gmac get mac form eeprom

hc

2024-05-10 37f49e37ab4cb5d0bc4c60eb5c6d4dd57db767bb

 kernel/include/linux/security.h
..
..
@@ -23,6 +23,7 @@
23
23
 #ifndef __LINUX_SECURITY_H
24
24
 #define __LINUX_SECURITY_H
25
25
 
26
+#include <linux/kernel_read_file.h>
26
27
 #include <linux/key.h>
27
28
 #include <linux/capability.h>
28
29
 #include <linux/fs.h>
..
..
@@ -30,12 +31,11 @@
30
31
 #include <linux/err.h>
31
32
 #include <linux/string.h>
32
33
 #include <linux/mm.h>
33
-#include <linux/fs.h>
34
34
 
35
35
 struct linux_binprm;
36
36
 struct cred;
37
37
 struct rlimit;
38
-struct siginfo;
38
+struct kernel_siginfo;
39
39
 struct sembuf;
40
40
 struct kern_ipc_perm;
41
41
 struct audit_context;
..
..
@@ -51,8 +51,14 @@
51
51
 struct file_operations;
52
52
 struct msg_msg;
53
53
 struct xattr;
54
+struct kernfs_node;
54
55
 struct xfrm_sec_ctx;
55
56
 struct mm_struct;
57
+struct fs_context;
58
+struct fs_parameter;
59
+enum fs_value_type;
60
+struct watch;
61
+struct watch_notification;
56
62
 
57
63
 /* Default (no) options for the capable function */
58
64
 #define CAP_OPT_NONE 0x0
..
..
@@ -61,7 +67,7 @@
61
67
 /* If capable is being called by a setid function */
62
68
 #define CAP_OPT_INSETID BIT(2)
63
69
 
64
-/* LSM Agnostic defines for sb_set_mnt_opts */
70
+/* LSM Agnostic defines for fs_context::lsm_flags */
65
71
 #define SECURITY_LSM_NATIVE_LABELS	1
66
72
 
67
73
 struct ctl_table;
..
..
@@ -71,6 +77,60 @@
71
77
 
72
78
 enum lsm_event {
73
79
 	LSM_POLICY_CHANGE,
80
+};
81
+
82
+/*
83
+ * These are reasons that can be passed to the security_locked_down()
84
+ * LSM hook. Lockdown reasons that protect kernel integrity (ie, the
85
+ * ability for userland to modify kernel code) are placed before
86
+ * LOCKDOWN_INTEGRITY_MAX.  Lockdown reasons that protect kernel
87
+ * confidentiality (ie, the ability for userland to extract
88
+ * information from the running kernel that would otherwise be
89
+ * restricted) are placed before LOCKDOWN_CONFIDENTIALITY_MAX.
90
+ *
91
+ * LSM authors should note that the semantics of any given lockdown
92
+ * reason are not guaranteed to be stable - the same reason may block
93
+ * one set of features in one kernel release, and a slightly different
94
+ * set of features in a later kernel release. LSMs that seek to expose
95
+ * lockdown policy at any level of granularity other than "none",
96
+ * "integrity" or "confidentiality" are responsible for either
97
+ * ensuring that they expose a consistent level of functionality to
98
+ * userland, or ensuring that userland is aware that this is
99
+ * potentially a moving target. It is easy to misuse this information
100
+ * in a way that could break userspace. Please be careful not to do
101
+ * so.
102
+ *
103
+ * If you add to this, remember to extend lockdown_reasons in
104
+ * security/lockdown/lockdown.c.
105
+ */
106
+enum lockdown_reason {
107
+	LOCKDOWN_NONE,
108
+	LOCKDOWN_MODULE_SIGNATURE,
109
+	LOCKDOWN_DEV_MEM,
110
+	LOCKDOWN_EFI_TEST,
111
+	LOCKDOWN_KEXEC,
112
+	LOCKDOWN_HIBERNATION,
113
+	LOCKDOWN_PCI_ACCESS,
114
+	LOCKDOWN_IOPORT,
115
+	LOCKDOWN_MSR,
116
+	LOCKDOWN_ACPI_TABLES,
117
+	LOCKDOWN_PCMCIA_CIS,
118
+	LOCKDOWN_TIOCSSERIAL,
119
+	LOCKDOWN_MODULE_PARAMETERS,
120
+	LOCKDOWN_MMIOTRACE,
121
+	LOCKDOWN_DEBUGFS,
122
+	LOCKDOWN_XMON_WR,
123
+	LOCKDOWN_BPF_WRITE_USER,
124
+	LOCKDOWN_DBG_WRITE_KERNEL,
125
+	LOCKDOWN_INTEGRITY_MAX,
126
+	LOCKDOWN_KCORE,
127
+	LOCKDOWN_KPROBES,
128
+	LOCKDOWN_BPF_READ,
129
+	LOCKDOWN_DBG_READ_KERNEL,
130
+	LOCKDOWN_PERF,
131
+	LOCKDOWN_TRACEFS,
132
+	LOCKDOWN_XMON_RW,
133
+	LOCKDOWN_CONFIDENTIALITY_MAX,
74
134
 };
75
135
 
