~hc/RK356X_SDK_RELEASE.git

..	..	@@ -34,40 +34,48 @@
34	34	*
35	35	* Security hooks for program execution operations.
36	36	*
37		- * @bprm_set_creds:
38		- * Save security information in the bprm->security field, typically based
39		- * on information about the bprm->file, for later use by the apply_creds
40		- * hook. This hook may also optionally check permissions (e.g. for
41		- * transitions between security domains).
42		- * This hook may be called multiple times during a single execve, e.g. for
43		- * interpreters. The hook can tell whether it has already been called by
44		- * checking to see if @bprm->security is non-NULL. If so, then the hook
45		- * may decide either to retain the security information saved earlier or
46		- * to replace it. The hook must set @bprm->secureexec to 1 if a "secure
47		- * exec" has happened as a result of this hook call. The flag is used to
48		- * indicate the need for a sanitized execution environment, and is also
49		- * passed in the ELF auxiliary table on the initial stack to indicate
50		- * whether libc should enable secure mode.
	37	+ * @bprm_creds_for_exec:
	38	+ * If the setup in prepare_exec_creds did not setup @bprm->cred->security
	39	+ * properly for executing @bprm->file, update the LSM's portion of
	40	+ * @bprm->cred->security to be what commit_creds needs to install for the
	41	+ * new program. This hook may also optionally check permissions
	42	+ * (e.g. for transitions between security domains).
	43	+ * The hook must set @bprm->secureexec to 1 if AT_SECURE should be set to
	44	+ * request libc enable secure mode.
	45	+ * @bprm contains the linux_binprm structure.
	46	+ * Return 0 if the hook is successful and permission is granted.
	47	+ * @bprm_creds_from_file:
	48	+ * If @file is setpcap, suid, sgid or otherwise marked to change
	49	+ * privilege upon exec, update @bprm->cred to reflect that change.
	50	+ * This is called after finding the binary that will be executed.
	51	+ * without an interpreter. This ensures that the credentials will not
	52	+ * be derived from a script that the binary will need to reopen, which
	53	+ * when reopend may end up being a completely different file. This
	54	+ * hook may also optionally check permissions (e.g. for transitions
	55	+ * between security domains).
	56	+ * The hook must set @bprm->secureexec to 1 if AT_SECURE should be set to
	57	+ * request libc enable secure mode.
	58	+ * The hook must add to @bprm->per_clear any personality flags that
	59	+ * should be cleared from current->personality.
51	60	* @bprm contains the linux_binprm structure.
52	61	* Return 0 if the hook is successful and permission is granted.
53	62	* @bprm_check_security:
54	63	* This hook mediates the point when a search for a binary handler will
55		- * begin. It allows a check the @bprm->security value which is set in the
56		- * preceding set_creds call. The primary difference from set_creds is
57		- * that the argv list and envp list are reliably available in @bprm. This
58		- * hook may be called multiple times during a single execve; and in each
59		- * pass set_creds is called first.
	64	+ * begin. It allows a check against the @bprm->cred->security value
	65	+ * which was set in the preceding creds_for_exec call. The argv list and
	66	+ * envp list are reliably available in @bprm. This hook may be called
	67	+ * multiple times during a single execve.
60	68	* @bprm contains the linux_binprm structure.
61	69	* Return 0 if the hook is successful and permission is granted.
62	70	* @bprm_committing_creds:
63	71	* Prepare to install the new security attributes of a process being
64	72	* transformed by an execve operation, based on the old credentials
65	73	* pointed to by @current->cred and the information set in @bprm->cred by
66		- * the bprm_set_creds hook. @bprm points to the linux_binprm structure.
67		- * This hook is a good place to perform state changes on the process such
68		- * as closing open file descriptors to which access will no longer be
69		- * granted when the attributes are changed. This is called immediately
70		- * before commit_creds().
	74	+ * the bprm_creds_for_exec hook. @bprm points to the linux_binprm
	75	+ * structure. This hook is a good place to perform state changes on the
	76	+ * process such as closing open file descriptors to which access will no
	77	+ * longer be granted when the attributes are changed. This is called
	78	+ * immediately before commit_creds().
71	79	* @bprm_committed_creds:
72	80	* Tidy up after the installation of the new security attributes of a
73	81	* process being transformed by an execve operation. The new credentials
..	..	@@ -75,6 +83,22 @@
75	83	* linux_binprm structure. This hook is a good place to perform state
76	84	* changes on the process such as clearing out non-inheritable signal
77	85	* state. This is called immediately after commit_creds().
	86	+ *
	87	+ * Security hooks for mount using fs_context.
	88	+ * [See also Documentation/filesystems/mount_api.rst]
	89	+ *
	90	+ * @fs_context_dup:
	91	+ * Allocate and attach a security structure to sc->security. This pointer
	92	+ * is initialised to NULL by the caller.
	93	+ * @fc indicates the new filesystem context.
	94	+ * @src_fc indicates the original filesystem context.
	95	+ * @fs_context_parse_param:
	96	+ * Userspace provided a parameter to configure a superblock. The LSM may
	97	+ * reject it with an error and may use it for itself, in which case it
	98	+ * should return 0; otherwise it should return -ENOPARAM to pass it on to
	99	+ * the filesystem.
	100	+ * @fc indicates the filesystem context.
	101	+ * @param The parameter
78	102	*
79	103	* Security hooks for filesystem operations.
80	104	*
..	..	@@ -87,6 +111,10 @@
87	111	* @sb_free_security:
88	112	* Deallocate and clear the sb->s_security field.
89	113	* @sb contains the super_block structure to be modified.
	114	+ * @sb_free_mnt_opts:
	115	+ * Free memory associated with @mnt_ops.
	116	+ * @sb_eat_lsm_opts:
	117	+ * Eat (scan @orig options) and save them in @mnt_opts.
90	118	* @sb_statfs:
91	119	* Check permission before obtaining filesystem statistics for the @mnt
92	120	* mountpoint.
..	..	@@ -111,7 +139,6 @@
111	139	* options cleanly (a filesystem may modify the data e.g. with strsep()).
112	140	* This also allows the original mount data to be stripped of security-
113	141	* specific options to avoid having to make filesystems aware of them.
114		- * @type the type of filesystem being mounted.
115	142	* @orig the original mount data copied from userspace.
116	143	* @copy copied data which will be passed to the security module.
117	144	* Returns 0 if the copy was successful.
..	..	@@ -121,6 +148,10 @@
121	148	* @sb superblock being remounted
122	149	* @data contains the filesystem-specific data.
123	150	* Return 0 if permission is granted.
	151	+ * @sb_kern_mount:
	152	+ * Mount this @sb if allowed by permissions.
	153	+ * @sb_show_options:
	154	+ * Show (print on @m) mount options for this @sb.
124	155	* @sb_umount:
125	156	* Check permission before the @mnt file system is unmounted.
126	157	* @mnt contains the mounted file system.
..	..	@@ -140,10 +171,16 @@
140	171	* Copy all security options from a given superblock to another
141	172	* @oldsb old superblock which contain information to clone
142	173	* @newsb new superblock which needs filled in
	174	+ * @sb_add_mnt_opt:
	175	+ * Add one mount @option to @mnt_opts.
143	176	* @sb_parse_opts_str:
144	177	* Parse a string of security data filling in the opts structure
145	178	* @options string containing all mount options known by the LSM
146	179	* @opts binary data structure usable by the LSM
	180	+ * @move_mount:
	181	+ * Check permission before a mount is moved.
	182	+ * @from_path indicates the mount that is going to be moved.
	183	+ * @to_path indicates the mountpoint that will be mounted upon.
147	184	* @dentry_init_security:
148	185	* Compute a context for a dentry as the inode is not yet available
149	186	* since NFSv4 has no label backed by an EA anyway.
..	..	@@ -196,6 +233,15 @@
196	233	* Returns 0 if @name and @value have been successfully set,
197	234	* -EOPNOTSUPP if no security attribute is needed, or
198	235	* -ENOMEM on memory allocation failure.
	236	+ * @inode_init_security_anon:
	237	+ * Set up the incore security field for the new anonymous inode
	238	+ * and return whether the inode creation is permitted by the security
	239	+ * module or not.
	240	+ * @inode contains the inode structure
	241	+ * @name name of the anonymous inode class
	242	+ * @context_inode optional related inode
	243	+ * Returns 0 on success, -EACCES if the security module denies the
	244	+ * creation of this inode, or another -errno upon other errors.
199	245	* @inode_create:
200	246	* Check permission to create a regular file.
201	247	* @dir contains inode structure of the parent of the new file.
..	..	@@ -304,10 +350,11 @@
304	350	* @new_dentry contains the dentry structure of the new link.
305	351	* Return 0 if permission is granted.
306	352	* @path_chmod:
307		- * Check for permission to change DAC's permission of a file or directory.
308		- * @dentry contains the dentry structure.
309		- * @mnt contains the vfsmnt structure.
