1 /* SPDX-License-Identifier: GPL-2.0 */
4 * Linux Security Module Hook declarations.
6 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
7 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
8 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
9 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
10 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
11 * Copyright (C) 2015 Intel Corporation.
12 * Copyright (C) 2015 Casey Schaufler <casey@schaufler-ca.com>
13 * Copyright (C) 2016 Mellanox Techonologies
14 * Copyright (C) 2020 Google LLC.
18 * The macro LSM_HOOK is used to define the data structures required by the
19 * the LSM framework using the pattern:
21 * LSM_HOOK(<return_type>, <default_value>, <hook_name>, args...)
23 * struct security_hook_heads {
24 * #define LSM_HOOK(RET, DEFAULT, NAME, ...) struct hlist_head NAME;
25 * #include <linux/lsm_hook_defs.h>
29 LSM_HOOK(int, 0, binder_set_context_mgr
, struct task_struct
*mgr
)
30 LSM_HOOK(int, 0, binder_transaction
, struct task_struct
*from
,
31 struct task_struct
*to
)
32 LSM_HOOK(int, 0, binder_transfer_binder
, struct task_struct
*from
,
33 struct task_struct
*to
)
34 LSM_HOOK(int, 0, binder_transfer_file
, struct task_struct
*from
,
35 struct task_struct
*to
, struct file
*file
)
36 LSM_HOOK(int, 0, ptrace_access_check
, struct task_struct
*child
,
38 LSM_HOOK(int, 0, ptrace_traceme
, struct task_struct
*parent
)
39 LSM_HOOK(int, 0, capget
, struct task_struct
*target
, kernel_cap_t
*effective
,
40 kernel_cap_t
*inheritable
, kernel_cap_t
*permitted
)
41 LSM_HOOK(int, 0, capset
, struct cred
*new, const struct cred
*old
,
42 const kernel_cap_t
*effective
, const kernel_cap_t
*inheritable
,
43 const kernel_cap_t
*permitted
)
44 LSM_HOOK(int, 0, capable
, const struct cred
*cred
, struct user_namespace
*ns
,
45 int cap
, unsigned int opts
)
46 LSM_HOOK(int, 0, quotactl
, int cmds
, int type
, int id
, struct super_block
*sb
)
47 LSM_HOOK(int, 0, quota_on
, struct dentry
*dentry
)
48 LSM_HOOK(int, 0, syslog
, int type
)
49 LSM_HOOK(int, 0, settime
, const struct timespec64
*ts
,
50 const struct timezone
*tz
)
51 LSM_HOOK(int, 0, vm_enough_memory
, struct mm_struct
*mm
, long pages
)
52 LSM_HOOK(int, 0, bprm_set_creds
, struct linux_binprm
*bprm
)
53 LSM_HOOK(int, 0, bprm_check_security
, struct linux_binprm
*bprm
)
54 LSM_HOOK(void, LSM_RET_VOID
, bprm_committing_creds
, struct linux_binprm
*bprm
)
55 LSM_HOOK(void, LSM_RET_VOID
, bprm_committed_creds
, struct linux_binprm
*bprm
)
56 LSM_HOOK(int, 0, fs_context_dup
, struct fs_context
*fc
,
57 struct fs_context
*src_sc
)
58 LSM_HOOK(int, 0, fs_context_parse_param
, struct fs_context
*fc
,
59 struct fs_parameter
*param
)
60 LSM_HOOK(int, 0, sb_alloc_security
, struct super_block
*sb
)
61 LSM_HOOK(void, LSM_RET_VOID
, sb_free_security
, struct super_block
*sb
)
62 LSM_HOOK(void, LSM_RET_VOID
, sb_free_mnt_opts
, void *mnt_opts
)
63 LSM_HOOK(int, 0, sb_eat_lsm_opts
, char *orig
, void **mnt_opts
)
64 LSM_HOOK(int, 0, sb_remount
, struct super_block
