WebSVN - shark - Blame - Rev 1618 - /shark/branches/xen/drivers/linuxc26/include/linux/security.h

Rev	Author	Line No.	Line
422	giacomo	1	/*
		2	* Linux Security plug
		3	*
		4	* Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
		5	* Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
		6	* Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
		7	* Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
		8	* Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
		9	*
		10	* This program is free software; you can redistribute it and/or modify
		11	* it under the terms of the GNU General Public License as published by
		12	* the Free Software Foundation; either version 2 of the License, or
		13	* (at your option) any later version.
		14	*
		15	* Due to this file being licensed under the GPL there is controversy over
		16	* whether this permits you to write a module that #includes this file
		17	* without placing your module under the GPL. Please consult a lawyer for
		18	* advice before doing this.
		19	*
		20	*/
		21
		22	#ifndef __LINUX_SECURITY_H
		23	#define __LINUX_SECURITY_H
		24
		25	#include <linux/fs.h>
		26	#include <linux/binfmts.h>
		27	#include <linux/signal.h>
		28	#include <linux/resource.h>
		29	#include <linux/sem.h>
		30	#include <linux/sysctl.h>
		31	#include <linux/shm.h>
		32	#include <linux/msg.h>
		33	#include <linux/sched.h>
		34	#include <linux/skbuff.h>
		35	#include <linux/netlink.h>
		36
		37	/*
		38	* These functions are in security/capability.c and are used
		39	* as the default capabilities functions
		40	*/
		41	extern int cap_capable (struct task_struct *tsk, int cap);
		42	extern int cap_ptrace (struct task_struct parent, struct task_struct child);
		43	extern int cap_capget (struct task_struct target, kernel_cap_t effective, kernel_cap_t inheritable, kernel_cap_t permitted);
		44	extern int cap_capset_check (struct task_struct target, kernel_cap_t effective, kernel_cap_t inheritable, kernel_cap_t permitted);
		45	extern void cap_capset_set (struct task_struct target, kernel_cap_t effective, kernel_cap_t inheritable, kernel_cap_t permitted);
		46	extern int cap_bprm_set_security (struct linux_binprm *bprm);
		47	extern void cap_bprm_compute_creds (struct linux_binprm *bprm);
		48	extern int cap_bprm_secureexec(struct linux_binprm *bprm);
		49	extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
		50	extern void cap_task_reparent_to_init (struct task_struct *p);
		51	extern int cap_syslog (int type);
		52	extern int cap_vm_enough_memory (long pages);
		53
		54	static inline int cap_netlink_send (struct sk_buff *skb)
		55	{
		56	NETLINK_CB (skb).eff_cap = current->cap_effective;
		57	return 0;
		58	}
		59
		60	static inline int cap_netlink_recv (struct sk_buff *skb)
		61	{
		62	if (!cap_raised (NETLINK_CB (skb).eff_cap, CAP_NET_ADMIN))
		63	return -EPERM;
		64	return 0;
		65	}
		66
		67	/*
		68	* Values used in the task_security_ops calls
		69	*/
		70	/* setuid or setgid, id0 == uid or gid */
		71	#define LSM_SETID_ID 1
		72
		73	/* setreuid or setregid, id0 == real, id1 == eff */
		74	#define LSM_SETID_RE 2
		75
		76	/* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */
		77	#define LSM_SETID_RES 4
		78
		79	/* setfsuid or setfsgid, id0 == fsuid or fsgid */
		80	#define LSM_SETID_FS 8
		81
		82	/* forward declares to avoid warnings */
		83	struct nfsctl_arg;
		84	struct sched_param;
		85	struct swap_info_struct;
		86
		87	#ifdef CONFIG_SECURITY
		88
		89	/**
		90	* struct security_operations - main security structure
		91	*
		92	* Security hooks for program execution operations.
		93	*
		94	* @bprm_alloc_security:
		95	* Allocate and attach a security structure to the @bprm->security field.
		96	* The security field is initialized to NULL when the bprm structure is
		97	* allocated.
		98	* @bprm contains the linux_binprm structure to be modified.
		99	* Return 0 if operation was successful.
		100	* @bprm_free_security:
		101	* @bprm contains the linux_binprm structure to be modified.
		102	* Deallocate and clear the @bprm->security field.
		103	* @bprm_compute_creds:
		104	* Compute and set the security attributes of a process being transformed
		105	* by an execve operation based on the old attributes (current->security)
		106	* and the information saved in @bprm->security by the set_security hook.
		107	* Since this hook function (and its caller) are void, this hook can not
		108	* return an error. However, it can leave the security attributes of the
		109	* process unchanged if an access failure occurs at this point. It can
		110	* also perform other state changes on the process (e.g. closing open
		111	* file descriptors to which access is no longer granted if the attributes
		112	* were changed).
		113	* @bprm contains the linux_binprm structure.
		114	* @bprm_set_security:
		115	* Save security information in the bprm->security field, typically based
		116	* on information about the bprm->file, for later use by the compute_creds
		117	* hook. This hook may also optionally check permissions (e.g. for
		118	* transitions between security domains).
		119	* This hook may be called multiple times during a single execve, e.g. for
		120	* interpreters. The hook can tell whether it has already been called by
		121	* checking to see if @bprm->security is non-NULL. If so, then the hook
		122	* may decide either to retain the security information saved earlier or
		123	* to replace it.
		124	* @bprm contains the linux_binprm structure.
		125	* Return 0 if the hook is successful and permission is granted.
		126	* @bprm_check_security:
		127	* This hook mediates the point when a search for a binary handler will
		128	* begin. It allows a check the @bprm->security value which is set in
		129	* the preceding set_security call. The primary difference from
		130	* set_security is that the argv list and envp list are reliably
		131	* available in @bprm. This hook may be called multiple times
		132	* during a single execve; and in each pass set_security is called
		133	* first.
		134	* @bprm contains the linux_binprm structure.
		135	* Return 0 if the hook is successful and permission is granted.
		136	* @bprm_secureexec:
		137	* Return a boolean value (0 or 1) indicating whether a "secure exec"
		138	* is required. The flag is passed in the auxiliary table
		139	* on the initial stack to the ELF interpreter to indicate whether libc
		140	* should enable secure mode.
		141	* @bprm contains the linux_binprm structure.
		142	*
		143	* Security hooks for filesystem operations.
		144	*
		145	* @sb_alloc_security:
		146	* Allocate and attach a security structure to the sb->s_security field.
		147	* The s_security field is initialized to NULL when the structure is
		148	* allocated.
		149	* @sb contains the super_block structure to be modified.
		150	* Return 0 if operation was successful.
		151	* @sb_free_security:
		152	* Deallocate and clear the sb->s_security field.
		153	* @sb contains the super_block structure to be modified.
		154	* @sb_statfs:
		155	* Check permission before obtaining filesystem statistics for the @sb
		156	* filesystem.
		157	* @sb contains the super_block structure for the filesystem.
		158	* Return 0 if permission is granted.
		159	* @sb_mount:
		160	* Check permission before an object specified by @dev_name is mounted on
		161	* the mount point named by @nd. For an ordinary mount, @dev_name
		162	* identifies a device if the file system type requires a device. For a
		163	* remount (@flags & MS_REMOUNT), @dev_name is irrelevant. For a
		164	* loopback/bind mount (@flags & MS_BIND), @dev_name identifies the
		165	* pathname of the object being mounted.
		166	* @dev_name contains the name for object being mounted.
		167	* @nd contains the nameidata structure for mount point object.
		168	* @type contains the filesystem type.
		169	* @flags contains the mount flags.
		170	* @data contains the filesystem-specific data.
		171	* Return 0 if permission is granted.
		172	* @sb_check_sb:
		173	* Check permission before the device with superblock @mnt->sb is mounted
		174	* on the mount point named by @nd.
		175	* @mnt contains the vfsmount for device being mounted.
		176	* @nd contains the nameidata object for the mount point.
		177	* Return 0 if permission is granted.
		178	* @sb_umount:
		179	* Check permission before the @mnt file system is unmounted.
		180	* @mnt contains the mounted file system.
		181	* @flags contains the unmount flags, e.g. MNT_FORCE.
		182	* Return 0 if permission is granted.
		183	* @sb_umount_close:
		184	* Close any files in the @mnt mounted filesystem that are held open by
		185	* the security module. This hook is called during an umount operation
		186	* prior to checking whether the filesystem is still busy.
		187	* @mnt contains the mounted filesystem.
		188	* @sb_umount_busy:
		189	* Handle a failed umount of the @mnt mounted filesystem, e.g. re-opening
		190	* any files that were closed by umount_close. This hook is called during
		191	* an umount operation if the umount fails after a call to the
		192	* umount_close hook.
		193	* @mnt contains the mounted filesystem.
		194	* @sb_post_remount:
		195	* Update the security module's state when a filesystem is remounted.
		196	* This hook is only called if the remount was successful.
		197	* @mnt contains the mounted file system.
		198	* @flags contains the new filesystem flags.
		199	* @data contains the filesystem-specific data.
		200	* @sb_post_mountroot:
		201	* Update the security module's state when the root filesystem is mounted.
		202	* This hook is only called if the mount was successful.
		203	* @sb_post_addmount:
		204	* Update the security module's state when a filesystem is mounted.
		205	* This hook is called any time a mount is successfully grafetd to
		206	* the tree.
		207	* @mnt contains the mounted filesystem.
		208	* @mountpoint_nd contains the nameidata structure for the mount point.
		209	* @sb_pivotroot:
		210	* Check permission before pivoting the root filesystem.
		211	* @old_nd contains the nameidata structure for the new location of the current root (put_old).
		212	* @new_nd contains the nameidata structure for the new root (new_root).
		213	* Return 0 if permission is granted.
		214	* @sb_post_pivotroot:
		215	* Update module state after a successful pivot.
		216	* @old_nd contains the nameidata structure for the old root.
		217	* @new_nd contains the nameidata structure for the new root.
		218	*
		219	* Security hooks for inode operations.
		220	*
		221	* @inode_alloc_security:
		222	* Allocate and attach a security structure to @inode->i_security. The
		223	* i_security field is initialized to NULL when the inode structure is
		224	* allocated.
		225	* @inode contains the inode structure.
		226	* Return 0 if operation was successful.
		227	* @inode_free_security:
		228	* @inode contains the inode structure.
		229	* Deallocate the inode security structure and set @inode->i_security to
		230	* NULL.
		231	* @inode_create:
		232	* Check permission to create a regular file.
		233	* @dir contains inode structure of the parent of the new file.
		234	* @dentry contains the dentry structure for the file to be created.
		235	* @mode contains the file mode of the file to be created.
		236	* Return 0 if permission is granted.
		237	* @inode_post_create:
		238	* Set the security attributes on a newly created regular file. This hook
		239	* is called after a file has been successfully created.
		240	* @dir contains the inode structure of the parent directory of the new file.
		241	* @dentry contains the the dentry structure for the newly created file.
		242	* @mode contains the file mode.
		243	* @inode_link:
		244	* Check permission before creating a new hard link to a file.
		245	* @old_dentry contains the dentry structure for an existing link to the file.
		246	* @dir contains the inode structure of the parent directory of the new link.
		247	* @new_dentry contains the dentry structure for the new link.
		248	* Return 0 if permission is granted.
		249	* @inode_post_link:
		250	* Set security attributes for a new hard link to a file.
		251	* @old_dentry contains the dentry structure for the existing link.
		252	* @dir contains the inode structure of the parent directory of the new file.
		253	* @new_dentry contains the dentry structure for the new file link.
		254	* @inode_unlink:
		255	* Check the permission to remove a hard link to a file.
		256	* @dir contains the inode structure of parent directory of the file.
		257	* @dentry contains the dentry structure for file to be unlinked.
		258	* Return 0 if permission is granted.
		259	* @inode_symlink:
		260	* Check the permission to create a symbolic link to a file.
		261	* @dir contains the inode structure of parent directory of the symbolic link.
		262	* @dentry contains the dentry structure of the symbolic link.
		263	* @old_name contains the pathname of file.
		264	* Return 0 if permission is granted.
		265	* @inode_post_symlink:
		266	* @dir contains the inode structure of the parent directory of the new link.
		267	* @dentry contains the dentry structure of new symbolic link.
		268	* @old_name contains the pathname of file.
		269	* Set security attributes for a newly created symbolic link. Note that
		270	* @dentry->d_inode may be NULL, since the filesystem might not
		271	* instantiate the dentry (e.g. NFS).
		272	* @inode_mkdir:
		273	* Check permissions to create a new directory in the existing directory
		274	* associated with inode strcture @dir.
		275	* @dir containst the inode structure of parent of the directory to be created.
		276	* @dentry contains the dentry structure of new directory.
		277	* @mode contains the mode of new directory.
		278	* Return 0 if permission is granted.
		279	* @inode_post_mkdir:
		280	* Set security attributes on a newly created directory.
		281	* @dir contains the inode structure of parent of the directory to be created.
		282	* @dentry contains the dentry structure of new directory.