310		- * @mode contains DAC's mode.
	353	+ * Check for permission to change a mode of the file @path. The new
	354	+ * mode is specified in @mode.
	355	+ * @path contains the path structure of the file to change the mode.
	356	+ * @mode contains the new DAC's permission, which is a bitmask of
	357	+ * constants from <include/uapi/linux/stat.h>
311	358	* Return 0 if permission is granted.
312	359	* @path_chown:
313	360	* Check for permission to change owner/group of a file or directory.
..	..	@@ -319,6 +366,9 @@
319	366	* Check for permission to change root directory.
320	367	* @path contains the path structure.
321	368	* Return 0 if permission is granted.
	369	+ * @path_notify:
	370	+ * Check permissions before setting a watch on events as defined by @mask,
	371	+ * on an object at @path, whose type is defined by @obj_type.
322	372	* @inode_readlink:
323	373	* Check the permission to read the symbolic link.
324	374	* @dentry contains the dentry structure for the file link.
..	..	@@ -428,6 +478,21 @@
428	478	* security module does not know about attribute or a negative error code
429	479	* to abort the copy up. Note that the caller is responsible for reading
430	480	* and writing the xattrs as this hook is merely a filter.
	481	+ * @d_instantiate:
	482	+ * Fill in @inode security information for a @dentry if allowed.
	483	+ * @getprocattr:
	484	+ * Read attribute @name for process @p and store it into @value if allowed.
	485	+ * @setprocattr:
	486	+ * Write (set) attribute @name to @value, size @size if allowed.
	487	+ *
	488	+ * Security hooks for kernfs node operations
	489	+ *
	490	+ * @kernfs_init_security:
	491	+ * Initialize the security context of a newly created kernfs node based
	492	+ * on its own and its parent's attributes.
	493	+ *
	494	+ * @kn_dir the parent kernfs node
	495	+ * @kn the new child kernfs node
431	496	*
432	497	* Security hooks for file operations
433	498	*
..	..	@@ -486,7 +551,7 @@
486	551	* Return 0 if permission is granted.
487	552	* @file_lock:
488	553	* Check permission before performing file locking operations.
489		- * Note: this hook mediates both flock and fcntl style locks.
	554	+ * Note the hook mediates both flock and fcntl style locks.
490	555	* @file contains the file structure.
491	556	* @cmd contains the posix-translated lock operation to perform
492	557	* (e.g. F_RDLCK, F_WRLCK).
..	..	@@ -579,12 +644,23 @@
579	644	* @kernel_load_data:
580	645	* Load data provided by userspace.
581	646	* @id kernel load data identifier
	647	+ * @contents if a subsequent @kernel_post_load_data will be called.
582	648	* Return 0 if permission is granted.
	649	+ * @kernel_post_load_data:
	650	+ * Load data provided by a non-file source (usually userspace buffer).
	651	+ * @buf pointer to buffer containing the data contents.
	652	+ * @size length of the data contents.
	653	+ * @id kernel load data identifier
	654	+ * @description a text description of what was loaded, @id-specific
	655	+ * Return 0 if permission is granted.
	656	+ * This must be paired with a prior @kernel_load_data call that had
	657	+ * @contents set to true.
583	658	* @kernel_read_file:
584	659	* Read a file specified by userspace.
585	660	* @file contains the file structure pointing to the file being read
586	661	* by the kernel.
587	662	* @id kernel read file identifier
	663	+ * @contents if a subsequent @kernel_post_read_file will be called.
588	664	* Return 0 if permission is granted.
589	665	* @kernel_post_read_file:
590	666	* Read a file specified by userspace.
..	..	@@ -593,6 +669,8 @@
593	669	* @buf pointer to buffer containing the file contents.
594	670	* @size length of the file contents.
595	671	* @id kernel read file identifier
	672	+ * This must be paired with a prior @kernel_read_file call that had
	673	+ * @contents set to true.
596	674	* Return 0 if permission is granted.
597	675	* @task_fix_setuid:
598	676	* Update the module's state after setting one or more of the user
..	..	@@ -601,6 +679,15 @@
601	679	* @new is the set of credentials that will be installed. Modifications
602	680	* should be made to this rather than to @current->cred.
603	681	* @old is the set of credentials that are being replaces
	682	+ * @flags contains one of the LSM_SETID_* values.
	683	+ * Return 0 on success.
	684	+ * @task_fix_setgid:
	685	+ * Update the module's state after setting one or more of the group
	686	+ * identity attributes of the current process. The @flags parameter
	687	+ * indicates which of the set*gid system calls invoked this hook.
	688	+ * @new is the set of credentials that will be installed. Modifications
	689	+ * should be made to this rather than to @current->cred.
	690	+ * @old is the set of credentials that are being replaced.
604	691	* @flags contains one of the LSM_SETID_* values.
605	692	* Return 0 on success.
606	693	* @task_setpgid:
..	..	@@ -629,12 +716,12 @@
629	716	* @p contains the task_struct of process.
630	717	* @nice contains the new nice value.
631	718	* Return 0 if permission is granted.
632		- * @task_setioprio
	719	+ * @task_setioprio:
633	720	* Check permission before setting the ioprio value of @p to @ioprio.
634	721	* @p contains the task_struct of process.
635	722	* @ioprio contains the new ioprio value
636	723	* Return 0 if permission is granted.
637		- * @task_getioprio
	724	+ * @task_getioprio:
638	725	* Check permission before getting the ioprio value of @p.
639	726	* @p contains the task_struct of process.
640	727	* Return 0 if permission is granted.
..	..	@@ -656,23 +743,21 @@
656	743	* Return 0 if permission is granted.
657	744	* @task_setscheduler:
658	745	* Check permission before setting scheduling policy and/or parameters of
659		- * process @p based on @policy and @lp.
	746	+ * process @p.
660	747	* @p contains the task_struct for process.
661		- * @policy contains the scheduling policy.
662		- * @lp contains the scheduling parameters.
663	748	* Return 0 if permission is granted.
664	749	* @task_getscheduler:
665	750	* Check permission before obtaining scheduling information for process
666	751	* @p.
667	752	* @p contains the task_struct for process.
668	753	* Return 0 if permission is granted.
669		- * @task_movememory
	754	+ * @task_movememory:
670	755	* Check permission before moving memory owned by process @p.
671	756	* @p contains the task_struct for process.
672	757	* Return 0 if permission is granted.
673	758	* @task_kill:
674	759	* Check permission before sending signal @sig to @p. @info can be NULL,
675		- * the constant 1, or a pointer to a siginfo structure. If @info is 1 or
	760	+ * the constant 1, or a pointer to a kernel_siginfo structure. If @info is 1 or
676	761	* SI_FROMKERNEL(info) is true, then the signal should be viewed as coming
677	762	* from the kernel and should typically be permitted.
678	763	* SIGIO signals are handled separately by the send_sigiotask hook in
..	..	@@ -752,10 +837,10 @@
752	837	* structure. Note that the security field was not added directly to the
753	838	* socket structure, but rather, the socket security information is stored
754	839	* in the associated inode. Typically, the inode alloc_security hook will
755		- * allocate and and attach security information to
756		- * sock->inode->i_security. This hook may be used to update the
757		- * sock->inode->i_security field with additional information that wasn't
758		- * available when the inode was allocated.
	840	+ * allocate and attach security information to
	841	+ * SOCK_INODE(sock)->i_security. This hook may be used to update the
	842	+ * SOCK_INODE(sock)->i_security field with additional information that
	843	+ * wasn't available when the inode was allocated.
759	844	* @sock contains the newly created socket structure.
760	845	* @family contains the requested protocol family.
761	846	* @type contains the requested communications type.
..	..	@@ -860,13 +945,13 @@
860	945	* @socket_getpeersec_dgram:
861	946	* This hook allows the security module to provide peer socket security
862	947	* state for udp sockets on a per-packet basis to userspace via
863		- * getsockopt SO_GETPEERSEC. The application must first have indicated
864		- * the IP_PASSSEC option via getsockopt. It can then retrieve the
	948	+ * getsockopt SO_GETPEERSEC. The application must first have indicated
	949	+ * the IP_PASSSEC option via getsockopt. It can then retrieve the
865	950	* security state returned by this hook for a packet via the SCM_SECURITY
866	951	* ancillary message type.
867		- * @skb is the skbuff for the packet being queried
868		- * @secdata is a pointer to a buffer in which to copy the security data
869		- * @seclen is the maximum length for @secdata
	952	+ * @sock contains the peer socket. May be NULL.
	953	+ * @skb is the sk_buff for the packet being queried. May be NULL.
	954	+ * @secid pointer to store the secid of the packet.
870	955	* Return 0 on success, error on failure.