*sb
, void *mnt_opts
)
65 LSM_HOOK(int, 0, sb_kern_mount
, struct super_block
*sb
)
66 LSM_HOOK(int, 0, sb_show_options
, struct seq_file
*m
, struct super_block
*sb
)
67 LSM_HOOK(int, 0, sb_statfs
, struct dentry
*dentry
)
68 LSM_HOOK(int, 0, sb_mount
, const char *dev_name
, const struct path
*path
,
69 const char *type
, unsigned long flags
, void *data
)
70 LSM_HOOK(int, 0, sb_umount
, struct vfsmount
*mnt
, int flags
)
71 LSM_HOOK(int, 0, sb_pivotroot
, const struct path
*old_path
,
72 const struct path
*new_path
)
73 LSM_HOOK(int, 0, sb_set_mnt_opts
, struct super_block
*sb
, void *mnt_opts
,
74 unsigned long kern_flags
, unsigned long *set_kern_flags
)
75 LSM_HOOK(int, 0, sb_clone_mnt_opts
, const struct super_block
*oldsb
,
76 struct super_block
*newsb
, unsigned long kern_flags
,
77 unsigned long *set_kern_flags
)
78 LSM_HOOK(int, 0, sb_add_mnt_opt
, const char *option
, const char *val
,
79 int len
, void **mnt_opts
)
80 LSM_HOOK(int, 0, move_mount
, const struct path
*from_path
,
81 const struct path
*to_path
)
82 LSM_HOOK(int, 0, dentry_init_security
, struct dentry
*dentry
,
83 int mode
, const struct qstr
*name
, void **ctx
, u32
*ctxlen
)
84 LSM_HOOK(int, 0, dentry_create_files_as
, struct dentry
*dentry
, int mode
,
85 struct qstr
*name
, const struct cred
*old
, struct cred
*new)
87 #ifdef CONFIG_SECURITY_PATH
88 LSM_HOOK(int, 0, path_unlink
, const struct path
*dir
, struct dentry
*dentry
)
89 LSM_HOOK(int, 0, path_mkdir
, const struct path
*dir
, struct dentry
*dentry
,
91 LSM_HOOK(int, 0, path_rmdir
, const struct path
*dir
, struct dentry
*dentry
)
92 LSM_HOOK(int, 0, path_mknod
, const struct path
*dir
, struct dentry
*dentry
,
93 umode_t mode
, unsigned int dev
)
94 LSM_HOOK(int, 0, path_truncate
, const struct path
*path
)
95 LSM_HOOK(int, 0, path_symlink
, const struct path
*dir
, struct dentry
*dentry
,
97 LSM_HOOK(int, 0, path_link
, struct dentry
*old_dentry
,
98 const struct path
*new_dir
, struct dentry
*new_dentry
)
99 LSM_HOOK(int, 0, path_rename
, const struct path
*old_dir
,
100 struct dentry
*old_dentry
, const struct path
*new_dir
,
101 struct dentry
*new_dentry
)
102 LSM_HOOK(int, 0, path_chmod
, const struct path
*path
, umode_t mode
)
103 LSM_HOOK(int, 0, path_chown
, const struct path
*path
, kuid_t uid
, kgid_t gid
)
104 LSM_HOOK(int, 0, path_chroot
, const struct path
*path
)
105 #endif /* CONFIG_SECURITY_PATH */
107 /* Needed for inode based security check */
108 LSM_HOOK(int, 0, path_notify
, const struct path
*path
, u64 mask
,
109 unsigned int obj_type
)
110 LSM_HOOK(int, 0, inode_alloc_security
, struct inode
*inode
)
111 LSM_HOOK(void, LSM_RET_VOID
, inode_free_security
, struct inode
*inode
)
112 LSM_HOOK(int, 0, inode_init_security
, struct inode
*inode
,
113 struct inode
*dir
, const struct qstr
*qstr
, const char **name
,
114 void **value
, size_t *len
)
115 LSM_HOOK(int, 0, inode_create
, struct inode
*dir
, struct dentry
*dentry
,
117 LSM_HOOK(int, 0, inode_link
, struct dentry
*old_dentry
, struct inode
