2 * Security plug functions
4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com>
5 * Copyright (C) 2001-2002 Greg Kroah-Hartman <greg@kroah.com>
6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com>
7 * Copyright (C) 2016 Mellanox Technologies
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
15 #include <linux/capability.h>
16 #include <linux/dcache.h>
17 #include <linux/module.h>
18 #include <linux/init.h>
19 #include <linux/kernel.h>
20 #include <linux/lsm_hooks.h>
21 #include <linux/integrity.h>
22 #include <linux/ima.h>
23 #include <linux/evm.h>
24 #include <linux/fsnotify.h>
25 #include <linux/mman.h>
26 #include <linux/mount.h>
27 #include <linux/personality.h>
28 #include <linux/backing-dev.h>
29 #include <linux/string.h>
30 #include <linux/msg.h>
34 #define MAX_LSM_EVM_XATTR 2
36 /* Maximum number of letters for an LSM name string */
37 #define SECURITY_NAME_MAX 10
38 #define MODULE_STACK "(stacking)"
40 struct security_hook_heads security_hook_heads __lsm_ro_after_init
;
41 static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain
);
44 static struct lsm_blob_sizes blob_sizes
;
46 /* Boot-time LSM user choice */
47 static __initdata
char chosen_lsm
[SECURITY_NAME_MAX
+ 1] =
48 #ifdef CONFIG_SECURITY_STACKING
51 CONFIG_DEFAULT_SECURITY
;
54 static void __init
do_security_initcalls(void)
57 call
= __security_initcall_start
;
58 while (call
< __security_initcall_end
) {
65 * security_init - initializes the security framework
67 * This should be called early in the kernel initialization sequence.
69 int __init
security_init(void)
72 struct list_head
*list
= (struct list_head
*) &security_hook_heads
;
74 for (i
= 0; i
< sizeof(security_hook_heads
) / sizeof(struct list_head
);
76 INIT_LIST_HEAD(&list
[i
]);
77 pr_info("Security Framework initialized\n");
80 * Load minor LSMs, with the capability module always first.
82 capability_add_hooks();
87 * The first call to a module specific init function
88 * updates the blob size requirements.
90 do_security_initcalls();
93 * The second call to a module specific init function
94 * adds hooks to the hook lists and does any other early
95 * initializations required.
97 do_security_initcalls();
99 #ifdef CONFIG_SECURITY_LSM_DEBUG
100 pr_info("LSM: cred blob size = %d\n", blob_sizes
.lbs_cred
);
101 pr_info("LSM: file blob size = %d\n", blob_sizes
.lbs_file
);
102 pr_info("LSM: inode blob size = %d\n", blob_sizes
.lbs_inode
);
103 pr_info("LSM: ipc blob size = %d\n", blob_sizes
.lbs_ipc
);
105 pr_info("LSM: key blob size = %d\n", blob_sizes
.lbs_key
);
106 #endif /* CONFIG_KEYS */
107 pr_info("LSM: msg_msg blob size = %d\n", blob_sizes
.lbs_msg_msg
);
108 pr_info("LSM: sock blob size = %d\n", blob_sizes
.lbs_sock
);
109 pr_info("LSM: superblock blob size = %d\n", blob_sizes
.lbs_superblock
);
110 pr_info("LSM: task blob size = %d\n", blob_sizes
.lbs_task
);
111 #endif /* CONFIG_SECURITY_LSM_DEBUG */
116 /* Save user chosen LSM */
117 static int __init
choose_lsm(char *str
)
119 strncpy(chosen_lsm
, str
, SECURITY_NAME_MAX
);
122 __setup("security=", choose_lsm
);
124 static bool match_last_lsm(const char *list
, const char *lsm
)
128 if (WARN_ON(!list
|| !lsm
))
130 last
= strrchr(list
, ',');
132 /* Pass the comma, strcmp() will check for '\0' */
136 return !strcmp(last
, lsm
);
139 static int lsm_append(char *new, char **result
)
143 if (*result
== NULL
) {
144 *result
= kstrdup(new, GFP_KERNEL
);
146 /* Check if it is the last registered name */
147 if (match_last_lsm(*result
, new))
149 cp
= kasprintf(GFP_KERNEL
, "%s,%s", *result
, new);
159 * security_module_enable - Load given security module on boot ?
160 * @module: the name of the module
161 * @stacked: indicates that the module wants to be stacked
163 * Each LSM must pass this method before registering its own operations
164 * to avoid security registration races. This method may also be used
165 * to check if your LSM is currently loaded during kernel initialization.
171 * - The passed LSM is the one chosen by user at boot time,
172 * - or the passed LSM is configured as the default and the user did not
173 * choose an alternate LSM at boot time.
175 * Otherwise, return false.
177 bool __init
security_module_enable(const char *lsm
, const bool stacked
)
179 #ifdef CONFIG_SECURITY_STACKING
181 * Module defined on the command line security=XXXX
183 if (strcmp(chosen_lsm
, MODULE_STACK
)) {
184 if (!strcmp(lsm
, chosen_lsm
)) {
185 pr_info("Command line sets the %s security module.\n",
192 * Module configured as stacked.
196 if (strcmp(lsm
, chosen_lsm
) == 0)
203 * security_add_hooks - Add a modules hooks to the hook lists.
204 * @hooks: the hooks to add
205 * @count: the number of hooks to add
206 * @lsm: the name of the security module
208 * Each LSM has to register its hooks with the infrastructure.
210 void __init
security_add_hooks(struct security_hook_list
*hooks
, int count
,
215 for (i
= 0; i
< count
; i
++) {
217 list_add_tail_rcu(&hooks
[i
].list
, hooks
[i
].head
);
219 if (lsm_append(lsm
, &lsm_names
) < 0)
220 panic("%s - Cannot get early memory.\n", __func__
);
223 int call_lsm_notifier(enum lsm_event event
, void *data
)
225 return atomic_notifier_call_chain(&lsm_notifier_chain
, event
, data
);
227 EXPORT_SYMBOL(call_lsm_notifier
);
229 int register_lsm_notifier(struct notifier_block
*nb
)
231 return atomic_notifier_chain_register(&lsm_notifier_chain
, nb
);
233 EXPORT_SYMBOL(register_lsm_notifier
);
235 int unregister_lsm_notifier(struct notifier_block
*nb
)
237 return atomic_notifier_chain_unregister(&lsm_notifier_chain
, nb
);
239 EXPORT_SYMBOL(unregister_lsm_notifier
);
242 * lsm_cred_alloc - allocate a composite cred blob
243 * @cred: the cred that needs a blob
244 * @gfp: allocation type
246 * Allocate the cred blob for all the modules
248 * Returns 0, or -ENOMEM if memory can't be allocated.
250 int lsm_cred_alloc(struct cred
*cred
, gfp_t gfp
)
252 #ifdef CONFIG_SECURITY_LSM_DEBUG
254 pr_info("%s: Inbound cred blob is not NULL.\n", __func__
);
256 if (blob_sizes
.lbs_cred
== 0)
259 cred
->security
= kzalloc(blob_sizes
.lbs_cred
, gfp
);
260 if (cred
->security
== NULL
)
266 * lsm_early_cred - during initialization allocate a composite cred blob
267 * @cred: the cred that needs a blob
269 * Allocate the cred blob for all the modules if it's not already there
271 void lsm_early_cred(struct cred
*cred
)
276 panic("%s: NULL cred.\n", __func__
);
277 if (cred
->security
!= NULL
)
279 rc
= lsm_cred_alloc(cred
, GFP_KERNEL
);
281 panic("%s: Early cred alloc failed.\n", __func__
);
284 static void __init
lsm_set_size(int *need
, int *lbs
)
296 * security_add_blobs - Report blob sizes
297 * @needed: the size of blobs needed by the module
299 * Each LSM has to register its blobs with the infrastructure.
300 * The "needed" data tells the infrastructure how much memory
301 * the module requires for each of its blobs. On return the
302 * structure is filled with the offset that module should use
303 * from the blob pointer.
305 void __init
security_add_blobs(struct lsm_blob_sizes
*needed
)
307 lsm_set_size(&needed
->lbs_cred
, &blob_sizes
.lbs_cred
);
308 lsm_set_size(&needed
->lbs_file
, &blob_sizes
.lbs_file
);
309 lsm_set_size(&needed
->lbs_ipc
, &blob_sizes
.lbs_ipc
);
310 lsm_set_size(&needed
->lbs_key
, &blob_sizes
.lbs_key
);
311 lsm_set_size(&needed
->lbs_msg_msg
, &blob_sizes
.lbs_msg_msg
);
312 lsm_set_size(&needed
->lbs_sock
, &blob_sizes
.lbs_sock
);
313 lsm_set_size(&needed
->lbs_superblock
, &blob_sizes
.lbs_superblock
);
314 lsm_set_size(&needed
->lbs_task
, &blob_sizes
.lbs_task
);
316 * The inode blob gets an rcu_head in addition to
317 * what the modules might need.