871	956	* @sk_alloc_security:
872	957	* Allocate and attach a security structure to the sk->sk_security field,
..	..	@@ -890,9 +975,9 @@
890	975	* @secmark_relabel_packet:
891	976	* check if the process should be allowed to relabel packets to
892	977	* the given secid
893		- * @security_secmark_refcount_inc
	978	+ * @secmark_refcount_inc:
894	979	* tells the LSM to increment the number of secmark labeling rules loaded
895		- * @security_secmark_refcount_dec
	980	+ * @secmark_refcount_dec:
896	981	* tells the LSM to decrement the number of secmark labeling rules loaded
897	982	* @req_classify_flow:
898	983	* Sets the flow's sid to the openreq sid.
..	..	@@ -1029,7 +1114,7 @@
1029	1114	* @xfrm_state_pol_flow_match:
1030	1115	* @x contains the state to match.
1031	1116	* @xp contains the policy to check for a match.
1032		- * @fl contains the flow to check for a match.
	1117	+ * @flic contains the flowi_common struct to check for a match.
1033	1118	* Return 1 if there is a match.
1034	1119	* @xfrm_decode_session:
1035	1120	* @skb points to skb to decode.
..	..	@@ -1083,6 +1168,7 @@
1083	1168	* In case of failure, @secid will be set to zero.
1084	1169	*
1085	1170	* Security hooks for individual messages held in System V IPC message queues
	1171	+ *
1086	1172	* @msg_msg_alloc_security:
1087	1173	* Allocate and attach a security structure to the msg->security field.
1088	1174	* The security field is initialized to NULL when the structure is first
..	..	@@ -1097,41 +1183,41 @@
1097	1183	*
1098	1184	* @msg_queue_alloc_security:
1099	1185	* Allocate and attach a security structure to the
1100		- * msq->q_perm.security field. The security field is initialized to
	1186	+ * @perm->security field. The security field is initialized to
1101	1187	* NULL when the structure is first created.
1102		- * @msq contains the message queue structure to be modified.
	1188	+ * @perm contains the IPC permissions of the message queue.
1103	1189	* Return 0 if operation was successful and permission is granted.
1104	1190	* @msg_queue_free_security:
1105		- * Deallocate security structure for this message queue.
1106		- * @msq contains the message queue structure to be modified.
	1191	+ * Deallocate security field @perm->security for the message queue.
	1192	+ * @perm contains the IPC permissions of the message queue.
1107	1193	* @msg_queue_associate:
1108	1194	* Check permission when a message queue is requested through the
1109		- * msgget system call. This hook is only called when returning the
	1195	+ * msgget system call. This hook is only called when returning the
1110	1196	* message queue identifier for an existing message queue, not when a
1111	1197	* new message queue is created.
1112		- * @msq contains the message queue to act upon.
	1198	+ * @perm contains the IPC permissions of the message queue.
1113	1199	* @msqflg contains the operation control flags.
1114	1200	* Return 0 if permission is granted.
1115	1201	* @msg_queue_msgctl:
1116	1202	* Check permission when a message control operation specified by @cmd
1117		- * is to be performed on the message queue @msq.
1118		- * The @msq may be NULL, e.g. for IPC_INFO or MSG_INFO.
1119		- * @msq contains the message queue to act upon. May be NULL.
	1203	+ * is to be performed on the message queue with permissions @perm.
	1204	+ * The @perm may be NULL, e.g. for IPC_INFO or MSG_INFO.
	1205	+ * @perm contains the IPC permissions of the msg queue. May be NULL.
1120	1206	* @cmd contains the operation to be performed.
1121	1207	* Return 0 if permission is granted.
1122	1208	* @msg_queue_msgsnd:
1123	1209	* Check permission before a message, @msg, is enqueued on the message
1124		- * queue, @msq.
1125		- * @msq contains the message queue to send message to.
	1210	+ * queue with permissions @perm.
	1211	+ * @perm contains the IPC permissions of the message queue.
1126	1212	* @msg contains the message to be enqueued.
1127	1213	* @msqflg contains operational flags.
1128	1214	* Return 0 if permission is granted.
1129	1215	* @msg_queue_msgrcv:
1130	1216	* Check permission before a message, @msg, is removed from the message
1131		- * queue, @msq. The @target task structure contains a pointer to the
	1217	+ * queue. The @target task structure contains a pointer to the
1132	1218	* process that will be receiving the message (not equal to the current
1133	1219	* process when inline receives are being performed).
1134		- * @msq contains the message queue to retrieve message from.
	1220	+ * @perm contains the IPC permissions of the message queue.
1135	1221	* @msg contains the message destination.
1136	1222	* @target contains the task structure for recipient process.
1137	1223	* @type contains the type of message requested.
..	..	@@ -1141,34 +1227,34 @@
1141	1227	* Security hooks for System V Shared Memory Segments
1142	1228	*
1143	1229	* @shm_alloc_security:
1144		- * Allocate and attach a security structure to the shp->shm_perm.security
1145		- * field. The security field is initialized to NULL when the structure is
	1230	+ * Allocate and attach a security structure to the @perm->security
	1231	+ * field. The security field is initialized to NULL when the structure is
1146	1232	* first created.
1147		- * @shp contains the shared memory structure to be modified.
	1233	+ * @perm contains the IPC permissions of the shared memory structure.
1148	1234	* Return 0 if operation was successful and permission is granted.
1149	1235	* @shm_free_security:
1150		- * Deallocate the security struct for this memory segment.
1151		- * @shp contains the shared memory structure to be modified.
	1236	+ * Deallocate the security structure @perm->security for the memory segment.
	1237	+ * @perm contains the IPC permissions of the shared memory structure.
1152	1238	* @shm_associate:
1153	1239	* Check permission when a shared memory region is requested through the
1154		- * shmget system call. This hook is only called when returning the shared
	1240	+ * shmget system call. This hook is only called when returning the shared
1155	1241	* memory region identifier for an existing region, not when a new shared
1156	1242	* memory region is created.
1157		- * @shp contains the shared memory structure to be modified.
	1243	+ * @perm contains the IPC permissions of the shared memory structure.
1158	1244	* @shmflg contains the operation control flags.
1159	1245	* Return 0 if permission is granted.
1160	1246	* @shm_shmctl:
1161	1247	* Check permission when a shared memory control operation specified by
1162		- * @cmd is to be performed on the shared memory region @shp.
1163		- * The @shp may be NULL, e.g. for IPC_INFO or SHM_INFO.
1164		- * @shp contains shared memory structure to be modified.
	1248	+ * @cmd is to be performed on the shared memory region with permissions @perm.
	1249	+ * The @perm may be NULL, e.g. for IPC_INFO or SHM_INFO.
	1250	+ * @perm contains the IPC permissions of the shared memory structure.
1165	1251	* @cmd contains the operation to be performed.
1166	1252	* Return 0 if permission is granted.
1167	1253	* @shm_shmat:
1168	1254	* Check permissions prior to allowing the shmat system call to attach the
1169		- * shared memory segment @shp to the data segment of the calling process.
1170		- * The attaching address is specified by @shmaddr.
1171		- * @shp contains the shared memory structure to be modified.
	1255	+ * shared memory segment with permissions @perm to the data segment of the
	1256	+ * calling process. The attaching address is specified by @shmaddr.
	1257	+ * @perm contains the IPC permissions of the shared memory structure.
1172	1258	* @shmaddr contains the address to attach memory region to.
1173	1259	* @shmflg contains the operational flags.
1174	1260	* Return 0 if permission is granted.
..	..	@@ -1176,34 +1262,34 @@
1176	1262	* Security hooks for System V Semaphores
1177	1263	*
1178	1264	* @sem_alloc_security:
1179		- * Allocate and attach a security structure to the sma->sem_perm.security
1180		- * field. The security field is initialized to NULL when the structure is
	1265	+ * Allocate and attach a security structure to the @perm->security
	1266	+ * field. The security field is initialized to NULL when the structure is
1181	1267	* first created.
1182		- * @sma contains the semaphore structure
	1268	+ * @perm contains the IPC permissions of the semaphore.
1183	1269	* Return 0 if operation was successful and permission is granted.
1184	1270	* @sem_free_security:
1185		- * deallocate security struct for this semaphore
1186		- * @sma contains the semaphore structure.
	1271	+ * Deallocate security structure @perm->security for the semaphore.
	1272	+ * @perm contains the IPC permissions of the semaphore.
1187	1273	* @sem_associate:
1188	1274	* Check permission when a semaphore is requested through the semget
1189		- * system call. This hook is only called when returning the semaphore
	1275	+ * system call. This hook is only called when returning the semaphore
1190	1276	* identifier for an existing semaphore, not when a new one must be
1191	1277	* created.
1192		- * @sma contains the semaphore structure.
	1278	+ * @perm contains the IPC permissions of the semaphore.
1193	1279	* @semflg contains the operation control flags.
1194	1280	* Return 0 if permission is granted.
1195	1281	* @sem_semctl:
1196	1282	* Check permission when a semaphore operation specified by @cmd is to be
1197		- * performed on the semaphore @sma. The @sma may be NULL, e.g. for
	1283	+ * performed on the semaphore. The @perm may be NULL, e.g. for
1198	1284	* IPC_INFO or SEM_INFO.
