1 /* SPDX-License-Identifier: GPL-2.0 */
4 * Linux Security Module Hook declarations.
6 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
7 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com>
8 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
9 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au>
10 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
11 * Copyright (C) 2015 Intel Corporation.
12 * Copyright (C) 2015 Casey Schaufler <casey@schaufler-ca.com>
13 * Copyright (C) 2016 Mellanox Techonologies
14 * Copyright (C) 2020 Google LLC.
18 * The macro LSM_HOOK is used to define the data structures required by the
19 * the LSM framework using the pattern:
21 * LSM_HOOK(<return_type>, <default_value>, <hook_name>, args...)
23 * struct security_hook_heads {
24 * #define LSM_HOOK(RET, DEFAULT, NAME, ...) struct hlist_head NAME;
25 * #include <linux/lsm_hook_defs.h>
29 LSM_HOOK(int, 0, binder_set_context_mgr
, struct task_struct
*mgr
)
30 LSM_HOOK(int, 0, binder_transaction
, struct task_struct
*from
,
31 struct task_struct
*to
)
32 LSM_HOOK(int, 0, binder_transfer_binder
, struct task_struct
*from
,
33 struct task_struct
*to
)
34 LSM_HOOK(int, 0, binder_transfer_file
, struct task_struct
*from
,
35 struct task_struct
*to
, struct file
*file
)
36 LSM_HOOK(int, 0, ptrace_access_check
, struct task_struct
*child
,
38 LSM_HOOK(int, 0, ptrace_traceme
, struct task_struct
*parent
)
39 LSM_HOOK(int, 0, capget
, struct task_struct
*target
, kernel_cap_t
*effective
,
40 kernel_cap_t
*inheritable
, kernel_cap_t
*permitted
)
41 LSM_HOOK(int, 0, capset
, struct cred
*new, const struct cred
*old
,
42 const kernel_cap_t
*effective
, const kernel_cap_t
*inheritable
,
43 const kernel_cap_t
*permitted
)
44 LSM_HOOK(int, 0, capable
, const struct cred
*cred
, struct user_namespace
*ns
,
45 int cap
, unsigned int opts
)
46 LSM_HOOK(int, 0, quotactl
, int cmds
, int type
, int id
, struct super_block
*sb
)
47 LSM_HOOK(int, 0, quota_on
, struct dentry
*dentry
)
48 LSM_HOOK(int, 0, syslog
, int type
)
49 LSM_HOOK(int, 0, settime
, const struct timespec64
*ts
,
50 const struct timezone
*tz
)
51 LSM_HOOK(int, 0, vm_enough_memory
, struct mm_struct
*mm
, long pages
)
52 LSM_HOOK(int, 0, bprm_creds_for_exec
, struct linux_binprm
*bprm
)
53 LSM_HOOK(int, 0, bprm_creds_from_file
, struct linux_binprm
*bprm
, struct file
*file
)
54 LSM_HOOK(int, 0, bprm_check_security
, struct linux_binprm
*bprm
)
55 LSM_HOOK(void, LSM_RET_VOID
, bprm_committing_creds
, struct linux_binprm
*bprm
)
56 LSM_HOOK(void, LSM_RET_VOID
, bprm_committed_creds
, struct linux_binprm
*bprm
)
57 LSM_HOOK(int, 0, fs_context_dup
, struct fs_context
*fc
,
58 struct fs_context
*src_sc
)
59 LSM_HOOK(int, -ENOPARAM
, fs_context_parse_param
, struct fs_context
*fc
,
60 struct fs_parameter
*param
)
61 LSM_HOOK(int, 0, sb_alloc_security
, struct super_block
*sb
)
62 LSM_HOOK(void, LSM_RET_VOID
, sb_free_security
, struct super_block
*sb
)
63 LSM_HOOK(void, LSM_RET_VOID
, sb_free_mnt_opts
, void *mnt_opts
)
64 LSM_HOOK(int, 0, sb_eat_lsm_opts