319 if (needed
->lbs_inode
&& blob_sizes
.lbs_inode
== 0)
320 blob_sizes
.lbs_inode
= sizeof(struct rcu_head
);
321 lsm_set_size(&needed
->lbs_inode
, &blob_sizes
.lbs_inode
);
325 * lsm_file_alloc - allocate a composite file blob
326 * @file: the file that needs a blob
328 * Allocate the file blob for all the modules
330 * Returns 0, or -ENOMEM if memory can't be allocated.
332 int lsm_file_alloc(struct file
*file
)
334 #ifdef CONFIG_SECURITY_LSM_DEBUG
335 if (file
->f_security
)
336 pr_info("%s: Inbound file blob is not NULL.\n", __func__
);
338 if (blob_sizes
.lbs_file
== 0)
341 file
->f_security
= kzalloc(blob_sizes
.lbs_file
, GFP_KERNEL
);
342 if (file
->f_security
== NULL
)
348 * lsm_task_alloc - allocate a composite task blob
349 * @task: the task that needs a blob
351 * Allocate the task blob for all the modules
353 * Returns 0, or -ENOMEM if memory can't be allocated.
355 int lsm_task_alloc(struct task_struct
*task
)
357 #ifdef CONFIG_SECURITY_LSM_DEBUG
359 pr_info("%s: Inbound task blob is not NULL.\n", __func__
);
361 if (blob_sizes
.lbs_task
== 0)
364 task
->security
= kzalloc(blob_sizes
.lbs_task
, GFP_KERNEL
);
365 if (task
->security
== NULL
)
371 * lsm_inode_alloc - allocate a composite inode blob
372 * @inode: the inode that needs a blob
374 * Allocate the inode blob for all the modules
376 * Returns 0, or -ENOMEM if memory can't be allocated.
378 int lsm_inode_alloc(struct inode
*inode
)
380 #ifdef CONFIG_SECURITY_LSM_DEBUG
381 if (inode
->i_security
)
382 pr_info("%s: Inbound inode blob is not NULL.\n", __func__
);
384 if (blob_sizes
.lbs_inode
== 0)
387 inode
->i_security
= kzalloc(blob_sizes
.lbs_inode
, GFP_KERNEL
);
388 if (inode
->i_security
== NULL
)
394 * lsm_early_inode - during initialization allocate a composite inode blob
395 * @inode: the inode that needs a blob
397 * Allocate the inode blob for all the modules if it's not already there
399 void lsm_early_inode(struct inode
*inode
)
404 panic("%s: NULL inode.\n", __func__
);
405 if (inode
->i_security
!= NULL
)
407 rc
= lsm_inode_alloc(inode
);
409 panic("%s: Early inode alloc failed.\n", __func__
);
413 * lsm_ipc_alloc - allocate a composite ipc blob
414 * @kip: the ipc that needs a blob
416 * Allocate the ipc blob for all the modules
418 * Returns 0, or -ENOMEM if memory can't be allocated.
420 int lsm_ipc_alloc(struct kern_ipc_perm
*kip
)
422 #ifdef CONFIG_SECURITY_LSM_DEBUG
424 pr_info("%s: Inbound ipc blob is not NULL.\n", __func__
);
426 if (blob_sizes
.lbs_ipc
== 0)
429 kip
->security
= kzalloc(blob_sizes
.lbs_ipc
, GFP_KERNEL
);
430 if (kip
->security
== NULL
)
437 * lsm_key_alloc - allocate a composite key blob
438 * @key: the key that needs a blob
440 * Allocate the key blob for all the modules
442 * Returns 0, or -ENOMEM if memory can't be allocated.
444 int lsm_key_alloc(struct key
*key
)
446 #ifdef CONFIG_SECURITY_LSM_DEBUG
448 pr_info("%s: Inbound key blob is not NULL.\n", __func__
);
450 if (blob_sizes
.lbs_key
== 0)
453 key
->security
= kzalloc(blob_sizes
.lbs_key
, GFP_KERNEL
);
454 if (key
->security
== NULL
)
458 #endif /* CONFIG_KEYS */
461 * lsm_msg_msg_alloc - allocate a composite msg_msg blob
462 * @mp: the msg_msg that needs a blob
464 * Allocate the ipc blob for all the modules
466 * Returns 0, or -ENOMEM if memory can't be allocated.
468 int lsm_msg_msg_alloc(struct msg_msg
*mp
)
470 #ifdef CONFIG_SECURITY_LSM_DEBUG
472 pr_info("%s: Inbound msg_msg blob is not NULL.\n", __func__
);
474 if (blob_sizes
.lbs_msg_msg
== 0)
477 mp
->security
= kzalloc(blob_sizes
.lbs_msg_msg
, GFP_KERNEL
);
478 if (mp
->security
== NULL
)
484 * lsm_sock_alloc - allocate a composite sock blob
485 * @sock: the sock that needs a blob
486 * @priority: allocation mode
488 * Allocate the sock blob for all the modules
490 * Returns 0, or -ENOMEM if memory can't be allocated.
492 int lsm_sock_alloc(struct sock
*sock
, gfp_t priority
)
494 #ifdef CONFIG_SECURITY_LSM_DEBUG
495 if (sock
->sk_security
)
496 pr_info("%s: Inbound sock blob is not NULL.\n", __func__
);
498 if (blob_sizes
.lbs_sock
== 0)
501 sock
->sk_security
= kzalloc(blob_sizes
.lbs_sock
, priority
);
502 if (sock
->sk_security
== NULL
)
508 * lsm_superblock_alloc - allocate a composite superblock blob
509 * @sb: the superblock that needs a blob
511 * Allocate the superblock blob for all the modules
513 * Returns 0, or -ENOMEM if memory can't be allocated.
515 int lsm_superblock_alloc(struct super_block
*sb
)
517 #ifdef CONFIG_SECURITY_LSM_DEBUG
519 pr_info("%s: Inbound superblock blob is not NULL.\n", __func__
);
521 if (blob_sizes
.lbs_superblock
== 0)
524 sb
->s_security
= kzalloc(blob_sizes
.lbs_superblock
, GFP_KERNEL
);
525 if (sb
->s_security
== NULL
)
531 * Hook list operation macros.
534 * This is a hook that does not return a value.
537 * This is a hook that returns a value.
540 #define call_void_hook(FUNC, ...) \
542 struct security_hook_list *P; \
544 list_for_each_entry(P, &security_hook_heads.FUNC, list) \
545 P->hook.FUNC(__VA_ARGS__); \
548 #define call_int_hook(FUNC, IRC, ...) ({ \
551 struct security_hook_list *P; \
553 list_for_each_entry(P, &security_hook_heads.FUNC, list) { \
554 RC = P->hook.FUNC(__VA_ARGS__); \
562 /* Security operations */
564 int security_binder_set_context_mgr(struct task_struct
*mgr
)
566 return call_int_hook(binder_set_context_mgr
, 0, mgr
);
569 int security_binder_transaction(struct task_struct
*from
,
570 struct task_struct
*to
)
572 return call_int_hook(binder_transaction
, 0, from
, to
);
575 int security_binder_transfer_binder(struct task_struct
*from
,
576 struct task_struct
*to
)
578 return call_int_hook(binder_transfer_binder
, 0, from
, to
);
581 int security_binder_transfer_file(struct task_struct
*from
,
582 struct task_struct
*to
, struct file
*file
)
584 return call_int_hook(binder_transfer_file
, 0, from
, to
, file
);
587 int security_ptrace_access_check(struct task_struct
*child
, unsigned int mode
)
589 return call_int_hook(ptrace_access_check
, 0, child
, mode
);
592 int security_ptrace_traceme(struct task_struct
*parent
)
594 return call_int_hook(ptrace_traceme
, 0, parent
);
597 int security_capget(struct task_struct
*target
,
598 kernel_cap_t
*effective
,
599 kernel_cap_t
*inheritable
,
600 kernel_cap_t
*permitted
)
602 return call_int_hook(capget
, 0, target
,
603 effective
, inheritable
, permitted
);
606 int security_capset(struct cred
*new, const struct cred
*old
,
607 const kernel_cap_t
*effective
,
608 const kernel_cap_t
*inheritable
,
609 const kernel_cap_t
*permitted
)
611 return call_int_hook(capset
, 0, new, old
,
612 effective
, inheritable
, permitted
);
615 int security_capable(const struct cred
*cred
, struct user_namespace
*ns
,
618 return call_int_hook(capable
, 0, cred
, ns
, cap
, SECURITY_CAP_AUDIT
);
621 int security_capable_noaudit(const struct cred
*cred
, struct user_namespace
*ns
,
624 return call_int_hook(capable
, 0, cred
, ns
, cap
, SECURITY_CAP_NOAUDIT
);
627 int security_quotactl(int cmds
, int type
, int id
, struct super_block
*sb
)
629 return call_int_hook(quotactl
, 0, cmds
, type
, id
, sb
);
632 int security_quota_on(struct dentry
*dentry
)
634 return call_int_hook(quota_on
, 0, dentry
);
637 int security_syslog(int type
)
639 return call_int_hook(syslog
, 0, type
);
642 int security_settime64(const struct timespec64
*ts
, const struct timezone
*tz
)
644 return call_int_hook(settime
, 0, ts
, tz
);
647 int security_vm_enough_memory_mm(struct mm_struct
*mm
, long pages
)
649 struct security_hook_list
*hp
;
650 int cap_sys_admin
= 1;
654 * The module will respond with a positive value if
655 * it thinks the __vm_enough_memory() call should be
656 * made with the cap_sys_admin set. If all of the modules
657 * agree that it should be set it will. If any module
658 * thinks it should not be set it won't.