1199		- * @sma contains the semaphore structure. May be NULL.
	1285	+ * @perm contains the IPC permissions of the semaphore. May be NULL.
1200	1286	* @cmd contains the operation to be performed.
1201	1287	* Return 0 if permission is granted.
1202	1288	* @sem_semop:
1203	1289	* Check permissions before performing operations on members of the
1204		- * semaphore set @sma. If the @alter flag is nonzero, the semaphore set
	1290	+ * semaphore set. If the @alter flag is nonzero, the semaphore set
1205	1291	* may be modified.
1206		- * @sma contains the semaphore structure.
	1292	+ * @perm contains the IPC permissions of the semaphore.
1207	1293	* @sops contains the operations to perform.
1208	1294	* @nsops contains the number of operations to perform.
1209	1295	* @alter contains the flag indicating whether changes are to be made.
..	..	@@ -1272,17 +1358,20 @@
1272	1358	* @cap contains the capability <include/linux/capability.h>.
1273	1359	* @opts contains options for the capable check <include/linux/security.h>
1274	1360	* Return 0 if the capability is granted for @tsk.
	1361	+ * @quotactl:
	1362	+ * Check whether the quotactl syscall is allowed for this @sb.
	1363	+ * @quota_on:
	1364	+ * Check whether QUOTAON is allowed for this @dentry.
1275	1365	* @syslog:
1276	1366	* Check permission before accessing the kernel message ring or changing
1277	1367	* logging to the console.
1278	1368	* See the syslog(2) manual page for an explanation of the @type values.
1279		- * @type contains the type of action.
1280		- * @from_file indicates the context of action (if it came from /proc).
	1369	+ * @type contains the SYSLOG_ACTION_* constant from <include/linux/syslog.h>
1281	1370	* Return 0 if permission is granted.
1282	1371	* @settime:
1283	1372	* Check permission to change the system time.
1284		- * struct timespec64 is defined in include/linux/time64.h and timezone
1285		- * is defined in include/linux/time.h
	1373	+ * struct timespec64 is defined in <include/linux/time64.h> and timezone
	1374	+ * is defined in <include/linux/time.h>
1286	1375	* @ts contains new time
1287	1376	* @tz contains new timezone
1288	1377	* Return 0 if permission is granted.
..	..	@@ -1324,7 +1413,7 @@
1324	1413	* @audit_rule_init:
1325	1414	* Allocate and initialize an LSM audit rule structure.
1326	1415	* @field contains the required Audit action.
1327		- * Fields flags are defined in include/linux/audit.h
	1416	+ * Fields flags are defined in <include/linux/audit.h>
1328	1417	* @op contains the operator the rule uses.
1329	1418	* @rulestr contains the context where the rule will be applied to.
1330	1419	* @lsmrule contains a pointer to receive the result.
..	..	@@ -1332,9 +1421,9 @@
1332	1421	* -EINVAL in case of an invalid rule.
1333	1422	*
1334	1423	* @audit_rule_known:
1335		- * Specifies whether given @rule contains any fields related to
	1424	+ * Specifies whether given @krule contains any fields related to
1336	1425	* current LSM.
1337		- * @rule contains the audit rule of interest.
	1426	+ * @krule contains the audit rule of interest.
1338	1427	* Return 1 in case of relation found, 0 otherwise.
1339	1428	*
1340	1429	* @audit_rule_match:
..	..	@@ -1343,14 +1432,13 @@
1343	1432	* @secid contains the security id in question.
1344	1433	* @field contains the field which relates to current LSM.
1345	1434	* @op contains the operator that will be used for matching.
1346		- * @rule points to the audit rule that will be checked against.
1347		- * @actx points to the audit context associated with the check.
	1435	+ * @lrule points to the audit rule that will be checked against.
1348	1436	* Return 1 if secid matches the rule, 0 if it does not, -ERRNO on failure.
1349	1437	*
1350	1438	* @audit_rule_free:
1351	1439	* Deallocate the LSM audit rule structure previously allocated by
1352	1440	* audit_rule_init.
1353		- * @rule contains the allocated rule
	1441	+ * @lsmrule contains the allocated rule
1354	1442	*
1355	1443	* @inode_invalidate_secctx:
1356	1444	* Notify the security module that it must revalidate the security context
..	..	@@ -1363,9 +1451,7 @@
1363	1451	* this hook to initialize the security context in its incore inode to the
1364	1452	* value provided by the server for the file when the server returned the
1365	1453	* file's attributes to the client.
1366		- *
1367	1454	* Must be called with inode->i_mutex locked.
1368		- *
1369	1455	* @inode we wish to set the security context of.
1370	1456	* @ctx contains the string which we wish to set in the inode.
1371	1457	* @ctxlen contains the length of @ctx.
..	..	@@ -1378,9 +1464,7 @@
1378	1464	* this hook to change the security context in its incore inode and on the
1379	1465	* backing filesystem to a value provided by the client on a SETATTR
1380	1466	* operation.
1381		- *
1382	1467	* Must be called with inode->i_mutex locked.
1383		- *
1384	1468	* @dentry contains the inode we wish to set the security context of.
1385	1469	* @ctx contains the string which we wish to set in the inode.
1386	1470	* @ctxlen contains the length of @ctx.
..	..	@@ -1388,10 +1472,23 @@
1388	1472	* @inode_getsecctx:
1389	1473	* On success, returns 0 and fills out @ctx and @ctxlen with the security
1390	1474	* context for the given @inode.
1391		- *
1392	1475	* @inode we wish to get the security context of.
1393	1476	* @ctx is a pointer in which to place the allocated security context.
1394	1477	* @ctxlen points to the place to put the length of @ctx.
	1478	+ *
	1479	+ * Security hooks for the general notification queue:
	1480	+ *
	1481	+ * @post_notification:
	1482	+ * Check to see if a watch notification can be posted to a particular
	1483	+ * queue.
	1484	+ * @w_cred: The credentials of the whoever set the watch.
	1485	+ * @cred: The event-triggerer's credentials
	1486	+ * @n: The notification being posted
	1487	+ *
	1488	+ * @watch_key:
	1489	+ * Check to see if a process is allowed to watch for event notifications
	1490	+ * from a key or keyring.
	1491	+ * @key: The key to watch.
1395	1492	*
1396	1493	* Security hooks for using the eBPF maps and programs functionalities through
1397	1494	* eBPF syscalls.
..	..	@@ -1426,608 +1523,35 @@
1426	1523	* @bpf_prog_free_security:
1427	1524	* Clean up the security information stored inside bpf prog.
1428	1525	*
	1526	+ * @locked_down:
	1527	+ * Determine whether a kernel feature that potentially enables arbitrary
	1528	+ * code execution in kernel space should be permitted.
	1529	+ *
	1530	+ * @what: kernel feature being accessed
	1531	+ *
	1532	+ * Security hooks for perf events
	1533	+ *
	1534	+ * @perf_event_open:
	1535	+ * Check whether the @type of perf_event_open syscall is allowed.
	1536	+ * @perf_event_alloc:
	1537	+ * Allocate and save perf_event security info.
	1538	+ * @perf_event_free:
	1539	+ * Release (free) perf_event security info.
	1540	+ * @perf_event_read:
	1541	+ * Read perf_event security info if allowed.
	1542	+ * @perf_event_write:
	1543	+ * Write perf_event security info if allowed.