, char *orig
, void **mnt_opts
)
65 LSM_HOOK(int, 0, sb_remount
, struct super_block
*sb
, void *mnt_opts
)
66 LSM_HOOK(int, 0, sb_kern_mount
, struct super_block
*sb
)
67 LSM_HOOK(int, 0, sb_show_options
, struct seq_file
*m
, struct super_block
*sb
)
68 LSM_HOOK(int, 0, sb_statfs
, struct dentry
*dentry
)
69 LSM_HOOK(int, 0, sb_mount
, const char *dev_name
, const struct path
*path
,
70 const char *type
, unsigned long flags
, void *data
)
71 LSM_HOOK(int, 0, sb_umount
, struct vfsmount
*mnt
, int flags
)
72 LSM_HOOK(int, 0, sb_pivotroot
, const struct path
*old_path
,
73 const struct path
*new_path
)
74 LSM_HOOK(int, 0, sb_set_mnt_opts
, struct super_block
*sb
, void *mnt_opts
,
75 unsigned long kern_flags
, unsigned long *set_kern_flags
)
76 LSM_HOOK(int, 0, sb_clone_mnt_opts
, const struct super_block
*oldsb
,
77 struct super_block
*newsb
, unsigned long kern_flags
,
78 unsigned long *set_kern_flags
)
79 LSM_HOOK(int, 0, sb_add_mnt_opt
, const char *option
, const char *val
,
80 int len
, void **mnt_opts
)
81 LSM_HOOK(int, 0, move_mount
, const struct path
*from_path
,
82 const struct path
*to_path
)
83 LSM_HOOK(int, 0, dentry_init_security
, struct dentry
*dentry
,
84 int mode
, const struct qstr
*name
, void **ctx
, u32
*ctxlen
)
85 LSM_HOOK(int, 0, dentry_create_files_as
, struct dentry
*dentry
, int mode
,
86 struct qstr
*name
, const struct cred
*old
, struct cred
*new)
88 #ifdef CONFIG_SECURITY_PATH
89 LSM_HOOK(int, 0, path_unlink
, const struct path
*dir
, struct dentry
*dentry
)
90 LSM_HOOK(int, 0, path_mkdir
, const struct path
*dir
, struct dentry
*dentry
,
92 LSM_HOOK(int, 0, path_rmdir
, const struct path
*dir
, struct dentry
*dentry
)
93 LSM_HOOK(int, 0, path_mknod
, const struct path
*dir
, struct dentry
*dentry
,
94 umode_t mode
, unsigned int dev
)
95 LSM_HOOK(int, 0, path_truncate
, const struct path
*path
)
96 LSM_HOOK(int, 0, path_symlink
, const struct path
*dir
, struct dentry
*dentry
,
98 LSM_HOOK(int, 0, path_link
, struct dentry
*old_dentry
,
99 const struct path
*new_dir
, struct dentry
*new_dentry
)
100 LSM_HOOK(int, 0, path_rename
, const struct path
*old_dir
,
101 struct dentry
*old_dentry
, const struct path
*new_dir
,
102 struct dentry
*new_dentry
)
103 LSM_HOOK(int, 0, path_chmod
, const struct path
*path
, umode_t mode
)
104 LSM_HOOK(int, 0, path_chown
, const struct path
*path
, kuid_t uid
, kgid_t gid
)
105 LSM_HOOK(int, 0, path_chroot
, const struct path
*path
)
106 #endif /* CONFIG_SECURITY_PATH */
108 /* Needed for inode based security check */
109 LSM_HOOK(int, 0, path_notify
, const struct path
*path
, u64 mask
,
110 unsigned int obj_type
)
111 LSM_HOOK(int, 0, inode_alloc_security
, struct inode
*inode
)
112 LSM_HOOK(void, LSM_RET_VOID
, inode_free_security
, struct inode
*inode
)
113 LSM_HOOK(int, 0, inode_init_security
, struct inode
*inode
,
114 struct inode
*dir
, const struct qstr
*qstr
, const char **name
,
115 void **value
, size_t *len
)
116 LSM_HOOK(int, 0, inode_create
, struct inode
*dir
, struct dentry