660 list_for_each_entry(hp
, &security_hook_heads
.vm_enough_memory
, list
) {
661 rc
= hp
->hook
.vm_enough_memory(mm
, pages
);
667 return __vm_enough_memory(mm
, pages
, cap_sys_admin
);
670 int security_bprm_set_creds(struct linux_binprm
*bprm
)
672 return call_int_hook(bprm_set_creds
, 0, bprm
);
675 int security_bprm_check(struct linux_binprm
*bprm
)
679 ret
= call_int_hook(bprm_check_security
, 0, bprm
);
682 return ima_bprm_check(bprm
);
685 void security_bprm_committing_creds(struct linux_binprm
*bprm
)
687 call_void_hook(bprm_committing_creds
, bprm
);
690 void security_bprm_committed_creds(struct linux_binprm
*bprm
)
692 call_void_hook(bprm_committed_creds
, bprm
);
695 int security_bprm_secureexec(struct linux_binprm
*bprm
)
697 return call_int_hook(bprm_secureexec
, 0, bprm
);
700 int security_sb_alloc(struct super_block
*sb
)
702 int rc
= lsm_superblock_alloc(sb
);
706 return call_int_hook(sb_alloc_security
, 0, sb
);
709 void security_sb_free(struct super_block
*sb
)
711 call_void_hook(sb_free_security
, sb
);
712 kfree(sb
->s_security
);
713 sb
->s_security
= NULL
;
716 int security_sb_copy_data(char *orig
, char *copy
)
718 return call_int_hook(sb_copy_data
, 0, orig
, copy
);
720 EXPORT_SYMBOL(security_sb_copy_data
);
722 int security_sb_remount(struct super_block
*sb
, void *data
)
724 return call_int_hook(sb_remount
, 0, sb
, data
);
727 int security_sb_kern_mount(struct super_block
*sb
, int flags
, void *data
)
729 return call_int_hook(sb_kern_mount
, 0, sb
, flags
, data
);
732 int security_sb_show_options(struct seq_file
*m
, struct super_block
*sb
)
734 return call_int_hook(sb_show_options
, 0, m
, sb
);
737 int security_sb_statfs(struct dentry
*dentry
)
739 return call_int_hook(sb_statfs
, 0, dentry
);
742 int security_sb_mount(const char *dev_name
, const struct path
*path
,
743 const char *type
, unsigned long flags
, void *data
)
745 return call_int_hook(sb_mount
, 0, dev_name
, path
, type
, flags
, data
);
748 int security_sb_umount(struct vfsmount
*mnt
, int flags
)
750 return call_int_hook(sb_umount
, 0, mnt
, flags
);
753 int security_sb_pivotroot(const struct path
*old_path
, const struct path
*new_path
)
755 return call_int_hook(sb_pivotroot
, 0, old_path
, new_path
);
758 int security_sb_set_mnt_opts(struct super_block
*sb
,
759 struct security_mnt_opts
*opts
,
760 unsigned long kern_flags
,
761 unsigned long *set_kern_flags
)
763 return call_int_hook(sb_set_mnt_opts
,
764 opts
->num_mnt_opts
? -EOPNOTSUPP
: 0, sb
,
765 opts
, kern_flags
, set_kern_flags
);
767 EXPORT_SYMBOL(security_sb_set_mnt_opts
);
769 int security_sb_clone_mnt_opts(const struct super_block
*oldsb
,
770 struct super_block
*newsb
,
771 unsigned long kern_flags
,
772 unsigned long *set_kern_flags
)
774 return call_int_hook(sb_clone_mnt_opts
, 0, oldsb
, newsb
,
775 kern_flags
, set_kern_flags
);
777 EXPORT_SYMBOL(security_sb_clone_mnt_opts
);
779 int security_sb_parse_opts_str(char *options
, struct security_mnt_opts
*opts
)
781 return call_int_hook(sb_parse_opts_str
, 0, options
, opts
);
783 EXPORT_SYMBOL(security_sb_parse_opts_str
);
785 int security_inode_alloc(struct inode
*inode
)
787 int rc
= lsm_inode_alloc(inode
);
791 return call_int_hook(inode_alloc_security
, 0, inode
);
794 static void inode_free_by_rcu(struct rcu_head
*head
)
797 * The rcu head is at the start of the inode blob
802 void security_inode_free(struct inode
*inode
)
804 integrity_inode_free(inode
);
805 call_void_hook(inode_free_security
, inode
);
807 * The inode may still be referenced in a path walk and
808 * a call to security_inode_permission() can be made
809 * after inode_free_security() is called. Ideally, the VFS
810 * wouldn't do this, but fixing that is a much harder
811 * job. For now, simply free the i_security via RCU, and
812 * leave the current inode->i_security pointer intact.
813 * The inode will be freed after the RCU grace period too.
815 if (inode
->i_security
!= NULL
) {
816 call_rcu((struct rcu_head
*)inode
->i_security
,
818 inode
->i_security
= NULL
;
822 int security_dentry_init_security(struct dentry
*dentry
, int mode
,
823 const struct qstr
*name
, void **ctx
,
826 return call_int_hook(dentry_init_security
, -EOPNOTSUPP
, dentry
, mode
,
829 EXPORT_SYMBOL(security_dentry_init_security
);
831 int security_dentry_create_files_as(struct dentry
*dentry
, int mode
,
833 const struct cred
*old
, struct cred
*new)
835 return call_int_hook(dentry_create_files_as
, 0, dentry
, mode
,
838 EXPORT_SYMBOL(security_dentry_create_files_as
);
840 int security_inode_init_security(struct inode
*inode
, struct inode
*dir
,
841 const struct qstr
*qstr
,
842 const initxattrs initxattrs
, void *fs_data
)
844 struct xattr new_xattrs
[MAX_LSM_EVM_XATTR
+ 1];
845 struct xattr
*lsm_xattr
, *evm_xattr
, *xattr
;
848 if (unlikely(IS_PRIVATE(inode
)))
852 return call_int_hook(inode_init_security
, -EOPNOTSUPP
, inode
,
853 dir
, qstr
, NULL
, NULL
, NULL
);
854 memset(new_xattrs
, 0, sizeof(new_xattrs
));
855 lsm_xattr
= new_xattrs
;
856 ret
= call_int_hook(inode_init_security
, -EOPNOTSUPP
, inode
, dir
, qstr
,
859 &lsm_xattr
->value_len
);
863 evm_xattr
= lsm_xattr
+ 1;
864 ret
= evm_inode_init_security(inode
, lsm_xattr
, evm_xattr
);
867 ret
= initxattrs(inode
, new_xattrs
, fs_data
);
869 for (xattr
= new_xattrs
; xattr
->value
!= NULL
; xattr
++)
871 return (ret
== -EOPNOTSUPP
) ? 0 : ret
;
873 EXPORT_SYMBOL(security_inode_init_security
);
875 int security_old_inode_init_security(struct inode
*inode
, struct inode
*dir
,
876 const struct qstr
*qstr
, const char **name
,
877 void **value
, size_t *len
)
879 if (unlikely(IS_PRIVATE(inode
)))
881 return call_int_hook(inode_init_security
, -EOPNOTSUPP
, inode
, dir
,
882 qstr
, name
, value
, len
);
884 EXPORT_SYMBOL(security_old_inode_init_security
);
886 #ifdef CONFIG_SECURITY_PATH
887 int security_path_mknod(const struct path
*dir
, struct dentry
*dentry
, umode_t mode
,
890 if (unlikely(IS_PRIVATE(d_backing_inode(dir
->dentry
))))
892 return call_int_hook(path_mknod
, 0, dir
, dentry
, mode
, dev
);
894 EXPORT_SYMBOL(security_path_mknod
);
896 int security_path_mkdir(const struct path
*dir
, struct dentry
*dentry
, umode_t mode
)
898 if (unlikely(IS_PRIVATE(d_backing_inode(dir
->dentry
))))
900 return call_int_hook(path_mkdir
, 0, dir
, dentry
, mode
);
902 EXPORT_SYMBOL(security_path_mkdir
);
904 int security_path_rmdir(const struct path
*dir
, struct dentry
*dentry
)
906 if (unlikely(IS_PRIVATE(d_backing_inode(dir
->dentry
))))
908 return call_int_hook(path_rmdir
, 0, dir
, dentry
);
910 EXPORT_SYMBOL_GPL(security_path_rmdir
);
912 int security_path_unlink(const struct path
*dir
, struct dentry
*dentry
)
914 if (unlikely(IS_PRIVATE(d_backing_inode(dir