		283	* @mode contains the mode of new directory.
		284	* @inode_rmdir:
		285	* Check the permission to remove a directory.
		286	* @dir contains the inode structure of parent of the directory to be removed.
		287	* @dentry contains the dentry structure of directory to be removed.
		288	* Return 0 if permission is granted.
		289	* @inode_mknod:
		290	* Check permissions when creating a special file (or a socket or a fifo
		291	* file created via the mknod system call). Note that if mknod operation
		292	* is being done for a regular file, then the create hook will be called
		293	* and not this hook.
		294	* @dir contains the inode structure of parent of the new file.
		295	* @dentry contains the dentry structure of the new file.
		296	* @mode contains the mode of the new file.
		297	* @dev contains the the device number.
		298	* Return 0 if permission is granted.
		299	* @inode_post_mknod:
		300	* Set security attributes on a newly created special file (or socket or
		301	* fifo file created via the mknod system call).
		302	* @dir contains the inode structure of parent of the new node.
		303	* @dentry contains the dentry structure of the new node.
		304	* @mode contains the mode of the new node.
		305	* @dev contains the the device number.
		306	* @inode_rename:
		307	* Check for permission to rename a file or directory.
		308	* @old_dir contains the inode structure for parent of the old link.
		309	* @old_dentry contains the dentry structure of the old link.
		310	* @new_dir contains the inode structure for parent of the new link.
		311	* @new_dentry contains the dentry structure of the new link.
		312	* Return 0 if permission is granted.
		313	* @inode_post_rename:
		314	* Set security attributes on a renamed file or directory.
		315	* @old_dir contains the inode structure for parent of the old link.
		316	* @old_dentry contains the dentry structure of the old link.
		317	* @new_dir contains the inode structure for parent of the new link.
		318	* @new_dentry contains the dentry structure of the new link.
		319	* @inode_readlink:
		320	* Check the permission to read the symbolic link.
		321	* @dentry contains the dentry structure for the file link.
		322	* Return 0 if permission is granted.
		323	* @inode_follow_link:
		324	* Check permission to follow a symbolic link when looking up a pathname.
		325	* @dentry contains the dentry structure for the link.
		326	* @nd contains the nameidata structure for the parent directory.
		327	* Return 0 if permission is granted.
		328	* @inode_permission:
		329	* Check permission before accessing an inode. This hook is called by the
		330	* existing Linux permission function, so a security module can use it to
		331	* provide additional checking for existing Linux permission checks.
		332	* Notice that this hook is called when a file is opened (as well as many
		333	* other operations), whereas the file_security_ops permission hook is
		334	* called when the actual read/write operations are performed.
		335	* @inode contains the inode structure to check.
		336	* @mask contains the permission mask.
		337	* @nd contains the nameidata (may be NULL).
		338	* Return 0 if permission is granted.
		339	* @inode_setattr:
		340	* Check permission before setting file attributes. Note that the kernel
		341	* call to notify_change is performed from several locations, whenever
		342	* file attributes change (such as when a file is truncated, chown/chmod
		343	* operations, transferring disk quotas, etc).
		344	* @dentry contains the dentry structure for the file.
		345	* @attr is the iattr structure containing the new file attributes.
		346	* Return 0 if permission is granted.
		347	* @inode_getattr:
		348	* Check permission before obtaining file attributes.
		349	* @mnt is the vfsmount where the dentry was looked up
		350	* @dentry contains the dentry structure for the file.
		351	* Return 0 if permission is granted.
		352	* @inode_delete:
		353	* @inode contains the inode structure for deleted inode.
		354	* This hook is called when a deleted inode is released (i.e. an inode
		355	* with no hard links has its use count drop to zero). A security module
		356	* can use this hook to release any persistent label associated with the
		357	* inode.
		358	* @inode_setxattr:
		359	* Check permission before setting the extended attributes
		360	* @value identified by @name for @dentry.
		361	* Return 0 if permission is granted.
		362	* @inode_post_setxattr:
		363	* Update inode security field after successful setxattr operation.
		364	* @value identified by @name for @dentry.
		365	* @inode_getxattr:
		366	* Check permission before obtaining the extended attributes
		367	* identified by @name for @dentry.
		368	* Return 0 if permission is granted.
		369	* @inode_listxattr:
		370	* Check permission before obtaining the list of extended attribute
		371	* names for @dentry.
		372	* Return 0 if permission is granted.
		373	* @inode_removexattr:
		374	* Check permission before removing the extended attribute
		375	* identified by @name for @dentry.
		376	* Return 0 if permission is granted.
		377	* @inode_getsecurity:
		378	* Copy the extended attribute representation of the security label
		379	* associated with @name for @dentry into @buffer. @buffer may be
		380	* NULL to request the size of the buffer required. @size indicates
		381	* the size of @buffer in bytes. Note that @name is the remainder
		382	* of the attribute name after the security. prefix has been removed.
		383	* Return number of bytes used/required on success.
		384	* @inode_setsecurity:
		385	* Set the security label associated with @name for @dentry from the
		386	* extended attribute value @value. @size indicates the size of the
		387	* @value in bytes. @flags may be XATTR_CREATE, XATTR_REPLACE, or 0.
		388	* Note that @name is the remainder of the attribute name after the
		389	* security. prefix has been removed.
		390	* Return 0 on success.
		391	* @inode_listsecurity:
		392	* Copy the extended attribute names for the security labels
		393	* associated with @dentry into @buffer. @buffer may be NULL to
		394	* request the size of the buffer required.
		395	* Returns number of bytes used/required on success.
		396	*
		397	* Security hooks for file operations
		398	*
		399	* @file_permission:
		400	* Check file permissions before accessing an open file. This hook is
		401	* called by various operations that read or write files. A security
		402	* module can use this hook to perform additional checking on these
		403	* operations, e.g. to revalidate permissions on use to support privilege
		404	* bracketing or policy changes. Notice that this hook is used when the
		405	* actual read/write operations are performed, whereas the
		406	* inode_security_ops hook is called when a file is opened (as well as
		407	* many other operations).
		408	* Caveat: Although this hook can be used to revalidate permissions for
		409	* various system call operations that read or write files, it does not
		410	* address the revalidation of permissions for memory-mapped files.
		411	* Security modules must handle this separately if they need such
		412	* revalidation.
		413	* @file contains the file structure being accessed.
		414	* @mask contains the requested permissions.
		415	* Return 0 if permission is granted.
		416	* @file_alloc_security:
		417	* Allocate and attach a security structure to the file->f_security field.
		418	* The security field is initialized to NULL when the structure is first
		419	* created.
		420	* @file contains the file structure to secure.
		421	* Return 0 if the hook is successful and permission is granted.
		422	* @file_free_security:
		423	* Deallocate and free any security structures stored in file->f_security.
		424	* @file contains the file structure being modified.
		425	* @file_ioctl:
		426	* @file contains the file structure.
		427	* @cmd contains the operation to perform.
		428	* @arg contains the operational arguments.
		429	* Check permission for an ioctl operation on @file. Note that @arg can
		430	* sometimes represents a user space pointer; in other cases, it may be a
		431	* simple integer value. When @arg represents a user space pointer, it
		432	* should never be used by the security module.
		433	* Return 0 if permission is granted.
		434	* @file_mmap :
		435	* Check permissions for a mmap operation. The @file may be NULL, e.g.
		436	* if mapping anonymous memory.
		437	* @file contains the file structure for file to map (may be NULL).
		438	* @prot contains the requested permissions.
		439	* @flags contains the operational flags.
		440	* Return 0 if permission is granted.
		441	* @file_mprotect:
		442	* Check permissions before changing memory access permissions.
		443	* @vma contains the memory region to modify.
		444	* @prot contains the requested permissions.
		445	* Return 0 if permission is granted.
		446	* @file_lock:
		447	* Check permission before performing file locking operations.
		448	* Note: this hook mediates both flock and fcntl style locks.
		449	* @file contains the file structure.
		450	* @cmd contains the posix-translated lock operation to perform
		451	* (e.g. F_RDLCK, F_WRLCK).
		452	* Return 0 if permission is granted.
		453	* @file_fcntl:
		454	* Check permission before allowing the file operation specified by @cmd
		455	* from being performed on the file @file. Note that @arg can sometimes
		456	* represents a user space pointer; in other cases, it may be a simple
		457	* integer value. When @arg represents a user space pointer, it should
		458	* never be used by the security module.
		459	* @file contains the file structure.
		460	* @cmd contains the operation to be performed.
		461	* @arg contains the operational arguments.
		462	* Return 0 if permission is granted.
		463	* @file_set_fowner:
		464	* Save owner security information (typically from current->security) in
		465	* file->f_security for later use by the send_sigiotask hook.
		466	* @file contains the file structure to update.
		467	* Return 0 on success.
		468	* @file_send_sigiotask:
		469	* Check permission for the file owner @fown to send SIGIO to the process
		470	* @tsk. Note that this hook is always called from interrupt. Note that
		471	* the fown_struct, @fown, is never outside the context of a struct file,
		472	* so the file structure (and associated security information) can always
		473	* be obtained:
		474	* (struct file *)((long)fown - offsetof(struct file,f_owner));
		475	* @tsk contains the structure of task receiving signal.
		476	* @fown contains the file owner information.
		477	* @fd contains the file descriptor.
		478	* @reason contains the operational flags.
		479	* Return 0 if permission is granted.
		480	* @file_receive:
		481	* This hook allows security modules to control the ability of a process
		482	* to receive an open file descriptor via socket IPC.
		483	* @file contains the file structure being received.
		484	* Return 0 if permission is granted.
		485	*
		486	* Security hooks for task operations.
		487	*
		488	* @task_create:
		489	* Check permission before creating a child process. See the clone(2)
		490	* manual page for definitions of the @clone_flags.
		491	* @clone_flags contains the flags indicating what should be shared.
		492	* Return 0 if permission is granted.
		493	* @task_alloc_security:
		494	* @p contains the task_struct for child process.
		495	* Allocate and attach a security structure to the p->security field. The
		496	* security field is initialized to NULL when the task structure is
		497	* allocated.
		498	* Return 0 if operation was successful.
		499	* @task_free_security:
		500	* @p contains the task_struct for process.
		501	* Deallocate and clear the p->security field.
		502	* @task_setuid:
		503	* Check permission before setting one or more of the user identity
		504	* attributes of the current process. The @flags parameter indicates
		505	* which of the set*uid system calls invoked this hook and how to
		506	* interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID
		507	* definitions at the beginning of this file for the @flags values and
		508	* their meanings.
		509	* @id0 contains a uid.
		510	* @id1 contains a uid.
		511	* @id2 contains a uid.
		512	* @flags contains one of the LSM_SETID_* values.
		513	* Return 0 if permission is granted.
		514	* @task_post_setuid:
		515	* Update the module's state after setting one or more of the user
		516	* identity attributes of the current process. The @flags parameter
		517	* indicates which of the set*uid system calls invoked this hook. If
		518	* @flags is LSM_SETID_FS, then @old_ruid is the old fs uid and the other
		519	* parameters are not used.
		520	* @old_ruid contains the old real uid (or fs uid if LSM_SETID_FS).
		521	* @old_euid contains the old effective uid (or -1 if LSM_SETID_FS).
		522	* @old_suid contains the old saved uid (or -1 if LSM_SETID_FS).
		523	* @flags contains one of the LSM_SETID_* values.
		524	* Return 0 on success.
		525	* @task_setgid:
		526	* Check permission before setting one or more of the group identity
		527	* attributes of the current process. The @flags parameter indicates
		528	* which of the set*gid system calls invoked this hook and how to
		529	* interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID
		530	* definitions at the beginning of this file for the @flags values and
		531	* their meanings.
		532	* @id0 contains a gid.
		533	* @id1 contains a gid.
		534	* @id2 contains a gid.
		535	* @flags contains one of the LSM_SETID_* values.
		536	* Return 0 if permission is granted.
		537	* @task_setpgid:
		538	* Check permission before setting the process group identifier of the
		539	* process @p to @pgid.
		540	* @p contains the task_struct for process being modified.
		541	* @pgid contains the new pgid.
		542	* Return 0 if permission is granted.
		543	* @task_getpgid:
		544	* Check permission before getting the process group identifier of the
		545	* process @p.
		546	* @p contains the task_struct for the process.
		547	* Return 0 if permission is granted.
		548	* @task_getsid:
		549	* Check permission before getting the session identifier of the process
		550	* @p.
		551	* @p contains the task_struct for the process.
		552	* Return 0 if permission is granted.
		553	* @task_setgroups:
		554	* Check permission before setting the supplementary group set of the
		555	* current process to @grouplist.
		556	* @gidsetsize contains the number of elements in @grouplist.
		557	* @grouplist contains the array of gids.
		558	* Return 0 if permission is granted.
		559	* @task_setnice:
		560	* Check permission before setting the nice value of @p to @nice.
		561	* @p contains the task_struct of process.
		562	* @nice contains the new nice value.
		563	* Return 0 if permission is granted.
