bpf_map_alloc(struct bpf_map *map)
846	{
847	return lsm_blob_alloc(&map->security, blob_sizes.lbs_bpf_map, GFP_KERNEL);
848	}
849
850	/**
851	* lsm_bpf_prog_alloc - allocate a composite bpf_prog blob
852	* @prog: the bpf_prog that needs a blob
853	*
854	* Allocate the bpf_prog blob for all the modules
855	*
856	* Returns 0, or -ENOMEM if memory can't be allocated.
857	*/
858	static int lsm_bpf_prog_alloc(struct bpf_prog *prog)
859	{
860	return lsm_blob_alloc(&prog->aux->security, blob_sizes.lbs_bpf_prog, GFP_KERNEL);
861	}
862
863	/**
864	* lsm_bpf_token_alloc - allocate a composite bpf_token blob
865	* @token: the bpf_token that needs a blob
866	*
867	* Allocate the bpf_token blob for all the modules
868	*
869	* Returns 0, or -ENOMEM if memory can't be allocated.
870	*/
871	static int lsm_bpf_token_alloc(struct bpf_token *token)
872	{
873	return lsm_blob_alloc(&token->security, blob_sizes.lbs_bpf_token, GFP_KERNEL);
874	}
875	#endif /* CONFIG_BPF_SYSCALL */
876
877	/**
878	* lsm_early_task - during initialization allocate a composite task blob
879	* @task: the task that needs a blob
880	*
881	* Allocate the task blob for all the modules
882	*/
883	static void __init lsm_early_task(struct task_struct *task)
884	{
885	int rc = lsm_task_alloc(task);
886
887	if (rc)
888	panic(fmt: "%s: Early task alloc failed.\n", __func__);
889	}
890
891	/**
892	* lsm_superblock_alloc - allocate a composite superblock blob
893	* @sb: the superblock that needs a blob
894	*
895	* Allocate the superblock blob for all the modules
896	*
897	* Returns 0, or -ENOMEM if memory can't be allocated.
898	*/
899	static int lsm_superblock_alloc(struct super_block *sb)
900	{
901	return lsm_blob_alloc(dest: &sb->s_security, size: blob_sizes.lbs_superblock,
902	GFP_KERNEL);
903	}
904
905	/**
906	* lsm_fill_user_ctx - Fill a user space lsm_ctx structure
907	* @uctx: a userspace LSM context to be filled
908	* @uctx_len: available uctx size (input), used uctx size (output)
909	* @val: the new LSM context value
910	* @val_len: the size of the new LSM context value
911	* @id: LSM id
912	* @flags: LSM defined flags
913	*
914	* Fill all of the fields in a userspace lsm_ctx structure. If @uctx is NULL
915	* simply calculate the required size to output via @utc_len and return
916	* success.
917	*
918	* Returns 0 on success, -E2BIG if userspace buffer is not large enough,
919	* -EFAULT on a copyout error, -ENOMEM if memory can't be allocated.
920	*/
921	int lsm_fill_user_ctx(struct lsm_ctx __user uctx, u32 uctx_len,
922	void *val, size_t val_len,
923	u64 id, u64 flags)
924	{
925	struct lsm_ctx *nctx = NULL;
926	size_t nctx_len;
927	int rc = `0`;
928
929	nctx_len = ALIGN(struct_size(nctx, ctx, val_len), sizeof(void *));
930	if (nctx_len > *uctx_len) {
931	rc = -E2BIG;
932	goto out;
933	}
934
935	/ no buffer - return success/0 and set @uctx_len to the req size /
936	if (!uctx)
937	goto out;
938
939	nctx = kzalloc(nctx_len, GFP_KERNEL);
940	if (nctx == NULL) {
941	rc = -ENOMEM;
942	goto out;
943	}
944	nctx->id = id;
945	nctx->flags = flags;
946	nctx->len = nctx_len;
947	nctx->ctx_len = val_len;
948	memcpy(to: nctx->ctx, from: val, len: val_len);
949
950	if (copy_to_user(to: uctx, from: nctx, n: nctx_len))
951	rc = -EFAULT;
952
953	out:
954	kfree(objp: nctx);
955	*uctx_len = nctx_len;
956	return rc;
957	}
958
959	/*
960	* The default value of the LSM hook is defined in linux/lsm_hook_defs.h and
961	* can be accessed with:
962	*
963	* LSM_RET_DEFAULT(<hook_name>)
964	*
965	* The macros below define static constants for the default value of each
966	* LSM hook.
967	*/
968	#define LSM_RET_DEFAULT(NAME) (NAME##_default)
969	#define DECLARE_LSM_RET_DEFAULT_void(DEFAULT, NAME)
970	#define DECLARE_LSM_RET_DEFAULT_int(DEFAULT, NAME) \
971	static const int __maybe_unused LSM_RET_DEFAULT(NAME) = (DEFAULT);
972	#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
973	DECLARE_LSM_RET_DEFAULT_##RET(DEFAULT, NAME)
974
975	#include <linux/lsm_hook_defs.h>
976	#undef LSM_HOOK
977
978	/*
979	* Hook list operation macros.
980	*
981	* call_void_hook:
982	* This is a hook that does not return a value.
983	*
984	* call_int_hook:
985	* This is a hook that returns a value.
986	*/
987	#define __CALL_STATIC_VOID(NUM, HOOK, ...) \
988	do { \
989	if (static_branch_unlikely(&SECURITY_HOOK_ACTIVE_KEY(HOOK, NUM))) { \
990	static_call(LSM_STATIC_CALL(HOOK, NUM))(__VA_ARGS__); \
991	} \
992	} while (0);
993
994	#define call_void_hook(HOOK, ...) \
995	do { \
996	LSM_LOOP_UNROLL(__CALL_STATIC_VOID, HOOK, __VA_ARGS__); \
997	} while (0)
998
999
1000	#define __CALL_STATIC_INT(NUM, R, HOOK, LABEL, ...) \
1001	do { \
1002	if (static_branch_unlikely(&SECURITY_HOOK_ACTIVE_KEY(HOOK, NUM))) { \
1003	R = static_call(LSM_STATIC_CALL(HOOK, NUM))(__VA_ARGS__); \
1004	if (R != LSM_RET_DEFAULT(HOOK)) \
1005	goto LABEL; \
1006	} \
1007	} while (0);
1008
1009	#define call_int_hook(HOOK, ...) \
1010	({ \
1011	__label__ OUT; \
1012	int RC = LSM_RET_DEFAULT(HOOK); \
1013	\
1014	LSM_LOOP_UNROLL(__CALL_STATIC_INT, RC, HOOK, OUT, __VA_ARGS__); \
1015	OUT: \
1016	RC; \
1017	})
1018
1019	#define lsm_for_each_hook(scall, NAME) \
1020	for (scall = static_calls_table.NAME; \
1021	scall - static_calls_table.NAME < MAX_LSM_COUNT; scall++) \
1022	if (static_key_enabled(&scall->active->key))
1023
1024	/ Security operations /
1025
1026	/**
1027	* security_binder_set_context_mgr() - Check if becoming binder ctx mgr is ok
1028	* @mgr: task credentials of current binder process
1029	*
1030	* Check whether @mgr is allowed to be the binder context manager.
1031	*
1032	* Return: Return 0 if permission is granted.
1033	*/
1034	int security_binder_set_context_mgr(const struct cred *mgr)
1035	{
1036	return call_int_hook(binder_set_context_mgr, mgr);
1037	}
1038
1039	/**
1040	* security_binder_transaction() - Check if a binder transaction is allowed
1041	* @from: sending process
1042	* @to: receiving process
1043	*
1044	* Check whether @from is allowed to invoke a binder transaction call to @to.
1045	*
1046	* Return: Returns 0 if permission is granted.
1047	*/
1048	int security_binder_transaction(const struct cred *from,
1049	const struct cred *to)
1050	{
1051	return call_int_hook(binder_transaction, from, to);
1052	}
1053
1054	/**
1055	* security_binder_transfer_binder() - Check if a binder transfer is allowed
1056	* @from: sending process
1057	* @to: receiving process
1058	*
1059	* Check whether @from is allowed to transfer a binder reference to @to.
1060	*
1061	* Return: Returns 0 if permission is granted.
1062	*/
1063	int security_binder_transfer_binder(const struct cred *from,
1064	const struct cred *to)
1065	{
1066	return call_int_hook(binder_transfer_binder, from, to);
1067	}
1068
1069	/**
1070	* security_binder_transfer_file() - Check if a binder file xfer is allowed
1071	* @from: sending process
1072	* @to: receiving process
1073	* @file: file being transferred
1074	*
1075	* Check whether @from is allowed to transfer @file to @to.
1076	*
1077	* Return: Returns 0 if permission is granted.
1078	*/
1079	int security_binder_transfer_file(const struct cred *from,
1080	const struct cred to, const* struct file *file)
1081	{
1082	return call_int_hook(binder_transfer_file, from, to, file);
1083	}
1084
1085	/**
1086	* security_ptrace_access_check() - Check if tracing is allowed
1087	* @child: target process
1088	* @mode: PTRACE_MODE flags
1089	*
1090	* Check permission before allowing the current process to trace the @child
1091	* process. Security modules may also want to perform a process tracing check
1092	* during an execve in the set_security or apply_creds hooks of tracing check
1093	* during an execve in the bprm_set_creds hook of binprm_security_ops if the
1094	* process is being traced and its security attributes would be changed by the
1095	* execve.
1096	*
1097	* Return: Returns 0 if permission is granted.
1098	*/
1099	int security_ptrace_access_check(struct task_struct child, unsigned* int mode)
1100	{
1101	return call_int_hook(ptrace_access_check, child, mode);
1102	}
1103
1104	/**
1105	* security_ptrace_traceme() - Check if tracing is allowed
1106	* @parent: tracing process
1107	*
1108	* Check that the @parent process has sufficient permission to trace the
1109	* current process before allowing the current process to present itself to the
1110	* @parent process for tracing.
1111	*
1112	* Return: Returns 0 if permission is granted.
1113	*/
1114	int security_ptrace_traceme(struct task_struct *parent)
1115	{
1116	return call_int_hook(ptrace_traceme, parent);
1117	}
1118
1119	/**
1120	* security_capget() - Get the capability sets for a process
1121	* @target: target process
1122	* @effective: effective capability set
1123	* @inheritable: inheritable capability set
1124	* @permitted: permitted capability set
1125	*
1126	* Get the @effective, @inheritable, and @permitted capability sets for the
1127	* @target process. The hook may also perform permission checking to determine
1128	* if the current process is allowed to see the capability sets of the @target
1129	* process.
1130	*
1131	* Return: Returns 0 if the capability sets were successfully obtained.
1132	*/
1133	int security_capget(const struct task_struct *target,
1134	kernel_cap_t *effective,
1135	kernel_cap_t *inheritable,
1136	kernel_cap_t *permitted)
1137	{
1138	return call_int_hook(capget, target, effective, inheritable, permitted);
1139	}
1140
1141	/**
1142	* security_capset() - Set the capability sets for a process
1143	* @new: new credentials for the target process
1144	* @old: current credentials of the target process
1145	* @effective: effective capability set
1146	* @inheritable: inheritable capability set
1147	* @permitted: permitted capability set
1148	*
1149	* Set the @effective, @inheritable, and @permitted capability sets for the
1150	* current process.
1151	*
1152	* Return: Returns 0 and update @new if permission is granted.
1153	*/
1154	int security_capset(struct cred new, const* struct cred *old,
1155	const kernel_cap_t *effective,
1156	const kernel_cap_t *inheritable,
1157	const kernel_cap_t *permitted)
1158	{
1159	return call_int_hook(capset, new, old, effective, inheritable,
1160	permitted);
1161	}
1162
1163	/**
1164	* security_capable() - Check if a process has the necessary capability
1165	* @cred: credentials to examine
1166	* @ns: user namespace
1167	* @cap: capability requested
1168	* @opts: capability check options
1169	*
1170	* Check whether the @tsk process has the @cap capability in the indicated
1171	* credentials. @cap contains the capability <include/linux/capability.h>.
1172	* @opts contains options for the capable check <include/linux/security.h>.
1173	*
1174	* Return: Returns 0 if the capability is granted.
1175	*/
1176	int security_capable(const struct cred *cred,
1177	struct user_namespace *ns,
1178	int cap,
1179	unsigned int opts)
1180	{
1181	return call_int_hook(capable, cred, ns, cap, opts);
1182	}
1183
1184	/**
1185	* security_quotactl() - Check if a quotactl() syscall is allowed for this fs
1186	* @cmds: commands
1187	* @type: type
1188	* @id: id
1189	* @sb: filesystem
1190	*
1191	* Check whether the quotactl syscall is allowed for this @sb.
1192	*
1193	* Return: Returns 0 if permission is granted.
1194	*/
1195	int security_quotactl(int cmds, int type, int id, const struct super_block *sb)
1196	{
1197	return call_int_hook(quotactl, cmds, type, id, sb);
1198	}
1199
1200	/**
1201	* security_quota_on() - Check if QUOTAON is allowed for a dentry
1202	* @dentry: dentry
1203	*
1204	* Check whether QUOTAON is allowed for @dentry.
1205	*
1206	* Return: Returns 0 if permission is granted.
1207	*/
1208	int security_quota_on(struct dentry *dentry)
1209	{
1210	return call_int_hook(quota_on, dentry);
1211	}
1212
1213	/**
1214	* security_syslog() - Check if accessing the kernel message ring is allowed
1215	* @type: SYSLOG_ACTION_* type
1216	*
1217	* Check permission before accessing the kernel message ring or changing
1218	* logging to the console. See the syslog(2) manual page for an explanation of
1219	* the @type values.
1220	*
1221	* Return: Return 0 if permission is granted.
1222	*/
1223	int security_syslog(int type)
1224	{
1225	return call_int_hook(syslog, type);
1226	}
1227
1228	/**
1229	* security_settime64() - Check if changing the system time is allowed
1230	* @ts: new time
1231	* @tz: timezone
1232	*
1233	* Check permission to change the system time, struct timespec64 is defined in
1234	* <include/linux/time64.h> and timezone is defined in <include/linux/time.h>.
1235	*
1236	* Return: Returns 0 if permission is granted.
1237	*/
1238	int security_settime64(const struct timespec64 ts, const* struct timezone *tz)
1239	{
1240	return call_int_hook(settime, ts, tz);
1241	}
1242
1243	/**
1244	* security_vm_enough_memory_mm() - Check if allocating a new mem map is allowed
1245	* @mm: mm struct
1246	* @pages: number of pages
1247	*
1248	* Check permissions for allocating a new virtual mapping. If all LSMs return
1249	* a positive value, __vm_enough_memory() will be called with cap_sys_admin
1250	* set. If at least one LSM returns 0 or negative, __vm_enough_memory() will be
1251	* called with cap_sys_admin cleared.
1252	*
1253	* Return: Returns 0 if permission is granted by the LSM infrastructure to the
1254	* caller.
1255	*/
1256	int security_vm_enough_memory_mm(struct mm_struct mm, long* pages)
1257	{
1258	struct lsm_static_call *scall;
1259	int cap_sys_admin = `1`;
1260	int rc;
1261
1262	/*
1263	* The module will respond with 0 if it thinks the __vm_enough_memory()
1264	* call should be made with the cap_sys_admin set. If all of the modules
1265	* agree that it should be set it will. If any module thinks it should
1266	* not be set it won't.
1267	*/
1268	lsm_for_each_hook(scall, vm_enough_memory) {
1269	rc = scall->hl->hook.vm_enough_memory(mm, pages);
1270	if (rc < `0`) {
1271	cap_sys_admin = `0`;
1272	break;
1273	}
1274	}
1275	return __vm_enough_memory(mm, pages, cap_sys_admin);
1276	}
1277
1278	/**
1279	* security_bprm_creds_for_exec() - Prepare the credentials for exec()
1280	* @bprm: binary program information
1281	*
1282	* If the setup in prepare_exec_creds did not setup @bprm->cred->security
1283	* properly for executing @bprm->file, update the LSM's portion of
1284	* @bprm->cred->security to be what commit_creds needs to install for the new
1285	* program. This hook may also optionally check permissions (e.g. for
1286	* transitions between security domains). The hook must set @bprm->secureexec
1287	* to 1 if AT_SECURE should be set to request libc enable secure mode. @bprm
1288	* contains the linux_binprm structure.
1289	*
1290	* If execveat(2) is called with the AT_EXECVE_CHECK flag, bprm->is_check is
1291	* set. The result must be the same as without this flag even if the execution
1292	* will never really happen and @bprm will always be dropped.
1293	*
1294	* This hook must not change current->cred, only @bprm->cred.
1295	*
1296	* Return: Returns 0 if the hook is successful and permission is granted.
1297	*/
1298	int security_bprm_creds_for_exec(struct linux_binprm *bprm)
1299	{
1300	return call_int_hook(bprm_creds_for_exec, bprm);
1301	}
1302
1303	/**
1304	* security_bprm_creds_from_file() - Update linux_binprm creds based on file
1305	* @bprm: binary program information
1306	* @file: associated file
1307	*
1308	* If @file is setpcap, suid, sgid or otherwise marked to change privilege upon
1309	* exec, update @bprm->cred to reflect that change. This is called after
1310	* finding the binary that will be executed without an interpreter. This
1311	* ensures that the credentials will not be derived from a script that the
1312	* binary will need to reopen, which when reopend may end up being a completely
1313	* different file. This hook may also optionally check permissions (e.g. for
1314	* transitions between security domains). The hook must set @bprm->secureexec
1315	* to 1 if AT_SECURE should be set to request libc enable secure mode. The
1316	* hook must add to @bprm->per_clear any personality flags that should be
1317	* cleared from current->personality. @bprm contains the linux_binprm
1318	* structure.
1319	*
1320	* Return: Returns 0 if the hook is successful and permission is granted.
1321	*/
1322	int security_bprm_creds_from_file(struct linux_binprm bprm, const* struct file *file)
1323	{
1324	return call_int_hook(bprm_creds_from_file, bprm, file);
1325	}
1326
1327	/**
1328	* security_bprm_check() - Mediate binary handler search
1329	* @bprm: binary program information
1330	*
1331	* This hook mediates the point when a search for a binary handler will begin.
1332	* It allows a check against the @bprm->cred->security value which was set in
1333	* the preceding creds_for_exec call. The argv list and envp list are reliably
1334	* available in @bprm. This hook may be called multiple times during a single
1335	* execve. @bprm contains the linux_binprm structure.
1336	*
1337	* Return: Returns 0 if the hook is successful and permission is granted.
1338	*/
1339	int security_bprm_check(struct linux_binprm *bprm)
1340	{
1341	return call_int_hook(bprm_check_security, bprm);
1342	}
1343
1344	/**
1345	* security_bprm_committing_creds() - Install creds for a process during exec()
1346	* @bprm: binary program information
1347	*
1348	* Prepare to install the new security attributes of a process being
1349	* transformed by an execve operation, based on the old credentials pointed to
1350	* by @current->cred and the information set in @bprm->cred by the
1351	* bprm_creds_for_exec hook. @bprm points to the linux_binprm structure. This
1352	* hook is a good place to perform state changes on the process such as closing
1353	* open file descriptors to which access will no longer be granted when the
1354	* attributes are changed. This is called immediately before commit_creds().
1355	*/
1356	void security_bprm_committing_creds(const struct linux_binprm *bprm)
1357	{
1358	call_void_hook(bprm_committing_creds, bprm);
1359	}
1360
1361	/**
1362	* security_bprm_committed_creds() - Tidy up after cred install during exec()
1363	* @bprm: binary program information
1364	*
1365	* Tidy up after the installation of the new security attributes of a process
1366	* being transformed by an execve operation. The new credentials have, by this
1367	* point, been set to @current->cred. @bprm points to the linux_binprm
1368	* structure. This hook is a good place to perform state changes on the
1369	* process such as clearing out non-inheritable signal state. This is called
1370	* immediately after commit_creds().
1371	*/
1372	void security_bprm_committed_creds(const struct linux_binprm *bprm)
1373	{
1374	call_void_hook(bprm_committed_creds, bprm);
1375	}
1376
1377	/**
1378	* security_fs_context_submount() - Initialise fc->security
1379	* @fc: new filesystem context
1380	* @reference: dentry reference for submount/remount
1381	*
1382	* Fill out the ->security field for a new fs_context.
1383	*
1384	* Return: Returns 0 on success or negative error code on failure.
1385	*/
1386	int security_fs_context_submount(struct fs_context fc, struct* super_block *reference)
1387	{
1388	return call_int_hook(fs_context_submount, fc, reference);
1389	}
1390
1391	/**
1392	* security_fs_context_dup() - Duplicate a fs_context LSM blob
1393	* @fc: destination filesystem context
1394	* @src_fc: source filesystem context
1395	*
1396	* Allocate and attach a security structure to sc->security. This pointer is
1397	* initialised to NULL by the caller. @fc indicates the new filesystem context.
1398	* @src_fc indicates the original filesystem context.
1399	*
1400	* Return: Returns 0 on success or a negative error code on failure.
1401	*/
1402	int security_fs_context_dup(struct fs_context fc, struct* fs_context *src_fc)
1403	{
1404	return call_int_hook(fs_context_dup, fc, src_fc);
1405	}
1406
1407	/**
1408	* security_fs_context_parse_param() - Configure a filesystem context
1409	* @fc: filesystem context
1410	* @param: filesystem parameter
1411	*
1412	* Userspace provided a parameter to configure a superblock. The LSM can
1413	* consume the parameter or return it to the caller for use elsewhere.
1414	*
1415	* Return: If the parameter is used by the LSM it should return 0, if it is
1416	* returned to the caller -ENOPARAM is returned, otherwise a negative
1417	* error code is returned.
1418	*/
1419	int security_fs_context_parse_param(struct fs_context *fc,
1420	struct fs_parameter *param)
1421	{
1422	struct lsm_static_call *scall;
1423	int trc;
1424	int rc = -ENOPARAM;
1425
1426	lsm_for_each_hook(scall, fs_context_parse_param) {
1427	trc = scall->hl->hook.fs_context_parse_param(fc, param);
1428	if (trc == `0`)
1429	rc = `0`;
1430	else if (trc != -ENOPARAM)
1431	return trc;
1432	}
1433	return rc;
1434	}
1435
1436	/**
1437	* security_sb_alloc() - Allocate a super_block LSM blob
1438	* @sb: filesystem superblock
1439	*
1440	* Allocate and attach a security structure to the sb->s_security field. The
1441	* s_security field is initialized to NULL when the structure is allocated.
1442	* @sb contains the super_block structure to be modified.
1443	*
1444	* Return: Returns 0 if operation was successful.
1445	*/
1446	int security_sb_alloc(struct super_block *sb)
1447	{
1448	int rc = lsm_superblock_alloc(sb);
1449
1450	if (unlikely(rc))
1451	return rc;
1452	rc = call_int_hook(sb_alloc_security, sb);
1453	if (unlikely(rc))
1454	security_sb_free(sb);
1455	return rc;
1456	}
1457
1458	/**
1459	* security_sb_delete() - Release super_block LSM associated objects
1460	* @sb: filesystem superblock
1461	*
1462	* Release objects tied to a superblock (e.g. inodes). @sb contains the
1463	* super_block structure being released.
1464	*/
1465	void security_sb_delete(struct super_block *sb)
1466	{
1467	call_void_hook(sb_delete, sb);
1468	}
1469
1470	/**
1471	* security_sb_free() - Free a super_block LSM blob
1472	* @sb: filesystem superblock
1473	*
1474	* Deallocate and clear the sb->s_security field. @sb contains the super_block
1475	* structure to be modified.
1476	*/
1477	void security_sb_free(struct super_block *sb)
1478	{
1479	call_void_hook(sb_free_security, sb);
1480	kfree(objp: sb->s_security);
1481	sb->s_security = NULL;
1482	}
1483
1484	/**
1485	* security_free_mnt_opts() - Free memory associated with mount options
1486	* @mnt_opts: LSM processed mount options
1487	*
1488	* Free memory associated with @mnt_ops.
