1	// SPDX-License-Identifier: GPL-2.0-or-later
2	/*
3	* Security plug functions
4	*
5	* Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
6	* Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com>
7	* Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
8	* Copyright (C) 2016 Mellanox Technologies
9	* Copyright (C) 2023 Microsoft Corporation <paul@paul-moore.com>
10	*/
11
12	#define pr_fmt(fmt) "LSM: " fmt
13
14	#include <linux/bpf.h>
15	#include <linux/capability.h>
16	#include <linux/dcache.h>
17	#include <linux/export.h>
18	#include <linux/init.h>
19	#include <linux/kernel.h>
20	#include <linux/kernel_read_file.h>
21	#include <linux/lsm_hooks.h>
22	#include <linux/mman.h>
23	#include <linux/mount.h>
24	#include <linux/personality.h>
25	#include <linux/backing-dev.h>
26	#include <linux/string.h>
27	#include <linux/xattr.h>
28	#include <linux/msg.h>
29	#include <linux/overflow.h>
30	#include <linux/perf_event.h>
31	#include <linux/fs.h>
32	#include <net/flow.h>
33	#include <net/sock.h>
34
35	#include "lsm.h"
36
37	/*
38	* These are descriptions of the reasons that can be passed to the
39	* security_locked_down() LSM hook. Placing this array here allows
40	* all security modules to use the same descriptions for auditing
41	* purposes.
42	*/
43	const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX + 1] = {
44	[LOCKDOWN_NONE] = "none",
45	[LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading",
46	[LOCKDOWN_DEV_MEM] = "/dev/mem,kmem,port",
47	[LOCKDOWN_EFI_TEST] = "/dev/efi_test access",
48	[LOCKDOWN_KEXEC] = "kexec of unsigned images",
49	[LOCKDOWN_HIBERNATION] = "hibernation",
50	[LOCKDOWN_PCI_ACCESS] = "direct PCI access",
51	[LOCKDOWN_IOPORT] = "raw io port access",
52	[LOCKDOWN_MSR] = "raw MSR access",
53	[LOCKDOWN_ACPI_TABLES] = "modifying ACPI tables",
54	[LOCKDOWN_DEVICE_TREE] = "modifying device tree contents",
55	[LOCKDOWN_PCMCIA_CIS] = "direct PCMCIA CIS storage",
56	[LOCKDOWN_TIOCSSERIAL] = "reconfiguration of serial port IO",
57	[LOCKDOWN_MODULE_PARAMETERS] = "unsafe module parameters",
58	[LOCKDOWN_MMIOTRACE] = "unsafe mmio",
59	[LOCKDOWN_DEBUGFS] = "debugfs access",
60	[LOCKDOWN_XMON_WR] = "xmon write access",
61	[LOCKDOWN_BPF_WRITE_USER] = "use of bpf to write user RAM",
62	[LOCKDOWN_DBG_WRITE_KERNEL] = "use of kgdb/kdb to write kernel RAM",
63	[LOCKDOWN_RTAS_ERROR_INJECTION] = "RTAS error injection",
64	[LOCKDOWN_INTEGRITY_MAX] = "integrity",
65	[LOCKDOWN_KCORE] = "/proc/kcore access",
66	[LOCKDOWN_KPROBES] = "use of kprobes",
67	[LOCKDOWN_BPF_READ_KERNEL] = "use of bpf to read kernel RAM",
68	[LOCKDOWN_DBG_READ_KERNEL] = "use of kgdb/kdb to read kernel RAM",
69	[LOCKDOWN_PERF] = "unsafe use of perf",
70	[LOCKDOWN_TRACEFS] = "use of tracefs",
71	[LOCKDOWN_XMON_RW] = "xmon read and write access",
72	[LOCKDOWN_XFRM_SECRET] = "xfrm SA secret",
73	[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
74	};
75
76	bool lsm_debug __ro_after_init;
77
78	unsigned int lsm_active_cnt __ro_after_init;
79	const struct lsm_id *lsm_idlist[MAX_LSM_COUNT];
80
81	struct lsm_blob_sizes blob_sizes;
82
83	struct kmem_cache *lsm_file_cache;
84	struct kmem_cache *lsm_inode_cache;
85
86	#define SECURITY_HOOK_ACTIVE_KEY(HOOK, IDX) security_hook_active_##HOOK##_##IDX
87
88	/*
89	* Identifier for the LSM static calls.
90	* HOOK is an LSM hook as defined in linux/lsm_hookdefs.h
91	* IDX is the index of the static call. 0 <= NUM < MAX_LSM_COUNT
92	*/
93	#define LSM_STATIC_CALL(HOOK, IDX) lsm_static_call_##HOOK##_##IDX
94
95	/*
96	* Call the macro M for each LSM hook MAX_LSM_COUNT times.
97	*/
98	#define LSM_LOOP_UNROLL(M, ...) \
99	do { \
100	UNROLL(MAX_LSM_COUNT, M, __VA_ARGS__) \
101	} while (0)
102
103	#define LSM_DEFINE_UNROLL(M, ...) UNROLL(MAX_LSM_COUNT, M, __VA_ARGS__)
104
105	#ifdef CONFIG_HAVE_STATIC_CALL
106	#define LSM_HOOK_TRAMP(NAME, NUM) \
107	&STATIC_CALL_TRAMP(LSM_STATIC_CALL(NAME, NUM))
108	#else
109	#define LSM_HOOK_TRAMP(NAME, NUM) NULL
110	#endif
111
112	/*
113	* Define static calls and static keys for each LSM hook.
114	*/
115	#define DEFINE_LSM_STATIC_CALL(NUM, NAME, RET, ...) \
116	DEFINE_STATIC_CALL_NULL(LSM_STATIC_CALL(NAME, NUM), \
117	*((RET(*)(__VA_ARGS__))NULL)); \
118	DEFINE_STATIC_KEY_FALSE(SECURITY_HOOK_ACTIVE_KEY(NAME, NUM));
119
120	#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
121	LSM_DEFINE_UNROLL(DEFINE_LSM_STATIC_CALL, NAME, RET, __VA_ARGS__)
122	#include <linux/lsm_hook_defs.h>
123	#undef LSM_HOOK
124	#undef DEFINE_LSM_STATIC_CALL
125
126	/*
127	* Initialise a table of static calls for each LSM hook.
128	* DEFINE_STATIC_CALL_NULL invocation above generates a key (STATIC_CALL_KEY)
129	* and a trampoline (STATIC_CALL_TRAMP) which are used to call
130	* __static_call_update when updating the static call.
131	*
132	* The static calls table is used by early LSMs, some architectures can fault on
133	* unaligned accesses and the fault handling code may not be ready by then.
134	* Thus, the static calls table should be aligned to avoid any unhandled faults
135	* in early init.
136	*/
137	struct lsm_static_calls_table
138	static_calls_table __ro_after_init __aligned(sizeof(u64)) = {
139	#define INIT_LSM_STATIC_CALL(NUM, NAME) \
140	(struct lsm_static_call) { \
141	.key = &STATIC_CALL_KEY(LSM_STATIC_CALL(NAME, NUM)), \
142	.trampoline = LSM_HOOK_TRAMP(NAME, NUM), \
143	.active = &SECURITY_HOOK_ACTIVE_KEY(NAME, NUM), \
144	},
145	#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
146	.NAME = { \
147	LSM_DEFINE_UNROLL(INIT_LSM_STATIC_CALL, NAME) \
148	},
149	#include <linux/lsm_hook_defs.h>
150	#undef LSM_HOOK
151	#undef INIT_LSM_STATIC_CALL
152	};
153
154	/**
155	* lsm_file_alloc - allocate a composite file blob
156	* @file: the file that needs a blob
157	*
158	* Allocate the file blob for all the modules
159	*
160	* Returns 0, or -ENOMEM if memory can't be allocated.
161	*/
162	static int lsm_file_alloc(struct file *file)
163	{
164	if (!lsm_file_cache) {
165	file->f_security = NULL;
166	return 0;
167	}
168
169	file->f_security = kmem_cache_zalloc(lsm_file_cache, GFP_KERNEL);
170	if (file->f_security == NULL)
171	return -ENOMEM;
172	return 0;
173	}
174
175	/**
176	* lsm_blob_alloc - allocate a composite blob
177	* @dest: the destination for the blob
178	* @size: the size of the blob
179	* @gfp: allocation type
180	*
181	* Allocate a blob for all the modules
182	*
183	* Returns 0, or -ENOMEM if memory can't be allocated.
184	*/
185	static int lsm_blob_alloc(void **dest, size_t size, gfp_t gfp)
186	{
187	if (size == 0) {
188	*dest = NULL;
189	return 0;
190	}
191
192	*dest = kzalloc(size, gfp);
193	if (*dest == NULL)
194	return -ENOMEM;
195	return 0;
196	}
197
198	/**
199	* lsm_cred_alloc - allocate a composite cred blob
200	* @cred: the cred that needs a blob
201	* @gfp: allocation type
202	*
203	* Allocate the cred blob for all the modules
204	*
205	* Returns 0, or -ENOMEM if memory can't be allocated.
206	*/
207	int lsm_cred_alloc(struct cred *cred, gfp_t gfp)
208	{
209	return lsm_blob_alloc(dest: &cred->security, size: blob_sizes.lbs_cred, gfp);
210	}
211
212	/**
213	* lsm_inode_alloc - allocate a composite inode blob
214	* @inode: the inode that needs a blob
215	* @gfp: allocation flags
216	*
217	* Allocate the inode blob for all the modules
218	*
219	* Returns 0, or -ENOMEM if memory can't be allocated.
220	*/
221	static int lsm_inode_alloc(struct inode *inode, gfp_t gfp)
222	{
223	if (!lsm_inode_cache) {
224	inode->i_security = NULL;
225	return 0;
226	}
227
228	inode->i_security = kmem_cache_zalloc(lsm_inode_cache, gfp);
229	if (inode->i_security == NULL)
230	return -ENOMEM;
231	return 0;
232	}
233
234	/**
235	* lsm_task_alloc - allocate a composite task blob
236	* @task: the task that needs a blob
237	*
238	* Allocate the task blob for all the modules
239	*
240	* Returns 0, or -ENOMEM if memory can't be allocated.
241	*/
242	int lsm_task_alloc(struct task_struct *task)
243	{
244	return lsm_blob_alloc(dest: &task->security, size: blob_sizes.lbs_task, GFP_KERNEL);
245	}
246
247	/**
248	* lsm_ipc_alloc - allocate a composite ipc blob
249	* @kip: the ipc that needs a blob
250	*
251	* Allocate the ipc blob for all the modules
252	*
253	* Returns 0, or -ENOMEM if memory can't be allocated.
254	*/
255	static int lsm_ipc_alloc(struct kern_ipc_perm *kip)
256	{
257	return lsm_blob_alloc(dest: &kip->security, size: blob_sizes.lbs_ipc, GFP_KERNEL);
258	}
259
260	#ifdef CONFIG_KEYS
261	/**
262	* lsm_key_alloc - allocate a composite key blob
263	* @key: the key that needs a blob
264	*
265	* Allocate the key blob for all the modules
266	*
267	* Returns 0, or -ENOMEM if memory can't be allocated.
268	*/
269	static int lsm_key_alloc(struct key *key)
270	{
271	return lsm_blob_alloc(dest: &key->security, size: blob_sizes.lbs_key, GFP_KERNEL);
272	}
273	#endif /* CONFIG_KEYS */
274
275	/**
276	* lsm_msg_msg_alloc - allocate a composite msg_msg blob
277	* @mp: the msg_msg that needs a blob
278	*
279	* Allocate the ipc blob for all the modules
280	*
281	* Returns 0, or -ENOMEM if memory can't be allocated.
282	*/
283	static int lsm_msg_msg_alloc(struct msg_msg *mp)
284	{
285	return lsm_blob_alloc(dest: &mp->security, size: blob_sizes.lbs_msg_msg,
286	GFP_KERNEL);
287	}
288
289	/**
290	* lsm_bdev_alloc - allocate a composite block_device blob
291	* @bdev: the block_device that needs a blob
292	*
293	* Allocate the block_device blob for all the modules
294	*
295	* Returns 0, or -ENOMEM if memory can't be allocated.
296	*/
297	static int lsm_bdev_alloc(struct block_device *bdev)
298	{
299	return lsm_blob_alloc(dest: &bdev->bd_security, size: blob_sizes.lbs_bdev,
300	GFP_KERNEL);
301	}
302
303	#ifdef CONFIG_BPF_SYSCALL
304	/**
305	* lsm_bpf_map_alloc - allocate a composite bpf_map blob
306	* @map: the bpf_map that needs a blob
307	*
308	* Allocate the bpf_map blob for all the modules
309	*
310	* Returns 0, or -ENOMEM if memory can't be allocated.
311	*/
312	static int lsm_bpf_map_alloc(struct bpf_map *map)
313	{
314	return lsm_blob_alloc(dest: &map->security, size: blob_sizes.lbs_bpf_map, GFP_KERNEL);
315	}
316
317	/**
318	* lsm_bpf_prog_alloc - allocate a composite bpf_prog blob
319	* @prog: the bpf_prog that needs a blob
320	*
321	* Allocate the bpf_prog blob for all the modules
322	*
323	* Returns 0, or -ENOMEM if memory can't be allocated.
324	*/
325	static int lsm_bpf_prog_alloc(struct bpf_prog *prog)
326	{
327	return lsm_blob_alloc(dest: &prog->aux->security, size: blob_sizes.lbs_bpf_prog, GFP_KERNEL);
328	}
329
330	/**
331	* lsm_bpf_token_alloc - allocate a composite bpf_token blob
332	* @token: the bpf_token that needs a blob
333	*
334	* Allocate the bpf_token blob for all the modules
335	*
336	* Returns 0, or -ENOMEM if memory can't be allocated.
337	*/
338	static int lsm_bpf_token_alloc(struct bpf_token *token)
339	{
340	return lsm_blob_alloc(dest: &token->security, size: blob_sizes.lbs_bpf_token, GFP_KERNEL);
341	}
342	#endif /* CONFIG_BPF_SYSCALL */
343
344	/**
345	* lsm_superblock_alloc - allocate a composite superblock blob
346	* @sb: the superblock that needs a blob
347	*
348	* Allocate the superblock blob for all the modules
349	*
350	* Returns 0, or -ENOMEM if memory can't be allocated.
351	*/
352	static int lsm_superblock_alloc(struct super_block *sb)
353	{
354	return lsm_blob_alloc(dest: &sb->s_security, size: blob_sizes.lbs_superblock,
355	GFP_KERNEL);
356	}
357
358	/**
359	* lsm_fill_user_ctx - Fill a user space lsm_ctx structure
360	* @uctx: a userspace LSM context to be filled
361	* @uctx_len: available uctx size (input), used uctx size (output)
362	* @val: the new LSM context value
363	* @val_len: the size of the new LSM context value
364	* @id: LSM id
365	* @flags: LSM defined flags
366	*
367	* Fill all of the fields in a userspace lsm_ctx structure. If @uctx is NULL
368	* simply calculate the required size to output via @utc_len and return
369	* success.
370	*
371	* Returns 0 on success, -E2BIG if userspace buffer is not large enough,
372	* -EFAULT on a copyout error, -ENOMEM if memory can't be allocated.
373	*/
374	int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, u32 *uctx_len,
375	void *val, size_t val_len,
376	u64 id, u64 flags)
377	{
378	struct lsm_ctx *nctx = NULL;
379	size_t nctx_len;
380	int rc = 0;
381
382	nctx_len = ALIGN(struct_size(nctx, ctx, val_len), sizeof(void *));
383	if (nctx_len > *uctx_len) {
384	rc = -E2BIG;
385	goto out;
386	}
387
388	/* no buffer - return success/0 and set @uctx_len to the req size */
389	if (!uctx)
390	goto out;
391
392	nctx = kzalloc(nctx_len, GFP_KERNEL);
393	if (nctx == NULL) {
394	rc = -ENOMEM;
395	goto out;
396	}
397	nctx->id = id;
398	nctx->flags = flags;
399	nctx->len = nctx_len;
400	nctx->ctx_len = val_len;
401	memcpy(nctx->ctx, val, val_len);
402
403	if (copy_to_user(to: uctx, from: nctx, n: nctx_len))
404	rc = -EFAULT;
405
406	out:
407	kfree(objp: nctx);
408	*uctx_len = nctx_len;
409	return rc;
410	}
411
412	/*
413	* The default value of the LSM hook is defined in linux/lsm_hook_defs.h and
414	* can be accessed with:
415	*
416	* LSM_RET_DEFAULT(<hook_name>)
417	*
418	* The macros below define static constants for the default value of each
419	* LSM hook.
420	*/
421	#define LSM_RET_DEFAULT(NAME) (NAME##_default)
422	#define DECLARE_LSM_RET_DEFAULT_void(DEFAULT, NAME)
423	#define DECLARE_LSM_RET_DEFAULT_int(DEFAULT, NAME) \
424	static const int __maybe_unused LSM_RET_DEFAULT(NAME) = (DEFAULT);
425	#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
426	DECLARE_LSM_RET_DEFAULT_##RET(DEFAULT, NAME)
427
428	#include <linux/lsm_hook_defs.h>
429	#undef LSM_HOOK
430
431	/*
432	* Hook list operation macros.
433	*
434	* call_void_hook:
435	* This is a hook that does not return a value.
436	*
437	* call_int_hook:
438	* This is a hook that returns a value.
439	*/
440	#define __CALL_STATIC_VOID(NUM, HOOK, ...) \
441	do { \
442	if (static_branch_unlikely(&SECURITY_HOOK_ACTIVE_KEY(HOOK, NUM))) { \
443	static_call(LSM_STATIC_CALL(HOOK, NUM))(__VA_ARGS__); \
444	} \
445	} while (0);
446
447	#define call_void_hook(HOOK, ...) \
448	do { \
449	LSM_LOOP_UNROLL(__CALL_STATIC_VOID, HOOK, __VA_ARGS__); \
450	} while (0)
451
452
453	#define __CALL_STATIC_INT(NUM, R, HOOK, LABEL, ...) \
454	do { \
455	if (static_branch_unlikely(&SECURITY_HOOK_ACTIVE_KEY(HOOK, NUM))) { \
456	R = static_call(LSM_STATIC_CALL(HOOK, NUM))(__VA_ARGS__); \
457	if (R != LSM_RET_DEFAULT(HOOK)) \
458	goto LABEL; \
459	} \
460	} while (0);
461
462	#define call_int_hook(HOOK, ...) \
463	({ \
464	__label__ OUT; \
465	int RC = LSM_RET_DEFAULT(HOOK); \
466	\
467	LSM_LOOP_UNROLL(__CALL_STATIC_INT, RC, HOOK, OUT, __VA_ARGS__); \
468	OUT: \
469	RC; \
470	})
471
472	#define lsm_for_each_hook(scall, NAME) \
473	for (scall = static_calls_table.NAME; \
474	scall - static_calls_table.NAME < MAX_LSM_COUNT; scall++) \
475	if (static_key_enabled(&scall->active->key))
476
477	/* Security operations */
478
479	/**
480	* security_binder_set_context_mgr() - Check if becoming binder ctx mgr is ok
481	* @mgr: task credentials of current binder process
482	*
483	* Check whether @mgr is allowed to be the binder context manager.
484	*
485	* Return: Return 0 if permission is granted.
486	*/
487	int security_binder_set_context_mgr(const struct cred *mgr)
488	{
489	return call_int_hook(binder_set_context_mgr, mgr);
490	}
491
492	/**
493	* security_binder_transaction() - Check if a binder transaction is allowed
494	* @from: sending process
495	* @to: receiving process
496	*
497	* Check whether @from is allowed to invoke a binder transaction call to @to.
498	*
499	* Return: Returns 0 if permission is granted.
500	*/
501	int security_binder_transaction(const struct cred *from,
502	const struct cred *to)
503	{
504	return call_int_hook(binder_transaction, from, to);
505	}
506
507	/**
508	* security_binder_transfer_binder() - Check if a binder transfer is allowed
509	* @from: sending process
510	* @to: receiving process
511	*
512	* Check whether @from is allowed to transfer a binder reference to @to.
513	*
514	* Return: Returns 0 if permission is granted.
515	*/
516	int security_binder_transfer_binder(const struct cred *from,
517	const struct cred *to)
518	{
519	return call_int_hook(binder_transfer_binder, from, to);
520	}
521
522	/**
523	* security_binder_transfer_file() - Check if a binder file xfer is allowed
524	* @from: sending process
525	* @to: receiving process
526	* @file: file being transferred
527	*
528	* Check whether @from is allowed to transfer @file to @to.
529	*
530	* Return: Returns 0 if permission is granted.
531	*/
532	int security_binder_transfer_file(const struct cred *from,
533	const struct cred *to, const struct file *file)
534	{
535	return call_int_hook(binder_transfer_file, from, to, file);
536	}
537
538	/**
539	* security_ptrace_access_check() - Check if tracing is allowed
540	* @child: target process
541	* @mode: PTRACE_MODE flags
542	*
543	* Check permission before allowing the current process to trace the @child
544	* process. Security modules may also want to perform a process tracing check
545	* during an execve in the set_security or apply_creds hooks of tracing check
546	* during an execve in the bprm_set_creds hook of binprm_security_ops if the
547	* process is being traced and its security attributes would be changed by the
548	* execve.
549	*
550	* Return: Returns 0 if permission is granted.
551	*/
552	int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
553	{
554	return call_int_hook(ptrace_access_check, child, mode);
555	}
556
557	/**
558	* security_ptrace_traceme() - Check if tracing is allowed
559	* @parent: tracing process
560	*
561	* Check that the @parent process has sufficient permission to trace the
562	* current process before allowing the current process to present itself to the
563	* @parent process for tracing.
564	*
565	* Return: Returns 0 if permission is granted.
566	*/
567	int security_ptrace_traceme(struct task_struct *parent)
568	{
569	return call_int_hook(ptrace_traceme, parent);
570	}
571
572	/**
573	* security_capget() - Get the capability sets for a process
574	* @target: target process
575	* @effective: effective capability set
576	* @inheritable: inheritable capability set
577	* @permitted: permitted capability set
578	*
579	* Get the @effective, @inheritable, and @permitted capability sets for the
580	* @target process. The hook may also perform permission checking to determine
581	* if the current process is allowed to see the capability sets of the @target
582	* process.
583	*
584	* Return: Returns 0 if the capability sets were successfully obtained.
585	*/
586	int security_capget(const struct task_struct *target,
587	kernel_cap_t *effective,
588	kernel_cap_t *inheritable,
589	kernel_cap_t *permitted)
590	{
591	return call_int_hook(capget, target, effective, inheritable, permitted);
592	}
593
594	/**
595	* security_capset() - Set the capability sets for a process
596	* @new: new credentials for the target process
597	* @old: current credentials of the target process
598	* @effective: effective capability set
599	* @inheritable: inheritable capability set
600	* @permitted: permitted capability set
601	*
602	* Set the @effective, @inheritable, and @permitted capability sets for the
603	* current process.
604	*
605	* Return: Returns 0 and update @new if permission is granted.
606	*/
607	int security_capset(struct cred *new, const struct cred *old,
608	const kernel_cap_t *effective,
609	const kernel_cap_t *inheritable,
610	const kernel_cap_t *permitted)
611	{
612	return call_int_hook(capset, new, old, effective, inheritable,
613	permitted);
614	}
615
616	/**
617	* security_capable() - Check if a process has the necessary capability
618	* @cred: credentials to examine
619	* @ns: user namespace
620	* @cap: capability requested
621	* @opts: capability check options
622	*
623	* Check whether the @tsk process has the @cap capability in the indicated
624	* credentials. @cap contains the capability <include/linux/capability.h>.
625	* @opts contains options for the capable check <include/linux/security.h>.
626	*
627	* Return: Returns 0 if the capability is granted.
628	*/
629	int security_capable(const struct cred *cred,
630	struct user_namespace *ns,
631	int cap,
632	unsigned int opts)
633	{
634	return call_int_hook(capable, cred, ns, cap, opts);
635	}
636
637	/**
638	* security_quotactl() - Check if a quotactl() syscall is allowed for this fs
639	* @cmds: commands
640	* @type: type
641	* @id: id
642	* @sb: filesystem
643	*
644	* Check whether the quotactl syscall is allowed for this @sb.
645	*
646	* Return: Returns 0 if permission is granted.
647	*/
648	int security_quotactl(int cmds, int type, int id, const struct super_block *sb)
649	{
650	return call_int_hook(quotactl, cmds, type, id, sb);
651	}
652
653	/**
654	* security_quota_on() - Check if QUOTAON is allowed for a dentry
655	* @dentry: dentry
656	*
657	* Check whether QUOTAON is allowed for @dentry.
658	*
659	* Return: Returns 0 if permission is granted.
660	*/
661	int security_quota_on(struct dentry *dentry)
662	{
663	return call_int_hook(quota_on, dentry);
664	}
665
666	/**
667	* security_syslog() - Check if accessing the kernel message ring is allowed
668	* @type: SYSLOG_ACTION_* type
669	*
670	* Check permission before accessing the kernel message ring or changing
671	* logging to the console. See the syslog(2) manual page for an explanation of
672	* the @type values.