76
136
 /* These functions are in security/commoncap.c */
..
..
@@ -84,7 +144,7 @@
84
144
 		      const kernel_cap_t *effective,
85
145
 		      const kernel_cap_t *inheritable,
86
146
 		      const kernel_cap_t *permitted);
87
-extern int cap_bprm_set_creds(struct linux_binprm *bprm);
147
+extern int cap_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file);
88
148
 extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
89
149
 			      const void *value, size_t size, int flags);
90
150
 extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
..
..
@@ -108,7 +168,7 @@
108
168
 struct sock;
109
169
 struct sockaddr;
110
170
 struct socket;
111
-struct flowi;
171
+struct flowi_common;
112
172
 struct dst_entry;
113
173
 struct xfrm_selector;
114
174
 struct xfrm_policy;
..
..
@@ -155,7 +215,7 @@
155
215
 
156
216
 #ifdef CONFIG_MMU
157
217
 extern int mmap_min_addr_handler(struct ctl_table *table, int write,
158
-				 void __user *buffer, size_t *lenp, loff_t *ppos);
218
+				 void *buffer, size_t *lenp, loff_t *ppos);
159
219
 #endif
160
220
 
161
221
 /* security_inode_init_security callback function to write xattrs */
..
..
@@ -185,38 +245,13 @@
185
245
 
186
246
 #ifdef CONFIG_SECURITY
187
247
 
188
-struct security_mnt_opts {
189
-	char **mnt_opts;
190
-	int *mnt_opts_flags;
191
-	int num_mnt_opts;
192
-};
193
-
194
-int call_lsm_notifier(enum lsm_event event, void *data);
195
-int register_lsm_notifier(struct notifier_block *nb);
196
-int unregister_lsm_notifier(struct notifier_block *nb);
197
-
198
-static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
199
-{
200
-	opts->mnt_opts = NULL;
201
-	opts->mnt_opts_flags = NULL;
202
-	opts->num_mnt_opts = 0;
203
-}
204
-
205
-static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
206
-{
207
-	int i;
208
-	if (opts->mnt_opts)
209
-		for (i = 0; i < opts->num_mnt_opts; i++)
210
-			kfree(opts->mnt_opts[i]);
211
-	kfree(opts->mnt_opts);
212
-	opts->mnt_opts = NULL;
213
-	kfree(opts->mnt_opts_flags);
214
-	opts->mnt_opts_flags = NULL;
215
-	opts->num_mnt_opts = 0;
216
-}
248
+int call_blocking_lsm_notifier(enum lsm_event event, void *data);
249
+int register_blocking_lsm_notifier(struct notifier_block *nb);
250
+int unregister_blocking_lsm_notifier(struct notifier_block *nb);
217
251
 
218
252
 /* prototypes */
219
253
 extern int security_init(void);
254
+extern int early_security_init(void);
220
255
 