*dir
,
118 struct dentry
*new_dentry
)
119 LSM_HOOK(int, 0, inode_unlink
, struct inode
*dir
, struct dentry
*dentry
)
120 LSM_HOOK(int, 0, inode_symlink
, struct inode
*dir
, struct dentry
*dentry
,
121 const char *old_name
)
122 LSM_HOOK(int, 0, inode_mkdir
, struct inode
*dir
, struct dentry
*dentry
,
124 LSM_HOOK(int, 0, inode_rmdir
, struct inode
*dir
, struct dentry
*dentry
)
125 LSM_HOOK(int, 0, inode_mknod
, struct inode
*dir
, struct dentry
*dentry
,
126 umode_t mode
, dev_t dev
)
127 LSM_HOOK(int, 0, inode_rename
, struct inode
*old_dir
, struct dentry
*old_dentry
,
128 struct inode
*new_dir
, struct dentry
*new_dentry
)
129 LSM_HOOK(int, 0, inode_readlink
, struct dentry
*dentry
)
130 LSM_HOOK(int, 0, inode_follow_link
, struct dentry
*dentry
, struct inode
*inode
,
132 LSM_HOOK(int, 0, inode_permission
, struct inode
*inode
, int mask
)
133 LSM_HOOK(int, 0, inode_setattr
, struct dentry
*dentry
, struct iattr
*attr
)
134 LSM_HOOK(int, 0, inode_getattr
, const struct path
*path
)
135 LSM_HOOK(int, 0, inode_setxattr
, struct dentry
*dentry
, const char *name
,
136 const void *value
, size_t size
, int flags
)
137 LSM_HOOK(void, LSM_RET_VOID
, inode_post_setxattr
, struct dentry
*dentry
,
138 const char *name
, const void *value
, size_t size
, int flags
)
139 LSM_HOOK(int, 0, inode_getxattr
, struct dentry
*dentry
, const char *name
)
140 LSM_HOOK(int, 0, inode_listxattr
, struct dentry
*dentry
)
141 LSM_HOOK(int, 0, inode_removexattr
, struct dentry
*dentry
, const char *name
)
142 LSM_HOOK(int, 0, inode_need_killpriv
, struct dentry
*dentry
)
143 LSM_HOOK(int, 0, inode_killpriv
, struct dentry
*dentry
)
144 LSM_HOOK(int, -EOPNOTSUPP
, inode_getsecurity
, struct inode
*inode
,
145 const char *name
, void **buffer
, bool alloc
)
146 LSM_HOOK(int, -EOPNOTSUPP
, inode_setsecurity
, struct inode
*inode
,
147 const char *name
, const void *value
, size_t size
, int flags
)
148 LSM_HOOK(int, 0, inode_listsecurity
, struct inode
*inode
, char *buffer
,
150 LSM_HOOK(void, LSM_RET_VOID
, inode_getsecid
, struct inode
*inode
, u32
*secid
)
151 LSM_HOOK(int, 0, inode_copy_up
, struct dentry
*src
, struct cred
**new)
152 LSM_HOOK(int, 0, inode_copy_up_xattr
, const char *name
)
153 LSM_HOOK(int, 0, kernfs_init_security
, struct kernfs_node
*kn_dir
,
154 struct kernfs_node
*kn
)
155 LSM_HOOK(int, 0, file_permission
, struct file
*file
, int mask
)
156 LSM_HOOK(int, 0, file_alloc_security
, struct file
*file
)
157 LSM_HOOK(void, LSM_RET_VOID
, file_free_security
, struct file
*file
)
158 LSM_HOOK(int, 0, file_ioctl
, struct file
*file
, unsigned int cmd
,
160 LSM_HOOK(int, 0, mmap_addr
, unsigned long addr
)
161 LSM_HOOK(int, 0, mmap_file
, struct file
*file
, unsigned long reqprot
,
162 unsigned long prot
, unsigned long flags
)
163 LSM_HOOK(int, 0, file_mprotect
, struct vm_area_struct
*vma
,
164 unsigned long reqprot
, unsigned long prot
)
165 LSM_HOOK(int, 0, file_lock
, struct file
*file
, unsigned int cmd
)
166 LSM_HOOK(int, 0, file_fcntl
, struct file