		564	* @task_setrlimit:
		565	* Check permission before setting the resource limits of the current
		566	* process for @resource to @new_rlim. The old resource limit values can
		567	* be examined by dereferencing (current->rlim + resource).
		568	* @resource contains the resource whose limit is being set.
		569	* @new_rlim contains the new limits for @resource.
		570	* Return 0 if permission is granted.
		571	* @task_setscheduler:
		572	* Check permission before setting scheduling policy and/or parameters of
		573	* process @p based on @policy and @lp.
		574	* @p contains the task_struct for process.
		575	* @policy contains the scheduling policy.
		576	* @lp contains the scheduling parameters.
		577	* Return 0 if permission is granted.
		578	* @task_getscheduler:
		579	* Check permission before obtaining scheduling information for process
		580	* @p.
		581	* @p contains the task_struct for process.
		582	* Return 0 if permission is granted.
		583	* @task_kill:
		584	* Check permission before sending signal @sig to @p. @info can be NULL,
		585	* the constant 1, or a pointer to a siginfo structure. If @info is 1 or
		586	* SI_FROMKERNEL(info) is true, then the signal should be viewed as coming
		587	* from the kernel and should typically be permitted.
		588	* SIGIO signals are handled separately by the send_sigiotask hook in
		589	* file_security_ops.
		590	* @p contains the task_struct for process.
		591	* @info contains the signal information.
		592	* @sig contains the signal value.
		593	* Return 0 if permission is granted.
		594	* @task_wait:
		595	* Check permission before allowing a process to reap a child process @p
		596	* and collect its status information.
		597	* @p contains the task_struct for process.
		598	* Return 0 if permission is granted.
		599	* @task_prctl:
		600	* Check permission before performing a process control operation on the
		601	* current process.
		602	* @option contains the operation.
		603	* @arg2 contains a argument.
		604	* @arg3 contains a argument.
		605	* @arg4 contains a argument.
		606	* @arg5 contains a argument.
		607	* Return 0 if permission is granted.
		608	* @task_reparent_to_init:
		609	* Set the security attributes in @p->security for a kernel thread that
		610	* is being reparented to the init task.
		611	* @p contains the task_struct for the kernel thread.
		612	* @task_to_inode:
		613	* Set the security attributes for an inode based on an associated task's
		614	* security attributes, e.g. for /proc/pid inodes.
		615	* @p contains the task_struct for the task.
		616	* @inode contains the inode structure for the inode.
		617	*
		618	* Security hooks for Netlink messaging.
		619	*
		620	* @netlink_send:
		621	* Save security information for a netlink message so that permission
		622	* checking can be performed when the message is processed. The security
		623	* information can be saved using the eff_cap field of the
		624	* netlink_skb_parms structure.
		625	* @skb contains the sk_buff structure for the netlink message.
		626	* Return 0 if the information was successfully saved.
		627	* @netlink_recv:
		628	* Check permission before processing the received netlink message in
		629	* @skb.
		630	* @skb contains the sk_buff structure for the netlink message.
		631	* Return 0 if permission is granted.
		632	*
		633	* Security hooks for Unix domain networking.
		634	*
		635	* @unix_stream_connect:
		636	* Check permissions before establishing a Unix domain stream connection
		637	* between @sock and @other.
		638	* @sock contains the socket structure.
		639	* @other contains the peer socket structure.
		640	* Return 0 if permission is granted.
		641	* @unix_may_send:
		642	* Check permissions before connecting or sending datagrams from @sock to
		643	* @other.
		644	* @sock contains the socket structure.
		645	* @sock contains the peer socket structure.
		646	* Return 0 if permission is granted.
		647	*
		648	* The @unix_stream_connect and @unix_may_send hooks were necessary because
		649	* Linux provides an alternative to the conventional file name space for Unix
		650	* domain sockets. Whereas binding and connecting to sockets in the file name
		651	* space is mediated by the typical file permissions (and caught by the mknod
		652	* and permission hooks in inode_security_ops), binding and connecting to
		653	* sockets in the abstract name space is completely unmediated. Sufficient
		654	* control of Unix domain sockets in the abstract name space isn't possible
		655	* using only the socket layer hooks, since we need to know the actual target
		656	* socket, which is not looked up until we are inside the af_unix code.
		657	*
		658	* Security hooks for socket operations.
		659	*
		660	* @socket_create:
		661	* Check permissions prior to creating a new socket.
		662	* @family contains the requested protocol family.
		663	* @type contains the requested communications type.
		664	* @protocol contains the requested protocol.
		665	* Return 0 if permission is granted.
		666	* @socket_post_create:
		667	* This hook allows a module to update or allocate a per-socket security
		668	* structure. Note that the security field was not added directly to the
		669	* socket structure, but rather, the socket security information is stored
		670	* in the associated inode. Typically, the inode alloc_security hook will
		671	* allocate and and attach security information to
		672	* sock->inode->i_security. This hook may be used to update the
		673	* sock->inode->i_security field with additional information that wasn't
		674	* available when the inode was allocated.
		675	* @sock contains the newly created socket structure.
		676	* @family contains the requested protocol family.
		677	* @type contains the requested communications type.
		678	* @protocol contains the requested protocol.
		679	* @socket_bind:
		680	* Check permission before socket protocol layer bind operation is
		681	* performed and the socket @sock is bound to the address specified in the
		682	* @address parameter.
		683	* @sock contains the socket structure.
		684	* @address contains the address to bind to.
		685	* @addrlen contains the length of address.
		686	* Return 0 if permission is granted.
		687	* @socket_connect:
		688	* Check permission before socket protocol layer connect operation
		689	* attempts to connect socket @sock to a remote address, @address.
		690	* @sock contains the socket structure.
		691	* @address contains the address of remote endpoint.
		692	* @addrlen contains the length of address.
		693	* Return 0 if permission is granted.
		694	* @socket_listen:
		695	* Check permission before socket protocol layer listen operation.
		696	* @sock contains the socket structure.
		697	* @backlog contains the maximum length for the pending connection queue.
		698	* Return 0 if permission is granted.
		699	* @socket_accept:
		700	* Check permission before accepting a new connection. Note that the new
		701	* socket, @newsock, has been created and some information copied to it,
		702	* but the accept operation has not actually been performed.
		703	* @sock contains the listening socket structure.
		704	* @newsock contains the newly created server socket for connection.
		705	* Return 0 if permission is granted.
		706	* @socket_post_accept:
		707	* This hook allows a security module to copy security
		708	* information into the newly created socket's inode.
		709	* @sock contains the listening socket structure.
		710	* @newsock contains the newly created server socket for connection.
		711	* @socket_sendmsg:
		712	* Check permission before transmitting a message to another socket.
		713	* @sock contains the socket structure.
		714	* @msg contains the message to be transmitted.
		715	* @size contains the size of message.
		716	* Return 0 if permission is granted.
		717	* @socket_recvmsg:
		718	* Check permission before receiving a message from a socket.
		719	* @sock contains the socket structure.
		720	* @msg contains the message structure.
		721	* @size contains the size of message structure.
		722	* @flags contains the operational flags.
		723	* Return 0 if permission is granted.
		724	* @socket_getsockname:
		725	* Check permission before the local address (name) of the socket object
		726	* @sock is retrieved.
		727	* @sock contains the socket structure.
		728	* Return 0 if permission is granted.
		729	* @socket_getpeername:
		730	* Check permission before the remote address (name) of a socket object
		731	* @sock is retrieved.
		732	* @sock contains the socket structure.
		733	* Return 0 if permission is granted.
		734	* @socket_getsockopt:
		735	* Check permissions before retrieving the options associated with socket
		736	* @sock.
		737	* @sock contains the socket structure.
		738	* @level contains the protocol level to retrieve option from.
		739	* @optname contains the name of option to retrieve.
		740	* Return 0 if permission is granted.
		741	* @socket_setsockopt:
		742	* Check permissions before setting the options associated with socket
		743	* @sock.
		744	* @sock contains the socket structure.
		745	* @level contains the protocol level to set options for.
		746	* @optname contains the name of the option to set.
		747	* Return 0 if permission is granted.
		748	* @socket_shutdown:
		749	* Checks permission before all or part of a connection on the socket
		750	* @sock is shut down.
		751	* @sock contains the socket structure.
		752	* @how contains the flag indicating how future sends and receives are handled.
		753	* Return 0 if permission is granted.
		754	* @socket_sock_rcv_skb:
		755	* Check permissions on incoming network packets. This hook is distinct
		756	* from Netfilter's IP input hooks since it is the first time that the
		757	* incoming sk_buff @skb has been associated with a particular socket, @sk.
		758	* @sk contains the sock (not socket) associated with the incoming sk_buff.
		759	* @skb contains the incoming network data.
		760	*
		761	* Security hooks affecting all System V IPC operations.
		762	*
		763	* @ipc_permission:
		764	* Check permissions for access to IPC
		765	* @ipcp contains the kernel IPC permission structure
		766	* @flag contains the desired (requested) permission set
		767	* Return 0 if permission is granted.
		768	*
		769	* Security hooks for individual messages held in System V IPC message queues
		770	* @msg_msg_alloc_security:
		771	* Allocate and attach a security structure to the msg->security field.
		772	* The security field is initialized to NULL when the structure is first
		773	* created.
		774	* @msg contains the message structure to be modified.
		775	* Return 0 if operation was successful and permission is granted.
		776	* @msg_msg_free_security:
		777	* Deallocate the security structure for this message.
		778	* @msg contains the message structure to be modified.
		779	*
		780	* Security hooks for System V IPC Message Queues
		781	*
		782	* @msg_queue_alloc_security:
		783	* Allocate and attach a security structure to the
		784	* msq->q_perm.security field. The security field is initialized to
		785	* NULL when the structure is first created.
		786	* @msq contains the message queue structure to be modified.
		787	* Return 0 if operation was successful and permission is granted.
		788	* @msg_queue_free_security:
		789	* Deallocate security structure for this message queue.
		790	* @msq contains the message queue structure to be modified.
		791	* @msg_queue_associate:
		792	* Check permission when a message queue is requested through the
		793	* msgget system call. This hook is only called when returning the
		794	* message queue identifier for an existing message queue, not when a
		795	* new message queue is created.
		796	* @msq contains the message queue to act upon.
		797	* @msqflg contains the operation control flags.
		798	* Return 0 if permission is granted.
		799	* @msg_queue_msgctl:
		800	* Check permission when a message control operation specified by @cmd
		801	* is to be performed on the message queue @msq.
		802	* The @msq may be NULL, e.g. for IPC_INFO or MSG_INFO.
		803	* @msq contains the message queue to act upon. May be NULL.
		804	* @cmd contains the operation to be performed.
		805	* Return 0 if permission is granted.
		806	* @msg_queue_msgsnd:
		807	* Check permission before a message, @msg, is enqueued on the message
		808	* queue, @msq.
		809	* @msq contains the message queue to send message to.
		810	* @msg contains the message to be enqueued.
		811	* @msqflg contains operational flags.
		812	* Return 0 if permission is granted.
		813	* @msg_queue_msgrcv:
		814	* Check permission before a message, @msg, is removed from the message
		815	* queue, @msq. The @target task structure contains a pointer to the
		816	* process that will be receiving the message (not equal to the current
		817	* process when inline receives are being performed).
		818	* @msq contains the message queue to retrieve message from.
		819	* @msg contains the message destination.
		820	* @target contains the task structure for recipient process.
		821	* @type contains the type of message requested.
		822	* @mode contains the operational flags.
		823	* Return 0 if permission is granted.
		824	*
		825	* Security hooks for System V Shared Memory Segments
		826	*
		827	* @shm_alloc_security:
		828	* Allocate and attach a security structure to the shp->shm_perm.security
		829	* field. The security field is initialized to NULL when the structure is
		830	* first created.
		831	* @shp contains the shared memory structure to be modified.
		832	* Return 0 if operation was successful and permission is granted.
		833	* @shm_free_security:
		834	* Deallocate the security struct for this memory segment.
		835	* @shp contains the shared memory structure to be modified.
		836	* @shm_associate:
		837	* Check permission when a shared memory region is requested through the
		838	* shmget system call. This hook is only called when returning the shared
		839	* memory region identifier for an existing region, not when a new shared
		840	* memory region is created.
		841	* @shp contains the shared memory structure to be modified.
		842	* @shmflg contains the operation control flags.
		843	* Return 0 if permission is granted.
		844	* @shm_shmctl:
		845	* Check permission when a shared memory control operation specified by
		846	* @cmd is to be performed on the shared memory region @shp.
		847	* The @shp may be NULL, e.g. for IPC_INFO or SHM_INFO.
		848	* @shp contains shared memory structure to be modified.
		849	* @cmd contains the operation to be performed.
		850	* Return 0 if permission is granted.
		851	* @shm_shmat:
		852	* Check permissions prior to allowing the shmat system call to attach the
		853	* shared memory segment @shp to the data segment of the calling process.
		854	* The attaching address is specified by @shmaddr.