*dentry
,
118 LSM_HOOK(int, 0, inode_link
, struct dentry
*old_dentry
, struct inode
*dir
,
119 struct dentry
*new_dentry
)
120 LSM_HOOK(int, 0, inode_unlink
, struct inode
*dir
, struct dentry
*dentry
)
121 LSM_HOOK(int, 0, inode_symlink
, struct inode
*dir
, struct dentry
*dentry
,
122 const char *old_name
)
123 LSM_HOOK(int, 0, inode_mkdir
, struct inode
*dir
, struct dentry
*dentry
,
125 LSM_HOOK(int, 0, inode_rmdir
, struct inode
*dir
, struct dentry
*dentry
)
126 LSM_HOOK(int, 0, inode_mknod
, struct inode
*dir
, struct dentry
*dentry
,
127 umode_t mode
, dev_t dev
)
128 LSM_HOOK(int, 0, inode_rename
, struct inode
*old_dir
, struct dentry
*old_dentry
,
129 struct inode
*new_dir
, struct dentry
*new_dentry
)
130 LSM_HOOK(int, 0, inode_readlink
, struct dentry
*dentry
)
131 LSM_HOOK(int, 0, inode_follow_link
, struct dentry
*dentry
, struct inode
*inode
,
133 LSM_HOOK(int, 0, inode_permission
, struct inode
*inode
, int mask
)
134 LSM_HOOK(int, 0, inode_setattr
, struct dentry
*dentry
, struct iattr
*attr
)
135 LSM_HOOK(int, 0, inode_getattr
, const struct path
*path
)
136 LSM_HOOK(int, 0, inode_setxattr
, struct dentry
*dentry
, const char *name
,
137 const void *value
, size_t size
, int flags
)
138 LSM_HOOK(void, LSM_RET_VOID
, inode_post_setxattr
, struct dentry
*dentry
,
139 const char *name
, const void *value
, size_t size
, int flags
)
140 LSM_HOOK(int, 0, inode_getxattr
, struct dentry
*dentry
, const char *name
)
141 LSM_HOOK(int, 0, inode_listxattr
, struct dentry
*dentry
)
142 LSM_HOOK(int, 0, inode_removexattr
, struct dentry
*dentry
, const char *name
)
143 LSM_HOOK(int, 0, inode_need_killpriv
, struct dentry
*dentry
)
144 LSM_HOOK(int, 0, inode_killpriv
, struct dentry
*dentry
)
145 LSM_HOOK(int, -EOPNOTSUPP
, inode_getsecurity
, struct inode
*inode
,
146 const char *name
, void **buffer
, bool alloc
)
147 LSM_HOOK(int, -EOPNOTSUPP
, inode_setsecurity
, struct inode
*inode
,
148 const char *name
, const void *value
, size_t size
, int flags
)
149 LSM_HOOK(int, 0, inode_listsecurity
, struct inode
*inode
, char *buffer
,
151 LSM_HOOK(void, LSM_RET_VOID
, inode_getsecid
, struct inode
*inode
, u32
*secid
)
152 LSM_HOOK(int, 0, inode_copy_up
, struct dentry
*src
, struct cred
**new)
153 LSM_HOOK(int, 0, inode_copy_up_xattr
, const char *name
)
154 LSM_HOOK(int, 0, kernfs_init_security
, struct kernfs_node
*kn_dir
,
155 struct kernfs_node
*kn
)
156 LSM_HOOK(int, 0, file_permission
, struct file
*file
, int mask
)
157 LSM_HOOK(int, 0, file_alloc_security
, struct file
*file
)
158 LSM_HOOK(void, LSM_RET_VOID
, file_free_security
, struct file
*file
)
159 LSM_HOOK(int, 0, file_ioctl
, struct file
*file
, unsigned int cmd
,
161 LSM_HOOK(int, 0, mmap_addr
, unsigned long addr
)
162 LSM_HOOK(int, 0, mmap_file
, struct file
*file
, unsigned long reqprot
,
163 unsigned long prot
, unsigned long flags
)
164 LSM_HOOK(int, 0, file_mprotect
, struct vm_area_struct
*vma
,
165 unsigned long reqprot
, unsigned long prot
)
166 LSM_HOOK(int, 0, file_lock
, struct file
*file