*file
, unsigned int cmd
,
168 LSM_HOOK(void, LSM_RET_VOID
, file_set_fowner
, struct file
*file
)
169 LSM_HOOK(int, 0, file_send_sigiotask
, struct task_struct
*tsk
,
170 struct fown_struct
*fown
, int sig
)
171 LSM_HOOK(int, 0, file_receive
, struct file
*file
)
172 LSM_HOOK(int, 0, file_open
, struct file
*file
)
173 LSM_HOOK(int, 0, task_alloc
, struct task_struct
*task
,
174 unsigned long clone_flags
)
175 LSM_HOOK(void, LSM_RET_VOID
, task_free
, struct task_struct
*task
)
176 LSM_HOOK(int, 0, cred_alloc_blank
, struct cred
*cred
, gfp_t gfp
)
177 LSM_HOOK(void, LSM_RET_VOID
, cred_free
, struct cred
*cred
)
178 LSM_HOOK(int, 0, cred_prepare
, struct cred
*new, const struct cred
*old
,
180 LSM_HOOK(void, LSM_RET_VOID
, cred_transfer
, struct cred
*new,
181 const struct cred
*old
)
182 LSM_HOOK(void, LSM_RET_VOID
, cred_getsecid
, const struct cred
*c
, u32
*secid
)
183 LSM_HOOK(int, 0, kernel_act_as
, struct cred
*new, u32 secid
)
184 LSM_HOOK(int, 0, kernel_create_files_as
, struct cred
*new, struct inode
*inode
)
185 LSM_HOOK(int, 0, kernel_module_request
, char *kmod_name
)
186 LSM_HOOK(int, 0, kernel_load_data
, enum kernel_load_data_id id
)
187 LSM_HOOK(int, 0, kernel_read_file
, struct file
*file
,
188 enum kernel_read_file_id id
)
189 LSM_HOOK(int, 0, kernel_post_read_file
, struct file
*file
, char *buf
,
190 loff_t size
, enum kernel_read_file_id id
)
191 LSM_HOOK(int, 0, task_fix_setuid
, struct cred
*new, const struct cred
*old
,
193 LSM_HOOK(int, 0, task_setpgid
, struct task_struct
*p
, pid_t pgid
)
194 LSM_HOOK(int, 0, task_getpgid
, struct task_struct
*p
)
195 LSM_HOOK(int, 0, task_getsid
, struct task_struct
*p
)
196 LSM_HOOK(void, LSM_RET_VOID
, task_getsecid
, struct task_struct
*p
, u32
*secid
)
197 LSM_HOOK(int, 0, task_setnice
, struct task_struct
*p
, int nice
)
198 LSM_HOOK(int, 0, task_setioprio
, struct task_struct
*p
, int ioprio
)
199 LSM_HOOK(int, 0, task_getioprio
, struct task_struct
*p
)
200 LSM_HOOK(int, 0, task_prlimit
, const struct cred
*cred
,
201 const struct cred
*tcred
, unsigned int flags
)
202 LSM_HOOK(int, 0, task_setrlimit
, struct task_struct
*p
, unsigned int resource
,
203 struct rlimit
*new_rlim
)
204 LSM_HOOK(int, 0, task_setscheduler
, struct task_struct
*p
)
205 LSM_HOOK(int, 0, task_getscheduler
, struct task_struct
*p
)
206 LSM_HOOK(int, 0, task_movememory
, struct task_struct
*p
)
207 LSM_HOOK(int, 0, task_kill
, struct task_struct
*p
, struct kernel_siginfo
*info
,
208 int sig
, const struct cred
*cred
)
209 LSM_HOOK(int, -ENOSYS
, task_prctl
, int option
, unsigned long arg2
,
210 unsigned long arg3
, unsigned long arg4
, unsigned long arg5
)
211 LSM_HOOK(void, LSM_RET_VOID
, task_to_inode
, struct task_struct
*p
,
213 LSM_HOOK(int, 0, ipc_permission
, struct kern_ipc_perm
*ipcp
, short flag
)
214 LSM_HOOK(void, LSM_RET_VOID
, ipc_getsecid
, struct kern_ipc_perm
*ipcp
,
216 LSM_HOOK(int, 0, msg_msg_alloc_security
, struct msg_msg
*msg
)
217 LSM_HOOK(void, LSM_RET_VOID
, msg_msg_free_security