		855	* @shp contains the shared memory structure to be modified.
		856	* @shmaddr contains the address to attach memory region to.
		857	* @shmflg contains the operational flags.
		858	* Return 0 if permission is granted.
		859	*
		860	* Security hooks for System V Semaphores
		861	*
		862	* @sem_alloc_security:
		863	* Allocate and attach a security structure to the sma->sem_perm.security
		864	* field. The security field is initialized to NULL when the structure is
		865	* first created.
		866	* @sma contains the semaphore structure
		867	* Return 0 if operation was successful and permission is granted.
		868	* @sem_free_security:
		869	* deallocate security struct for this semaphore
		870	* @sma contains the semaphore structure.
		871	* @sem_associate:
		872	* Check permission when a semaphore is requested through the semget
		873	* system call. This hook is only called when returning the semaphore
		874	* identifier for an existing semaphore, not when a new one must be
		875	* created.
		876	* @sma contains the semaphore structure.
		877	* @semflg contains the operation control flags.
		878	* Return 0 if permission is granted.
		879	* @sem_semctl:
		880	* Check permission when a semaphore operation specified by @cmd is to be
		881	* performed on the semaphore @sma. The @sma may be NULL, e.g. for
		882	* IPC_INFO or SEM_INFO.
		883	* @sma contains the semaphore structure. May be NULL.
		884	* @cmd contains the operation to be performed.
		885	* Return 0 if permission is granted.
		886	* @sem_semop
		887	* Check permissions before performing operations on members of the
		888	* semaphore set @sma. If the @alter flag is nonzero, the semaphore set
		889	* may be modified.
		890	* @sma contains the semaphore structure.
		891	* @sops contains the operations to perform.
		892	* @nsops contains the number of operations to perform.
		893	* @alter contains the flag indicating whether changes are to be made.
		894	* Return 0 if permission is granted.
		895	*
		896	* @ptrace:
		897	* Check permission before allowing the @parent process to trace the
		898	* @child process.
		899	* Security modules may also want to perform a process tracing check
		900	* during an execve in the set_security or compute_creds hooks of
		901	* binprm_security_ops if the process is being traced and its security
		902	* attributes would be changed by the execve.
		903	* @parent contains the task_struct structure for parent process.
		904	* @child contains the task_struct structure for child process.
		905	* Return 0 if permission is granted.
		906	* @capget:
		907	* Get the @effective, @inheritable, and @permitted capability sets for
		908	* the @target process. The hook may also perform permission checking to
		909	* determine if the current process is allowed to see the capability sets
		910	* of the @target process.
		911	* @target contains the task_struct structure for target process.
		912	* @effective contains the effective capability set.
		913	* @inheritable contains the inheritable capability set.
		914	* @permitted contains the permitted capability set.
		915	* Return 0 if the capability sets were successfully obtained.
		916	* @capset_check:
		917	* Check permission before setting the @effective, @inheritable, and
		918	* @permitted capability sets for the @target process.
		919	* Caveat: @target is also set to current if a set of processes is
		920	* specified (i.e. all processes other than current and init or a
		921	* particular process group). Hence, the capset_set hook may need to
		922	* revalidate permission to the actual target process.
		923	* @target contains the task_struct structure for target process.
		924	* @effective contains the effective capability set.
		925	* @inheritable contains the inheritable capability set.
		926	* @permitted contains the permitted capability set.
		927	* Return 0 if permission is granted.
		928	* @capset_set:
		929	* Set the @effective, @inheritable, and @permitted capability sets for
		930	* the @target process. Since capset_check cannot always check permission
		931	* to the real @target process, this hook may also perform permission
		932	* checking to determine if the current process is allowed to set the
		933	* capability sets of the @target process. However, this hook has no way
		934	* of returning an error due to the structure of the sys_capset code.
		935	* @target contains the task_struct structure for target process.
		936	* @effective contains the effective capability set.
		937	* @inheritable contains the inheritable capability set.
		938	* @permitted contains the permitted capability set.
		939	* @acct:
		940	* Check permission before enabling or disabling process accounting. If
		941	* accounting is being enabled, then @file refers to the open file used to
		942	* store accounting records. If accounting is being disabled, then @file
		943	* is NULL.
		944	* @file contains the file structure for the accounting file (may be NULL).
		945	* Return 0 if permission is granted.
		946	* @sysctl:
		947	* Check permission before accessing the @table sysctl variable in the
		948	* manner specified by @op.
		949	* @table contains the ctl_table structure for the sysctl variable.
		950	* @op contains the operation (001 = search, 002 = write, 004 = read).
		951	* Return 0 if permission is granted.
		952	* @capable:
		953	* Check whether the @tsk process has the @cap capability.
		954	* @tsk contains the task_struct for the process.
		955	* @cap contains the capability <include/linux/capability.h>.
		956	* Return 0 if the capability is granted for @tsk.
		957	* @syslog:
		958	* Check permission before accessing the kernel message ring or changing
		959	* logging to the console.
		960	* See the syslog(2) manual page for an explanation of the @type values.
		961	* @type contains the type of action.
		962	* Return 0 if permission is granted.
		963	* @vm_enough_memory:
		964	* Check permissions for allocating a new virtual mapping.
		965	* @pages contains the number of pages.
		966	* Return 0 if permission is granted.
		967	*
		968	* @register_security:
		969	* allow module stacking.
		970	* @name contains the name of the security module being stacked.
		971	* @ops contains a pointer to the struct security_operations of the module to stack.
		972	* @unregister_security:
		973	* remove a stacked module.
		974	* @name contains the name of the security module being unstacked.
		975	* @ops contains a pointer to the struct security_operations of the module to unstack.
		976	*
		977	* This is the main security structure.
		978	*/
		979	struct security_operations {
		980	int (ptrace) (struct task_struct parent, struct task_struct * child);
		981	int (capget) (struct task_struct target,
		982	kernel_cap_t * effective,
		983	kernel_cap_t * inheritable, kernel_cap_t * permitted);
		984	int (capset_check) (struct task_struct target,
		985	kernel_cap_t * effective,
		986	kernel_cap_t * inheritable,
		987	kernel_cap_t * permitted);
		988	void (capset_set) (struct task_struct target,
		989	kernel_cap_t * effective,
		990	kernel_cap_t * inheritable,
		991	kernel_cap_t * permitted);
		992	int (acct) (struct file file);
		993	int (sysctl) (ctl_table table, int op);
		994	int (capable) (struct task_struct tsk, int cap);
		995	int (quotactl) (int cmds, int type, int id, struct super_block sb);
		996	int (quota_on) (struct file f);
		997	int (*syslog) (int type);
		998	int (*vm_enough_memory) (long pages);
		999
		1000	int (bprm_alloc_security) (struct linux_binprm bprm);
		1001	void (bprm_free_security) (struct linux_binprm bprm);
		1002	void (bprm_compute_creds) (struct linux_binprm bprm);
		1003	int (bprm_set_security) (struct linux_binprm bprm);
		1004	int (bprm_check_security) (struct linux_binprm bprm);
		1005	int (bprm_secureexec) (struct linux_binprm bprm);
		1006
		1007	int (sb_alloc_security) (struct super_block sb);
		1008	void (sb_free_security) (struct super_block sb);
		1009	int (sb_kern_mount) (struct super_block sb);
		1010	int (sb_statfs) (struct super_block sb);
		1011	int (sb_mount) (char dev_name, struct nameidata * nd,
		1012	char type, unsigned long flags, void data);
		1013	int (sb_check_sb) (struct vfsmount mnt, struct nameidata * nd);
		1014	int (sb_umount) (struct vfsmount mnt, int flags);
		1015	void (sb_umount_close) (struct vfsmount mnt);
		1016	void (sb_umount_busy) (struct vfsmount mnt);
		1017	void (sb_post_remount) (struct vfsmount mnt,
		1018	unsigned long flags, void *data);
		1019	void (*sb_post_mountroot) (void);
		1020	void (sb_post_addmount) (struct vfsmount mnt,
		1021	struct nameidata * mountpoint_nd);
		1022	int (sb_pivotroot) (struct nameidata old_nd,
		1023	struct nameidata * new_nd);
		1024	void (sb_post_pivotroot) (struct nameidata old_nd,
		1025	struct nameidata * new_nd);
		1026
		1027	int (inode_alloc_security) (struct inode inode);
		1028	void (inode_free_security) (struct inode inode);
		1029	int (inode_create) (struct inode dir,
		1030	struct dentry *dentry, int mode);
		1031	void (inode_post_create) (struct inode dir,
		1032	struct dentry *dentry, int mode);
		1033	int (inode_link) (struct dentry old_dentry,
		1034	struct inode dir, struct dentry new_dentry);
		1035	void (inode_post_link) (struct dentry old_dentry,
		1036	struct inode dir, struct dentry new_dentry);
		1037	int (inode_unlink) (struct inode dir, struct dentry *dentry);
		1038	int (inode_symlink) (struct inode dir,
		1039	struct dentry dentry, const char old_name);
		1040	void (inode_post_symlink) (struct inode dir,
		1041	struct dentry *dentry,
		1042	const char *old_name);
		1043	int (inode_mkdir) (struct inode dir, struct dentry *dentry, int mode);
		1044	void (inode_post_mkdir) (struct inode dir, struct dentry *dentry,
		1045	int mode);
		1046	int (inode_rmdir) (struct inode dir, struct dentry *dentry);
		1047	int (inode_mknod) (struct inode dir, struct dentry *dentry,
		1048	int mode, dev_t dev);
		1049	void (inode_post_mknod) (struct inode dir, struct dentry *dentry,
		1050	int mode, dev_t dev);
		1051	int (inode_rename) (struct inode old_dir, struct dentry *old_dentry,
		1052	struct inode new_dir, struct dentry new_dentry);
		1053	void (inode_post_rename) (struct inode old_dir,
		1054	struct dentry *old_dentry,
		1055	struct inode *new_dir,
		1056	struct dentry *new_dentry);
		1057	int (inode_readlink) (struct dentry dentry);
		1058	int (inode_follow_link) (struct dentry dentry, struct nameidata *nd);
		1059	int (inode_permission) (struct inode inode, int mask, struct nameidata *nd);
		1060	int (inode_setattr) (struct dentry dentry, struct iattr *attr);
		1061	int (inode_getattr) (struct vfsmount mnt, struct dentry *dentry);
		1062	void (inode_delete) (struct inode inode);
		1063	int (inode_setxattr) (struct dentry dentry, char name, void value,
		1064	size_t size, int flags);
		1065	void (inode_post_setxattr) (struct dentry dentry, char name, void value,
		1066	size_t size, int flags);
		1067	int (inode_getxattr) (struct dentry dentry, char *name);
		1068	int (inode_listxattr) (struct dentry dentry);
		1069	int (inode_removexattr) (struct dentry dentry, char *name);
		1070	int (inode_getsecurity)(struct dentry dentry, const char name, void buffer, size_t size);
		1071	int (inode_setsecurity)(struct dentry dentry, const char name, const void value, size_t size, int flags);
		1072	int (inode_listsecurity)(struct dentry dentry, char *buffer);
		1073
		1074	int (file_permission) (struct file file, int mask);
		1075	int (file_alloc_security) (struct file file);
		1076	void (file_free_security) (struct file file);
		1077	int (file_ioctl) (struct file file, unsigned int cmd,
		1078	unsigned long arg);
		1079	int (file_mmap) (struct file file,
		1080	unsigned long prot, unsigned long flags);
		1081	int (file_mprotect) (struct vm_area_struct vma, unsigned long prot);
		1082	int (file_lock) (struct file file, unsigned int cmd);
		1083	int (file_fcntl) (struct file file, unsigned int cmd,
		1084	unsigned long arg);
		1085	int (file_set_fowner) (struct file file);
		1086	int (file_send_sigiotask) (struct task_struct tsk,
		1087	struct fown_struct * fown,
		1088	int fd, int reason);
		1089	int (file_receive) (struct file file);
		1090
		1091	int (*task_create) (unsigned long clone_flags);
		1092	int (task_alloc_security) (struct task_struct p);
		1093	void (task_free_security) (struct task_struct p);
		1094	int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags);
		1095	int (task_post_setuid) (uid_t old_ruid / or fsuid */ ,
		1096	uid_t old_euid, uid_t old_suid, int flags);
		1097	int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags);
		1098	int (task_setpgid) (struct task_struct p, pid_t pgid);