1429	1544	*/
1430	1545	union security_list_options {
1431		- int (binder_set_context_mgr)(const struct cred mgr);
1432		- int (binder_transaction)(const struct cred from,
1433		- const struct cred *to);
1434		- int (binder_transfer_binder)(const struct cred from,
1435		- const struct cred *to);
1436		- int (binder_transfer_file)(const struct cred from,
1437		- const struct cred *to,
1438		- struct file *file);
1439		-
1440		- int (ptrace_access_check)(struct task_struct child,
1441		- unsigned int mode);
1442		- int (ptrace_traceme)(struct task_struct parent);
1443		- int (capget)(struct task_struct target, kernel_cap_t *effective,
1444		- kernel_cap_t inheritable, kernel_cap_t permitted);
1445		- int (capset)(struct cred new, const struct cred *old,
1446		- const kernel_cap_t *effective,
1447		- const kernel_cap_t *inheritable,
1448		- const kernel_cap_t *permitted);
1449		- int (capable)(const struct cred cred,
1450		- struct user_namespace *ns,
1451		- int cap,
1452		- unsigned int opts);
1453		- int (quotactl)(int cmds, int type, int id, struct super_block sb);
1454		- int (quota_on)(struct dentry dentry);
1455		- int (*syslog)(int type);
1456		- int (settime)(const struct timespec64 ts, const struct timezone *tz);
1457		- int (vm_enough_memory)(struct mm_struct mm, long pages);
1458		-
1459		- int (bprm_set_creds)(struct linux_binprm bprm);
1460		- int (bprm_check_security)(struct linux_binprm bprm);
1461		- void (bprm_committing_creds)(struct linux_binprm bprm);
1462		- void (bprm_committed_creds)(struct linux_binprm bprm);
1463		-
1464		- int (sb_alloc_security)(struct super_block sb);
1465		- void (sb_free_security)(struct super_block sb);
1466		- int (sb_copy_data)(char orig, char *copy);
1467		- int (sb_remount)(struct super_block sb, void *data);
1468		- int (sb_kern_mount)(struct super_block sb, int flags, void *data);
1469		- int (sb_show_options)(struct seq_file m, struct super_block *sb);
1470		- int (sb_statfs)(struct dentry dentry);
1471		- int (sb_mount)(const char dev_name, const struct path *path,
1472		- const char type, unsigned long flags, void data);
1473		- int (sb_umount)(struct vfsmount mnt, int flags);
1474		- int (sb_pivotroot)(const struct path old_path, const struct path *new_path);
1475		- int (sb_set_mnt_opts)(struct super_block sb,
1476		- struct security_mnt_opts *opts,
1477		- unsigned long kern_flags,
1478		- unsigned long *set_kern_flags);
1479		- int (sb_clone_mnt_opts)(const struct super_block oldsb,
1480		- struct super_block *newsb,
1481		- unsigned long kern_flags,
1482		- unsigned long *set_kern_flags);
1483		- int (sb_parse_opts_str)(char options, struct security_mnt_opts *opts);
1484		- int (dentry_init_security)(struct dentry dentry, int mode,
1485		- const struct qstr name, void *ctx,
1486		- u32 *ctxlen);
1487		- int (dentry_create_files_as)(struct dentry dentry, int mode,
1488		- struct qstr *name,
1489		- const struct cred *old,
1490		- struct cred *new);
1491		-
1492		-
1493		-#ifdef CONFIG_SECURITY_PATH
1494		- int (path_unlink)(const struct path dir, struct dentry *dentry);
1495		- int (path_mkdir)(const struct path dir, struct dentry *dentry,
1496		- umode_t mode);
1497		- int (path_rmdir)(const struct path dir, struct dentry *dentry);
1498		- int (path_mknod)(const struct path dir, struct dentry *dentry,
1499		- umode_t mode, unsigned int dev);
1500		- int (path_truncate)(const struct path path);
1501		- int (path_symlink)(const struct path dir, struct dentry *dentry,
1502		- const char *old_name);
1503		- int (path_link)(struct dentry old_dentry, const struct path *new_dir,
1504		- struct dentry *new_dentry);
1505		- int (path_rename)(const struct path old_dir, struct dentry *old_dentry,
1506		- const struct path *new_dir,
1507		- struct dentry *new_dentry);
1508		- int (path_chmod)(const struct path path, umode_t mode);
1509		- int (path_chown)(const struct path path, kuid_t uid, kgid_t gid);
1510		- int (path_chroot)(const struct path path);
1511		-#endif
1512		-
1513		- int (inode_alloc_security)(struct inode inode);
1514		- void (inode_free_security)(struct inode inode);
1515		- int (inode_init_security)(struct inode inode, struct inode *dir,
1516		- const struct qstr *qstr,
1517		- const char name, void value,
1518		- size_t *len);
1519		- int (inode_create)(struct inode dir, struct dentry *dentry,
1520		- umode_t mode);
1521		- int (inode_link)(struct dentry old_dentry, struct inode *dir,
1522		- struct dentry *new_dentry);
1523		- int (inode_unlink)(struct inode dir, struct dentry *dentry);
1524		- int (inode_symlink)(struct inode dir, struct dentry *dentry,
1525		- const char *old_name);
1526		- int (inode_mkdir)(struct inode dir, struct dentry *dentry,
1527		- umode_t mode);
1528		- int (inode_rmdir)(struct inode dir, struct dentry *dentry);
1529		- int (inode_mknod)(struct inode dir, struct dentry *dentry,
1530		- umode_t mode, dev_t dev);
1531		- int (inode_rename)(struct inode old_dir, struct dentry *old_dentry,
1532		- struct inode *new_dir,
1533		- struct dentry *new_dentry);
1534		- int (inode_readlink)(struct dentry dentry);
1535		- int (inode_follow_link)(struct dentry dentry, struct inode *inode,
1536		- bool rcu);
1537		- int (inode_permission)(struct inode inode, int mask);
1538		- int (inode_setattr)(struct dentry dentry, struct iattr *attr);
1539		- int (inode_getattr)(const struct path path);
1540		- int (inode_setxattr)(struct dentry dentry, const char *name,
1541		- const void *value, size_t size, int flags);
1542		- void (inode_post_setxattr)(struct dentry dentry, const char *name,
1543		- const void *value, size_t size,
1544		- int flags);
1545		- int (inode_getxattr)(struct dentry dentry, const char *name);
1546		- int (inode_listxattr)(struct dentry dentry);
1547		- int (inode_removexattr)(struct dentry dentry, const char *name);
1548		- int (inode_need_killpriv)(struct dentry dentry);
1549		- int (inode_killpriv)(struct dentry dentry);
1550		- int (inode_getsecurity)(struct inode inode, const char *name,
1551		- void **buffer, bool alloc);
1552		- int (inode_setsecurity)(struct inode inode, const char *name,
1553		- const void *value, size_t size,
1554		- int flags);
1555		- int (inode_listsecurity)(struct inode inode, char *buffer,
1556		- size_t buffer_size);
1557		- void (inode_getsecid)(struct inode inode, u32 *secid);
1558		- int (inode_copy_up)(struct dentry src, struct cred **new);
1559		- int (inode_copy_up_xattr)(const char name);
1560		-
1561		- int (file_permission)(struct file file, int mask);
1562		- int (file_alloc_security)(struct file file);
1563		- void (file_free_security)(struct file file);
1564		- int (file_ioctl)(struct file file, unsigned int cmd,
1565		- unsigned long arg);
1566		- int (*mmap_addr)(unsigned long addr);
1567		- int (mmap_file)(struct file file, unsigned long reqprot,
1568		- unsigned long prot, unsigned long flags);
1569		- int (file_mprotect)(struct vm_area_struct vma, unsigned long reqprot,
1570		- unsigned long prot);
1571		- int (file_lock)(struct file file, unsigned int cmd);
1572		- int (file_fcntl)(struct file file, unsigned int cmd,
1573		- unsigned long arg);
1574		- void (file_set_fowner)(struct file file);
1575		- int (file_send_sigiotask)(struct task_struct tsk,
1576		- struct fown_struct *fown, int sig);
1577		- int (file_receive)(struct file file);
1578		- int (file_open)(struct file file);
1579		-
1580		- int (task_alloc)(struct task_struct task, unsigned long clone_flags);
1581		- void (task_free)(struct task_struct task);
1582		- int (cred_alloc_blank)(struct cred cred, gfp_t gfp);
1583		- void (cred_free)(struct cred cred);
1584		- int (cred_prepare)(struct cred new, const struct cred *old,
1585		- gfp_t gfp);
1586		- void (cred_transfer)(struct cred new, const struct cred *old);
1587		- void (cred_getsecid)(const struct cred c, u32 *secid);