, unsigned int cmd
)
167 LSM_HOOK(int, 0, file_fcntl
, struct file
*file
, unsigned int cmd
,
169 LSM_HOOK(void, LSM_RET_VOID
, file_set_fowner
, struct file
*file
)
170 LSM_HOOK(int, 0, file_send_sigiotask
, struct task_struct
*tsk
,
171 struct fown_struct
*fown
, int sig
)
172 LSM_HOOK(int, 0, file_receive
, struct file
*file
)
173 LSM_HOOK(int, 0, file_open
, struct file
*file
)
174 LSM_HOOK(int, 0, task_alloc
, struct task_struct
*task
,
175 unsigned long clone_flags
)
176 LSM_HOOK(void, LSM_RET_VOID
, task_free
, struct task_struct
*task
)
177 LSM_HOOK(int, 0, cred_alloc_blank
, struct cred
*cred
, gfp_t gfp
)
178 LSM_HOOK(void, LSM_RET_VOID
, cred_free
, struct cred
*cred
)
179 LSM_HOOK(int, 0, cred_prepare
, struct cred
*new, const struct cred
*old
,
181 LSM_HOOK(void, LSM_RET_VOID
, cred_transfer
, struct cred
*new,
182 const struct cred
*old
)
183 LSM_HOOK(void, LSM_RET_VOID
, cred_getsecid
, const struct cred
*c
, u32
*secid
)
184 LSM_HOOK(int, 0, kernel_act_as
, struct cred
*new, u32 secid
)
185 LSM_HOOK(int, 0, kernel_create_files_as
, struct cred
*new, struct inode
*inode
)
186 LSM_HOOK(int, 0, kernel_module_request
, char *kmod_name
)
187 LSM_HOOK(int, 0, kernel_load_data
, enum kernel_load_data_id id
)
188 LSM_HOOK(int, 0, kernel_read_file
, struct file
*file
,
189 enum kernel_read_file_id id
)
190 LSM_HOOK(int, 0, kernel_post_read_file
, struct file
*file
, char *buf
,
191 loff_t size
, enum kernel_read_file_id id
)
192 LSM_HOOK(int, 0, task_fix_setuid
, struct cred
*new, const struct cred
*old
,
194 LSM_HOOK(int, 0, task_setpgid
, struct task_struct
*p
, pid_t pgid
)
195 LSM_HOOK(int, 0, task_getpgid
, struct task_struct
*p
)
196 LSM_HOOK(int, 0, task_getsid
, struct task_struct
*p
)
197 LSM_HOOK(void, LSM_RET_VOID
, task_getsecid
, struct task_struct
*p
, u32
*secid
)
198 LSM_HOOK(int, 0, task_setnice
, struct task_struct
*p
, int nice
)
199 LSM_HOOK(int, 0, task_setioprio
, struct task_struct
*p
, int ioprio
)
200 LSM_HOOK(int, 0, task_getioprio
, struct task_struct
*p
)
201 LSM_HOOK(int, 0, task_prlimit
, const struct cred
*cred
,
202 const struct cred
*tcred
, unsigned int flags
)
203 LSM_HOOK(int, 0, task_setrlimit
, struct task_struct
*p
, unsigned int resource
,
204 struct rlimit
*new_rlim
)
205 LSM_HOOK(int, 0, task_setscheduler
, struct task_struct
*p
)
206 LSM_HOOK(int, 0, task_getscheduler
, struct task_struct
*p
)
207 LSM_HOOK(int, 0, task_movememory
, struct task_struct
*p
)
208 LSM_HOOK(int, 0, task_kill
, struct task_struct
*p
, struct kernel_siginfo
*info
,
209 int sig
, const struct cred
*cred
)
210 LSM_HOOK(int, -ENOSYS
, task_prctl
, int option
, unsigned long arg2
,
211 unsigned long arg3
, unsigned long arg4
, unsigned long arg5
)
212 LSM_HOOK(void, LSM_RET_VOID
, task_to_inode
, struct task_struct
*p
,
214 LSM_HOOK(int, 0, ipc_permission
, struct kern_ipc_perm
*ipcp
, short flag
)
215 LSM_HOOK(void, LSM_RET_VOID
, ipc_getsecid
, struct kern_ipc_perm
*ipcp
,
217 LSM_HOOK(int, 0, msg_msg_alloc_security
, struct msg_msg
*msg
)
218 LSM_HOOK(void, LSM_RET_VOID