1489	*/
1490	void security_free_mnt_opts(void **mnt_opts)
1491	{
1492	if (!*mnt_opts)
1493	return;
1494	call_void_hook(sb_free_mnt_opts, *mnt_opts);
1495	*mnt_opts = NULL;
1496	}
1497	EXPORT_SYMBOL(security_free_mnt_opts);
1498
1499	/**
1500	* security_sb_eat_lsm_opts() - Consume LSM mount options
1501	* @options: mount options
1502	* @mnt_opts: LSM processed mount options
1503	*
1504	* Eat (scan @options) and save them in @mnt_opts.
1505	*
1506	* Return: Returns 0 on success, negative values on failure.
1507	*/
1508	int security_sb_eat_lsm_opts(char options, void* **mnt_opts)
1509	{
1510	return call_int_hook(sb_eat_lsm_opts, options, mnt_opts);
1511	}
1512	EXPORT_SYMBOL(security_sb_eat_lsm_opts);
1513
1514	/**
1515	* security_sb_mnt_opts_compat() - Check if new mount options are allowed
1516	* @sb: filesystem superblock
1517	* @mnt_opts: new mount options
1518	*
1519	* Determine if the new mount options in @mnt_opts are allowed given the
1520	* existing mounted filesystem at @sb. @sb superblock being compared.
1521	*
1522	* Return: Returns 0 if options are compatible.
1523	*/
1524	int security_sb_mnt_opts_compat(struct super_block *sb,
1525	void *mnt_opts)
1526	{
1527	return call_int_hook(sb_mnt_opts_compat, sb, mnt_opts);
1528	}
1529	EXPORT_SYMBOL(security_sb_mnt_opts_compat);
1530
1531	/**
1532	* security_sb_remount() - Verify no incompatible mount changes during remount
1533	* @sb: filesystem superblock
1534	* @mnt_opts: (re)mount options
1535	*
1536	* Extracts security system specific mount options and verifies no changes are
1537	* being made to those options.
1538	*
1539	* Return: Returns 0 if permission is granted.
1540	*/
1541	int security_sb_remount(struct super_block *sb,
1542	void *mnt_opts)
1543	{
1544	return call_int_hook(sb_remount, sb, mnt_opts);
1545	}
1546	EXPORT_SYMBOL(security_sb_remount);
1547
1548	/**
1549	* security_sb_kern_mount() - Check if a kernel mount is allowed
1550	* @sb: filesystem superblock
1551	*
1552	* Mount this @sb if allowed by permissions.
1553	*
1554	* Return: Returns 0 if permission is granted.
1555	*/
1556	int security_sb_kern_mount(const struct super_block *sb)
1557	{
1558	return call_int_hook(sb_kern_mount, sb);
1559	}
1560
1561	/**
1562	* security_sb_show_options() - Output the mount options for a superblock
1563	* @m: output file
1564	* @sb: filesystem superblock
1565	*
1566	* Show (print on @m) mount options for this @sb.
1567	*
1568	* Return: Returns 0 on success, negative values on failure.
1569	*/
1570	int security_sb_show_options(struct seq_file m, struct* super_block *sb)
1571	{
1572	return call_int_hook(sb_show_options, m, sb);
1573	}
1574
1575	/**
1576	* security_sb_statfs() - Check if accessing fs stats is allowed
1577	* @dentry: superblock handle
1578	*
1579	* Check permission before obtaining filesystem statistics for the @mnt
1580	* mountpoint. @dentry is a handle on the superblock for the filesystem.
1581	*
1582	* Return: Returns 0 if permission is granted.
1583	*/
1584	int security_sb_statfs(struct dentry *dentry)
1585	{
1586	return call_int_hook(sb_statfs, dentry);
1587	}
1588
1589	/**
1590	* security_sb_mount() - Check permission for mounting a filesystem
1591	* @dev_name: filesystem backing device
1592	* @path: mount point
1593	* @type: filesystem type
1594	* @flags: mount flags
1595	* @data: filesystem specific data
1596	*
1597	* Check permission before an object specified by @dev_name is mounted on the
1598	* mount point named by @nd. For an ordinary mount, @dev_name identifies a
1599	* device if the file system type requires a device. For a remount
1600	* (@flags & MS_REMOUNT), @dev_name is irrelevant. For a loopback/bind mount
1601	* (@flags & MS_BIND), @dev_name identifies the pathname of the object being
1602	* mounted.
1603	*
1604	* Return: Returns 0 if permission is granted.
1605	*/
1606	int security_sb_mount(const char dev_name, const* struct path *path,
1607	const char type, unsigned* long flags, void *data)
1608	{
1609	return call_int_hook(sb_mount, dev_name, path, type, flags, data);
1610	}
1611
1612	/**
1613	* security_sb_umount() - Check permission for unmounting a filesystem
1614	* @mnt: mounted filesystem
1615	* @flags: unmount flags
1616	*
1617	* Check permission before the @mnt file system is unmounted.
1618	*
1619	* Return: Returns 0 if permission is granted.
1620	*/
1621	int security_sb_umount(struct vfsmount mnt, int* flags)
1622	{
1623	return call_int_hook(sb_umount, mnt, flags);
1624	}
1625
1626	/**
1627	* security_sb_pivotroot() - Check permissions for pivoting the rootfs
1628	* @old_path: new location for current rootfs
1629	* @new_path: location of the new rootfs
1630	*
1631	* Check permission before pivoting the root filesystem.
1632	*
1633	* Return: Returns 0 if permission is granted.
1634	*/
1635	int security_sb_pivotroot(const struct path *old_path,
1636	const struct path *new_path)
1637	{
1638	return call_int_hook(sb_pivotroot, old_path, new_path);
1639	}
1640
1641	/**
1642	* security_sb_set_mnt_opts() - Set the mount options for a filesystem
1643	* @sb: filesystem superblock
1644	* @mnt_opts: binary mount options
1645	* @kern_flags: kernel flags (in)
1646	* @set_kern_flags: kernel flags (out)
1647	*
1648	* Set the security relevant mount options used for a superblock.
1649	*
1650	* Return: Returns 0 on success, error on failure.
1651	*/
1652	int security_sb_set_mnt_opts(struct super_block *sb,
1653	void *mnt_opts,
1654	unsigned long kern_flags,
1655	unsigned long *set_kern_flags)
1656	{
1657	struct lsm_static_call *scall;
1658	int rc = mnt_opts ? -EOPNOTSUPP : LSM_RET_DEFAULT(sb_set_mnt_opts);
1659
1660	lsm_for_each_hook(scall, sb_set_mnt_opts) {
1661	rc = scall->hl->hook.sb_set_mnt_opts(sb, mnt_opts, kern_flags,
1662	set_kern_flags);
1663	if (rc != LSM_RET_DEFAULT(sb_set_mnt_opts))
1664	break;
1665	}
1666	return rc;
1667	}
1668	EXPORT_SYMBOL(security_sb_set_mnt_opts);
1669
1670	/**
1671	* security_sb_clone_mnt_opts() - Duplicate superblock mount options
1672	* @oldsb: source superblock
1673	* @newsb: destination superblock
1674	* @kern_flags: kernel flags (in)
1675	* @set_kern_flags: kernel flags (out)
1676	*
1677	* Copy all security options from a given superblock to another.
1678	*
1679	* Return: Returns 0 on success, error on failure.
1680	*/
1681	int security_sb_clone_mnt_opts(const struct super_block *oldsb,
1682	struct super_block *newsb,
1683	unsigned long kern_flags,
1684	unsigned long *set_kern_flags)
1685	{
1686	return call_int_hook(sb_clone_mnt_opts, oldsb, newsb,
1687	kern_flags, set_kern_flags);
1688	}
1689	EXPORT_SYMBOL(security_sb_clone_mnt_opts);
1690
1691	/**
1692	* security_move_mount() - Check permissions for moving a mount
1693	* @from_path: source mount point
1694	* @to_path: destination mount point
1695	*
1696	* Check permission before a mount is moved.
1697	*
1698	* Return: Returns 0 if permission is granted.
1699	*/
1700	int security_move_mount(const struct path *from_path,
1701	const struct path *to_path)
1702	{
1703	return call_int_hook(move_mount, from_path, to_path);
1704	}
1705
1706	/**
1707	* security_path_notify() - Check if setting a watch is allowed
1708	* @path: file path
1709	* @mask: event mask
1710	* @obj_type: file path type
1711	*
1712	* Check permissions before setting a watch on events as defined by @mask, on
1713	* an object at @path, whose type is defined by @obj_type.
1714	*
1715	* Return: Returns 0 if permission is granted.
1716	*/
1717	int security_path_notify(const struct path *path, u64 mask,
1718	unsigned int obj_type)
1719	{
1720	return call_int_hook(path_notify, path, mask, obj_type);
1721	}
1722
1723	/**
1724	* security_inode_alloc() - Allocate an inode LSM blob
1725	* @inode: the inode
1726	* @gfp: allocation flags
1727	*
1728	* Allocate and attach a security structure to @inode->i_security. The
1729	* i_security field is initialized to NULL when the inode structure is
1730	* allocated.
1731	*
1732	* Return: Return 0 if operation was successful.
1733	*/
1734	int security_inode_alloc(struct inode *inode, gfp_t gfp)
1735	{
1736	int rc = lsm_inode_alloc(inode, gfp);
1737
1738	if (unlikely(rc))
1739	return rc;
1740	rc = call_int_hook(inode_alloc_security, inode);
1741	if (unlikely(rc))
1742	security_inode_free(inode);
1743	return rc;
1744	}
1745
1746	static void inode_free_by_rcu(struct rcu_head *head)
1747	{
1748	/ The rcu head is at the start of the inode blob /
1749	call_void_hook(inode_free_security_rcu, head);
1750	kmem_cache_free(s: lsm_inode_cache, objp: head);
1751	}
1752
1753	/**
1754	* security_inode_free() - Free an inode's LSM blob
1755	* @inode: the inode
1756	*
1757	* Release any LSM resources associated with @inode, although due to the
1758	* inode's RCU protections it is possible that the resources will not be
1759	* fully released until after the current RCU grace period has elapsed.
1760	*
1761	* It is important for LSMs to note that despite being present in a call to
1762	* security_inode_free(), @inode may still be referenced in a VFS path walk
1763	* and calls to security_inode_permission() may be made during, or after,
1764	* a call to security_inode_free(). For this reason the inode->i_security
1765	* field is released via a call_rcu() callback and any LSMs which need to
1766	* retain inode state for use in security_inode_permission() should only
1767	* release that state in the inode_free_security_rcu() LSM hook callback.
1768	*/
1769	void security_inode_free(struct inode *inode)
1770	{
1771	call_void_hook(inode_free_security, inode);
1772	if (!inode->i_security)
1773	return;
1774	call_rcu(head: (struct rcu_head *)inode->i_security, func: inode_free_by_rcu);
1775	}
1776
1777	/**
1778	* security_dentry_init_security() - Perform dentry initialization
1779	* @dentry: the dentry to initialize
1780	* @mode: mode used to determine resource type
1781	* @name: name of the last path component
1782	* @xattr_name: name of the security/LSM xattr
1783	* @lsmctx: pointer to the resulting LSM context
1784	*
1785	* Compute a context for a dentry as the inode is not yet available since NFSv4
1786	* has no label backed by an EA anyway. It is important to note that
1787	* @xattr_name does not need to be free'd by the caller, it is a static string.
1788	*
1789	* Return: Returns 0 on success, negative values on failure.
1790	*/
1791	int security_dentry_init_security(struct dentry dentry, int* mode,
1792	const struct qstr *name,
1793	const char **xattr_name,
1794	struct lsm_context *lsmctx)
1795	{
1796	return call_int_hook(dentry_init_security, dentry, mode, name,
1797	xattr_name, lsmctx);
1798	}
1799	EXPORT_SYMBOL(security_dentry_init_security);
1800
1801	/**
1802	* security_dentry_create_files_as() - Perform dentry initialization
1803	* @dentry: the dentry to initialize
1804	* @mode: mode used to determine resource type
1805	* @name: name of the last path component
1806	* @old: creds to use for LSM context calculations
1807	* @new: creds to modify
1808	*
1809	* Compute a context for a dentry as the inode is not yet available and set
1810	* that context in passed in creds so that new files are created using that
1811	* context. Context is calculated using the passed in creds and not the creds
1812	* of the caller.
1813	*
1814	* Return: Returns 0 on success, error on failure.
1815	*/
1816	int security_dentry_create_files_as(struct dentry dentry, int* mode,
1817	const struct qstr *name,
1818	const struct cred old, struct* cred *new)
1819	{
1820	return call_int_hook(dentry_create_files_as, dentry, mode,
1821	name, old, new);
1822	}
1823	EXPORT_SYMBOL(security_dentry_create_files_as);
1824
1825	/**
1826	* security_inode_init_security() - Initialize an inode's LSM context
1827	* @inode: the inode
1828	* @dir: parent directory
1829	* @qstr: last component of the pathname
1830	* @initxattrs: callback function to write xattrs
1831	* @fs_data: filesystem specific data
1832	*
1833	* Obtain the security attribute name suffix and value to set on a newly
1834	* created inode and set up the incore security field for the new inode. This
1835	* hook is called by the fs code as part of the inode creation transaction and
1836	* provides for atomic labeling of the inode, unlike the post_create/mkdir/...
1837	* hooks called by the VFS.
1838	*
1839	* The hook function is expected to populate the xattrs array, by calling
1840	* lsm_get_xattr_slot() to retrieve the slots reserved by the security module
1841	* with the lbs_xattr_count field of the lsm_blob_sizes structure. For each
1842	* slot, the hook function should set ->name to the attribute name suffix
1843	* (e.g. selinux), to allocate ->value (will be freed by the caller) and set it
1844	* to the attribute value, to set ->value_len to the length of the value. If
1845	* the security module does not use security attributes or does not wish to put
1846	* a security attribute on this particular inode, then it should return
1847	* -EOPNOTSUPP to skip this processing.
1848	*
1849	* Return: Returns 0 if the LSM successfully initialized all of the inode
1850	* security attributes that are required, negative values otherwise.
1851	*/
1852	int security_inode_init_security(struct inode inode, struct* inode *dir,
1853	const struct qstr *qstr,
1854	const initxattrs initxattrs, void *fs_data)
1855	{
1856	struct lsm_static_call *scall;
1857	struct xattr *new_xattrs = NULL;
1858	int ret = -EOPNOTSUPP, xattr_count = `0`;
1859
1860	if (unlikely(IS_PRIVATE(inode)))
1861	return `0`;
1862
1863	if (!blob_sizes.lbs_xattr_count)
1864	return `0`;
1865
1866	if (initxattrs) {
1867	/ Allocate +1 as terminator. /
1868	new_xattrs = kcalloc(blob_sizes.lbs_xattr_count + `1`,
1869	sizeof(*new_xattrs), GFP_NOFS);
1870	if (!new_xattrs)
1871	return -ENOMEM;
1872	}
1873
1874	lsm_for_each_hook(scall, inode_init_security) {
1875	ret = scall->hl->hook.inode_init_security(inode, dir, qstr, new_xattrs,
1876	&xattr_count);
1877	if (ret && ret != -EOPNOTSUPP)
1878	goto out;
1879	/*
1880	* As documented in lsm_hooks.h, -EOPNOTSUPP in this context
1881	* means that the LSM is not willing to provide an xattr, not
1882	* that it wants to signal an error. Thus, continue to invoke
1883	* the remaining LSMs.
1884	*/
1885	}
1886
1887	/ If initxattrs() is NULL, xattr_count is zero, skip the call. /
1888	if (!xattr_count)
1889	goto out;
1890
1891	ret = initxattrs(inode, new_xattrs, fs_data);
1892	out:
1893	for (; xattr_count > `0`; xattr_count--)
1894	kfree(objp: new_xattrs[xattr_count - `1`].value);
1895	kfree(objp: new_xattrs);
1896	return (ret == -EOPNOTSUPP) ? `0` : ret;
1897	}
1898	EXPORT_SYMBOL(security_inode_init_security);
1899
1900	/**
1901	* security_inode_init_security_anon() - Initialize an anonymous inode
1902	* @inode: the inode
1903	* @name: the anonymous inode class
1904	* @context_inode: an optional related inode
1905	*
1906	* Set up the incore security field for the new anonymous inode and return
1907	* whether the inode creation is permitted by the security module or not.
1908	*
1909	* Return: Returns 0 on success, -EACCES if the security module denies the
1910	* creation of this inode, or another -errno upon other errors.
1911	*/
1912	int security_inode_init_security_anon(struct inode *inode,
1913	const struct qstr *name,
1914	const struct inode *context_inode)
1915	{
1916	return call_int_hook(inode_init_security_anon, inode, name,
1917	context_inode);
1918	}
1919
1920	#ifdef CONFIG_SECURITY_PATH
1921	/**
1922	* security_path_mknod() - Check if creating a special file is allowed
1923	* @dir: parent directory
1924	* @dentry: new file
1925	* @mode: new file mode
1926	* @dev: device number
1927	*
1928	* Check permissions when creating a file. Note that this hook is called even
1929	* if mknod operation is being done for a regular file.
1930	*
1931	* Return: Returns 0 if permission is granted.
1932	*/
1933	int security_path_mknod(const struct path dir, struct* dentry *dentry,
1934	umode_t mode, unsigned int dev)
1935	{
1936	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
1937	return `0`;
1938	return call_int_hook(path_mknod, dir, dentry, mode, dev);
1939	}
1940	EXPORT_SYMBOL(security_path_mknod);
1941
1942	/**
1943	* security_path_post_mknod() - Update inode security after reg file creation
1944	* @idmap: idmap of the mount
1945	* @dentry: new file
1946	*
1947	* Update inode security field after a regular file has been created.
1948	*/
1949	void security_path_post_mknod(struct mnt_idmap idmap, struct* dentry *dentry)
1950	{
1951	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
1952	return;
1953	call_void_hook(path_post_mknod, idmap, dentry);
1954	}
1955
1956	/**
1957	* security_path_mkdir() - Check if creating a new directory is allowed
1958	* @dir: parent directory
1959	* @dentry: new directory
1960	* @mode: new directory mode
1961	*
1962	* Check permissions to create a new directory in the existing directory.
1963	*
1964	* Return: Returns 0 if permission is granted.
1965	*/
1966	int security_path_mkdir(const struct path dir, struct* dentry *dentry,
1967	umode_t mode)
1968	{
1969	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
1970	return `0`;
1971	return call_int_hook(path_mkdir, dir, dentry, mode);
1972	}
1973	EXPORT_SYMBOL(security_path_mkdir);
1974
1975	/**
1976	* security_path_rmdir() - Check if removing a directory is allowed
1977	* @dir: parent directory
1978	* @dentry: directory to remove
1979	*
1980	* Check the permission to remove a directory.
1981	*
1982	* Return: Returns 0 if permission is granted.
1983	*/
1984	int security_path_rmdir(const struct path dir, struct* dentry *dentry)
1985	{
1986	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
1987	return `0`;
1988	return call_int_hook(path_rmdir, dir, dentry);
1989	}
1990
1991	/**
1992	* security_path_unlink() - Check if removing a hard link is allowed
1993	* @dir: parent directory
1994	* @dentry: file
1995	*
1996	* Check the permission to remove a hard link to a file.
1997	*
1998	* Return: Returns 0 if permission is granted.
1999	*/
2000	int security_path_unlink(const struct path dir, struct* dentry *dentry)
2001	{
2002	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
2003	return `0`;
2004	return call_int_hook(path_unlink, dir, dentry);
2005	}
2006	EXPORT_SYMBOL(security_path_unlink);
2007
2008	/**
2009	* security_path_symlink() - Check if creating a symbolic link is allowed
2010	* @dir: parent directory
2011	* @dentry: symbolic link
2012	* @old_name: file pathname
2013	*
2014	* Check the permission to create a symbolic link to a file.
2015	*
2016	* Return: Returns 0 if permission is granted.
2017	*/
2018	int security_path_symlink(const struct path dir, struct* dentry *dentry,
2019	const char *old_name)
2020	{
2021	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
2022	return `0`;
2023	return call_int_hook(path_symlink, dir, dentry, old_name);
2024	}
2025
2026	/**
2027	* security_path_link - Check if creating a hard link is allowed
2028	* @old_dentry: existing file
2029	* @new_dir: new parent directory
2030	* @new_dentry: new link
2031	*
2032	* Check permission before creating a new hard link to a file.
2033	*
2034	* Return: Returns 0 if permission is granted.
2035	*/
2036	int security_path_link(struct dentry old_dentry, const* struct path *new_dir,
2037	struct dentry *new_dentry)
2038	{
2039	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry))))
2040	return `0`;
2041	return call_int_hook(path_link, old_dentry, new_dir, new_dentry);
2042	}
2043
2044	/**
2045	* security_path_rename() - Check if renaming a file is allowed
2046	* @old_dir: parent directory of the old file
2047	* @old_dentry: the old file
2048	* @new_dir: parent directory of the new file
2049	* @new_dentry: the new file
2050	* @flags: flags
2051	*
2052	* Check for permission to rename a file or directory.
2053	*
2054	* Return: Returns 0 if permission is granted.
2055	*/
2056	int security_path_rename(const struct path old_dir, struct* dentry *old_dentry,
2057	const struct path new_dir, struct* dentry *new_dentry,
2058	unsigned int flags)
2059	{
2060	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) \|\|
2061	(d_is_positive(new_dentry) &&
2062	IS_PRIVATE(d_backing_inode(new_dentry)))))
2063	return `0`;
2064
2065	return call_int_hook(path_rename, old_dir, old_dentry, new_dir,
2066	new_dentry, flags);
2067	}
2068	EXPORT_SYMBOL(security_path_rename);
2069
2070	/**
2071	* security_path_truncate() - Check if truncating a file is allowed
2072	* @path: file
2073	*
2074	* Check permission before truncating the file indicated by path. Note that
2075	* truncation permissions may also be checked based on already opened files,
2076	* using the security_file_truncate() hook.
2077	*
2078	* Return: Returns 0 if permission is granted.
2079	*/
2080	int security_path_truncate(const struct path *path)
2081	{
2082	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
2083	return `0`;
2084	return call_int_hook(path_truncate, path);
2085	}
2086
2087	/**
2088	* security_path_chmod() - Check if changing the file's mode is allowed
2089	* @path: file
2090	* @mode: new mode
2091	*
2092	* Check for permission to change a mode of the file @path. The new mode is
2093	* specified in @mode which is a bitmask of constants from
2094	* <include/uapi/linux/stat.h>.
2095	*
2096	* Return: Returns 0 if permission is granted.
2097	*/
2098	int security_path_chmod(const struct path *path, umode_t mode)
2099	{
2100	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
2101	return `0`;
2102	return call_int_hook(path_chmod, path, mode);
2103	}
2104
2105	/**
2106	* security_path_chown() - Check if changing the file's owner/group is allowed
2107	* @path: file
2108	* @uid: file owner
2109	* @gid: file group
2110	*
2111	* Check for permission to change owner/group of a file or directory.
2112	*
2113	* Return: Returns 0 if permission is granted.
2114	*/
2115	int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
2116	{
2117	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
2118	return `0`;
2119	return call_int_hook(path_chown, path, uid, gid);
2120	}
2121
2122	/**
2123	* security_path_chroot() - Check if changing the root directory is allowed
2124	* @path: directory
2125	*
2126	* Check for permission to change root directory.
2127	*
2128	* Return: Returns 0 if permission is granted.
2129	*/
2130	int security_path_chroot(const struct path *path)
2131	{
2132	return call_int_hook(path_chroot, path);
2133	}
2134	#endif /* CONFIG_SECURITY_PATH */
2135
2136	/**
2137	* security_inode_create() - Check if creating a file is allowed
2138	* @dir: the parent directory
2139	* @dentry: the file being created
2140	* @mode: requested file mode
2141	*
2142	* Check permission to create a regular file.