673	*
674	* Return: Return 0 if permission is granted.
675	*/
676	int security_syslog(int type)
677	{
678	return call_int_hook(syslog, type);
679	}
680
681	/**
682	* security_settime64() - Check if changing the system time is allowed
683	* @ts: new time
684	* @tz: timezone
685	*
686	* Check permission to change the system time, struct timespec64 is defined in
687	* <include/linux/time64.h> and timezone is defined in <include/linux/time.h>.
688	*
689	* Return: Returns 0 if permission is granted.
690	*/
691	int security_settime64(const struct timespec64 *ts, const struct timezone *tz)
692	{
693	return call_int_hook(settime, ts, tz);
694	}
695
696	/**
697	* security_vm_enough_memory_mm() - Check if allocating a new mem map is allowed
698	* @mm: mm struct
699	* @pages: number of pages
700	*
701	* Check permissions for allocating a new virtual mapping. If all LSMs return
702	* a positive value, __vm_enough_memory() will be called with cap_sys_admin
703	* set. If at least one LSM returns 0 or negative, __vm_enough_memory() will be
704	* called with cap_sys_admin cleared.
705	*
706	* Return: Returns 0 if permission is granted by the LSM infrastructure to the
707	* caller.
708	*/
709	int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
710	{
711	struct lsm_static_call *scall;
712	int cap_sys_admin = 1;
713	int rc;
714
715	/*
716	* The module will respond with 0 if it thinks the __vm_enough_memory()
717	* call should be made with the cap_sys_admin set. If all of the modules
718	* agree that it should be set it will. If any module thinks it should
719	* not be set it won't.
720	*/
721	lsm_for_each_hook(scall, vm_enough_memory) {
722	rc = scall->hl->hook.vm_enough_memory(mm, pages);
723	if (rc < 0) {
724	cap_sys_admin = 0;
725	break;
726	}
727	}
728	return __vm_enough_memory(mm, pages, cap_sys_admin);
729	}
730
731	/**
732	* security_bprm_creds_for_exec() - Prepare the credentials for exec()
733	* @bprm: binary program information
734	*
735	* If the setup in prepare_exec_creds did not setup @bprm->cred->security
736	* properly for executing @bprm->file, update the LSM's portion of
737	* @bprm->cred->security to be what commit_creds needs to install for the new
738	* program. This hook may also optionally check permissions (e.g. for
739	* transitions between security domains). The hook must set @bprm->secureexec
740	* to 1 if AT_SECURE should be set to request libc enable secure mode. @bprm
741	* contains the linux_binprm structure.
742	*
743	* If execveat(2) is called with the AT_EXECVE_CHECK flag, bprm->is_check is
744	* set. The result must be the same as without this flag even if the execution
745	* will never really happen and @bprm will always be dropped.
746	*
747	* This hook must not change current->cred, only @bprm->cred.
748	*
749	* Return: Returns 0 if the hook is successful and permission is granted.
750	*/
751	int security_bprm_creds_for_exec(struct linux_binprm *bprm)
752	{
753	return call_int_hook(bprm_creds_for_exec, bprm);
754	}
755
756	/**
757	* security_bprm_creds_from_file() - Update linux_binprm creds based on file
758	* @bprm: binary program information
759	* @file: associated file
760	*
761	* If @file is setpcap, suid, sgid or otherwise marked to change privilege upon
762	* exec, update @bprm->cred to reflect that change. This is called after
763	* finding the binary that will be executed without an interpreter. This
764	* ensures that the credentials will not be derived from a script that the
765	* binary will need to reopen, which when reopend may end up being a completely
766	* different file. This hook may also optionally check permissions (e.g. for
767	* transitions between security domains). The hook must set @bprm->secureexec
768	* to 1 if AT_SECURE should be set to request libc enable secure mode. The
769	* hook must add to @bprm->per_clear any personality flags that should be
770	* cleared from current->personality. @bprm contains the linux_binprm
771	* structure.
772	*
773	* Return: Returns 0 if the hook is successful and permission is granted.
774	*/
775	int security_bprm_creds_from_file(struct linux_binprm *bprm, const struct file *file)
776	{
777	return call_int_hook(bprm_creds_from_file, bprm, file);
778	}
779
780	/**
781	* security_bprm_check() - Mediate binary handler search
782	* @bprm: binary program information
783	*
784	* This hook mediates the point when a search for a binary handler will begin.
785	* It allows a check against the @bprm->cred->security value which was set in
786	* the preceding creds_for_exec call. The argv list and envp list are reliably
787	* available in @bprm. This hook may be called multiple times during a single
788	* execve. @bprm contains the linux_binprm structure.
789	*
790	* Return: Returns 0 if the hook is successful and permission is granted.
791	*/
792	int security_bprm_check(struct linux_binprm *bprm)
793	{
794	return call_int_hook(bprm_check_security, bprm);
795	}
796
797	/**
798	* security_bprm_committing_creds() - Install creds for a process during exec()
799	* @bprm: binary program information
800	*
801	* Prepare to install the new security attributes of a process being
802	* transformed by an execve operation, based on the old credentials pointed to
803	* by @current->cred and the information set in @bprm->cred by the
804	* bprm_creds_for_exec hook. @bprm points to the linux_binprm structure. This
805	* hook is a good place to perform state changes on the process such as closing
806	* open file descriptors to which access will no longer be granted when the
807	* attributes are changed. This is called immediately before commit_creds().
808	*/
809	void security_bprm_committing_creds(const struct linux_binprm *bprm)
810	{
811	call_void_hook(bprm_committing_creds, bprm);
812	}
813
814	/**
815	* security_bprm_committed_creds() - Tidy up after cred install during exec()
816	* @bprm: binary program information
817	*
818	* Tidy up after the installation of the new security attributes of a process
819	* being transformed by an execve operation. The new credentials have, by this
820	* point, been set to @current->cred. @bprm points to the linux_binprm
821	* structure. This hook is a good place to perform state changes on the
822	* process such as clearing out non-inheritable signal state. This is called
823	* immediately after commit_creds().
824	*/
825	void security_bprm_committed_creds(const struct linux_binprm *bprm)
826	{
827	call_void_hook(bprm_committed_creds, bprm);
828	}
829
830	/**
831	* security_fs_context_submount() - Initialise fc->security
832	* @fc: new filesystem context
833	* @reference: dentry reference for submount/remount
834	*
835	* Fill out the ->security field for a new fs_context.
836	*
837	* Return: Returns 0 on success or negative error code on failure.
838	*/
839	int security_fs_context_submount(struct fs_context *fc, struct super_block *reference)
840	{
841	return call_int_hook(fs_context_submount, fc, reference);
842	}
843
844	/**
845	* security_fs_context_dup() - Duplicate a fs_context LSM blob
846	* @fc: destination filesystem context
847	* @src_fc: source filesystem context
848	*
849	* Allocate and attach a security structure to sc->security. This pointer is
850	* initialised to NULL by the caller. @fc indicates the new filesystem context.
851	* @src_fc indicates the original filesystem context.
852	*
853	* Return: Returns 0 on success or a negative error code on failure.
854	*/
855	int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc)
856	{
857	return call_int_hook(fs_context_dup, fc, src_fc);
858	}
859
860	/**
861	* security_fs_context_parse_param() - Configure a filesystem context
862	* @fc: filesystem context
863	* @param: filesystem parameter
864	*
865	* Userspace provided a parameter to configure a superblock. The LSM can
866	* consume the parameter or return it to the caller for use elsewhere.
867	*
868	* Return: If the parameter is used by the LSM it should return 0, if it is
869	* returned to the caller -ENOPARAM is returned, otherwise a negative
870	* error code is returned.
871	*/
872	int security_fs_context_parse_param(struct fs_context *fc,
873	struct fs_parameter *param)
874	{
875	struct lsm_static_call *scall;
876	int trc;
877	int rc = -ENOPARAM;
878
879	lsm_for_each_hook(scall, fs_context_parse_param) {
880	trc = scall->hl->hook.fs_context_parse_param(fc, param);
881	if (trc == 0)
882	rc = 0;
883	else if (trc != -ENOPARAM)
884	return trc;
885	}
886	return rc;
887	}
888
889	/**
890	* security_sb_alloc() - Allocate a super_block LSM blob
891	* @sb: filesystem superblock
892	*
893	* Allocate and attach a security structure to the sb->s_security field. The
894	* s_security field is initialized to NULL when the structure is allocated.
895	* @sb contains the super_block structure to be modified.
896	*
897	* Return: Returns 0 if operation was successful.
898	*/
899	int security_sb_alloc(struct super_block *sb)
900	{
901	int rc = lsm_superblock_alloc(sb);
902
903	if (unlikely(rc))
904	return rc;
905	rc = call_int_hook(sb_alloc_security, sb);
906	if (unlikely(rc))
907	security_sb_free(sb);
908	return rc;
909	}
910
911	/**
912	* security_sb_delete() - Release super_block LSM associated objects
913	* @sb: filesystem superblock
914	*
915	* Release objects tied to a superblock (e.g. inodes). @sb contains the
916	* super_block structure being released.
917	*/
918	void security_sb_delete(struct super_block *sb)
919	{
920	call_void_hook(sb_delete, sb);
921	}
922
923	/**
924	* security_sb_free() - Free a super_block LSM blob
925	* @sb: filesystem superblock
926	*
927	* Deallocate and clear the sb->s_security field. @sb contains the super_block
928	* structure to be modified.
929	*/
930	void security_sb_free(struct super_block *sb)
931	{
932	call_void_hook(sb_free_security, sb);
933	kfree(objp: sb->s_security);
934	sb->s_security = NULL;
935	}
936
937	/**
938	* security_free_mnt_opts() - Free memory associated with mount options
939	* @mnt_opts: LSM processed mount options
940	*
941	* Free memory associated with @mnt_ops.
942	*/
943	void security_free_mnt_opts(void **mnt_opts)
944	{
945	if (!*mnt_opts)
946	return;
947	call_void_hook(sb_free_mnt_opts, *mnt_opts);
948	*mnt_opts = NULL;
949	}
950	EXPORT_SYMBOL(security_free_mnt_opts);
951
952	/**
953	* security_sb_eat_lsm_opts() - Consume LSM mount options
954	* @options: mount options
955	* @mnt_opts: LSM processed mount options
956	*
957	* Eat (scan @options) and save them in @mnt_opts.
958	*
959	* Return: Returns 0 on success, negative values on failure.
960	*/
961	int security_sb_eat_lsm_opts(char *options, void **mnt_opts)
962	{
963	return call_int_hook(sb_eat_lsm_opts, options, mnt_opts);
964	}
965	EXPORT_SYMBOL(security_sb_eat_lsm_opts);
966
967	/**
968	* security_sb_mnt_opts_compat() - Check if new mount options are allowed
969	* @sb: filesystem superblock
970	* @mnt_opts: new mount options
971	*
972	* Determine if the new mount options in @mnt_opts are allowed given the
973	* existing mounted filesystem at @sb. @sb superblock being compared.
974	*
975	* Return: Returns 0 if options are compatible.
976	*/
977	int security_sb_mnt_opts_compat(struct super_block *sb,
978	void *mnt_opts)
979	{
980	return call_int_hook(sb_mnt_opts_compat, sb, mnt_opts);
981	}
982	EXPORT_SYMBOL(security_sb_mnt_opts_compat);
983
984	/**
985	* security_sb_remount() - Verify no incompatible mount changes during remount
986	* @sb: filesystem superblock
987	* @mnt_opts: (re)mount options
988	*
989	* Extracts security system specific mount options and verifies no changes are
990	* being made to those options.
991	*
992	* Return: Returns 0 if permission is granted.
993	*/
994	int security_sb_remount(struct super_block *sb,
995	void *mnt_opts)
996	{
997	return call_int_hook(sb_remount, sb, mnt_opts);
998	}
999	EXPORT_SYMBOL(security_sb_remount);
1000
1001	/**
1002	* security_sb_kern_mount() - Check if a kernel mount is allowed
1003	* @sb: filesystem superblock
1004	*
1005	* Mount this @sb if allowed by permissions.
1006	*
1007	* Return: Returns 0 if permission is granted.
1008	*/
1009	int security_sb_kern_mount(const struct super_block *sb)
1010	{
1011	return call_int_hook(sb_kern_mount, sb);
1012	}
1013
1014	/**
1015	* security_sb_show_options() - Output the mount options for a superblock
1016	* @m: output file
1017	* @sb: filesystem superblock
1018	*
1019	* Show (print on @m) mount options for this @sb.
1020	*
1021	* Return: Returns 0 on success, negative values on failure.
1022	*/
1023	int security_sb_show_options(struct seq_file *m, struct super_block *sb)
1024	{
1025	return call_int_hook(sb_show_options, m, sb);
1026	}
1027
1028	/**
1029	* security_sb_statfs() - Check if accessing fs stats is allowed
1030	* @dentry: superblock handle
1031	*
1032	* Check permission before obtaining filesystem statistics for the @mnt
1033	* mountpoint. @dentry is a handle on the superblock for the filesystem.
1034	*
1035	* Return: Returns 0 if permission is granted.
1036	*/
1037	int security_sb_statfs(struct dentry *dentry)
1038	{
1039	return call_int_hook(sb_statfs, dentry);
1040	}
1041
1042	/**
1043	* security_sb_mount() - Check permission for mounting a filesystem
1044	* @dev_name: filesystem backing device
1045	* @path: mount point
1046	* @type: filesystem type
1047	* @flags: mount flags
1048	* @data: filesystem specific data
1049	*
1050	* Check permission before an object specified by @dev_name is mounted on the
1051	* mount point named by @nd. For an ordinary mount, @dev_name identifies a
1052	* device if the file system type requires a device. For a remount
1053	* (@flags & MS_REMOUNT), @dev_name is irrelevant. For a loopback/bind mount
1054	* (@flags & MS_BIND), @dev_name identifies the pathname of the object being
1055	* mounted.
1056	*
1057	* Return: Returns 0 if permission is granted.
1058	*/
1059	int security_sb_mount(const char *dev_name, const struct path *path,
1060	const char *type, unsigned long flags, void *data)
1061	{
1062	return call_int_hook(sb_mount, dev_name, path, type, flags, data);
1063	}
1064
1065	/**
1066	* security_sb_umount() - Check permission for unmounting a filesystem
1067	* @mnt: mounted filesystem
1068	* @flags: unmount flags
1069	*
1070	* Check permission before the @mnt file system is unmounted.
1071	*
1072	* Return: Returns 0 if permission is granted.
1073	*/
1074	int security_sb_umount(struct vfsmount *mnt, int flags)
1075	{
1076	return call_int_hook(sb_umount, mnt, flags);
1077	}
1078
1079	/**
1080	* security_sb_pivotroot() - Check permissions for pivoting the rootfs
1081	* @old_path: new location for current rootfs
1082	* @new_path: location of the new rootfs
1083	*
1084	* Check permission before pivoting the root filesystem.
1085	*
1086	* Return: Returns 0 if permission is granted.
1087	*/
1088	int security_sb_pivotroot(const struct path *old_path,
1089	const struct path *new_path)
1090	{
1091	return call_int_hook(sb_pivotroot, old_path, new_path);
1092	}
1093
1094	/**
1095	* security_sb_set_mnt_opts() - Set the mount options for a filesystem
1096	* @sb: filesystem superblock
1097	* @mnt_opts: binary mount options
1098	* @kern_flags: kernel flags (in)
1099	* @set_kern_flags: kernel flags (out)
1100	*
1101	* Set the security relevant mount options used for a superblock.
1102	*
1103	* Return: Returns 0 on success, error on failure.
1104	*/
1105	int security_sb_set_mnt_opts(struct super_block *sb,
1106	void *mnt_opts,
1107	unsigned long kern_flags,
1108	unsigned long *set_kern_flags)
1109	{
1110	struct lsm_static_call *scall;
1111	int rc = mnt_opts ? -EOPNOTSUPP : LSM_RET_DEFAULT(sb_set_mnt_opts);
1112
1113	lsm_for_each_hook(scall, sb_set_mnt_opts) {
1114	rc = scall->hl->hook.sb_set_mnt_opts(sb, mnt_opts, kern_flags,
1115	set_kern_flags);
1116	if (rc != LSM_RET_DEFAULT(sb_set_mnt_opts))
1117	break;
1118	}
1119	return rc;
1120	}
1121	EXPORT_SYMBOL(security_sb_set_mnt_opts);
1122
1123	/**
1124	* security_sb_clone_mnt_opts() - Duplicate superblock mount options
1125	* @oldsb: source superblock
1126	* @newsb: destination superblock
1127	* @kern_flags: kernel flags (in)
1128	* @set_kern_flags: kernel flags (out)
1129	*
1130	* Copy all security options from a given superblock to another.
1131	*
1132	* Return: Returns 0 on success, error on failure.
1133	*/
1134	int security_sb_clone_mnt_opts(const struct super_block *oldsb,
1135	struct super_block *newsb,
1136	unsigned long kern_flags,
1137	unsigned long *set_kern_flags)
1138	{
1139	return call_int_hook(sb_clone_mnt_opts, oldsb, newsb,
1140	kern_flags, set_kern_flags);
1141	}
1142	EXPORT_SYMBOL(security_sb_clone_mnt_opts);
1143
1144	/**
1145	* security_move_mount() - Check permissions for moving a mount
1146	* @from_path: source mount point
1147	* @to_path: destination mount point
1148	*
1149	* Check permission before a mount is moved.
1150	*
1151	* Return: Returns 0 if permission is granted.
1152	*/
1153	int security_move_mount(const struct path *from_path,
1154	const struct path *to_path)
1155	{
1156	return call_int_hook(move_mount, from_path, to_path);
1157	}
1158
1159	/**
1160	* security_path_notify() - Check if setting a watch is allowed
1161	* @path: file path
1162	* @mask: event mask
1163	* @obj_type: file path type
1164	*
1165	* Check permissions before setting a watch on events as defined by @mask, on
1166	* an object at @path, whose type is defined by @obj_type.
1167	*
1168	* Return: Returns 0 if permission is granted.
1169	*/
1170	int security_path_notify(const struct path *path, u64 mask,
1171	unsigned int obj_type)
1172	{
1173	return call_int_hook(path_notify, path, mask, obj_type);
1174	}
1175
1176	/**
1177	* security_inode_alloc() - Allocate an inode LSM blob
1178	* @inode: the inode
1179	* @gfp: allocation flags
1180	*
1181	* Allocate and attach a security structure to @inode->i_security. The
1182	* i_security field is initialized to NULL when the inode structure is
1183	* allocated.
1184	*
1185	* Return: Return 0 if operation was successful.
1186	*/
1187	int security_inode_alloc(struct inode *inode, gfp_t gfp)
1188	{
1189	int rc = lsm_inode_alloc(inode, gfp);
1190
1191	if (unlikely(rc))
1192	return rc;
1193	rc = call_int_hook(inode_alloc_security, inode);
1194	if (unlikely(rc))
1195	security_inode_free(inode);
1196	return rc;
1197	}
1198
1199	static void inode_free_by_rcu(struct rcu_head *head)
1200	{
1201	/* The rcu head is at the start of the inode blob */
1202	call_void_hook(inode_free_security_rcu, head);
1203	kmem_cache_free(s: lsm_inode_cache, objp: head);
1204	}
1205
1206	/**
1207	* security_inode_free() - Free an inode's LSM blob
1208	* @inode: the inode
1209	*
1210	* Release any LSM resources associated with @inode, although due to the
1211	* inode's RCU protections it is possible that the resources will not be
1212	* fully released until after the current RCU grace period has elapsed.
1213	*
1214	* It is important for LSMs to note that despite being present in a call to
1215	* security_inode_free(), @inode may still be referenced in a VFS path walk
1216	* and calls to security_inode_permission() may be made during, or after,
1217	* a call to security_inode_free(). For this reason the inode->i_security
1218	* field is released via a call_rcu() callback and any LSMs which need to
1219	* retain inode state for use in security_inode_permission() should only
1220	* release that state in the inode_free_security_rcu() LSM hook callback.
1221	*/
1222	void security_inode_free(struct inode *inode)
1223	{
1224	call_void_hook(inode_free_security, inode);
1225	if (!inode->i_security)
1226	return;
1227	call_rcu(head: (struct rcu_head *)inode->i_security, func: inode_free_by_rcu);
1228	}
1229
1230	/**
1231	* security_dentry_init_security() - Perform dentry initialization
1232	* @dentry: the dentry to initialize
1233	* @mode: mode used to determine resource type
1234	* @name: name of the last path component
1235	* @xattr_name: name of the security/LSM xattr
1236	* @lsmctx: pointer to the resulting LSM context
1237	*
1238	* Compute a context for a dentry as the inode is not yet available since NFSv4
1239	* has no label backed by an EA anyway. It is important to note that
1240	* @xattr_name does not need to be free'd by the caller, it is a static string.
1241	*
1242	* Return: Returns 0 on success, negative values on failure.
1243	*/
1244	int security_dentry_init_security(struct dentry *dentry, int mode,
1245	const struct qstr *name,
1246	const char **xattr_name,
1247	struct lsm_context *lsmctx)
1248	{
1249	return call_int_hook(dentry_init_security, dentry, mode, name,
1250	xattr_name, lsmctx);
1251	}
1252	EXPORT_SYMBOL(security_dentry_init_security);
1253
1254	/**
1255	* security_dentry_create_files_as() - Perform dentry initialization
1256	* @dentry: the dentry to initialize
1257	* @mode: mode used to determine resource type
1258	* @name: name of the last path component
1259	* @old: creds to use for LSM context calculations
1260	* @new: creds to modify
1261	*
1262	* Compute a context for a dentry as the inode is not yet available and set
1263	* that context in passed in creds so that new files are created using that
1264	* context. Context is calculated using the passed in creds and not the creds
1265	* of the caller.
1266	*
1267	* Return: Returns 0 on success, error on failure.
1268	*/
1269	int security_dentry_create_files_as(struct dentry *dentry, int mode,
1270	const struct qstr *name,
1271	const struct cred *old, struct cred *new)
1272	{
1273	return call_int_hook(dentry_create_files_as, dentry, mode,
1274	name, old, new);
1275	}
1276	EXPORT_SYMBOL(security_dentry_create_files_as);
1277
1278	/**
1279	* security_inode_init_security() - Initialize an inode's LSM context
1280	* @inode: the inode
1281	* @dir: parent directory
1282	* @qstr: last component of the pathname
1283	* @initxattrs: callback function to write xattrs
1284	* @fs_data: filesystem specific data
1285	*
1286	* Obtain the security attribute name suffix and value to set on a newly
1287	* created inode and set up the incore security field for the new inode. This
1288	* hook is called by the fs code as part of the inode creation transaction and
1289	* provides for atomic labeling of the inode, unlike the post_create/mkdir/...
1290	* hooks called by the VFS.
1291	*
1292	* The hook function is expected to populate the xattrs array, by calling
1293	* lsm_get_xattr_slot() to retrieve the slots reserved by the security module
1294	* with the lbs_xattr_count field of the lsm_blob_sizes structure. For each
1295	* slot, the hook function should set ->name to the attribute name suffix
1296	* (e.g. selinux), to allocate ->value (will be freed by the caller) and set it
1297	* to the attribute value, to set ->value_len to the length of the value. If
1298	* the security module does not use security attributes or does not wish to put
1299	* a security attribute on this particular inode, then it should return
1300	* -EOPNOTSUPP to skip this processing.
1301	*
1302	* Return: Returns 0 if the LSM successfully initialized all of the inode
1303	* security attributes that are required, negative values otherwise.
1304	*/
1305	int security_inode_init_security(struct inode *inode, struct inode *dir,
1306	const struct qstr *qstr,
1307	const initxattrs initxattrs, void *fs_data)
1308	{
1309	struct lsm_static_call *scall;
1310	struct xattr *new_xattrs = NULL;
1311	int ret = -EOPNOTSUPP, xattr_count = 0;
1312
1313	if (unlikely(IS_PRIVATE(inode)))
1314	return 0;
1315
1316	if (!blob_sizes.lbs_xattr_count)
1317	return 0;
1318
1319	if (initxattrs) {
1320	/* Allocate +1 as terminator. */
1321	new_xattrs = kcalloc(blob_sizes.lbs_xattr_count + 1,
1322	sizeof(*new_xattrs), GFP_NOFS);
1323	if (!new_xattrs)
1324	return -ENOMEM;
1325	}
1326
1327	lsm_for_each_hook(scall, inode_init_security) {
1328	ret = scall->hl->hook.inode_init_security(inode, dir, qstr, new_xattrs,
1329	&xattr_count);
1330	if (ret && ret != -EOPNOTSUPP)
1331	goto out;
1332	/*
1333	* As documented in lsm_hooks.h, -EOPNOTSUPP in this context
1334	* means that the LSM is not willing to provide an xattr, not
1335	* that it wants to signal an error. Thus, continue to invoke
1336	* the remaining LSMs.