, msg_msg_free_security
, struct msg_msg
*msg
)
219 LSM_HOOK(int, 0, msg_queue_alloc_security
, struct kern_ipc_perm
*perm
)
220 LSM_HOOK(void, LSM_RET_VOID
, msg_queue_free_security
,
221 struct kern_ipc_perm
*perm
)
222 LSM_HOOK(int, 0, msg_queue_associate
, struct kern_ipc_perm
*perm
, int msqflg
)
223 LSM_HOOK(int, 0, msg_queue_msgctl
, struct kern_ipc_perm
*perm
, int cmd
)
224 LSM_HOOK(int, 0, msg_queue_msgsnd
, struct kern_ipc_perm
*perm
,
225 struct msg_msg
*msg
, int msqflg
)
226 LSM_HOOK(int, 0, msg_queue_msgrcv
, struct kern_ipc_perm
*perm
,
227 struct msg_msg
*msg
, struct task_struct
*target
, long type
, int mode
)
228 LSM_HOOK(int, 0, shm_alloc_security
, struct kern_ipc_perm
*perm
)
229 LSM_HOOK(void, LSM_RET_VOID
, shm_free_security
, struct kern_ipc_perm
*perm
)
230 LSM_HOOK(int, 0, shm_associate
, struct kern_ipc_perm
*perm
, int shmflg
)
231 LSM_HOOK(int, 0, shm_shmctl
, struct kern_ipc_perm
*perm
, int cmd
)
232 LSM_HOOK(int, 0, shm_shmat
, struct kern_ipc_perm
*perm
, char __user
*shmaddr
,
234 LSM_HOOK(int, 0, sem_alloc_security
, struct kern_ipc_perm
*perm
)
235 LSM_HOOK(void, LSM_RET_VOID
, sem_free_security
, struct kern_ipc_perm
*perm
)
236 LSM_HOOK(int, 0, sem_associate
, struct kern_ipc_perm
*perm
, int semflg
)
237 LSM_HOOK(int, 0, sem_semctl
, struct kern_ipc_perm
*perm
, int cmd
)
238 LSM_HOOK(int, 0, sem_semop
, struct kern_ipc_perm
*perm
, struct sembuf
*sops
,
239 unsigned nsops
, int alter
)
240 LSM_HOOK(int, 0, netlink_send
, struct sock
*sk
, struct sk_buff
*skb
)
241 LSM_HOOK(void, LSM_RET_VOID
, d_instantiate
, struct dentry
*dentry
,
243 LSM_HOOK(int, -EINVAL
, getprocattr
, struct task_struct
*p
, char *name
,
245 LSM_HOOK(int, -EINVAL
, setprocattr
, const char *name
, void *value
, size_t size
)
246 LSM_HOOK(int, 0, ismaclabel
, const char *name
)
247 LSM_HOOK(int, -EOPNOTSUPP
, secid_to_secctx
, u32 secid
, char **secdata
,
249 LSM_HOOK(int, 0, secctx_to_secid
, const char *secdata
, u32 seclen
, u32
*secid
)
250 LSM_HOOK(void, LSM_RET_VOID
, release_secctx
, char *secdata
, u32 seclen
)
251 LSM_HOOK(void, LSM_RET_VOID
, inode_invalidate_secctx
, struct inode
*inode
)
252 LSM_HOOK(int, 0, inode_notifysecctx
, struct inode
*inode
, void *ctx
, u32 ctxlen
)
253 LSM_HOOK(int, 0, inode_setsecctx
, struct dentry
*dentry
, void *ctx
, u32 ctxlen
)
254 LSM_HOOK(int, 0, inode_getsecctx
, struct inode
*inode
, void **ctx
,
257 #ifdef CONFIG_SECURITY_NETWORK
258 LSM_HOOK(int, 0, unix_stream_connect
, struct sock
*sock
, struct sock
*other
,
260 LSM_HOOK(int, 0, unix_may_send
, struct socket
*sock
, struct socket
*other
)
261 LSM_HOOK(int, 0, socket_create
, int family
, int type
, int protocol
, int kern
)
262 LSM_HOOK(int, 0, socket_post_create
, struct socket
*sock
, int family
, int type
,
263 int protocol
, int kern
)
264 LSM_HOOK(int, 0, socket_socketpair
, struct socket
*socka
, struct socket
*sockb
)
265 LSM_HOOK(int, 0, socket_bind
, struct socket
*sock
, struct sockaddr
*address
,
267 LSM_HOOK(int, 0, socket_connect