2143	*
2144	* Return: Returns 0 if permission is granted.
2145	*/
2146	int security_inode_create(struct inode dir, struct* dentry *dentry,
2147	umode_t mode)
2148	{
2149	if (unlikely(IS_PRIVATE(dir)))
2150	return `0`;
2151	return call_int_hook(inode_create, dir, dentry, mode);
2152	}
2153	EXPORT_SYMBOL_GPL(security_inode_create);
2154
2155	/**
2156	* security_inode_post_create_tmpfile() - Update inode security of new tmpfile
2157	* @idmap: idmap of the mount
2158	* @inode: inode of the new tmpfile
2159	*
2160	* Update inode security data after a tmpfile has been created.
2161	*/
2162	void security_inode_post_create_tmpfile(struct mnt_idmap *idmap,
2163	struct inode *inode)
2164	{
2165	if (unlikely(IS_PRIVATE(inode)))
2166	return;
2167	call_void_hook(inode_post_create_tmpfile, idmap, inode);
2168	}
2169
2170	/**
2171	* security_inode_link() - Check if creating a hard link is allowed
2172	* @old_dentry: existing file
2173	* @dir: new parent directory
2174	* @new_dentry: new link
2175	*
2176	* Check permission before creating a new hard link to a file.
2177	*
2178	* Return: Returns 0 if permission is granted.
2179	*/
2180	int security_inode_link(struct dentry old_dentry, struct* inode *dir,
2181	struct dentry *new_dentry)
2182	{
2183	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry))))
2184	return `0`;
2185	return call_int_hook(inode_link, old_dentry, dir, new_dentry);
2186	}
2187
2188	/**
2189	* security_inode_unlink() - Check if removing a hard link is allowed
2190	* @dir: parent directory
2191	* @dentry: file
2192	*
2193	* Check the permission to remove a hard link to a file.
2194	*
2195	* Return: Returns 0 if permission is granted.
2196	*/
2197	int security_inode_unlink(struct inode dir, struct* dentry *dentry)
2198	{
2199	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2200	return `0`;
2201	return call_int_hook(inode_unlink, dir, dentry);
2202	}
2203
2204	/**
2205	* security_inode_symlink() - Check if creating a symbolic link is allowed
2206	* @dir: parent directory
2207	* @dentry: symbolic link
2208	* @old_name: existing filename
2209	*
2210	* Check the permission to create a symbolic link to a file.
2211	*
2212	* Return: Returns 0 if permission is granted.
2213	*/
2214	int security_inode_symlink(struct inode dir, struct* dentry *dentry,
2215	const char *old_name)
2216	{
2217	if (unlikely(IS_PRIVATE(dir)))
2218	return `0`;
2219	return call_int_hook(inode_symlink, dir, dentry, old_name);
2220	}
2221
2222	/**
2223	* security_inode_mkdir() - Check if creating a new directory is allowed
2224	* @dir: parent directory
2225	* @dentry: new directory
2226	* @mode: new directory mode
2227	*
2228	* Check permissions to create a new directory in the existing directory
2229	* associated with inode structure @dir.
2230	*
2231	* Return: Returns 0 if permission is granted.
2232	*/
2233	int security_inode_mkdir(struct inode dir, struct* dentry *dentry, umode_t mode)
2234	{
2235	if (unlikely(IS_PRIVATE(dir)))
2236	return `0`;
2237	return call_int_hook(inode_mkdir, dir, dentry, mode);
2238	}
2239	EXPORT_SYMBOL_GPL(security_inode_mkdir);
2240
2241	/**
2242	* security_inode_rmdir() - Check if removing a directory is allowed
2243	* @dir: parent directory
2244	* @dentry: directory to be removed
2245	*
2246	* Check the permission to remove a directory.
2247	*
2248	* Return: Returns 0 if permission is granted.
2249	*/
2250	int security_inode_rmdir(struct inode dir, struct* dentry *dentry)
2251	{
2252	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2253	return `0`;
2254	return call_int_hook(inode_rmdir, dir, dentry);
2255	}
2256
2257	/**
2258	* security_inode_mknod() - Check if creating a special file is allowed
2259	* @dir: parent directory
2260	* @dentry: new file
2261	* @mode: new file mode
2262	* @dev: device number
2263	*
2264	* Check permissions when creating a special file (or a socket or a fifo file
2265	* created via the mknod system call). Note that if mknod operation is being
2266	* done for a regular file, then the create hook will be called and not this
2267	* hook.
2268	*
2269	* Return: Returns 0 if permission is granted.
2270	*/
2271	int security_inode_mknod(struct inode dir, struct* dentry *dentry,
2272	umode_t mode, dev_t dev)
2273	{
2274	if (unlikely(IS_PRIVATE(dir)))
2275	return `0`;
2276	return call_int_hook(inode_mknod, dir, dentry, mode, dev);
2277	}
2278
2279	/**
2280	* security_inode_rename() - Check if renaming a file is allowed
2281	* @old_dir: parent directory of the old file
2282	* @old_dentry: the old file
2283	* @new_dir: parent directory of the new file
2284	* @new_dentry: the new file
2285	* @flags: flags
2286	*
2287	* Check for permission to rename a file or directory.
2288	*
2289	* Return: Returns 0 if permission is granted.
2290	*/
2291	int security_inode_rename(struct inode old_dir, struct* dentry *old_dentry,
2292	struct inode new_dir, struct* dentry *new_dentry,
2293	unsigned int flags)
2294	{
2295	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) \|\|
2296	(d_is_positive(new_dentry) &&
2297	IS_PRIVATE(d_backing_inode(new_dentry)))))
2298	return `0`;
2299
2300	if (flags & RENAME_EXCHANGE) {
2301	int err = call_int_hook(inode_rename, new_dir, new_dentry,
2302	old_dir, old_dentry);
2303	if (err)
2304	return err;
2305	}
2306
2307	return call_int_hook(inode_rename, old_dir, old_dentry,
2308	new_dir, new_dentry);
2309	}
2310
2311	/**
2312	* security_inode_readlink() - Check if reading a symbolic link is allowed
2313	* @dentry: link
2314	*
2315	* Check the permission to read the symbolic link.
2316	*
2317	* Return: Returns 0 if permission is granted.
2318	*/
2319	int security_inode_readlink(struct dentry *dentry)
2320	{
2321	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2322	return `0`;
2323	return call_int_hook(inode_readlink, dentry);
2324	}
2325
2326	/**
2327	* security_inode_follow_link() - Check if following a symbolic link is allowed
2328	* @dentry: link dentry
2329	* @inode: link inode
2330	* @rcu: true if in RCU-walk mode
2331	*
2332	* Check permission to follow a symbolic link when looking up a pathname. If
2333	* @rcu is true, @inode is not stable.
2334	*
2335	* Return: Returns 0 if permission is granted.
2336	*/
2337	int security_inode_follow_link(struct dentry dentry, struct* inode *inode,
2338	bool rcu)
2339	{
2340	if (unlikely(IS_PRIVATE(inode)))
2341	return `0`;
2342	return call_int_hook(inode_follow_link, dentry, inode, rcu);
2343	}
2344
2345	/**
2346	* security_inode_permission() - Check if accessing an inode is allowed
2347	* @inode: inode
2348	* @mask: access mask
2349	*
2350	* Check permission before accessing an inode. This hook is called by the
2351	* existing Linux permission function, so a security module can use it to
2352	* provide additional checking for existing Linux permission checks. Notice
2353	* that this hook is called when a file is opened (as well as many other
2354	* operations), whereas the file_security_ops permission hook is called when
2355	* the actual read/write operations are performed.
2356	*
2357	* Return: Returns 0 if permission is granted.
2358	*/
2359	int security_inode_permission(struct inode inode, int* mask)
2360	{
2361	if (unlikely(IS_PRIVATE(inode)))
2362	return `0`;
2363	return call_int_hook(inode_permission, inode, mask);
2364	}
2365
2366	/**
2367	* security_inode_setattr() - Check if setting file attributes is allowed
2368	* @idmap: idmap of the mount
2369	* @dentry: file
2370	* @attr: new attributes
2371	*
2372	* Check permission before setting file attributes. Note that the kernel call
2373	* to notify_change is performed from several locations, whenever file
2374	* attributes change (such as when a file is truncated, chown/chmod operations,
2375	* transferring disk quotas, etc).
2376	*
2377	* Return: Returns 0 if permission is granted.
2378	*/
2379	int security_inode_setattr(struct mnt_idmap *idmap,
2380	struct dentry dentry, struct* iattr *attr)
2381	{
2382	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2383	return `0`;
2384	return call_int_hook(inode_setattr, idmap, dentry, attr);
2385	}
2386	EXPORT_SYMBOL_GPL(security_inode_setattr);
2387
2388	/**
2389	* security_inode_post_setattr() - Update the inode after a setattr operation
2390	* @idmap: idmap of the mount
2391	* @dentry: file
2392	* @ia_valid: file attributes set
2393	*
2394	* Update inode security field after successful setting file attributes.
2395	*/
2396	void security_inode_post_setattr(struct mnt_idmap idmap, struct* dentry *dentry,
2397	int ia_valid)
2398	{
2399	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2400	return;
2401	call_void_hook(inode_post_setattr, idmap, dentry, ia_valid);
2402	}
2403
2404	/**
2405	* security_inode_getattr() - Check if getting file attributes is allowed
2406	* @path: file
2407	*
2408	* Check permission before obtaining file attributes.
2409	*
2410	* Return: Returns 0 if permission is granted.
2411	*/
2412	int security_inode_getattr(const struct path *path)
2413	{
2414	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
2415	return `0`;
2416	return call_int_hook(inode_getattr, path);
2417	}
2418
2419	/**
2420	* security_inode_setxattr() - Check if setting file xattrs is allowed
2421	* @idmap: idmap of the mount
2422	* @dentry: file
2423	* @name: xattr name
2424	* @value: xattr value
2425	* @size: size of xattr value
2426	* @flags: flags
2427	*
2428	* This hook performs the desired permission checks before setting the extended
2429	* attributes (xattrs) on @dentry. It is important to note that we have some
2430	* additional logic before the main LSM implementation calls to detect if we
2431	* need to perform an additional capability check at the LSM layer.
2432	*
2433	* Normally we enforce a capability check prior to executing the various LSM
2434	* hook implementations, but if a LSM wants to avoid this capability check,
2435	* it can register a 'inode_xattr_skipcap' hook and return a value of 1 for
2436	* xattrs that it wants to avoid the capability check, leaving the LSM fully
2437	* responsible for enforcing the access control for the specific xattr. If all
2438	* of the enabled LSMs refrain from registering a 'inode_xattr_skipcap' hook,
2439	* or return a 0 (the default return value), the capability check is still
2440	* performed. If no 'inode_xattr_skipcap' hooks are registered the capability
2441	* check is performed.
2442	*
2443	* Return: Returns 0 if permission is granted.
2444	*/
2445	int security_inode_setxattr(struct mnt_idmap *idmap,
2446	struct dentry dentry, const* char *name,
2447	const void value, size_t size, int* flags)
2448	{
2449	int rc;
2450
2451	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2452	return `0`;
2453
2454	/ enforce the capability checks at the lsm layer, if needed /
2455	if (!call_int_hook(inode_xattr_skipcap, name)) {
2456	rc = cap_inode_setxattr(dentry, name, value, size, flags);
2457	if (rc)
2458	return rc;
2459	}
2460
2461	return call_int_hook(inode_setxattr, idmap, dentry, name, value, size,
2462	flags);
2463	}
2464
2465	/**
2466	* security_inode_set_acl() - Check if setting posix acls is allowed
2467	* @idmap: idmap of the mount
2468	* @dentry: file
2469	* @acl_name: acl name
2470	* @kacl: acl struct
2471	*
2472	* Check permission before setting posix acls, the posix acls in @kacl are
2473	* identified by @acl_name.
2474	*
2475	* Return: Returns 0 if permission is granted.
2476	*/
2477	int security_inode_set_acl(struct mnt_idmap *idmap,
2478	struct dentry dentry, const* char *acl_name,
2479	struct posix_acl *kacl)
2480	{
2481	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2482	return `0`;
2483	return call_int_hook(inode_set_acl, idmap, dentry, acl_name, kacl);
2484	}
2485
2486	/**
2487	* security_inode_post_set_acl() - Update inode security from posix acls set
2488	* @dentry: file
2489	* @acl_name: acl name
2490	* @kacl: acl struct
2491	*
2492	* Update inode security data after successfully setting posix acls on @dentry.
2493	* The posix acls in @kacl are identified by @acl_name.
2494	*/
2495	void security_inode_post_set_acl(struct dentry dentry, const* char *acl_name,
2496	struct posix_acl *kacl)
2497	{
2498	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2499	return;
2500	call_void_hook(inode_post_set_acl, dentry, acl_name, kacl);
2501	}
2502
2503	/**
2504	* security_inode_get_acl() - Check if reading posix acls is allowed
2505	* @idmap: idmap of the mount
2506	* @dentry: file
2507	* @acl_name: acl name
2508	*
2509	* Check permission before getting osix acls, the posix acls are identified by
2510	* @acl_name.
2511	*
2512	* Return: Returns 0 if permission is granted.
2513	*/
2514	int security_inode_get_acl(struct mnt_idmap *idmap,
2515	struct dentry dentry, const* char *acl_name)
2516	{
2517	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2518	return `0`;
2519	return call_int_hook(inode_get_acl, idmap, dentry, acl_name);
2520	}
2521
2522	/**
2523	* security_inode_remove_acl() - Check if removing a posix acl is allowed
2524	* @idmap: idmap of the mount
2525	* @dentry: file
2526	* @acl_name: acl name
2527	*
2528	* Check permission before removing posix acls, the posix acls are identified
2529	* by @acl_name.
2530	*
2531	* Return: Returns 0 if permission is granted.
2532	*/
2533	int security_inode_remove_acl(struct mnt_idmap *idmap,
2534	struct dentry dentry, const* char *acl_name)
2535	{
2536	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2537	return `0`;
2538	return call_int_hook(inode_remove_acl, idmap, dentry, acl_name);
2539	}
2540
2541	/**
2542	* security_inode_post_remove_acl() - Update inode security after rm posix acls
2543	* @idmap: idmap of the mount
2544	* @dentry: file
2545	* @acl_name: acl name
2546	*
2547	* Update inode security data after successfully removing posix acls on
2548	* @dentry in @idmap. The posix acls are identified by @acl_name.
2549	*/
2550	void security_inode_post_remove_acl(struct mnt_idmap *idmap,
2551	struct dentry dentry, const* char *acl_name)
2552	{
2553	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2554	return;
2555	call_void_hook(inode_post_remove_acl, idmap, dentry, acl_name);
2556	}
2557
2558	/**
2559	* security_inode_post_setxattr() - Update the inode after a setxattr operation
2560	* @dentry: file
2561	* @name: xattr name
2562	* @value: xattr value
2563	* @size: xattr value size
2564	* @flags: flags
2565	*
2566	* Update inode security field after successful setxattr operation.
2567	*/
2568	void security_inode_post_setxattr(struct dentry dentry, const* char *name,
2569	const void value, size_t size, int* flags)
2570	{
2571	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2572	return;
2573	call_void_hook(inode_post_setxattr, dentry, name, value, size, flags);
2574	}
2575
2576	/**
2577	* security_inode_getxattr() - Check if xattr access is allowed
2578	* @dentry: file
2579	* @name: xattr name
2580	*
2581	* Check permission before obtaining the extended attributes identified by
2582	* @name for @dentry.
2583	*
2584	* Return: Returns 0 if permission is granted.
2585	*/
2586	int security_inode_getxattr(struct dentry dentry, const* char *name)
2587	{
2588	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2589	return `0`;
2590	return call_int_hook(inode_getxattr, dentry, name);
2591	}
2592
2593	/**
2594	* security_inode_listxattr() - Check if listing xattrs is allowed
2595	* @dentry: file
2596	*
2597	* Check permission before obtaining the list of extended attribute names for
2598	* @dentry.
2599	*
2600	* Return: Returns 0 if permission is granted.
2601	*/
2602	int security_inode_listxattr(struct dentry *dentry)
2603	{
2604	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2605	return `0`;
2606	return call_int_hook(inode_listxattr, dentry);
2607	}
2608
2609	/**
2610	* security_inode_removexattr() - Check if removing an xattr is allowed
2611	* @idmap: idmap of the mount
2612	* @dentry: file
2613	* @name: xattr name
2614	*
2615	* This hook performs the desired permission checks before setting the extended
2616	* attributes (xattrs) on @dentry. It is important to note that we have some
2617	* additional logic before the main LSM implementation calls to detect if we
2618	* need to perform an additional capability check at the LSM layer.
2619	*
2620	* Normally we enforce a capability check prior to executing the various LSM
2621	* hook implementations, but if a LSM wants to avoid this capability check,
2622	* it can register a 'inode_xattr_skipcap' hook and return a value of 1 for
2623	* xattrs that it wants to avoid the capability check, leaving the LSM fully
2624	* responsible for enforcing the access control for the specific xattr. If all
2625	* of the enabled LSMs refrain from registering a 'inode_xattr_skipcap' hook,
2626	* or return a 0 (the default return value), the capability check is still
2627	* performed. If no 'inode_xattr_skipcap' hooks are registered the capability
2628	* check is performed.
2629	*
2630	* Return: Returns 0 if permission is granted.
2631	*/
2632	int security_inode_removexattr(struct mnt_idmap *idmap,
2633	struct dentry dentry, const* char *name)
2634	{
2635	int rc;
2636
2637	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2638	return `0`;
2639
2640	/ enforce the capability checks at the lsm layer, if needed /
2641	if (!call_int_hook(inode_xattr_skipcap, name)) {
2642	rc = cap_inode_removexattr(idmap, dentry, name);
2643	if (rc)
2644	return rc;
2645	}
2646
2647	return call_int_hook(inode_removexattr, idmap, dentry, name);
2648	}
2649
2650	/**
2651	* security_inode_post_removexattr() - Update the inode after a removexattr op
2652	* @dentry: file
2653	* @name: xattr name
2654	*
2655	* Update the inode after a successful removexattr operation.
2656	*/
2657	void security_inode_post_removexattr(struct dentry dentry, const* char *name)
2658	{
2659	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2660	return;
2661	call_void_hook(inode_post_removexattr, dentry, name);
2662	}
2663
2664	/**
2665	* security_inode_file_setattr() - check if setting fsxattr is allowed
2666	* @dentry: file to set filesystem extended attributes on
2667	* @fa: extended attributes to set on the inode
2668	*
2669	* Called when file_setattr() syscall or FS_IOC_FSSETXATTR ioctl() is called on
2670	* inode
2671	*
2672	* Return: Returns 0 if permission is granted.
2673	*/
2674	int security_inode_file_setattr(struct dentry dentry, struct* file_kattr *fa)
2675	{
2676	return call_int_hook(inode_file_setattr, dentry, fa);
2677	}
2678
2679	/**
2680	* security_inode_file_getattr() - check if retrieving fsxattr is allowed
2681	* @dentry: file to retrieve filesystem extended attributes from
2682	* @fa: extended attributes to get
2683	*
2684	* Called when file_getattr() syscall or FS_IOC_FSGETXATTR ioctl() is called on
2685	* inode
2686	*
2687	* Return: Returns 0 if permission is granted.
2688	*/
2689	int security_inode_file_getattr(struct dentry dentry, struct* file_kattr *fa)
2690	{
2691	return call_int_hook(inode_file_getattr, dentry, fa);
2692	}
2693
2694	/**
2695	* security_inode_need_killpriv() - Check if security_inode_killpriv() required
2696	* @dentry: associated dentry
2697	*
2698	* Called when an inode has been changed to determine if
2699	* security_inode_killpriv() should be called.
2700	*
2701	* Return: Return <0 on error to abort the inode change operation, return 0 if
2702	* security_inode_killpriv() does not need to be called, return >0 if
2703	* security_inode_killpriv() does need to be called.
2704	*/
2705	int security_inode_need_killpriv(struct dentry *dentry)
2706	{
2707	return call_int_hook(inode_need_killpriv, dentry);
2708	}
2709
2710	/**
2711	* security_inode_killpriv() - The setuid bit is removed, update LSM state
2712	* @idmap: idmap of the mount
2713	* @dentry: associated dentry
2714	*
2715	* The @dentry's setuid bit is being removed. Remove similar security labels.
2716	* Called with the dentry->d_inode->i_mutex held.
2717	*
2718	* Return: Return 0 on success. If error is returned, then the operation
2719	* causing setuid bit removal is failed.
2720	*/
2721	int security_inode_killpriv(struct mnt_idmap *idmap,
2722	struct dentry *dentry)
2723	{
2724	return call_int_hook(inode_killpriv, idmap, dentry);
2725	}
2726
2727	/**
2728	* security_inode_getsecurity() - Get the xattr security label of an inode
2729	* @idmap: idmap of the mount
2730	* @inode: inode
2731	* @name: xattr name
2732	* @buffer: security label buffer
2733	* @alloc: allocation flag
2734	*
2735	* Retrieve a copy of the extended attribute representation of the security
2736	* label associated with @name for @inode via @buffer. Note that @name is the
2737	* remainder of the attribute name after the security prefix has been removed.
2738	* @alloc is used to specify if the call should return a value via the buffer
2739	* or just the value length.
2740	*
2741	* Return: Returns size of buffer on success.
2742	*/
2743	int security_inode_getsecurity(struct mnt_idmap *idmap,
2744	struct inode inode, const* char *name,
2745	void **buffer, bool alloc)
2746	{
2747	if (unlikely(IS_PRIVATE(inode)))
2748	return LSM_RET_DEFAULT(inode_getsecurity);
2749
2750	return call_int_hook(inode_getsecurity, idmap, inode, name, buffer,
2751	alloc);
2752	}
2753
2754	/**
2755	* security_inode_setsecurity() - Set the xattr security label of an inode
2756	* @inode: inode
2757	* @name: xattr name
2758	* @value: security label
2759	* @size: length of security label
2760	* @flags: flags
2761	*
2762	* Set the security label associated with @name for @inode from the extended
2763	* attribute value @value. @size indicates the size of the @value in bytes.
2764	* @flags may be XATTR_CREATE, XATTR_REPLACE, or 0. Note that @name is the
2765	* remainder of the attribute name after the security. prefix has been removed.
2766	*
2767	* Return: Returns 0 on success.
2768	*/
2769	int security_inode_setsecurity(struct inode inode, const* char *name,
2770	const void value, size_t size, int* flags)
2771	{
2772	if (unlikely(IS_PRIVATE(inode)))
2773	return LSM_RET_DEFAULT(inode_setsecurity);
2774
2775	return call_int_hook(inode_setsecurity, inode, name, value, size,
2776	flags);
2777	}
2778
2779	/**
2780	* security_inode_listsecurity() - List the xattr security label names
2781	* @inode: inode
2782	* @buffer: buffer
2783	* @buffer_size: size of buffer
2784	*
2785	* Copy the extended attribute names for the security labels associated with
2786	* @inode into @buffer. The maximum size of @buffer is specified by
2787	* @buffer_size. @buffer may be NULL to request the size of the buffer
2788	* required.
2789	*
2790	* Return: Returns number of bytes used/required on success.
2791	*/
2792	int security_inode_listsecurity(struct inode *inode,
2793	char *buffer, size_t buffer_size)
2794	{
2795	if (unlikely(IS_PRIVATE(inode)))
2796	return `0`;
2797	return call_int_hook(inode_listsecurity, inode, buffer, buffer_size);
2798	}
2799	EXPORT_SYMBOL(security_inode_listsecurity);
2800
2801	/**
2802	* security_inode_getlsmprop() - Get an inode's LSM data
2803	* @inode: inode
2804	* @prop: lsm specific information to return
2805	*
2806	* Get the lsm specific information associated with the node.
