Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751877AbbEGVEs (ORCPT ); Thu, 7 May 2015 17:04:48 -0400 Received: from mx1.redhat.com ([209.132.183.28]:52415 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751347AbbEGVEq (ORCPT ); Thu, 7 May 2015 17:04:46 -0400 From: Paul Moore To: Casey Schaufler Cc: James Morris , James Morris , LSM , LKLM , John Johansen , Tetsuo Handa , Stephen Smalley , Eric Paris , Kees Cook Subject: Re: [PATCH 5/7 v22] LSM: Add security module hook list heads Date: Thu, 07 May 2015 17:03:16 -0400 Message-ID: <4808753.XxuTouDxDa@sifl> Organization: Red Hat User-Agent: KMail/4.14.6 (Linux/3.16.7-gentoo; KDE/4.14.7; x86_64; ; ) In-Reply-To: <55454B98.2050008@schaufler-ca.com> References: <55454539.9020204@schaufler-ca.com> <55454B98.2050008@schaufler-ca.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 50379 Lines: 1145 On Saturday, May 02, 2015 03:11:36 PM Casey Schaufler wrote: > Subject: [PATCH 5/7 v22] LSM: Add security module hook list heads > > Add a list header for each security hook. They aren't used until > later in the patch series. They are grouped together in a structure > so that there doesn't need to be an external address for each. > > Macro-ize the initialization of the security_operations > for each security module in anticipation of changing out > the security_operations structure. > > Signed-off-by: Casey Schaufler Acked-by: Paul Moore > diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h > index b798c07..bbbf6fe 100644 > --- a/include/linux/lsm_hooks.h > +++ b/include/linux/lsm_hooks.h > @@ -1626,6 +1626,226 @@ struct security_operations { > #endif /* CONFIG_AUDIT */ > }; > > +struct security_hook_heads { > + struct list_head binder_set_context_mgr; > + struct list_head binder_transaction; > + struct list_head binder_transfer_binder; > + struct list_head binder_transfer_file; > + struct list_head ptrace_access_check; > + struct list_head ptrace_traceme; > + struct list_head capget; > + struct list_head capset; > + struct list_head capable; > + struct list_head quotactl; > + struct list_head quota_on; > + struct list_head syslog; > + struct list_head settime; > + struct list_head vm_enough_memory; > + struct list_head bprm_set_creds; > + struct list_head bprm_check_security; > + struct list_head bprm_secureexec; > + struct list_head bprm_committing_creds; > + struct list_head bprm_committed_creds; > + struct list_head sb_alloc_security; > + struct list_head sb_free_security; > + struct list_head sb_copy_data; > + struct list_head sb_remount; > + struct list_head sb_kern_mount; > + struct list_head sb_show_options; > + struct list_head sb_statfs; > + struct list_head sb_mount; > + struct list_head sb_umount; > + struct list_head sb_pivotroot; > + struct list_head sb_set_mnt_opts; > + struct list_head sb_clone_mnt_opts; > + struct list_head sb_parse_opts_str; > + struct list_head dentry_init_security; > +#ifdef CONFIG_SECURITY_PATH > + struct list_head path_unlink; > + struct list_head path_mkdir; > + struct list_head path_rmdir; > + struct list_head path_mknod; > + struct list_head path_truncate; > + struct list_head path_symlink; > + struct list_head path_link; > + struct list_head path_rename; > + struct list_head path_chmod; > + struct list_head path_chown; > + struct list_head path_chroot; > +#endif > + struct list_head inode_alloc_security; > + struct list_head inode_free_security; > + struct list_head inode_init_security; > + struct list_head inode_create; > + struct list_head inode_link; > + struct list_head inode_unlink; > + struct list_head inode_symlink; > + struct list_head inode_mkdir; > + struct list_head inode_rmdir; > + struct list_head inode_mknod; > + struct list_head inode_rename; > + struct list_head inode_readlink; > + struct list_head inode_follow_link; > + struct list_head inode_permission; > + struct list_head inode_setattr; > + struct list_head inode_getattr; > + struct list_head inode_setxattr; > + struct list_head inode_post_setxattr; > + struct list_head inode_getxattr; > + struct list_head inode_listxattr; > + struct list_head inode_removexattr; > + struct list_head inode_need_killpriv; > + struct list_head inode_killpriv; > + struct list_head inode_getsecurity; > + struct list_head inode_setsecurity; > + struct list_head inode_listsecurity; > + struct list_head inode_getsecid; > + struct list_head file_permission; > + struct list_head file_alloc_security; > + struct list_head file_free_security; > + struct list_head file_ioctl; > + struct list_head mmap_addr; > + struct list_head mmap_file; > + struct list_head file_mprotect; > + struct list_head file_lock; > + struct list_head file_fcntl; > + struct list_head