		1099	int (task_getpgid) (struct task_struct p);
		1100	int (task_getsid) (struct task_struct p);
		1101	int (task_setgroups) (int gidsetsize, gid_t grouplist);
		1102	int (task_setnice) (struct task_struct p, int nice);
		1103	int (task_setrlimit) (unsigned int resource, struct rlimit new_rlim);
		1104	int (task_setscheduler) (struct task_struct p, int policy,
		1105	struct sched_param * lp);
		1106	int (task_getscheduler) (struct task_struct p);
		1107	int (task_kill) (struct task_struct p,
		1108	struct siginfo * info, int sig);
		1109	int (task_wait) (struct task_struct p);
		1110	int (*task_prctl) (int option, unsigned long arg2,
		1111	unsigned long arg3, unsigned long arg4,
		1112	unsigned long arg5);
		1113	void (task_reparent_to_init) (struct task_struct p);
		1114	void (task_to_inode)(struct task_struct p, struct inode *inode);
		1115
		1116	int (ipc_permission) (struct kern_ipc_perm ipcp, short flag);
		1117
		1118	int (msg_msg_alloc_security) (struct msg_msg msg);
		1119	void (msg_msg_free_security) (struct msg_msg msg);
		1120
		1121	int (msg_queue_alloc_security) (struct msg_queue msq);
		1122	void (msg_queue_free_security) (struct msg_queue msq);
		1123	int (msg_queue_associate) (struct msg_queue msq, int msqflg);
		1124	int (msg_queue_msgctl) (struct msg_queue msq, int cmd);
		1125	int (msg_queue_msgsnd) (struct msg_queue msq,
		1126	struct msg_msg * msg, int msqflg);
		1127	int (msg_queue_msgrcv) (struct msg_queue msq,
		1128	struct msg_msg * msg,
		1129	struct task_struct * target,
		1130	long type, int mode);
		1131
		1132	int (shm_alloc_security) (struct shmid_kernel shp);
		1133	void (shm_free_security) (struct shmid_kernel shp);
		1134	int (shm_associate) (struct shmid_kernel shp, int shmflg);
		1135	int (shm_shmctl) (struct shmid_kernel shp, int cmd);
		1136	int (shm_shmat) (struct shmid_kernel shp,
		1137	char *shmaddr, int shmflg);
		1138
		1139	int (sem_alloc_security) (struct sem_array sma);
		1140	void (sem_free_security) (struct sem_array sma);
		1141	int (sem_associate) (struct sem_array sma, int semflg);
		1142	int (sem_semctl) (struct sem_array sma, int cmd);
		1143	int (sem_semop) (struct sem_array sma,
		1144	struct sembuf * sops, unsigned nsops, int alter);
		1145
		1146	int (netlink_send) (struct sk_buff skb);
		1147	int (netlink_recv) (struct sk_buff skb);
		1148
		1149	/* allow module stacking */
		1150	int (register_security) (const char name,
		1151	struct security_operations *ops);
		1152	int (unregister_security) (const char name,
		1153	struct security_operations *ops);
		1154
		1155	void (d_instantiate) (struct dentry dentry, struct inode *inode);
		1156
		1157	int (getprocattr)(struct task_struct p, char name, void value, size_t size);
		1158	int (setprocattr)(struct task_struct p, char name, void value, size_t size);
		1159
		1160	#ifdef CONFIG_SECURITY_NETWORK
		1161	int (unix_stream_connect) (struct socket sock,
		1162	struct socket * other, struct sock * newsk);
		1163	int (unix_may_send) (struct socket sock, struct socket * other);
		1164
		1165	int (*socket_create) (int family, int type, int protocol);
		1166	void (socket_post_create) (struct socket sock, int family,
		1167	int type, int protocol);
		1168	int (socket_bind) (struct socket sock,
		1169	struct sockaddr * address, int addrlen);
		1170	int (socket_connect) (struct socket sock,
		1171	struct sockaddr * address, int addrlen);
		1172	int (socket_listen) (struct socket sock, int backlog);
		1173	int (socket_accept) (struct socket sock, struct socket * newsock);
		1174	void (socket_post_accept) (struct socket sock,
		1175	struct socket * newsock);
		1176	int (socket_sendmsg) (struct socket sock,
		1177	struct msghdr * msg, int size);
		1178	int (socket_recvmsg) (struct socket sock,
		1179	struct msghdr * msg, int size, int flags);
		1180	int (socket_getsockname) (struct socket sock);
		1181	int (socket_getpeername) (struct socket sock);
		1182	int (socket_getsockopt) (struct socket sock, int level, int optname);
		1183	int (socket_setsockopt) (struct socket sock, int level, int optname);
		1184	int (socket_shutdown) (struct socket sock, int how);
		1185	int (socket_sock_rcv_skb) (struct sock sk, struct sk_buff * skb);
		1186	#endif /* CONFIG_SECURITY_NETWORK */
		1187	};
		1188
		1189	/* global variables */
		1190	extern struct security_operations *security_ops;
		1191
		1192	/* inline stuff */
		1193	static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
		1194	{
		1195	return security_ops->ptrace (parent, child);
		1196	}
		1197
		1198	static inline int security_capget (struct task_struct *target,
		1199	kernel_cap_t *effective,
		1200	kernel_cap_t *inheritable,
		1201	kernel_cap_t *permitted)
		1202	{
		1203	return security_ops->capget (target, effective, inheritable, permitted);
		1204	}
		1205
		1206	static inline int security_capset_check (struct task_struct *target,
		1207	kernel_cap_t *effective,
		1208	kernel_cap_t *inheritable,
		1209	kernel_cap_t *permitted)
		1210	{
		1211	return security_ops->capset_check (target, effective, inheritable, permitted);
		1212	}
		1213
		1214	static inline void security_capset_set (struct task_struct *target,
		1215	kernel_cap_t *effective,
		1216	kernel_cap_t *inheritable,
		1217	kernel_cap_t *permitted)
		1218	{
		1219	security_ops->capset_set (target, effective, inheritable, permitted);
		1220	}
		1221
		1222	static inline int security_acct (struct file *file)
		1223	{
		1224	return security_ops->acct (file);
		1225	}
		1226
		1227	static inline int security_sysctl(ctl_table * table, int op)
		1228	{
		1229	return security_ops->sysctl(table, op);
		1230	}
		1231
		1232	static inline int security_quotactl (int cmds, int type, int id,
		1233	struct super_block *sb)
		1234	{
		1235	return security_ops->quotactl (cmds, type, id, sb);
		1236	}
		1237
		1238	static inline int security_quota_on (struct file * file)
		1239	{
		1240	return security_ops->quota_on (file);
		1241	}
		1242
		1243	static inline int security_syslog(int type)
		1244	{
		1245	return security_ops->syslog(type);
		1246	}
		1247
		1248	static inline int security_vm_enough_memory(long pages)
		1249	{
		1250	return security_ops->vm_enough_memory(pages);
		1251	}
		1252
		1253	static inline int security_bprm_alloc (struct linux_binprm *bprm)
		1254	{
		1255	return security_ops->bprm_alloc_security (bprm);
		1256	}
		1257	static inline void security_bprm_free (struct linux_binprm *bprm)
		1258	{
		1259	security_ops->bprm_free_security (bprm);
		1260	}
		1261	static inline void security_bprm_compute_creds (struct linux_binprm *bprm)
		1262	{
		1263	security_ops->bprm_compute_creds (bprm);
		1264	}
		1265	static inline int security_bprm_set (struct linux_binprm *bprm)
		1266	{
		1267	return security_ops->bprm_set_security (bprm);
		1268	}
		1269
		1270	static inline int security_bprm_check (struct linux_binprm *bprm)
		1271	{
		1272	return security_ops->bprm_check_security (bprm);
		1273	}
		1274
		1275	static inline int security_bprm_secureexec (struct linux_binprm *bprm)
		1276	{
		1277	return security_ops->bprm_secureexec (bprm);
		1278	}
		1279
		1280	static inline int security_sb_alloc (struct super_block *sb)
		1281	{
		1282	return security_ops->sb_alloc_security (sb);
		1283	}
		1284
		1285	static inline void security_sb_free (struct super_block *sb)
		1286	{
		1287	security_ops->sb_free_security (sb);
		1288	}
		1289
		1290	static inline int security_sb_kern_mount (struct super_block *sb)
		1291	{
		1292	return security_ops->sb_kern_mount (sb);
		1293	}
		1294
		1295	static inline int security_sb_statfs (struct super_block *sb)
		1296	{
		1297	return security_ops->sb_statfs (sb);
		1298	}
		1299
		1300	static inline int security_sb_mount (char dev_name, struct nameidata nd,
		1301	char *type, unsigned long flags,
		1302	void *data)
		1303	{
		1304	return security_ops->sb_mount (dev_name, nd, type, flags, data);
		1305	}
		1306
		1307	static inline int security_sb_check_sb (struct vfsmount *mnt,
		1308	struct nameidata *nd)
		1309	{
		1310	return security_ops->sb_check_sb (mnt, nd);
		1311	}
		1312
		1313	static inline int security_sb_umount (struct vfsmount *mnt, int flags)
		1314	{
		1315	return security_ops->sb_umount (mnt, flags);
		1316	}
		1317
		1318	static inline void security_sb_umount_close (struct vfsmount *mnt)
		1319	{
		1320	security_ops->sb_umount_close (mnt);
		1321	}
		1322
		1323	static inline void security_sb_umount_busy (struct vfsmount *mnt)
		1324	{
		1325	security_ops->sb_umount_busy (mnt);
		1326	}
		1327
		1328	static inline void security_sb_post_remount (struct vfsmount *mnt,
		1329	unsigned long flags, void *data)
		1330	{
		1331	security_ops->sb_post_remount (mnt, flags, data);
		1332	}
		1333
		1334	static inline void security_sb_post_mountroot (void)
		1335	{
		1336	security_ops->sb_post_mountroot ();
		1337	}
		1338
		1339	static inline void security_sb_post_addmount (struct vfsmount *mnt,
		1340	struct nameidata *mountpoint_nd)
		1341	{
		1342	security_ops->sb_post_addmount (mnt, mountpoint_nd);
		1343	}
		1344
		1345	static inline int security_sb_pivotroot (struct nameidata *old_nd,
		1346	struct nameidata *new_nd)
		1347	{
		1348	return security_ops->sb_pivotroot (old_nd, new_nd);
		1349	}
		1350
		1351	static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
		1352	struct nameidata *new_nd)
		1353	{
		1354	security_ops->sb_post_pivotroot (old_nd, new_nd);
		1355	}
		1356
		1357	static inline int security_inode_alloc (struct inode *inode)
		1358	{
		1359	return security_ops->inode_alloc_security (inode);
		1360	}
		1361
		1362	static inline void security_inode_free (struct inode *inode)
		1363	{
		1364	security_ops->inode_free_security (inode);
		1365	}
		1366
		1367	static inline int security_inode_create (struct inode *dir,
		1368	struct dentry *dentry,
		1369	int mode)
		1370	{
		1371	return security_ops->inode_create (dir, dentry, mode);
		1372	}
		1373
		1374	static inline void security_inode_post_create (struct inode *dir,
		1375	struct dentry *dentry,
		1376	int mode)
		1377	{
		1378	security_ops->inode_post_create (dir, dentry, mode);
		1379	}
		1380
		1381	static inline int security_inode_link (struct dentry *old_dentry,
		1382	struct inode *dir,
		1383	struct dentry *new_dentry)
		1384	{
		1385	return security_ops->inode_link (old_dentry, dir, new_dentry);
		1386	}
		1387
		1388	static inline void security_inode_post_link (struct dentry *old_dentry,
		1389	struct inode *dir,
		1390	struct dentry *new_dentry)
		1391	{
		1392	security_ops->inode_post_link (old_dentry, dir, new_dentry);
		1393	}
		1394
		1395	static inline int security_inode_unlink (struct inode *dir,
		1396	struct dentry *dentry)
		1397	{
		1398	return security_ops->inode_unlink (dir, dentry);
		1399	}
		1400
		1401	static inline int security_inode_symlink (struct inode *dir,
		1402	struct dentry *dentry,
		1403	const char *old_name)
		1404	{
		1405	return security_ops->inode_symlink (dir, dentry, old_name);
		1406	}
		1407
		1408	static inline void security_inode_post_symlink (struct inode *dir,
		1409	struct dentry *dentry,
		1410	const char *old_name)
		1411	{
		1412	security_ops->inode_post_symlink (dir, dentry, old_name);
		1413	}
		1414
		1415	static inline int security_inode_mkdir (struct inode *dir,
		1416	struct dentry *dentry,
		1417	int mode)
		1418	{
		1419	return security_ops->inode_mkdir (dir, dentry, mode);
		1420	}
		1421
		1422	static inline void security_inode_post_mkdir (struct inode *dir,
		1423	struct dentry *dentry,
		1424	int mode)
		1425	{
		1426	security_ops->inode_post_mkdir (dir, dentry, mode);
		1427	}
		1428
		1429	static inline int security_inode_rmdir (struct inode *dir,
		1430	struct dentry *dentry)
		1431	{
		1432	return security_ops->inode_rmdir (dir, dentry);
		1433	}
		1434
		1435	static inline int security_inode_mknod (struct inode *dir,
		1436	struct dentry *dentry,
		1437	int mode, dev_t dev)
		1438	{
		1439	return security_ops->inode_mknod (dir, dentry, mode, dev);
		1440	}
		1441
		1442	static inline void security_inode_post_mknod (struct inode *dir,
		1443	struct dentry *dentry,
		1444	int mode, dev_t dev)
		1445	{
		1446	security_ops->inode_post_mknod (dir, dentry, mode, dev);
		1447	}
		1448
		1449	static inline int security_inode_rename (struct inode *old_dir,
		1450	struct dentry *old_dentry,
		1451	struct inode *new_dir,
		1452	struct dentry *new_dentry)
		1453	{
		1454	return security_ops->inode_rename (old_dir, old_dentry,
		1455	new_dir, new_dentry);
		1456	}
		1457
		1458	static inline void security_inode_post_rename (struct inode *old_dir,
		1459	struct dentry *old_dentry,
		1460	struct inode *new_dir,