2807	*/
2808	void security_inode_getlsmprop(struct inode inode, struct* lsm_prop *prop)
2809	{
2810	call_void_hook(inode_getlsmprop, inode, prop);
2811	}
2812
2813	/**
2814	* security_inode_copy_up() - Create new creds for an overlayfs copy-up op
2815	* @src: union dentry of copy-up file
2816	* @new: newly created creds
2817	*
2818	* A file is about to be copied up from lower layer to upper layer of overlay
2819	* filesystem. Security module can prepare a set of new creds and modify as
2820	* need be and return new creds. Caller will switch to new creds temporarily to
2821	* create new file and release newly allocated creds.
2822	*
2823	* Return: Returns 0 on success or a negative error code on error.
2824	*/
2825	int security_inode_copy_up(struct dentry src, struct* cred **new)
2826	{
2827	return call_int_hook(inode_copy_up, src, new);
2828	}
2829	EXPORT_SYMBOL(security_inode_copy_up);
2830
2831	/**
2832	* security_inode_copy_up_xattr() - Filter xattrs in an overlayfs copy-up op
2833	* @src: union dentry of copy-up file
2834	* @name: xattr name
2835	*
2836	* Filter the xattrs being copied up when a unioned file is copied up from a
2837	* lower layer to the union/overlay layer. The caller is responsible for
2838	* reading and writing the xattrs, this hook is merely a filter.
2839	*
2840	* Return: Returns 0 to accept the xattr, -ECANCELED to discard the xattr,
2841	* -EOPNOTSUPP if the security module does not know about attribute,
2842	* or a negative error code to abort the copy up.
2843	*/
2844	int security_inode_copy_up_xattr(struct dentry src, const* char *name)
2845	{
2846	int rc;
2847
2848	rc = call_int_hook(inode_copy_up_xattr, src, name);
2849	if (rc != LSM_RET_DEFAULT(inode_copy_up_xattr))
2850	return rc;
2851
2852	return LSM_RET_DEFAULT(inode_copy_up_xattr);
2853	}
2854	EXPORT_SYMBOL(security_inode_copy_up_xattr);
2855
2856	/**
2857	* security_inode_setintegrity() - Set the inode's integrity data
2858	* @inode: inode
2859	* @type: type of integrity, e.g. hash digest, signature, etc
2860	* @value: the integrity value
2861	* @size: size of the integrity value
2862	*
2863	* Register a verified integrity measurement of a inode with LSMs.
2864	* LSMs should free the previously saved data if @value is NULL.
2865	*
2866	* Return: Returns 0 on success, negative values on failure.
2867	*/
2868	int security_inode_setintegrity(const struct inode *inode,
2869	enum lsm_integrity_type type, const void *value,
2870	size_t size)
2871	{
2872	return call_int_hook(inode_setintegrity, inode, type, value, size);
2873	}
2874	EXPORT_SYMBOL(security_inode_setintegrity);
2875
2876	/**
2877	* security_kernfs_init_security() - Init LSM context for a kernfs node
2878	* @kn_dir: parent kernfs node
2879	* @kn: the kernfs node to initialize
2880	*
2881	* Initialize the security context of a newly created kernfs node based on its
2882	* own and its parent's attributes.
2883	*
2884	* Return: Returns 0 if permission is granted.
2885	*/
2886	int security_kernfs_init_security(struct kernfs_node *kn_dir,
2887	struct kernfs_node *kn)
2888	{
2889	return call_int_hook(kernfs_init_security, kn_dir, kn);
2890	}
2891
2892	/**
2893	* security_file_permission() - Check file permissions
2894	* @file: file
2895	* @mask: requested permissions
2896	*
2897	* Check file permissions before accessing an open file. This hook is called
2898	* by various operations that read or write files. A security module can use
2899	* this hook to perform additional checking on these operations, e.g. to
2900	* revalidate permissions on use to support privilege bracketing or policy
2901	* changes. Notice that this hook is used when the actual read/write
2902	* operations are performed, whereas the inode_security_ops hook is called when
2903	* a file is opened (as well as many other operations). Although this hook can
2904	* be used to revalidate permissions for various system call operations that
2905	* read or write files, it does not address the revalidation of permissions for
2906	* memory-mapped files. Security modules must handle this separately if they
2907	* need such revalidation.
2908	*
2909	* Return: Returns 0 if permission is granted.
2910	*/
2911	int security_file_permission(struct file file, int* mask)
2912	{
2913	return call_int_hook(file_permission, file, mask);
2914	}
2915
2916	/**
2917	* security_file_alloc() - Allocate and init a file's LSM blob
2918	* @file: the file
2919	*
2920	* Allocate and attach a security structure to the file->f_security field. The
2921	* security field is initialized to NULL when the structure is first created.
2922	*
2923	* Return: Return 0 if the hook is successful and permission is granted.
2924	*/
2925	int security_file_alloc(struct file *file)
2926	{
2927	int rc = lsm_file_alloc(file);
2928
2929	if (rc)
2930	return rc;
2931	rc = call_int_hook(file_alloc_security, file);
2932	if (unlikely(rc))
2933	security_file_free(file);
2934	return rc;
2935	}
2936
2937	/**
2938	* security_file_release() - Perform actions before releasing the file ref
2939	* @file: the file
2940	*
2941	* Perform actions before releasing the last reference to a file.
2942	*/
2943	void security_file_release(struct file *file)
2944	{
2945	call_void_hook(file_release, file);
2946	}
2947
2948	/**
2949	* security_file_free() - Free a file's LSM blob
2950	* @file: the file
2951	*
2952	* Deallocate and free any security structures stored in file->f_security.
2953	*/
2954	void security_file_free(struct file *file)
2955	{
2956	void *blob;
2957
2958	call_void_hook(file_free_security, file);
2959
2960	blob = file->f_security;
2961	if (blob) {
2962	file->f_security = NULL;
2963	kmem_cache_free(s: lsm_file_cache, objp: blob);
2964	}
2965	}
2966
2967	/**
2968	* security_file_ioctl() - Check if an ioctl is allowed
2969	* @file: associated file
2970	* @cmd: ioctl cmd
2971	* @arg: ioctl arguments
2972	*
2973	* Check permission for an ioctl operation on @file. Note that @arg sometimes
2974	* represents a user space pointer; in other cases, it may be a simple integer
2975	* value. When @arg represents a user space pointer, it should never be used
2976	* by the security module.
2977	*
2978	* Return: Returns 0 if permission is granted.
2979	*/
2980	int security_file_ioctl(struct file file, unsigned* int cmd, unsigned long arg)
2981	{
2982	return call_int_hook(file_ioctl, file, cmd, arg);
2983	}
2984	EXPORT_SYMBOL_GPL(security_file_ioctl);
2985
2986	/**
2987	* security_file_ioctl_compat() - Check if an ioctl is allowed in compat mode
2988	* @file: associated file
2989	* @cmd: ioctl cmd
2990	* @arg: ioctl arguments
2991	*
2992	* Compat version of security_file_ioctl() that correctly handles 32-bit
2993	* processes running on 64-bit kernels.
2994	*
2995	* Return: Returns 0 if permission is granted.
2996	*/
2997	int security_file_ioctl_compat(struct file file, unsigned* int cmd,
2998	unsigned long arg)
2999	{
3000	return call_int_hook(file_ioctl_compat, file, cmd, arg);
3001	}
3002	EXPORT_SYMBOL_GPL(security_file_ioctl_compat);
3003
3004	static inline unsigned long mmap_prot(struct file file, unsigned* long prot)
3005	{
3006	/*
3007	* Does we have PROT_READ and does the application expect
3008	* it to imply PROT_EXEC? If not, nothing to talk about...
3009	*/
3010	if ((prot & (PROT_READ \| PROT_EXEC)) != PROT_READ)
3011	return prot;
3012	if (!(current->personality & READ_IMPLIES_EXEC))
3013	return prot;
3014	/*
3015	* if that's an anonymous mapping, let it.
3016	*/
3017	if (!file)
3018	return prot \| PROT_EXEC;
3019	/*
3020	* ditto if it's not on noexec mount, except that on !MMU we need
3021	* NOMMU_MAP_EXEC (== VM_MAYEXEC) in this case
3022	*/
3023	if (!path_noexec(path: &file->f_path)) {
3024	#ifndef CONFIG_MMU
3025	if (file->f_op->mmap_capabilities) {
3026	unsigned caps = file->f_op->mmap_capabilities(file);
3027	if (!(caps & NOMMU_MAP_EXEC))
3028	return prot;
3029	}
3030	#endif
3031	return prot \| PROT_EXEC;
3032	}
3033	/ anything on noexec mount won't get PROT_EXEC /
3034	return prot;
3035	}
3036
3037	/**
3038	* security_mmap_file() - Check if mmap'ing a file is allowed
3039	* @file: file
3040	* @prot: protection applied by the kernel
3041	* @flags: flags
3042	*
3043	* Check permissions for a mmap operation. The @file may be NULL, e.g. if
3044	* mapping anonymous memory.
3045	*
3046	* Return: Returns 0 if permission is granted.
3047	*/
3048	int security_mmap_file(struct file file, unsigned* long prot,
3049	unsigned long flags)
3050	{
3051	return call_int_hook(mmap_file, file, prot, mmap_prot(file, prot),
3052	flags);
3053	}
3054
3055	/**
3056	* security_mmap_addr() - Check if mmap'ing an address is allowed
3057	* @addr: address
3058	*
3059	* Check permissions for a mmap operation at @addr.
3060	*
3061	* Return: Returns 0 if permission is granted.
3062	*/
3063	int security_mmap_addr(unsigned long addr)
3064	{
3065	return call_int_hook(mmap_addr, addr);
3066	}
3067
3068	/**
3069	* security_file_mprotect() - Check if changing memory protections is allowed
3070	* @vma: memory region
3071	* @reqprot: application requested protection
3072	* @prot: protection applied by the kernel
3073	*
3074	* Check permissions before changing memory access permissions.
3075	*
3076	* Return: Returns 0 if permission is granted.
3077	*/
3078	int security_file_mprotect(struct vm_area_struct vma, unsigned* long reqprot,
3079	unsigned long prot)
3080	{
3081	return call_int_hook(file_mprotect, vma, reqprot, prot);
3082	}
3083
3084	/**
3085	* security_file_lock() - Check if a file lock is allowed
3086	* @file: file
3087	* @cmd: lock operation (e.g. F_RDLCK, F_WRLCK)
3088	*
3089	* Check permission before performing file locking operations. Note the hook
3090	* mediates both flock and fcntl style locks.
3091	*
3092	* Return: Returns 0 if permission is granted.
3093	*/
3094	int security_file_lock(struct file file, unsigned* int cmd)
3095	{
3096	return call_int_hook(file_lock, file, cmd);
3097	}
3098
3099	/**
3100	* security_file_fcntl() - Check if fcntl() op is allowed
3101	* @file: file
3102	* @cmd: fcntl command
3103	* @arg: command argument
3104	*
3105	* Check permission before allowing the file operation specified by @cmd from
3106	* being performed on the file @file. Note that @arg sometimes represents a
3107	* user space pointer; in other cases, it may be a simple integer value. When
3108	* @arg represents a user space pointer, it should never be used by the
3109	* security module.
3110	*
3111	* Return: Returns 0 if permission is granted.
3112	*/
3113	int security_file_fcntl(struct file file, unsigned* int cmd, unsigned long arg)
3114	{
3115	return call_int_hook(file_fcntl, file, cmd, arg);
3116	}
3117
3118	/**
3119	* security_file_set_fowner() - Set the file owner info in the LSM blob
3120	* @file: the file
3121	*
3122	* Save owner security information (typically from current->security) in
3123	* file->f_security for later use by the send_sigiotask hook.
3124	*
3125	* This hook is called with file->f_owner.lock held.
3126	*
3127	* Return: Returns 0 on success.
3128	*/
3129	void security_file_set_fowner(struct file *file)
3130	{
3131	call_void_hook(file_set_fowner, file);
3132	}
3133
3134	/**
3135	* security_file_send_sigiotask() - Check if sending SIGIO/SIGURG is allowed
3136	* @tsk: target task
3137	* @fown: signal sender
3138	* @sig: signal to be sent, SIGIO is sent if 0
3139	*
3140	* Check permission for the file owner @fown to send SIGIO or SIGURG to the
3141	* process @tsk. Note that this hook is sometimes called from interrupt. Note
3142	* that the fown_struct, @fown, is never outside the context of a struct file,
3143	* so the file structure (and associated security information) can always be
3144	* obtained: container_of(fown, struct file, f_owner).
3145	*
3146	* Return: Returns 0 if permission is granted.
3147	*/
3148	int security_file_send_sigiotask(struct task_struct *tsk,
3149	struct fown_struct fown, int* sig)
3150	{
3151	return call_int_hook(file_send_sigiotask, tsk, fown, sig);
3152	}
3153
3154	/**
3155	* security_file_receive() - Check if receiving a file via IPC is allowed
3156	* @file: file being received
3157	*
3158	* This hook allows security modules to control the ability of a process to
3159	* receive an open file descriptor via socket IPC.
3160	*
3161	* Return: Returns 0 if permission is granted.
3162	*/
3163	int security_file_receive(struct file *file)
3164	{
3165	return call_int_hook(file_receive, file);
3166	}
3167
3168	/**
3169	* security_file_open() - Save open() time state for late use by the LSM
3170	* @file:
3171	*
3172	* Save open-time permission checking state for later use upon file_permission,
3173	* and recheck access if anything has changed since inode_permission.
3174	*
3175	* We can check if a file is opened for execution (e.g. execve(2) call), either
3176	* directly or indirectly (e.g. ELF's ld.so) by checking file->f_flags &
3177	* __FMODE_EXEC .
3178	*
3179	* Return: Returns 0 if permission is granted.
3180	*/
3181	int security_file_open(struct file *file)
3182	{
3183	return call_int_hook(file_open, file);
3184	}
3185
3186	/**
3187	* security_file_post_open() - Evaluate a file after it has been opened
3188	* @file: the file
3189	* @mask: access mask
3190	*
3191	* Evaluate an opened file and the access mask requested with open(). The hook
3192	* is useful for LSMs that require the file content to be available in order to
3193	* make decisions.
3194	*
3195	* Return: Returns 0 if permission is granted.
3196	*/
3197	int security_file_post_open(struct file file, int* mask)
3198	{
3199	return call_int_hook(file_post_open, file, mask);
3200	}
3201	EXPORT_SYMBOL_GPL(security_file_post_open);
3202
3203	/**
3204	* security_file_truncate() - Check if truncating a file is allowed
3205	* @file: file
3206	*
3207	* Check permission before truncating a file, i.e. using ftruncate. Note that
3208	* truncation permission may also be checked based on the path, using the
3209	* @path_truncate hook.
3210	*
3211	* Return: Returns 0 if permission is granted.
3212	*/
3213	int security_file_truncate(struct file *file)
3214	{
3215	return call_int_hook(file_truncate, file);
3216	}
3217
3218	/**
3219	* security_task_alloc() - Allocate a task's LSM blob
3220	* @task: the task
3221	* @clone_flags: flags indicating what is being shared
3222	*
3223	* Handle allocation of task-related resources.
3224	*
3225	* Return: Returns a zero on success, negative values on failure.
3226	*/
3227	int security_task_alloc(struct task_struct *task, u64 clone_flags)
3228	{
3229	int rc = lsm_task_alloc(task);
3230
3231	if (rc)
3232	return rc;
3233	rc = call_int_hook(task_alloc, task, clone_flags);
3234	if (unlikely(rc))
3235	security_task_free(task);
3236	return rc;
3237	}
3238
3239	/**
3240	* security_task_free() - Free a task's LSM blob and related resources
3241	* @task: task
3242	*
3243	* Handle release of task-related resources. Note that this can be called from
3244	* interrupt context.
3245	*/
3246	void security_task_free(struct task_struct *task)
3247	{
3248	call_void_hook(task_free, task);
3249
3250	kfree(objp: task->security);
3251	task->security = NULL;
3252	}
3253
3254	/**
3255	* security_cred_alloc_blank() - Allocate the min memory to allow cred_transfer
3256	* @cred: credentials
3257	* @gfp: gfp flags
3258	*
3259	* Only allocate sufficient memory and attach to @cred such that
3260	* cred_transfer() will not get ENOMEM.
3261	*
3262	* Return: Returns 0 on success, negative values on failure.
3263	*/
3264	int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
3265	{
3266	int rc = lsm_cred_alloc(cred, gfp);
3267
3268	if (rc)
3269	return rc;
3270
3271	rc = call_int_hook(cred_alloc_blank, cred, gfp);
3272	if (unlikely(rc))
3273	security_cred_free(cred);
3274	return rc;
3275	}
3276
3277	/**
3278	* security_cred_free() - Free the cred's LSM blob and associated resources
3279	* @cred: credentials
3280	*
3281	* Deallocate and clear the cred->security field in a set of credentials.
3282	*/
3283	void security_cred_free(struct cred *cred)
3284	{
3285	/*
3286	* There is a failure case in prepare_creds() that
3287	* may result in a call here with ->security being NULL.
3288	*/
3289	if (unlikely(cred->security == NULL))
3290	return;
3291
3292	call_void_hook(cred_free, cred);
3293
3294	kfree(objp: cred->security);
3295	cred->security = NULL;
3296	}
3297
3298	/**
3299	* security_prepare_creds() - Prepare a new set of credentials
3300	* @new: new credentials
3301	* @old: original credentials
3302	* @gfp: gfp flags
3303	*
3304	* Prepare a new set of credentials by copying the data from the old set.
3305	*
3306	* Return: Returns 0 on success, negative values on failure.
3307	*/
3308	int security_prepare_creds(struct cred new, const* struct cred *old, gfp_t gfp)
3309	{
3310	int rc = lsm_cred_alloc(cred: new, gfp);
3311
3312	if (rc)
3313	return rc;
3314
3315	rc = call_int_hook(cred_prepare, new, old, gfp);
3316	if (unlikely(rc))
3317	security_cred_free(cred: new);
3318	return rc;
3319	}
3320
3321	/**
3322	* security_transfer_creds() - Transfer creds
3323	* @new: target credentials
3324	* @old: original credentials
3325	*
3326	* Transfer data from original creds to new creds.
3327	*/
3328	void security_transfer_creds(struct cred new, const* struct cred *old)
3329	{
3330	call_void_hook(cred_transfer, new, old);
3331	}
3332
3333	/**
3334	* security_cred_getsecid() - Get the secid from a set of credentials
3335	* @c: credentials
3336	* @secid: secid value
3337	*
3338	* Retrieve the security identifier of the cred structure @c. In case of
3339	* failure, @secid will be set to zero.
3340	*/
3341	void security_cred_getsecid(const struct cred c, u32 secid)
3342	{
3343	*secid = `0`;
3344	call_void_hook(cred_getsecid, c, secid);
3345	}
3346	EXPORT_SYMBOL(security_cred_getsecid);
3347
3348	/**
3349	* security_cred_getlsmprop() - Get the LSM data from a set of credentials
3350	* @c: credentials
3351	* @prop: destination for the LSM data
3352	*
3353	* Retrieve the security data of the cred structure @c. In case of
3354	* failure, @prop will be cleared.
3355	*/
3356	void security_cred_getlsmprop(const struct cred c, struct* lsm_prop *prop)
3357	{
3358	lsmprop_init(prop);
3359	call_void_hook(cred_getlsmprop, c, prop);
3360	}
3361	EXPORT_SYMBOL(security_cred_getlsmprop);
3362
3363	/**
3364	* security_kernel_act_as() - Set the kernel credentials to act as secid
3365	* @new: credentials
3366	* @secid: secid
3367	*
3368	* Set the credentials for a kernel service to act as (subjective context).
3369	* The current task must be the one that nominated @secid.
3370	*
3371	* Return: Returns 0 if successful.
3372	*/
3373	int security_kernel_act_as(struct cred *new, u32 secid)
3374	{
3375	return call_int_hook(kernel_act_as, new, secid);
3376	}
3377
3378	/**
3379	* security_kernel_create_files_as() - Set file creation context using an inode
3380	* @new: target credentials
3381	* @inode: reference inode
3382	*
3383	* Set the file creation context in a set of credentials to be the same as the
3384	* objective context of the specified inode. The current task must be the one
3385	* that nominated @inode.
3386	*
3387	* Return: Returns 0 if successful.
3388	*/
3389	int security_kernel_create_files_as(struct cred new, struct* inode *inode)
3390	{
3391	return call_int_hook(kernel_create_files_as, new, inode);
3392	}
3393
3394	/**
3395	* security_kernel_module_request() - Check if loading a module is allowed
3396	* @kmod_name: module name
3397	*
3398	* Ability to trigger the kernel to automatically upcall to userspace for
3399	* userspace to load a kernel module with the given name.
3400	*
3401	* Return: Returns 0 if successful.
3402	*/
3403	int security_kernel_module_request(char *kmod_name)
3404	{
3405	return call_int_hook(kernel_module_request, kmod_name);
3406	}
3407
3408	/**
3409	* security_kernel_read_file() - Read a file specified by userspace
3410	* @file: file
3411	* @id: file identifier
3412	* @contents: trust if security_kernel_post_read_file() will be called
3413	*
3414	* Read a file specified by userspace.
3415	*
3416	* Return: Returns 0 if permission is granted.
3417	*/
3418	int security_kernel_read_file(struct file file, enum* kernel_read_file_id id,
3419	bool contents)
3420	{
3421	return call_int_hook(kernel_read_file, file, id, contents);
3422	}
3423	EXPORT_SYMBOL_GPL(security_kernel_read_file);
3424
3425	/**
3426	* security_kernel_post_read_file() - Read a file specified by userspace
3427	* @file: file
3428	* @buf: file contents
3429	* @size: size of file contents
3430	* @id: file identifier
3431	*
3432	* Read a file specified by userspace. This must be paired with a prior call
3433	* to security_kernel_read_file() call that indicated this hook would also be
3434	* called, see security_kernel_read_file() for more information.
3435	*
3436	* Return: Returns 0 if permission is granted.
3437	*/
3438	int security_kernel_post_read_file(struct file file, char* *buf, loff_t size,
3439	enum kernel_read_file_id id)
3440	{
3441	return call_int_hook(kernel_post_read_file, file, buf, size, id);
3442	}
3443	EXPORT_SYMBOL_GPL(security_kernel_post_read_file);
3444
3445	/**
3446	* security_kernel_load_data() - Load data provided by userspace
3447	* @id: data identifier
3448	* @contents: true if security_kernel_post_load_data() will be called
3449	*
3450	* Load data provided by userspace.
3451	*
3452	* Return: Returns 0 if permission is granted.
3453	*/
3454	int security_kernel_load_data(enum kernel_load_data_id id, bool contents)
3455	{
3456	return call_int_hook(kernel_load_data, id, contents);
3457	}
3458	EXPORT_SYMBOL_GPL(security_kernel_load_data);
3459
3460	/**
3461	* security_kernel_post_load_data() - Load userspace data from a non-file source
3462	* @buf: data
3463	* @size: size of data
3464	* @id: data identifier
3465	* @description: text description of data, specific to the id value
3466	*
3467	* Load data provided by a non-file source (usually userspace buffer). This
3468	* must be paired with a prior security_kernel_load_data() call that indicated
3469	* this hook would also be called, see security_kernel_load_data() for more
3470	* information.
3471	*
3472	* Return: Returns 0 if permission is granted.
3473	*/
3474	int security_kernel_post_load_data(char *buf, loff_t size,
3475	enum kernel_load_data_id id,
3476	char *description)
3477	{
3478	return call_int_hook(kernel_post_load_data, buf, size, id, description);
3479	}
3480	EXPORT_SYMBOL_GPL(security_kernel_post_load_data);
3481
3482	/**
3483	* security_task_fix_setuid() - Update LSM with new user id attributes
3484	* @new: updated credentials
3485	* @old: credentials being replaced
3486	* @flags: LSM_SETID_* flag values
3487	*
3488	* Update the module's state after setting one or more of the user identity
3489	* attributes of the current process. The @flags parameter indicates which of
3490	* the set*uid system calls invoked this hook. If @new is the set of
3491	* credentials that will be installed. Modifications should be made to this
3492	* rather than to @current->cred.