221
256
 /* Security operations */
222
257
 int security_binder_set_context_mgr(const struct cred *mgr);
..
..
@@ -245,15 +280,19 @@
245
280
 int security_syslog(int type);
246
281
 int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
247
282
 int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
248
-int security_bprm_set_creds(struct linux_binprm *bprm);
283
+int security_bprm_creds_for_exec(struct linux_binprm *bprm);
284
+int security_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file);
249
285
 int security_bprm_check(struct linux_binprm *bprm);
250
286
 void security_bprm_committing_creds(struct linux_binprm *bprm);
251
287
 void security_bprm_committed_creds(struct linux_binprm *bprm);
288
+int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc);
289
+int security_fs_context_parse_param(struct fs_context *fc, struct fs_parameter *param);
252
290
 int security_sb_alloc(struct super_block *sb);
253
291
 void security_sb_free(struct super_block *sb);
254
-int security_sb_copy_data(char *orig, char *copy);
255
-int security_sb_remount(struct super_block *sb, void *data);
256
-int security_sb_kern_mount(struct super_block *sb, int flags, void *data);
292
+void security_free_mnt_opts(void **mnt_opts);
293
+int security_sb_eat_lsm_opts(char *options, void **mnt_opts);
294
+int security_sb_remount(struct super_block *sb, void *mnt_opts);
295
+int security_sb_kern_mount(struct super_block *sb);
257
296
 int security_sb_show_options(struct seq_file *m, struct super_block *sb);
258
297
 int security_sb_statfs(struct dentry *dentry);
259
298
 int security_sb_mount(const char *dev_name, const struct path *path,
..
..
@@ -261,14 +300,16 @@
261
300
 int security_sb_umount(struct vfsmount *mnt, int flags);
262
301
 int security_sb_pivotroot(const struct path *old_path, const struct path *new_path);
263
302
 int security_sb_set_mnt_opts(struct super_block *sb,
264
-				struct security_mnt_opts *opts,
303
+				void *mnt_opts,
265
304
 				unsigned long kern_flags,
266
305
 				unsigned long *set_kern_flags);
267
306
 int security_sb_clone_mnt_opts(const struct super_block *oldsb,
268
307
 				struct super_block *newsb,
269
308
 				unsigned long kern_flags,
270
309
 				unsigned long *set_kern_flags);
271
-int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts);
310
+int security_add_mnt_opt(const char *option, const char *val,
311
+				int len, void **mnt_opts);
312
+int security_move_mount(const struct path *from_path, const struct path *to_path);
272
313
 int security_dentry_init_security(struct dentry *dentry, int mode,
273
314
 					const struct qstr *name, void **ctx,
274
315
 					u32 *ctxlen);
..
..
@@ -276,12 +317,16 @@
276
317
 					struct qstr *name,
277
318
 					const struct cred *old,
278
319
 					struct cred *new);
279
-
320
+int security_path_notify(const struct path *path, u64 mask,
321
+					unsigned int obj_type);
280
322
 int security_inode_alloc(struct inode *inode);
281
323
 void security_inode_free(struct inode *inode);
282
324
 int security_inode_init_security(struct inode *inode, struct inode *dir,
283
325
 				 const struct qstr *qstr,
284
326
 				 initxattrs initxattrs, void *fs_data);
327
+int security_inode_init_security_anon(struct inode *inode,
328
+				      const struct qstr *name,
329
+				      const struct inode *context_inode);
285
330
 int security_old_inode_init_security(struct inode *inode, struct inode *dir,
286
331
 				     const struct qstr *qstr, const char **name,
287
332
 				     void **value, size_t *len);
..
..
@@ -318,6 +363,8 @@
318
363
 void security_inode_getsecid(struct inode *inode, u32 *secid);
319
364
 int security_inode_copy_up(struct dentry *src, struct cred **new);
320
365
 int security_inode_copy_up_xattr(const char *name);
366
+int security_kernfs_init_security(struct kernfs_node *kn_dir,
367
+				  struct kernfs_node *kn);
321
368
 int security_file_permission(struct file *file, int mask);
322
369
 int security_file_alloc(struct file *file);
323
370
 void security_file_free(struct file *file);
..
..
@@ -344,11 +391,17 @@
344
391
 int security_kernel_act_as(struct cred *new, u32 secid);
345
392
 int security_kernel_create_files_as(struct cred *new, struct inode *inode);
346
393
 int security_kernel_module_request(char *kmod_name);
347
-int security_kernel_load_data(enum kernel_load_data_id id);
348
-int security_kernel_read_file(struct file *file, enum kernel_read_file_id id);
394
+int security_kernel_load_data(enum kernel_load_data_id id, bool contents);
395
+int security_kernel_post_load_data(char *buf, loff_t size,
396
+				   enum kernel_load_data_id id,
397
+				   char *description);
398
+int security_kernel_read_file(struct file *file, enum kernel_read_file_id id,
399
+			      bool contents);
349
400
 int security_kernel_post_read_file(struct file *file, char *buf, loff_t size,
350
401
 				   enum kernel_read_file_id id);
351
402
 int security_task_fix_setuid(struct cred *new, const struct cred *old,
403
+			     int flags);
404
+int security_task_fix_setgid(struct cred *new, const struct cred *old,
352
405
 			     int flags);
353
406
 int security_task_setpgid(struct task_struct *p, pid_t pgid);
354
407
 int security_task_getpgid(struct task_struct *p);
..
..
@@ -364,7 +417,7 @@
364
417
 int security_task_setscheduler(struct task_struct *p);
365
418
 int security_task_getscheduler(struct task_struct *p);
366
419
 int security_task_movememory(struct task_struct *p);
367
-int security_task_kill(struct task_struct *p, struct siginfo *info,
420
+int security_task_kill(struct task_struct *p, struct kernel_siginfo *info,
368
421
 			int sig, const struct cred *cred);
369
422
 int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
370
423
 			unsigned long arg4, unsigned long arg5);
..
..
@@ -393,42 +446,38 @@
393
446
 int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops,
394
447
 			unsigned nsops, int alter);
395
448
 void security_d_instantiate(struct dentry *dentry, struct inode *inode);
396
-int security_getprocattr(struct task_struct *p, char *name, char **value);
397
-int security_setprocattr(const char *name, void *value, size_t size);
449
+int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
450
+			 char **value);
451
+int security_setprocattr(const char *lsm, const char *name, void *value,
452
+			 size_t size);
398
453
 int security_netlink_send(struct sock *sk, struct sk_buff *skb);
399
454
 int security_ismaclabel(const char *name);
400
455
 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
401
456
 int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
402
457
 void security_release_secctx(char *secdata, u32 seclen);
403
-
404
458
 void security_inode_invalidate_secctx(struct inode *inode);
405
459
 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
406
460
 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
407
461
 int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
462
+int security_locked_down(enum lockdown_reason what);
408
463
 #else /* CONFIG_SECURITY */
409
-struct security_mnt_opts {
410
-};
411
464
 