->dentry
))))
916 return call_int_hook(path_unlink
, 0, dir
, dentry
);
918 EXPORT_SYMBOL(security_path_unlink
);
920 int security_path_symlink(const struct path
*dir
, struct dentry
*dentry
,
921 const char *old_name
)
923 if (unlikely(IS_PRIVATE(d_backing_inode(dir
->dentry
))))
925 return call_int_hook(path_symlink
, 0, dir
, dentry
, old_name
);
927 EXPORT_SYMBOL_GPL(security_path_symlink
);
929 int security_path_link(struct dentry
*old_dentry
, const struct path
*new_dir
,
930 struct dentry
*new_dentry
)
932 if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry
))))
934 return call_int_hook(path_link
, 0, old_dentry
, new_dir
, new_dentry
);
936 EXPORT_SYMBOL_GPL(security_path_link
);
938 int security_path_rename(const struct path
*old_dir
, struct dentry
*old_dentry
,
939 const struct path
*new_dir
, struct dentry
*new_dentry
,
942 if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry
)) ||
943 (d_is_positive(new_dentry
) && IS_PRIVATE(d_backing_inode(new_dentry
)))))
946 if (flags
& RENAME_EXCHANGE
) {
947 int err
= call_int_hook(path_rename
, 0, new_dir
, new_dentry
,
948 old_dir
, old_dentry
);
953 return call_int_hook(path_rename
, 0, old_dir
, old_dentry
, new_dir
,
956 EXPORT_SYMBOL(security_path_rename
);
958 int security_path_truncate(const struct path
*path
)
960 if (unlikely(IS_PRIVATE(d_backing_inode(path
->dentry
))))
962 return call_int_hook(path_truncate
, 0, path
);
964 EXPORT_SYMBOL_GPL(security_path_truncate
);
966 int security_path_chmod(const struct path
*path
, umode_t mode
)
968 if (unlikely(IS_PRIVATE(d_backing_inode(path
->dentry
))))
970 return call_int_hook(path_chmod
, 0, path
, mode
);
972 EXPORT_SYMBOL_GPL(security_path_chmod
);
974 int security_path_chown(const struct path
*path
, kuid_t uid
, kgid_t gid
)
976 if (unlikely(IS_PRIVATE(d_backing_inode(path
->dentry
))))
978 return call_int_hook(path_chown
, 0, path
, uid
, gid
);
980 EXPORT_SYMBOL_GPL(security_path_chown
);
982 int security_path_chroot(const struct path
*path
)
984 return call_int_hook(path_chroot
, 0, path
);
988 int security_inode_create(struct inode
*dir
, struct dentry
*dentry
, umode_t mode
)
990 if (unlikely(IS_PRIVATE(dir
)))
992 return call_int_hook(inode_create
, 0, dir
, dentry
, mode
);
994 EXPORT_SYMBOL_GPL(security_inode_create
);
996 int security_inode_link(struct dentry
*old_dentry
, struct inode
*dir
,
997 struct dentry
*new_dentry
)
999 if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry
))))
1001 return call_int_hook(inode_link
, 0, old_dentry
, dir
, new_dentry
);
1004 int security_inode_unlink(struct inode
*dir
, struct dentry
*dentry
)
1006 if (unlikely(IS_PRIVATE(d_backing_inode(dentry
))))
1008 return call_int_hook(inode_unlink
, 0, dir
, dentry
);
1011 int security_inode_symlink(struct inode
*dir
, struct dentry
*dentry
,
1012 const char *old_name
)
1014 if (unlikely(IS_PRIVATE(dir
)))
1016 return call_int_hook(inode_symlink
, 0, dir
, dentry
, old_name
);
1019 int security_inode_mkdir(struct inode
*dir
, struct dentry
*dentry
, umode_t mode
)
1021 if (unlikely(IS_PRIVATE(dir
)))
1023 return call_int_hook(inode_mkdir
, 0, dir
, dentry
, mode
);
1025 EXPORT_SYMBOL_GPL(security_inode_mkdir
);
1027 int security_inode_rmdir(struct inode
*dir
, struct dentry
*dentry
)
1029 if (unlikely(IS_PRIVATE(d_backing_inode(dentry
))))
1031 return call_int_hook(inode_rmdir
, 0, dir
, dentry
);
1034 int security_inode_mknod(struct inode
*dir
, struct dentry
*dentry
, umode_t mode
, dev_t dev
)
1036 if (unlikely(IS_PRIVATE(dir
)))
1038 return call_int_hook(inode_mknod
, 0, dir
, dentry
, mode
, dev
);
1041 int security_inode_rename(struct inode
*old_dir
, struct dentry
*old_dentry
,
1042 struct inode
*new_dir
, struct dentry
*new_dentry
,
1045 if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry
)) ||
1046 (d_is_positive(new_dentry
) && IS_PRIVATE(d_backing_inode(new_dentry
)))))
1049 if (flags
& RENAME_EXCHANGE
) {
1050 int err
= call_int_hook(inode_rename
, 0, new_dir
, new_dentry
,
1051 old_dir
, old_dentry
);
1056 return call_int_hook(inode_rename
, 0, old_dir
, old_dentry
,
1057 new_dir
, new_dentry
);
1060 int security_inode_readlink(struct dentry
*dentry
)
1062 if (unlikely(IS_PRIVATE(d_backing_inode(dentry
))))
1064 return call_int_hook(inode_readlink
, 0, dentry
);
1066 EXPORT_SYMBOL_GPL(security_inode_readlink
);
1068 int security_inode_follow_link(struct dentry
*dentry
, struct inode
*inode
,
1071 if (unlikely(IS_PRIVATE(inode
)))
1073 return call_int_hook(inode_follow_link
, 0, dentry
, inode
, rcu
);
1076 int security_inode_permission(struct inode
*inode
, int mask
)
1078 if (unlikely(IS_PRIVATE(inode
)))
1080 return call_int_hook(inode_permission
, 0, inode
, mask
);
1082 EXPORT_SYMBOL_GPL(security_inode_permission
);
1084 int security_inode_setattr(struct dentry
*dentry
, struct iattr
*attr
)
1088 if (unlikely(IS_PRIVATE(d_backing_inode(dentry
))))
1090 ret
= call_int_hook(inode_setattr
, 0, dentry
, attr
);
1093 return evm_inode_setattr(dentry
, attr
);
1095 EXPORT_SYMBOL_GPL(security_inode_setattr
);
1097 int security_inode_getattr(const struct path
*path
)
1099 if (unlikely(IS_PRIVATE(d_backing_inode(path
->dentry
))))
1101 return call_int_hook(inode_getattr
, 0, path
);
1104 int security_inode_setxattr(struct dentry
*dentry
, const char *name
,
1105 const void *value
, size_t size
, int flags
)
1109 if (unlikely(IS_PRIVATE(d_backing_inode(dentry
))))
1112 * SELinux and Smack integrate the cap call,
1113 * so assume that all LSMs supplying this call do so.
1115 ret
= call_int_hook(inode_setxattr
, 1, dentry
, name
, value
, size
,
1119 ret
= cap_inode_setxattr(dentry
, name
, value
, size
, flags
);
1122 ret
= ima_inode_setxattr(dentry
, name
, value
, size
);
1125 return evm_inode_setxattr(dentry
, name
, value
, size
);
1128 void security_inode_post_setxattr(struct dentry
*dentry
, const char *name
,
1129 const void *value
, size_t size
, int flags
)
1131 if (unlikely(IS_PRIVATE(d_backing_inode(dentry
))))
1133 call_void_hook(inode_post_setxattr
, dentry
, name
, value
, size
, flags
);
1134 evm_inode_post_setxattr(dentry
, name
, value
, size
);
1137 int security_inode_getxattr(struct dentry
*dentry
, const char *name
)
1139 if (unlikely(IS_PRIVATE(d_backing_inode(dentry
))))
1141 return call_int_hook(inode_getxattr
, 0, dentry
, name
);
1144 int security_inode_listxattr(struct dentry
*dentry
)
1146 if (unlikely(IS_PRIVATE(d_backing_inode(dentry
))))
1148 return call_int_hook(inode_listxattr
, 0, dentry
);
1151 int security_inode_removexattr(struct dentry
*dentry
, const char *name
)
1155 if (unlikely(IS_PRIVATE(d_backing_inode(dentry
))))
1158 * SELinux and Smack integrate the cap call,
1159 * so assume that all LSMs supplying this call do so.