, struct msg_msg
*msg
)
218 LSM_HOOK(int, 0, msg_queue_alloc_security
, struct kern_ipc_perm
*perm
)
219 LSM_HOOK(void, LSM_RET_VOID
, msg_queue_free_security
,
220 struct kern_ipc_perm
*perm
)
221 LSM_HOOK(int, 0, msg_queue_associate
, struct kern_ipc_perm
*perm
, int msqflg
)
222 LSM_HOOK(int, 0, msg_queue_msgctl
, struct kern_ipc_perm
*perm
, int cmd
)
223 LSM_HOOK(int, 0, msg_queue_msgsnd
, struct kern_ipc_perm
*perm
,
224 struct msg_msg
*msg
, int msqflg
)
225 LSM_HOOK(int, 0, msg_queue_msgrcv
, struct kern_ipc_perm
*perm
,
226 struct msg_msg
*msg
, struct task_struct
*target
, long type
, int mode
)
227 LSM_HOOK(int, 0, shm_alloc_security
, struct kern_ipc_perm
*perm
)
228 LSM_HOOK(void, LSM_RET_VOID
, shm_free_security
, struct kern_ipc_perm
*perm
)
229 LSM_HOOK(int, 0, shm_associate
, struct kern_ipc_perm
*perm
, int shmflg
)
230 LSM_HOOK(int, 0, shm_shmctl
, struct kern_ipc_perm
*perm
, int cmd
)
231 LSM_HOOK(int, 0, shm_shmat
, struct kern_ipc_perm
*perm
, char __user
*shmaddr
,
233 LSM_HOOK(int, 0, sem_alloc_security
, struct kern_ipc_perm
*perm
)
234 LSM_HOOK(void, LSM_RET_VOID
, sem_free_security
, struct kern_ipc_perm
*perm
)
235 LSM_HOOK(int, 0, sem_associate
, struct kern_ipc_perm
*perm
, int semflg
)
236 LSM_HOOK(int, 0, sem_semctl
, struct kern_ipc_perm
*perm
, int cmd
)
237 LSM_HOOK(int, 0, sem_semop
, struct kern_ipc_perm
*perm
, struct sembuf
*sops
,
238 unsigned nsops
, int alter
)
239 LSM_HOOK(int, 0, netlink_send
, struct sock
*sk
, struct sk_buff
*skb
)
240 LSM_HOOK(void, LSM_RET_VOID
, d_instantiate
, struct dentry
*dentry
,
242 LSM_HOOK(int, -EINVAL
, getprocattr
, struct task_struct
*p
, char *name
,
244 LSM_HOOK(int, -EINVAL
, setprocattr
, const char *name
, void *value
, size_t size
)
245 LSM_HOOK(int, 0, ismaclabel
, const char *name
)
246 LSM_HOOK(int, 0, secid_to_secctx
, u32 secid
, char **secdata
,
248 LSM_HOOK(int, 0, secctx_to_secid
, const char *secdata
, u32 seclen
, u32
*secid
)
249 LSM_HOOK(void, LSM_RET_VOID
, release_secctx
, char *secdata
, u32 seclen
)
250 LSM_HOOK(void, LSM_RET_VOID
, inode_invalidate_secctx
, struct inode
*inode
)
251 LSM_HOOK(int, 0, inode_notifysecctx
, struct inode
*inode
, void *ctx
, u32 ctxlen
)
252 LSM_HOOK(int, 0, inode_setsecctx
, struct dentry
*dentry
, void *ctx
, u32 ctxlen
)
253 LSM_HOOK(int, 0, inode_getsecctx
, struct inode
*inode
, void **ctx
,
256 #ifdef CONFIG_SECURITY_NETWORK
257 LSM_HOOK(int, 0, unix_stream_connect
, struct sock
*sock
, struct sock
*other
,
259 LSM_HOOK(int, 0, unix_may_send
, struct socket
*sock
, struct socket
*other
)
260 LSM_HOOK(int, 0, socket_create
, int family
, int type
, int protocol
, int kern
)
261 LSM_HOOK(int, 0, socket_post_create
, struct socket
*sock
, int family
, int type
,
262 int protocol
, int kern
)
263 LSM_HOOK(int, 0, socket_socketpair
, struct socket
*socka
, struct socket
*sockb
)
264 LSM_HOOK(int, 0, socket_bind
, struct socket
*sock
, struct sockaddr
*address
,
266 LSM_HOOK(int, 0, socket_connect
, struct socket
*sock
, struct sockaddr