412
-static inline int call_lsm_notifier(enum lsm_event event, void *data)
465
+static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data)
413
466
 {
414
467
 	return 0;
415
468
 }
416
469
 
417
-static inline int register_lsm_notifier(struct notifier_block *nb)
470
+static inline int register_blocking_lsm_notifier(struct notifier_block *nb)
418
471
 {
419
472
 	return 0;
420
473
 }
421
474
 
422
-static inline  int unregister_lsm_notifier(struct notifier_block *nb)
475
+static inline  int unregister_blocking_lsm_notifier(struct notifier_block *nb)
423
476
 {
424
477
 	return 0;
425
478
 }
426
479
 
427
-static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
428
-{
429
-}
430
-
431
-static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
480
+static inline void security_free_mnt_opts(void **mnt_opts)
432
481
 {
433
482
 }
434
483
 
..
..
@@ -438,6 +487,11 @@
438
487
  */
439
488
 
440
489
 static inline int security_init(void)
490
+{
491
+	return 0;
492
+}
493
+
494
+static inline int early_security_init(void)
441
495
 {
442
496
 	return 0;
443
497
 }
..
..
@@ -529,9 +583,15 @@
529
583
 	return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages));
530
584
 }
531
585
 
532
-static inline int security_bprm_set_creds(struct linux_binprm *bprm)
586
+static inline int security_bprm_creds_for_exec(struct linux_binprm *bprm)
533
587
 {
534
-	return cap_bprm_set_creds(bprm);
588
+	return 0;
589
+}
590
+
591
+static inline int security_bprm_creds_from_file(struct linux_binprm *bprm,
592
+						struct file *file)
593
+{
594
+	return cap_bprm_creds_from_file(bprm, file);
535
595
 }
536
596
 