3493	*
3494	* Return: Returns 0 on success.
3495	*/
3496	int security_task_fix_setuid(struct cred new, const* struct cred *old,
3497	int flags)
3498	{
3499	return call_int_hook(task_fix_setuid, new, old, flags);
3500	}
3501
3502	/**
3503	* security_task_fix_setgid() - Update LSM with new group id attributes
3504	* @new: updated credentials
3505	* @old: credentials being replaced
3506	* @flags: LSM_SETID_* flag value
3507	*
3508	* Update the module's state after setting one or more of the group identity
3509	* attributes of the current process. The @flags parameter indicates which of
3510	* the set*gid system calls invoked this hook. @new is the set of credentials
3511	* that will be installed. Modifications should be made to this rather than to
3512	* @current->cred.
3513	*
3514	* Return: Returns 0 on success.
3515	*/
3516	int security_task_fix_setgid(struct cred new, const* struct cred *old,
3517	int flags)
3518	{
3519	return call_int_hook(task_fix_setgid, new, old, flags);
3520	}
3521
3522	/**
3523	* security_task_fix_setgroups() - Update LSM with new supplementary groups
3524	* @new: updated credentials
3525	* @old: credentials being replaced
3526	*
3527	* Update the module's state after setting the supplementary group identity
3528	* attributes of the current process. @new is the set of credentials that will
3529	* be installed. Modifications should be made to this rather than to
3530	* @current->cred.
3531	*
3532	* Return: Returns 0 on success.
3533	*/
3534	int security_task_fix_setgroups(struct cred new, const* struct cred *old)
3535	{
3536	return call_int_hook(task_fix_setgroups, new, old);
3537	}
3538
3539	/**
3540	* security_task_setpgid() - Check if setting the pgid is allowed
3541	* @p: task being modified
3542	* @pgid: new pgid
3543	*
3544	* Check permission before setting the process group identifier of the process
3545	* @p to @pgid.
3546	*
3547	* Return: Returns 0 if permission is granted.
3548	*/
3549	int security_task_setpgid(struct task_struct *p, pid_t pgid)
3550	{
3551	return call_int_hook(task_setpgid, p, pgid);
3552	}
3553
3554	/**
3555	* security_task_getpgid() - Check if getting the pgid is allowed
3556	* @p: task
3557	*
3558	* Check permission before getting the process group identifier of the process
3559	* @p.
3560	*
3561	* Return: Returns 0 if permission is granted.
3562	*/
3563	int security_task_getpgid(struct task_struct *p)
3564	{
3565	return call_int_hook(task_getpgid, p);
3566	}
3567
3568	/**
3569	* security_task_getsid() - Check if getting the session id is allowed
3570	* @p: task
3571	*
3572	* Check permission before getting the session identifier of the process @p.
3573	*
3574	* Return: Returns 0 if permission is granted.
3575	*/
3576	int security_task_getsid(struct task_struct *p)
3577	{
3578	return call_int_hook(task_getsid, p);
3579	}
3580
3581	/**
3582	* security_current_getlsmprop_subj() - Current task's subjective LSM data
3583	* @prop: lsm specific information
3584	*
3585	* Retrieve the subjective security identifier of the current task and return
3586	* it in @prop.
3587	*/
3588	void security_current_getlsmprop_subj(struct lsm_prop *prop)
3589	{
3590	lsmprop_init(prop);
3591	call_void_hook(current_getlsmprop_subj, prop);
3592	}
3593	EXPORT_SYMBOL(security_current_getlsmprop_subj);
3594
3595	/**
3596	* security_task_getlsmprop_obj() - Get a task's objective LSM data
3597	* @p: target task
3598	* @prop: lsm specific information
3599	*
3600	* Retrieve the objective security identifier of the task_struct in @p and
3601	* return it in @prop.
3602	*/
3603	void security_task_getlsmprop_obj(struct task_struct p, struct* lsm_prop *prop)
3604	{
3605	lsmprop_init(prop);
3606	call_void_hook(task_getlsmprop_obj, p, prop);
3607	}
3608	EXPORT_SYMBOL(security_task_getlsmprop_obj);
3609
3610	/**
3611	* security_task_setnice() - Check if setting a task's nice value is allowed
3612	* @p: target task
3613	* @nice: nice value
3614	*
3615	* Check permission before setting the nice value of @p to @nice.
3616	*
3617	* Return: Returns 0 if permission is granted.
3618	*/
3619	int security_task_setnice(struct task_struct p, int* nice)
3620	{
3621	return call_int_hook(task_setnice, p, nice);
3622	}
3623
3624	/**
3625	* security_task_setioprio() - Check if setting a task's ioprio is allowed
3626	* @p: target task
3627	* @ioprio: ioprio value
3628	*
3629	* Check permission before setting the ioprio value of @p to @ioprio.
3630	*
3631	* Return: Returns 0 if permission is granted.
3632	*/
3633	int security_task_setioprio(struct task_struct p, int* ioprio)
3634	{
3635	return call_int_hook(task_setioprio, p, ioprio);
3636	}
3637
3638	/**
3639	* security_task_getioprio() - Check if getting a task's ioprio is allowed
3640	* @p: task
3641	*
3642	* Check permission before getting the ioprio value of @p.
3643	*
3644	* Return: Returns 0 if permission is granted.
3645	*/
3646	int security_task_getioprio(struct task_struct *p)
3647	{
3648	return call_int_hook(task_getioprio, p);
3649	}
3650
3651	/**
3652	* security_task_prlimit() - Check if get/setting resources limits is allowed
3653	* @cred: current task credentials
3654	* @tcred: target task credentials
3655	* @flags: LSM_PRLIMIT_* flag bits indicating a get/set/both
3656	*
3657	* Check permission before getting and/or setting the resource limits of
3658	* another task.
3659	*
3660	* Return: Returns 0 if permission is granted.
3661	*/
3662	int security_task_prlimit(const struct cred cred, const* struct cred *tcred,
3663	unsigned int flags)
3664	{
3665	return call_int_hook(task_prlimit, cred, tcred, flags);
3666	}
3667
3668	/**
3669	* security_task_setrlimit() - Check if setting a new rlimit value is allowed
3670	* @p: target task's group leader
3671	* @resource: resource whose limit is being set
3672	* @new_rlim: new resource limit
3673	*
3674	* Check permission before setting the resource limits of process @p for
3675	* @resource to @new_rlim. The old resource limit values can be examined by
3676	* dereferencing (p->signal->rlim + resource).
3677	*
3678	* Return: Returns 0 if permission is granted.
3679	*/
3680	int security_task_setrlimit(struct task_struct p, unsigned* int resource,
3681	struct rlimit *new_rlim)
3682	{
3683	return call_int_hook(task_setrlimit, p, resource, new_rlim);
3684	}
3685
3686	/**
3687	* security_task_setscheduler() - Check if setting sched policy/param is allowed
3688	* @p: target task
3689	*
3690	* Check permission before setting scheduling policy and/or parameters of
3691	* process @p.
3692	*
3693	* Return: Returns 0 if permission is granted.
3694	*/
3695	int security_task_setscheduler(struct task_struct *p)
3696	{
3697	return call_int_hook(task_setscheduler, p);
3698	}
3699
3700	/**
3701	* security_task_getscheduler() - Check if getting scheduling info is allowed
3702	* @p: target task
3703	*
3704	* Check permission before obtaining scheduling information for process @p.
3705	*
3706	* Return: Returns 0 if permission is granted.
3707	*/
3708	int security_task_getscheduler(struct task_struct *p)
3709	{
3710	return call_int_hook(task_getscheduler, p);
3711	}
3712
3713	/**
3714	* security_task_movememory() - Check if moving memory is allowed
3715	* @p: task
3716	*
3717	* Check permission before moving memory owned by process @p.
3718	*
3719	* Return: Returns 0 if permission is granted.
3720	*/
3721	int security_task_movememory(struct task_struct *p)
3722	{
3723	return call_int_hook(task_movememory, p);
3724	}
3725
3726	/**
3727	* security_task_kill() - Check if sending a signal is allowed
3728	* @p: target process
3729	* @info: signal information
3730	* @sig: signal value
3731	* @cred: credentials of the signal sender, NULL if @current
3732	*
3733	* Check permission before sending signal @sig to @p. @info can be NULL, the
3734	* constant 1, or a pointer to a kernel_siginfo structure. If @info is 1 or
3735	* SI_FROMKERNEL(info) is true, then the signal should be viewed as coming from
3736	* the kernel and should typically be permitted. SIGIO signals are handled
3737	* separately by the send_sigiotask hook in file_security_ops.
3738	*
3739	* Return: Returns 0 if permission is granted.
3740	*/
3741	int security_task_kill(struct task_struct p, struct* kernel_siginfo *info,
3742	int sig, const struct cred *cred)
3743	{
3744	return call_int_hook(task_kill, p, info, sig, cred);
3745	}
3746
3747	/**
3748	* security_task_prctl() - Check if a prctl op is allowed
3749	* @option: operation
3750	* @arg2: argument
3751	* @arg3: argument
3752	* @arg4: argument
3753	* @arg5: argument
3754	*
3755	* Check permission before performing a process control operation on the
3756	* current process.
3757	*
3758	* Return: Return -ENOSYS if no-one wanted to handle this op, any other value
3759	* to cause prctl() to return immediately with that value.
3760	*/
3761	int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
3762	unsigned long arg4, unsigned long arg5)
3763	{
3764	int thisrc;
3765	int rc = LSM_RET_DEFAULT(task_prctl);
3766	struct lsm_static_call *scall;
3767
3768	lsm_for_each_hook(scall, task_prctl) {
3769	thisrc = scall->hl->hook.task_prctl(option, arg2, arg3, arg4, arg5);
3770	if (thisrc != LSM_RET_DEFAULT(task_prctl)) {
3771	rc = thisrc;
3772	if (thisrc != `0`)
3773	break;
3774	}
3775	}
3776	return rc;
3777	}
3778
3779	/**
3780	* security_task_to_inode() - Set the security attributes of a task's inode
3781	* @p: task
3782	* @inode: inode
3783	*
3784	* Set the security attributes for an inode based on an associated task's
3785	* security attributes, e.g. for /proc/pid inodes.
3786	*/
3787	void security_task_to_inode(struct task_struct p, struct* inode *inode)
3788	{
3789	call_void_hook(task_to_inode, p, inode);
3790	}
3791
3792	/**
3793	* security_create_user_ns() - Check if creating a new userns is allowed
3794	* @cred: prepared creds
3795	*
3796	* Check permission prior to creating a new user namespace.
3797	*
3798	* Return: Returns 0 if successful, otherwise < 0 error code.
3799	*/
3800	int security_create_user_ns(const struct cred *cred)
3801	{
3802	return call_int_hook(userns_create, cred);
3803	}
3804
3805	/**
3806	* security_ipc_permission() - Check if sysv ipc access is allowed
3807	* @ipcp: ipc permission structure
3808	* @flag: requested permissions
3809	*
3810	* Check permissions for access to IPC.
3811	*
3812	* Return: Returns 0 if permission is granted.
3813	*/
3814	int security_ipc_permission(struct kern_ipc_perm ipcp, short* flag)
3815	{
3816	return call_int_hook(ipc_permission, ipcp, flag);
3817	}
3818
3819	/**
3820	* security_ipc_getlsmprop() - Get the sysv ipc object LSM data
3821	* @ipcp: ipc permission structure
3822	* @prop: pointer to lsm information
3823	*
3824	* Get the lsm information associated with the ipc object.
3825	*/
3826
3827	void security_ipc_getlsmprop(struct kern_ipc_perm ipcp, struct* lsm_prop *prop)
3828	{
3829	lsmprop_init(prop);
3830	call_void_hook(ipc_getlsmprop, ipcp, prop);
3831	}
3832
3833	/**
3834	* security_msg_msg_alloc() - Allocate a sysv ipc message LSM blob
3835	* @msg: message structure
3836	*
3837	* Allocate and attach a security structure to the msg->security field. The
3838	* security field is initialized to NULL when the structure is first created.
3839	*
3840	* Return: Return 0 if operation was successful and permission is granted.
3841	*/
3842	int security_msg_msg_alloc(struct msg_msg *msg)
3843	{
3844	int rc = lsm_msg_msg_alloc(mp: msg);
3845
3846	if (unlikely(rc))
3847	return rc;
3848	rc = call_int_hook(msg_msg_alloc_security, msg);
3849	if (unlikely(rc))
3850	security_msg_msg_free(msg);
3851	return rc;
3852	}
3853
3854	/**
3855	* security_msg_msg_free() - Free a sysv ipc message LSM blob
3856	* @msg: message structure
3857	*
3858	* Deallocate the security structure for this message.
3859	*/
3860	void security_msg_msg_free(struct msg_msg *msg)
3861	{
3862	call_void_hook(msg_msg_free_security, msg);
3863	kfree(objp: msg->security);
3864	msg->security = NULL;
3865	}
3866
3867	/**
3868	* security_msg_queue_alloc() - Allocate a sysv ipc msg queue LSM blob
3869	* @msq: sysv ipc permission structure
3870	*
3871	* Allocate and attach a security structure to @msg. The security field is
3872	* initialized to NULL when the structure is first created.
3873	*
3874	* Return: Returns 0 if operation was successful and permission is granted.
3875	*/
3876	int security_msg_queue_alloc(struct kern_ipc_perm *msq)
3877	{
3878	int rc = lsm_ipc_alloc(kip: msq);
3879
3880	if (unlikely(rc))
3881	return rc;
3882	rc = call_int_hook(msg_queue_alloc_security, msq);
3883	if (unlikely(rc))
3884	security_msg_queue_free(msq);
3885	return rc;
3886	}
3887
3888	/**
3889	* security_msg_queue_free() - Free a sysv ipc msg queue LSM blob
3890	* @msq: sysv ipc permission structure
3891	*
3892	* Deallocate security field @perm->security for the message queue.
3893	*/
3894	void security_msg_queue_free(struct kern_ipc_perm *msq)
3895	{
3896	call_void_hook(msg_queue_free_security, msq);
3897	kfree(objp: msq->security);
3898	msq->security = NULL;
3899	}
3900
3901	/**
3902	* security_msg_queue_associate() - Check if a msg queue operation is allowed
3903	* @msq: sysv ipc permission structure
3904	* @msqflg: operation flags
3905	*
3906	* Check permission when a message queue is requested through the msgget system
3907	* call. This hook is only called when returning the message queue identifier
3908	* for an existing message queue, not when a new message queue is created.
3909	*
3910	* Return: Return 0 if permission is granted.
3911	*/
3912	int security_msg_queue_associate(struct kern_ipc_perm msq, int* msqflg)
3913	{
3914	return call_int_hook(msg_queue_associate, msq, msqflg);
3915	}
3916
3917	/**
3918	* security_msg_queue_msgctl() - Check if a msg queue operation is allowed
3919	* @msq: sysv ipc permission structure
3920	* @cmd: operation
3921	*
3922	* Check permission when a message control operation specified by @cmd is to be
3923	* performed on the message queue with permissions.
3924	*
3925	* Return: Returns 0 if permission is granted.
3926	*/
3927	int security_msg_queue_msgctl(struct kern_ipc_perm msq, int* cmd)
3928	{
3929	return call_int_hook(msg_queue_msgctl, msq, cmd);
3930	}
3931
3932	/**
3933	* security_msg_queue_msgsnd() - Check if sending a sysv ipc message is allowed
3934	* @msq: sysv ipc permission structure
3935	* @msg: message
3936	* @msqflg: operation flags
3937	*
3938	* Check permission before a message, @msg, is enqueued on the message queue
3939	* with permissions specified in @msq.
3940	*
3941	* Return: Returns 0 if permission is granted.
3942	*/
3943	int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
3944	struct msg_msg msg, int* msqflg)
3945	{
3946	return call_int_hook(msg_queue_msgsnd, msq, msg, msqflg);
3947	}
3948
3949	/**
3950	* security_msg_queue_msgrcv() - Check if receiving a sysv ipc msg is allowed
3951	* @msq: sysv ipc permission structure
3952	* @msg: message
3953	* @target: target task
3954	* @type: type of message requested
3955	* @mode: operation flags
3956	*
3957	* Check permission before a message, @msg, is removed from the message queue.
3958	* The @target task structure contains a pointer to the process that will be
3959	* receiving the message (not equal to the current process when inline receives
3960	* are being performed).
3961	*
3962	* Return: Returns 0 if permission is granted.
3963	*/
3964	int security_msg_queue_msgrcv(struct kern_ipc_perm msq, struct* msg_msg *msg,
3965	struct task_struct target, long* type, int mode)
3966	{
3967	return call_int_hook(msg_queue_msgrcv, msq, msg, target, type, mode);
3968	}
3969
3970	/**
3971	* security_shm_alloc() - Allocate a sysv shm LSM blob
3972	* @shp: sysv ipc permission structure
3973	*
3974	* Allocate and attach a security structure to the @shp security field. The
3975	* security field is initialized to NULL when the structure is first created.
3976	*
3977	* Return: Returns 0 if operation was successful and permission is granted.
3978	*/
3979	int security_shm_alloc(struct kern_ipc_perm *shp)
3980	{
3981	int rc = lsm_ipc_alloc(kip: shp);
3982
3983	if (unlikely(rc))
3984	return rc;
3985	rc = call_int_hook(shm_alloc_security, shp);
3986	if (unlikely(rc))
3987	security_shm_free(shp);
3988	return rc;
3989	}
3990
3991	/**
3992	* security_shm_free() - Free a sysv shm LSM blob
3993	* @shp: sysv ipc permission structure
3994	*
3995	* Deallocate the security structure @perm->security for the memory segment.
3996	*/
3997	void security_shm_free(struct kern_ipc_perm *shp)
3998	{
3999	call_void_hook(shm_free_security, shp);
4000	kfree(objp: shp->security);
4001	shp->security = NULL;
4002	}
4003
4004	/**
4005	* security_shm_associate() - Check if a sysv shm operation is allowed
4006	* @shp: sysv ipc permission structure
4007	* @shmflg: operation flags
4008	*
4009	* Check permission when a shared memory region is requested through the shmget
4010	* system call. This hook is only called when returning the shared memory
4011	* region identifier for an existing region, not when a new shared memory
4012	* region is created.
4013	*
4014	* Return: Returns 0 if permission is granted.
4015	*/
4016	int security_shm_associate(struct kern_ipc_perm shp, int* shmflg)
4017	{
4018	return call_int_hook(shm_associate, shp, shmflg);
4019	}
4020
4021	/**
4022	* security_shm_shmctl() - Check if a sysv shm operation is allowed
4023	* @shp: sysv ipc permission structure
4024	* @cmd: operation
4025	*
4026	* Check permission when a shared memory control operation specified by @cmd is
4027	* to be performed on the shared memory region with permissions in @shp.
4028	*
4029	* Return: Return 0 if permission is granted.
4030	*/
4031	int security_shm_shmctl(struct kern_ipc_perm shp, int* cmd)
4032	{
4033	return call_int_hook(shm_shmctl, shp, cmd);
4034	}
4035
4036	/**
4037	* security_shm_shmat() - Check if a sysv shm attach operation is allowed
4038	* @shp: sysv ipc permission structure
4039	* @shmaddr: address of memory region to attach
4040	* @shmflg: operation flags
4041	*
4042	* Check permissions prior to allowing the shmat system call to attach the
4043	* shared memory segment with permissions @shp to the data segment of the
4044	* calling process. The attaching address is specified by @shmaddr.
4045	*
4046	* Return: Returns 0 if permission is granted.
4047	*/
4048	int security_shm_shmat(struct kern_ipc_perm *shp,
4049	char __user shmaddr, int* shmflg)
4050	{
4051	return call_int_hook(shm_shmat, shp, shmaddr, shmflg);
4052	}
4053
4054	/**
4055	* security_sem_alloc() - Allocate a sysv semaphore LSM blob
4056	* @sma: sysv ipc permission structure
4057	*
4058	* Allocate and attach a security structure to the @sma security field. The
4059	* security field is initialized to NULL when the structure is first created.
4060	*
4061	* Return: Returns 0 if operation was successful and permission is granted.
4062	*/
4063	int security_sem_alloc(struct kern_ipc_perm *sma)
4064	{
4065	int rc = lsm_ipc_alloc(kip: sma);
4066
4067	if (unlikely(rc))
4068	return rc;
4069	rc = call_int_hook(sem_alloc_security, sma);
4070	if (unlikely(rc))
4071	security_sem_free(sma);
4072	return rc;
4073	}
4074
4075	/**
4076	* security_sem_free() - Free a sysv semaphore LSM blob
4077	* @sma: sysv ipc permission structure
4078	*
4079	* Deallocate security structure @sma->security for the semaphore.
4080	*/
4081	void security_sem_free(struct kern_ipc_perm *sma)
4082	{
4083	call_void_hook(sem_free_security, sma);
4084	kfree(objp: sma->security);
4085	sma->security = NULL;
4086	}
4087
4088	/**
4089	* security_sem_associate() - Check if a sysv semaphore operation is allowed
4090	* @sma: sysv ipc permission structure
4091	* @semflg: operation flags
4092	*
4093	* Check permission when a semaphore is requested through the semget system
4094	* call. This hook is only called when returning the semaphore identifier for
4095	* an existing semaphore, not when a new one must be created.
4096	*
4097	* Return: Returns 0 if permission is granted.
4098	*/
4099	int security_sem_associate(struct kern_ipc_perm sma, int* semflg)
4100	{
4101	return call_int_hook(sem_associate, sma, semflg);
4102	}
4103
4104	/**
4105	* security_sem_semctl() - Check if a sysv semaphore operation is allowed
4106	* @sma: sysv ipc permission structure
4107	* @cmd: operation
4108	*
4109	* Check permission when a semaphore operation specified by @cmd is to be
4110	* performed on the semaphore.
4111	*
4112	* Return: Returns 0 if permission is granted.
4113	*/
4114	int security_sem_semctl(struct kern_ipc_perm sma, int* cmd)
4115	{
4116	return call_int_hook(sem_semctl, sma, cmd);
4117	}
4118
4119	/**
4120	* security_sem_semop() - Check if a sysv semaphore operation is allowed
4121	* @sma: sysv ipc permission structure
4122	* @sops: operations to perform
4123	* @nsops: number of operations
4124	* @alter: flag indicating changes will be made
4125	*
4126	* Check permissions before performing operations on members of the semaphore
4127	* set. If the @alter flag is nonzero, the semaphore set may be modified.
4128	*
4129	* Return: Returns 0 if permission is granted.
4130	*/
4131	int security_sem_semop(struct kern_ipc_perm sma, struct* sembuf *sops,
4132	unsigned nsops, int alter)
4133	{
4134	return call_int_hook(sem_semop, sma, sops, nsops, alter);
4135	}
4136
4137	/**
4138	* security_d_instantiate() - Populate an inode's LSM state based on a dentry
4139	* @dentry: dentry
4140	* @inode: inode
4141	*
4142	* Fill in @inode security information for a @dentry if allowed.
4143	*/
4144	void security_d_instantiate(struct dentry dentry, struct* inode *inode)
4145	{
4146	if (unlikely(inode && IS_PRIVATE(inode)))
4147	return;
4148	call_void_hook(d_instantiate, dentry, inode);
4149	}
4150	EXPORT_SYMBOL(security_d_instantiate);
4151
4152	/*
4153	* Please keep this in sync with it's counterpart in security/lsm_syscalls.c
4154	*/
4155
4156	/**
4157	* security_getselfattr - Read an LSM attribute of the current process.
4158	* @attr: which attribute to return
4159	* @uctx: the user-space destination for the information, or NULL
4160	* @size: pointer to the size of space available to receive the data
4161	* @flags: special handling options. LSM_FLAG_SINGLE indicates that only
4162	* attributes associated with the LSM identified in the passed @ctx be
4163	* reported.