1337	*/
1338	}
1339
1340	/* If initxattrs() is NULL, xattr_count is zero, skip the call. */
1341	if (!xattr_count)
1342	goto out;
1343
1344	ret = initxattrs(inode, new_xattrs, fs_data);
1345	out:
1346	for (; xattr_count > 0; xattr_count--)
1347	kfree(objp: new_xattrs[xattr_count - 1].value);
1348	kfree(objp: new_xattrs);
1349	return (ret == -EOPNOTSUPP) ? 0 : ret;
1350	}
1351	EXPORT_SYMBOL(security_inode_init_security);
1352
1353	/**
1354	* security_inode_init_security_anon() - Initialize an anonymous inode
1355	* @inode: the inode
1356	* @name: the anonymous inode class
1357	* @context_inode: an optional related inode
1358	*
1359	* Set up the incore security field for the new anonymous inode and return
1360	* whether the inode creation is permitted by the security module or not.
1361	*
1362	* Return: Returns 0 on success, -EACCES if the security module denies the
1363	* creation of this inode, or another -errno upon other errors.
1364	*/
1365	int security_inode_init_security_anon(struct inode *inode,
1366	const struct qstr *name,
1367	const struct inode *context_inode)
1368	{
1369	return call_int_hook(inode_init_security_anon, inode, name,
1370	context_inode);
1371	}
1372
1373	#ifdef CONFIG_SECURITY_PATH
1374	/**
1375	* security_path_mknod() - Check if creating a special file is allowed
1376	* @dir: parent directory
1377	* @dentry: new file
1378	* @mode: new file mode
1379	* @dev: device number
1380	*
1381	* Check permissions when creating a file. Note that this hook is called even
1382	* if mknod operation is being done for a regular file.
1383	*
1384	* Return: Returns 0 if permission is granted.
1385	*/
1386	int security_path_mknod(const struct path *dir, struct dentry *dentry,
1387	umode_t mode, unsigned int dev)
1388	{
1389	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
1390	return 0;
1391	return call_int_hook(path_mknod, dir, dentry, mode, dev);
1392	}
1393	EXPORT_SYMBOL(security_path_mknod);
1394
1395	/**
1396	* security_path_post_mknod() - Update inode security after reg file creation
1397	* @idmap: idmap of the mount
1398	* @dentry: new file
1399	*
1400	* Update inode security field after a regular file has been created.
1401	*/
1402	void security_path_post_mknod(struct mnt_idmap *idmap, struct dentry *dentry)
1403	{
1404	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
1405	return;
1406	call_void_hook(path_post_mknod, idmap, dentry);
1407	}
1408
1409	/**
1410	* security_path_mkdir() - Check if creating a new directory is allowed
1411	* @dir: parent directory
1412	* @dentry: new directory
1413	* @mode: new directory mode
1414	*
1415	* Check permissions to create a new directory in the existing directory.
1416	*
1417	* Return: Returns 0 if permission is granted.
1418	*/
1419	int security_path_mkdir(const struct path *dir, struct dentry *dentry,
1420	umode_t mode)
1421	{
1422	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
1423	return 0;
1424	return call_int_hook(path_mkdir, dir, dentry, mode);
1425	}
1426	EXPORT_SYMBOL(security_path_mkdir);
1427
1428	/**
1429	* security_path_rmdir() - Check if removing a directory is allowed
1430	* @dir: parent directory
1431	* @dentry: directory to remove
1432	*
1433	* Check the permission to remove a directory.
1434	*
1435	* Return: Returns 0 if permission is granted.
1436	*/
1437	int security_path_rmdir(const struct path *dir, struct dentry *dentry)
1438	{
1439	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
1440	return 0;
1441	return call_int_hook(path_rmdir, dir, dentry);
1442	}
1443
1444	/**
1445	* security_path_unlink() - Check if removing a hard link is allowed
1446	* @dir: parent directory
1447	* @dentry: file
1448	*
1449	* Check the permission to remove a hard link to a file.
1450	*
1451	* Return: Returns 0 if permission is granted.
1452	*/
1453	int security_path_unlink(const struct path *dir, struct dentry *dentry)
1454	{
1455	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
1456	return 0;
1457	return call_int_hook(path_unlink, dir, dentry);
1458	}
1459	EXPORT_SYMBOL(security_path_unlink);
1460
1461	/**
1462	* security_path_symlink() - Check if creating a symbolic link is allowed
1463	* @dir: parent directory
1464	* @dentry: symbolic link
1465	* @old_name: file pathname
1466	*
1467	* Check the permission to create a symbolic link to a file.
1468	*
1469	* Return: Returns 0 if permission is granted.
1470	*/
1471	int security_path_symlink(const struct path *dir, struct dentry *dentry,
1472	const char *old_name)
1473	{
1474	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
1475	return 0;
1476	return call_int_hook(path_symlink, dir, dentry, old_name);
1477	}
1478
1479	/**
1480	* security_path_link - Check if creating a hard link is allowed
1481	* @old_dentry: existing file
1482	* @new_dir: new parent directory
1483	* @new_dentry: new link
1484	*
1485	* Check permission before creating a new hard link to a file.
1486	*
1487	* Return: Returns 0 if permission is granted.
1488	*/
1489	int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
1490	struct dentry *new_dentry)
1491	{
1492	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry))))
1493	return 0;
1494	return call_int_hook(path_link, old_dentry, new_dir, new_dentry);
1495	}
1496
1497	/**
1498	* security_path_rename() - Check if renaming a file is allowed
1499	* @old_dir: parent directory of the old file
1500	* @old_dentry: the old file
1501	* @new_dir: parent directory of the new file
1502	* @new_dentry: the new file
1503	* @flags: flags
1504	*
1505	* Check for permission to rename a file or directory.
1506	*
1507	* Return: Returns 0 if permission is granted.
1508	*/
1509	int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
1510	const struct path *new_dir, struct dentry *new_dentry,
1511	unsigned int flags)
1512	{
1513	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) ||
1514	(d_is_positive(new_dentry) &&
1515	IS_PRIVATE(d_backing_inode(new_dentry)))))
1516	return 0;
1517
1518	return call_int_hook(path_rename, old_dir, old_dentry, new_dir,
1519	new_dentry, flags);
1520	}
1521	EXPORT_SYMBOL(security_path_rename);
1522
1523	/**
1524	* security_path_truncate() - Check if truncating a file is allowed
1525	* @path: file
1526	*
1527	* Check permission before truncating the file indicated by path. Note that
1528	* truncation permissions may also be checked based on already opened files,
1529	* using the security_file_truncate() hook.
1530	*
1531	* Return: Returns 0 if permission is granted.
1532	*/
1533	int security_path_truncate(const struct path *path)
1534	{
1535	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
1536	return 0;
1537	return call_int_hook(path_truncate, path);
1538	}
1539
1540	/**
1541	* security_path_chmod() - Check if changing the file's mode is allowed
1542	* @path: file
1543	* @mode: new mode
1544	*
1545	* Check for permission to change a mode of the file @path. The new mode is
1546	* specified in @mode which is a bitmask of constants from
1547	* <include/uapi/linux/stat.h>.
1548	*
1549	* Return: Returns 0 if permission is granted.
1550	*/
1551	int security_path_chmod(const struct path *path, umode_t mode)
1552	{
1553	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
1554	return 0;
1555	return call_int_hook(path_chmod, path, mode);
1556	}
1557
1558	/**
1559	* security_path_chown() - Check if changing the file's owner/group is allowed
1560	* @path: file
1561	* @uid: file owner
1562	* @gid: file group
1563	*
1564	* Check for permission to change owner/group of a file or directory.
1565	*
1566	* Return: Returns 0 if permission is granted.
1567	*/
1568	int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
1569	{
1570	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
1571	return 0;
1572	return call_int_hook(path_chown, path, uid, gid);
1573	}
1574
1575	/**
1576	* security_path_chroot() - Check if changing the root directory is allowed
1577	* @path: directory
1578	*
1579	* Check for permission to change root directory.
1580	*
1581	* Return: Returns 0 if permission is granted.
1582	*/
1583	int security_path_chroot(const struct path *path)
1584	{
1585	return call_int_hook(path_chroot, path);
1586	}
1587	#endif /* CONFIG_SECURITY_PATH */
1588
1589	/**
1590	* security_inode_create() - Check if creating a file is allowed
1591	* @dir: the parent directory
1592	* @dentry: the file being created
1593	* @mode: requested file mode
1594	*
1595	* Check permission to create a regular file.
1596	*
1597	* Return: Returns 0 if permission is granted.
1598	*/
1599	int security_inode_create(struct inode *dir, struct dentry *dentry,
1600	umode_t mode)
1601	{
1602	if (unlikely(IS_PRIVATE(dir)))
1603	return 0;
1604	return call_int_hook(inode_create, dir, dentry, mode);
1605	}
1606	EXPORT_SYMBOL_GPL(security_inode_create);
1607
1608	/**
1609	* security_inode_post_create_tmpfile() - Update inode security of new tmpfile
1610	* @idmap: idmap of the mount
1611	* @inode: inode of the new tmpfile
1612	*
1613	* Update inode security data after a tmpfile has been created.
1614	*/
1615	void security_inode_post_create_tmpfile(struct mnt_idmap *idmap,
1616	struct inode *inode)
1617	{
1618	if (unlikely(IS_PRIVATE(inode)))
1619	return;
1620	call_void_hook(inode_post_create_tmpfile, idmap, inode);
1621	}
1622
1623	/**
1624	* security_inode_link() - Check if creating a hard link is allowed
1625	* @old_dentry: existing file
1626	* @dir: new parent directory
1627	* @new_dentry: new link
1628	*
1629	* Check permission before creating a new hard link to a file.
1630	*
1631	* Return: Returns 0 if permission is granted.
1632	*/
1633	int security_inode_link(struct dentry *old_dentry, struct inode *dir,
1634	struct dentry *new_dentry)
1635	{
1636	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry))))
1637	return 0;
1638	return call_int_hook(inode_link, old_dentry, dir, new_dentry);
1639	}
1640
1641	/**
1642	* security_inode_unlink() - Check if removing a hard link is allowed
1643	* @dir: parent directory
1644	* @dentry: file
1645	*
1646	* Check the permission to remove a hard link to a file.
1647	*
1648	* Return: Returns 0 if permission is granted.
1649	*/
1650	int security_inode_unlink(struct inode *dir, struct dentry *dentry)
1651	{
1652	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
1653	return 0;
1654	return call_int_hook(inode_unlink, dir, dentry);
1655	}
1656
1657	/**
1658	* security_inode_symlink() - Check if creating a symbolic link is allowed
1659	* @dir: parent directory
1660	* @dentry: symbolic link
1661	* @old_name: existing filename
1662	*
1663	* Check the permission to create a symbolic link to a file.
1664	*
1665	* Return: Returns 0 if permission is granted.
1666	*/
1667	int security_inode_symlink(struct inode *dir, struct dentry *dentry,
1668	const char *old_name)
1669	{
1670	if (unlikely(IS_PRIVATE(dir)))
1671	return 0;
1672	return call_int_hook(inode_symlink, dir, dentry, old_name);
1673	}
1674
1675	/**
1676	* security_inode_mkdir() - Check if creating a new directory is allowed
1677	* @dir: parent directory
1678	* @dentry: new directory
1679	* @mode: new directory mode
1680	*
1681	* Check permissions to create a new directory in the existing directory
1682	* associated with inode structure @dir.
1683	*
1684	* Return: Returns 0 if permission is granted.
1685	*/
1686	int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
1687	{
1688	if (unlikely(IS_PRIVATE(dir)))
1689	return 0;
1690	return call_int_hook(inode_mkdir, dir, dentry, mode);
1691	}
1692	EXPORT_SYMBOL_GPL(security_inode_mkdir);
1693
1694	/**
1695	* security_inode_rmdir() - Check if removing a directory is allowed
1696	* @dir: parent directory
1697	* @dentry: directory to be removed
1698	*
1699	* Check the permission to remove a directory.
1700	*
1701	* Return: Returns 0 if permission is granted.
1702	*/
1703	int security_inode_rmdir(struct inode *dir, struct dentry *dentry)
1704	{
1705	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
1706	return 0;
1707	return call_int_hook(inode_rmdir, dir, dentry);
1708	}
1709
1710	/**
1711	* security_inode_mknod() - Check if creating a special file is allowed
1712	* @dir: parent directory
1713	* @dentry: new file
1714	* @mode: new file mode
1715	* @dev: device number
1716	*
1717	* Check permissions when creating a special file (or a socket or a fifo file
1718	* created via the mknod system call). Note that if mknod operation is being
1719	* done for a regular file, then the create hook will be called and not this
1720	* hook.
1721	*
1722	* Return: Returns 0 if permission is granted.
1723	*/
1724	int security_inode_mknod(struct inode *dir, struct dentry *dentry,
1725	umode_t mode, dev_t dev)
1726	{
1727	if (unlikely(IS_PRIVATE(dir)))
1728	return 0;
1729	return call_int_hook(inode_mknod, dir, dentry, mode, dev);
1730	}
1731
1732	/**
1733	* security_inode_rename() - Check if renaming a file is allowed
1734	* @old_dir: parent directory of the old file
1735	* @old_dentry: the old file
1736	* @new_dir: parent directory of the new file
1737	* @new_dentry: the new file
1738	* @flags: flags
1739	*
1740	* Check for permission to rename a file or directory.
1741	*
1742	* Return: Returns 0 if permission is granted.
1743	*/
1744	int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
1745	struct inode *new_dir, struct dentry *new_dentry,
1746	unsigned int flags)
1747	{
1748	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) ||
1749	(d_is_positive(new_dentry) &&
1750	IS_PRIVATE(d_backing_inode(new_dentry)))))
1751	return 0;
1752
1753	if (flags & RENAME_EXCHANGE) {
1754	int err = call_int_hook(inode_rename, new_dir, new_dentry,
1755	old_dir, old_dentry);
1756	if (err)
1757	return err;
1758	}
1759
1760	return call_int_hook(inode_rename, old_dir, old_dentry,
1761	new_dir, new_dentry);
1762	}
1763
1764	/**
1765	* security_inode_readlink() - Check if reading a symbolic link is allowed
1766	* @dentry: link
1767	*
1768	* Check the permission to read the symbolic link.
1769	*
1770	* Return: Returns 0 if permission is granted.
1771	*/
1772	int security_inode_readlink(struct dentry *dentry)
1773	{
1774	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
1775	return 0;
1776	return call_int_hook(inode_readlink, dentry);
1777	}
1778
1779	/**
1780	* security_inode_follow_link() - Check if following a symbolic link is allowed
1781	* @dentry: link dentry
1782	* @inode: link inode
1783	* @rcu: true if in RCU-walk mode
1784	*
1785	* Check permission to follow a symbolic link when looking up a pathname. If
1786	* @rcu is true, @inode is not stable.
1787	*
1788	* Return: Returns 0 if permission is granted.
1789	*/
1790	int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
1791	bool rcu)
1792	{
1793	if (unlikely(IS_PRIVATE(inode)))
1794	return 0;
1795	return call_int_hook(inode_follow_link, dentry, inode, rcu);
1796	}
1797
1798	/**
1799	* security_inode_permission() - Check if accessing an inode is allowed
1800	* @inode: inode
1801	* @mask: access mask
1802	*
1803	* Check permission before accessing an inode. This hook is called by the
1804	* existing Linux permission function, so a security module can use it to
1805	* provide additional checking for existing Linux permission checks. Notice
1806	* that this hook is called when a file is opened (as well as many other
1807	* operations), whereas the file_security_ops permission hook is called when
1808	* the actual read/write operations are performed.
1809	*
1810	* Return: Returns 0 if permission is granted.
1811	*/
1812	int security_inode_permission(struct inode *inode, int mask)
1813	{
1814	if (unlikely(IS_PRIVATE(inode)))
1815	return 0;
1816	return call_int_hook(inode_permission, inode, mask);
1817	}
1818
1819	/**
1820	* security_inode_setattr() - Check if setting file attributes is allowed
1821	* @idmap: idmap of the mount
1822	* @dentry: file
1823	* @attr: new attributes
1824	*
1825	* Check permission before setting file attributes. Note that the kernel call
1826	* to notify_change is performed from several locations, whenever file
1827	* attributes change (such as when a file is truncated, chown/chmod operations,
1828	* transferring disk quotas, etc).
1829	*
1830	* Return: Returns 0 if permission is granted.
1831	*/
1832	int security_inode_setattr(struct mnt_idmap *idmap,
1833	struct dentry *dentry, struct iattr *attr)
1834	{
1835	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
1836	return 0;
1837	return call_int_hook(inode_setattr, idmap, dentry, attr);
1838	}
1839	EXPORT_SYMBOL_GPL(security_inode_setattr);
1840
1841	/**
1842	* security_inode_post_setattr() - Update the inode after a setattr operation
1843	* @idmap: idmap of the mount
1844	* @dentry: file
1845	* @ia_valid: file attributes set
1846	*
1847	* Update inode security field after successful setting file attributes.
1848	*/
1849	void security_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
1850	int ia_valid)
1851	{
1852	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
1853	return;
1854	call_void_hook(inode_post_setattr, idmap, dentry, ia_valid);
1855	}
1856
1857	/**
1858	* security_inode_getattr() - Check if getting file attributes is allowed
1859	* @path: file
1860	*
1861	* Check permission before obtaining file attributes.
1862	*
1863	* Return: Returns 0 if permission is granted.
1864	*/
1865	int security_inode_getattr(const struct path *path)
1866	{
1867	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
1868	return 0;
1869	return call_int_hook(inode_getattr, path);
1870	}
1871
1872	/**
1873	* security_inode_setxattr() - Check if setting file xattrs is allowed
1874	* @idmap: idmap of the mount
1875	* @dentry: file
1876	* @name: xattr name
1877	* @value: xattr value
1878	* @size: size of xattr value
1879	* @flags: flags
1880	*
1881	* This hook performs the desired permission checks before setting the extended
1882	* attributes (xattrs) on @dentry. It is important to note that we have some
1883	* additional logic before the main LSM implementation calls to detect if we
1884	* need to perform an additional capability check at the LSM layer.
1885	*
1886	* Normally we enforce a capability check prior to executing the various LSM
1887	* hook implementations, but if a LSM wants to avoid this capability check,
1888	* it can register a 'inode_xattr_skipcap' hook and return a value of 1 for
1889	* xattrs that it wants to avoid the capability check, leaving the LSM fully
1890	* responsible for enforcing the access control for the specific xattr. If all
1891	* of the enabled LSMs refrain from registering a 'inode_xattr_skipcap' hook,
1892	* or return a 0 (the default return value), the capability check is still
1893	* performed. If no 'inode_xattr_skipcap' hooks are registered the capability
1894	* check is performed.
1895	*
1896	* Return: Returns 0 if permission is granted.
1897	*/
1898	int security_inode_setxattr(struct mnt_idmap *idmap,
1899	struct dentry *dentry, const char *name,
1900	const void *value, size_t size, int flags)
1901	{
1902	int rc;
1903
1904	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
1905	return 0;
1906
1907	/* enforce the capability checks at the lsm layer, if needed */
1908	if (!call_int_hook(inode_xattr_skipcap, name)) {
1909	rc = cap_inode_setxattr(dentry, name, value, size, flags);
1910	if (rc)
1911	return rc;
1912	}
1913
1914	return call_int_hook(inode_setxattr, idmap, dentry, name, value, size,
1915	flags);
1916	}
1917
1918	/**
1919	* security_inode_set_acl() - Check if setting posix acls is allowed
1920	* @idmap: idmap of the mount
1921	* @dentry: file
1922	* @acl_name: acl name
1923	* @kacl: acl struct
1924	*
1925	* Check permission before setting posix acls, the posix acls in @kacl are
1926	* identified by @acl_name.
1927	*
1928	* Return: Returns 0 if permission is granted.
1929	*/
1930	int security_inode_set_acl(struct mnt_idmap *idmap,
1931	struct dentry *dentry, const char *acl_name,
1932	struct posix_acl *kacl)
1933	{
1934	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
1935	return 0;
1936	return call_int_hook(inode_set_acl, idmap, dentry, acl_name, kacl);
1937	}
1938
1939	/**
1940	* security_inode_post_set_acl() - Update inode security from posix acls set
1941	* @dentry: file
1942	* @acl_name: acl name
1943	* @kacl: acl struct
1944	*
1945	* Update inode security data after successfully setting posix acls on @dentry.
1946	* The posix acls in @kacl are identified by @acl_name.
1947	*/
1948	void security_inode_post_set_acl(struct dentry *dentry, const char *acl_name,
1949	struct posix_acl *kacl)
1950	{
1951	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
1952	return;
1953	call_void_hook(inode_post_set_acl, dentry, acl_name, kacl);
1954	}
1955
1956	/**
1957	* security_inode_get_acl() - Check if reading posix acls is allowed
1958	* @idmap: idmap of the mount
1959	* @dentry: file
1960	* @acl_name: acl name
1961	*
1962	* Check permission before getting osix acls, the posix acls are identified by
1963	* @acl_name.
1964	*
1965	* Return: Returns 0 if permission is granted.
1966	*/
1967	int security_inode_get_acl(struct mnt_idmap *idmap,
1968	struct dentry *dentry, const char *acl_name)
1969	{
1970	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
1971	return 0;
1972	return call_int_hook(inode_get_acl, idmap, dentry, acl_name);
1973	}
1974
1975	/**
1976	* security_inode_remove_acl() - Check if removing a posix acl is allowed
1977	* @idmap: idmap of the mount
1978	* @dentry: file
1979	* @acl_name: acl name
1980	*
1981	* Check permission before removing posix acls, the posix acls are identified
1982	* by @acl_name.
1983	*
1984	* Return: Returns 0 if permission is granted.
1985	*/
1986	int security_inode_remove_acl(struct mnt_idmap *idmap,
1987	struct dentry *dentry, const char *acl_name)
1988	{
1989	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
1990	return 0;
1991	return call_int_hook(inode_remove_acl, idmap, dentry, acl_name);
1992	}
1993
1994	/**
1995	* security_inode_post_remove_acl() - Update inode security after rm posix acls
1996	* @idmap: idmap of the mount
1997	* @dentry: file
1998	* @acl_name: acl name
1999	*
2000	* Update inode security data after successfully removing posix acls on
2001	* @dentry in @idmap. The posix acls are identified by @acl_name.
2002	*/
2003	void security_inode_post_remove_acl(struct mnt_idmap *idmap,
2004	struct dentry *dentry, const char *acl_name)
2005	{
2006	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2007	return;
2008	call_void_hook(inode_post_remove_acl, idmap, dentry, acl_name);
2009	}
2010
2011	/**
2012	* security_inode_post_setxattr() - Update the inode after a setxattr operation
2013	* @dentry: file
2014	* @name: xattr name
2015	* @value: xattr value
2016	* @size: xattr value size
2017	* @flags: flags
2018	*
2019	* Update inode security field after successful setxattr operation.
2020	*/
2021	void security_inode_post_setxattr(struct dentry *dentry, const char *name,
2022	const void *value, size_t size, int flags)
2023	{
2024	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2025	return;
2026	call_void_hook(inode_post_setxattr, dentry, name, value, size, flags);
2027	}
2028
2029	/**
2030	* security_inode_getxattr() - Check if xattr access is allowed
2031	* @dentry: file
2032	* @name: xattr name
2033	*
2034	* Check permission before obtaining the extended attributes identified by
2035	* @name for @dentry.
2036	*
2037	* Return: Returns 0 if permission is granted.
2038	*/
2039	int security_inode_getxattr(struct dentry *dentry, const char *name)
2040	{
2041	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2042	return 0;
2043	return call_int_hook(inode_getxattr, dentry, name);
2044	}
2045
2046	/**
2047	* security_inode_listxattr() - Check if listing xattrs is allowed
2048	* @dentry: file
2049	*
2050	* Check permission before obtaining the list of extended attribute names for
2051	* @dentry.
2052	*
2053	* Return: Returns 0 if permission is granted.
2054	*/
2055	int security_inode_listxattr(struct dentry *dentry)
2056	{
2057	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2058	return 0;
2059	return call_int_hook(inode_listxattr, dentry);
2060	}
2061
2062	/**
2063	* security_inode_removexattr() - Check if removing an xattr is allowed
2064	* @idmap: idmap of the mount
2065	* @dentry: file
2066	* @name: xattr name
2067	*
2068	* This hook performs the desired permission checks before setting the extended
2069	* attributes (xattrs) on @dentry. It is important to note that we have some
2070	* additional logic before the main LSM implementation calls to detect if we
2071	* need to perform an additional capability check at the LSM layer.