537
597
 static inline int security_bprm_check(struct linux_binprm *bprm)
..
..
@@ -547,6 +607,17 @@
547
607
 {
548
608
 }
549
609
 
610
+static inline int security_fs_context_dup(struct fs_context *fc,
611
+					  struct fs_context *src_fc)
612
+{
613
+	return 0;
614
+}
615
+static inline int security_fs_context_parse_param(struct fs_context *fc,
616
+						  struct fs_parameter *param)
617
+{
618
+	return -ENOPARAM;
619
+}
620
+
550
621
 static inline int security_sb_alloc(struct super_block *sb)
551
622
 {
552
623
 	return 0;
..
..
@@ -555,17 +626,19 @@
555
626
 static inline void security_sb_free(struct super_block *sb)
556
627
 { }
557
628
 
558
-static inline int security_sb_copy_data(char *orig, char *copy)
629
+static inline int security_sb_eat_lsm_opts(char *options,
630
+					   void **mnt_opts)
559
631
 {
560
632
 	return 0;
561
633
 }
562
634
 
563
-static inline int security_sb_remount(struct super_block *sb, void *data)
635
+static inline int security_sb_remount(struct super_block *sb,
636
+				      void *mnt_opts)
564
637
 {
565
638
 	return 0;
566
639
 }
567
640
 
568
-static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
641
+static inline int security_sb_kern_mount(struct super_block *sb)
569
642
 {
570
643
 	return 0;
571
644
 }
..
..
@@ -600,7 +673,7 @@
600
673
 }
601
674
 
602
675
 static inline int security_sb_set_mnt_opts(struct super_block *sb,
603
-					   struct security_mnt_opts *opts,
676
+					   void *mnt_opts,
604
677
 					   unsigned long kern_flags,
605
678
 					   unsigned long *set_kern_flags)
606
679
 {
..
..
@@ -615,7 +688,20 @@
615
688
 	return 0;
616
689
 }
617
690
 
618
-static inline int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
691
+static inline int security_add_mnt_opt(const char *option, const char *val,
692
+					int len, void **mnt_opts)
693
+{
694
+	return 0;
695
+}
696
+
697
+static inline int security_move_mount(const struct path *from_path,
698
+				      const struct path *to_path)
699
+{
700
+	return 0;
701
+}
702
+
703
+static inline int security_path_notify(const struct path *path, u64 mask,
704
+				unsigned int obj_type)
619
705
 {
620
706
 	return 0;
621
707
 }
..
..
@@ -651,6 +737,13 @@
651
737
 						const struct qstr *qstr,
652
738
 						const initxattrs xattrs,
653
739
 						void *fs_data)
740
+{
741
+	return 0;
742
+}
743
+
744
+static inline int security_inode_init_security_anon(struct inode *inode,
745
+						    const struct qstr *name,
746
+						    const struct inode *context_inode)
654
747
 {
655
748
 	return 0;
656
749
 }
..
..
@@ -810,6 +903,12 @@
810
903
 	return 0;
811
904
 }
812
905
 
906
+static inline int security_kernfs_init_security(struct kernfs_node *kn_dir,
907
+						struct kernfs_node *kn)
908
+{
909
+	return 0;
910
+}
911
+
813
912
 static inline int security_inode_copy_up_xattr(const char *name)
814
913
 {
815
914
 	return -EOPNOTSUPP;
..
..
@@ -935,13 +1034,21 @@
935
1034
 	return 0;
936
1035
 }
937
1036
 
938
-static inline int security_kernel_load_data(enum kernel_load_data_id id)
1037
+static inline int security_kernel_load_data(enum kernel_load_data_id id, bool contents)
1038
+{
1039
+	return 0;
1040
+}
1041
+
1042
+static inline int security_kernel_post_load_data(char *buf, loff_t size,
1043
+						 enum kernel_load_data_id id,
1044
+						 char *description)
939
1045
 {
940
1046
 	return 0;
941
1047
 }
942
1048
 