1588		- int (kernel_act_as)(struct cred new, u32 secid);
1589		- int (kernel_create_files_as)(struct cred new, struct inode *inode);
1590		- int (kernel_module_request)(char kmod_name);
1591		- int (*kernel_load_data)(enum kernel_load_data_id id);
1592		- int (kernel_read_file)(struct file file, enum kernel_read_file_id id);
1593		- int (kernel_post_read_file)(struct file file, char *buf, loff_t size,
1594		- enum kernel_read_file_id id);
1595		- int (task_fix_setuid)(struct cred new, const struct cred *old,
1596		- int flags);
1597		- int (task_setpgid)(struct task_struct p, pid_t pgid);
1598		- int (task_getpgid)(struct task_struct p);
1599		- int (task_getsid)(struct task_struct p);
1600		- void (task_getsecid)(struct task_struct p, u32 *secid);
1601		- int (task_setnice)(struct task_struct p, int nice);
1602		- int (task_setioprio)(struct task_struct p, int ioprio);
1603		- int (task_getioprio)(struct task_struct p);
1604		- int (task_prlimit)(const struct cred cred, const struct cred *tcred,
1605		- unsigned int flags);
1606		- int (task_setrlimit)(struct task_struct p, unsigned int resource,
1607		- struct rlimit *new_rlim);
1608		- int (task_setscheduler)(struct task_struct p);
1609		- int (task_getscheduler)(struct task_struct p);
1610		- int (task_movememory)(struct task_struct p);
1611		- int (task_kill)(struct task_struct p, struct siginfo *info,
1612		- int sig, const struct cred *cred);
1613		- int (*task_prctl)(int option, unsigned long arg2, unsigned long arg3,
1614		- unsigned long arg4, unsigned long arg5);
1615		- void (task_to_inode)(struct task_struct p, struct inode *inode);
1616		-
1617		- int (ipc_permission)(struct kern_ipc_perm ipcp, short flag);
1618		- void (ipc_getsecid)(struct kern_ipc_perm ipcp, u32 *secid);
1619		-
1620		- int (msg_msg_alloc_security)(struct msg_msg msg);
1621		- void (msg_msg_free_security)(struct msg_msg msg);
1622		-
1623		- int (msg_queue_alloc_security)(struct kern_ipc_perm msq);
1624		- void (msg_queue_free_security)(struct kern_ipc_perm msq);
1625		- int (msg_queue_associate)(struct kern_ipc_perm msq, int msqflg);
1626		- int (msg_queue_msgctl)(struct kern_ipc_perm msq, int cmd);
1627		- int (msg_queue_msgsnd)(struct kern_ipc_perm msq, struct msg_msg *msg,
1628		- int msqflg);
1629		- int (msg_queue_msgrcv)(struct kern_ipc_perm msq, struct msg_msg *msg,
1630		- struct task_struct *target, long type,
1631		- int mode);
1632		-
1633		- int (shm_alloc_security)(struct kern_ipc_perm shp);
1634		- void (shm_free_security)(struct kern_ipc_perm shp);
1635		- int (shm_associate)(struct kern_ipc_perm shp, int shmflg);
1636		- int (shm_shmctl)(struct kern_ipc_perm shp, int cmd);
1637		- int (shm_shmat)(struct kern_ipc_perm shp, char __user *shmaddr,
1638		- int shmflg);
1639		-
1640		- int (sem_alloc_security)(struct kern_ipc_perm sma);
1641		- void (sem_free_security)(struct kern_ipc_perm sma);
1642		- int (sem_associate)(struct kern_ipc_perm sma, int semflg);
1643		- int (sem_semctl)(struct kern_ipc_perm sma, int cmd);
1644		- int (sem_semop)(struct kern_ipc_perm sma, struct sembuf *sops,
1645		- unsigned nsops, int alter);
1646		-
1647		- int (netlink_send)(struct sock sk, struct sk_buff *skb);
1648		-
1649		- void (d_instantiate)(struct dentry dentry, struct inode *inode);
1650		-
1651		- int (getprocattr)(struct task_struct p, char name, char *value);
1652		- int (setprocattr)(const char name, void *value, size_t size);
1653		- int (ismaclabel)(const char name);
1654		- int (secid_to_secctx)(u32 secid, char secdata, u32 seclen);
1655		- int (secctx_to_secid)(const char secdata, u32 seclen, u32 *secid);
1656		- void (release_secctx)(char secdata, u32 seclen);
1657		-
1658		- void (inode_invalidate_secctx)(struct inode inode);
1659		- int (inode_notifysecctx)(struct inode inode, void *ctx, u32 ctxlen);
1660		- int (inode_setsecctx)(struct dentry dentry, void *ctx, u32 ctxlen);
1661		- int (inode_getsecctx)(struct inode inode, void *ctx, u32 ctxlen);
1662		-
1663		-#ifdef CONFIG_SECURITY_NETWORK
1664		- int (unix_stream_connect)(struct sock sock, struct sock *other,
1665		- struct sock *newsk);
1666		- int (unix_may_send)(struct socket sock, struct socket *other);
1667		-
1668		- int (*socket_create)(int family, int type, int protocol, int kern);
1669		- int (socket_post_create)(struct socket sock, int family, int type,
1670		- int protocol, int kern);
1671		- int (socket_socketpair)(struct socket socka, struct socket *sockb);
1672		- int (socket_bind)(struct socket sock, struct sockaddr *address,
1673		- int addrlen);
1674		- int (socket_connect)(struct socket sock, struct sockaddr *address,
1675		- int addrlen);
1676		- int (socket_listen)(struct socket sock, int backlog);
1677		- int (socket_accept)(struct socket sock, struct socket *newsock);
1678		- int (socket_sendmsg)(struct socket sock, struct msghdr *msg,
1679		- int size);
1680		- int (socket_recvmsg)(struct socket sock, struct msghdr *msg,
1681		- int size, int flags);
1682		- int (socket_getsockname)(struct socket sock);
1683		- int (socket_getpeername)(struct socket sock);
1684		- int (socket_getsockopt)(struct socket sock, int level, int optname);
1685		- int (socket_setsockopt)(struct socket sock, int level, int optname);
1686		- int (socket_shutdown)(struct socket sock, int how);
1687		- int (socket_sock_rcv_skb)(struct sock sk, struct sk_buff *skb);
1688		- int (socket_getpeersec_stream)(struct socket sock,
1689		- char __user *optval,
1690		- int __user *optlen, unsigned len);
1691		- int (socket_getpeersec_dgram)(struct socket sock,
1692		- struct sk_buff skb, u32 secid);
1693		- int (sk_alloc_security)(struct sock sk, int family, gfp_t priority);
1694		- void (sk_free_security)(struct sock sk);
1695		- void (sk_clone_security)(const struct sock sk, struct sock *newsk);
1696		- void (sk_getsecid)(struct sock sk, u32 *secid);
1697		- void (sock_graft)(struct sock sk, struct socket *parent);
1698		- int (inet_conn_request)(struct sock sk, struct sk_buff *skb,
1699		- struct request_sock *req);
1700		- void (inet_csk_clone)(struct sock newsk,
1701		- const struct request_sock *req);
1702		- void (inet_conn_established)(struct sock sk, struct sk_buff *skb);
1703		- int (*secmark_relabel_packet)(u32 secid);
1704		- void (*secmark_refcount_inc)(void);
1705		- void (*secmark_refcount_dec)(void);
1706		- void (req_classify_flow)(const struct request_sock req,
1707		- struct flowi *fl);
1708		- int (tun_dev_alloc_security)(void *security);
1709		- void (tun_dev_free_security)(void security);
1710		- int (*tun_dev_create)(void);
1711		- int (tun_dev_attach_queue)(void security);
1712		- int (tun_dev_attach)(struct sock sk, void *security);
1713		- int (tun_dev_open)(void security);
1714		- int (sctp_assoc_request)(struct sctp_endpoint ep,
1715		- struct sk_buff *skb);
1716		- int (sctp_bind_connect)(struct sock sk, int optname,
1717		- struct sockaddr *address, int addrlen);
1718		- void (sctp_sk_clone)(struct sctp_endpoint ep, struct sock *sk,
1719		- struct sock *newsk);
1720		-#endif /* CONFIG_SECURITY_NETWORK */
1721		-
1722		-#ifdef CONFIG_SECURITY_INFINIBAND
1723		- int (ib_pkey_access)(void sec, u64 subnet_prefix, u16 pkey);
1724		- int (ib_endport_manage_subnet)(void sec, const char *dev_name,
1725		- u8 port_num);
1726		- int (ib_alloc_security)(void *sec);
1727		- void (ib_free_security)(void sec);
1728		-#endif /* CONFIG_SECURITY_INFINIBAND */
1729		-
1730		-#ifdef CONFIG_SECURITY_NETWORK_XFRM
1731		- int (xfrm_policy_alloc_security)(struct xfrm_sec_ctx *ctxp,
1732		- struct xfrm_user_sec_ctx *sec_ctx,
1733		- gfp_t gfp);
1734		- int (xfrm_policy_clone_security)(struct xfrm_sec_ctx old_ctx,
1735		- struct xfrm_sec_ctx **new_ctx);
1736		- void (xfrm_policy_free_security)(struct xfrm_sec_ctx ctx);