4164	*
4165	* A NULL value for @uctx can be used to get both the number of attributes
4166	* and the size of the data.
4167	*
4168	* Returns the number of attributes found on success, negative value
4169	* on error. @size is reset to the total size of the data.
4170	* If @size is insufficient to contain the data -E2BIG is returned.
4171	*/
4172	int security_getselfattr(unsigned int attr, struct lsm_ctx __user *uctx,
4173	u32 __user *size, u32 flags)
4174	{
4175	struct lsm_static_call *scall;
4176	struct lsm_ctx lctx = { .id = LSM_ID_UNDEF, };
4177	u8 __user base = (u8 __user )uctx;
4178	u32 entrysize;
4179	u32 total = `0`;
4180	u32 left;
4181	bool toobig = false;
4182	bool single = false;
4183	int count = `0`;
4184	int rc;
4185
4186	if (attr == LSM_ATTR_UNDEF)
4187	return -EINVAL;
4188	if (size == NULL)
4189	return -EINVAL;
4190	if (get_user(left, size))
4191	return -EFAULT;
4192
4193	if (flags) {
4194	/*
4195	* Only flag supported is LSM_FLAG_SINGLE
4196	*/
4197	if (flags != LSM_FLAG_SINGLE \|\| !uctx)
4198	return -EINVAL;
4199	if (copy_from_user(to: &lctx, from: uctx, n: sizeof(lctx)))
4200	return -EFAULT;
4201	/*
4202	* If the LSM ID isn't specified it is an error.
4203	*/
4204	if (lctx.id == LSM_ID_UNDEF)
4205	return -EINVAL;
4206	single = true;
4207	}
4208
4209	/*
4210	* In the usual case gather all the data from the LSMs.
4211	* In the single case only get the data from the LSM specified.
4212	*/
4213	lsm_for_each_hook(scall, getselfattr) {
4214	if (single && lctx.id != scall->hl->lsmid->id)
4215	continue;
4216	entrysize = left;
4217	if (base)
4218	uctx = (struct lsm_ctx __user *)(base + total);
4219	rc = scall->hl->hook.getselfattr(attr, uctx, &entrysize, flags);
4220	if (rc == -EOPNOTSUPP)
4221	continue;
4222	if (rc == -E2BIG) {
4223	rc = `0`;
4224	left = `0`;
4225	toobig = true;
4226	} else if (rc < `0`)
4227	return rc;
4228	else
4229	left -= entrysize;
4230
4231	total += entrysize;
4232	count += rc;
4233	if (single)
4234	break;
4235	}
4236	if (put_user(total, size))
4237	return -EFAULT;
4238	if (toobig)
4239	return -E2BIG;
4240	if (count == `0`)
4241	return LSM_RET_DEFAULT(getselfattr);
4242	return count;
4243	}
4244
4245	/*
4246	* Please keep this in sync with it's counterpart in security/lsm_syscalls.c
4247	*/
4248
4249	/**
4250	* security_setselfattr - Set an LSM attribute on the current process.
4251	* @attr: which attribute to set
4252	* @uctx: the user-space source for the information
4253	* @size: the size of the data
4254	* @flags: reserved for future use, must be 0
4255	*
4256	* Set an LSM attribute for the current process. The LSM, attribute
4257	* and new value are included in @uctx.
4258	*
4259	* Returns 0 on success, -EINVAL if the input is inconsistent, -EFAULT
4260	* if the user buffer is inaccessible, E2BIG if size is too big, or an
4261	* LSM specific failure.
4262	*/
4263	int security_setselfattr(unsigned int attr, struct lsm_ctx __user *uctx,
4264	u32 size, u32 flags)
4265	{
4266	struct lsm_static_call *scall;
4267	struct lsm_ctx *lctx;
4268	int rc = LSM_RET_DEFAULT(setselfattr);
4269	u64 required_len;
4270
4271	if (flags)
4272	return -EINVAL;
4273	if (size < sizeof(*lctx))
4274	return -EINVAL;
4275	if (size > PAGE_SIZE)
4276	return -E2BIG;
4277
4278	lctx = memdup_user(uctx, size);
4279	if (IS_ERR(ptr: lctx))
4280	return PTR_ERR(ptr: lctx);
4281
4282	if (size < lctx->len \|\|
4283	check_add_overflow(sizeof(*lctx), lctx->ctx_len, &required_len) \|\|
4284	lctx->len < required_len) {
4285	rc = -EINVAL;
4286	goto free_out;
4287	}
4288
4289	lsm_for_each_hook(scall, setselfattr)
4290	if ((scall->hl->lsmid->id) == lctx->id) {
4291	rc = scall->hl->hook.setselfattr(attr, lctx, size, flags);
4292	break;
4293	}
4294
4295	free_out:
4296	kfree(objp: lctx);
4297	return rc;
4298	}
4299
4300	/**
4301	* security_getprocattr() - Read an attribute for a task
4302	* @p: the task
4303	* @lsmid: LSM identification
4304	* @name: attribute name
4305	* @value: attribute value
4306	*
4307	* Read attribute @name for task @p and store it into @value if allowed.
4308	*
4309	* Return: Returns the length of @value on success, a negative value otherwise.
4310	*/
4311	int security_getprocattr(struct task_struct p, int* lsmid, const char *name,
4312	char **value)
4313	{
4314	struct lsm_static_call *scall;
4315
4316	lsm_for_each_hook(scall, getprocattr) {
4317	if (lsmid != `0` && lsmid != scall->hl->lsmid->id)
4318	continue;
4319	return scall->hl->hook.getprocattr(p, name, value);
4320	}
4321	return LSM_RET_DEFAULT(getprocattr);
4322	}
4323
4324	/**
4325	* security_setprocattr() - Set an attribute for a task
4326	* @lsmid: LSM identification
4327	* @name: attribute name
4328	* @value: attribute value
4329	* @size: attribute value size
4330	*
4331	* Write (set) the current task's attribute @name to @value, size @size if
4332	* allowed.
4333	*
4334	* Return: Returns bytes written on success, a negative value otherwise.
4335	*/
4336	int security_setprocattr(int lsmid, const char name, void* *value, size_t size)
4337	{
4338	struct lsm_static_call *scall;
4339
4340	lsm_for_each_hook(scall, setprocattr) {
4341	if (lsmid != `0` && lsmid != scall->hl->lsmid->id)
4342	continue;
4343	return scall->hl->hook.setprocattr(name, value, size);
4344	}
4345	return LSM_RET_DEFAULT(setprocattr);
4346	}
4347
4348	/**
4349	* security_ismaclabel() - Check if the named attribute is a MAC label
4350	* @name: full extended attribute name
4351	*
4352	* Check if the extended attribute specified by @name represents a MAC label.
4353	*
4354	* Return: Returns 1 if name is a MAC attribute otherwise returns 0.
4355	*/
4356	int security_ismaclabel(const char *name)
4357	{
4358	return call_int_hook(ismaclabel, name);
4359	}
4360	EXPORT_SYMBOL(security_ismaclabel);
4361
4362	/**
4363	* security_secid_to_secctx() - Convert a secid to a secctx
4364	* @secid: secid
4365	* @cp: the LSM context
4366	*
4367	* Convert secid to security context. If @cp is NULL the length of the
4368	* result will be returned, but no data will be returned. This
4369	* does mean that the length could change between calls to check the length and
4370	* the next call which actually allocates and returns the data.
4371	*
4372	* Return: Return length of data on success, error on failure.
4373	*/
4374	int security_secid_to_secctx(u32 secid, struct lsm_context *cp)
4375	{
4376	return call_int_hook(secid_to_secctx, secid, cp);
4377	}
4378	EXPORT_SYMBOL(security_secid_to_secctx);
4379
4380	/**
4381	* security_lsmprop_to_secctx() - Convert a lsm_prop to a secctx
4382	* @prop: lsm specific information
4383	* @cp: the LSM context
4384	* @lsmid: which security module to report
4385	*
4386	* Convert a @prop entry to security context. If @cp is NULL the
4387	* length of the result will be returned. This does mean that the
4388	* length could change between calls to check the length and the
4389	* next call which actually allocates and returns the @cp.
4390	*
4391	* @lsmid identifies which LSM should supply the context.
4392	* A value of LSM_ID_UNDEF indicates that the first LSM suppling
4393	* the hook should be used. This is used in cases where the
4394	* ID of the supplying LSM is unambiguous.
4395	*
4396	* Return: Return length of data on success, error on failure.
4397	*/
4398	int security_lsmprop_to_secctx(struct lsm_prop prop, struct* lsm_context *cp,
4399	int lsmid)
4400	{
4401	struct lsm_static_call *scall;
4402
4403	lsm_for_each_hook(scall, lsmprop_to_secctx) {
4404	if (lsmid != LSM_ID_UNDEF && lsmid != scall->hl->lsmid->id)
4405	continue;
4406	return scall->hl->hook.lsmprop_to_secctx(prop, cp);
4407	}
4408	return LSM_RET_DEFAULT(lsmprop_to_secctx);
4409	}
4410	EXPORT_SYMBOL(security_lsmprop_to_secctx);
4411
4412	/**
4413	* security_secctx_to_secid() - Convert a secctx to a secid
4414	* @secdata: secctx
4415	* @seclen: length of secctx
4416	* @secid: secid
4417	*
4418	* Convert security context to secid.
4419	*
4420	* Return: Returns 0 on success, error on failure.
4421	*/
4422	int security_secctx_to_secid(const char secdata, u32 seclen, u32 secid)
4423	{
4424	*secid = `0`;
4425	return call_int_hook(secctx_to_secid, secdata, seclen, secid);
4426	}
4427	EXPORT_SYMBOL(security_secctx_to_secid);
4428
4429	/**
4430	* security_release_secctx() - Free a secctx buffer
4431	* @cp: the security context
4432	*
4433	* Release the security context.
4434	*/
4435	void security_release_secctx(struct lsm_context *cp)
4436	{
4437	call_void_hook(release_secctx, cp);
4438	memset(s: cp, c: `0`, n: sizeof(*cp));
4439	}
4440	EXPORT_SYMBOL(security_release_secctx);
4441
4442	/**
4443	* security_inode_invalidate_secctx() - Invalidate an inode's security label
4444	* @inode: inode
4445	*
4446	* Notify the security module that it must revalidate the security context of
4447	* an inode.
4448	*/
4449	void security_inode_invalidate_secctx(struct inode *inode)
4450	{
4451	call_void_hook(inode_invalidate_secctx, inode);
4452	}
4453	EXPORT_SYMBOL(security_inode_invalidate_secctx);
4454
4455	/**
4456	* security_inode_notifysecctx() - Notify the LSM of an inode's security label
4457	* @inode: inode
4458	* @ctx: secctx
4459	* @ctxlen: length of secctx
4460	*
4461	* Notify the security module of what the security context of an inode should
4462	* be. Initializes the incore security context managed by the security module
4463	* for this inode. Example usage: NFS client invokes this hook to initialize
4464	* the security context in its incore inode to the value provided by the server
4465	* for the file when the server returned the file's attributes to the client.
4466	* Must be called with inode->i_mutex locked.
4467	*
4468	* Return: Returns 0 on success, error on failure.
4469	*/
4470	int security_inode_notifysecctx(struct inode inode, void* *ctx, u32 ctxlen)
4471	{
4472	return call_int_hook(inode_notifysecctx, inode, ctx, ctxlen);
4473	}
4474	EXPORT_SYMBOL(security_inode_notifysecctx);
4475
4476	/**
4477	* security_inode_setsecctx() - Change the security label of an inode
4478	* @dentry: inode
4479	* @ctx: secctx
4480	* @ctxlen: length of secctx
4481	*
4482	* Change the security context of an inode. Updates the incore security
4483	* context managed by the security module and invokes the fs code as needed
4484	* (via __vfs_setxattr_noperm) to update any backing xattrs that represent the
4485	* context. Example usage: NFS server invokes this hook to change the security
4486	* context in its incore inode and on the backing filesystem to a value
4487	* provided by the client on a SETATTR operation. Must be called with
4488	* inode->i_mutex locked.
4489	*
4490	* Return: Returns 0 on success, error on failure.
4491	*/
4492	int security_inode_setsecctx(struct dentry dentry, void* *ctx, u32 ctxlen)
4493	{
4494	return call_int_hook(inode_setsecctx, dentry, ctx, ctxlen);
4495	}
4496	EXPORT_SYMBOL(security_inode_setsecctx);
4497
4498	/**
4499	* security_inode_getsecctx() - Get the security label of an inode
4500	* @inode: inode
4501	* @cp: security context
4502	*
4503	* On success, returns 0 and fills out @cp with the security context
4504	* for the given @inode.
4505	*
4506	* Return: Returns 0 on success, error on failure.
4507	*/
4508	int security_inode_getsecctx(struct inode inode, struct* lsm_context *cp)
4509	{
4510	memset(s: cp, c: `0`, n: sizeof(*cp));
4511	return call_int_hook(inode_getsecctx, inode, cp);
4512	}
4513	EXPORT_SYMBOL(security_inode_getsecctx);
4514
4515	#ifdef CONFIG_WATCH_QUEUE
4516	/**
4517	* security_post_notification() - Check if a watch notification can be posted
4518	* @w_cred: credentials of the task that set the watch
4519	* @cred: credentials of the task which triggered the watch
4520	* @n: the notification
4521	*
4522	* Check to see if a watch notification can be posted to a particular queue.
4523	*
4524	* Return: Returns 0 if permission is granted.
4525	*/
4526	int security_post_notification(const struct cred *w_cred,
4527	const struct cred *cred,
4528	struct watch_notification *n)
4529	{
4530	return call_int_hook(post_notification, w_cred, cred, n);
4531	}
4532	#endif /* CONFIG_WATCH_QUEUE */
4533
4534	#ifdef CONFIG_KEY_NOTIFICATIONS
4535	/**
4536	* security_watch_key() - Check if a task is allowed to watch for key events
4537	* @key: the key to watch
4538	*
4539	* Check to see if a process is allowed to watch for event notifications from
4540	* a key or keyring.
4541	*
4542	* Return: Returns 0 if permission is granted.
4543	*/
4544	int security_watch_key(struct key *key)
4545	{
4546	return call_int_hook(watch_key, key);
4547	}
4548	#endif /* CONFIG_KEY_NOTIFICATIONS */
4549
4550	#ifdef CONFIG_SECURITY_NETWORK
4551	/**
4552	* security_netlink_send() - Save info and check if netlink sending is allowed
4553	* @sk: sending socket
4554	* @skb: netlink message
4555	*
4556	* Save security information for a netlink message so that permission checking
4557	* can be performed when the message is processed. The security information
4558	* can be saved using the eff_cap field of the netlink_skb_parms structure.
4559	* Also may be used to provide fine grained control over message transmission.
4560	*
4561	* Return: Returns 0 if the information was successfully saved and message is
4562	* allowed to be transmitted.
4563	*/
4564	int security_netlink_send(struct sock sk, struct* sk_buff *skb)
4565	{
4566	return call_int_hook(netlink_send, sk, skb);
4567	}
4568
4569	/**
4570	* security_unix_stream_connect() - Check if a AF_UNIX stream is allowed
4571	* @sock: originating sock
4572	* @other: peer sock
4573	* @newsk: new sock
4574	*
4575	* Check permissions before establishing a Unix domain stream connection
4576	* between @sock and @other.
4577	*
4578	* The @unix_stream_connect and @unix_may_send hooks were necessary because
4579	* Linux provides an alternative to the conventional file name space for Unix
4580	* domain sockets. Whereas binding and connecting to sockets in the file name
4581	* space is mediated by the typical file permissions (and caught by the mknod
4582	* and permission hooks in inode_security_ops), binding and connecting to
4583	* sockets in the abstract name space is completely unmediated. Sufficient
4584	* control of Unix domain sockets in the abstract name space isn't possible
4585	* using only the socket layer hooks, since we need to know the actual target
4586	* socket, which is not looked up until we are inside the af_unix code.
4587	*
4588	* Return: Returns 0 if permission is granted.
4589	*/
4590	int security_unix_stream_connect(struct sock sock, struct* sock *other,
4591	struct sock *newsk)
4592	{
4593	return call_int_hook(unix_stream_connect, sock, other, newsk);
4594	}
4595	EXPORT_SYMBOL(security_unix_stream_connect);
4596
4597	/**
4598	* security_unix_may_send() - Check if AF_UNIX socket can send datagrams
4599	* @sock: originating sock
4600	* @other: peer sock
4601	*
4602	* Check permissions before connecting or sending datagrams from @sock to
4603	* @other.
4604	*
4605	* The @unix_stream_connect and @unix_may_send hooks were necessary because
4606	* Linux provides an alternative to the conventional file name space for Unix
4607	* domain sockets. Whereas binding and connecting to sockets in the file name
4608	* space is mediated by the typical file permissions (and caught by the mknod
4609	* and permission hooks in inode_security_ops), binding and connecting to
4610	* sockets in the abstract name space is completely unmediated. Sufficient
4611	* control of Unix domain sockets in the abstract name space isn't possible
4612	* using only the socket layer hooks, since we need to know the actual target
4613	* socket, which is not looked up until we are inside the af_unix code.
4614	*
4615	* Return: Returns 0 if permission is granted.
4616	*/
4617	int security_unix_may_send(struct socket sock, struct* socket *other)
4618	{
4619	return call_int_hook(unix_may_send, sock, other);
4620	}
4621	EXPORT_SYMBOL(security_unix_may_send);
4622
4623	/**
4624	* security_socket_create() - Check if creating a new socket is allowed
4625	* @family: protocol family
4626	* @type: communications type
4627	* @protocol: requested protocol
4628	* @kern: set to 1 if a kernel socket is requested
4629	*
4630	* Check permissions prior to creating a new socket.
4631	*
4632	* Return: Returns 0 if permission is granted.
4633	*/
4634	int security_socket_create(int family, int type, int protocol, int kern)
4635	{
4636	return call_int_hook(socket_create, family, type, protocol, kern);
4637	}
4638
4639	/**
4640	* security_socket_post_create() - Initialize a newly created socket
4641	* @sock: socket
4642	* @family: protocol family
4643	* @type: communications type
4644	* @protocol: requested protocol
4645	* @kern: set to 1 if a kernel socket is requested
4646	*
4647	* This hook allows a module to update or allocate a per-socket security
4648	* structure. Note that the security field was not added directly to the socket
4649	* structure, but rather, the socket security information is stored in the
4650	* associated inode. Typically, the inode alloc_security hook will allocate
4651	* and attach security information to SOCK_INODE(sock)->i_security. This hook
4652	* may be used to update the SOCK_INODE(sock)->i_security field with additional
4653	* information that wasn't available when the inode was allocated.
4654	*
4655	* Return: Returns 0 if permission is granted.
4656	*/
4657	int security_socket_post_create(struct socket sock, int* family,
4658	int type, int protocol, int kern)
4659	{
4660	return call_int_hook(socket_post_create, sock, family, type,
4661	protocol, kern);
4662	}
4663
4664	/**
4665	* security_socket_socketpair() - Check if creating a socketpair is allowed
4666	* @socka: first socket
4667	* @sockb: second socket
4668	*
4669	* Check permissions before creating a fresh pair of sockets.
4670	*
4671	* Return: Returns 0 if permission is granted and the connection was
4672	* established.
4673	*/
4674	int security_socket_socketpair(struct socket socka, struct* socket *sockb)
4675	{
4676	return call_int_hook(socket_socketpair, socka, sockb);
4677	}
4678	EXPORT_SYMBOL(security_socket_socketpair);
4679
4680	/**
4681	* security_socket_bind() - Check if a socket bind operation is allowed
4682	* @sock: socket
4683	* @address: requested bind address
4684	* @addrlen: length of address
4685	*
4686	* Check permission before socket protocol layer bind operation is performed
4687	* and the socket @sock is bound to the address specified in the @address
4688	* parameter.
4689	*
4690	* Return: Returns 0 if permission is granted.
4691	*/
4692	int security_socket_bind(struct socket *sock,
4693	struct sockaddr address, int* addrlen)
4694	{
4695	return call_int_hook(socket_bind, sock, address, addrlen);
4696	}
4697
4698	/**
4699	* security_socket_connect() - Check if a socket connect operation is allowed
4700	* @sock: socket
4701	* @address: address of remote connection point
4702	* @addrlen: length of address
4703	*
4704	* Check permission before socket protocol layer connect operation attempts to
4705	* connect socket @sock to a remote address, @address.
4706	*
4707	* Return: Returns 0 if permission is granted.
4708	*/
4709	int security_socket_connect(struct socket *sock,
4710	struct sockaddr address, int* addrlen)
4711	{
4712	return call_int_hook(socket_connect, sock, address, addrlen);
4713	}
4714
4715	/**
4716	* security_socket_listen() - Check if a socket is allowed to listen
4717	* @sock: socket
4718	* @backlog: connection queue size
4719	*
4720	* Check permission before socket protocol layer listen operation.
4721	*
4722	* Return: Returns 0 if permission is granted.
4723	*/
4724	int security_socket_listen(struct socket sock, int* backlog)
4725	{
4726	return call_int_hook(socket_listen, sock, backlog);
4727	}
4728
4729	/**
4730	* security_socket_accept() - Check if a socket is allowed to accept connections
4731	* @sock: listening socket
4732	* @newsock: newly creation connection socket
4733	*
4734	* Check permission before accepting a new connection. Note that the new
4735	* socket, @newsock, has been created and some information copied to it, but
4736	* the accept operation has not actually been performed.
4737	*
4738	* Return: Returns 0 if permission is granted.
4739	*/
4740	int security_socket_accept(struct socket sock, struct* socket *newsock)
4741	{
4742	return call_int_hook(socket_accept, sock, newsock);
4743	}
4744
4745	/**
4746	* security_socket_sendmsg() - Check if sending a message is allowed
4747	* @sock: sending socket
4748	* @msg: message to send
4749	* @size: size of message
4750	*
4751	* Check permission before transmitting a message to another socket.
4752	*
4753	* Return: Returns 0 if permission is granted.
4754	*/
4755	int security_socket_sendmsg(struct socket sock, struct* msghdr msg, int* size)
4756	{
4757	return call_int_hook(socket_sendmsg, sock, msg, size);
4758	}
4759
4760	/**
4761	* security_socket_recvmsg() - Check if receiving a message is allowed
4762	* @sock: receiving socket
4763	* @msg: message to receive
4764	* @size: size of message
4765	* @flags: operational flags
4766	*
4767	* Check permission before receiving a message from a socket.
4768	*
4769	* Return: Returns 0 if permission is granted.
4770	*/
4771	int security_socket_recvmsg(struct socket sock, struct* msghdr *msg,
4772	int size, int flags)
4773	{
4774	return call_int_hook(socket_recvmsg, sock, msg, size, flags);
4775	}
4776
4777	/**
4778	* security_socket_getsockname() - Check if reading the socket addr is allowed
4779	* @sock: socket
4780	*
4781	* Check permission before reading the local address (name) of the socket
4782	* object.
4783	*
4784	* Return: Returns 0 if permission is granted.
4785	*/
4786	int security_socket_getsockname(struct socket *sock)
4787	{
4788	return call_int_hook(socket_getsockname, sock);
4789	}
4790
4791	/**
4792	* security_socket_getpeername() - Check if reading the peer's addr is allowed
4793	* @sock: socket
4794	*
4795	* Check permission before the remote address (name) of a socket object.
4796	*
4797	* Return: Returns 0 if permission is granted.
4798	*/
4799	int security_socket_getpeername(struct socket *sock)
4800	{
4801	return call_int_hook(socket_getpeername, sock);
4802	}
4803
4804	/**
4805	* security_socket_getsockopt() - Check if reading a socket option is allowed
4806	* @sock: socket
4807	* @level: option's protocol level
4808	* @optname: option name
4809	*
4810	* Check permissions before retrieving the options associated with socket
4811	* @sock.
4812	*
4813	* Return: Returns 0 if permission is granted.