		1461	struct dentry *new_dentry)
		1462	{
		1463	security_ops->inode_post_rename (old_dir, old_dentry,
		1464	new_dir, new_dentry);
		1465	}
		1466
		1467	static inline int security_inode_readlink (struct dentry *dentry)
		1468	{
		1469	return security_ops->inode_readlink (dentry);
		1470	}
		1471
		1472	static inline int security_inode_follow_link (struct dentry *dentry,
		1473	struct nameidata *nd)
		1474	{
		1475	return security_ops->inode_follow_link (dentry, nd);
		1476	}
		1477
		1478	static inline int security_inode_permission (struct inode *inode, int mask,
		1479	struct nameidata *nd)
		1480	{
		1481	return security_ops->inode_permission (inode, mask, nd);
		1482	}
		1483
		1484	static inline int security_inode_setattr (struct dentry *dentry,
		1485	struct iattr *attr)
		1486	{
		1487	return security_ops->inode_setattr (dentry, attr);
		1488	}
		1489
		1490	static inline int security_inode_getattr (struct vfsmount *mnt,
		1491	struct dentry *dentry)
		1492	{
		1493	return security_ops->inode_getattr (mnt, dentry);
		1494	}
		1495
		1496	static inline void security_inode_delete (struct inode *inode)
		1497	{
		1498	security_ops->inode_delete (inode);
		1499	}
		1500
		1501	static inline int security_inode_setxattr (struct dentry dentry, char name,
		1502	void *value, size_t size, int flags)
		1503	{
		1504	return security_ops->inode_setxattr (dentry, name, value, size, flags);
		1505	}
		1506
		1507	static inline void security_inode_post_setxattr (struct dentry dentry, char name,
		1508	void *value, size_t size, int flags)
		1509	{
		1510	security_ops->inode_post_setxattr (dentry, name, value, size, flags);
		1511	}
		1512
		1513	static inline int security_inode_getxattr (struct dentry dentry, char name)
		1514	{
		1515	return security_ops->inode_getxattr (dentry, name);
		1516	}
		1517
		1518	static inline int security_inode_listxattr (struct dentry *dentry)
		1519	{
		1520	return security_ops->inode_listxattr (dentry);
		1521	}
		1522
		1523	static inline int security_inode_removexattr (struct dentry dentry, char name)
		1524	{
		1525	return security_ops->inode_removexattr (dentry, name);
		1526	}
		1527
		1528	static inline int security_inode_getsecurity(struct dentry dentry, const char name, void *buffer, size_t size)
		1529	{
		1530	return security_ops->inode_getsecurity(dentry, name, buffer, size);
		1531	}
		1532
		1533	static inline int security_inode_setsecurity(struct dentry dentry, const char name, const void *value, size_t size, int flags)
		1534	{
		1535	return security_ops->inode_setsecurity(dentry, name, value, size, flags);
		1536	}
		1537
		1538	static inline int security_inode_listsecurity(struct dentry dentry, char buffer)
		1539	{
		1540	return security_ops->inode_listsecurity(dentry, buffer);
		1541	}
		1542
		1543	static inline int security_file_permission (struct file *file, int mask)
		1544	{
		1545	return security_ops->file_permission (file, mask);
		1546	}
		1547
		1548	static inline int security_file_alloc (struct file *file)
		1549	{
		1550	return security_ops->file_alloc_security (file);
		1551	}
		1552
		1553	static inline void security_file_free (struct file *file)
		1554	{
		1555	security_ops->file_free_security (file);
		1556	}
		1557
		1558	static inline int security_file_ioctl (struct file *file, unsigned int cmd,
		1559	unsigned long arg)
		1560	{
		1561	return security_ops->file_ioctl (file, cmd, arg);
		1562	}
		1563
		1564	static inline int security_file_mmap (struct file *file, unsigned long prot,
		1565	unsigned long flags)
		1566	{
		1567	return security_ops->file_mmap (file, prot, flags);
		1568	}
		1569
		1570	static inline int security_file_mprotect (struct vm_area_struct *vma,
		1571	unsigned long prot)
		1572	{
		1573	return security_ops->file_mprotect (vma, prot);
		1574	}
		1575
		1576	static inline int security_file_lock (struct file *file, unsigned int cmd)
		1577	{
		1578	return security_ops->file_lock (file, cmd);
		1579	}
		1580
		1581	static inline int security_file_fcntl (struct file *file, unsigned int cmd,
		1582	unsigned long arg)
		1583	{
		1584	return security_ops->file_fcntl (file, cmd, arg);
		1585	}
		1586
		1587	static inline int security_file_set_fowner (struct file *file)
		1588	{
		1589	return security_ops->file_set_fowner (file);
		1590	}
		1591
		1592	static inline int security_file_send_sigiotask (struct task_struct *tsk,
		1593	struct fown_struct *fown,
		1594	int fd, int reason)
		1595	{
		1596	return security_ops->file_send_sigiotask (tsk, fown, fd, reason);
		1597	}
		1598
		1599	static inline int security_file_receive (struct file *file)
		1600	{
		1601	return security_ops->file_receive (file);
		1602	}
		1603
		1604	static inline int security_task_create (unsigned long clone_flags)
		1605	{
		1606	return security_ops->task_create (clone_flags);
		1607	}
		1608
		1609	static inline int security_task_alloc (struct task_struct *p)
		1610	{
		1611	return security_ops->task_alloc_security (p);
		1612	}
		1613
		1614	static inline void security_task_free (struct task_struct *p)
		1615	{
		1616	security_ops->task_free_security (p);
		1617	}
		1618
		1619	static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2,
		1620	int flags)
		1621	{
		1622	return security_ops->task_setuid (id0, id1, id2, flags);
		1623	}
		1624
		1625	static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid,
		1626	uid_t old_suid, int flags)
		1627	{
		1628	return security_ops->task_post_setuid (old_ruid, old_euid, old_suid, flags);
		1629	}
		1630
		1631	static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2,
		1632	int flags)
		1633	{
		1634	return security_ops->task_setgid (id0, id1, id2, flags);
		1635	}
		1636
		1637	static inline int security_task_setpgid (struct task_struct *p, pid_t pgid)
		1638	{
		1639	return security_ops->task_setpgid (p, pgid);
		1640	}
		1641
		1642	static inline int security_task_getpgid (struct task_struct *p)
		1643	{
		1644	return security_ops->task_getpgid (p);
		1645	}
		1646
		1647	static inline int security_task_getsid (struct task_struct *p)
		1648	{
		1649	return security_ops->task_getsid (p);
		1650	}
		1651
		1652	static inline int security_task_setgroups (int gidsetsize, gid_t *grouplist)
		1653	{
		1654	return security_ops->task_setgroups (gidsetsize, grouplist);
		1655	}
		1656
		1657	static inline int security_task_setnice (struct task_struct *p, int nice)
		1658	{
		1659	return security_ops->task_setnice (p, nice);
		1660	}
		1661
		1662	static inline int security_task_setrlimit (unsigned int resource,
		1663	struct rlimit *new_rlim)
		1664	{
		1665	return security_ops->task_setrlimit (resource, new_rlim);
		1666	}
		1667
		1668	static inline int security_task_setscheduler (struct task_struct *p,
		1669	int policy,
		1670	struct sched_param *lp)
		1671	{
		1672	return security_ops->task_setscheduler (p, policy, lp);
		1673	}
		1674
		1675	static inline int security_task_getscheduler (struct task_struct *p)
		1676	{
		1677	return security_ops->task_getscheduler (p);
		1678	}
		1679
		1680	static inline int security_task_kill (struct task_struct *p,
		1681	struct siginfo *info, int sig)
		1682	{
		1683	return security_ops->task_kill (p, info, sig);
		1684	}
		1685
		1686	static inline int security_task_wait (struct task_struct *p)
		1687	{
		1688	return security_ops->task_wait (p);
		1689	}
		1690
		1691	static inline int security_task_prctl (int option, unsigned long arg2,
		1692	unsigned long arg3,
		1693	unsigned long arg4,
		1694	unsigned long arg5)
		1695	{
		1696	return security_ops->task_prctl (option, arg2, arg3, arg4, arg5);
		1697	}
		1698
		1699	static inline void security_task_reparent_to_init (struct task_struct *p)
		1700	{
		1701	security_ops->task_reparent_to_init (p);
		1702	}
		1703
		1704	static inline void security_task_to_inode(struct task_struct p, struct inode inode)
		1705	{
		1706	security_ops->task_to_inode(p, inode);
		1707	}
		1708
		1709	static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
		1710	short flag)
		1711	{
		1712	return security_ops->ipc_permission (ipcp, flag);
		1713	}
		1714
		1715	static inline int security_msg_msg_alloc (struct msg_msg * msg)
		1716	{
		1717	return security_ops->msg_msg_alloc_security (msg);
		1718	}
		1719
		1720	static inline void security_msg_msg_free (struct msg_msg * msg)
		1721	{
		1722	security_ops->msg_msg_free_security(msg);
		1723	}
		1724
		1725	static inline int security_msg_queue_alloc (struct msg_queue *msq)
		1726	{
		1727	return security_ops->msg_queue_alloc_security (msq);
		1728	}
		1729
		1730	static inline void security_msg_queue_free (struct msg_queue *msq)
		1731	{
		1732	security_ops->msg_queue_free_security (msq);
		1733	}
		1734
		1735	static inline int security_msg_queue_associate (struct msg_queue * msq,
		1736	int msqflg)
		1737	{
		1738	return security_ops->msg_queue_associate (msq, msqflg);
		1739	}
		1740
		1741	static inline int security_msg_queue_msgctl (struct msg_queue * msq, int cmd)
		1742	{
		1743	return security_ops->msg_queue_msgctl (msq, cmd);
		1744	}
		1745
		1746	static inline int security_msg_queue_msgsnd (struct msg_queue * msq,
		1747	struct msg_msg * msg, int msqflg)
		1748	{
		1749	return security_ops->msg_queue_msgsnd (msq, msg, msqflg);
		1750	}
		1751
		1752	static inline int security_msg_queue_msgrcv (struct msg_queue * msq,
		1753	struct msg_msg * msg,
		1754	struct task_struct * target,
		1755	long type, int mode)
		1756	{
		1757	return security_ops->msg_queue_msgrcv (msq, msg, target, type, mode);
		1758	}
		1759
		1760	static inline int security_shm_alloc (struct shmid_kernel *shp)
		1761	{
		1762	return security_ops->shm_alloc_security (shp);
		1763	}
		1764
		1765	static inline void security_shm_free (struct shmid_kernel *shp)
		1766	{
		1767	security_ops->shm_free_security (shp);
		1768	}
		1769
		1770	static inline int security_shm_associate (struct shmid_kernel * shp,
		1771	int shmflg)
		1772	{
		1773	return security_ops->shm_associate(shp, shmflg);
		1774	}
		1775
		1776	static inline int security_shm_shmctl (struct shmid_kernel * shp, int cmd)
		1777	{
		1778	return security_ops->shm_shmctl (shp, cmd);
		1779	}
		1780
		1781	static inline int security_shm_shmat (struct shmid_kernel * shp,
		1782	char __user *shmaddr, int shmflg)
		1783	{
		1784	return security_ops->shm_shmat(shp, shmaddr, shmflg);
		1785	}
		1786
		1787	static inline int security_sem_alloc (struct sem_array *sma)
		1788	{
		1789	return security_ops->sem_alloc_security (sma);
		1790	}
		1791
		1792	static inline void security_sem_free (struct sem_array *sma)
		1793	{
		1794	security_ops->sem_free_security (sma);
		1795	}
		1796
		1797	static inline int security_sem_associate (struct sem_array * sma, int semflg)
		1798	{
		1799	return security_ops->sem_associate (sma, semflg);
		1800	}
		1801
		1802	static inline int security_sem_semctl (struct sem_array * sma, int cmd)
		1803	{
		1804	return security_ops->sem_semctl(sma, cmd);
		1805	}
		1806
		1807	static inline int security_sem_semop (struct sem_array * sma,
		1808	struct sembuf * sops, unsigned nsops,
		1809	int alter)
		1810	{
		1811	return security_ops->sem_semop(sma, sops, nsops, alter);
		1812	}
		1813
		1814	static inline void security_d_instantiate (struct dentry dentry, struct inode inode)
		1815	{
		1816	security_ops->d_instantiate (dentry, inode);
		1817	}
		1818
		1819	static inline int security_getprocattr(struct task_struct p, char name, void *value, size_t size)
		1820	{
		1821	return security_ops->getprocattr(p, name, value, size);
		1822	}
		1823
		1824	static inline int security_setprocattr(struct task_struct p, char name, void *value, size_t size)
		1825	{
		1826	return security_ops->setprocattr(p, name, value, size);
		1827	}
		1828
		1829	static inline int security_netlink_send(struct sk_buff * skb)
		1830	{
		1831	return security_ops->netlink_send(skb);
		1832	}
		1833
		1834	static inline int security_netlink_recv(struct sk_buff * skb)
		1835	{
		1836	return security_ops->netlink_recv(skb);
		1837	}
		1838
		1839	/* prototypes */
		1840	extern int security_scaffolding_startup (void);
		1841	extern int register_security (struct security_operations *ops);
		1842	extern int unregister_security (struct security_operations *ops);
		1843	extern int mod_reg_security (const char name, struct security_operations ops);
		1844	extern int mod_unreg_security (const char name, struct security_operations ops);
		1845
		1846
		1847	#else /* CONFIG_SECURITY */
		1848
		1849	/*
		1850	* This is the default capabilities functionality. Most of these functions
		1851	* are just stubbed out, but a few must call the proper capable code.