2072	*
2073	* Normally we enforce a capability check prior to executing the various LSM
2074	* hook implementations, but if a LSM wants to avoid this capability check,
2075	* it can register a 'inode_xattr_skipcap' hook and return a value of 1 for
2076	* xattrs that it wants to avoid the capability check, leaving the LSM fully
2077	* responsible for enforcing the access control for the specific xattr. If all
2078	* of the enabled LSMs refrain from registering a 'inode_xattr_skipcap' hook,
2079	* or return a 0 (the default return value), the capability check is still
2080	* performed. If no 'inode_xattr_skipcap' hooks are registered the capability
2081	* check is performed.
2082	*
2083	* Return: Returns 0 if permission is granted.
2084	*/
2085	int security_inode_removexattr(struct mnt_idmap *idmap,
2086	struct dentry *dentry, const char *name)
2087	{
2088	int rc;
2089
2090	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2091	return 0;
2092
2093	/* enforce the capability checks at the lsm layer, if needed */
2094	if (!call_int_hook(inode_xattr_skipcap, name)) {
2095	rc = cap_inode_removexattr(idmap, dentry, name);
2096	if (rc)
2097	return rc;
2098	}
2099
2100	return call_int_hook(inode_removexattr, idmap, dentry, name);
2101	}
2102
2103	/**
2104	* security_inode_post_removexattr() - Update the inode after a removexattr op
2105	* @dentry: file
2106	* @name: xattr name
2107	*
2108	* Update the inode after a successful removexattr operation.
2109	*/
2110	void security_inode_post_removexattr(struct dentry *dentry, const char *name)
2111	{
2112	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
2113	return;
2114	call_void_hook(inode_post_removexattr, dentry, name);
2115	}
2116
2117	/**
2118	* security_inode_file_setattr() - check if setting fsxattr is allowed
2119	* @dentry: file to set filesystem extended attributes on
2120	* @fa: extended attributes to set on the inode
2121	*
2122	* Called when file_setattr() syscall or FS_IOC_FSSETXATTR ioctl() is called on
2123	* inode
2124	*
2125	* Return: Returns 0 if permission is granted.
2126	*/
2127	int security_inode_file_setattr(struct dentry *dentry, struct file_kattr *fa)
2128	{
2129	return call_int_hook(inode_file_setattr, dentry, fa);
2130	}
2131
2132	/**
2133	* security_inode_file_getattr() - check if retrieving fsxattr is allowed
2134	* @dentry: file to retrieve filesystem extended attributes from
2135	* @fa: extended attributes to get
2136	*
2137	* Called when file_getattr() syscall or FS_IOC_FSGETXATTR ioctl() is called on
2138	* inode
2139	*
2140	* Return: Returns 0 if permission is granted.
2141	*/
2142	int security_inode_file_getattr(struct dentry *dentry, struct file_kattr *fa)
2143	{
2144	return call_int_hook(inode_file_getattr, dentry, fa);
2145	}
2146
2147	/**
2148	* security_inode_need_killpriv() - Check if security_inode_killpriv() required
2149	* @dentry: associated dentry
2150	*
2151	* Called when an inode has been changed to determine if
2152	* security_inode_killpriv() should be called.
2153	*
2154	* Return: Return <0 on error to abort the inode change operation, return 0 if
2155	* security_inode_killpriv() does not need to be called, return >0 if
2156	* security_inode_killpriv() does need to be called.
2157	*/
2158	int security_inode_need_killpriv(struct dentry *dentry)
2159	{
2160	return call_int_hook(inode_need_killpriv, dentry);
2161	}
2162
2163	/**
2164	* security_inode_killpriv() - The setuid bit is removed, update LSM state
2165	* @idmap: idmap of the mount
2166	* @dentry: associated dentry
2167	*
2168	* The @dentry's setuid bit is being removed. Remove similar security labels.
2169	* Called with the dentry->d_inode->i_mutex held.
2170	*
2171	* Return: Return 0 on success. If error is returned, then the operation
2172	* causing setuid bit removal is failed.
2173	*/
2174	int security_inode_killpriv(struct mnt_idmap *idmap,
2175	struct dentry *dentry)
2176	{
2177	return call_int_hook(inode_killpriv, idmap, dentry);
2178	}
2179
2180	/**
2181	* security_inode_getsecurity() - Get the xattr security label of an inode
2182	* @idmap: idmap of the mount
2183	* @inode: inode
2184	* @name: xattr name
2185	* @buffer: security label buffer
2186	* @alloc: allocation flag
2187	*
2188	* Retrieve a copy of the extended attribute representation of the security
2189	* label associated with @name for @inode via @buffer. Note that @name is the
2190	* remainder of the attribute name after the security prefix has been removed.
2191	* @alloc is used to specify if the call should return a value via the buffer
2192	* or just the value length.
2193	*
2194	* Return: Returns size of buffer on success.
2195	*/
2196	int security_inode_getsecurity(struct mnt_idmap *idmap,
2197	struct inode *inode, const char *name,
2198	void **buffer, bool alloc)
2199	{
2200	if (unlikely(IS_PRIVATE(inode)))
2201	return LSM_RET_DEFAULT(inode_getsecurity);
2202
2203	return call_int_hook(inode_getsecurity, idmap, inode, name, buffer,
2204	alloc);
2205	}
2206
2207	/**
2208	* security_inode_setsecurity() - Set the xattr security label of an inode
2209	* @inode: inode
2210	* @name: xattr name
2211	* @value: security label
2212	* @size: length of security label
2213	* @flags: flags
2214	*
2215	* Set the security label associated with @name for @inode from the extended
2216	* attribute value @value. @size indicates the size of the @value in bytes.
2217	* @flags may be XATTR_CREATE, XATTR_REPLACE, or 0. Note that @name is the
2218	* remainder of the attribute name after the security. prefix has been removed.
2219	*
2220	* Return: Returns 0 on success.
2221	*/
2222	int security_inode_setsecurity(struct inode *inode, const char *name,
2223	const void *value, size_t size, int flags)
2224	{
2225	if (unlikely(IS_PRIVATE(inode)))
2226	return LSM_RET_DEFAULT(inode_setsecurity);
2227
2228	return call_int_hook(inode_setsecurity, inode, name, value, size,
2229	flags);
2230	}
2231
2232	/**
2233	* security_inode_listsecurity() - List the xattr security label names
2234	* @inode: inode
2235	* @buffer: buffer
2236	* @buffer_size: size of buffer
2237	*
2238	* Copy the extended attribute names for the security labels associated with
2239	* @inode into @buffer. The maximum size of @buffer is specified by
2240	* @buffer_size. @buffer may be NULL to request the size of the buffer
2241	* required.
2242	*
2243	* Return: Returns number of bytes used/required on success.
2244	*/
2245	int security_inode_listsecurity(struct inode *inode,
2246	char *buffer, size_t buffer_size)
2247	{
2248	if (unlikely(IS_PRIVATE(inode)))
2249	return 0;
2250	return call_int_hook(inode_listsecurity, inode, buffer, buffer_size);
2251	}
2252	EXPORT_SYMBOL(security_inode_listsecurity);
2253
2254	/**
2255	* security_inode_getlsmprop() - Get an inode's LSM data
2256	* @inode: inode
2257	* @prop: lsm specific information to return
2258	*
2259	* Get the lsm specific information associated with the node.
2260	*/
2261	void security_inode_getlsmprop(struct inode *inode, struct lsm_prop *prop)
2262	{
2263	call_void_hook(inode_getlsmprop, inode, prop);
2264	}
2265
2266	/**
2267	* security_inode_copy_up() - Create new creds for an overlayfs copy-up op
2268	* @src: union dentry of copy-up file
2269	* @new: newly created creds
2270	*
2271	* A file is about to be copied up from lower layer to upper layer of overlay
2272	* filesystem. Security module can prepare a set of new creds and modify as
2273	* need be and return new creds. Caller will switch to new creds temporarily to
2274	* create new file and release newly allocated creds.
2275	*
2276	* Return: Returns 0 on success or a negative error code on error.
2277	*/
2278	int security_inode_copy_up(struct dentry *src, struct cred **new)
2279	{
2280	return call_int_hook(inode_copy_up, src, new);
2281	}
2282	EXPORT_SYMBOL(security_inode_copy_up);
2283
2284	/**
2285	* security_inode_copy_up_xattr() - Filter xattrs in an overlayfs copy-up op
2286	* @src: union dentry of copy-up file
2287	* @name: xattr name
2288	*
2289	* Filter the xattrs being copied up when a unioned file is copied up from a
2290	* lower layer to the union/overlay layer. The caller is responsible for
2291	* reading and writing the xattrs, this hook is merely a filter.
2292	*
2293	* Return: Returns 0 to accept the xattr, -ECANCELED to discard the xattr,
2294	* -EOPNOTSUPP if the security module does not know about attribute,
2295	* or a negative error code to abort the copy up.
2296	*/
2297	int security_inode_copy_up_xattr(struct dentry *src, const char *name)
2298	{
2299	int rc;
2300
2301	rc = call_int_hook(inode_copy_up_xattr, src, name);
2302	if (rc != LSM_RET_DEFAULT(inode_copy_up_xattr))
2303	return rc;
2304
2305	return LSM_RET_DEFAULT(inode_copy_up_xattr);
2306	}
2307	EXPORT_SYMBOL(security_inode_copy_up_xattr);
2308
2309	/**
2310	* security_inode_setintegrity() - Set the inode's integrity data
2311	* @inode: inode
2312	* @type: type of integrity, e.g. hash digest, signature, etc
2313	* @value: the integrity value
2314	* @size: size of the integrity value
2315	*
2316	* Register a verified integrity measurement of a inode with LSMs.
2317	* LSMs should free the previously saved data if @value is NULL.
2318	*
2319	* Return: Returns 0 on success, negative values on failure.
2320	*/
2321	int security_inode_setintegrity(const struct inode *inode,
2322	enum lsm_integrity_type type, const void *value,
2323	size_t size)
2324	{
2325	return call_int_hook(inode_setintegrity, inode, type, value, size);
2326	}
2327	EXPORT_SYMBOL(security_inode_setintegrity);
2328
2329	/**
2330	* security_kernfs_init_security() - Init LSM context for a kernfs node
2331	* @kn_dir: parent kernfs node
2332	* @kn: the kernfs node to initialize
2333	*
2334	* Initialize the security context of a newly created kernfs node based on its
2335	* own and its parent's attributes.
2336	*
2337	* Return: Returns 0 if permission is granted.
2338	*/
2339	int security_kernfs_init_security(struct kernfs_node *kn_dir,
2340	struct kernfs_node *kn)
2341	{
2342	return call_int_hook(kernfs_init_security, kn_dir, kn);
2343	}
2344
2345	/**
2346	* security_file_permission() - Check file permissions
2347	* @file: file
2348	* @mask: requested permissions
2349	*
2350	* Check file permissions before accessing an open file. This hook is called
2351	* by various operations that read or write files. A security module can use
2352	* this hook to perform additional checking on these operations, e.g. to
2353	* revalidate permissions on use to support privilege bracketing or policy
2354	* changes. Notice that this hook is used when the actual read/write
2355	* operations are performed, whereas the inode_security_ops hook is called when
2356	* a file is opened (as well as many other operations). Although this hook can
2357	* be used to revalidate permissions for various system call operations that
2358	* read or write files, it does not address the revalidation of permissions for
2359	* memory-mapped files. Security modules must handle this separately if they
2360	* need such revalidation.
2361	*
2362	* Return: Returns 0 if permission is granted.
2363	*/
2364	int security_file_permission(struct file *file, int mask)
2365	{
2366	return call_int_hook(file_permission, file, mask);
2367	}
2368
2369	/**
2370	* security_file_alloc() - Allocate and init a file's LSM blob
2371	* @file: the file
2372	*
2373	* Allocate and attach a security structure to the file->f_security field. The
2374	* security field is initialized to NULL when the structure is first created.
2375	*
2376	* Return: Return 0 if the hook is successful and permission is granted.
2377	*/
2378	int security_file_alloc(struct file *file)
2379	{
2380	int rc = lsm_file_alloc(file);
2381
2382	if (rc)
2383	return rc;
2384	rc = call_int_hook(file_alloc_security, file);
2385	if (unlikely(rc))
2386	security_file_free(file);
2387	return rc;
2388	}
2389
2390	/**
2391	* security_file_release() - Perform actions before releasing the file ref
2392	* @file: the file
2393	*
2394	* Perform actions before releasing the last reference to a file.
2395	*/
2396	void security_file_release(struct file *file)
2397	{
2398	call_void_hook(file_release, file);
2399	}
2400
2401	/**
2402	* security_file_free() - Free a file's LSM blob
2403	* @file: the file
2404	*
2405	* Deallocate and free any security structures stored in file->f_security.
2406	*/
2407	void security_file_free(struct file *file)
2408	{
2409	void *blob;
2410
2411	call_void_hook(file_free_security, file);
2412
2413	blob = file->f_security;
2414	if (blob) {
2415	file->f_security = NULL;
2416	kmem_cache_free(s: lsm_file_cache, objp: blob);
2417	}
2418	}
2419
2420	/**
2421	* security_file_ioctl() - Check if an ioctl is allowed
2422	* @file: associated file
2423	* @cmd: ioctl cmd
2424	* @arg: ioctl arguments
2425	*
2426	* Check permission for an ioctl operation on @file. Note that @arg sometimes
2427	* represents a user space pointer; in other cases, it may be a simple integer
2428	* value. When @arg represents a user space pointer, it should never be used
2429	* by the security module.
2430	*
2431	* Return: Returns 0 if permission is granted.
2432	*/
2433	int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2434	{
2435	return call_int_hook(file_ioctl, file, cmd, arg);
2436	}
2437	EXPORT_SYMBOL_GPL(security_file_ioctl);
2438
2439	/**
2440	* security_file_ioctl_compat() - Check if an ioctl is allowed in compat mode
2441	* @file: associated file
2442	* @cmd: ioctl cmd
2443	* @arg: ioctl arguments
2444	*
2445	* Compat version of security_file_ioctl() that correctly handles 32-bit
2446	* processes running on 64-bit kernels.
2447	*
2448	* Return: Returns 0 if permission is granted.
2449	*/
2450	int security_file_ioctl_compat(struct file *file, unsigned int cmd,
2451	unsigned long arg)
2452	{
2453	return call_int_hook(file_ioctl_compat, file, cmd, arg);
2454	}
2455	EXPORT_SYMBOL_GPL(security_file_ioctl_compat);
2456
2457	static inline unsigned long mmap_prot(struct file *file, unsigned long prot)
2458	{
2459	/*
2460	* Does we have PROT_READ and does the application expect
2461	* it to imply PROT_EXEC? If not, nothing to talk about...
2462	*/
2463	if ((prot & (PROT_READ | PROT_EXEC)) != PROT_READ)
2464	return prot;
2465	if (!(current->personality & READ_IMPLIES_EXEC))
2466	return prot;
2467	/*
2468	* if that's an anonymous mapping, let it.
2469	*/
2470	if (!file)
2471	return prot | PROT_EXEC;
2472	/*
2473	* ditto if it's not on noexec mount, except that on !MMU we need
2474	* NOMMU_MAP_EXEC (== VM_MAYEXEC) in this case
2475	*/
2476	if (!path_noexec(path: &file->f_path)) {
2477	#ifndef CONFIG_MMU
2478	if (file->f_op->mmap_capabilities) {
2479	unsigned caps = file->f_op->mmap_capabilities(file);
2480	if (!(caps & NOMMU_MAP_EXEC))
2481	return prot;
2482	}
2483	#endif
2484	return prot | PROT_EXEC;
2485	}
2486	/* anything on noexec mount won't get PROT_EXEC */
2487	return prot;
2488	}
2489
2490	/**
2491	* security_mmap_file() - Check if mmap'ing a file is allowed
2492	* @file: file
2493	* @prot: protection applied by the kernel
2494	* @flags: flags
2495	*
2496	* Check permissions for a mmap operation. The @file may be NULL, e.g. if
2497	* mapping anonymous memory.
2498	*
2499	* Return: Returns 0 if permission is granted.
2500	*/
2501	int security_mmap_file(struct file *file, unsigned long prot,
2502	unsigned long flags)
2503	{
2504	return call_int_hook(mmap_file, file, prot, mmap_prot(file, prot),
2505	flags);
2506	}
2507
2508	/**
2509	* security_mmap_addr() - Check if mmap'ing an address is allowed
2510	* @addr: address
2511	*
2512	* Check permissions for a mmap operation at @addr.
2513	*
2514	* Return: Returns 0 if permission is granted.
2515	*/
2516	int security_mmap_addr(unsigned long addr)
2517	{
2518	return call_int_hook(mmap_addr, addr);
2519	}
2520
2521	/**
2522	* security_file_mprotect() - Check if changing memory protections is allowed
2523	* @vma: memory region
2524	* @reqprot: application requested protection
2525	* @prot: protection applied by the kernel
2526	*
2527	* Check permissions before changing memory access permissions.
2528	*
2529	* Return: Returns 0 if permission is granted.
2530	*/
2531	int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
2532	unsigned long prot)
2533	{
2534	return call_int_hook(file_mprotect, vma, reqprot, prot);
2535	}
2536
2537	/**
2538	* security_file_lock() - Check if a file lock is allowed
2539	* @file: file
2540	* @cmd: lock operation (e.g. F_RDLCK, F_WRLCK)
2541	*
2542	* Check permission before performing file locking operations. Note the hook
2543	* mediates both flock and fcntl style locks.
2544	*
2545	* Return: Returns 0 if permission is granted.
2546	*/
2547	int security_file_lock(struct file *file, unsigned int cmd)
2548	{
2549	return call_int_hook(file_lock, file, cmd);
2550	}
2551
2552	/**
2553	* security_file_fcntl() - Check if fcntl() op is allowed
2554	* @file: file
2555	* @cmd: fcntl command
2556	* @arg: command argument
2557	*
2558	* Check permission before allowing the file operation specified by @cmd from
2559	* being performed on the file @file. Note that @arg sometimes represents a
2560	* user space pointer; in other cases, it may be a simple integer value. When
2561	* @arg represents a user space pointer, it should never be used by the
2562	* security module.
2563	*
2564	* Return: Returns 0 if permission is granted.
2565	*/
2566	int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
2567	{
2568	return call_int_hook(file_fcntl, file, cmd, arg);
2569	}
2570
2571	/**
2572	* security_file_set_fowner() - Set the file owner info in the LSM blob
2573	* @file: the file
2574	*
2575	* Save owner security information (typically from current->security) in
2576	* file->f_security for later use by the send_sigiotask hook.
2577	*
2578	* This hook is called with file->f_owner.lock held.
2579	*
2580	* Return: Returns 0 on success.
2581	*/
2582	void security_file_set_fowner(struct file *file)
2583	{
2584	call_void_hook(file_set_fowner, file);
2585	}
2586
2587	/**
2588	* security_file_send_sigiotask() - Check if sending SIGIO/SIGURG is allowed
2589	* @tsk: target task
2590	* @fown: signal sender
2591	* @sig: signal to be sent, SIGIO is sent if 0
2592	*
2593	* Check permission for the file owner @fown to send SIGIO or SIGURG to the
2594	* process @tsk. Note that this hook is sometimes called from interrupt. Note
2595	* that the fown_struct, @fown, is never outside the context of a struct file,
2596	* so the file structure (and associated security information) can always be
2597	* obtained: container_of(fown, struct file, f_owner).
2598	*
2599	* Return: Returns 0 if permission is granted.
2600	*/
2601	int security_file_send_sigiotask(struct task_struct *tsk,
2602	struct fown_struct *fown, int sig)
2603	{
2604	return call_int_hook(file_send_sigiotask, tsk, fown, sig);
2605	}
2606
2607	/**
2608	* security_file_receive() - Check if receiving a file via IPC is allowed
2609	* @file: file being received
2610	*
2611	* This hook allows security modules to control the ability of a process to
2612	* receive an open file descriptor via socket IPC.
2613	*
2614	* Return: Returns 0 if permission is granted.
2615	*/
2616	int security_file_receive(struct file *file)
2617	{
2618	return call_int_hook(file_receive, file);
2619	}
2620
2621	/**
2622	* security_file_open() - Save open() time state for late use by the LSM
2623	* @file:
2624	*
2625	* Save open-time permission checking state for later use upon file_permission,
2626	* and recheck access if anything has changed since inode_permission.
2627	*
2628	* We can check if a file is opened for execution (e.g. execve(2) call), either
2629	* directly or indirectly (e.g. ELF's ld.so) by checking file->f_flags &
2630	* __FMODE_EXEC .
2631	*
2632	* Return: Returns 0 if permission is granted.
2633	*/
2634	int security_file_open(struct file *file)
2635	{
2636	return call_int_hook(file_open, file);
2637	}
2638
2639	/**
2640	* security_file_post_open() - Evaluate a file after it has been opened
2641	* @file: the file
2642	* @mask: access mask
2643	*
2644	* Evaluate an opened file and the access mask requested with open(). The hook
2645	* is useful for LSMs that require the file content to be available in order to
2646	* make decisions.
2647	*
2648	* Return: Returns 0 if permission is granted.
2649	*/
2650	int security_file_post_open(struct file *file, int mask)
2651	{
2652	return call_int_hook(file_post_open, file, mask);
2653	}
2654	EXPORT_SYMBOL_GPL(security_file_post_open);
2655
2656	/**
2657	* security_file_truncate() - Check if truncating a file is allowed
2658	* @file: file
2659	*
2660	* Check permission before truncating a file, i.e. using ftruncate. Note that
2661	* truncation permission may also be checked based on the path, using the
2662	* @path_truncate hook.
2663	*
2664	* Return: Returns 0 if permission is granted.
2665	*/
2666	int security_file_truncate(struct file *file)
2667	{
2668	return call_int_hook(file_truncate, file);
2669	}
2670
2671	/**
2672	* security_task_alloc() - Allocate a task's LSM blob
2673	* @task: the task
2674	* @clone_flags: flags indicating what is being shared
2675	*
2676	* Handle allocation of task-related resources.
2677	*
2678	* Return: Returns a zero on success, negative values on failure.
2679	*/
2680	int security_task_alloc(struct task_struct *task, u64 clone_flags)
2681	{
2682	int rc = lsm_task_alloc(task);
2683
2684	if (rc)
2685	return rc;
2686	rc = call_int_hook(task_alloc, task, clone_flags);
2687	if (unlikely(rc))
2688	security_task_free(task);
2689	return rc;
2690	}
2691
2692	/**
2693	* security_task_free() - Free a task's LSM blob and related resources
2694	* @task: task
2695	*
2696	* Handle release of task-related resources. Note that this can be called from
2697	* interrupt context.
2698	*/
2699	void security_task_free(struct task_struct *task)
2700	{
2701	call_void_hook(task_free, task);
2702
2703	kfree(objp: task->security);
2704	task->security = NULL;
2705	}
2706
2707	/**
2708	* security_cred_alloc_blank() - Allocate the min memory to allow cred_transfer
2709	* @cred: credentials
2710	* @gfp: gfp flags
2711	*
2712	* Only allocate sufficient memory and attach to @cred such that
2713	* cred_transfer() will not get ENOMEM.
2714	*
2715	* Return: Returns 0 on success, negative values on failure.
2716	*/
2717	int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
2718	{
2719	int rc = lsm_cred_alloc(cred, gfp);
2720
2721	if (rc)
2722	return rc;
2723
2724	rc = call_int_hook(cred_alloc_blank, cred, gfp);
2725	if (unlikely(rc))
2726	security_cred_free(cred);
2727	return rc;
2728	}
2729
2730	/**
2731	* security_cred_free() - Free the cred's LSM blob and associated resources
2732	* @cred: credentials
2733	*
2734	* Deallocate and clear the cred->security field in a set of credentials.
2735	*/
2736	void security_cred_free(struct cred *cred)
2737	{
2738	/*
2739	* There is a failure case in prepare_creds() that
2740	* may result in a call here with ->security being NULL.
2741	*/
2742	if (unlikely(cred->security == NULL))
2743	return;
2744
2745	call_void_hook(cred_free, cred);
2746
2747	kfree(objp: cred->security);
2748	cred->security = NULL;
2749	}
2750
2751	/**
2752	* security_prepare_creds() - Prepare a new set of credentials
2753	* @new: new credentials
2754	* @old: original credentials
2755	* @gfp: gfp flags
2756	*
2757	* Prepare a new set of credentials by copying the data from the old set.
2758	*
2759	* Return: Returns 0 on success, negative values on failure.
2760	*/
2761	int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp)
2762	{
2763	int rc = lsm_cred_alloc(cred: new, gfp);
2764
2765	if (rc)
2766	return rc;
2767
2768	rc = call_int_hook(cred_prepare, new, old, gfp);
2769	if (unlikely(rc))
2770	security_cred_free(cred: new);
2771	return rc;
2772	}
2773
2774	/**
2775	* security_transfer_creds() - Transfer creds
2776	* @new: target credentials
2777	* @old: original credentials
2778	*
2779	* Transfer data from original creds to new creds.
2780	*/
2781	void security_transfer_creds(struct cred *new, const struct cred *old)
2782	{
2783	call_void_hook(cred_transfer, new, old);
2784	}
2785
2786	/**
2787	* security_cred_getsecid() - Get the secid from a set of credentials
2788	* @c: credentials
2789	* @secid: secid value
2790	*
2791	* Retrieve the security identifier of the cred structure @c. In case of
2792	* failure, @secid will be set to zero.