1737		- int (xfrm_policy_delete_security)(struct xfrm_sec_ctx ctx);
1738		- int (xfrm_state_alloc)(struct xfrm_state x,
1739		- struct xfrm_user_sec_ctx *sec_ctx);
1740		- int (xfrm_state_alloc_acquire)(struct xfrm_state x,
1741		- struct xfrm_sec_ctx *polsec,
1742		- u32 secid);
1743		- void (xfrm_state_free_security)(struct xfrm_state x);
1744		- int (xfrm_state_delete_security)(struct xfrm_state x);
1745		- int (xfrm_policy_lookup)(struct xfrm_sec_ctx ctx, u32 fl_secid,
1746		- u8 dir);
1747		- int (xfrm_state_pol_flow_match)(struct xfrm_state x,
1748		- struct xfrm_policy *xp,
1749		- const struct flowi *fl);
1750		- int (xfrm_decode_session)(struct sk_buff skb, u32 *secid, int ckall);
1751		-#endif /* CONFIG_SECURITY_NETWORK_XFRM */
1752		-
1753		- /* key management security hooks */
1754		-#ifdef CONFIG_KEYS
1755		- int (key_alloc)(struct key key, const struct cred *cred,
1756		- unsigned long flags);
1757		- void (key_free)(struct key key);
1758		- int (key_permission)(key_ref_t key_ref, const struct cred cred,
1759		- unsigned perm);
1760		- int (key_getsecurity)(struct key key, char **_buffer);
1761		-#endif /* CONFIG_KEYS */
1762		-
1763		-#ifdef CONFIG_AUDIT
1764		- int (audit_rule_init)(u32 field, u32 op, char rulestr,
1765		- void **lsmrule);
1766		- int (audit_rule_known)(struct audit_krule krule);
1767		- int (audit_rule_match)(u32 secid, u32 field, u32 op, void lsmrule,
1768		- struct audit_context *actx);
1769		- void (audit_rule_free)(void lsmrule);
1770		-#endif /* CONFIG_AUDIT */
1771		-
1772		-#ifdef CONFIG_BPF_SYSCALL
1773		- int (bpf)(int cmd, union bpf_attr attr,
1774		- unsigned int size);
1775		- int (bpf_map)(struct bpf_map map, fmode_t fmode);
1776		- int (bpf_prog)(struct bpf_prog prog);
1777		- int (bpf_map_alloc_security)(struct bpf_map map);
1778		- void (bpf_map_free_security)(struct bpf_map map);
1779		- int (bpf_prog_alloc_security)(struct bpf_prog_aux aux);
1780		- void (bpf_prog_free_security)(struct bpf_prog_aux aux);
1781		-#endif /* CONFIG_BPF_SYSCALL */
1782		-#ifdef CONFIG_PERF_EVENTS
1783		- int (perf_event_open)(struct perf_event_attr attr, int type);
1784		- int (perf_event_alloc)(struct perf_event event);
1785		- void (perf_event_free)(struct perf_event event);
1786		- int (perf_event_read)(struct perf_event event);
1787		- int (perf_event_write)(struct perf_event event);
1788		-
1789		-#endif
	1546	+ #define LSM_HOOK(RET, DEFAULT, NAME, ...) RET (*NAME)(__VA_ARGS__);
	1547	+ #include "lsm_hook_defs.h"
	1548	+ #undef LSM_HOOK
1790	1549	};
1791	1550
1792	1551	struct security_hook_heads {
1793		- struct hlist_head binder_set_context_mgr;
1794		- struct hlist_head binder_transaction;
1795		- struct hlist_head binder_transfer_binder;
1796		- struct hlist_head binder_transfer_file;
1797		- struct hlist_head ptrace_access_check;
1798		- struct hlist_head ptrace_traceme;
1799		- struct hlist_head capget;
1800		- struct hlist_head capset;
1801		- struct hlist_head capable;
1802		- struct hlist_head quotactl;
1803		- struct hlist_head quota_on;
1804		- struct hlist_head syslog;
1805		- struct hlist_head settime;
1806		- struct hlist_head vm_enough_memory;
1807		- struct hlist_head bprm_set_creds;
1808		- struct hlist_head bprm_check_security;
1809		- struct hlist_head bprm_committing_creds;
1810		- struct hlist_head bprm_committed_creds;
1811		- struct hlist_head sb_alloc_security;
1812		- struct hlist_head sb_free_security;
1813		- struct hlist_head sb_copy_data;
1814		- struct hlist_head sb_remount;
1815		- struct hlist_head sb_kern_mount;
1816		- struct hlist_head sb_show_options;
1817		- struct hlist_head sb_statfs;
1818		- struct hlist_head sb_mount;
1819		- struct hlist_head sb_umount;
1820		- struct hlist_head sb_pivotroot;
1821		- struct hlist_head sb_set_mnt_opts;
1822		- struct hlist_head sb_clone_mnt_opts;
1823		- struct hlist_head sb_parse_opts_str;
1824		- struct hlist_head dentry_init_security;
1825		- struct hlist_head dentry_create_files_as;
1826		-#ifdef CONFIG_SECURITY_PATH
1827		- struct hlist_head path_unlink;
1828		- struct hlist_head path_mkdir;
1829		- struct hlist_head path_rmdir;
1830		- struct hlist_head path_mknod;
1831		- struct hlist_head path_truncate;
1832		- struct hlist_head path_symlink;
1833		- struct hlist_head path_link;
1834		- struct hlist_head path_rename;
1835		- struct hlist_head path_chmod;
1836		- struct hlist_head path_chown;
1837		- struct hlist_head path_chroot;
1838		-#endif
1839		- struct hlist_head inode_alloc_security;
1840		- struct hlist_head inode_free_security;
1841		- struct hlist_head inode_init_security;
1842		- struct hlist_head inode_create;
1843		- struct hlist_head inode_link;
1844		- struct hlist_head inode_unlink;
1845		- struct hlist_head inode_symlink;
1846		- struct hlist_head inode_mkdir;
1847		- struct hlist_head inode_rmdir;
1848		- struct hlist_head inode_mknod;
1849		- struct hlist_head inode_rename;
1850		- struct hlist_head inode_readlink;
1851		- struct hlist_head inode_follow_link;
1852		- struct hlist_head inode_permission;
1853		- struct hlist_head inode_setattr;
1854		- struct hlist_head inode_getattr;
1855		- struct hlist_head inode_setxattr;
1856		- struct hlist_head inode_post_setxattr;
1857		- struct hlist_head inode_getxattr;
1858		- struct hlist_head inode_listxattr;
1859		- struct hlist_head inode_removexattr;
1860		- struct hlist_head inode_need_killpriv;
1861		- struct hlist_head inode_killpriv;
1862		- struct hlist_head inode_getsecurity;
1863		- struct hlist_head inode_setsecurity;
1864		- struct hlist_head inode_listsecurity;
1865		- struct hlist_head inode_getsecid;
1866		- struct hlist_head inode_copy_up;
1867		- struct hlist_head inode_copy_up_xattr;
1868		- struct hlist_head file_permission;
1869		- struct hlist_head file_alloc_security;
1870		- struct hlist_head file_free_security;
1871		- struct hlist_head file_ioctl;
1872		- struct hlist_head mmap_addr;
1873		- struct hlist_head mmap_file;
1874		- struct hlist_head file_mprotect;
1875		- struct hlist_head file_lock;
1876		- struct hlist_head file_fcntl;
1877		- struct hlist_head file_set_fowner;
1878		- struct hlist_head file_send_sigiotask;
1879		- struct hlist_head file_receive;
1880		- struct hlist_head file_open;
1881		- struct hlist_head task_alloc;
1882		- struct hlist_head task_free;
1883		- struct hlist_head cred_alloc_blank;
1884		- struct hlist_head cred_free;
1885		- struct hlist_head cred_prepare;
1886		- struct hlist_head cred_transfer;
1887		- struct hlist_head cred_getsecid;
1888		- struct hlist_head kernel_act_as;
1889		- struct hlist_head kernel_create_files_as;
1890		- struct hlist_head kernel_load_data;
1891		- struct hlist_head kernel_read_file;
1892		- struct hlist_head kernel_post_read_file;
1893		- struct hlist_head kernel_module_request;
1894		- struct hlist_head task_fix_setuid;
1895		- struct hlist_head task_setpgid;
1896		- struct hlist_head task_getpgid;
1897		- struct hlist_head task_getsid;
1898		- struct hlist_head task_getsecid;
1899		- struct hlist_head task_setnice;
1900		- struct hlist_head task_setioprio;
1901		- struct hlist_head task_getioprio;
1902		- struct hlist_head task_prlimit;
1903		- struct hlist_head task_setrlimit;
1904		- struct hlist_head task_setscheduler;
1905		- struct hlist_head task_getscheduler;
1906		- struct hlist_head task_movememory;
1907		- struct hlist_head task_kill;
1908		- struct hlist_head task_prctl;
1909		- struct hlist_head task_to_inode;
1910		- struct hlist_head ipc_permission;
1911		- struct hlist_head ipc_getsecid;
1912		- struct hlist_head msg_msg_alloc_security;
1913		- struct hlist_head msg_msg_free_security;
1914		- struct hlist_head msg_queue_alloc_security;
1915		- struct hlist_head msg_queue_free_security;
1916		- struct hlist_head msg_queue_associate;
1917		- struct hlist_head msg_queue_msgctl;