1161 ret
= call_int_hook(inode_removexattr
, 1, dentry
, name
);
1163 ret
= cap_inode_removexattr(dentry
, name
);
1166 ret
= ima_inode_removexattr(dentry
, name
);
1169 return evm_inode_removexattr(dentry
, name
);
1172 int security_inode_need_killpriv(struct dentry
*dentry
)
1174 return call_int_hook(inode_need_killpriv
, 0, dentry
);
1177 int security_inode_killpriv(struct dentry
*dentry
)
1179 return call_int_hook(inode_killpriv
, 0, dentry
);
1182 int security_inode_getsecurity(struct inode
*inode
, const char *name
, void **buffer
, bool alloc
)
1184 struct security_hook_list
*hp
;
1187 if (unlikely(IS_PRIVATE(inode
)))
1190 * Only one module will provide an attribute with a given name.
1192 list_for_each_entry(hp
, &security_hook_heads
.inode_getsecurity
, list
) {
1193 rc
= hp
->hook
.inode_getsecurity(inode
, name
, buffer
, alloc
);
1194 if (rc
!= -EOPNOTSUPP
)
1200 int security_inode_setsecurity(struct inode
*inode
, const char *name
, const void *value
, size_t size
, int flags
)
1202 struct security_hook_list
*hp
;
1205 if (unlikely(IS_PRIVATE(inode
)))
1208 * Only one module will provide an attribute with a given name.
1210 list_for_each_entry(hp
, &security_hook_heads
.inode_setsecurity
, list
) {
1211 rc
= hp
->hook
.inode_setsecurity(inode
, name
, value
, size
,
1213 if (rc
!= -EOPNOTSUPP
)
1219 int security_inode_listsecurity(struct inode
*inode
, char *buffer
, size_t buffer_size
)
1221 if (unlikely(IS_PRIVATE(inode
)))
1223 return call_int_hook(inode_listsecurity
, 0, inode
, buffer
, buffer_size
);
1225 EXPORT_SYMBOL(security_inode_listsecurity
);
1227 void security_inode_getsecid(struct inode
*inode
, u32
*secid
)
1229 call_void_hook(inode_getsecid
, inode
, secid
);
1232 int security_inode_copy_up(struct dentry
*src
, struct cred
**new)
1234 return call_int_hook(inode_copy_up
, 0, src
, new);
1236 EXPORT_SYMBOL(security_inode_copy_up
);
1238 int security_inode_copy_up_xattr(const char *name
)
1240 return call_int_hook(inode_copy_up_xattr
, -EOPNOTSUPP
, name
);
1242 EXPORT_SYMBOL(security_inode_copy_up_xattr
);
1244 int security_file_permission(struct file
*file
, int mask
)
1248 ret
= call_int_hook(file_permission
, 0, file
, mask
);
1252 return fsnotify_perm(file
, mask
);
1254 EXPORT_SYMBOL_GPL(security_file_permission
);
1256 int security_file_alloc(struct file
*file
)
1258 int rc
= lsm_file_alloc(file
);
1262 return call_int_hook(file_alloc_security
, 0, file
);
1265 void security_file_free(struct file
*file
)
1267 call_void_hook(file_free_security
, file
);
1269 kfree(file
->f_security
);
1270 file
->f_security
= NULL
;
1273 int security_file_ioctl(struct file
*file
, unsigned int cmd
, unsigned long arg
)
1275 return call_int_hook(file_ioctl
, 0, file
, cmd
, arg
);
1278 static inline unsigned long mmap_prot(struct file
*file
, unsigned long prot
)
1281 * Does we have PROT_READ and does the application expect
1282 * it to imply PROT_EXEC? If not, nothing to talk about...
1284 if ((prot
& (PROT_READ
| PROT_EXEC
)) != PROT_READ
)
1286 if (!(current
->personality
& READ_IMPLIES_EXEC
))
1289 * if that's an anonymous mapping, let it.
1292 return prot
| PROT_EXEC
;
1294 * ditto if it's not on noexec mount, except that on !MMU we need
1295 * NOMMU_MAP_EXEC (== VM_MAYEXEC) in this case
1297 if (!path_noexec(&file
->f_path
)) {
1299 if (file
->f_op
->mmap_capabilities
) {
1300 unsigned caps
= file
->f_op
->mmap_capabilities(file
);
1301 if (!(caps
& NOMMU_MAP_EXEC
))
1305 return prot
| PROT_EXEC
;
1307 /* anything on noexec mount won't get PROT_EXEC */
1311 int security_mmap_file(struct file
*file
, unsigned long prot
,
1312 unsigned long flags
)
1315 ret
= call_int_hook(mmap_file
, 0, file
, prot
,
1316 mmap_prot(file
, prot
), flags
);
1319 return ima_file_mmap(file
, prot
);
1321 EXPORT_SYMBOL_GPL(security_mmap_file
);
1323 int security_mmap_addr(unsigned long addr
)
1325 return call_int_hook(mmap_addr
, 0, addr
);
1328 int security_file_mprotect(struct vm_area_struct
*vma
, unsigned long reqprot
,
1331 return call_int_hook(file_mprotect
, 0, vma
, reqprot
, prot
);
1334 int security_file_lock(struct file
*file
, unsigned int cmd
)
1336 return call_int_hook(file_lock
, 0, file
, cmd
);
1339 int security_file_fcntl(struct file
*file
, unsigned int cmd
, unsigned long arg
)
1341 return call_int_hook(file_fcntl
, 0, file
, cmd
, arg
);
1344 void security_file_set_fowner(struct file
*file
)
1346 call_void_hook(file_set_fowner
, file
);
1349 int security_file_send_sigiotask(struct task_struct
*tsk
,
1350 struct fown_struct
*fown
, int sig
)
1352 return call_int_hook(file_send_sigiotask
, 0, tsk
, fown
, sig
);
1355 int security_file_receive(struct file
*file
)
1357 return call_int_hook(file_receive
, 0, file
);
1360 int security_file_open(struct file
*file
, const struct cred
*cred
)
1364 ret
= call_int_hook(file_open
, 0, file
, cred
);
1368 return fsnotify_perm(file
, MAY_OPEN
);
1371 int security_task_create(unsigned long clone_flags
)
1373 return call_int_hook(task_create
, 0, clone_flags
);
1376 int security_task_alloc(struct task_struct
*task
, unsigned long clone_flags
)
1378 int rc
= lsm_task_alloc(task
);
1382 return call_int_hook(task_alloc
, 0, task
, clone_flags
);
1385 void security_task_free(struct task_struct
*task
)
1387 call_void_hook(task_free
, task
);
1389 kfree(task
->security
);
1390 task
->security
= NULL
;
1393 int security_cred_alloc_blank(struct cred
*cred
, gfp_t gfp
)
1395 int rc
= lsm_cred_alloc(cred
, gfp
);
1400 return call_int_hook(cred_alloc_blank
, 0, cred
, gfp
);
1403 void security_cred_free(struct cred
*cred
)
1405 call_void_hook(cred_free
, cred
);
1407 kfree(cred
->security
);
1408 cred
->security
= NULL
;
1411 int security_prepare_creds(struct cred
*new, const struct cred
*old
, gfp_t gfp
)
1413 int rc
= lsm_cred_alloc(new, gfp
);
1418 return call_int_hook(cred_prepare
, 0, new, old
, gfp
);
1421 void security_transfer_creds(struct cred
*new, const struct cred
*old
)
1423 call_void_hook(cred_transfer
, new, old
);
1426 int security_kernel_act_as(struct cred
*new, u32 secid
)
1428 return call_int_hook(kernel_act_as
, 0, new, secid
);
1431 int security_kernel_create_files_as(struct cred
*new, struct inode
*inode
)
1433 return call_int_hook(kernel_create_files_as
, 0, new, inode
);
1436 int security_kernel_module_request(char *kmod_name
)
1438 return call_int_hook(kernel_module_request
, 0, kmod_name
);
1441 int security_kernel_read_file(struct file
*file
, enum kernel_read_file_id id
)
1445 ret
= call_int_hook(kernel_read_file
, 0, file
, id
);
1448 return ima_read_file(file
, id
);
1450 EXPORT_SYMBOL_GPL(security_kernel_read_file
);
1452 int security_kernel_post_read_file(struct file
*file
, char *buf
, loff_t size
,
1453 enum kernel_read_file_id id
)
1457 ret
= call_int_hook(kernel_post_read_file
, 0, file
, buf
, size
, id
);