943
1049
 static inline int security_kernel_read_file(struct file *file,
944
-					    enum kernel_read_file_id id)
1050
+					    enum kernel_read_file_id id,
1051
+					    bool contents)
945
1052
 {
946
1053
 	return 0;
947
1054
 }
..
..
@@ -958,6 +1065,13 @@
958
1065
 					   int flags)
959
1066
 {
960
1067
 	return cap_task_fix_setuid(new, old, flags);
1068
+}
1069
+
1070
+static inline int security_task_fix_setgid(struct cred *new,
1071
+					   const struct cred *old,
1072
+					   int flags)
1073
+{
1074
+	return 0;
961
1075
 }
962
1076
 
963
1077
 static inline int security_task_setpgid(struct task_struct *p, pid_t pgid)
..
..
@@ -1025,7 +1139,7 @@
1025
1139
 }
1026
1140
 
1027
1141
 static inline int security_task_kill(struct task_struct *p,
1028
-				     struct siginfo *info, int sig,
1142
+				     struct kernel_siginfo *info, int sig,
1029
1143
 				     const struct cred *cred)
1030
1144
 {
1031
1145
 	return 0;
..
..
@@ -1144,15 +1258,18 @@
1144
1258
 	return 0;
1145
1259
 }
1146
1260
 
1147
-static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode)
1261
+static inline void security_d_instantiate(struct dentry *dentry,
1262
+					  struct inode *inode)
1148
1263
 { }
1149
1264
 
1150
-static inline int security_getprocattr(struct task_struct *p, char *name, char **value)
1265
+static inline int security_getprocattr(struct task_struct *p, const char *lsm,
1266
+				       char *name, char **value)
1151
1267
 {
1152
1268
 	return -EINVAL;
1153
1269
 }
1154
1270
 
1155
-static inline int security_setprocattr(char *name, void *value, size_t size)
1271
+static inline int security_setprocattr(const char *lsm, char *name,
1272
+				       void *value, size_t size)
1156
1273
 {
1157
1274
 	return -EINVAL;
1158
1275
 }
..
..
@@ -1199,7 +1316,33 @@
1199
1316
 {
1200
1317
 	return -EOPNOTSUPP;
1201
1318
 }
1319
+static inline int security_locked_down(enum lockdown_reason what)
1320
+{
1321
+	return 0;
1322
+}
1202
1323
 #endif	/* CONFIG_SECURITY */
1324
+
1325
+#if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)
1326
+int security_post_notification(const struct cred *w_cred,
1327
+			       const struct cred *cred,
1328
+			       struct watch_notification *n);
1329
+#else
1330
+static inline int security_post_notification(const struct cred *w_cred,
1331
+					     const struct cred *cred,
1332
+					     struct watch_notification *n)
1333
+{
1334
+	return 0;
1335
+}
1336
+#endif
1337
+
1338
+#if defined(CONFIG_SECURITY) && defined(CONFIG_KEY_NOTIFICATIONS)
1339
+int security_watch_key(struct key *key);
1340
+#else
1341
+static inline int security_watch_key(struct key *key)
1342
+{
1343
+	return 0;
1344
+}
1345
+#endif
1203
1346
 
1204
1347
 #ifdef CONFIG_SECURITY_NETWORK
1205
1348
 
..
..
@@ -1228,8 +1371,9 @@
1228
1371
 int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
1229
1372
 void security_sk_free(struct sock *sk);
1230
1373
 void security_sk_clone(const struct sock *sk, struct sock *newsk);
1231
-void security_sk_classify_flow(struct sock *sk, struct flowi *fl);
1232
-void security_req_classify_flow(const struct request_sock *req, struct flowi *fl);
1374
+void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic);
1375
+void security_req_classify_flow(const struct request_sock *req,
1376
+				struct flowi_common *flic);
1233
1377
 void security_sock_graft(struct sock*sk, struct socket *parent);
1234
1378
 int security_inet_conn_request(struct sock *sk,
1235
1379
 			struct sk_buff *skb, struct request_sock *req);
..
..
@@ -1380,11 +1524,13 @@
1380
1524
 {
1381
1525
 }
1382
1526
 