		1852	*/
		1853
		1854	static inline int security_scaffolding_startup (void)
		1855	{
		1856	return 0;
		1857	}
		1858
		1859	static inline int security_ptrace (struct task_struct parent, struct task_struct child)
		1860	{
		1861	return cap_ptrace (parent, child);
		1862	}
		1863
		1864	static inline int security_capget (struct task_struct *target,
		1865	kernel_cap_t *effective,
		1866	kernel_cap_t *inheritable,
		1867	kernel_cap_t *permitted)
		1868	{
		1869	return cap_capget (target, effective, inheritable, permitted);
		1870	}
		1871
		1872	static inline int security_capset_check (struct task_struct *target,
		1873	kernel_cap_t *effective,
		1874	kernel_cap_t *inheritable,
		1875	kernel_cap_t *permitted)
		1876	{
		1877	return cap_capset_check (target, effective, inheritable, permitted);
		1878	}
		1879
		1880	static inline void security_capset_set (struct task_struct *target,
		1881	kernel_cap_t *effective,
		1882	kernel_cap_t *inheritable,
		1883	kernel_cap_t *permitted)
		1884	{
		1885	cap_capset_set (target, effective, inheritable, permitted);
		1886	}
		1887
		1888	static inline int security_acct (struct file *file)
		1889	{
		1890	return 0;
		1891	}
		1892
		1893	static inline int security_sysctl(ctl_table * table, int op)
		1894	{
		1895	return 0;
		1896	}
		1897
		1898	static inline int security_quotactl (int cmds, int type, int id,
		1899	struct super_block * sb)
		1900	{
		1901	return 0;
		1902	}
		1903
		1904	static inline int security_quota_on (struct file * file)
		1905	{
		1906	return 0;
		1907	}
		1908
		1909	static inline int security_syslog(int type)
		1910	{
		1911	return cap_syslog(type);
		1912	}
		1913
		1914	static inline int security_vm_enough_memory(long pages)
		1915	{
		1916	return cap_vm_enough_memory(pages);
		1917	}
		1918
		1919	static inline int security_bprm_alloc (struct linux_binprm *bprm)
		1920	{
		1921	return 0;
		1922	}
		1923
		1924	static inline void security_bprm_free (struct linux_binprm *bprm)
		1925	{ }
		1926
		1927	static inline void security_bprm_compute_creds (struct linux_binprm *bprm)
		1928	{
		1929	cap_bprm_compute_creds (bprm);
		1930	}
		1931
		1932	static inline int security_bprm_set (struct linux_binprm *bprm)
		1933	{
		1934	return cap_bprm_set_security (bprm);
		1935	}
		1936
		1937	static inline int security_bprm_check (struct linux_binprm *bprm)
		1938	{
		1939	return 0;
		1940	}
		1941
		1942	static inline int security_bprm_secureexec (struct linux_binprm *bprm)
		1943	{
		1944	return cap_bprm_secureexec(bprm);
		1945	}
		1946
		1947	static inline int security_sb_alloc (struct super_block *sb)
		1948	{
		1949	return 0;
		1950	}
		1951
		1952	static inline void security_sb_free (struct super_block *sb)
		1953	{ }
		1954
		1955	static inline int security_sb_kern_mount (struct super_block *sb)
		1956	{
		1957	return 0;
		1958	}
		1959
		1960	static inline int security_sb_statfs (struct super_block *sb)
		1961	{
		1962	return 0;
		1963	}
		1964
		1965	static inline int security_sb_mount (char dev_name, struct nameidata nd,
		1966	char *type, unsigned long flags,
		1967	void *data)
		1968	{
		1969	return 0;
		1970	}
		1971
		1972	static inline int security_sb_check_sb (struct vfsmount *mnt,
		1973	struct nameidata *nd)
		1974	{
		1975	return 0;
		1976	}
		1977
		1978	static inline int security_sb_umount (struct vfsmount *mnt, int flags)
		1979	{
		1980	return 0;
		1981	}
		1982
		1983	static inline void security_sb_umount_close (struct vfsmount *mnt)
		1984	{ }
		1985
		1986	static inline void security_sb_umount_busy (struct vfsmount *mnt)
		1987	{ }
		1988
		1989	static inline void security_sb_post_remount (struct vfsmount *mnt,
		1990	unsigned long flags, void *data)
		1991	{ }
		1992
		1993	static inline void security_sb_post_mountroot (void)
		1994	{ }
		1995
		1996	static inline void security_sb_post_addmount (struct vfsmount *mnt,
		1997	struct nameidata *mountpoint_nd)
		1998	{ }
		1999
		2000	static inline int security_sb_pivotroot (struct nameidata *old_nd,
		2001	struct nameidata *new_nd)
		2002	{
		2003	return 0;
		2004	}
		2005
		2006	static inline void security_sb_post_pivotroot (struct nameidata *old_nd,
		2007	struct nameidata *new_nd)
		2008	{ }
		2009
		2010	static inline int security_inode_alloc (struct inode *inode)
		2011	{
		2012	return 0;
		2013	}
		2014
		2015	static inline void security_inode_free (struct inode *inode)
		2016	{ }
		2017
		2018	static inline int security_inode_create (struct inode *dir,
		2019	struct dentry *dentry,
		2020	int mode)
		2021	{
		2022	return 0;
		2023	}
		2024
		2025	static inline void security_inode_post_create (struct inode *dir,
		2026	struct dentry *dentry,
		2027	int mode)
		2028	{ }
		2029
		2030	static inline int security_inode_link (struct dentry *old_dentry,
		2031	struct inode *dir,
		2032	struct dentry *new_dentry)
		2033	{
		2034	return 0;
		2035	}
		2036
		2037	static inline void security_inode_post_link (struct dentry *old_dentry,
		2038	struct inode *dir,
		2039	struct dentry *new_dentry)
		2040	{ }
		2041
		2042	static inline int security_inode_unlink (struct inode *dir,
		2043	struct dentry *dentry)
		2044	{
		2045	return 0;
		2046	}
		2047
		2048	static inline int security_inode_symlink (struct inode *dir,
		2049	struct dentry *dentry,
		2050	const char *old_name)
		2051	{
		2052	return 0;
		2053	}
		2054
		2055	static inline void security_inode_post_symlink (struct inode *dir,
		2056	struct dentry *dentry,
		2057	const char *old_name)
		2058	{ }
		2059
		2060	static inline int security_inode_mkdir (struct inode *dir,
		2061	struct dentry *dentry,
		2062	int mode)
		2063	{
		2064	return 0;
		2065	}
		2066
		2067	static inline void security_inode_post_mkdir (struct inode *dir,
		2068	struct dentry *dentry,
		2069	int mode)
		2070	{ }
		2071
		2072	static inline int security_inode_rmdir (struct inode *dir,
		2073	struct dentry *dentry)
		2074	{
		2075	return 0;
		2076	}
		2077
		2078	static inline int security_inode_mknod (struct inode *dir,
		2079	struct dentry *dentry,
		2080	int mode, dev_t dev)
		2081	{
		2082	return 0;
		2083	}
		2084
		2085	static inline void security_inode_post_mknod (struct inode *dir,
		2086	struct dentry *dentry,
		2087	int mode, dev_t dev)
		2088	{ }
		2089
		2090	static inline int security_inode_rename (struct inode *old_dir,
		2091	struct dentry *old_dentry,
		2092	struct inode *new_dir,
		2093	struct dentry *new_dentry)
		2094	{
		2095	return 0;
		2096	}
		2097
		2098	static inline void security_inode_post_rename (struct inode *old_dir,
		2099	struct dentry *old_dentry,
		2100	struct inode *new_dir,
		2101	struct dentry *new_dentry)
		2102	{ }
		2103
		2104	static inline int security_inode_readlink (struct dentry *dentry)
		2105	{
		2106	return 0;
		2107	}
		2108
		2109	static inline int security_inode_follow_link (struct dentry *dentry,
		2110	struct nameidata *nd)
		2111	{
		2112	return 0;
		2113	}
		2114
		2115	static inline int security_inode_permission (struct inode *inode, int mask,
		2116	struct nameidata *nd)
		2117	{
		2118	return 0;
		2119	}
		2120
		2121	static inline int security_inode_setattr (struct dentry *dentry,
		2122	struct iattr *attr)
		2123	{
		2124	return 0;
		2125	}
		2126
		2127	static inline int security_inode_getattr (struct vfsmount *mnt,
		2128	struct dentry *dentry)
		2129	{
		2130	return 0;
		2131	}
		2132
		2133	static inline void security_inode_delete (struct inode *inode)
		2134	{ }
		2135
		2136	static inline int security_inode_setxattr (struct dentry dentry, char name,
		2137	void *value, size_t size, int flags)
		2138	{
		2139	return 0;
		2140	}
		2141
		2142	static inline void security_inode_post_setxattr (struct dentry dentry, char name,
		2143	void *value, size_t size, int flags)
		2144	{ }
		2145
		2146	static inline int security_inode_getxattr (struct dentry dentry, char name)
		2147	{
		2148	return 0;
		2149	}
		2150
		2151	static inline int security_inode_listxattr (struct dentry *dentry)
		2152	{
		2153	return 0;
		2154	}
		2155
		2156	static inline int security_inode_removexattr (struct dentry dentry, char name)
		2157	{
		2158	return 0;
		2159	}
		2160
		2161	static inline int security_inode_getsecurity(struct dentry dentry, const char name, void *buffer, size_t size)
		2162	{
		2163	return -EOPNOTSUPP;
		2164	}
		2165
		2166	static inline int security_inode_setsecurity(struct dentry dentry, const char name, const void *value, size_t size, int flags)
		2167	{
		2168	return -EOPNOTSUPP;
		2169	}
		2170
		2171	static inline int security_inode_listsecurity(struct dentry dentry, char buffer)
		2172	{
		2173	return 0;
		2174	}
		2175
		2176	static inline int security_file_permission (struct file *file, int mask)
		2177	{
		2178	return 0;
		2179	}
		2180
		2181	static inline int security_file_alloc (struct file *file)
		2182	{
		2183	return 0;
		2184	}
		2185
		2186	static inline void security_file_free (struct file *file)
		2187	{ }
		2188
		2189	static inline int security_file_ioctl (struct file *file, unsigned int cmd,
		2190	unsigned long arg)
		2191	{
		2192	return 0;
		2193	}
		2194
		2195	static inline int security_file_mmap (struct file *file, unsigned long prot,
		2196	unsigned long flags)
		2197	{
		2198	return 0;
		2199	}
		2200
		2201	static inline int security_file_mprotect (struct vm_area_struct *vma,
		2202	unsigned long prot)
		2203	{
		2204	return 0;
		2205	}
		2206
		2207	static inline int security_file_lock (struct file *file, unsigned int cmd)
		2208	{
		2209	return 0;
		2210	}
		2211
		2212	static inline int security_file_fcntl (struct file *file, unsigned int cmd,
		2213	unsigned long arg)
		2214	{
		2215	return 0;
		2216	}
		2217
		2218	static inline int security_file_set_fowner (struct file *file)
		2219	{
		2220	return 0;
		2221	}
		2222
		2223	static inline int security_file_send_sigiotask (struct task_struct *tsk,
		2224	struct fown_struct *fown,
		2225	int fd, int reason)
		2226	{
		2227	return 0;
		2228	}
		2229
		2230	static inline int security_file_receive (struct file *file)
		2231	{
		2232	return 0;
		2233	}
		2234
		2235	static inline int security_task_create (unsigned long clone_flags)
		2236	{
		2237	return 0;
		2238	}
		2239
		2240	static inline int security_task_alloc (struct task_struct *p)
		2241	{
		2242	return 0;
		2243	}
		2244
		2245	static inline void security_task_free (struct task_struct *p)
		2246	{ }
		2247
		2248	static inline int security_task_setuid (uid_t id0, uid_t id1, uid_t id2,
		2249	int flags)
		2250	{
		2251	return 0;
		2252	}
		2253
		2254	static inline int security_task_post_setuid (uid_t old_ruid, uid_t old_euid,
		2255	uid_t old_suid, int flags)
		2256	{
		2257	return cap_task_post_setuid (old_ruid, old_euid, old_suid, flags);
		2258	}
		2259
		2260	static inline int security_task_setgid (gid_t id0, gid_t id1, gid_t id2,
		2261	int flags)
		2262	{
		2263	return 0;
		2264	}
		2265
		2266	static inline int security_task_setpgid (struct task_struct *p, pid_t pgid)
		2267	{