2793	*/
2794	void security_cred_getsecid(const struct cred *c, u32 *secid)
2795	{
2796	*secid = 0;
2797	call_void_hook(cred_getsecid, c, secid);
2798	}
2799	EXPORT_SYMBOL(security_cred_getsecid);
2800
2801	/**
2802	* security_cred_getlsmprop() - Get the LSM data from a set of credentials
2803	* @c: credentials
2804	* @prop: destination for the LSM data
2805	*
2806	* Retrieve the security data of the cred structure @c. In case of
2807	* failure, @prop will be cleared.
2808	*/
2809	void security_cred_getlsmprop(const struct cred *c, struct lsm_prop *prop)
2810	{
2811	lsmprop_init(prop);
2812	call_void_hook(cred_getlsmprop, c, prop);
2813	}
2814	EXPORT_SYMBOL(security_cred_getlsmprop);
2815
2816	/**
2817	* security_kernel_act_as() - Set the kernel credentials to act as secid
2818	* @new: credentials
2819	* @secid: secid
2820	*
2821	* Set the credentials for a kernel service to act as (subjective context).
2822	* The current task must be the one that nominated @secid.
2823	*
2824	* Return: Returns 0 if successful.
2825	*/
2826	int security_kernel_act_as(struct cred *new, u32 secid)
2827	{
2828	return call_int_hook(kernel_act_as, new, secid);
2829	}
2830
2831	/**
2832	* security_kernel_create_files_as() - Set file creation context using an inode
2833	* @new: target credentials
2834	* @inode: reference inode
2835	*
2836	* Set the file creation context in a set of credentials to be the same as the
2837	* objective context of the specified inode. The current task must be the one
2838	* that nominated @inode.
2839	*
2840	* Return: Returns 0 if successful.
2841	*/
2842	int security_kernel_create_files_as(struct cred *new, struct inode *inode)
2843	{
2844	return call_int_hook(kernel_create_files_as, new, inode);
2845	}
2846
2847	/**
2848	* security_kernel_module_request() - Check if loading a module is allowed
2849	* @kmod_name: module name
2850	*
2851	* Ability to trigger the kernel to automatically upcall to userspace for
2852	* userspace to load a kernel module with the given name.
2853	*
2854	* Return: Returns 0 if successful.
2855	*/
2856	int security_kernel_module_request(char *kmod_name)
2857	{
2858	return call_int_hook(kernel_module_request, kmod_name);
2859	}
2860
2861	/**
2862	* security_kernel_read_file() - Read a file specified by userspace
2863	* @file: file
2864	* @id: file identifier
2865	* @contents: trust if security_kernel_post_read_file() will be called
2866	*
2867	* Read a file specified by userspace.
2868	*
2869	* Return: Returns 0 if permission is granted.
2870	*/
2871	int security_kernel_read_file(struct file *file, enum kernel_read_file_id id,
2872	bool contents)
2873	{
2874	return call_int_hook(kernel_read_file, file, id, contents);
2875	}
2876	EXPORT_SYMBOL_GPL(security_kernel_read_file);
2877
2878	/**
2879	* security_kernel_post_read_file() - Read a file specified by userspace
2880	* @file: file
2881	* @buf: file contents
2882	* @size: size of file contents
2883	* @id: file identifier
2884	*
2885	* Read a file specified by userspace. This must be paired with a prior call
2886	* to security_kernel_read_file() call that indicated this hook would also be
2887	* called, see security_kernel_read_file() for more information.
2888	*
2889	* Return: Returns 0 if permission is granted.
2890	*/
2891	int security_kernel_post_read_file(struct file *file, char *buf, loff_t size,
2892	enum kernel_read_file_id id)
2893	{
2894	return call_int_hook(kernel_post_read_file, file, buf, size, id);
2895	}
2896	EXPORT_SYMBOL_GPL(security_kernel_post_read_file);
2897
2898	/**
2899	* security_kernel_load_data() - Load data provided by userspace
2900	* @id: data identifier
2901	* @contents: true if security_kernel_post_load_data() will be called
2902	*
2903	* Load data provided by userspace.
2904	*
2905	* Return: Returns 0 if permission is granted.
2906	*/
2907	int security_kernel_load_data(enum kernel_load_data_id id, bool contents)
2908	{
2909	return call_int_hook(kernel_load_data, id, contents);
2910	}
2911	EXPORT_SYMBOL_GPL(security_kernel_load_data);
2912
2913	/**
2914	* security_kernel_post_load_data() - Load userspace data from a non-file source
2915	* @buf: data
2916	* @size: size of data
2917	* @id: data identifier
2918	* @description: text description of data, specific to the id value
2919	*
2920	* Load data provided by a non-file source (usually userspace buffer). This
2921	* must be paired with a prior security_kernel_load_data() call that indicated
2922	* this hook would also be called, see security_kernel_load_data() for more
2923	* information.
2924	*
2925	* Return: Returns 0 if permission is granted.
2926	*/
2927	int security_kernel_post_load_data(char *buf, loff_t size,
2928	enum kernel_load_data_id id,
2929	char *description)
2930	{
2931	return call_int_hook(kernel_post_load_data, buf, size, id, description);
2932	}
2933	EXPORT_SYMBOL_GPL(security_kernel_post_load_data);
2934
2935	/**
2936	* security_task_fix_setuid() - Update LSM with new user id attributes
2937	* @new: updated credentials
2938	* @old: credentials being replaced
2939	* @flags: LSM_SETID_* flag values
2940	*
2941	* Update the module's state after setting one or more of the user identity
2942	* attributes of the current process. The @flags parameter indicates which of
2943	* the set*uid system calls invoked this hook. If @new is the set of
2944	* credentials that will be installed. Modifications should be made to this
2945	* rather than to @current->cred.
2946	*
2947	* Return: Returns 0 on success.
2948	*/
2949	int security_task_fix_setuid(struct cred *new, const struct cred *old,
2950	int flags)
2951	{
2952	return call_int_hook(task_fix_setuid, new, old, flags);
2953	}
2954
2955	/**
2956	* security_task_fix_setgid() - Update LSM with new group id attributes
2957	* @new: updated credentials
2958	* @old: credentials being replaced
2959	* @flags: LSM_SETID_* flag value
2960	*
2961	* Update the module's state after setting one or more of the group identity
2962	* attributes of the current process. The @flags parameter indicates which of
2963	* the set*gid system calls invoked this hook. @new is the set of credentials
2964	* that will be installed. Modifications should be made to this rather than to
2965	* @current->cred.
2966	*
2967	* Return: Returns 0 on success.
2968	*/
2969	int security_task_fix_setgid(struct cred *new, const struct cred *old,
2970	int flags)
2971	{
2972	return call_int_hook(task_fix_setgid, new, old, flags);
2973	}
2974
2975	/**
2976	* security_task_fix_setgroups() - Update LSM with new supplementary groups
2977	* @new: updated credentials
2978	* @old: credentials being replaced
2979	*
2980	* Update the module's state after setting the supplementary group identity
2981	* attributes of the current process. @new is the set of credentials that will
2982	* be installed. Modifications should be made to this rather than to
2983	* @current->cred.
2984	*
2985	* Return: Returns 0 on success.
2986	*/
2987	int security_task_fix_setgroups(struct cred *new, const struct cred *old)
2988	{
2989	return call_int_hook(task_fix_setgroups, new, old);
2990	}
2991
2992	/**
2993	* security_task_setpgid() - Check if setting the pgid is allowed
2994	* @p: task being modified
2995	* @pgid: new pgid
2996	*
2997	* Check permission before setting the process group identifier of the process
2998	* @p to @pgid.
2999	*
3000	* Return: Returns 0 if permission is granted.
3001	*/
3002	int security_task_setpgid(struct task_struct *p, pid_t pgid)
3003	{
3004	return call_int_hook(task_setpgid, p, pgid);
3005	}
3006
3007	/**
3008	* security_task_getpgid() - Check if getting the pgid is allowed
3009	* @p: task
3010	*
3011	* Check permission before getting the process group identifier of the process
3012	* @p.
3013	*
3014	* Return: Returns 0 if permission is granted.
3015	*/
3016	int security_task_getpgid(struct task_struct *p)
3017	{
3018	return call_int_hook(task_getpgid, p);
3019	}
3020
3021	/**
3022	* security_task_getsid() - Check if getting the session id is allowed
3023	* @p: task
3024	*
3025	* Check permission before getting the session identifier of the process @p.
3026	*
3027	* Return: Returns 0 if permission is granted.
3028	*/
3029	int security_task_getsid(struct task_struct *p)
3030	{
3031	return call_int_hook(task_getsid, p);
3032	}
3033
3034	/**
3035	* security_current_getlsmprop_subj() - Current task's subjective LSM data
3036	* @prop: lsm specific information
3037	*
3038	* Retrieve the subjective security identifier of the current task and return
3039	* it in @prop.
3040	*/
3041	void security_current_getlsmprop_subj(struct lsm_prop *prop)
3042	{
3043	lsmprop_init(prop);
3044	call_void_hook(current_getlsmprop_subj, prop);
3045	}
3046	EXPORT_SYMBOL(security_current_getlsmprop_subj);
3047
3048	/**
3049	* security_task_getlsmprop_obj() - Get a task's objective LSM data
3050	* @p: target task
3051	* @prop: lsm specific information
3052	*
3053	* Retrieve the objective security identifier of the task_struct in @p and
3054	* return it in @prop.
3055	*/
3056	void security_task_getlsmprop_obj(struct task_struct *p, struct lsm_prop *prop)
3057	{
3058	lsmprop_init(prop);
3059	call_void_hook(task_getlsmprop_obj, p, prop);
3060	}
3061	EXPORT_SYMBOL(security_task_getlsmprop_obj);
3062
3063	/**
3064	* security_task_setnice() - Check if setting a task's nice value is allowed
3065	* @p: target task
3066	* @nice: nice value
3067	*
3068	* Check permission before setting the nice value of @p to @nice.
3069	*
3070	* Return: Returns 0 if permission is granted.
3071	*/
3072	int security_task_setnice(struct task_struct *p, int nice)
3073	{
3074	return call_int_hook(task_setnice, p, nice);
3075	}
3076
3077	/**
3078	* security_task_setioprio() - Check if setting a task's ioprio is allowed
3079	* @p: target task
3080	* @ioprio: ioprio value
3081	*
3082	* Check permission before setting the ioprio value of @p to @ioprio.
3083	*
3084	* Return: Returns 0 if permission is granted.
3085	*/
3086	int security_task_setioprio(struct task_struct *p, int ioprio)
3087	{
3088	return call_int_hook(task_setioprio, p, ioprio);
3089	}
3090
3091	/**
3092	* security_task_getioprio() - Check if getting a task's ioprio is allowed
3093	* @p: task
3094	*
3095	* Check permission before getting the ioprio value of @p.
3096	*
3097	* Return: Returns 0 if permission is granted.
3098	*/
3099	int security_task_getioprio(struct task_struct *p)
3100	{
3101	return call_int_hook(task_getioprio, p);
3102	}
3103
3104	/**
3105	* security_task_prlimit() - Check if get/setting resources limits is allowed
3106	* @cred: current task credentials
3107	* @tcred: target task credentials
3108	* @flags: LSM_PRLIMIT_* flag bits indicating a get/set/both
3109	*
3110	* Check permission before getting and/or setting the resource limits of
3111	* another task.
3112	*
3113	* Return: Returns 0 if permission is granted.
3114	*/
3115	int security_task_prlimit(const struct cred *cred, const struct cred *tcred,
3116	unsigned int flags)
3117	{
3118	return call_int_hook(task_prlimit, cred, tcred, flags);
3119	}
3120
3121	/**
3122	* security_task_setrlimit() - Check if setting a new rlimit value is allowed
3123	* @p: target task's group leader
3124	* @resource: resource whose limit is being set
3125	* @new_rlim: new resource limit
3126	*
3127	* Check permission before setting the resource limits of process @p for
3128	* @resource to @new_rlim. The old resource limit values can be examined by
3129	* dereferencing (p->signal->rlim + resource).
3130	*
3131	* Return: Returns 0 if permission is granted.
3132	*/
3133	int security_task_setrlimit(struct task_struct *p, unsigned int resource,
3134	struct rlimit *new_rlim)
3135	{
3136	return call_int_hook(task_setrlimit, p, resource, new_rlim);
3137	}
3138
3139	/**
3140	* security_task_setscheduler() - Check if setting sched policy/param is allowed
3141	* @p: target task
3142	*
3143	* Check permission before setting scheduling policy and/or parameters of
3144	* process @p.
3145	*
3146	* Return: Returns 0 if permission is granted.
3147	*/
3148	int security_task_setscheduler(struct task_struct *p)
3149	{
3150	return call_int_hook(task_setscheduler, p);
3151	}
3152
3153	/**
3154	* security_task_getscheduler() - Check if getting scheduling info is allowed
3155	* @p: target task
3156	*
3157	* Check permission before obtaining scheduling information for process @p.
3158	*
3159	* Return: Returns 0 if permission is granted.
3160	*/
3161	int security_task_getscheduler(struct task_struct *p)
3162	{
3163	return call_int_hook(task_getscheduler, p);
3164	}
3165
3166	/**
3167	* security_task_movememory() - Check if moving memory is allowed
3168	* @p: task
3169	*
3170	* Check permission before moving memory owned by process @p.
3171	*
3172	* Return: Returns 0 if permission is granted.
3173	*/
3174	int security_task_movememory(struct task_struct *p)
3175	{
3176	return call_int_hook(task_movememory, p);
3177	}
3178
3179	/**
3180	* security_task_kill() - Check if sending a signal is allowed
3181	* @p: target process
3182	* @info: signal information
3183	* @sig: signal value
3184	* @cred: credentials of the signal sender, NULL if @current
3185	*
3186	* Check permission before sending signal @sig to @p. @info can be NULL, the
3187	* constant 1, or a pointer to a kernel_siginfo structure. If @info is 1 or
3188	* SI_FROMKERNEL(info) is true, then the signal should be viewed as coming from
3189	* the kernel and should typically be permitted. SIGIO signals are handled
3190	* separately by the send_sigiotask hook in file_security_ops.
3191	*
3192	* Return: Returns 0 if permission is granted.
3193	*/
3194	int security_task_kill(struct task_struct *p, struct kernel_siginfo *info,
3195	int sig, const struct cred *cred)
3196	{
3197	return call_int_hook(task_kill, p, info, sig, cred);
3198	}
3199
3200	/**
3201	* security_task_prctl() - Check if a prctl op is allowed
3202	* @option: operation
3203	* @arg2: argument
3204	* @arg3: argument
3205	* @arg4: argument
3206	* @arg5: argument
3207	*
3208	* Check permission before performing a process control operation on the
3209	* current process.
3210	*
3211	* Return: Return -ENOSYS if no-one wanted to handle this op, any other value
3212	* to cause prctl() to return immediately with that value.
3213	*/
3214	int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
3215	unsigned long arg4, unsigned long arg5)
3216	{
3217	int thisrc;
3218	int rc = LSM_RET_DEFAULT(task_prctl);
3219	struct lsm_static_call *scall;
3220
3221	lsm_for_each_hook(scall, task_prctl) {
3222	thisrc = scall->hl->hook.task_prctl(option, arg2, arg3, arg4, arg5);
3223	if (thisrc != LSM_RET_DEFAULT(task_prctl)) {
3224	rc = thisrc;
3225	if (thisrc != 0)
3226	break;
3227	}
3228	}
3229	return rc;
3230	}
3231
3232	/**
3233	* security_task_to_inode() - Set the security attributes of a task's inode
3234	* @p: task
3235	* @inode: inode
3236	*
3237	* Set the security attributes for an inode based on an associated task's
3238	* security attributes, e.g. for /proc/pid inodes.
3239	*/
3240	void security_task_to_inode(struct task_struct *p, struct inode *inode)
3241	{
3242	call_void_hook(task_to_inode, p, inode);
3243	}
3244
3245	/**
3246	* security_create_user_ns() - Check if creating a new userns is allowed
3247	* @cred: prepared creds
3248	*
3249	* Check permission prior to creating a new user namespace.
3250	*
3251	* Return: Returns 0 if successful, otherwise < 0 error code.
3252	*/
3253	int security_create_user_ns(const struct cred *cred)
3254	{
3255	return call_int_hook(userns_create, cred);
3256	}
3257
3258	/**
3259	* security_ipc_permission() - Check if sysv ipc access is allowed
3260	* @ipcp: ipc permission structure
3261	* @flag: requested permissions
3262	*
3263	* Check permissions for access to IPC.
3264	*
3265	* Return: Returns 0 if permission is granted.
3266	*/
3267	int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
3268	{
3269	return call_int_hook(ipc_permission, ipcp, flag);
3270	}
3271
3272	/**
3273	* security_ipc_getlsmprop() - Get the sysv ipc object LSM data
3274	* @ipcp: ipc permission structure
3275	* @prop: pointer to lsm information
3276	*
3277	* Get the lsm information associated with the ipc object.
3278	*/
3279
3280	void security_ipc_getlsmprop(struct kern_ipc_perm *ipcp, struct lsm_prop *prop)
3281	{
3282	lsmprop_init(prop);
3283	call_void_hook(ipc_getlsmprop, ipcp, prop);
3284	}
3285
3286	/**
3287	* security_msg_msg_alloc() - Allocate a sysv ipc message LSM blob
3288	* @msg: message structure
3289	*
3290	* Allocate and attach a security structure to the msg->security field. The
3291	* security field is initialized to NULL when the structure is first created.
3292	*
3293	* Return: Return 0 if operation was successful and permission is granted.
3294	*/
3295	int security_msg_msg_alloc(struct msg_msg *msg)
3296	{
3297	int rc = lsm_msg_msg_alloc(mp: msg);
3298
3299	if (unlikely(rc))
3300	return rc;
3301	rc = call_int_hook(msg_msg_alloc_security, msg);
3302	if (unlikely(rc))
3303	security_msg_msg_free(msg);
3304	return rc;
3305	}
3306
3307	/**
3308	* security_msg_msg_free() - Free a sysv ipc message LSM blob
3309	* @msg: message structure
3310	*
3311	* Deallocate the security structure for this message.
3312	*/
3313	void security_msg_msg_free(struct msg_msg *msg)
3314	{
3315	call_void_hook(msg_msg_free_security, msg);
3316	kfree(objp: msg->security);
3317	msg->security = NULL;
3318	}
3319
3320	/**
3321	* security_msg_queue_alloc() - Allocate a sysv ipc msg queue LSM blob
3322	* @msq: sysv ipc permission structure
3323	*
3324	* Allocate and attach a security structure to @msg. The security field is
3325	* initialized to NULL when the structure is first created.
3326	*
3327	* Return: Returns 0 if operation was successful and permission is granted.
3328	*/
3329	int security_msg_queue_alloc(struct kern_ipc_perm *msq)
3330	{
3331	int rc = lsm_ipc_alloc(kip: msq);
3332
3333	if (unlikely(rc))
3334	return rc;
3335	rc = call_int_hook(msg_queue_alloc_security, msq);
3336	if (unlikely(rc))
3337	security_msg_queue_free(msq);
3338	return rc;
3339	}
3340
3341	/**
3342	* security_msg_queue_free() - Free a sysv ipc msg queue LSM blob
3343	* @msq: sysv ipc permission structure
3344	*
3345	* Deallocate security field @perm->security for the message queue.
3346	*/
3347	void security_msg_queue_free(struct kern_ipc_perm *msq)
3348	{
3349	call_void_hook(msg_queue_free_security, msq);
3350	kfree(objp: msq->security);
3351	msq->security = NULL;
3352	}
3353
3354	/**
3355	* security_msg_queue_associate() - Check if a msg queue operation is allowed
3356	* @msq: sysv ipc permission structure
3357	* @msqflg: operation flags
3358	*
3359	* Check permission when a message queue is requested through the msgget system
3360	* call. This hook is only called when returning the message queue identifier
3361	* for an existing message queue, not when a new message queue is created.
3362	*
3363	* Return: Return 0 if permission is granted.
3364	*/
3365	int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
3366	{
3367	return call_int_hook(msg_queue_associate, msq, msqflg);
3368	}
3369
3370	/**
3371	* security_msg_queue_msgctl() - Check if a msg queue operation is allowed
3372	* @msq: sysv ipc permission structure
3373	* @cmd: operation
3374	*
3375	* Check permission when a message control operation specified by @cmd is to be
3376	* performed on the message queue with permissions.
3377	*
3378	* Return: Returns 0 if permission is granted.
3379	*/
3380	int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
3381	{
3382	return call_int_hook(msg_queue_msgctl, msq, cmd);
3383	}
3384
3385	/**
3386	* security_msg_queue_msgsnd() - Check if sending a sysv ipc message is allowed
3387	* @msq: sysv ipc permission structure
3388	* @msg: message
3389	* @msqflg: operation flags
3390	*
3391	* Check permission before a message, @msg, is enqueued on the message queue
3392	* with permissions specified in @msq.
3393	*
3394	* Return: Returns 0 if permission is granted.
3395	*/
3396	int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
3397	struct msg_msg *msg, int msqflg)
3398	{
3399	return call_int_hook(msg_queue_msgsnd, msq, msg, msqflg);
3400	}
3401
3402	/**
3403	* security_msg_queue_msgrcv() - Check if receiving a sysv ipc msg is allowed
3404	* @msq: sysv ipc permission structure
3405	* @msg: message
3406	* @target: target task
3407	* @type: type of message requested
3408	* @mode: operation flags
3409	*
3410	* Check permission before a message, @msg, is removed from the message queue.
3411	* The @target task structure contains a pointer to the process that will be
3412	* receiving the message (not equal to the current process when inline receives
3413	* are being performed).
3414	*
3415	* Return: Returns 0 if permission is granted.
3416	*/
3417	int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
3418	struct task_struct *target, long type, int mode)
3419	{
3420	return call_int_hook(msg_queue_msgrcv, msq, msg, target, type, mode);
3421	}
3422
3423	/**
3424	* security_shm_alloc() - Allocate a sysv shm LSM blob
3425	* @shp: sysv ipc permission structure
3426	*
3427	* Allocate and attach a security structure to the @shp security field. The
3428	* security field is initialized to NULL when the structure is first created.
3429	*
3430	* Return: Returns 0 if operation was successful and permission is granted.
3431	*/
3432	int security_shm_alloc(struct kern_ipc_perm *shp)
3433	{
3434	int rc = lsm_ipc_alloc(kip: shp);
3435
3436	if (unlikely(rc))
3437	return rc;
3438	rc = call_int_hook(shm_alloc_security, shp);
3439	if (unlikely(rc))
3440	security_shm_free(shp);
3441	return rc;
3442	}
3443
3444	/**
3445	* security_shm_free() - Free a sysv shm LSM blob
3446	* @shp: sysv ipc permission structure
3447	*
3448	* Deallocate the security structure @perm->security for the memory segment.
3449	*/
3450	void security_shm_free(struct kern_ipc_perm *shp)
3451	{
3452	call_void_hook(shm_free_security, shp);
3453	kfree(objp: shp->security);
3454	shp->security = NULL;
3455	}
3456
3457	/**
3458	* security_shm_associate() - Check if a sysv shm operation is allowed
3459	* @shp: sysv ipc permission structure
3460	* @shmflg: operation flags
3461	*
3462	* Check permission when a shared memory region is requested through the shmget
3463	* system call. This hook is only called when returning the shared memory
3464	* region identifier for an existing region, not when a new shared memory
3465	* region is created.
3466	*
3467	* Return: Returns 0 if permission is granted.
3468	*/
3469	int security_shm_associate(struct kern_ipc_perm *shp, int shmflg)
3470	{
3471	return call_int_hook(shm_associate, shp, shmflg);
3472	}
3473
3474	/**
3475	* security_shm_shmctl() - Check if a sysv shm operation is allowed
3476	* @shp: sysv ipc permission structure
3477	* @cmd: operation
3478	*
3479	* Check permission when a shared memory control operation specified by @cmd is
3480	* to be performed on the shared memory region with permissions in @shp.
3481	*
3482	* Return: Return 0 if permission is granted.
3483	*/
3484	int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
3485	{
3486	return call_int_hook(shm_shmctl, shp, cmd);
3487	}
3488
3489	/**
3490	* security_shm_shmat() - Check if a sysv shm attach operation is allowed
3491	* @shp: sysv ipc permission structure
3492	* @shmaddr: address of memory region to attach
3493	* @shmflg: operation flags
3494	*
3495	* Check permissions prior to allowing the shmat system call to attach the
3496	* shared memory segment with permissions @shp to the data segment of the
3497	* calling process. The attaching address is specified by @shmaddr.
3498	*
3499	* Return: Returns 0 if permission is granted.