4814	*/
4815	int security_socket_getsockopt(struct socket sock, int* level, int optname)
4816	{
4817	return call_int_hook(socket_getsockopt, sock, level, optname);
4818	}
4819
4820	/**
4821	* security_socket_setsockopt() - Check if setting a socket option is allowed
4822	* @sock: socket
4823	* @level: option's protocol level
4824	* @optname: option name
4825	*
4826	* Check permissions before setting the options associated with socket @sock.
4827	*
4828	* Return: Returns 0 if permission is granted.
4829	*/
4830	int security_socket_setsockopt(struct socket sock, int* level, int optname)
4831	{
4832	return call_int_hook(socket_setsockopt, sock, level, optname);
4833	}
4834
4835	/**
4836	* security_socket_shutdown() - Checks if shutting down the socket is allowed
4837	* @sock: socket
4838	* @how: flag indicating how sends and receives are handled
4839	*
4840	* Checks permission before all or part of a connection on the socket @sock is
4841	* shut down.
4842	*
4843	* Return: Returns 0 if permission is granted.
4844	*/
4845	int security_socket_shutdown(struct socket sock, int* how)
4846	{
4847	return call_int_hook(socket_shutdown, sock, how);
4848	}
4849
4850	/**
4851	* security_sock_rcv_skb() - Check if an incoming network packet is allowed
4852	* @sk: destination sock
4853	* @skb: incoming packet
4854	*
4855	* Check permissions on incoming network packets. This hook is distinct from
4856	* Netfilter's IP input hooks since it is the first time that the incoming
4857	* sk_buff @skb has been associated with a particular socket, @sk. Must not
4858	* sleep inside this hook because some callers hold spinlocks.
4859	*
4860	* Return: Returns 0 if permission is granted.
4861	*/
4862	int security_sock_rcv_skb(struct sock sk, struct* sk_buff *skb)
4863	{
4864	return call_int_hook(socket_sock_rcv_skb, sk, skb);
4865	}
4866	EXPORT_SYMBOL(security_sock_rcv_skb);
4867
4868	/**
4869	* security_socket_getpeersec_stream() - Get the remote peer label
4870	* @sock: socket
4871	* @optval: destination buffer
4872	* @optlen: size of peer label copied into the buffer
4873	* @len: maximum size of the destination buffer
4874	*
4875	* This hook allows the security module to provide peer socket security state
4876	* for unix or connected tcp sockets to userspace via getsockopt SO_GETPEERSEC.
4877	* For tcp sockets this can be meaningful if the socket is associated with an
4878	* ipsec SA.
4879	*
4880	* Return: Returns 0 if all is well, otherwise, typical getsockopt return
4881	* values.
4882	*/
4883	int security_socket_getpeersec_stream(struct socket *sock, sockptr_t optval,
4884	sockptr_t optlen, unsigned int len)
4885	{
4886	return call_int_hook(socket_getpeersec_stream, sock, optval, optlen,
4887	len);
4888	}
4889
4890	/**
4891	* security_socket_getpeersec_dgram() - Get the remote peer label
4892	* @sock: socket
4893	* @skb: datagram packet
4894	* @secid: remote peer label secid
4895	*
4896	* This hook allows the security module to provide peer socket security state
4897	* for udp sockets on a per-packet basis to userspace via getsockopt
4898	* SO_GETPEERSEC. The application must first have indicated the IP_PASSSEC
4899	* option via getsockopt. It can then retrieve the security state returned by
4900	* this hook for a packet via the SCM_SECURITY ancillary message type.
4901	*
4902	* Return: Returns 0 on success, error on failure.
4903	*/
4904	int security_socket_getpeersec_dgram(struct socket *sock,
4905	struct sk_buff skb, u32 secid)
4906	{
4907	return call_int_hook(socket_getpeersec_dgram, sock, skb, secid);
4908	}
4909	EXPORT_SYMBOL(security_socket_getpeersec_dgram);
4910
4911	/**
4912	* lsm_sock_alloc - allocate a composite sock blob
4913	* @sock: the sock that needs a blob
4914	* @gfp: allocation mode
4915	*
4916	* Allocate the sock blob for all the modules
4917	*
4918	* Returns 0, or -ENOMEM if memory can't be allocated.
4919	*/
4920	static int lsm_sock_alloc(struct sock *sock, gfp_t gfp)
4921	{
4922	return lsm_blob_alloc(dest: &sock->sk_security, size: blob_sizes.lbs_sock, gfp);
4923	}
4924
4925	/**
4926	* security_sk_alloc() - Allocate and initialize a sock's LSM blob
4927	* @sk: sock
4928	* @family: protocol family
4929	* @priority: gfp flags
4930	*
4931	* Allocate and attach a security structure to the sk->sk_security field, which
4932	* is used to copy security attributes between local stream sockets.
4933	*
4934	* Return: Returns 0 on success, error on failure.
4935	*/
4936	int security_sk_alloc(struct sock sk, int* family, gfp_t priority)
4937	{
4938	int rc = lsm_sock_alloc(sock: sk, gfp: priority);
4939
4940	if (unlikely(rc))
4941	return rc;
4942	rc = call_int_hook(sk_alloc_security, sk, family, priority);
4943	if (unlikely(rc))
4944	security_sk_free(sk);
4945	return rc;
4946	}
4947
4948	/**
4949	* security_sk_free() - Free the sock's LSM blob
4950	* @sk: sock
4951	*
4952	* Deallocate security structure.
4953	*/
4954	void security_sk_free(struct sock *sk)
4955	{
4956	call_void_hook(sk_free_security, sk);
4957	kfree(objp: sk->sk_security);
4958	sk->sk_security = NULL;
4959	}
4960
4961	/**
4962	* security_sk_clone() - Clone a sock's LSM state
4963	* @sk: original sock
4964	* @newsk: target sock
4965	*
4966	* Clone/copy security structure.
4967	*/
4968	void security_sk_clone(const struct sock sk, struct* sock *newsk)
4969	{
4970	call_void_hook(sk_clone_security, sk, newsk);
4971	}
4972	EXPORT_SYMBOL(security_sk_clone);
4973
4974	/**
4975	* security_sk_classify_flow() - Set a flow's secid based on socket
4976	* @sk: original socket
4977	* @flic: target flow
4978	*
4979	* Set the target flow's secid to socket's secid.
4980	*/
4981	void security_sk_classify_flow(const struct sock sk, struct* flowi_common *flic)
4982	{
4983	call_void_hook(sk_getsecid, sk, &flic->flowic_secid);
4984	}
4985	EXPORT_SYMBOL(security_sk_classify_flow);
4986
4987	/**
4988	* security_req_classify_flow() - Set a flow's secid based on request_sock
4989	* @req: request_sock
4990	* @flic: target flow
4991	*
4992	* Sets @flic's secid to @req's secid.
4993	*/
4994	void security_req_classify_flow(const struct request_sock *req,
4995	struct flowi_common *flic)
4996	{
4997	call_void_hook(req_classify_flow, req, flic);
4998	}
4999	EXPORT_SYMBOL(security_req_classify_flow);
5000
5001	/**
5002	* security_sock_graft() - Reconcile LSM state when grafting a sock on a socket
5003	* @sk: sock being grafted
5004	* @parent: target parent socket
5005	*
5006	* Sets @parent's inode secid to @sk's secid and update @sk with any necessary
5007	* LSM state from @parent.
5008	*/
5009	void security_sock_graft(struct sock sk, struct* socket *parent)
5010	{
5011	call_void_hook(sock_graft, sk, parent);
5012	}
5013	EXPORT_SYMBOL(security_sock_graft);
5014
5015	/**
5016	* security_inet_conn_request() - Set request_sock state using incoming connect
5017	* @sk: parent listening sock
5018	* @skb: incoming connection
5019	* @req: new request_sock
5020	*
5021	* Initialize the @req LSM state based on @sk and the incoming connect in @skb.
5022	*
5023	* Return: Returns 0 if permission is granted.
5024	*/
5025	int security_inet_conn_request(const struct sock *sk,
5026	struct sk_buff skb, struct* request_sock *req)
5027	{
5028	return call_int_hook(inet_conn_request, sk, skb, req);
5029	}
5030	EXPORT_SYMBOL(security_inet_conn_request);
5031
5032	/**
5033	* security_inet_csk_clone() - Set new sock LSM state based on request_sock
5034	* @newsk: new sock
5035	* @req: connection request_sock
5036	*
5037	* Set that LSM state of @sock using the LSM state from @req.
5038	*/
5039	void security_inet_csk_clone(struct sock *newsk,
5040	const struct request_sock *req)
5041	{
5042	call_void_hook(inet_csk_clone, newsk, req);
5043	}
5044
5045	/**
5046	* security_inet_conn_established() - Update sock's LSM state with connection
5047	* @sk: sock
5048	* @skb: connection packet
5049	*
5050	* Update @sock's LSM state to represent a new connection from @skb.
5051	*/
5052	void security_inet_conn_established(struct sock *sk,
5053	struct sk_buff *skb)
5054	{
5055	call_void_hook(inet_conn_established, sk, skb);
5056	}
5057	EXPORT_SYMBOL(security_inet_conn_established);
5058
5059	/**
5060	* security_secmark_relabel_packet() - Check if setting a secmark is allowed
5061	* @secid: new secmark value
5062	*
5063	* Check if the process should be allowed to relabel packets to @secid.
5064	*
5065	* Return: Returns 0 if permission is granted.
5066	*/
5067	int security_secmark_relabel_packet(u32 secid)
5068	{
5069	return call_int_hook(secmark_relabel_packet, secid);
5070	}
5071	EXPORT_SYMBOL(security_secmark_relabel_packet);
5072
5073	/**
5074	* security_secmark_refcount_inc() - Increment the secmark labeling rule count
5075	*
5076	* Tells the LSM to increment the number of secmark labeling rules loaded.
5077	*/
5078	void security_secmark_refcount_inc(void)
5079	{
5080	call_void_hook(secmark_refcount_inc);
5081	}
5082	EXPORT_SYMBOL(security_secmark_refcount_inc);
5083
5084	/**
5085	* security_secmark_refcount_dec() - Decrement the secmark labeling rule count
5086	*
5087	* Tells the LSM to decrement the number of secmark labeling rules loaded.
5088	*/
5089	void security_secmark_refcount_dec(void)
5090	{
5091	call_void_hook(secmark_refcount_dec);
5092	}
5093	EXPORT_SYMBOL(security_secmark_refcount_dec);
5094
5095	/**
5096	* security_tun_dev_alloc_security() - Allocate a LSM blob for a TUN device
5097	* @security: pointer to the LSM blob
5098	*
5099	* This hook allows a module to allocate a security structure for a TUN device,
5100	* returning the pointer in @security.
5101	*
5102	* Return: Returns a zero on success, negative values on failure.
5103	*/
5104	int security_tun_dev_alloc_security(void **security)
5105	{
5106	int rc;
5107
5108	rc = lsm_blob_alloc(dest: security, size: blob_sizes.lbs_tun_dev, GFP_KERNEL);
5109	if (rc)
5110	return rc;
5111
5112	rc = call_int_hook(tun_dev_alloc_security, *security);
5113	if (rc) {
5114	kfree(objp: *security);
5115	*security = NULL;
5116	}
5117	return rc;
5118	}
5119	EXPORT_SYMBOL(security_tun_dev_alloc_security);
5120
5121	/**
5122	* security_tun_dev_free_security() - Free a TUN device LSM blob
5123	* @security: LSM blob
5124	*
5125	* This hook allows a module to free the security structure for a TUN device.
5126	*/
5127	void security_tun_dev_free_security(void *security)
5128	{
5129	kfree(objp: security);
5130	}
5131	EXPORT_SYMBOL(security_tun_dev_free_security);
5132
5133	/**
5134	* security_tun_dev_create() - Check if creating a TUN device is allowed
5135	*
5136	* Check permissions prior to creating a new TUN device.
5137	*
5138	* Return: Returns 0 if permission is granted.
5139	*/
5140	int security_tun_dev_create(void)
5141	{
5142	return call_int_hook(tun_dev_create);
5143	}
5144	EXPORT_SYMBOL(security_tun_dev_create);
5145
5146	/**
5147	* security_tun_dev_attach_queue() - Check if attaching a TUN queue is allowed
5148	* @security: TUN device LSM blob
5149	*
5150	* Check permissions prior to attaching to a TUN device queue.
5151	*
5152	* Return: Returns 0 if permission is granted.
5153	*/
5154	int security_tun_dev_attach_queue(void *security)
5155	{
5156	return call_int_hook(tun_dev_attach_queue, security);
5157	}
5158	EXPORT_SYMBOL(security_tun_dev_attach_queue);
5159
5160	/**
5161	* security_tun_dev_attach() - Update TUN device LSM state on attach
5162	* @sk: associated sock
5163	* @security: TUN device LSM blob
5164	*
5165	* This hook can be used by the module to update any security state associated
5166	* with the TUN device's sock structure.
5167	*
5168	* Return: Returns 0 if permission is granted.
5169	*/
5170	int security_tun_dev_attach(struct sock sk, void* *security)
5171	{
5172	return call_int_hook(tun_dev_attach, sk, security);
5173	}
5174	EXPORT_SYMBOL(security_tun_dev_attach);
5175
5176	/**
5177	* security_tun_dev_open() - Update TUN device LSM state on open
5178	* @security: TUN device LSM blob
5179	*
5180	* This hook can be used by the module to update any security state associated
5181	* with the TUN device's security structure.
5182	*
5183	* Return: Returns 0 if permission is granted.
5184	*/
5185	int security_tun_dev_open(void *security)
5186	{
5187	return call_int_hook(tun_dev_open, security);
5188	}
5189	EXPORT_SYMBOL(security_tun_dev_open);
5190
5191	/**
5192	* security_sctp_assoc_request() - Update the LSM on a SCTP association req
5193	* @asoc: SCTP association
5194	* @skb: packet requesting the association
5195	*
5196	* Passes the @asoc and @chunk->skb of the association INIT packet to the LSM.
5197	*
5198	* Return: Returns 0 on success, error on failure.
5199	*/
5200	int security_sctp_assoc_request(struct sctp_association *asoc,
5201	struct sk_buff *skb)
5202	{
5203	return call_int_hook(sctp_assoc_request, asoc, skb);
5204	}
5205	EXPORT_SYMBOL(security_sctp_assoc_request);
5206
5207	/**
5208	* security_sctp_bind_connect() - Validate a list of addrs for a SCTP option
5209	* @sk: socket
5210	* @optname: SCTP option to validate
5211	* @address: list of IP addresses to validate
5212	* @addrlen: length of the address list
5213	*
5214	* Validiate permissions required for each address associated with sock @sk.
5215	* Depending on @optname, the addresses will be treated as either a connect or
5216	* bind service. The @addrlen is calculated on each IPv4 and IPv6 address using
5217	* sizeof(struct sockaddr_in) or sizeof(struct sockaddr_in6).
5218	*
5219	* Return: Returns 0 on success, error on failure.
5220	*/
5221	int security_sctp_bind_connect(struct sock sk, int* optname,
5222	struct sockaddr address, int* addrlen)
5223	{
5224	return call_int_hook(sctp_bind_connect, sk, optname, address, addrlen);
5225	}
5226	EXPORT_SYMBOL(security_sctp_bind_connect);
5227
5228	/**
5229	* security_sctp_sk_clone() - Clone a SCTP sock's LSM state
5230	* @asoc: SCTP association
5231	* @sk: original sock
5232	* @newsk: target sock
5233	*
5234	* Called whenever a new socket is created by accept(2) (i.e. a TCP style
5235	* socket) or when a socket is 'peeled off' e.g userspace calls
5236	* sctp_peeloff(3).
5237	*/
5238	void security_sctp_sk_clone(struct sctp_association asoc, struct* sock *sk,
5239	struct sock *newsk)
5240	{
5241	call_void_hook(sctp_sk_clone, asoc, sk, newsk);
5242	}
5243	EXPORT_SYMBOL(security_sctp_sk_clone);
5244
5245	/**
5246	* security_sctp_assoc_established() - Update LSM state when assoc established
5247	* @asoc: SCTP association
5248	* @skb: packet establishing the association
5249	*
5250	* Passes the @asoc and @chunk->skb of the association COOKIE_ACK packet to the
5251	* security module.
5252	*
5253	* Return: Returns 0 if permission is granted.
5254	*/
5255	int security_sctp_assoc_established(struct sctp_association *asoc,
5256	struct sk_buff *skb)
5257	{
5258	return call_int_hook(sctp_assoc_established, asoc, skb);
5259	}
5260	EXPORT_SYMBOL(security_sctp_assoc_established);
5261
5262	/**
5263	* security_mptcp_add_subflow() - Inherit the LSM label from the MPTCP socket
5264	* @sk: the owning MPTCP socket
5265	* @ssk: the new subflow
5266	*
5267	* Update the labeling for the given MPTCP subflow, to match the one of the
5268	* owning MPTCP socket. This hook has to be called after the socket creation and
5269	* initialization via the security_socket_create() and
5270	* security_socket_post_create() LSM hooks.
5271	*
5272	* Return: Returns 0 on success or a negative error code on failure.
5273	*/
5274	int security_mptcp_add_subflow(struct sock sk, struct* sock *ssk)
5275	{
5276	return call_int_hook(mptcp_add_subflow, sk, ssk);
5277	}
5278
5279	#endif /* CONFIG_SECURITY_NETWORK */
5280
5281	#ifdef CONFIG_SECURITY_INFINIBAND
5282	/**
5283	* security_ib_pkey_access() - Check if access to an IB pkey is allowed
5284	* @sec: LSM blob
5285	* @subnet_prefix: subnet prefix of the port
5286	* @pkey: IB pkey
5287	*
5288	* Check permission to access a pkey when modifying a QP.
5289	*
5290	* Return: Returns 0 if permission is granted.
5291	*/
5292	int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey)
5293	{
5294	return call_int_hook(ib_pkey_access, sec, subnet_prefix, pkey);
5295	}
5296	EXPORT_SYMBOL(security_ib_pkey_access);
5297
5298	/**
5299	* security_ib_endport_manage_subnet() - Check if SMPs traffic is allowed
5300	* @sec: LSM blob
5301	* @dev_name: IB device name
5302	* @port_num: port number
5303	*
5304	* Check permissions to send and receive SMPs on a end port.
5305	*
5306	* Return: Returns 0 if permission is granted.
5307	*/
5308	int security_ib_endport_manage_subnet(void *sec,
5309	const char *dev_name, u8 port_num)
5310	{
5311	return call_int_hook(ib_endport_manage_subnet, sec, dev_name, port_num);
5312	}
5313	EXPORT_SYMBOL(security_ib_endport_manage_subnet);
5314
5315	/**
5316	* security_ib_alloc_security() - Allocate an Infiniband LSM blob
5317	* @sec: LSM blob
5318	*
5319	* Allocate a security structure for Infiniband objects.
5320	*
5321	* Return: Returns 0 on success, non-zero on failure.
5322	*/
5323	int security_ib_alloc_security(void **sec)
5324	{
5325	int rc;
5326
5327	rc = lsm_blob_alloc(sec, blob_sizes.lbs_ib, GFP_KERNEL);
5328	if (rc)
5329	return rc;
5330
5331	rc = call_int_hook(ib_alloc_security, *sec);
5332	if (rc) {
5333	kfree(*sec);
5334	*sec = NULL;
5335	}
5336	return rc;
5337	}
5338	EXPORT_SYMBOL(security_ib_alloc_security);
5339
5340	/**
5341	* security_ib_free_security() - Free an Infiniband LSM blob
5342	* @sec: LSM blob
5343	*
5344	* Deallocate an Infiniband security structure.
5345	*/
5346	void security_ib_free_security(void *sec)
5347	{
5348	kfree(sec);
5349	}
5350	EXPORT_SYMBOL(security_ib_free_security);
5351	#endif /* CONFIG_SECURITY_INFINIBAND */
5352
5353	#ifdef CONFIG_SECURITY_NETWORK_XFRM
5354	/**
5355	* security_xfrm_policy_alloc() - Allocate a xfrm policy LSM blob
5356	* @ctxp: xfrm security context being added to the SPD
5357	* @sec_ctx: security label provided by userspace
5358	* @gfp: gfp flags
5359	*
5360	* Allocate a security structure to the xp->security field; the security field
5361	* is initialized to NULL when the xfrm_policy is allocated.
5362	*
5363	* Return: Return 0 if operation was successful.
5364	*/
5365	int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
5366	struct xfrm_user_sec_ctx *sec_ctx,
5367	gfp_t gfp)
5368	{
5369	return call_int_hook(xfrm_policy_alloc_security, ctxp, sec_ctx, gfp);
5370	}
5371	EXPORT_SYMBOL(security_xfrm_policy_alloc);
5372
5373	/**
5374	* security_xfrm_policy_clone() - Clone xfrm policy LSM state
5375	* @old_ctx: xfrm security context
5376	* @new_ctxp: target xfrm security context
5377	*
5378	* Allocate a security structure in new_ctxp that contains the information from
5379	* the old_ctx structure.
5380	*
5381	* Return: Return 0 if operation was successful.
5382	*/
5383	int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
5384	struct xfrm_sec_ctx **new_ctxp)
5385	{
5386	return call_int_hook(xfrm_policy_clone_security, old_ctx, new_ctxp);
5387	}
5388
5389	/**
5390	* security_xfrm_policy_free() - Free a xfrm security context
5391	* @ctx: xfrm security context
5392	*
5393	* Free LSM resources associated with @ctx.
5394	*/
5395	void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
5396	{
5397	call_void_hook(xfrm_policy_free_security, ctx);
5398	}
5399	EXPORT_SYMBOL(security_xfrm_policy_free);
5400
5401	/**
5402	* security_xfrm_policy_delete() - Check if deleting a xfrm policy is allowed
5403	* @ctx: xfrm security context
5404	*
5405	* Authorize deletion of a SPD entry.
5406	*
5407	* Return: Returns 0 if permission is granted.
5408	*/
5409	int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
5410	{
5411	return call_int_hook(xfrm_policy_delete_security, ctx);
5412	}
5413
5414	/**
5415	* security_xfrm_state_alloc() - Allocate a xfrm state LSM blob
5416	* @x: xfrm state being added to the SAD
5417	* @sec_ctx: security label provided by userspace
5418	*
5419	* Allocate a security structure to the @x->security field; the security field
5420	* is initialized to NULL when the xfrm_state is allocated. Set the context to
5421	* correspond to @sec_ctx.
5422	*
5423	* Return: Return 0 if operation was successful.
5424	*/
5425	int security_xfrm_state_alloc(struct xfrm_state *x,
5426	struct xfrm_user_sec_ctx *sec_ctx)
5427	{
5428	return call_int_hook(xfrm_state_alloc, x, sec_ctx);
5429	}
5430	EXPORT_SYMBOL(security_xfrm_state_alloc);
5431
5432	/**
5433	* security_xfrm_state_alloc_acquire() - Allocate a xfrm state LSM blob
5434	* @x: xfrm state being added to the SAD
5435	* @polsec: associated policy's security context
5436	* @secid: secid from the flow
5437	*
5438	* Allocate a security structure to the x->security field; the security field
5439	* is initialized to NULL when the xfrm_state is allocated. Set the context to
5440	* correspond to secid.
5441	*
5442	* Return: Returns 0 if operation was successful.
5443	*/
5444	int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
5445	struct xfrm_sec_ctx *polsec, u32 secid)
5446	{
5447	return call_int_hook(xfrm_state_alloc_acquire, x, polsec, secid);
5448	}
5449
5450	/**
5451	* security_xfrm_state_delete() - Check if deleting a xfrm state is allowed
5452	* @x: xfrm state
5453	*
5454	* Authorize deletion of x->security.
5455	*
5456	* Return: Returns 0 if permission is granted.
5457	*/
5458	int security_xfrm_state_delete(struct xfrm_state *x)
5459	{
5460	return call_int_hook(xfrm_state_delete_security, x);
5461	}
5462	EXPORT_SYMBOL(security_xfrm_state_delete);
5463
5464	/**
5465	* security_xfrm_state_free() - Free a xfrm state
5466	* @x: xfrm state
5467	*
5468	* Deallocate x->security.