		2268	return 0;
		2269	}
		2270
		2271	static inline int security_task_getpgid (struct task_struct *p)
		2272	{
		2273	return 0;
		2274	}
		2275
		2276	static inline int security_task_getsid (struct task_struct *p)
		2277	{
		2278	return 0;
		2279	}
		2280
		2281	static inline int security_task_setgroups (int gidsetsize, gid_t *grouplist)
		2282	{
		2283	return 0;
		2284	}
		2285
		2286	static inline int security_task_setnice (struct task_struct *p, int nice)
		2287	{
		2288	return 0;
		2289	}
		2290
		2291	static inline int security_task_setrlimit (unsigned int resource,
		2292	struct rlimit *new_rlim)
		2293	{
		2294	return 0;
		2295	}
		2296
		2297	static inline int security_task_setscheduler (struct task_struct *p,
		2298	int policy,
		2299	struct sched_param *lp)
		2300	{
		2301	return 0;
		2302	}
		2303
		2304	static inline int security_task_getscheduler (struct task_struct *p)
		2305	{
		2306	return 0;
		2307	}
		2308
		2309	static inline int security_task_kill (struct task_struct *p,
		2310	struct siginfo *info, int sig)
		2311	{
		2312	return 0;
		2313	}
		2314
		2315	static inline int security_task_wait (struct task_struct *p)
		2316	{
		2317	return 0;
		2318	}
		2319
		2320	static inline int security_task_prctl (int option, unsigned long arg2,
		2321	unsigned long arg3,
		2322	unsigned long arg4,
		2323	unsigned long arg5)
		2324	{
		2325	return 0;
		2326	}
		2327
		2328	static inline void security_task_reparent_to_init (struct task_struct *p)
		2329	{
		2330	cap_task_reparent_to_init (p);
		2331	}
		2332
		2333	static inline void security_task_to_inode(struct task_struct p, struct inode inode)
		2334	{ }
		2335
		2336	static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
		2337	short flag)
		2338	{
		2339	return 0;
		2340	}
		2341
		2342	static inline int security_msg_msg_alloc (struct msg_msg * msg)
		2343	{
		2344	return 0;
		2345	}
		2346
		2347	static inline void security_msg_msg_free (struct msg_msg * msg)
		2348	{ }
		2349
		2350	static inline int security_msg_queue_alloc (struct msg_queue *msq)
		2351	{
		2352	return 0;
		2353	}
		2354
		2355	static inline void security_msg_queue_free (struct msg_queue *msq)
		2356	{ }
		2357
		2358	static inline int security_msg_queue_associate (struct msg_queue * msq,
		2359	int msqflg)
		2360	{
		2361	return 0;
		2362	}
		2363
		2364	static inline int security_msg_queue_msgctl (struct msg_queue * msq, int cmd)
		2365	{
		2366	return 0;
		2367	}
		2368
		2369	static inline int security_msg_queue_msgsnd (struct msg_queue * msq,
		2370	struct msg_msg * msg, int msqflg)
		2371	{
		2372	return 0;
		2373	}
		2374
		2375	static inline int security_msg_queue_msgrcv (struct msg_queue * msq,
		2376	struct msg_msg * msg,
		2377	struct task_struct * target,
		2378	long type, int mode)
		2379	{
		2380	return 0;
		2381	}
		2382
		2383	static inline int security_shm_alloc (struct shmid_kernel *shp)
		2384	{
		2385	return 0;
		2386	}
		2387
		2388	static inline void security_shm_free (struct shmid_kernel *shp)
		2389	{ }
		2390
		2391	static inline int security_shm_associate (struct shmid_kernel * shp,
		2392	int shmflg)
		2393	{
		2394	return 0;
		2395	}
		2396
		2397	static inline int security_shm_shmctl (struct shmid_kernel * shp, int cmd)
		2398	{
		2399	return 0;
		2400	}
		2401
		2402	static inline int security_shm_shmat (struct shmid_kernel * shp,
		2403	char __user *shmaddr, int shmflg)
		2404	{
		2405	return 0;
		2406	}
		2407
		2408	static inline int security_sem_alloc (struct sem_array *sma)
		2409	{
		2410	return 0;
		2411	}
		2412
		2413	static inline void security_sem_free (struct sem_array *sma)
		2414	{ }
		2415
		2416	static inline int security_sem_associate (struct sem_array * sma, int semflg)
		2417	{
		2418	return 0;
		2419	}
		2420
		2421	static inline int security_sem_semctl (struct sem_array * sma, int cmd)
		2422	{
		2423	return 0;
		2424	}
		2425
		2426	static inline int security_sem_semop (struct sem_array * sma,
		2427	struct sembuf * sops, unsigned nsops,
		2428	int alter)
		2429	{
		2430	return 0;
		2431	}
		2432
		2433	static inline void security_d_instantiate (struct dentry dentry, struct inode inode)
		2434	{ }
		2435
		2436	static inline int security_getprocattr(struct task_struct p, char name, void *value, size_t size)
		2437	{
		2438	return -EINVAL;
		2439	}
		2440
		2441	static inline int security_setprocattr(struct task_struct p, char name, void *value, size_t size)
		2442	{
		2443	return -EINVAL;
		2444	}
		2445
		2446	/*
		2447	* The netlink capability defaults need to be used inline by default
		2448	* (rather than hooking into the capability module) to reduce overhead
		2449	* in the networking code.
		2450	*/
		2451	static inline int security_netlink_send (struct sk_buff *skb)
		2452	{
		2453	return cap_netlink_send (skb);
		2454	}
		2455
		2456	static inline int security_netlink_recv (struct sk_buff *skb)
		2457	{
		2458	return cap_netlink_recv (skb);
		2459	}
		2460
		2461	#endif /* CONFIG_SECURITY */
		2462
		2463	#ifdef CONFIG_SECURITY_NETWORK
		2464	static inline int security_unix_stream_connect(struct socket * sock,
		2465	struct socket * other,
		2466	struct sock * newsk)
		2467	{
		2468	return security_ops->unix_stream_connect(sock, other, newsk);
		2469	}
		2470
		2471
		2472	static inline int security_unix_may_send(struct socket * sock,
		2473	struct socket * other)
		2474	{
		2475	return security_ops->unix_may_send(sock, other);
		2476	}
		2477
		2478	static inline int security_socket_create (int family, int type, int protocol)
		2479	{
		2480	return security_ops->socket_create(family, type, protocol);
		2481	}
		2482
		2483	static inline void security_socket_post_create(struct socket * sock,
		2484	int family,
		2485	int type,
		2486	int protocol)
		2487	{
		2488	security_ops->socket_post_create(sock, family, type, protocol);
		2489	}
		2490
		2491	static inline int security_socket_bind(struct socket * sock,
		2492	struct sockaddr * address,
		2493	int addrlen)
		2494	{
		2495	return security_ops->socket_bind(sock, address, addrlen);
		2496	}
		2497
		2498	static inline int security_socket_connect(struct socket * sock,
		2499	struct sockaddr * address,
		2500	int addrlen)
		2501	{
		2502	return security_ops->socket_connect(sock, address, addrlen);
		2503	}
		2504
		2505	static inline int security_socket_listen(struct socket * sock, int backlog)
		2506	{
		2507	return security_ops->socket_listen(sock, backlog);
		2508	}
		2509
		2510	static inline int security_socket_accept(struct socket * sock,
		2511	struct socket * newsock)
		2512	{
		2513	return security_ops->socket_accept(sock, newsock);
		2514	}
		2515
		2516	static inline void security_socket_post_accept(struct socket * sock,
		2517	struct socket * newsock)
		2518	{
		2519	security_ops->socket_post_accept(sock, newsock);
		2520	}
		2521
		2522	static inline int security_socket_sendmsg(struct socket * sock,
		2523	struct msghdr * msg, int size)
		2524	{
		2525	return security_ops->socket_sendmsg(sock, msg, size);
		2526	}
		2527
		2528	static inline int security_socket_recvmsg(struct socket * sock,
		2529	struct msghdr * msg, int size,
		2530	int flags)
		2531	{
		2532	return security_ops->socket_recvmsg(sock, msg, size, flags);
		2533	}
		2534
		2535	static inline int security_socket_getsockname(struct socket * sock)
		2536	{
		2537	return security_ops->socket_getsockname(sock);
		2538	}
		2539
		2540	static inline int security_socket_getpeername(struct socket * sock)
		2541	{
		2542	return security_ops->socket_getpeername(sock);
		2543	}
		2544
		2545	static inline int security_socket_getsockopt(struct socket * sock,
		2546	int level, int optname)
		2547	{
		2548	return security_ops->socket_getsockopt(sock, level, optname);
		2549	}
		2550
		2551	static inline int security_socket_setsockopt(struct socket * sock,
		2552	int level, int optname)
		2553	{
		2554	return security_ops->socket_setsockopt(sock, level, optname);
		2555	}
		2556
		2557	static inline int security_socket_shutdown(struct socket * sock, int how)
		2558	{
		2559	return security_ops->socket_shutdown(sock, how);
		2560	}
		2561
		2562	static inline int security_sock_rcv_skb (struct sock * sk,
		2563	struct sk_buff * skb)
		2564	{
		2565	return security_ops->socket_sock_rcv_skb (sk, skb);
		2566	}
		2567	#else /* CONFIG_SECURITY_NETWORK */
		2568	static inline int security_unix_stream_connect(struct socket * sock,
		2569	struct socket * other,
		2570	struct sock * newsk)
		2571	{
		2572	return 0;
		2573	}
		2574
		2575	static inline int security_unix_may_send(struct socket * sock,
		2576	struct socket * other)
		2577	{
		2578	return 0;
		2579	}
		2580
		2581	static inline int security_socket_create (int family, int type, int protocol)
		2582	{
		2583	return 0;
		2584	}
		2585
		2586	static inline void security_socket_post_create(struct socket * sock,
		2587	int family,
		2588	int type,
		2589	int protocol)
		2590	{
		2591	}
		2592
		2593	static inline int security_socket_bind(struct socket * sock,
		2594	struct sockaddr * address,
		2595	int addrlen)
		2596	{
		2597	return 0;
		2598	}
		2599
		2600	static inline int security_socket_connect(struct socket * sock,
		2601	struct sockaddr * address,
		2602	int addrlen)
		2603	{
		2604	return 0;
		2605	}
		2606
		2607	static inline int security_socket_listen(struct socket * sock, int backlog)
		2608	{
		2609	return 0;
		2610	}
		2611
		2612	static inline int security_socket_accept(struct socket * sock,
		2613	struct socket * newsock)
		2614	{
		2615	return 0;
		2616	}
		2617
		2618	static inline void security_socket_post_accept(struct socket * sock,
		2619	struct socket * newsock)
		2620	{
		2621	}
		2622
		2623	static inline int security_socket_sendmsg(struct socket * sock,
		2624	struct msghdr * msg, int size)
		2625	{
		2626	return 0;
		2627	}
		2628
		2629	static inline int security_socket_recvmsg(struct socket * sock,
		2630	struct msghdr * msg, int size,
		2631	int flags)
		2632	{
		2633	return 0;
		2634	}
		2635
		2636	static inline int security_socket_getsockname(struct socket * sock)
		2637	{
		2638	return 0;
		2639	}
		2640
		2641	static inline int security_socket_getpeername(struct socket * sock)
		2642	{
		2643	return 0;
		2644	}
		2645
		2646	static inline int security_socket_getsockopt(struct socket * sock,
		2647	int level, int optname)
		2648	{
		2649	return 0;
		2650	}
		2651
		2652	static inline int security_socket_setsockopt(struct socket * sock,
		2653	int level, int optname)
		2654	{
		2655	return 0;
		2656	}
		2657
		2658	static inline int security_socket_shutdown(struct socket * sock, int how)
		2659	{
		2660	return 0;
		2661	}
		2662	static inline int security_sock_rcv_skb (struct sock * sk,
		2663	struct sk_buff * skb)
		2664	{
		2665	return 0;
		2666	}
		2667	#endif /* CONFIG_SECURITY_NETWORK */
		2668
		2669	#endif /* ! __LINUX_SECURITY_H */
		2670

Subversion Repositories shark

(root)/shark/branches/xen/drivers/linuxc26/include/linux/security.h - Rev 1618