*address
,
268 LSM_HOOK(int, 0, socket_listen
, struct socket
*sock
, int backlog
)
269 LSM_HOOK(int, 0, socket_accept
, struct socket
*sock
, struct socket
*newsock
)
270 LSM_HOOK(int, 0, socket_sendmsg
, struct socket
*sock
, struct msghdr
*msg
,
272 LSM_HOOK(int, 0, socket_recvmsg
, struct socket
*sock
, struct msghdr
*msg
,
274 LSM_HOOK(int, 0, socket_getsockname
, struct socket
*sock
)
275 LSM_HOOK(int, 0, socket_getpeername
, struct socket
*sock
)
276 LSM_HOOK(int, 0, socket_getsockopt
, struct socket
*sock
, int level
, int optname
)
277 LSM_HOOK(int, 0, socket_setsockopt
, struct socket
*sock
, int level
, int optname
)
278 LSM_HOOK(int, 0, socket_shutdown
, struct socket
*sock
, int how
)
279 LSM_HOOK(int, 0, socket_sock_rcv_skb
, struct sock
*sk
, struct sk_buff
*skb
)
280 LSM_HOOK(int, 0, socket_getpeersec_stream
, struct socket
*sock
,
281 char __user
*optval
, int __user
*optlen
, unsigned len
)
282 LSM_HOOK(int, 0, socket_getpeersec_dgram
, struct socket
*sock
,
283 struct sk_buff
*skb
, u32
*secid
)
284 LSM_HOOK(int, 0, sk_alloc_security
, struct sock
*sk
, int family
, gfp_t priority
)
285 LSM_HOOK(void, LSM_RET_VOID
, sk_free_security
, struct sock
*sk
)
286 LSM_HOOK(void, LSM_RET_VOID
, sk_clone_security
, const struct sock
*sk
,
288 LSM_HOOK(void, LSM_RET_VOID
, sk_getsecid
, struct sock
*sk
, u32
*secid
)
289 LSM_HOOK(void, LSM_RET_VOID
, sock_graft
, struct sock
*sk
, struct socket
*parent
)
290 LSM_HOOK(int, 0, inet_conn_request
, struct sock
*sk
, struct sk_buff
*skb
,
291 struct request_sock
*req
)
292 LSM_HOOK(void, LSM_RET_VOID
, inet_csk_clone
, struct sock
*newsk
,
293 const struct request_sock
*req
)
294 LSM_HOOK(void, LSM_RET_VOID
, inet_conn_established
, struct sock
*sk
,
296 LSM_HOOK(int, 0, secmark_relabel_packet
, u32 secid
)
297 LSM_HOOK(void, LSM_RET_VOID
, secmark_refcount_inc
, void)
298 LSM_HOOK(void, LSM_RET_VOID
, secmark_refcount_dec
, void)
299 LSM_HOOK(void, LSM_RET_VOID
, req_classify_flow
, const struct request_sock
*req
,
301 LSM_HOOK(int, 0, tun_dev_alloc_security
, void **security
)
302 LSM_HOOK(void, LSM_RET_VOID
, tun_dev_free_security
, void *security
)
303 LSM_HOOK(int, 0, tun_dev_create
, void)
304 LSM_HOOK(int, 0, tun_dev_attach_queue
, void *security
)
305 LSM_HOOK(int, 0, tun_dev_attach
, struct sock
*sk
, void *security
)
306 LSM_HOOK(int, 0, tun_dev_open
, void *security
)
307 LSM_HOOK(int, 0, sctp_assoc_request
, struct sctp_endpoint
*ep
,
309 LSM_HOOK(int, 0, sctp_bind_connect
, struct sock
*sk
, int optname
,
310 struct sockaddr
*address
, int addrlen
)
311 LSM_HOOK(void, LSM_RET_VOID
, sctp_sk_clone
, struct sctp_endpoint
*ep
,
312 struct sock
*sk
, struct sock
*newsk
)
313 #endif /* CONFIG_SECURITY_NETWORK */
315 #ifdef CONFIG_SECURITY_INFINIBAND
316 LSM_HOOK(int, 0, ib_pkey_access
, void *sec
, u64 subnet_prefix
, u16 pkey
)
317 LSM_HOOK(int, 0, ib_endport_manage_subnet
, void *sec
, const char *dev_name
,
319 LSM_HOOK(int, 0, ib_alloc_security
, void **sec
)
320 LSM_HOOK(void, LSM_RET_VOID