1460 return ima_post_read_file(file
, buf
, size
, id
);
1462 EXPORT_SYMBOL_GPL(security_kernel_post_read_file
);
1464 int security_task_fix_setuid(struct cred
*new, const struct cred
*old
,
1467 return call_int_hook(task_fix_setuid
, 0, new, old
, flags
);
1470 int security_task_setpgid(struct task_struct
*p
, pid_t pgid
)
1472 return call_int_hook(task_setpgid
, 0, p
, pgid
);
1475 int security_task_getpgid(struct task_struct
*p
)
1477 return call_int_hook(task_getpgid
, 0, p
);
1480 int security_task_getsid(struct task_struct
*p
)
1482 return call_int_hook(task_getsid
, 0, p
);
1485 void security_task_getsecid(struct task_struct
*p
, u32
*secid
)
1488 call_void_hook(task_getsecid
, p
, secid
);
1490 EXPORT_SYMBOL(security_task_getsecid
);
1492 int security_task_setnice(struct task_struct
*p
, int nice
)
1494 return call_int_hook(task_setnice
, 0, p
, nice
);
1497 int security_task_setioprio(struct task_struct
*p
, int ioprio
)
1499 return call_int_hook(task_setioprio
, 0, p
, ioprio
);
1502 int security_task_getioprio(struct task_struct
*p
)
1504 return call_int_hook(task_getioprio
, 0, p
);
1507 int security_task_prlimit(const struct cred
*cred
, const struct cred
*tcred
,
1510 return call_int_hook(task_prlimit
, 0, cred
, tcred
, flags
);
1513 int security_task_setrlimit(struct task_struct
*p
, unsigned int resource
,
1514 struct rlimit
*new_rlim
)
1516 return call_int_hook(task_setrlimit
, 0, p
, resource
, new_rlim
);
1519 int security_task_setscheduler(struct task_struct
*p
)
1521 return call_int_hook(task_setscheduler
, 0, p
);
1524 int security_task_getscheduler(struct task_struct
*p
)
1526 return call_int_hook(task_getscheduler
, 0, p
);
1529 int security_task_movememory(struct task_struct
*p
)
1531 return call_int_hook(task_movememory
, 0, p
);
1534 int security_task_kill(struct task_struct
*p
, struct siginfo
*info
,
1537 return call_int_hook(task_kill
, 0, p
, info
, sig
, secid
);
1540 int security_task_prctl(int option
, unsigned long arg2
, unsigned long arg3
,
1541 unsigned long arg4
, unsigned long arg5
)
1545 struct security_hook_list
*hp
;
1547 list_for_each_entry(hp
, &security_hook_heads
.task_prctl
, list
) {
1548 thisrc
= hp
->hook
.task_prctl(option
, arg2
, arg3
, arg4
, arg5
);
1549 if (thisrc
!= -ENOSYS
) {
1558 void security_task_to_inode(struct task_struct
*p
, struct inode
*inode
)
1560 call_void_hook(task_to_inode
, p
, inode
);
1563 int security_ipc_permission(struct kern_ipc_perm
*ipcp
, short flag
)
1565 return call_int_hook(ipc_permission
, 0, ipcp
, flag
);
1568 void security_ipc_getsecid(struct kern_ipc_perm
*ipcp
, u32
*secid
)
1571 call_void_hook(ipc_getsecid
, ipcp
, secid
);
1574 int security_msg_msg_alloc(struct msg_msg
*msg
)
1576 int rc
= lsm_msg_msg_alloc(msg
);
1580 return call_int_hook(msg_msg_alloc_security
, 0, msg
);
1583 void security_msg_msg_free(struct msg_msg
*msg
)
1585 call_void_hook(msg_msg_free_security
, msg
);
1586 kfree(msg
->security
);
1587 msg
->security
= NULL
;
1590 int security_msg_queue_alloc(struct msg_queue
*msq
)
1592 int rc
= lsm_ipc_alloc(&msq
->q_perm
);
1596 return call_int_hook(msg_queue_alloc_security
, 0, msq
);
1599 void security_msg_queue_free(struct msg_queue
*msq
)
1601 struct kern_ipc_perm
*kip
= &msq
->q_perm
;
1603 call_void_hook(msg_queue_free_security
, msq
);
1604 kfree(kip
->security
);
1605 kip
->security
= NULL
;
1608 int security_msg_queue_associate(struct msg_queue
*msq
, int msqflg
)
1610 return call_int_hook(msg_queue_associate
, 0, msq
, msqflg
);
1613 int security_msg_queue_msgctl(struct msg_queue
*msq
, int cmd
)
1615 return call_int_hook(msg_queue_msgctl
, 0, msq
, cmd
);
1618 int security_msg_queue_msgsnd(struct msg_queue
*msq
,
1619 struct msg_msg
*msg
, int msqflg
)
1621 return call_int_hook(msg_queue_msgsnd
, 0, msq
, msg
, msqflg
);
1624 int security_msg_queue_msgrcv(struct msg_queue
*msq
, struct msg_msg
*msg
,
1625 struct task_struct
*target
, long type
, int mode
)
1627 return call_int_hook(msg_queue_msgrcv
, 0, msq
, msg
, target
, type
, mode
);
1630 int security_shm_alloc(struct shmid_kernel
*shp
)
1632 int rc
= lsm_ipc_alloc(&shp
->shm_perm
);
1636 return call_int_hook(shm_alloc_security
, 0, shp
);
1639 void security_shm_free(struct shmid_kernel
*shp
)
1641 struct kern_ipc_perm
*kip
= &shp
->shm_perm
;
1643 call_void_hook(shm_free_security
, shp
);
1644 kfree(kip
->security
);
1645 kip
->security
= NULL
;
1648 int security_shm_associate(struct shmid_kernel
*shp
, int shmflg
)
1650 return call_int_hook(shm_associate
, 0, shp
, shmflg
);
1653 int security_shm_shmctl(struct shmid_kernel
*shp
, int cmd
)
1655 return call_int_hook(shm_shmctl
, 0, shp
, cmd
);
1658 int security_shm_shmat(struct shmid_kernel
*shp
, char __user
*shmaddr
, int shmflg
)
1660 return call_int_hook(shm_shmat
, 0, shp
, shmaddr
, shmflg
);
1663 int security_sem_alloc(struct sem_array
*sma
)
1665 int rc
= lsm_ipc_alloc(&sma
->sem_perm
);
1669 return call_int_hook(sem_alloc_security
, 0, sma
);
1672 void security_sem_free(struct sem_array
*sma
)
1674 struct kern_ipc_perm
*kip
= &sma
->sem_perm
;
1676 call_void_hook(sem_free_security
, sma
);
1677 kfree(kip
->security
);
1678 kip
->security
= NULL
;
1681 int security_sem_associate(struct sem_array
*sma
, int semflg
)
1683 return call_int_hook(sem_associate
, 0, sma
, semflg
);
1686 int security_sem_semctl(struct sem_array
*sma
, int cmd
)
1688 return call_int_hook(sem_semctl
, 0, sma
, cmd
);
1691 int security_sem_semop(struct sem_array
*sma
, struct sembuf
*sops
,
1692 unsigned nsops
, int alter
)
1694 return call_int_hook(sem_semop
, 0, sma
, sops
, nsops
, alter
);
1697 void security_d_instantiate(struct dentry
*dentry
, struct inode
*inode
)
1699 if (unlikely(inode
&& IS_PRIVATE(inode
)))
1701 call_void_hook(d_instantiate
, dentry
, inode
);
1703 EXPORT_SYMBOL(security_d_instantiate
);
1705 int security_getprocattr(struct task_struct
*p
, const char *lsm
, char *name
,
1708 struct security_hook_list
*hp
;
1715 * "context" requires work here in addition to what
1716 * the modules provide.
1718 if (strcmp(name
, "context") == 0) {
1721 list_for_each_entry(hp
,
1722 &security_hook_heads
.getprocattr
, list
) {
1723 if (lsm
!= NULL
&& strcmp(lsm
, hp
->lsm
))
1725 trc
= hp
->hook
.getprocattr(p
, "context", &vp
);
1733 if (*value
== NULL
) {
1736 cp
= kasprintf(GFP_KERNEL
, "%s,%s", *value
, vp
);
1748 return strlen(*value
);
1752 list_for_each_entry(hp
, &security_hook_heads
.getprocattr
, list
) {
1753 if (lsm
!= NULL
&& strcmp(lsm
, hp
->lsm
))
1755 rc
= hp
->hook
.getprocattr(p
, name
, value
);
1762 int security_setprocattr(const char *lsm
, const char *name
, void *value
,
1765 struct security_hook_list
*hp
;
1773 * If lsm is NULL look at all the modules to find one
1774 * that processes name. If lsm is not NULL only look at
1777 * "context" is handled directly here.