3500	*/
3501	int security_shm_shmat(struct kern_ipc_perm *shp,
3502	char __user *shmaddr, int shmflg)
3503	{
3504	return call_int_hook(shm_shmat, shp, shmaddr, shmflg);
3505	}
3506
3507	/**
3508	* security_sem_alloc() - Allocate a sysv semaphore LSM blob
3509	* @sma: sysv ipc permission structure
3510	*
3511	* Allocate and attach a security structure to the @sma security field. The
3512	* security field is initialized to NULL when the structure is first created.
3513	*
3514	* Return: Returns 0 if operation was successful and permission is granted.
3515	*/
3516	int security_sem_alloc(struct kern_ipc_perm *sma)
3517	{
3518	int rc = lsm_ipc_alloc(kip: sma);
3519
3520	if (unlikely(rc))
3521	return rc;
3522	rc = call_int_hook(sem_alloc_security, sma);
3523	if (unlikely(rc))
3524	security_sem_free(sma);
3525	return rc;
3526	}
3527
3528	/**
3529	* security_sem_free() - Free a sysv semaphore LSM blob
3530	* @sma: sysv ipc permission structure
3531	*
3532	* Deallocate security structure @sma->security for the semaphore.
3533	*/
3534	void security_sem_free(struct kern_ipc_perm *sma)
3535	{
3536	call_void_hook(sem_free_security, sma);
3537	kfree(objp: sma->security);
3538	sma->security = NULL;
3539	}
3540
3541	/**
3542	* security_sem_associate() - Check if a sysv semaphore operation is allowed
3543	* @sma: sysv ipc permission structure
3544	* @semflg: operation flags
3545	*
3546	* Check permission when a semaphore is requested through the semget system
3547	* call. This hook is only called when returning the semaphore identifier for
3548	* an existing semaphore, not when a new one must be created.
3549	*
3550	* Return: Returns 0 if permission is granted.
3551	*/
3552	int security_sem_associate(struct kern_ipc_perm *sma, int semflg)
3553	{
3554	return call_int_hook(sem_associate, sma, semflg);
3555	}
3556
3557	/**
3558	* security_sem_semctl() - Check if a sysv semaphore operation is allowed
3559	* @sma: sysv ipc permission structure
3560	* @cmd: operation
3561	*
3562	* Check permission when a semaphore operation specified by @cmd is to be
3563	* performed on the semaphore.
3564	*
3565	* Return: Returns 0 if permission is granted.
3566	*/
3567	int security_sem_semctl(struct kern_ipc_perm *sma, int cmd)
3568	{
3569	return call_int_hook(sem_semctl, sma, cmd);
3570	}
3571
3572	/**
3573	* security_sem_semop() - Check if a sysv semaphore operation is allowed
3574	* @sma: sysv ipc permission structure
3575	* @sops: operations to perform
3576	* @nsops: number of operations
3577	* @alter: flag indicating changes will be made
3578	*
3579	* Check permissions before performing operations on members of the semaphore
3580	* set. If the @alter flag is nonzero, the semaphore set may be modified.
3581	*
3582	* Return: Returns 0 if permission is granted.
3583	*/
3584	int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops,
3585	unsigned nsops, int alter)
3586	{
3587	return call_int_hook(sem_semop, sma, sops, nsops, alter);
3588	}
3589
3590	/**
3591	* security_d_instantiate() - Populate an inode's LSM state based on a dentry
3592	* @dentry: dentry
3593	* @inode: inode
3594	*
3595	* Fill in @inode security information for a @dentry if allowed.
3596	*/
3597	void security_d_instantiate(struct dentry *dentry, struct inode *inode)
3598	{
3599	if (unlikely(inode && IS_PRIVATE(inode)))
3600	return;
3601	call_void_hook(d_instantiate, dentry, inode);
3602	}
3603	EXPORT_SYMBOL(security_d_instantiate);
3604
3605	/*
3606	* Please keep this in sync with it's counterpart in security/lsm_syscalls.c
3607	*/
3608
3609	/**
3610	* security_getselfattr - Read an LSM attribute of the current process.
3611	* @attr: which attribute to return
3612	* @uctx: the user-space destination for the information, or NULL
3613	* @size: pointer to the size of space available to receive the data
3614	* @flags: special handling options. LSM_FLAG_SINGLE indicates that only
3615	* attributes associated with the LSM identified in the passed @ctx be
3616	* reported.
3617	*
3618	* A NULL value for @uctx can be used to get both the number of attributes
3619	* and the size of the data.
3620	*
3621	* Returns the number of attributes found on success, negative value
3622	* on error. @size is reset to the total size of the data.
3623	* If @size is insufficient to contain the data -E2BIG is returned.
3624	*/
3625	int security_getselfattr(unsigned int attr, struct lsm_ctx __user *uctx,
3626	u32 __user *size, u32 flags)
3627	{
3628	struct lsm_static_call *scall;
3629	struct lsm_ctx lctx = { .id = LSM_ID_UNDEF, };
3630	u8 __user *base = (u8 __user *)uctx;
3631	u32 entrysize;
3632	u32 total = 0;
3633	u32 left;
3634	bool toobig = false;
3635	bool single = false;
3636	int count = 0;
3637	int rc;
3638
3639	if (attr == LSM_ATTR_UNDEF)
3640	return -EINVAL;
3641	if (size == NULL)
3642	return -EINVAL;
3643	if (get_user(left, size))
3644	return -EFAULT;
3645
3646	if (flags) {
3647	/*
3648	* Only flag supported is LSM_FLAG_SINGLE
3649	*/
3650	if (flags != LSM_FLAG_SINGLE || !uctx)
3651	return -EINVAL;
3652	if (copy_from_user(to: &lctx, from: uctx, n: sizeof(lctx)))
3653	return -EFAULT;
3654	/*
3655	* If the LSM ID isn't specified it is an error.
3656	*/
3657	if (lctx.id == LSM_ID_UNDEF)
3658	return -EINVAL;
3659	single = true;
3660	}
3661
3662	/*
3663	* In the usual case gather all the data from the LSMs.
3664	* In the single case only get the data from the LSM specified.
3665	*/
3666	lsm_for_each_hook(scall, getselfattr) {
3667	if (single && lctx.id != scall->hl->lsmid->id)
3668	continue;
3669	entrysize = left;
3670	if (base)
3671	uctx = (struct lsm_ctx __user *)(base + total);
3672	rc = scall->hl->hook.getselfattr(attr, uctx, &entrysize, flags);
3673	if (rc == -EOPNOTSUPP)
3674	continue;
3675	if (rc == -E2BIG) {
3676	rc = 0;
3677	left = 0;
3678	toobig = true;
3679	} else if (rc < 0)
3680	return rc;
3681	else
3682	left -= entrysize;
3683
3684	total += entrysize;
3685	count += rc;
3686	if (single)
3687	break;
3688	}
3689	if (put_user(total, size))
3690	return -EFAULT;
3691	if (toobig)
3692	return -E2BIG;
3693	if (count == 0)
3694	return LSM_RET_DEFAULT(getselfattr);
3695	return count;
3696	}
3697
3698	/*
3699	* Please keep this in sync with it's counterpart in security/lsm_syscalls.c
3700	*/
3701
3702	/**
3703	* security_setselfattr - Set an LSM attribute on the current process.
3704	* @attr: which attribute to set
3705	* @uctx: the user-space source for the information
3706	* @size: the size of the data
3707	* @flags: reserved for future use, must be 0
3708	*
3709	* Set an LSM attribute for the current process. The LSM, attribute
3710	* and new value are included in @uctx.
3711	*
3712	* Returns 0 on success, -EINVAL if the input is inconsistent, -EFAULT
3713	* if the user buffer is inaccessible, E2BIG if size is too big, or an
3714	* LSM specific failure.
3715	*/
3716	int security_setselfattr(unsigned int attr, struct lsm_ctx __user *uctx,
3717	u32 size, u32 flags)
3718	{
3719	struct lsm_static_call *scall;
3720	struct lsm_ctx *lctx;
3721	int rc = LSM_RET_DEFAULT(setselfattr);
3722	u64 required_len;
3723
3724	if (flags)
3725	return -EINVAL;
3726	if (size < sizeof(*lctx))
3727	return -EINVAL;
3728	if (size > PAGE_SIZE)
3729	return -E2BIG;
3730
3731	lctx = memdup_user(uctx, size);
3732	if (IS_ERR(ptr: lctx))
3733	return PTR_ERR(ptr: lctx);
3734
3735	if (size < lctx->len ||
3736	check_add_overflow(sizeof(*lctx), lctx->ctx_len, &required_len) ||
3737	lctx->len < required_len) {
3738	rc = -EINVAL;
3739	goto free_out;
3740	}
3741
3742	lsm_for_each_hook(scall, setselfattr)
3743	if ((scall->hl->lsmid->id) == lctx->id) {
3744	rc = scall->hl->hook.setselfattr(attr, lctx, size, flags);
3745	break;
3746	}
3747
3748	free_out:
3749	kfree(objp: lctx);
3750	return rc;
3751	}
3752
3753	/**
3754	* security_getprocattr() - Read an attribute for a task
3755	* @p: the task
3756	* @lsmid: LSM identification
3757	* @name: attribute name
3758	* @value: attribute value
3759	*
3760	* Read attribute @name for task @p and store it into @value if allowed.
3761	*
3762	* Return: Returns the length of @value on success, a negative value otherwise.
3763	*/
3764	int security_getprocattr(struct task_struct *p, int lsmid, const char *name,
3765	char **value)
3766	{
3767	struct lsm_static_call *scall;
3768
3769	lsm_for_each_hook(scall, getprocattr) {
3770	if (lsmid != 0 && lsmid != scall->hl->lsmid->id)
3771	continue;
3772	return scall->hl->hook.getprocattr(p, name, value);
3773	}
3774	return LSM_RET_DEFAULT(getprocattr);
3775	}
3776
3777	/**
3778	* security_setprocattr() - Set an attribute for a task
3779	* @lsmid: LSM identification
3780	* @name: attribute name
3781	* @value: attribute value
3782	* @size: attribute value size
3783	*
3784	* Write (set) the current task's attribute @name to @value, size @size if
3785	* allowed.
3786	*
3787	* Return: Returns bytes written on success, a negative value otherwise.
3788	*/
3789	int security_setprocattr(int lsmid, const char *name, void *value, size_t size)
3790	{
3791	struct lsm_static_call *scall;
3792
3793	lsm_for_each_hook(scall, setprocattr) {
3794	if (lsmid != 0 && lsmid != scall->hl->lsmid->id)
3795	continue;
3796	return scall->hl->hook.setprocattr(name, value, size);
3797	}
3798	return LSM_RET_DEFAULT(setprocattr);
3799	}
3800
3801	/**
3802	* security_ismaclabel() - Check if the named attribute is a MAC label
3803	* @name: full extended attribute name
3804	*
3805	* Check if the extended attribute specified by @name represents a MAC label.
3806	*
3807	* Return: Returns 1 if name is a MAC attribute otherwise returns 0.
3808	*/
3809	int security_ismaclabel(const char *name)
3810	{
3811	return call_int_hook(ismaclabel, name);
3812	}
3813	EXPORT_SYMBOL(security_ismaclabel);
3814
3815	/**
3816	* security_secid_to_secctx() - Convert a secid to a secctx
3817	* @secid: secid
3818	* @cp: the LSM context
3819	*
3820	* Convert secid to security context. If @cp is NULL the length of the
3821	* result will be returned, but no data will be returned. This
3822	* does mean that the length could change between calls to check the length and
3823	* the next call which actually allocates and returns the data.
3824	*
3825	* Return: Return length of data on success, error on failure.
3826	*/
3827	int security_secid_to_secctx(u32 secid, struct lsm_context *cp)
3828	{
3829	return call_int_hook(secid_to_secctx, secid, cp);
3830	}
3831	EXPORT_SYMBOL(security_secid_to_secctx);
3832
3833	/**
3834	* security_lsmprop_to_secctx() - Convert a lsm_prop to a secctx
3835	* @prop: lsm specific information
3836	* @cp: the LSM context
3837	* @lsmid: which security module to report
3838	*
3839	* Convert a @prop entry to security context. If @cp is NULL the
3840	* length of the result will be returned. This does mean that the
3841	* length could change between calls to check the length and the
3842	* next call which actually allocates and returns the @cp.
3843	*
3844	* @lsmid identifies which LSM should supply the context.
3845	* A value of LSM_ID_UNDEF indicates that the first LSM suppling
3846	* the hook should be used. This is used in cases where the
3847	* ID of the supplying LSM is unambiguous.
3848	*
3849	* Return: Return length of data on success, error on failure.
3850	*/
3851	int security_lsmprop_to_secctx(struct lsm_prop *prop, struct lsm_context *cp,
3852	int lsmid)
3853	{
3854	struct lsm_static_call *scall;
3855
3856	lsm_for_each_hook(scall, lsmprop_to_secctx) {
3857	if (lsmid != LSM_ID_UNDEF && lsmid != scall->hl->lsmid->id)
3858	continue;
3859	return scall->hl->hook.lsmprop_to_secctx(prop, cp);
3860	}
3861	return LSM_RET_DEFAULT(lsmprop_to_secctx);
3862	}
3863	EXPORT_SYMBOL(security_lsmprop_to_secctx);
3864
3865	/**
3866	* security_secctx_to_secid() - Convert a secctx to a secid
3867	* @secdata: secctx
3868	* @seclen: length of secctx
3869	* @secid: secid
3870	*
3871	* Convert security context to secid.
3872	*
3873	* Return: Returns 0 on success, error on failure.
3874	*/
3875	int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
3876	{
3877	*secid = 0;
3878	return call_int_hook(secctx_to_secid, secdata, seclen, secid);
3879	}
3880	EXPORT_SYMBOL(security_secctx_to_secid);
3881
3882	/**
3883	* security_release_secctx() - Free a secctx buffer
3884	* @cp: the security context
3885	*
3886	* Release the security context.
3887	*/
3888	void security_release_secctx(struct lsm_context *cp)
3889	{
3890	call_void_hook(release_secctx, cp);
3891	memset(cp, 0, sizeof(*cp));
3892	}
3893	EXPORT_SYMBOL(security_release_secctx);
3894
3895	/**
3896	* security_inode_invalidate_secctx() - Invalidate an inode's security label
3897	* @inode: inode
3898	*
3899	* Notify the security module that it must revalidate the security context of
3900	* an inode.
3901	*/
3902	void security_inode_invalidate_secctx(struct inode *inode)
3903	{
3904	call_void_hook(inode_invalidate_secctx, inode);
3905	}
3906	EXPORT_SYMBOL(security_inode_invalidate_secctx);
3907
3908	/**
3909	* security_inode_notifysecctx() - Notify the LSM of an inode's security label
3910	* @inode: inode
3911	* @ctx: secctx
3912	* @ctxlen: length of secctx
3913	*
3914	* Notify the security module of what the security context of an inode should
3915	* be. Initializes the incore security context managed by the security module
3916	* for this inode. Example usage: NFS client invokes this hook to initialize
3917	* the security context in its incore inode to the value provided by the server
3918	* for the file when the server returned the file's attributes to the client.
3919	* Must be called with inode->i_mutex locked.
3920	*
3921	* Return: Returns 0 on success, error on failure.
3922	*/
3923	int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
3924	{
3925	return call_int_hook(inode_notifysecctx, inode, ctx, ctxlen);
3926	}
3927	EXPORT_SYMBOL(security_inode_notifysecctx);
3928
3929	/**
3930	* security_inode_setsecctx() - Change the security label of an inode
3931	* @dentry: inode
3932	* @ctx: secctx
3933	* @ctxlen: length of secctx
3934	*
3935	* Change the security context of an inode. Updates the incore security
3936	* context managed by the security module and invokes the fs code as needed
3937	* (via __vfs_setxattr_noperm) to update any backing xattrs that represent the
3938	* context. Example usage: NFS server invokes this hook to change the security
3939	* context in its incore inode and on the backing filesystem to a value
3940	* provided by the client on a SETATTR operation. Must be called with
3941	* inode->i_mutex locked.
3942	*
3943	* Return: Returns 0 on success, error on failure.
3944	*/
3945	int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
3946	{
3947	return call_int_hook(inode_setsecctx, dentry, ctx, ctxlen);
3948	}
3949	EXPORT_SYMBOL(security_inode_setsecctx);
3950
3951	/**
3952	* security_inode_getsecctx() - Get the security label of an inode
3953	* @inode: inode
3954	* @cp: security context
3955	*
3956	* On success, returns 0 and fills out @cp with the security context
3957	* for the given @inode.
3958	*
3959	* Return: Returns 0 on success, error on failure.
3960	*/
3961	int security_inode_getsecctx(struct inode *inode, struct lsm_context *cp)
3962	{
3963	memset(cp, 0, sizeof(*cp));
3964	return call_int_hook(inode_getsecctx, inode, cp);
3965	}
3966	EXPORT_SYMBOL(security_inode_getsecctx);
3967
3968	#ifdef CONFIG_WATCH_QUEUE
3969	/**
3970	* security_post_notification() - Check if a watch notification can be posted
3971	* @w_cred: credentials of the task that set the watch
3972	* @cred: credentials of the task which triggered the watch
3973	* @n: the notification
3974	*
3975	* Check to see if a watch notification can be posted to a particular queue.
3976	*
3977	* Return: Returns 0 if permission is granted.
3978	*/
3979	int security_post_notification(const struct cred *w_cred,
3980	const struct cred *cred,
3981	struct watch_notification *n)
3982	{
3983	return call_int_hook(post_notification, w_cred, cred, n);
3984	}
3985	#endif /* CONFIG_WATCH_QUEUE */
3986
3987	#ifdef CONFIG_KEY_NOTIFICATIONS
3988	/**
3989	* security_watch_key() - Check if a task is allowed to watch for key events
3990	* @key: the key to watch
3991	*
3992	* Check to see if a process is allowed to watch for event notifications from
3993	* a key or keyring.
3994	*
3995	* Return: Returns 0 if permission is granted.
3996	*/
3997	int security_watch_key(struct key *key)
3998	{
3999	return call_int_hook(watch_key, key);
4000	}
4001	#endif /* CONFIG_KEY_NOTIFICATIONS */
4002
4003	#ifdef CONFIG_SECURITY_NETWORK
4004	/**
4005	* security_netlink_send() - Save info and check if netlink sending is allowed
4006	* @sk: sending socket
4007	* @skb: netlink message
4008	*
4009	* Save security information for a netlink message so that permission checking
4010	* can be performed when the message is processed. The security information
4011	* can be saved using the eff_cap field of the netlink_skb_parms structure.
4012	* Also may be used to provide fine grained control over message transmission.
4013	*
4014	* Return: Returns 0 if the information was successfully saved and message is
4015	* allowed to be transmitted.
4016	*/
4017	int security_netlink_send(struct sock *sk, struct sk_buff *skb)
4018	{
4019	return call_int_hook(netlink_send, sk, skb);
4020	}
4021
4022	/**
4023	* security_unix_stream_connect() - Check if a AF_UNIX stream is allowed
4024	* @sock: originating sock
4025	* @other: peer sock
4026	* @newsk: new sock
4027	*
4028	* Check permissions before establishing a Unix domain stream connection
4029	* between @sock and @other.
4030	*
4031	* The @unix_stream_connect and @unix_may_send hooks were necessary because
4032	* Linux provides an alternative to the conventional file name space for Unix
4033	* domain sockets. Whereas binding and connecting to sockets in the file name
4034	* space is mediated by the typical file permissions (and caught by the mknod
4035	* and permission hooks in inode_security_ops), binding and connecting to
4036	* sockets in the abstract name space is completely unmediated. Sufficient
4037	* control of Unix domain sockets in the abstract name space isn't possible
4038	* using only the socket layer hooks, since we need to know the actual target
4039	* socket, which is not looked up until we are inside the af_unix code.
4040	*
4041	* Return: Returns 0 if permission is granted.
4042	*/
4043	int security_unix_stream_connect(struct sock *sock, struct sock *other,
4044	struct sock *newsk)
4045	{
4046	return call_int_hook(unix_stream_connect, sock, other, newsk);
4047	}
4048	EXPORT_SYMBOL(security_unix_stream_connect);
4049
4050	/**
4051	* security_unix_may_send() - Check if AF_UNIX socket can send datagrams
4052	* @sock: originating sock
4053	* @other: peer sock
4054	*
4055	* Check permissions before connecting or sending datagrams from @sock to
4056	* @other.
4057	*
4058	* The @unix_stream_connect and @unix_may_send hooks were necessary because
4059	* Linux provides an alternative to the conventional file name space for Unix
4060	* domain sockets. Whereas binding and connecting to sockets in the file name
4061	* space is mediated by the typical file permissions (and caught by the mknod
4062	* and permission hooks in inode_security_ops), binding and connecting to
4063	* sockets in the abstract name space is completely unmediated. Sufficient
4064	* control of Unix domain sockets in the abstract name space isn't possible
4065	* using only the socket layer hooks, since we need to know the actual target
4066	* socket, which is not looked up until we are inside the af_unix code.
4067	*
4068	* Return: Returns 0 if permission is granted.
4069	*/
4070	int security_unix_may_send(struct socket *sock, struct socket *other)
4071	{
4072	return call_int_hook(unix_may_send, sock, other);
4073	}
4074	EXPORT_SYMBOL(security_unix_may_send);
4075
4076	/**
4077	* security_socket_create() - Check if creating a new socket is allowed
4078	* @family: protocol family
4079	* @type: communications type
4080	* @protocol: requested protocol
4081	* @kern: set to 1 if a kernel socket is requested
4082	*
4083	* Check permissions prior to creating a new socket.
4084	*
4085	* Return: Returns 0 if permission is granted.
4086	*/
4087	int security_socket_create(int family, int type, int protocol, int kern)
4088	{
4089	return call_int_hook(socket_create, family, type, protocol, kern);
4090	}
4091
4092	/**
4093	* security_socket_post_create() - Initialize a newly created socket
4094	* @sock: socket
4095	* @family: protocol family
4096	* @type: communications type
4097	* @protocol: requested protocol
4098	* @kern: set to 1 if a kernel socket is requested
4099	*
4100	* This hook allows a module to update or allocate a per-socket security
4101	* structure. Note that the security field was not added directly to the socket
4102	* structure, but rather, the socket security information is stored in the
4103	* associated inode. Typically, the inode alloc_security hook will allocate
4104	* and attach security information to SOCK_INODE(sock)->i_security. This hook
4105	* may be used to update the SOCK_INODE(sock)->i_security field with additional
4106	* information that wasn't available when the inode was allocated.
4107	*
4108	* Return: Returns 0 if permission is granted.
4109	*/
4110	int security_socket_post_create(struct socket *sock, int family,
4111	int type, int protocol, int kern)
4112	{
4113	return call_int_hook(socket_post_create, sock, family, type,
4114	protocol, kern);
4115	}
4116
4117	/**
4118	* security_socket_socketpair() - Check if creating a socketpair is allowed
4119	* @socka: first socket
4120	* @sockb: second socket
4121	*
4122	* Check permissions before creating a fresh pair of sockets.
4123	*
4124	* Return: Returns 0 if permission is granted and the connection was
4125	* established.
4126	*/
4127	int security_socket_socketpair(struct socket *socka, struct socket *sockb)
4128	{
4129	return call_int_hook(socket_socketpair, socka, sockb);
4130	}
4131	EXPORT_SYMBOL(security_socket_socketpair);
4132
4133	/**
4134	* security_socket_bind() - Check if a socket bind operation is allowed
4135	* @sock: socket
4136	* @address: requested bind address
4137	* @addrlen: length of address
4138	*
4139	* Check permission before socket protocol layer bind operation is performed
4140	* and the socket @sock is bound to the address specified in the @address
4141	* parameter.
4142	*
4143	* Return: Returns 0 if permission is granted.
4144	*/
4145	int security_socket_bind(struct socket *sock,
4146	struct sockaddr *address, int addrlen)
4147	{
4148	return call_int_hook(socket_bind, sock, address, addrlen);
4149	}
4150
4151	/**
4152	* security_socket_connect() - Check if a socket connect operation is allowed
4153	* @sock: socket
4154	* @address: address of remote connection point
4155	* @addrlen: length of address
4156	*
4157	* Check permission before socket protocol layer connect operation attempts to
4158	* connect socket @sock to a remote address, @address.
4159	*
4160	* Return: Returns 0 if permission is granted.
4161	*/
4162	int security_socket_connect(struct socket *sock,
4163	struct sockaddr *address, int addrlen)
4164	{
4165	return call_int_hook(socket_connect, sock, address, addrlen);
4166	}
4167
4168	/**
4169	* security_socket_listen() - Check if a socket is allowed to listen
4170	* @sock: socket
4171	* @backlog: connection queue size
4172	*
4173	* Check permission before socket protocol layer listen operation.
4174	*
4175	* Return: Returns 0 if permission is granted.