5469	*/
5470	void security_xfrm_state_free(struct xfrm_state *x)
5471	{
5472	call_void_hook(xfrm_state_free_security, x);
5473	}
5474
5475	/**
5476	* security_xfrm_policy_lookup() - Check if using a xfrm policy is allowed
5477	* @ctx: target xfrm security context
5478	* @fl_secid: flow secid used to authorize access
5479	*
5480	* Check permission when a flow selects a xfrm_policy for processing XFRMs on a
5481	* packet. The hook is called when selecting either a per-socket policy or a
5482	* generic xfrm policy.
5483	*
5484	* Return: Return 0 if permission is granted, -ESRCH otherwise, or -errno on
5485	* other errors.
5486	*/
5487	int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid)
5488	{
5489	return call_int_hook(xfrm_policy_lookup, ctx, fl_secid);
5490	}
5491
5492	/**
5493	* security_xfrm_state_pol_flow_match() - Check for a xfrm match
5494	* @x: xfrm state to match
5495	* @xp: xfrm policy to check for a match
5496	* @flic: flow to check for a match.
5497	*
5498	* Check @xp and @flic for a match with @x.
5499	*
5500	* Return: Returns 1 if there is a match.
5501	*/
5502	int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
5503	struct xfrm_policy *xp,
5504	const struct flowi_common *flic)
5505	{
5506	struct lsm_static_call *scall;
5507	int rc = LSM_RET_DEFAULT(xfrm_state_pol_flow_match);
5508
5509	/*
5510	* Since this function is expected to return 0 or 1, the judgment
5511	* becomes difficult if multiple LSMs supply this call. Fortunately,
5512	* we can use the first LSM's judgment because currently only SELinux
5513	* supplies this call.
5514	*
5515	* For speed optimization, we explicitly break the loop rather than
5516	* using the macro
5517	*/
5518	lsm_for_each_hook(scall, xfrm_state_pol_flow_match) {
5519	rc = scall->hl->hook.xfrm_state_pol_flow_match(x, xp, flic);
5520	break;
5521	}
5522	return rc;
5523	}
5524
5525	/**
5526	* security_xfrm_decode_session() - Determine the xfrm secid for a packet
5527	* @skb: xfrm packet
5528	* @secid: secid
5529	*
5530	* Decode the packet in @skb and return the security label in @secid.
5531	*
5532	* Return: Return 0 if all xfrms used have the same secid.
5533	*/
5534	int security_xfrm_decode_session(struct sk_buff skb, u32 secid)
5535	{
5536	return call_int_hook(xfrm_decode_session, skb, secid, `1`);
5537	}
5538
5539	void security_skb_classify_flow(struct sk_buff skb, struct* flowi_common *flic)
5540	{
5541	int rc = call_int_hook(xfrm_decode_session, skb, &flic->flowic_secid,
5542	`0`);
5543
5544	BUG_ON(rc);
5545	}
5546	EXPORT_SYMBOL(security_skb_classify_flow);
5547	#endif /* CONFIG_SECURITY_NETWORK_XFRM */
5548
5549	#ifdef CONFIG_KEYS
5550	/**
5551	* security_key_alloc() - Allocate and initialize a kernel key LSM blob
5552	* @key: key
5553	* @cred: credentials
5554	* @flags: allocation flags
5555	*
5556	* Permit allocation of a key and assign security data. Note that key does not
5557	* have a serial number assigned at this point.
5558	*
5559	* Return: Return 0 if permission is granted, -ve error otherwise.
5560	*/
5561	int security_key_alloc(struct key key, const* struct cred *cred,
5562	unsigned long flags)
5563	{
5564	int rc = lsm_key_alloc(key);
5565
5566	if (unlikely(rc))
5567	return rc;
5568	rc = call_int_hook(key_alloc, key, cred, flags);
5569	if (unlikely(rc))
5570	security_key_free(key);
5571	return rc;
5572	}
5573
5574	/**
5575	* security_key_free() - Free a kernel key LSM blob
5576	* @key: key
5577	*
5578	* Notification of destruction; free security data.
5579	*/
5580	void security_key_free(struct key *key)
5581	{
5582	kfree(objp: key->security);
5583	key->security = NULL;
5584	}
5585
5586	/**
5587	* security_key_permission() - Check if a kernel key operation is allowed
5588	* @key_ref: key reference
5589	* @cred: credentials of actor requesting access
5590	* @need_perm: requested permissions
5591	*
5592	* See whether a specific operational right is granted to a process on a key.
5593	*
5594	* Return: Return 0 if permission is granted, -ve error otherwise.
5595	*/
5596	int security_key_permission(key_ref_t key_ref, const struct cred *cred,
5597	enum key_need_perm need_perm)
5598	{
5599	return call_int_hook(key_permission, key_ref, cred, need_perm);
5600	}
5601
5602	/**
5603	* security_key_getsecurity() - Get the key's security label
5604	* @key: key
5605	* @buffer: security label buffer
5606	*
5607	* Get a textual representation of the security context attached to a key for
5608	* the purposes of honouring KEYCTL_GETSECURITY. This function allocates the
5609	* storage for the NUL-terminated string and the caller should free it.
5610	*
5611	* Return: Returns the length of @buffer (including terminating NUL) or -ve if
5612	* an error occurs. May also return 0 (and a NULL buffer pointer) if
5613	* there is no security label assigned to the key.
5614	*/
5615	int security_key_getsecurity(struct key key, char* **buffer)
5616	{
5617	*buffer = NULL;
5618	return call_int_hook(key_getsecurity, key, buffer);
5619	}
5620
5621	/**
5622	* security_key_post_create_or_update() - Notification of key create or update
5623	* @keyring: keyring to which the key is linked to
5624	* @key: created or updated key
5625	* @payload: data used to instantiate or update the key
5626	* @payload_len: length of payload
5627	* @flags: key flags
5628	* @create: flag indicating whether the key was created or updated
5629	*
5630	* Notify the caller of a key creation or update.
5631	*/
5632	void security_key_post_create_or_update(struct key keyring, struct* key *key,
5633	const void *payload, size_t payload_len,
5634	unsigned long flags, bool create)
5635	{
5636	call_void_hook(key_post_create_or_update, keyring, key, payload,
5637	payload_len, flags, create);
5638	}
5639	#endif /* CONFIG_KEYS */
5640
5641	#ifdef CONFIG_AUDIT
5642	/**
5643	* security_audit_rule_init() - Allocate and init an LSM audit rule struct
5644	* @field: audit action
5645	* @op: rule operator
5646	* @rulestr: rule context
5647	* @lsmrule: receive buffer for audit rule struct
5648	* @gfp: GFP flag used for kmalloc
5649	*
5650	* Allocate and initialize an LSM audit rule structure.
5651	*
5652	* Return: Return 0 if @lsmrule has been successfully set, -EINVAL in case of
5653	* an invalid rule.
5654	*/
5655	int security_audit_rule_init(u32 field, u32 op, char rulestr, void* **lsmrule,
5656	gfp_t gfp)
5657	{
5658	return call_int_hook(audit_rule_init, field, op, rulestr, lsmrule, gfp);
5659	}
5660
5661	/**
5662	* security_audit_rule_known() - Check if an audit rule contains LSM fields
5663	* @krule: audit rule
5664	*
5665	* Specifies whether given @krule contains any fields related to the current
5666	* LSM.
5667	*
5668	* Return: Returns 1 in case of relation found, 0 otherwise.
5669	*/
5670	int security_audit_rule_known(struct audit_krule *krule)
5671	{
5672	return call_int_hook(audit_rule_known, krule);
5673	}
5674
5675	/**
5676	* security_audit_rule_free() - Free an LSM audit rule struct
5677	* @lsmrule: audit rule struct
5678	*
5679	* Deallocate the LSM audit rule structure previously allocated by
5680	* audit_rule_init().
5681	*/
5682	void security_audit_rule_free(void *lsmrule)
5683	{
5684	call_void_hook(audit_rule_free, lsmrule);
5685	}
5686
5687	/**
5688	* security_audit_rule_match() - Check if a label matches an audit rule
5689	* @prop: security label
5690	* @field: LSM audit field
5691	* @op: matching operator
5692	* @lsmrule: audit rule
5693	*
5694	* Determine if given @secid matches a rule previously approved by
5695	* security_audit_rule_known().
5696	*
5697	* Return: Returns 1 if secid matches the rule, 0 if it does not, -ERRNO on
5698	* failure.
5699	*/
5700	int security_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op,
5701	void *lsmrule)
5702	{
5703	return call_int_hook(audit_rule_match, prop, field, op, lsmrule);
5704	}
5705	#endif /* CONFIG_AUDIT */
5706
5707	#ifdef CONFIG_BPF_SYSCALL
5708	/**
5709	* security_bpf() - Check if the bpf syscall operation is allowed
5710	* @cmd: command
5711	* @attr: bpf attribute
5712	* @size: size
5713	* @kernel: whether or not call originated from kernel
5714	*
5715	* Do a initial check for all bpf syscalls after the attribute is copied into
5716	* the kernel. The actual security module can implement their own rules to
5717	* check the specific cmd they need.
5718	*
5719	* Return: Returns 0 if permission is granted.
5720	*/
5721	int security_bpf(int cmd, union bpf_attr attr, unsigned* int size, bool kernel)
5722	{
5723	return call_int_hook(bpf, cmd, attr, size, kernel);
5724	}
5725
5726	/**
5727	* security_bpf_map() - Check if access to a bpf map is allowed
5728	* @map: bpf map
5729	* @fmode: mode
5730	*
5731	* Do a check when the kernel generates and returns a file descriptor for eBPF
5732	* maps.
5733	*
5734	* Return: Returns 0 if permission is granted.
5735	*/
5736	int security_bpf_map(struct bpf_map *map, fmode_t fmode)
5737	{
5738	return call_int_hook(bpf_map, map, fmode);
5739	}
5740
5741	/**
5742	* security_bpf_prog() - Check if access to a bpf program is allowed
5743	* @prog: bpf program
5744	*
5745	* Do a check when the kernel generates and returns a file descriptor for eBPF
5746	* programs.
5747	*
5748	* Return: Returns 0 if permission is granted.
5749	*/
5750	int security_bpf_prog(struct bpf_prog *prog)
5751	{
5752	return call_int_hook(bpf_prog, prog);
5753	}
5754
5755	/**
5756	* security_bpf_map_create() - Check if BPF map creation is allowed
5757	* @map: BPF map object
5758	* @attr: BPF syscall attributes used to create BPF map
5759	* @token: BPF token used to grant user access
5760	* @kernel: whether or not call originated from kernel
5761	*
5762	* Do a check when the kernel creates a new BPF map. This is also the
5763	* point where LSM blob is allocated for LSMs that need them.
5764	*
5765	* Return: Returns 0 on success, error on failure.
5766	*/
5767	int security_bpf_map_create(struct bpf_map map, union* bpf_attr *attr,
5768	struct bpf_token *token, bool kernel)
5769	{
5770	int rc;
5771
5772	rc = lsm_bpf_map_alloc(map);
5773	if (unlikely(rc))
5774	return rc;
5775
5776	rc = call_int_hook(bpf_map_create, map, attr, token, kernel);
5777	if (unlikely(rc))
5778	security_bpf_map_free(map);
5779	return rc;
5780	}
5781
5782	/**
5783	* security_bpf_prog_load() - Check if loading of BPF program is allowed
5784	* @prog: BPF program object
5785	* @attr: BPF syscall attributes used to create BPF program
5786	* @token: BPF token used to grant user access to BPF subsystem
5787	* @kernel: whether or not call originated from kernel
5788	*
5789	* Perform an access control check when the kernel loads a BPF program and
5790	* allocates associated BPF program object. This hook is also responsible for
5791	* allocating any required LSM state for the BPF program.
5792	*
5793	* Return: Returns 0 on success, error on failure.
5794	*/
5795	int security_bpf_prog_load(struct bpf_prog prog, union* bpf_attr *attr,
5796	struct bpf_token *token, bool kernel)
5797	{
5798	int rc;
5799
5800	rc = lsm_bpf_prog_alloc(prog);
5801	if (unlikely(rc))
5802	return rc;
5803
5804	rc = call_int_hook(bpf_prog_load, prog, attr, token, kernel);
5805	if (unlikely(rc))
5806	security_bpf_prog_free(prog);
5807	return rc;
5808	}
5809
5810	/**
5811	* security_bpf_token_create() - Check if creating of BPF token is allowed
5812	* @token: BPF token object
5813	* @attr: BPF syscall attributes used to create BPF token
5814	* @path: path pointing to BPF FS mount point from which BPF token is created
5815	*
5816	* Do a check when the kernel instantiates a new BPF token object from BPF FS
5817	* instance. This is also the point where LSM blob can be allocated for LSMs.
5818	*
5819	* Return: Returns 0 on success, error on failure.
5820	*/
5821	int security_bpf_token_create(struct bpf_token token, union* bpf_attr *attr,
5822	const struct path *path)
5823	{
5824	int rc;
5825
5826	rc = lsm_bpf_token_alloc(token);
5827	if (unlikely(rc))
5828	return rc;
5829
5830	rc = call_int_hook(bpf_token_create, token, attr, path);
5831	if (unlikely(rc))
5832	security_bpf_token_free(token);
5833	return rc;
5834	}
5835
5836	/**
5837	* security_bpf_token_cmd() - Check if BPF token is allowed to delegate
5838	* requested BPF syscall command
5839	* @token: BPF token object
5840	* @cmd: BPF syscall command requested to be delegated by BPF token
5841	*
5842	* Do a check when the kernel decides whether provided BPF token should allow
5843	* delegation of requested BPF syscall command.
5844	*
5845	* Return: Returns 0 on success, error on failure.
5846	*/
5847	int security_bpf_token_cmd(const struct bpf_token token, enum* bpf_cmd cmd)
5848	{
5849	return call_int_hook(bpf_token_cmd, token, cmd);
5850	}
5851
5852	/**
5853	* security_bpf_token_capable() - Check if BPF token is allowed to delegate
5854	* requested BPF-related capability
5855	* @token: BPF token object
5856	* @cap: capabilities requested to be delegated by BPF token
5857	*
5858	* Do a check when the kernel decides whether provided BPF token should allow
5859	* delegation of requested BPF-related capabilities.
5860	*
5861	* Return: Returns 0 on success, error on failure.
5862	*/
5863	int security_bpf_token_capable(const struct bpf_token token, int* cap)
5864	{
5865	return call_int_hook(bpf_token_capable, token, cap);
5866	}
5867
5868	/**
5869	* security_bpf_map_free() - Free a bpf map's LSM blob
5870	* @map: bpf map
5871	*
5872	* Clean up the security information stored inside bpf map.
5873	*/
5874	void security_bpf_map_free(struct bpf_map *map)
5875	{
5876	call_void_hook(bpf_map_free, map);
5877	kfree(map->security);
5878	map->security = NULL;
5879	}
5880
5881	/**
5882	* security_bpf_prog_free() - Free a BPF program's LSM blob
5883	* @prog: BPF program struct
5884	*
5885	* Clean up the security information stored inside BPF program.
5886	*/
5887	void security_bpf_prog_free(struct bpf_prog *prog)
5888	{
5889	call_void_hook(bpf_prog_free, prog);
5890	kfree(prog->aux->security);
5891	prog->aux->security = NULL;
5892	}
5893
5894	/**
5895	* security_bpf_token_free() - Free a BPF token's LSM blob
5896	* @token: BPF token struct
5897	*
5898	* Clean up the security information stored inside BPF token.
5899	*/
5900	void security_bpf_token_free(struct bpf_token *token)
5901	{
5902	call_void_hook(bpf_token_free, token);
5903	kfree(token->security);
5904	token->security = NULL;
5905	}
5906	#endif /* CONFIG_BPF_SYSCALL */
5907
5908	/**
5909	* security_locked_down() - Check if a kernel feature is allowed
5910	* @what: requested kernel feature
5911	*
5912	* Determine whether a kernel feature that potentially enables arbitrary code
5913	* execution in kernel space should be permitted.
5914	*
5915	* Return: Returns 0 if permission is granted.
5916	*/
5917	int security_locked_down(enum lockdown_reason what)
5918	{
5919	return call_int_hook(locked_down, what);
5920	}
5921	EXPORT_SYMBOL(security_locked_down);
5922
5923	/**
5924	* security_bdev_alloc() - Allocate a block device LSM blob
5925	* @bdev: block device
5926	*
5927	* Allocate and attach a security structure to @bdev->bd_security. The
5928	* security field is initialized to NULL when the bdev structure is
5929	* allocated.
5930	*
5931	* Return: Return 0 if operation was successful.
5932	*/
5933	int security_bdev_alloc(struct block_device *bdev)
5934	{
5935	int rc = `0`;
5936
5937	rc = lsm_bdev_alloc(bdev);
5938	if (unlikely(rc))
5939	return rc;
5940
5941	rc = call_int_hook(bdev_alloc_security, bdev);
5942	if (unlikely(rc))
5943	security_bdev_free(bdev);
5944
5945	return rc;
5946	}
5947	EXPORT_SYMBOL(security_bdev_alloc);
5948
5949	/**
5950	* security_bdev_free() - Free a block device's LSM blob
5951	* @bdev: block device
5952	*
5953	* Deallocate the bdev security structure and set @bdev->bd_security to NULL.
5954	*/
5955	void security_bdev_free(struct block_device *bdev)
5956	{
5957	if (!bdev->bd_security)
5958	return;
5959
5960	call_void_hook(bdev_free_security, bdev);
5961
5962	kfree(objp: bdev->bd_security);
5963	bdev->bd_security = NULL;
5964	}
5965	EXPORT_SYMBOL(security_bdev_free);
5966
5967	/**
5968	* security_bdev_setintegrity() - Set the device's integrity data
5969	* @bdev: block device
5970	* @type: type of integrity, e.g. hash digest, signature, etc
5971	* @value: the integrity value
5972	* @size: size of the integrity value
5973	*
5974	* Register a verified integrity measurement of a bdev with LSMs.
5975	* LSMs should free the previously saved data if @value is NULL.
5976	* Please note that the new hook should be invoked every time the security
5977	* information is updated to keep these data current. For example, in dm-verity,
5978	* if the mapping table is reloaded and configured to use a different dm-verity
5979	* target with a new roothash and signing information, the previously stored
5980	* data in the LSM blob will become obsolete. It is crucial to re-invoke the
5981	* hook to refresh these data and ensure they are up to date. This necessity
5982	* arises from the design of device-mapper, where a device-mapper device is
5983	* first created, and then targets are subsequently loaded into it. These
5984	* targets can be modified multiple times during the device's lifetime.
5985	* Therefore, while the LSM blob is allocated during the creation of the block
5986	* device, its actual contents are not initialized at this stage and can change
5987	* substantially over time. This includes alterations from data that the LSMs
5988	* 'trusts' to those they do not, making it essential to handle these changes
5989	* correctly. Failure to address this dynamic aspect could potentially allow
5990	* for bypassing LSM checks.
5991	*
5992	* Return: Returns 0 on success, negative values on failure.
5993	*/
5994	int security_bdev_setintegrity(struct block_device *bdev,
5995	enum lsm_integrity_type type, const void *value,
5996	size_t size)
5997	{
5998	return call_int_hook(bdev_setintegrity, bdev, type, value, size);
5999	}
6000	EXPORT_SYMBOL(security_bdev_setintegrity);
6001
6002	#ifdef CONFIG_PERF_EVENTS
6003	/**
6004	* security_perf_event_open() - Check if a perf event open is allowed
6005	* @type: type of event
6006	*
6007	* Check whether the @type of perf_event_open syscall is allowed.
6008	*
6009	* Return: Returns 0 if permission is granted.
6010	*/
6011	int security_perf_event_open(int type)
6012	{
6013	return call_int_hook(perf_event_open, type);
6014	}
6015
6016	/**
6017	* security_perf_event_alloc() - Allocate a perf event LSM blob
6018	* @event: perf event
6019	*
6020	* Allocate and save perf_event security info.
6021	*
6022	* Return: Returns 0 on success, error on failure.
6023	*/
6024	int security_perf_event_alloc(struct perf_event *event)
6025	{
6026	int rc;
6027
6028	rc = lsm_blob_alloc(dest: &event->security, size: blob_sizes.lbs_perf_event,
6029	GFP_KERNEL);
6030	if (rc)
6031	return rc;
6032
6033	rc = call_int_hook(perf_event_alloc, event);
6034	if (rc) {
6035	kfree(objp: event->security);
6036	event->security = NULL;
6037	}
6038	return rc;
6039	}
6040
6041	/**
6042	* security_perf_event_free() - Free a perf event LSM blob
6043	* @event: perf event
6044	*
6045	* Release (free) perf_event security info.
6046	*/
6047	void security_perf_event_free(struct perf_event *event)
6048	{
6049	kfree(objp: event->security);
6050	event->security = NULL;
6051	}
6052
6053	/**
6054	* security_perf_event_read() - Check if reading a perf event label is allowed
6055	* @event: perf event
6056	*
6057	* Read perf_event security info if allowed.
6058	*
6059	* Return: Returns 0 if permission is granted.
6060	*/
6061	int security_perf_event_read(struct perf_event *event)
6062	{
6063	return call_int_hook(perf_event_read, event);
6064	}
6065
6066	/**
6067	* security_perf_event_write() - Check if writing a perf event label is allowed
6068	* @event: perf event
6069	*
6070	* Write perf_event security info if allowed.
6071	*
6072	* Return: Returns 0 if permission is granted.
6073	*/
6074	int security_perf_event_write(struct perf_event *event)
6075	{
6076	return call_int_hook(perf_event_write, event);
6077	}
6078	#endif /* CONFIG_PERF_EVENTS */
6079
6080	#ifdef CONFIG_IO_URING
6081	/**
6082	* security_uring_override_creds() - Check if overriding creds is allowed
6083	* @new: new credentials
6084	*
6085	* Check if the current task, executing an io_uring operation, is allowed to
6086	* override it's credentials with @new.
6087	*
6088	* Return: Returns 0 if permission is granted.
6089	*/
6090	int security_uring_override_creds(const struct cred *new)
6091	{
6092	return call_int_hook(uring_override_creds, new);
6093	}
6094
6095	/**
6096	* security_uring_sqpoll() - Check if IORING_SETUP_SQPOLL is allowed
6097	*
6098	* Check whether the current task is allowed to spawn a io_uring polling thread
6099	* (IORING_SETUP_SQPOLL).
6100	*
6101	* Return: Returns 0 if permission is granted.
6102	*/
6103	int security_uring_sqpoll(void)
6104	{
6105	return call_int_hook(uring_sqpoll);
6106	}
6107
6108	/**
6109	* security_uring_cmd() - Check if a io_uring passthrough command is allowed
6110	* @ioucmd: command
6111	*
6112	* Check whether the file_operations uring_cmd is allowed to run.
6113	*
6114	* Return: Returns 0 if permission is granted.
6115	*/
6116	int security_uring_cmd(struct io_uring_cmd *ioucmd)
6117	{
6118	return call_int_hook(uring_cmd, ioucmd);
6119	}
6120
6121	/**
6122	* security_uring_allowed() - Check if io_uring_setup() is allowed
6123	*
6124	* Check whether the current task is allowed to call io_uring_setup().
6125	*
6126	* Return: Returns 0 if permission is granted.
6127	*/
6128	int security_uring_allowed(void)
6129	{
6130	return call_int_hook(uring_allowed);
6131	}
6132	#endif /* CONFIG_IO_URING */
6133
6134	/**
6135	* security_initramfs_populated() - Notify LSMs that initramfs has been loaded
6136	*
6137	* Tells the LSMs the initramfs has been unpacked into the rootfs.
6138	*/
6139	void security_initramfs_populated(void)
6140	{
6141	call_void_hook(initramfs_populated);
6142	}
6143

Browse the source code of Linux/security/security.c