, ib_free_security
, void *sec
)
321 #endif /* CONFIG_SECURITY_INFINIBAND */
323 #ifdef CONFIG_SECURITY_NETWORK_XFRM
324 LSM_HOOK(int, 0, xfrm_policy_alloc_security
, struct xfrm_sec_ctx
**ctxp
,
325 struct xfrm_user_sec_ctx
*sec_ctx
, gfp_t gfp
)
326 LSM_HOOK(int, 0, xfrm_policy_clone_security
, struct xfrm_sec_ctx
*old_ctx
,
327 struct xfrm_sec_ctx
**new_ctx
)
328 LSM_HOOK(void, LSM_RET_VOID
, xfrm_policy_free_security
,
329 struct xfrm_sec_ctx
*ctx
)
330 LSM_HOOK(int, 0, xfrm_policy_delete_security
, struct xfrm_sec_ctx
*ctx
)
331 LSM_HOOK(int, 0, xfrm_state_alloc
, struct xfrm_state
*x
,
332 struct xfrm_user_sec_ctx
*sec_ctx
)
333 LSM_HOOK(int, 0, xfrm_state_alloc_acquire
, struct xfrm_state
*x
,
334 struct xfrm_sec_ctx
*polsec
, u32 secid
)
335 LSM_HOOK(void, LSM_RET_VOID
, xfrm_state_free_security
, struct xfrm_state
*x
)
336 LSM_HOOK(int, 0, xfrm_state_delete_security
, struct xfrm_state
*x
)
337 LSM_HOOK(int, 0, xfrm_policy_lookup
, struct xfrm_sec_ctx
*ctx
, u32 fl_secid
,
339 LSM_HOOK(int, 1, xfrm_state_pol_flow_match
, struct xfrm_state
*x
,
340 struct xfrm_policy
*xp
, const struct flowi
*fl
)
341 LSM_HOOK(int, 0, xfrm_decode_session
, struct sk_buff
*skb
, u32
*secid
,
343 #endif /* CONFIG_SECURITY_NETWORK_XFRM */
345 /* key management security hooks */
347 LSM_HOOK(int, 0, key_alloc
, struct key
*key
, const struct cred
*cred
,
349 LSM_HOOK(void, LSM_RET_VOID
, key_free
, struct key
*key
)
350 LSM_HOOK(int, 0, key_permission
, key_ref_t key_ref
, const struct cred
*cred
,
352 LSM_HOOK(int, 0, key_getsecurity
, struct key
*key
, char **_buffer
)
353 #endif /* CONFIG_KEYS */
356 LSM_HOOK(int, 0, audit_rule_init
, u32 field
, u32 op
, char *rulestr
,
358 LSM_HOOK(int, 0, audit_rule_known
, struct audit_krule
*krule
)
359 LSM_HOOK(int, 0, audit_rule_match
, u32 secid
, u32 field
, u32 op
, void *lsmrule
)
360 LSM_HOOK(void, LSM_RET_VOID
, audit_rule_free
, void *lsmrule
)
361 #endif /* CONFIG_AUDIT */
363 #ifdef CONFIG_BPF_SYSCALL
364 LSM_HOOK(int, 0, bpf
, int cmd
, union bpf_attr
*attr
, unsigned int size
)
365 LSM_HOOK(int, 0, bpf_map
, struct bpf_map
*map
, fmode_t fmode
)
366 LSM_HOOK(int, 0, bpf_prog
, struct bpf_prog
*prog
)
367 LSM_HOOK(int, 0, bpf_map_alloc_security
, struct bpf_map
*map
)
368 LSM_HOOK(void, LSM_RET_VOID
, bpf_map_free_security
, struct bpf_map
*map
)
369 LSM_HOOK(int, 0, bpf_prog_alloc_security
, struct bpf_prog_aux
*aux
)
370 LSM_HOOK(void, LSM_RET_VOID
, bpf_prog_free_security
, struct bpf_prog_aux
*aux
)
371 #endif /* CONFIG_BPF_SYSCALL */
373 LSM_HOOK(int, 0, locked_down
, enum lockdown_reason what
)
375 #ifdef CONFIG_PERF_EVENTS
376 LSM_HOOK(int, 0, perf_event_open
, struct perf_event_attr
*attr
, int type
)
377 LSM_HOOK(int, 0, perf_event_alloc
, struct perf_event
*event
)
378 LSM_HOOK(void, LSM_RET_VOID
, perf_event_free
, struct perf_event
*event
)
379 LSM_HOOK(int, 0, perf_event_read
, struct perf_event
*event
)
380 LSM_HOOK(int, 0, perf_event_write
, struct perf_event
*event
)
381 #endif /* CONFIG_PERF_EVENTS */