1383
-static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
1527
+static inline void security_sk_classify_flow(struct sock *sk,
1528
+					     struct flowi_common *flic)
1384
1529
 {
1385
1530
 }
1386
1531
 
1387
-static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
1532
+static inline void security_req_classify_flow(const struct request_sock *req,
1533
+					      struct flowi_common *flic)
1388
1534
 {
1389
1535
 }
1390
1536
 
..
..
@@ -1511,9 +1657,9 @@
1511
1657
 int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
1512
1658
 int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
1513
1659
 				       struct xfrm_policy *xp,
1514
-				       const struct flowi *fl);
1660
+				       const struct flowi_common *flic);
1515
1661
 int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid);
1516
-void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl);
1662
+void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic);
1517
1663
 
1518
1664
 #else	/* CONFIG_SECURITY_NETWORK_XFRM */
1519
1665
 
..
..
@@ -1565,7 +1711,8 @@
1565
1711
 }
1566
1712
 
1567
1713
 static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
1568
-			struct xfrm_policy *xp, const struct flowi *fl)
1714
+						     struct xfrm_policy *xp,
1715
+						     const struct flowi_common *flic)
1569
1716
 {
1570
1717
 	return 1;
1571
1718
 }
..
..
@@ -1575,7 +1722,8 @@
1575
1722
 	return 0;
1576
1723
 }
1577
1724
 
1578
-static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
1725
+static inline void security_skb_classify_flow(struct sk_buff *skb,
1726
+					      struct flowi_common *flic)
1579
1727
 {
1580
1728
 }
1581
1729
 
..
..
@@ -1669,8 +1817,8 @@
1669
1817
 
1670
1818
 int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags);
1671
1819
 void security_key_free(struct key *key);
1672
-int security_key_permission(key_ref_t key_ref,
1673
-			    const struct cred *cred, unsigned perm);
1820
+int security_key_permission(key_ref_t key_ref, const struct cred *cred,
1821
+			    enum key_need_perm need_perm);
1674
1822
 int security_key_getsecurity(struct key *key, char **_buffer);
1675
1823
 
1676
1824
 #else
..
..
@@ -1688,7 +1836,7 @@
1688
1836
 
1689
1837
 static inline int security_key_permission(key_ref_t key_ref,
1690
1838
 					  const struct cred *cred,
1691
-					  unsigned perm)
1839
+					  enum key_need_perm need_perm)
1692
1840
 {
1693
1841
 	return 0;
1694
1842
 }
..
..
@@ -1706,8 +1854,7 @@
1706
1854
 #ifdef CONFIG_SECURITY
1707
1855
 int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
1708
1856
 int security_audit_rule_known(struct audit_krule *krule);
1709
-int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
1710
-			      struct audit_context *actx);
1857
+int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule);
1711
1858
 void security_audit_rule_free(void *lsmrule);
1712
1859
 
1713
1860
 #else
..
..
@@ -1724,7 +1871,7 @@
1724
1871
 }
1725
1872
 
1726
1873
 static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
1727
-				   void *lsmrule, struct audit_context *actx)
1874
+					    void *lsmrule)
1728
1875
 {
1729
1876
 	return 0;
1730
1877
 }
..
..
@@ -1824,29 +1971,6 @@
1824
1971
 { }
1825
1972
 #endif /* CONFIG_SECURITY */
1826
1973
 #endif /* CONFIG_BPF_SYSCALL */
1827
-
1828
-#ifdef CONFIG_SECURITY
1829
-
1830
-static inline char *alloc_secdata(void)
1831
-{
1832
-	return (char *)get_zeroed_page(GFP_KERNEL);
1833
-}
1834
-
1835
-static inline void free_secdata(void *secdata)
1836
-{
1837
-	free_page((unsigned long)secdata);
1838
-}
1839
-
1840
-#else
1841
-
1842
-static inline char *alloc_secdata(void)
1843
-{
1844
-        return (char *)1;
1845
-}
1846
-
1847
-static inline void free_secdata(void *secdata)
1848
-{ }
1849
-#endif /* CONFIG_SECURITY */
1850
1974
 
1851
1975
 #ifdef CONFIG_PERF_EVENTS
1852
1976
 struct perf_event_attr;