1918		- struct hlist_head msg_queue_msgsnd;
1919		- struct hlist_head msg_queue_msgrcv;
1920		- struct hlist_head shm_alloc_security;
1921		- struct hlist_head shm_free_security;
1922		- struct hlist_head shm_associate;
1923		- struct hlist_head shm_shmctl;
1924		- struct hlist_head shm_shmat;
1925		- struct hlist_head sem_alloc_security;
1926		- struct hlist_head sem_free_security;
1927		- struct hlist_head sem_associate;
1928		- struct hlist_head sem_semctl;
1929		- struct hlist_head sem_semop;
1930		- struct hlist_head netlink_send;
1931		- struct hlist_head d_instantiate;
1932		- struct hlist_head getprocattr;
1933		- struct hlist_head setprocattr;
1934		- struct hlist_head ismaclabel;
1935		- struct hlist_head secid_to_secctx;
1936		- struct hlist_head secctx_to_secid;
1937		- struct hlist_head release_secctx;
1938		- struct hlist_head inode_invalidate_secctx;
1939		- struct hlist_head inode_notifysecctx;
1940		- struct hlist_head inode_setsecctx;
1941		- struct hlist_head inode_getsecctx;
1942		-#ifdef CONFIG_SECURITY_NETWORK
1943		- struct hlist_head unix_stream_connect;
1944		- struct hlist_head unix_may_send;
1945		- struct hlist_head socket_create;
1946		- struct hlist_head socket_post_create;
1947		- struct hlist_head socket_socketpair;
1948		- struct hlist_head socket_bind;
1949		- struct hlist_head socket_connect;
1950		- struct hlist_head socket_listen;
1951		- struct hlist_head socket_accept;
1952		- struct hlist_head socket_sendmsg;
1953		- struct hlist_head socket_recvmsg;
1954		- struct hlist_head socket_getsockname;
1955		- struct hlist_head socket_getpeername;
1956		- struct hlist_head socket_getsockopt;
1957		- struct hlist_head socket_setsockopt;
1958		- struct hlist_head socket_shutdown;
1959		- struct hlist_head socket_sock_rcv_skb;
1960		- struct hlist_head socket_getpeersec_stream;
1961		- struct hlist_head socket_getpeersec_dgram;
1962		- struct hlist_head sk_alloc_security;
1963		- struct hlist_head sk_free_security;
1964		- struct hlist_head sk_clone_security;
1965		- struct hlist_head sk_getsecid;
1966		- struct hlist_head sock_graft;
1967		- struct hlist_head inet_conn_request;
1968		- struct hlist_head inet_csk_clone;
1969		- struct hlist_head inet_conn_established;
1970		- struct hlist_head secmark_relabel_packet;
1971		- struct hlist_head secmark_refcount_inc;
1972		- struct hlist_head secmark_refcount_dec;
1973		- struct hlist_head req_classify_flow;
1974		- struct hlist_head tun_dev_alloc_security;
1975		- struct hlist_head tun_dev_free_security;
1976		- struct hlist_head tun_dev_create;
1977		- struct hlist_head tun_dev_attach_queue;
1978		- struct hlist_head tun_dev_attach;
1979		- struct hlist_head tun_dev_open;
1980		- struct hlist_head sctp_assoc_request;
1981		- struct hlist_head sctp_bind_connect;
1982		- struct hlist_head sctp_sk_clone;
1983		-#endif /* CONFIG_SECURITY_NETWORK */
1984		-#ifdef CONFIG_SECURITY_INFINIBAND
1985		- struct hlist_head ib_pkey_access;
1986		- struct hlist_head ib_endport_manage_subnet;
1987		- struct hlist_head ib_alloc_security;
1988		- struct hlist_head ib_free_security;
1989		-#endif /* CONFIG_SECURITY_INFINIBAND */
1990		-#ifdef CONFIG_SECURITY_NETWORK_XFRM
1991		- struct hlist_head xfrm_policy_alloc_security;
1992		- struct hlist_head xfrm_policy_clone_security;
1993		- struct hlist_head xfrm_policy_free_security;
1994		- struct hlist_head xfrm_policy_delete_security;
1995		- struct hlist_head xfrm_state_alloc;
1996		- struct hlist_head xfrm_state_alloc_acquire;
1997		- struct hlist_head xfrm_state_free_security;
1998		- struct hlist_head xfrm_state_delete_security;
1999		- struct hlist_head xfrm_policy_lookup;
2000		- struct hlist_head xfrm_state_pol_flow_match;
2001		- struct hlist_head xfrm_decode_session;
2002		-#endif /* CONFIG_SECURITY_NETWORK_XFRM */
2003		-#ifdef CONFIG_KEYS
2004		- struct hlist_head key_alloc;
2005		- struct hlist_head key_free;
2006		- struct hlist_head key_permission;
2007		- struct hlist_head key_getsecurity;
2008		-#endif /* CONFIG_KEYS */
2009		-#ifdef CONFIG_AUDIT
2010		- struct hlist_head audit_rule_init;
2011		- struct hlist_head audit_rule_known;
2012		- struct hlist_head audit_rule_match;
2013		- struct hlist_head audit_rule_free;
2014		-#endif /* CONFIG_AUDIT */
2015		-#ifdef CONFIG_BPF_SYSCALL
2016		- struct hlist_head bpf;
2017		- struct hlist_head bpf_map;
2018		- struct hlist_head bpf_prog;
2019		- struct hlist_head bpf_map_alloc_security;
2020		- struct hlist_head bpf_map_free_security;
2021		- struct hlist_head bpf_prog_alloc_security;
2022		- struct hlist_head bpf_prog_free_security;
2023		-#endif /* CONFIG_BPF_SYSCALL */
2024		-#ifdef CONFIG_PERF_EVENTS
2025		- struct hlist_head perf_event_open;
2026		- struct hlist_head perf_event_alloc;
2027		- struct hlist_head perf_event_free;
2028		- struct hlist_head perf_event_read;
2029		- struct hlist_head perf_event_write;
2030		-#endif
	1552	+ #define LSM_HOOK(RET, DEFAULT, NAME, ...) struct hlist_head NAME;
	1553	+ #include "lsm_hook_defs.h"
	1554	+ #undef LSM_HOOK
2031	1555	} __randomize_layout;
2032	1556
2033	1557	/*
..	..	@@ -2040,6 +1564,24 @@
2040	1564	union security_list_options hook;
2041	1565	char *lsm;
2042	1566	} __randomize_layout;
	1567	+
	1568	+/*
	1569	+ * Security blob size or offset data.
	1570	+ */
	1571	+struct lsm_blob_sizes {
	1572	+ int lbs_cred;
	1573	+ int lbs_file;
	1574	+ int lbs_inode;
	1575	+ int lbs_ipc;
	1576	+ int lbs_msg_msg;
	1577	+ int lbs_task;
	1578	+};
	1579	+
	1580	+/*
	1581	+ * LSM_RET_VOID is used as the default value in LSM_HOOK definitions for void
	1582	+ * LSM hooks (in include/linux/lsm_hook_defs.h).
	1583	+ */
	1584	+#define LSM_RET_VOID ((void) 0)
2043	1585
2044	1586	/*
2045	1587	* Initializing a security_hook_list structure takes
..	..	@@ -2055,6 +1597,36 @@
2055	1597
2056	1598	extern void security_add_hooks(struct security_hook_list *hooks, int count,
2057	1599	char *lsm);
	1600	+
	1601	+#define LSM_FLAG_LEGACY_MAJOR BIT(0)
	1602	+#define LSM_FLAG_EXCLUSIVE BIT(1)
	1603	+
	1604	+enum lsm_order {
	1605	+ LSM_ORDER_FIRST = -1, /* This is only for capabilities. */
	1606	+ LSM_ORDER_MUTABLE = 0,
	1607	+};
	1608	+
	1609	+struct lsm_info {
	1610	+ const char name; / Required. */
	1611	+ enum lsm_order order; /* Optional: default is LSM_ORDER_MUTABLE */
	1612	+ unsigned long flags; /* Optional: flags describing LSM */
	1613	+ int enabled; / Optional: controlled by CONFIG_LSM */
	1614	+ int (init)(void); / Required. */
	1615	+ struct lsm_blob_sizes blobs; / Optional: for blob sharing. */
	1616	+};
	1617	+
	1618	+extern struct lsm_info __start_lsm_info[], __end_lsm_info[];
	1619	+extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
	1620	+
	1621	+#define DEFINE_LSM(lsm) \
	1622	+ static struct lsm_info __lsm_##lsm \
	1623	+ __used __section(".lsm_info.init") \
	1624	+ __aligned(sizeof(unsigned long))
	1625	+
	1626	+#define DEFINE_EARLY_LSM(lsm) \
	1627	+ static struct lsm_info __early_lsm_##lsm \
	1628	+ __used __section(".early_lsm_info.init") \
	1629	+ __aligned(sizeof(unsigned long))
2058	1630
2059	1631	#ifdef CONFIG_SECURITY_SELINUX_DISABLE
2060	1632	/*
..	..	@@ -2086,17 +1658,6 @@
2086	1658	#define __lsm_ro_after_init __ro_after_init
2087	1659	#endif /* CONFIG_SECURITY_WRITABLE_HOOKS */
2088	1660
2089		-extern int __init security_module_enable(const char *module);
2090		-extern void __init capability_add_hooks(void);
2091		-#ifdef CONFIG_SECURITY_YAMA
2092		-extern void __init yama_add_hooks(void);
2093		-#else
2094		-static inline void __init yama_add_hooks(void) { }
2095		-#endif
2096		-#ifdef CONFIG_SECURITY_LOADPIN
2097		-void __init loadpin_add_hooks(void);
2098		-#else
2099		-static inline void loadpin_add_hooks(void) { };
2100		-#endif
	1661	+extern int lsm_inode_alloc(struct inode *inode);
2101	1662
2102	1663	#endif /* ! __LINUX_LSM_HOOKS_H */