, struct socket
*sock
, struct sockaddr
*address
,
269 LSM_HOOK(int, 0, socket_listen
, struct socket
*sock
, int backlog
)
270 LSM_HOOK(int, 0, socket_accept
, struct socket
*sock
, struct socket
*newsock
)
271 LSM_HOOK(int, 0, socket_sendmsg
, struct socket
*sock
, struct msghdr
*msg
,
273 LSM_HOOK(int, 0, socket_recvmsg
, struct socket
*sock
, struct msghdr
*msg
,
275 LSM_HOOK(int, 0, socket_getsockname
, struct socket
*sock
)
276 LSM_HOOK(int, 0, socket_getpeername
, struct socket
*sock
)
277 LSM_HOOK(int, 0, socket_getsockopt
, struct socket
*sock
, int level
, int optname
)
278 LSM_HOOK(int, 0, socket_setsockopt
, struct socket
*sock
, int level
, int optname
)
279 LSM_HOOK(int, 0, socket_shutdown
, struct socket
*sock
, int how
)
280 LSM_HOOK(int, 0, socket_sock_rcv_skb
, struct sock
*sk
, struct sk_buff
*skb
)
281 LSM_HOOK(int, 0, socket_getpeersec_stream
, struct socket
*sock
,
282 char __user
*optval
, int __user
*optlen
, unsigned len
)
283 LSM_HOOK(int, 0, socket_getpeersec_dgram
, struct socket
*sock
,
284 struct sk_buff
*skb
, u32
*secid
)
285 LSM_HOOK(int, 0, sk_alloc_security
, struct sock
*sk
, int family
, gfp_t priority
)
286 LSM_HOOK(void, LSM_RET_VOID
, sk_free_security
, struct sock
*sk
)
287 LSM_HOOK(void, LSM_RET_VOID
, sk_clone_security
, const struct sock
*sk
,
289 LSM_HOOK(void, LSM_RET_VOID
, sk_getsecid
, struct sock
*sk
, u32
*secid
)
290 LSM_HOOK(void, LSM_RET_VOID
, sock_graft
, struct sock
*sk
, struct socket
*parent
)
291 LSM_HOOK(int, 0, inet_conn_request
, struct sock
*sk
, struct sk_buff
*skb
,
292 struct request_sock
*req
)
293 LSM_HOOK(void, LSM_RET_VOID
, inet_csk_clone
, struct sock
*newsk
,
294 const struct request_sock
*req
)
295 LSM_HOOK(void, LSM_RET_VOID
, inet_conn_established
, struct sock
*sk
,
297 LSM_HOOK(int, 0, secmark_relabel_packet
, u32 secid
)
298 LSM_HOOK(void, LSM_RET_VOID
, secmark_refcount_inc
, void)
299 LSM_HOOK(void, LSM_RET_VOID
, secmark_refcount_dec
, void)
300 LSM_HOOK(void, LSM_RET_VOID
, req_classify_flow
, const struct request_sock
*req
,
302 LSM_HOOK(int, 0, tun_dev_alloc_security
, void **security
)
303 LSM_HOOK(void, LSM_RET_VOID
, tun_dev_free_security
, void *security
)
304 LSM_HOOK(int, 0, tun_dev_create
, void)
305 LSM_HOOK(int, 0, tun_dev_attach_queue
, void *security
)
306 LSM_HOOK(int, 0, tun_dev_attach
, struct sock
*sk
, void *security
)
307 LSM_HOOK(int, 0, tun_dev_open
, void *security
)
308 LSM_HOOK(int, 0, sctp_assoc_request
, struct sctp_endpoint
*ep
,
310 LSM_HOOK(int, 0, sctp_bind_connect
, struct sock
*sk
, int optname
,
311 struct sockaddr
*address
, int addrlen
)
312 LSM_HOOK(void, LSM_RET_VOID
, sctp_sk_clone
, struct sctp_endpoint
*ep
,
313 struct sock
*sk
, struct sock
*newsk
)
314 #endif /* CONFIG_SECURITY_NETWORK */
316 #ifdef CONFIG_SECURITY_INFINIBAND
317 LSM_HOOK(int, 0, ib_pkey_access
, void *sec
, u64 subnet_prefix
, u16 pkey
)
318 LSM_HOOK(int, 0, ib_endport_manage_subnet
, void *sec
, const char *dev_name
,
320 LSM_HOOK(int, 0, ib_alloc_security
, void **sec
)