4176	*/
4177	int security_socket_listen(struct socket *sock, int backlog)
4178	{
4179	return call_int_hook(socket_listen, sock, backlog);
4180	}
4181
4182	/**
4183	* security_socket_accept() - Check if a socket is allowed to accept connections
4184	* @sock: listening socket
4185	* @newsock: newly creation connection socket
4186	*
4187	* Check permission before accepting a new connection. Note that the new
4188	* socket, @newsock, has been created and some information copied to it, but
4189	* the accept operation has not actually been performed.
4190	*
4191	* Return: Returns 0 if permission is granted.
4192	*/
4193	int security_socket_accept(struct socket *sock, struct socket *newsock)
4194	{
4195	return call_int_hook(socket_accept, sock, newsock);
4196	}
4197
4198	/**
4199	* security_socket_sendmsg() - Check if sending a message is allowed
4200	* @sock: sending socket
4201	* @msg: message to send
4202	* @size: size of message
4203	*
4204	* Check permission before transmitting a message to another socket.
4205	*
4206	* Return: Returns 0 if permission is granted.
4207	*/
4208	int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
4209	{
4210	return call_int_hook(socket_sendmsg, sock, msg, size);
4211	}
4212
4213	/**
4214	* security_socket_recvmsg() - Check if receiving a message is allowed
4215	* @sock: receiving socket
4216	* @msg: message to receive
4217	* @size: size of message
4218	* @flags: operational flags
4219	*
4220	* Check permission before receiving a message from a socket.
4221	*
4222	* Return: Returns 0 if permission is granted.
4223	*/
4224	int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
4225	int size, int flags)
4226	{
4227	return call_int_hook(socket_recvmsg, sock, msg, size, flags);
4228	}
4229
4230	/**
4231	* security_socket_getsockname() - Check if reading the socket addr is allowed
4232	* @sock: socket
4233	*
4234	* Check permission before reading the local address (name) of the socket
4235	* object.
4236	*
4237	* Return: Returns 0 if permission is granted.
4238	*/
4239	int security_socket_getsockname(struct socket *sock)
4240	{
4241	return call_int_hook(socket_getsockname, sock);
4242	}
4243
4244	/**
4245	* security_socket_getpeername() - Check if reading the peer's addr is allowed
4246	* @sock: socket
4247	*
4248	* Check permission before the remote address (name) of a socket object.
4249	*
4250	* Return: Returns 0 if permission is granted.
4251	*/
4252	int security_socket_getpeername(struct socket *sock)
4253	{
4254	return call_int_hook(socket_getpeername, sock);
4255	}
4256
4257	/**
4258	* security_socket_getsockopt() - Check if reading a socket option is allowed
4259	* @sock: socket
4260	* @level: option's protocol level
4261	* @optname: option name
4262	*
4263	* Check permissions before retrieving the options associated with socket
4264	* @sock.
4265	*
4266	* Return: Returns 0 if permission is granted.
4267	*/
4268	int security_socket_getsockopt(struct socket *sock, int level, int optname)
4269	{
4270	return call_int_hook(socket_getsockopt, sock, level, optname);
4271	}
4272
4273	/**
4274	* security_socket_setsockopt() - Check if setting a socket option is allowed
4275	* @sock: socket
4276	* @level: option's protocol level
4277	* @optname: option name
4278	*
4279	* Check permissions before setting the options associated with socket @sock.
4280	*
4281	* Return: Returns 0 if permission is granted.
4282	*/
4283	int security_socket_setsockopt(struct socket *sock, int level, int optname)
4284	{
4285	return call_int_hook(socket_setsockopt, sock, level, optname);
4286	}
4287
4288	/**
4289	* security_socket_shutdown() - Checks if shutting down the socket is allowed
4290	* @sock: socket
4291	* @how: flag indicating how sends and receives are handled
4292	*
4293	* Checks permission before all or part of a connection on the socket @sock is
4294	* shut down.
4295	*
4296	* Return: Returns 0 if permission is granted.
4297	*/
4298	int security_socket_shutdown(struct socket *sock, int how)
4299	{
4300	return call_int_hook(socket_shutdown, sock, how);
4301	}
4302
4303	/**
4304	* security_sock_rcv_skb() - Check if an incoming network packet is allowed
4305	* @sk: destination sock
4306	* @skb: incoming packet
4307	*
4308	* Check permissions on incoming network packets. This hook is distinct from
4309	* Netfilter's IP input hooks since it is the first time that the incoming
4310	* sk_buff @skb has been associated with a particular socket, @sk. Must not
4311	* sleep inside this hook because some callers hold spinlocks.
4312	*
4313	* Return: Returns 0 if permission is granted.
4314	*/
4315	int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
4316	{
4317	return call_int_hook(socket_sock_rcv_skb, sk, skb);
4318	}
4319	EXPORT_SYMBOL(security_sock_rcv_skb);
4320
4321	/**
4322	* security_socket_getpeersec_stream() - Get the remote peer label
4323	* @sock: socket
4324	* @optval: destination buffer
4325	* @optlen: size of peer label copied into the buffer
4326	* @len: maximum size of the destination buffer
4327	*
4328	* This hook allows the security module to provide peer socket security state
4329	* for unix or connected tcp sockets to userspace via getsockopt SO_GETPEERSEC.
4330	* For tcp sockets this can be meaningful if the socket is associated with an
4331	* ipsec SA.
4332	*
4333	* Return: Returns 0 if all is well, otherwise, typical getsockopt return
4334	* values.
4335	*/
4336	int security_socket_getpeersec_stream(struct socket *sock, sockptr_t optval,
4337	sockptr_t optlen, unsigned int len)
4338	{
4339	return call_int_hook(socket_getpeersec_stream, sock, optval, optlen,
4340	len);
4341	}
4342
4343	/**
4344	* security_socket_getpeersec_dgram() - Get the remote peer label
4345	* @sock: socket
4346	* @skb: datagram packet
4347	* @secid: remote peer label secid
4348	*
4349	* This hook allows the security module to provide peer socket security state
4350	* for udp sockets on a per-packet basis to userspace via getsockopt
4351	* SO_GETPEERSEC. The application must first have indicated the IP_PASSSEC
4352	* option via getsockopt. It can then retrieve the security state returned by
4353	* this hook for a packet via the SCM_SECURITY ancillary message type.
4354	*
4355	* Return: Returns 0 on success, error on failure.
4356	*/
4357	int security_socket_getpeersec_dgram(struct socket *sock,
4358	struct sk_buff *skb, u32 *secid)
4359	{
4360	return call_int_hook(socket_getpeersec_dgram, sock, skb, secid);
4361	}
4362	EXPORT_SYMBOL(security_socket_getpeersec_dgram);
4363
4364	/**
4365	* lsm_sock_alloc - allocate a composite sock blob
4366	* @sock: the sock that needs a blob
4367	* @gfp: allocation mode
4368	*
4369	* Allocate the sock blob for all the modules
4370	*
4371	* Returns 0, or -ENOMEM if memory can't be allocated.
4372	*/
4373	static int lsm_sock_alloc(struct sock *sock, gfp_t gfp)
4374	{
4375	return lsm_blob_alloc(dest: &sock->sk_security, size: blob_sizes.lbs_sock, gfp);
4376	}
4377
4378	/**
4379	* security_sk_alloc() - Allocate and initialize a sock's LSM blob
4380	* @sk: sock
4381	* @family: protocol family
4382	* @priority: gfp flags
4383	*
4384	* Allocate and attach a security structure to the sk->sk_security field, which
4385	* is used to copy security attributes between local stream sockets.
4386	*
4387	* Return: Returns 0 on success, error on failure.
4388	*/
4389	int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
4390	{
4391	int rc = lsm_sock_alloc(sock: sk, gfp: priority);
4392
4393	if (unlikely(rc))
4394	return rc;
4395	rc = call_int_hook(sk_alloc_security, sk, family, priority);
4396	if (unlikely(rc))
4397	security_sk_free(sk);
4398	return rc;
4399	}
4400
4401	/**
4402	* security_sk_free() - Free the sock's LSM blob
4403	* @sk: sock
4404	*
4405	* Deallocate security structure.
4406	*/
4407	void security_sk_free(struct sock *sk)
4408	{
4409	call_void_hook(sk_free_security, sk);
4410	kfree(objp: sk->sk_security);
4411	sk->sk_security = NULL;
4412	}
4413
4414	/**
4415	* security_sk_clone() - Clone a sock's LSM state
4416	* @sk: original sock
4417	* @newsk: target sock
4418	*
4419	* Clone/copy security structure.
4420	*/
4421	void security_sk_clone(const struct sock *sk, struct sock *newsk)
4422	{
4423	call_void_hook(sk_clone_security, sk, newsk);
4424	}
4425	EXPORT_SYMBOL(security_sk_clone);
4426
4427	/**
4428	* security_sk_classify_flow() - Set a flow's secid based on socket
4429	* @sk: original socket
4430	* @flic: target flow
4431	*
4432	* Set the target flow's secid to socket's secid.
4433	*/
4434	void security_sk_classify_flow(const struct sock *sk, struct flowi_common *flic)
4435	{
4436	call_void_hook(sk_getsecid, sk, &flic->flowic_secid);
4437	}
4438	EXPORT_SYMBOL(security_sk_classify_flow);
4439
4440	/**
4441	* security_req_classify_flow() - Set a flow's secid based on request_sock
4442	* @req: request_sock
4443	* @flic: target flow
4444	*
4445	* Sets @flic's secid to @req's secid.
4446	*/
4447	void security_req_classify_flow(const struct request_sock *req,
4448	struct flowi_common *flic)
4449	{
4450	call_void_hook(req_classify_flow, req, flic);
4451	}
4452	EXPORT_SYMBOL(security_req_classify_flow);
4453
4454	/**
4455	* security_sock_graft() - Reconcile LSM state when grafting a sock on a socket
4456	* @sk: sock being grafted
4457	* @parent: target parent socket
4458	*
4459	* Sets @parent's inode secid to @sk's secid and update @sk with any necessary
4460	* LSM state from @parent.
4461	*/
4462	void security_sock_graft(struct sock *sk, struct socket *parent)
4463	{
4464	call_void_hook(sock_graft, sk, parent);
4465	}
4466	EXPORT_SYMBOL(security_sock_graft);
4467
4468	/**
4469	* security_inet_conn_request() - Set request_sock state using incoming connect
4470	* @sk: parent listening sock
4471	* @skb: incoming connection
4472	* @req: new request_sock
4473	*
4474	* Initialize the @req LSM state based on @sk and the incoming connect in @skb.
4475	*
4476	* Return: Returns 0 if permission is granted.
4477	*/
4478	int security_inet_conn_request(const struct sock *sk,
4479	struct sk_buff *skb, struct request_sock *req)
4480	{
4481	return call_int_hook(inet_conn_request, sk, skb, req);
4482	}
4483	EXPORT_SYMBOL(security_inet_conn_request);
4484
4485	/**
4486	* security_inet_csk_clone() - Set new sock LSM state based on request_sock
4487	* @newsk: new sock
4488	* @req: connection request_sock
4489	*
4490	* Set that LSM state of @sock using the LSM state from @req.
4491	*/
4492	void security_inet_csk_clone(struct sock *newsk,
4493	const struct request_sock *req)
4494	{
4495	call_void_hook(inet_csk_clone, newsk, req);
4496	}
4497
4498	/**
4499	* security_inet_conn_established() - Update sock's LSM state with connection
4500	* @sk: sock
4501	* @skb: connection packet
4502	*
4503	* Update @sock's LSM state to represent a new connection from @skb.
4504	*/
4505	void security_inet_conn_established(struct sock *sk,
4506	struct sk_buff *skb)
4507	{
4508	call_void_hook(inet_conn_established, sk, skb);
4509	}
4510	EXPORT_SYMBOL(security_inet_conn_established);
4511
4512	/**
4513	* security_secmark_relabel_packet() - Check if setting a secmark is allowed
4514	* @secid: new secmark value
4515	*
4516	* Check if the process should be allowed to relabel packets to @secid.
4517	*
4518	* Return: Returns 0 if permission is granted.
4519	*/
4520	int security_secmark_relabel_packet(u32 secid)
4521	{
4522	return call_int_hook(secmark_relabel_packet, secid);
4523	}
4524	EXPORT_SYMBOL(security_secmark_relabel_packet);
4525
4526	/**
4527	* security_secmark_refcount_inc() - Increment the secmark labeling rule count
4528	*
4529	* Tells the LSM to increment the number of secmark labeling rules loaded.
4530	*/
4531	void security_secmark_refcount_inc(void)
4532	{
4533	call_void_hook(secmark_refcount_inc);
4534	}
4535	EXPORT_SYMBOL(security_secmark_refcount_inc);
4536
4537	/**
4538	* security_secmark_refcount_dec() - Decrement the secmark labeling rule count
4539	*
4540	* Tells the LSM to decrement the number of secmark labeling rules loaded.
4541	*/
4542	void security_secmark_refcount_dec(void)
4543	{
4544	call_void_hook(secmark_refcount_dec);
4545	}
4546	EXPORT_SYMBOL(security_secmark_refcount_dec);
4547
4548	/**
4549	* security_tun_dev_alloc_security() - Allocate a LSM blob for a TUN device
4550	* @security: pointer to the LSM blob
4551	*
4552	* This hook allows a module to allocate a security structure for a TUN device,
4553	* returning the pointer in @security.
4554	*
4555	* Return: Returns a zero on success, negative values on failure.
4556	*/
4557	int security_tun_dev_alloc_security(void **security)
4558	{
4559	int rc;
4560
4561	rc = lsm_blob_alloc(dest: security, size: blob_sizes.lbs_tun_dev, GFP_KERNEL);
4562	if (rc)
4563	return rc;
4564
4565	rc = call_int_hook(tun_dev_alloc_security, *security);
4566	if (rc) {
4567	kfree(objp: *security);
4568	*security = NULL;
4569	}
4570	return rc;
4571	}
4572	EXPORT_SYMBOL(security_tun_dev_alloc_security);
4573
4574	/**
4575	* security_tun_dev_free_security() - Free a TUN device LSM blob
4576	* @security: LSM blob
4577	*
4578	* This hook allows a module to free the security structure for a TUN device.
4579	*/
4580	void security_tun_dev_free_security(void *security)
4581	{
4582	kfree(objp: security);
4583	}
4584	EXPORT_SYMBOL(security_tun_dev_free_security);
4585
4586	/**
4587	* security_tun_dev_create() - Check if creating a TUN device is allowed
4588	*
4589	* Check permissions prior to creating a new TUN device.
4590	*
4591	* Return: Returns 0 if permission is granted.
4592	*/
4593	int security_tun_dev_create(void)
4594	{
4595	return call_int_hook(tun_dev_create);
4596	}
4597	EXPORT_SYMBOL(security_tun_dev_create);
4598
4599	/**
4600	* security_tun_dev_attach_queue() - Check if attaching a TUN queue is allowed
4601	* @security: TUN device LSM blob
4602	*
4603	* Check permissions prior to attaching to a TUN device queue.
4604	*
4605	* Return: Returns 0 if permission is granted.
4606	*/
4607	int security_tun_dev_attach_queue(void *security)
4608	{
4609	return call_int_hook(tun_dev_attach_queue, security);
4610	}
4611	EXPORT_SYMBOL(security_tun_dev_attach_queue);
4612
4613	/**
4614	* security_tun_dev_attach() - Update TUN device LSM state on attach
4615	* @sk: associated sock
4616	* @security: TUN device LSM blob
4617	*
4618	* This hook can be used by the module to update any security state associated
4619	* with the TUN device's sock structure.
4620	*
4621	* Return: Returns 0 if permission is granted.
4622	*/
4623	int security_tun_dev_attach(struct sock *sk, void *security)
4624	{
4625	return call_int_hook(tun_dev_attach, sk, security);
4626	}
4627	EXPORT_SYMBOL(security_tun_dev_attach);
4628
4629	/**
4630	* security_tun_dev_open() - Update TUN device LSM state on open
4631	* @security: TUN device LSM blob
4632	*
4633	* This hook can be used by the module to update any security state associated
4634	* with the TUN device's security structure.
4635	*
4636	* Return: Returns 0 if permission is granted.
4637	*/
4638	int security_tun_dev_open(void *security)
4639	{
4640	return call_int_hook(tun_dev_open, security);
4641	}
4642	EXPORT_SYMBOL(security_tun_dev_open);
4643
4644	/**
4645	* security_sctp_assoc_request() - Update the LSM on a SCTP association req
4646	* @asoc: SCTP association
4647	* @skb: packet requesting the association
4648	*
4649	* Passes the @asoc and @chunk->skb of the association INIT packet to the LSM.
4650	*
4651	* Return: Returns 0 on success, error on failure.
4652	*/
4653	int security_sctp_assoc_request(struct sctp_association *asoc,
4654	struct sk_buff *skb)
4655	{
4656	return call_int_hook(sctp_assoc_request, asoc, skb);
4657	}
4658	EXPORT_SYMBOL(security_sctp_assoc_request);
4659
4660	/**
4661	* security_sctp_bind_connect() - Validate a list of addrs for a SCTP option
4662	* @sk: socket
4663	* @optname: SCTP option to validate
4664	* @address: list of IP addresses to validate
4665	* @addrlen: length of the address list
4666	*
4667	* Validiate permissions required for each address associated with sock @sk.
4668	* Depending on @optname, the addresses will be treated as either a connect or
4669	* bind service. The @addrlen is calculated on each IPv4 and IPv6 address using
4670	* sizeof(struct sockaddr_in) or sizeof(struct sockaddr_in6).
4671	*
4672	* Return: Returns 0 on success, error on failure.
4673	*/
4674	int security_sctp_bind_connect(struct sock *sk, int optname,
4675	struct sockaddr *address, int addrlen)
4676	{
4677	return call_int_hook(sctp_bind_connect, sk, optname, address, addrlen);
4678	}
4679	EXPORT_SYMBOL(security_sctp_bind_connect);
4680
4681	/**
4682	* security_sctp_sk_clone() - Clone a SCTP sock's LSM state
4683	* @asoc: SCTP association
4684	* @sk: original sock
4685	* @newsk: target sock
4686	*
4687	* Called whenever a new socket is created by accept(2) (i.e. a TCP style
4688	* socket) or when a socket is 'peeled off' e.g userspace calls
4689	* sctp_peeloff(3).
4690	*/
4691	void security_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk,
4692	struct sock *newsk)
4693	{
4694	call_void_hook(sctp_sk_clone, asoc, sk, newsk);
4695	}
4696	EXPORT_SYMBOL(security_sctp_sk_clone);
4697
4698	/**
4699	* security_sctp_assoc_established() - Update LSM state when assoc established
4700	* @asoc: SCTP association
4701	* @skb: packet establishing the association
4702	*
4703	* Passes the @asoc and @chunk->skb of the association COOKIE_ACK packet to the
4704	* security module.
4705	*
4706	* Return: Returns 0 if permission is granted.
4707	*/
4708	int security_sctp_assoc_established(struct sctp_association *asoc,
4709	struct sk_buff *skb)
4710	{
4711	return call_int_hook(sctp_assoc_established, asoc, skb);
4712	}
4713	EXPORT_SYMBOL(security_sctp_assoc_established);
4714
4715	/**
4716	* security_mptcp_add_subflow() - Inherit the LSM label from the MPTCP socket
4717	* @sk: the owning MPTCP socket
4718	* @ssk: the new subflow
4719	*
4720	* Update the labeling for the given MPTCP subflow, to match the one of the
4721	* owning MPTCP socket. This hook has to be called after the socket creation and
4722	* initialization via the security_socket_create() and
4723	* security_socket_post_create() LSM hooks.
4724	*
4725	* Return: Returns 0 on success or a negative error code on failure.
4726	*/
4727	int security_mptcp_add_subflow(struct sock *sk, struct sock *ssk)
4728	{
4729	return call_int_hook(mptcp_add_subflow, sk, ssk);
4730	}
4731
4732	#endif /* CONFIG_SECURITY_NETWORK */
4733
4734	#ifdef CONFIG_SECURITY_INFINIBAND
4735	/**
4736	* security_ib_pkey_access() - Check if access to an IB pkey is allowed
4737	* @sec: LSM blob
4738	* @subnet_prefix: subnet prefix of the port
4739	* @pkey: IB pkey
4740	*
4741	* Check permission to access a pkey when modifying a QP.
4742	*
4743	* Return: Returns 0 if permission is granted.
4744	*/
4745	int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey)
4746	{
4747	return call_int_hook(ib_pkey_access, sec, subnet_prefix, pkey);
4748	}
4749	EXPORT_SYMBOL(security_ib_pkey_access);
4750
4751	/**
4752	* security_ib_endport_manage_subnet() - Check if SMPs traffic is allowed
4753	* @sec: LSM blob
4754	* @dev_name: IB device name
4755	* @port_num: port number
4756	*
4757	* Check permissions to send and receive SMPs on a end port.
4758	*
4759	* Return: Returns 0 if permission is granted.
4760	*/
4761	int security_ib_endport_manage_subnet(void *sec,
4762	const char *dev_name, u8 port_num)
4763	{
4764	return call_int_hook(ib_endport_manage_subnet, sec, dev_name, port_num);
4765	}
4766	EXPORT_SYMBOL(security_ib_endport_manage_subnet);
4767
4768	/**
4769	* security_ib_alloc_security() - Allocate an Infiniband LSM blob
4770	* @sec: LSM blob
4771	*
4772	* Allocate a security structure for Infiniband objects.
4773	*
4774	* Return: Returns 0 on success, non-zero on failure.
4775	*/
4776	int security_ib_alloc_security(void **sec)
4777	{
4778	int rc;
4779
4780	rc = lsm_blob_alloc(dest: sec, size: blob_sizes.lbs_ib, GFP_KERNEL);
4781	if (rc)
4782	return rc;
4783
4784	rc = call_int_hook(ib_alloc_security, *sec);
4785	if (rc) {
4786	kfree(objp: *sec);
4787	*sec = NULL;
4788	}
4789	return rc;
4790	}
4791	EXPORT_SYMBOL(security_ib_alloc_security);
4792
4793	/**
4794	* security_ib_free_security() - Free an Infiniband LSM blob
4795	* @sec: LSM blob
4796	*
4797	* Deallocate an Infiniband security structure.
4798	*/
4799	void security_ib_free_security(void *sec)
4800	{
4801	kfree(objp: sec);
4802	}
4803	EXPORT_SYMBOL(security_ib_free_security);
4804	#endif /* CONFIG_SECURITY_INFINIBAND */
4805
4806	#ifdef CONFIG_SECURITY_NETWORK_XFRM
4807	/**
4808	* security_xfrm_policy_alloc() - Allocate a xfrm policy LSM blob
4809	* @ctxp: xfrm security context being added to the SPD
4810	* @sec_ctx: security label provided by userspace
4811	* @gfp: gfp flags
4812	*
4813	* Allocate a security structure to the xp->security field; the security field
4814	* is initialized to NULL when the xfrm_policy is allocated.
4815	*
4816	* Return: Return 0 if operation was successful.
4817	*/
4818	int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
4819	struct xfrm_user_sec_ctx *sec_ctx,
4820	gfp_t gfp)
4821	{
4822	return call_int_hook(xfrm_policy_alloc_security, ctxp, sec_ctx, gfp);
4823	}
4824	EXPORT_SYMBOL(security_xfrm_policy_alloc);
4825
4826	/**
4827	* security_xfrm_policy_clone() - Clone xfrm policy LSM state
4828	* @old_ctx: xfrm security context
4829	* @new_ctxp: target xfrm security context
4830	*
4831	* Allocate a security structure in new_ctxp that contains the information from
4832	* the old_ctx structure.
4833	*
4834	* Return: Return 0 if operation was successful.
4835	*/
4836	int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
4837	struct xfrm_sec_ctx **new_ctxp)
4838	{
4839	return call_int_hook(xfrm_policy_clone_security, old_ctx, new_ctxp);
4840	}
4841
4842	/**
4843	* security_xfrm_policy_free() - Free a xfrm security context
4844	* @ctx: xfrm security context
4845	*
4846	* Free LSM resources associated with @ctx.
4847	*/
4848	void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
4849	{
4850	call_void_hook(xfrm_policy_free_security, ctx);
4851	}
4852	EXPORT_SYMBOL(security_xfrm_policy_free);
4853
4854	/**
4855	* security_xfrm_policy_delete() - Check if deleting a xfrm policy is allowed
4856	* @ctx: xfrm security context
4857	*
4858	* Authorize deletion of a SPD entry.
4859	*
4860	* Return: Returns 0 if permission is granted.
4861	*/
4862	int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
4863	{
4864	return call_int_hook(xfrm_policy_delete_security, ctx);
4865	}
4866
4867	/**
4868	* security_xfrm_state_alloc() - Allocate a xfrm state LSM blob
4869	* @x: xfrm state being added to the SAD
4870	* @sec_ctx: security label provided by userspace
4871	*
4872	* Allocate a security structure to the @x->security field; the security field
4873	* is initialized to NULL when the xfrm_state is allocated. Set the context to
4874	* correspond to @sec_ctx.
4875	*
4876	* Return: Return 0 if operation was successful.