1779 if (strcmp(name
, "context") == 0) {
1781 * First verify that the input is acceptable.
1782 * lsm1='v1'lsm2='v2'lsm3='v3'
1784 * A note on the use of strncmp() below.
1785 * The check is for the substring at the beginning of cp.
1786 * The kzalloc of size + 1 ensures a terminated string.
1789 local
= kzalloc(size
+ 1, GFP_KERNEL
);
1790 memcpy(local
, value
, size
);
1792 list_for_each_entry(hp
, &security_hook_heads
.setprocattr
,
1794 if (lsm
!= NULL
&& strcmp(lsm
, hp
->lsm
))
1801 slen
= strlen(hp
->lsm
);
1802 if (strncmp(cp
, hp
->lsm
, slen
))
1805 if (cp
[0] != '=' || cp
[1] != '\'' || cp
[2] == '\'')
1807 for (cp
+= 2; cp
[0] != '\''; cp
++)
1814 list_for_each_entry(hp
, &security_hook_heads
.setprocattr
,
1816 if (lsm
!= NULL
&& strcmp(lsm
, hp
->lsm
))
1820 cp
+= strlen(hp
->lsm
) + 2;
1821 for (slen
= 0; cp
[slen
] != '\''; slen
++)
1825 rc
= hp
->hook
.setprocattr("context", cp
, slen
);
1839 list_for_each_entry(hp
, &security_hook_heads
.setprocattr
, list
) {
1840 if (lsm
!= NULL
&& strcmp(lsm
, hp
->lsm
))
1842 rc
= hp
->hook
.setprocattr(name
, value
, size
);
1849 int security_netlink_send(struct sock
*sk
, struct sk_buff
*skb
)
1851 return call_int_hook(netlink_send
, 0, sk
, skb
);
1854 int security_ismaclabel(const char *name
)
1856 return call_int_hook(ismaclabel
, 0, name
);
1858 EXPORT_SYMBOL(security_ismaclabel
);
1860 int security_secid_to_secctx(u32 secid
, char **secdata
, u32
*seclen
)
1862 return call_int_hook(secid_to_secctx
, -EOPNOTSUPP
, secid
, secdata
,
1865 EXPORT_SYMBOL(security_secid_to_secctx
);
1867 int security_secctx_to_secid(const char *secdata
, u32 seclen
, u32
*secid
)
1870 return call_int_hook(secctx_to_secid
, 0, secdata
, seclen
, secid
);
1872 EXPORT_SYMBOL(security_secctx_to_secid
);
1874 void security_release_secctx(char *secdata
, u32 seclen
)
1876 call_void_hook(release_secctx
, secdata
, seclen
);
1878 EXPORT_SYMBOL(security_release_secctx
);
1880 void security_inode_invalidate_secctx(struct inode
*inode
)
1882 call_void_hook(inode_invalidate_secctx
, inode
);
1884 EXPORT_SYMBOL(security_inode_invalidate_secctx
);
1886 int security_inode_notifysecctx(struct inode
*inode
, void *ctx
, u32 ctxlen
)
1888 return call_int_hook(inode_notifysecctx
, 0, inode
, ctx
, ctxlen
);
1890 EXPORT_SYMBOL(security_inode_notifysecctx
);
1892 int security_inode_setsecctx(struct dentry
*dentry
, void *ctx
, u32 ctxlen
)
1894 return call_int_hook(inode_setsecctx
, 0, dentry
, ctx
, ctxlen
);
1896 EXPORT_SYMBOL(security_inode_setsecctx
);
1898 int security_inode_getsecctx(struct inode
*inode
, void **ctx
, u32
*ctxlen
)
1900 return call_int_hook(inode_getsecctx
, -EOPNOTSUPP
, inode
, ctx
, ctxlen
);
1902 EXPORT_SYMBOL(security_inode_getsecctx
);
1904 #ifdef CONFIG_SECURITY_NETWORK
1906 int security_unix_stream_connect(struct sock
*sock
, struct sock
*other
, struct sock
*newsk
)
1908 return call_int_hook(unix_stream_connect
, 0, sock
, other
, newsk
);
1910 EXPORT_SYMBOL(security_unix_stream_connect
);
1912 int security_unix_may_send(struct socket
*sock
, struct socket
*other
)
1914 return call_int_hook(unix_may_send
, 0, sock
, other
);
1916 EXPORT_SYMBOL(security_unix_may_send
);
1918 int security_socket_create(int family
, int type
, int protocol
, int kern
)
1920 return call_int_hook(socket_create
, 0, family
, type
, protocol
, kern
);
1923 int security_socket_post_create(struct socket
*sock
, int family
,
1924 int type
, int protocol
, int kern
)
1926 return call_int_hook(socket_post_create
, 0, sock
, family
, type
,
1930 int security_socket_bind(struct socket
*sock
, struct sockaddr
*address
, int addrlen
)
1932 return call_int_hook(socket_bind
, 0, sock
, address
, addrlen
);
1935 int security_socket_connect(struct socket
*sock
, struct sockaddr
*address
, int addrlen
)
1937 return call_int_hook(socket_connect
, 0, sock
, address
, addrlen
);
1940 int security_socket_listen(struct socket
*sock
, int backlog
)
1942 return call_int_hook(socket_listen
, 0, sock
, backlog
);
1945 int security_socket_accept(struct socket
*sock
, struct socket
*newsock
)
1947 return call_int_hook(socket_accept
, 0, sock
, newsock
);
1950 int security_socket_sendmsg(struct socket
*sock
, struct msghdr
*msg
, int size
)
1952 return call_int_hook(socket_sendmsg
, 0, sock
, msg
, size
);
1955 int security_socket_recvmsg(struct socket
*sock
, struct msghdr
*msg
,
1956 int size
, int flags
)
1958 return call_int_hook(socket_recvmsg
, 0, sock
, msg
, size
, flags
);
1961 int security_socket_getsockname(struct socket
*sock
)
1963 return call_int_hook(socket_getsockname
, 0, sock
);
1966 int security_socket_getpeername(struct socket
*sock
)
1968 return call_int_hook(socket_getpeername
, 0, sock
);
1971 int security_socket_getsockopt(struct socket
*sock
, int level
, int optname
)
1973 return call_int_hook(socket_getsockopt
, 0, sock
, level
, optname
);
1976 int security_socket_setsockopt(struct socket
*sock
, int level
, int optname
)
1978 return call_int_hook(socket_setsockopt
, 0, sock
, level
, optname
);
1981 int security_socket_shutdown(struct socket
*sock
, int how
)
1983 return call_int_hook(socket_shutdown
, 0, sock
, how
);
1986 int security_sock_rcv_skb(struct sock
*sk
, struct sk_buff
*skb
)
1988 return call_int_hook(socket_sock_rcv_skb
, 0, sk
, skb
);
1990 EXPORT_SYMBOL(security_sock_rcv_skb
);
1992 int security_socket_getpeersec_stream(struct socket
*sock
, char __user
*optval
,
1993 int __user
*optlen
, unsigned len
)
1995 return call_int_hook(socket_getpeersec_stream
, -ENOPROTOOPT
, sock
,
1996 optval
, optlen
, len
);
1999 int security_socket_getpeersec_dgram(struct socket
*sock
, struct sk_buff
*skb
, u32
*secid
)
2001 return call_int_hook(socket_getpeersec_dgram
, -ENOPROTOOPT
, sock
,
2004 EXPORT_SYMBOL(security_socket_getpeersec_dgram
);
2006 int security_sk_alloc(struct sock
*sk
, int family
, gfp_t priority
)
2008 int rc
= lsm_sock_alloc(sk
, priority
);
2012 return call_int_hook(sk_alloc_security
, 0, sk
, family
, priority
);
2015 void security_sk_free(struct sock
*sk
)
2017 call_void_hook(sk_free_security
, sk
);
2018 kfree(sk
->sk_security
);
2019 sk
->sk_security
= NULL
;
2022 void security_sk_clone(const struct sock
*sk
, struct sock
*newsk
)
2024 call_void_hook(sk_clone_security
, sk
, newsk
);
2026 EXPORT_SYMBOL(security_sk_clone
);
2028 void security_sk_classify_flow(struct sock
*sk
, struct flowi
*fl
)
2030 call_void_hook(sk_getsecid
, sk
, &fl
->flowi_secid
);
2032 EXPORT_SYMBOL(security_sk_classify_flow
);
2034 void security_req_classify_flow(const struct request_sock
*req
, struct flowi
*fl
)
2036 call_void_hook(req_classify_flow
, req
, fl
);
2038 EXPORT_SYMBOL(security_req_classify_flow
);
2040 void security_sock_graft(struct sock
*sk
, struct socket
*parent
)
2042 call_void_hook(sock_graft