321 LSM_HOOK(void, LSM_RET_VOID
, ib_free_security
, void *sec
)
322 #endif /* CONFIG_SECURITY_INFINIBAND */
324 #ifdef CONFIG_SECURITY_NETWORK_XFRM
325 LSM_HOOK(int, 0, xfrm_policy_alloc_security
, struct xfrm_sec_ctx
**ctxp
,
326 struct xfrm_user_sec_ctx
*sec_ctx
, gfp_t gfp
)
327 LSM_HOOK(int, 0, xfrm_policy_clone_security
, struct xfrm_sec_ctx
*old_ctx
,
328 struct xfrm_sec_ctx
**new_ctx
)
329 LSM_HOOK(void, LSM_RET_VOID
, xfrm_policy_free_security
,
330 struct xfrm_sec_ctx
*ctx
)
331 LSM_HOOK(int, 0, xfrm_policy_delete_security
, struct xfrm_sec_ctx
*ctx
)
332 LSM_HOOK(int, 0, xfrm_state_alloc
, struct xfrm_state
*x
,
333 struct xfrm_user_sec_ctx
*sec_ctx
)
334 LSM_HOOK(int, 0, xfrm_state_alloc_acquire
, struct xfrm_state
*x
,
335 struct xfrm_sec_ctx
*polsec
, u32 secid
)
336 LSM_HOOK(void, LSM_RET_VOID
, xfrm_state_free_security
, struct xfrm_state
*x
)
337 LSM_HOOK(int, 0, xfrm_state_delete_security
, struct xfrm_state
*x
)
338 LSM_HOOK(int, 0, xfrm_policy_lookup
, struct xfrm_sec_ctx
*ctx
, u32 fl_secid
,
340 LSM_HOOK(int, 1, xfrm_state_pol_flow_match
, struct xfrm_state
*x
,
341 struct xfrm_policy
*xp
, const struct flowi
*fl
)
342 LSM_HOOK(int, 0, xfrm_decode_session
, struct sk_buff
*skb
, u32
*secid
,
344 #endif /* CONFIG_SECURITY_NETWORK_XFRM */
346 /* key management security hooks */
348 LSM_HOOK(int, 0, key_alloc
, struct key
*key
, const struct cred
*cred
,
350 LSM_HOOK(void, LSM_RET_VOID
, key_free
, struct key
*key
)
351 LSM_HOOK(int, 0, key_permission
, key_ref_t key_ref
, const struct cred
*cred
,
353 LSM_HOOK(int, 0, key_getsecurity
, struct key
*key
, char **_buffer
)
354 #endif /* CONFIG_KEYS */
357 LSM_HOOK(int, 0, audit_rule_init
, u32 field
, u32 op
, char *rulestr
,
359 LSM_HOOK(int, 0, audit_rule_known
, struct audit_krule
*krule
)
360 LSM_HOOK(int, 0, audit_rule_match
, u32 secid
, u32 field
, u32 op
, void *lsmrule
)
361 LSM_HOOK(void, LSM_RET_VOID
, audit_rule_free
, void *lsmrule
)
362 #endif /* CONFIG_AUDIT */
364 #ifdef CONFIG_BPF_SYSCALL
365 LSM_HOOK(int, 0, bpf
, int cmd
, union bpf_attr
*attr
, unsigned int size
)
366 LSM_HOOK(int, 0, bpf_map
, struct bpf_map
*map
, fmode_t fmode
)
367 LSM_HOOK(int, 0, bpf_prog
, struct bpf_prog
*prog
)
368 LSM_HOOK(int, 0, bpf_map_alloc_security
, struct bpf_map
*map
)
369 LSM_HOOK(void, LSM_RET_VOID
, bpf_map_free_security
, struct bpf_map
*map
)
370 LSM_HOOK(int, 0, bpf_prog_alloc_security
, struct bpf_prog_aux
*aux
)
371 LSM_HOOK(void, LSM_RET_VOID
, bpf_prog_free_security
, struct bpf_prog_aux
*aux
)
372 #endif /* CONFIG_BPF_SYSCALL */
374 LSM_HOOK(int, 0, locked_down
, enum lockdown_reason what
)
376 #ifdef CONFIG_PERF_EVENTS
377 LSM_HOOK(int, 0, perf_event_open
, struct perf_event_attr
*attr
, int type
)
378 LSM_HOOK(int, 0, perf_event_alloc
, struct perf_event
*event
)
379 LSM_HOOK(void, LSM_RET_VOID
, perf_event_free
, struct perf_event
*event
)
380 LSM_HOOK(int, 0, perf_event_read
, struct perf_event
*event
)
381 LSM_HOOK(int, 0, perf_event_write
, struct perf_event
*event
)
382 #endif /* CONFIG_PERF_EVENTS */