4877	*/
4878	int security_xfrm_state_alloc(struct xfrm_state *x,
4879	struct xfrm_user_sec_ctx *sec_ctx)
4880	{
4881	return call_int_hook(xfrm_state_alloc, x, sec_ctx);
4882	}
4883	EXPORT_SYMBOL(security_xfrm_state_alloc);
4884
4885	/**
4886	* security_xfrm_state_alloc_acquire() - Allocate a xfrm state LSM blob
4887	* @x: xfrm state being added to the SAD
4888	* @polsec: associated policy's security context
4889	* @secid: secid from the flow
4890	*
4891	* Allocate a security structure to the x->security field; the security field
4892	* is initialized to NULL when the xfrm_state is allocated. Set the context to
4893	* correspond to secid.
4894	*
4895	* Return: Returns 0 if operation was successful.
4896	*/
4897	int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
4898	struct xfrm_sec_ctx *polsec, u32 secid)
4899	{
4900	return call_int_hook(xfrm_state_alloc_acquire, x, polsec, secid);
4901	}
4902
4903	/**
4904	* security_xfrm_state_delete() - Check if deleting a xfrm state is allowed
4905	* @x: xfrm state
4906	*
4907	* Authorize deletion of x->security.
4908	*
4909	* Return: Returns 0 if permission is granted.
4910	*/
4911	int security_xfrm_state_delete(struct xfrm_state *x)
4912	{
4913	return call_int_hook(xfrm_state_delete_security, x);
4914	}
4915	EXPORT_SYMBOL(security_xfrm_state_delete);
4916
4917	/**
4918	* security_xfrm_state_free() - Free a xfrm state
4919	* @x: xfrm state
4920	*
4921	* Deallocate x->security.
4922	*/
4923	void security_xfrm_state_free(struct xfrm_state *x)
4924	{
4925	call_void_hook(xfrm_state_free_security, x);
4926	}
4927
4928	/**
4929	* security_xfrm_policy_lookup() - Check if using a xfrm policy is allowed
4930	* @ctx: target xfrm security context
4931	* @fl_secid: flow secid used to authorize access
4932	*
4933	* Check permission when a flow selects a xfrm_policy for processing XFRMs on a
4934	* packet. The hook is called when selecting either a per-socket policy or a
4935	* generic xfrm policy.
4936	*
4937	* Return: Return 0 if permission is granted, -ESRCH otherwise, or -errno on
4938	* other errors.
4939	*/
4940	int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid)
4941	{
4942	return call_int_hook(xfrm_policy_lookup, ctx, fl_secid);
4943	}
4944
4945	/**
4946	* security_xfrm_state_pol_flow_match() - Check for a xfrm match
4947	* @x: xfrm state to match
4948	* @xp: xfrm policy to check for a match
4949	* @flic: flow to check for a match.
4950	*
4951	* Check @xp and @flic for a match with @x.
4952	*
4953	* Return: Returns 1 if there is a match.
4954	*/
4955	int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
4956	struct xfrm_policy *xp,
4957	const struct flowi_common *flic)
4958	{
4959	struct lsm_static_call *scall;
4960	int rc = LSM_RET_DEFAULT(xfrm_state_pol_flow_match);
4961
4962	/*
4963	* Since this function is expected to return 0 or 1, the judgment
4964	* becomes difficult if multiple LSMs supply this call. Fortunately,
4965	* we can use the first LSM's judgment because currently only SELinux
4966	* supplies this call.
4967	*
4968	* For speed optimization, we explicitly break the loop rather than
4969	* using the macro
4970	*/
4971	lsm_for_each_hook(scall, xfrm_state_pol_flow_match) {
4972	rc = scall->hl->hook.xfrm_state_pol_flow_match(x, xp, flic);
4973	break;
4974	}
4975	return rc;
4976	}
4977
4978	/**
4979	* security_xfrm_decode_session() - Determine the xfrm secid for a packet
4980	* @skb: xfrm packet
4981	* @secid: secid
4982	*
4983	* Decode the packet in @skb and return the security label in @secid.
4984	*
4985	* Return: Return 0 if all xfrms used have the same secid.
4986	*/
4987	int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
4988	{
4989	return call_int_hook(xfrm_decode_session, skb, secid, 1);
4990	}
4991
4992	void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic)
4993	{
4994	int rc = call_int_hook(xfrm_decode_session, skb, &flic->flowic_secid,
4995	0);
4996
4997	BUG_ON(rc);
4998	}
4999	EXPORT_SYMBOL(security_skb_classify_flow);
5000	#endif /* CONFIG_SECURITY_NETWORK_XFRM */
5001
5002	#ifdef CONFIG_KEYS
5003	/**
5004	* security_key_alloc() - Allocate and initialize a kernel key LSM blob
5005	* @key: key
5006	* @cred: credentials
5007	* @flags: allocation flags
5008	*
5009	* Permit allocation of a key and assign security data. Note that key does not
5010	* have a serial number assigned at this point.
5011	*
5012	* Return: Return 0 if permission is granted, -ve error otherwise.
5013	*/
5014	int security_key_alloc(struct key *key, const struct cred *cred,
5015	unsigned long flags)
5016	{
5017	int rc = lsm_key_alloc(key);
5018
5019	if (unlikely(rc))
5020	return rc;
5021	rc = call_int_hook(key_alloc, key, cred, flags);
5022	if (unlikely(rc))
5023	security_key_free(key);
5024	return rc;
5025	}
5026
5027	/**
5028	* security_key_free() - Free a kernel key LSM blob
5029	* @key: key
5030	*
5031	* Notification of destruction; free security data.
5032	*/
5033	void security_key_free(struct key *key)
5034	{
5035	kfree(objp: key->security);
5036	key->security = NULL;
5037	}
5038
5039	/**
5040	* security_key_permission() - Check if a kernel key operation is allowed
5041	* @key_ref: key reference
5042	* @cred: credentials of actor requesting access
5043	* @need_perm: requested permissions
5044	*
5045	* See whether a specific operational right is granted to a process on a key.
5046	*
5047	* Return: Return 0 if permission is granted, -ve error otherwise.
5048	*/
5049	int security_key_permission(key_ref_t key_ref, const struct cred *cred,
5050	enum key_need_perm need_perm)
5051	{
5052	return call_int_hook(key_permission, key_ref, cred, need_perm);
5053	}
5054
5055	/**
5056	* security_key_getsecurity() - Get the key's security label
5057	* @key: key
5058	* @buffer: security label buffer
5059	*
5060	* Get a textual representation of the security context attached to a key for
5061	* the purposes of honouring KEYCTL_GETSECURITY. This function allocates the
5062	* storage for the NUL-terminated string and the caller should free it.
5063	*
5064	* Return: Returns the length of @buffer (including terminating NUL) or -ve if
5065	* an error occurs. May also return 0 (and a NULL buffer pointer) if
5066	* there is no security label assigned to the key.
5067	*/
5068	int security_key_getsecurity(struct key *key, char **buffer)
5069	{
5070	*buffer = NULL;
5071	return call_int_hook(key_getsecurity, key, buffer);
5072	}
5073
5074	/**
5075	* security_key_post_create_or_update() - Notification of key create or update
5076	* @keyring: keyring to which the key is linked to
5077	* @key: created or updated key
5078	* @payload: data used to instantiate or update the key
5079	* @payload_len: length of payload
5080	* @flags: key flags
5081	* @create: flag indicating whether the key was created or updated
5082	*
5083	* Notify the caller of a key creation or update.
5084	*/
5085	void security_key_post_create_or_update(struct key *keyring, struct key *key,
5086	const void *payload, size_t payload_len,
5087	unsigned long flags, bool create)
5088	{
5089	call_void_hook(key_post_create_or_update, keyring, key, payload,
5090	payload_len, flags, create);
5091	}
5092	#endif /* CONFIG_KEYS */
5093
5094	#ifdef CONFIG_AUDIT
5095	/**
5096	* security_audit_rule_init() - Allocate and init an LSM audit rule struct
5097	* @field: audit action
5098	* @op: rule operator
5099	* @rulestr: rule context
5100	* @lsmrule: receive buffer for audit rule struct
5101	* @gfp: GFP flag used for kmalloc
5102	*
5103	* Allocate and initialize an LSM audit rule structure.
5104	*
5105	* Return: Return 0 if @lsmrule has been successfully set, -EINVAL in case of
5106	* an invalid rule.
5107	*/
5108	int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule,
5109	gfp_t gfp)
5110	{
5111	return call_int_hook(audit_rule_init, field, op, rulestr, lsmrule, gfp);
5112	}
5113
5114	/**
5115	* security_audit_rule_known() - Check if an audit rule contains LSM fields
5116	* @krule: audit rule
5117	*
5118	* Specifies whether given @krule contains any fields related to the current
5119	* LSM.
5120	*
5121	* Return: Returns 1 in case of relation found, 0 otherwise.
5122	*/
5123	int security_audit_rule_known(struct audit_krule *krule)
5124	{
5125	return call_int_hook(audit_rule_known, krule);
5126	}
5127
5128	/**
5129	* security_audit_rule_free() - Free an LSM audit rule struct
5130	* @lsmrule: audit rule struct
5131	*
5132	* Deallocate the LSM audit rule structure previously allocated by
5133	* audit_rule_init().
5134	*/
5135	void security_audit_rule_free(void *lsmrule)
5136	{
5137	call_void_hook(audit_rule_free, lsmrule);
5138	}
5139
5140	/**
5141	* security_audit_rule_match() - Check if a label matches an audit rule
5142	* @prop: security label
5143	* @field: LSM audit field
5144	* @op: matching operator
5145	* @lsmrule: audit rule
5146	*
5147	* Determine if given @secid matches a rule previously approved by
5148	* security_audit_rule_known().
5149	*
5150	* Return: Returns 1 if secid matches the rule, 0 if it does not, -ERRNO on
5151	* failure.
5152	*/
5153	int security_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op,
5154	void *lsmrule)
5155	{
5156	return call_int_hook(audit_rule_match, prop, field, op, lsmrule);
5157	}
5158	#endif /* CONFIG_AUDIT */
5159
5160	#ifdef CONFIG_BPF_SYSCALL
5161	/**
5162	* security_bpf() - Check if the bpf syscall operation is allowed
5163	* @cmd: command
5164	* @attr: bpf attribute
5165	* @size: size
5166	* @kernel: whether or not call originated from kernel
5167	*
5168	* Do a initial check for all bpf syscalls after the attribute is copied into
5169	* the kernel. The actual security module can implement their own rules to
5170	* check the specific cmd they need.
5171	*
5172	* Return: Returns 0 if permission is granted.
5173	*/
5174	int security_bpf(int cmd, union bpf_attr *attr, unsigned int size, bool kernel)
5175	{
5176	return call_int_hook(bpf, cmd, attr, size, kernel);
5177	}
5178
5179	/**
5180	* security_bpf_map() - Check if access to a bpf map is allowed
5181	* @map: bpf map
5182	* @fmode: mode
5183	*
5184	* Do a check when the kernel generates and returns a file descriptor for eBPF
5185	* maps.
5186	*
5187	* Return: Returns 0 if permission is granted.
5188	*/
5189	int security_bpf_map(struct bpf_map *map, fmode_t fmode)
5190	{
5191	return call_int_hook(bpf_map, map, fmode);
5192	}
5193
5194	/**
5195	* security_bpf_prog() - Check if access to a bpf program is allowed
5196	* @prog: bpf program
5197	*
5198	* Do a check when the kernel generates and returns a file descriptor for eBPF
5199	* programs.
5200	*
5201	* Return: Returns 0 if permission is granted.
5202	*/
5203	int security_bpf_prog(struct bpf_prog *prog)
5204	{
5205	return call_int_hook(bpf_prog, prog);
5206	}
5207
5208	/**
5209	* security_bpf_map_create() - Check if BPF map creation is allowed
5210	* @map: BPF map object
5211	* @attr: BPF syscall attributes used to create BPF map
5212	* @token: BPF token used to grant user access
5213	* @kernel: whether or not call originated from kernel
5214	*
5215	* Do a check when the kernel creates a new BPF map. This is also the
5216	* point where LSM blob is allocated for LSMs that need them.
5217	*
5218	* Return: Returns 0 on success, error on failure.
5219	*/
5220	int security_bpf_map_create(struct bpf_map *map, union bpf_attr *attr,
5221	struct bpf_token *token, bool kernel)
5222	{
5223	int rc;
5224
5225	rc = lsm_bpf_map_alloc(map);
5226	if (unlikely(rc))
5227	return rc;
5228
5229	rc = call_int_hook(bpf_map_create, map, attr, token, kernel);
5230	if (unlikely(rc))
5231	security_bpf_map_free(map);
5232	return rc;
5233	}
5234
5235	/**
5236	* security_bpf_prog_load() - Check if loading of BPF program is allowed
5237	* @prog: BPF program object
5238	* @attr: BPF syscall attributes used to create BPF program
5239	* @token: BPF token used to grant user access to BPF subsystem
5240	* @kernel: whether or not call originated from kernel
5241	*
5242	* Perform an access control check when the kernel loads a BPF program and
5243	* allocates associated BPF program object. This hook is also responsible for
5244	* allocating any required LSM state for the BPF program.
5245	*
5246	* Return: Returns 0 on success, error on failure.
5247	*/
5248	int security_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr,
5249	struct bpf_token *token, bool kernel)
5250	{
5251	int rc;
5252
5253	rc = lsm_bpf_prog_alloc(prog);
5254	if (unlikely(rc))
5255	return rc;
5256
5257	rc = call_int_hook(bpf_prog_load, prog, attr, token, kernel);
5258	if (unlikely(rc))
5259	security_bpf_prog_free(prog);
5260	return rc;
5261	}
5262
5263	/**
5264	* security_bpf_token_create() - Check if creating of BPF token is allowed
5265	* @token: BPF token object
5266	* @attr: BPF syscall attributes used to create BPF token
5267	* @path: path pointing to BPF FS mount point from which BPF token is created
5268	*
5269	* Do a check when the kernel instantiates a new BPF token object from BPF FS
5270	* instance. This is also the point where LSM blob can be allocated for LSMs.
5271	*
5272	* Return: Returns 0 on success, error on failure.
5273	*/
5274	int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr,
5275	const struct path *path)
5276	{
5277	int rc;
5278
5279	rc = lsm_bpf_token_alloc(token);
5280	if (unlikely(rc))
5281	return rc;
5282
5283	rc = call_int_hook(bpf_token_create, token, attr, path);
5284	if (unlikely(rc))
5285	security_bpf_token_free(token);
5286	return rc;
5287	}
5288
5289	/**
5290	* security_bpf_token_cmd() - Check if BPF token is allowed to delegate
5291	* requested BPF syscall command
5292	* @token: BPF token object
5293	* @cmd: BPF syscall command requested to be delegated by BPF token
5294	*
5295	* Do a check when the kernel decides whether provided BPF token should allow
5296	* delegation of requested BPF syscall command.
5297	*
5298	* Return: Returns 0 on success, error on failure.
5299	*/
5300	int security_bpf_token_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
5301	{
5302	return call_int_hook(bpf_token_cmd, token, cmd);
5303	}
5304
5305	/**
5306	* security_bpf_token_capable() - Check if BPF token is allowed to delegate
5307	* requested BPF-related capability
5308	* @token: BPF token object
5309	* @cap: capabilities requested to be delegated by BPF token
5310	*
5311	* Do a check when the kernel decides whether provided BPF token should allow
5312	* delegation of requested BPF-related capabilities.
5313	*
5314	* Return: Returns 0 on success, error on failure.
5315	*/
5316	int security_bpf_token_capable(const struct bpf_token *token, int cap)
5317	{
5318	return call_int_hook(bpf_token_capable, token, cap);
5319	}
5320
5321	/**
5322	* security_bpf_map_free() - Free a bpf map's LSM blob
5323	* @map: bpf map
5324	*
5325	* Clean up the security information stored inside bpf map.
5326	*/
5327	void security_bpf_map_free(struct bpf_map *map)
5328	{
5329	call_void_hook(bpf_map_free, map);
5330	kfree(objp: map->security);
5331	map->security = NULL;
5332	}
5333
5334	/**
5335	* security_bpf_prog_free() - Free a BPF program's LSM blob
5336	* @prog: BPF program struct
5337	*
5338	* Clean up the security information stored inside BPF program.
5339	*/
5340	void security_bpf_prog_free(struct bpf_prog *prog)
5341	{
5342	call_void_hook(bpf_prog_free, prog);
5343	kfree(objp: prog->aux->security);
5344	prog->aux->security = NULL;
5345	}
5346
5347	/**
5348	* security_bpf_token_free() - Free a BPF token's LSM blob
5349	* @token: BPF token struct
5350	*
5351	* Clean up the security information stored inside BPF token.
5352	*/
5353	void security_bpf_token_free(struct bpf_token *token)
5354	{
5355	call_void_hook(bpf_token_free, token);
5356	kfree(objp: token->security);
5357	token->security = NULL;
5358	}
5359	#endif /* CONFIG_BPF_SYSCALL */
5360
5361	/**
5362	* security_locked_down() - Check if a kernel feature is allowed
5363	* @what: requested kernel feature
5364	*
5365	* Determine whether a kernel feature that potentially enables arbitrary code
5366	* execution in kernel space should be permitted.
5367	*
5368	* Return: Returns 0 if permission is granted.
5369	*/
5370	int security_locked_down(enum lockdown_reason what)
5371	{
5372	return call_int_hook(locked_down, what);
5373	}
5374	EXPORT_SYMBOL(security_locked_down);
5375
5376	/**
5377	* security_bdev_alloc() - Allocate a block device LSM blob
5378	* @bdev: block device
5379	*
5380	* Allocate and attach a security structure to @bdev->bd_security. The
5381	* security field is initialized to NULL when the bdev structure is
5382	* allocated.
5383	*
5384	* Return: Return 0 if operation was successful.
5385	*/
5386	int security_bdev_alloc(struct block_device *bdev)
5387	{
5388	int rc = 0;
5389
5390	rc = lsm_bdev_alloc(bdev);
5391	if (unlikely(rc))
5392	return rc;
5393
5394	rc = call_int_hook(bdev_alloc_security, bdev);
5395	if (unlikely(rc))
5396	security_bdev_free(bdev);
5397
5398	return rc;
5399	}
5400	EXPORT_SYMBOL(security_bdev_alloc);
5401
5402	/**
5403	* security_bdev_free() - Free a block device's LSM blob
5404	* @bdev: block device
5405	*
5406	* Deallocate the bdev security structure and set @bdev->bd_security to NULL.
5407	*/
5408	void security_bdev_free(struct block_device *bdev)
5409	{
5410	if (!bdev->bd_security)
5411	return;
5412
5413	call_void_hook(bdev_free_security, bdev);
5414
5415	kfree(objp: bdev->bd_security);
5416	bdev->bd_security = NULL;
5417	}
5418	EXPORT_SYMBOL(security_bdev_free);
5419
5420	/**
5421	* security_bdev_setintegrity() - Set the device's integrity data
5422	* @bdev: block device
5423	* @type: type of integrity, e.g. hash digest, signature, etc
5424	* @value: the integrity value
5425	* @size: size of the integrity value
5426	*
5427	* Register a verified integrity measurement of a bdev with LSMs.
5428	* LSMs should free the previously saved data if @value is NULL.
5429	* Please note that the new hook should be invoked every time the security
5430	* information is updated to keep these data current. For example, in dm-verity,
5431	* if the mapping table is reloaded and configured to use a different dm-verity
5432	* target with a new roothash and signing information, the previously stored
5433	* data in the LSM blob will become obsolete. It is crucial to re-invoke the
5434	* hook to refresh these data and ensure they are up to date. This necessity
5435	* arises from the design of device-mapper, where a device-mapper device is
5436	* first created, and then targets are subsequently loaded into it. These
5437	* targets can be modified multiple times during the device's lifetime.
5438	* Therefore, while the LSM blob is allocated during the creation of the block
5439	* device, its actual contents are not initialized at this stage and can change
5440	* substantially over time. This includes alterations from data that the LSMs
5441	* 'trusts' to those they do not, making it essential to handle these changes
5442	* correctly. Failure to address this dynamic aspect could potentially allow
5443	* for bypassing LSM checks.
5444	*
5445	* Return: Returns 0 on success, negative values on failure.
5446	*/
5447	int security_bdev_setintegrity(struct block_device *bdev,
5448	enum lsm_integrity_type type, const void *value,
5449	size_t size)
5450	{
5451	return call_int_hook(bdev_setintegrity, bdev, type, value, size);
5452	}
5453	EXPORT_SYMBOL(security_bdev_setintegrity);
5454
5455	#ifdef CONFIG_PERF_EVENTS
5456	/**
5457	* security_perf_event_open() - Check if a perf event open is allowed
5458	* @type: type of event
5459	*
5460	* Check whether the @type of perf_event_open syscall is allowed.
5461	*
5462	* Return: Returns 0 if permission is granted.
5463	*/
5464	int security_perf_event_open(int type)
5465	{
5466	return call_int_hook(perf_event_open, type);
5467	}
5468
5469	/**
5470	* security_perf_event_alloc() - Allocate a perf event LSM blob
5471	* @event: perf event
5472	*
5473	* Allocate and save perf_event security info.
5474	*
5475	* Return: Returns 0 on success, error on failure.
5476	*/
5477	int security_perf_event_alloc(struct perf_event *event)
5478	{
5479	int rc;
5480
5481	rc = lsm_blob_alloc(dest: &event->security, size: blob_sizes.lbs_perf_event,
5482	GFP_KERNEL);
5483	if (rc)
5484	return rc;
5485
5486	rc = call_int_hook(perf_event_alloc, event);
5487	if (rc) {
5488	kfree(objp: event->security);
5489	event->security = NULL;
5490	}
5491	return rc;
5492	}
5493
5494	/**
5495	* security_perf_event_free() - Free a perf event LSM blob
5496	* @event: perf event
5497	*
5498	* Release (free) perf_event security info.
5499	*/
5500	void security_perf_event_free(struct perf_event *event)
5501	{
5502	kfree(objp: event->security);
5503	event->security = NULL;
5504	}
5505
5506	/**
5507	* security_perf_event_read() - Check if reading a perf event label is allowed
5508	* @event: perf event
5509	*
5510	* Read perf_event security info if allowed.
5511	*
5512	* Return: Returns 0 if permission is granted.
5513	*/
5514	int security_perf_event_read(struct perf_event *event)
5515	{
5516	return call_int_hook(perf_event_read, event);
5517	}
5518
5519	/**
5520	* security_perf_event_write() - Check if writing a perf event label is allowed
5521	* @event: perf event
5522	*
5523	* Write perf_event security info if allowed.
5524	*
5525	* Return: Returns 0 if permission is granted.
5526	*/
5527	int security_perf_event_write(struct perf_event *event)
5528	{
5529	return call_int_hook(perf_event_write, event);
5530	}
5531	#endif /* CONFIG_PERF_EVENTS */
5532
5533	#ifdef CONFIG_IO_URING
5534	/**
5535	* security_uring_override_creds() - Check if overriding creds is allowed
5536	* @new: new credentials
5537	*
5538	* Check if the current task, executing an io_uring operation, is allowed to
5539	* override it's credentials with @new.
5540	*
5541	* Return: Returns 0 if permission is granted.
5542	*/
5543	int security_uring_override_creds(const struct cred *new)
5544	{
5545	return call_int_hook(uring_override_creds, new);
5546	}
5547
5548	/**
5549	* security_uring_sqpoll() - Check if IORING_SETUP_SQPOLL is allowed
5550	*
5551	* Check whether the current task is allowed to spawn a io_uring polling thread
5552	* (IORING_SETUP_SQPOLL).
5553	*
5554	* Return: Returns 0 if permission is granted.
5555	*/
5556	int security_uring_sqpoll(void)
5557	{
5558	return call_int_hook(uring_sqpoll);
5559	}
5560
5561	/**
5562	* security_uring_cmd() - Check if a io_uring passthrough command is allowed
5563	* @ioucmd: command
5564	*
5565	* Check whether the file_operations uring_cmd is allowed to run.
5566	*
5567	* Return: Returns 0 if permission is granted.
5568	*/
5569	int security_uring_cmd(struct io_uring_cmd *ioucmd)
5570	{
5571	return call_int_hook(uring_cmd, ioucmd);
5572	}
5573
5574	/**
5575	* security_uring_allowed() - Check if io_uring_setup() is allowed
5576	*
5577	* Check whether the current task is allowed to call io_uring_setup().
5578	*
5579	* Return: Returns 0 if permission is granted.
5580	*/
5581	int security_uring_allowed(void)
5582	{
5583	return call_int_hook(uring_allowed);
5584	}
5585	#endif /* CONFIG_IO_URING */
5586
5587	/**
5588	* security_initramfs_populated() - Notify LSMs that initramfs has been loaded
5589	*
5590	* Tells the LSMs the initramfs has been unpacked into the rootfs.
5591	*/
5592	void security_initramfs_populated(void)
5593	{
5594	call_void_hook(initramfs_populated);
5595	}
5596