, sk
, parent
);
2044 EXPORT_SYMBOL(security_sock_graft
);
2046 int security_inet_conn_request(struct sock
*sk
,
2047 struct sk_buff
*skb
, struct request_sock
*req
)
2049 return call_int_hook(inet_conn_request
, 0, sk
, skb
, req
);
2051 EXPORT_SYMBOL(security_inet_conn_request
);
2053 void security_inet_csk_clone(struct sock
*newsk
,
2054 const struct request_sock
*req
)
2056 call_void_hook(inet_csk_clone
, newsk
, req
);
2059 void security_inet_conn_established(struct sock
*sk
,
2060 struct sk_buff
*skb
)
2062 call_void_hook(inet_conn_established
, sk
, skb
);
2065 int security_secmark_relabel_packet(u32 secid
)
2067 return call_int_hook(secmark_relabel_packet
, 0, secid
);
2069 EXPORT_SYMBOL(security_secmark_relabel_packet
);
2071 void security_secmark_refcount_inc(void)
2073 call_void_hook(secmark_refcount_inc
);
2075 EXPORT_SYMBOL(security_secmark_refcount_inc
);
2077 void security_secmark_refcount_dec(void)
2079 call_void_hook(secmark_refcount_dec
);
2081 EXPORT_SYMBOL(security_secmark_refcount_dec
);
2083 int security_tun_dev_alloc_security(void **security
)
2085 return call_int_hook(tun_dev_alloc_security
, 0, security
);
2087 EXPORT_SYMBOL(security_tun_dev_alloc_security
);
2089 void security_tun_dev_free_security(void *security
)
2091 call_void_hook(tun_dev_free_security
, security
);
2093 EXPORT_SYMBOL(security_tun_dev_free_security
);
2095 int security_tun_dev_create(void)
2097 return call_int_hook(tun_dev_create
, 0);
2099 EXPORT_SYMBOL(security_tun_dev_create
);
2101 int security_tun_dev_attach_queue(void *security
)
2103 return call_int_hook(tun_dev_attach_queue
, 0, security
);
2105 EXPORT_SYMBOL(security_tun_dev_attach_queue
);
2107 int security_tun_dev_attach(struct sock
*sk
, void *security
)
2109 return call_int_hook(tun_dev_attach
, 0, sk
, security
);
2111 EXPORT_SYMBOL(security_tun_dev_attach
);
2113 int security_tun_dev_open(void *security
)
2115 return call_int_hook(tun_dev_open
, 0, security
);
2117 EXPORT_SYMBOL(security_tun_dev_open
);
2119 #endif /* CONFIG_SECURITY_NETWORK */
2121 #ifdef CONFIG_SECURITY_INFINIBAND
2123 int security_ib_pkey_access(void *sec
, u64 subnet_prefix
, u16 pkey
)
2125 return call_int_hook(ib_pkey_access
, 0, sec
, subnet_prefix
, pkey
);
2127 EXPORT_SYMBOL(security_ib_pkey_access
);
2129 int security_ib_endport_manage_subnet(void *sec
, const char *dev_name
, u8 port_num
)
2131 return call_int_hook(ib_endport_manage_subnet
, 0, sec
, dev_name
, port_num
);
2133 EXPORT_SYMBOL(security_ib_endport_manage_subnet
);
2135 int security_ib_alloc_security(void **sec
)
2137 return call_int_hook(ib_alloc_security
, 0, sec
);
2139 EXPORT_SYMBOL(security_ib_alloc_security
);
2141 void security_ib_free_security(void *sec
)
2143 call_void_hook(ib_free_security
, sec
);
2145 EXPORT_SYMBOL(security_ib_free_security
);
2146 #endif /* CONFIG_SECURITY_INFINIBAND */
2148 #ifdef CONFIG_SECURITY_NETWORK_XFRM
2150 int security_xfrm_policy_alloc(struct xfrm_sec_ctx
**ctxp
,
2151 struct xfrm_user_sec_ctx
*sec_ctx
,
2154 return call_int_hook(xfrm_policy_alloc_security
, 0, ctxp
, sec_ctx
, gfp
);
2156 EXPORT_SYMBOL(security_xfrm_policy_alloc
);
2158 int security_xfrm_policy_clone(struct xfrm_sec_ctx
*old_ctx
,
2159 struct xfrm_sec_ctx
**new_ctxp
)
2161 return call_int_hook(xfrm_policy_clone_security
, 0, old_ctx
, new_ctxp
);
2164 void security_xfrm_policy_free(struct xfrm_sec_ctx
*ctx
)
2166 call_void_hook(xfrm_policy_free_security
, ctx
);
2168 EXPORT_SYMBOL(security_xfrm_policy_free
);
2170 int security_xfrm_policy_delete(struct xfrm_sec_ctx
*ctx
)
2172 return call_int_hook(xfrm_policy_delete_security
, 0, ctx
);
2175 int security_xfrm_state_alloc(struct xfrm_state
*x
,
2176 struct xfrm_user_sec_ctx
*sec_ctx
)
2178 return call_int_hook(xfrm_state_alloc
, 0, x
, sec_ctx
);
2180 EXPORT_SYMBOL(security_xfrm_state_alloc
);
2182 int security_xfrm_state_alloc_acquire(struct xfrm_state
*x
,
2183 struct xfrm_sec_ctx
*polsec
, u32 secid
)
2185 return call_int_hook(xfrm_state_alloc_acquire
, 0, x
, polsec
, secid
);
2188 int security_xfrm_state_delete(struct xfrm_state
*x
)
2190 return call_int_hook(xfrm_state_delete_security
, 0, x
);
2192 EXPORT_SYMBOL(security_xfrm_state_delete
);
2194 void security_xfrm_state_free(struct xfrm_state
*x
)
2196 call_void_hook(xfrm_state_free_security
, x
);
2199 int security_xfrm_policy_lookup(struct xfrm_sec_ctx
*ctx
, u32 fl_secid
, u8 dir
)
2201 return call_int_hook(xfrm_policy_lookup
, 0, ctx
, fl_secid
, dir
);
2204 int security_xfrm_state_pol_flow_match(struct xfrm_state
*x
,
2205 struct xfrm_policy
*xp
,
2206 const struct flowi
*fl
)
2208 struct security_hook_list
*hp
;
2212 * Since this function is expected to return 0 or 1, the judgment
2213 * becomes difficult if multiple LSMs supply this call. Fortunately,
2214 * we can use the first LSM's judgment because currently only SELinux
2215 * supplies this call.
2217 * For speed optimization, we explicitly break the loop rather than
2220 list_for_each_entry(hp
, &security_hook_heads
.xfrm_state_pol_flow_match
,
2222 rc
= hp
->hook
.xfrm_state_pol_flow_match(x
, xp
, fl
);
2228 int security_xfrm_decode_session(struct sk_buff
*skb
, u32
*secid
)
2230 return call_int_hook(xfrm_decode_session
, 0, skb
, secid
, 1);
2233 void security_skb_classify_flow(struct sk_buff
*skb
, struct flowi
*fl
)
2235 int rc
= call_int_hook(xfrm_decode_session
, 0, skb
, &fl
->flowi_secid
,
2240 EXPORT_SYMBOL(security_skb_classify_flow
);
2242 #endif /* CONFIG_SECURITY_NETWORK_XFRM */
2246 int security_key_alloc(struct key
*key
, const struct cred
*cred
,
2247 unsigned long flags
)
2249 int rc
= lsm_key_alloc(key
);
2253 return call_int_hook(key_alloc
, 0, key
, cred
, flags
);
2256 void security_key_free(struct key
*key
)
2258 call_void_hook(key_free
, key
);
2259 kfree(key
->security
);
2260 key
->security
= NULL
;
2263 int security_key_permission(key_ref_t key_ref
,
2264 const struct cred
*cred
, unsigned perm
)
2266 return call_int_hook(key_permission
, 0, key_ref
, cred
, perm
);
2269 int security_key_getsecurity(struct key
*key
, char **_buffer
)
2272 return call_int_hook(key_getsecurity
, 0, key
, _buffer
);
2275 #endif /* CONFIG_KEYS */
2279 int security_audit_rule_init(u32 field
, u32 op
, char *rulestr
, void **lsmrule
)
2281 return call_int_hook(audit_rule_init
, 0, field
, op
, rulestr
, lsmrule
);
2284 int security_audit_rule_known(struct audit_krule
*krule
)
2286 return call_int_hook(audit_rule_known
, 0, krule
);
2289 void security_audit_rule_free(void *lsmrule
)
2291 call_void_hook(audit_rule_free
, lsmrule
);
2294 int security_audit_rule_match(u32 secid
, u32 field
, u32 op
, void *lsmrule
,
2295 struct audit_context
*actx
)
2297 return call_int_hook(audit_rule_match
, 0, secid
, field
, op
, lsmrule
,
2300 #endif /* CONFIG_AUDIT */