file_set_fowner; > + struct list_head file_send_sigiotask; > + struct list_head file_receive; > + struct list_head file_open; > + struct list_head task_create; > + struct list_head task_free; > + struct list_head cred_alloc_blank; > + struct list_head cred_free; > + struct list_head cred_prepare; > + struct list_head cred_transfer; > + struct list_head kernel_act_as; > + struct list_head kernel_create_files_as; > + struct list_head kernel_fw_from_file; > + struct list_head kernel_module_request; > + struct list_head kernel_module_from_file; > + struct list_head task_fix_setuid; > + struct list_head task_setpgid; > + struct list_head task_getpgid; > + struct list_head task_getsid; > + struct list_head task_getsecid; > + struct list_head task_setnice; > + struct list_head task_setioprio; > + struct list_head task_getioprio; > + struct list_head task_setrlimit; > + struct list_head task_setscheduler; > + struct list_head task_getscheduler; > + struct list_head task_movememory; > + struct list_head task_kill; > + struct list_head task_wait; > + struct list_head task_prctl; > + struct list_head task_to_inode; > + struct list_head ipc_permission; > + struct list_head ipc_getsecid; > + struct list_head msg_msg_alloc_security; > + struct list_head msg_msg_free_security; > + struct list_head msg_queue_alloc_security; > + struct list_head msg_queue_free_security; > + struct list_head msg_queue_associate; > + struct list_head msg_queue_msgctl; > + struct list_head msg_queue_msgsnd; > + struct list_head msg_queue_msgrcv; > + struct list_head shm_alloc_security; > + struct list_head shm_free_security; > + struct list_head shm_associate; > + struct list_head shm_shmctl; > + struct list_head shm_shmat; > + struct list_head sem_alloc_security; > + struct list_head sem_free_security; > + struct list_head sem_associate; > + struct list_head sem_semctl; > + struct list_head sem_semop; > + struct list_head netlink_send; > + struct list_head d_instantiate; > + struct list_head getprocattr; > + struct list_head setprocattr; > + struct list_head ismaclabel; > + struct list_head secid_to_secctx; > + struct list_head secctx_to_secid; > + struct list_head release_secctx; > + struct list_head inode_notifysecctx; > + struct list_head inode_setsecctx; > + struct list_head inode_getsecctx; > +#ifdef CONFIG_SECURITY_NETWORK > + struct list_head unix_stream_connect; > + struct list_head unix_may_send; > + struct list_head socket_create; > + struct list_head socket_post_create; > + struct list_head socket_bind; > + struct list_head socket_connect; > + struct list_head socket_listen; > + struct list_head socket_accept; > + struct list_head socket_sendmsg; > + struct list_head socket_recvmsg; > + struct list_head socket_getsockname; > + struct list_head socket_getpeername; > + struct list_head socket_getsockopt; > + struct list_head socket_setsockopt; > + struct list_head socket_shutdown; > + struct list_head socket_sock_rcv_skb; > + struct list_head socket_getpeersec_stream; > + struct list_head socket_getpeersec_dgram; > + struct list_head sk_alloc_security; > + struct list_head sk_free_security; > + struct list_head sk_clone_security; > + struct list_head sk_getsecid; > + struct list_head sock_graft; > + struct list_head inet_conn_request; > + struct list_head inet_csk_clone; > + struct list_head inet_conn_established; > + struct list_head secmark_relabel_packet; > + struct list_head secmark_refcount_inc; > + struct list_head secmark_refcount_dec; > + struct list_head req_classify_flow; > + struct list_head tun_dev_alloc_security; > + struct list_head tun_dev_free_security; > + struct list_head tun_dev_create; > + struct list_head tun_dev_attach_queue; > + struct list_head tun_dev_attach; > + struct list_head tun_dev_open; > + struct list_head skb_owned_by; > +#endif /* CONFIG_SECURITY_NETWORK */ > +#ifdef CONFIG_SECURITY_NETWORK_XFRM > + struct list_head xfrm_policy_alloc_security; > + struct list_head xfrm_policy_clone_security; > + struct list_head xfrm_policy_free_security; > + struct list_head xfrm_policy_delete_security; > + struct list_head xfrm_state_alloc; > + struct list_head xfrm_state_alloc_acquire; > + struct list_head xfrm_state_free_security; > + struct list_head xfrm_state_delete_security; > + struct list_head xfrm_policy_lookup; > + struct list_head xfrm_state_pol_flow_match; > + struct list_head xfrm_decode_session; > +#endif /* CONFIG_SECURITY_NETWORK_XFRM */ > +#ifdef CONFIG_KEYS > + struct list_head key_alloc; > + struct list_head key_free; > + struct list_head key_permission; > + struct list_head key_getsecurity; > +#endif /* CONFIG_KEYS */ > +#ifdef CONFIG_AUDIT > + struct list_head audit_rule_init; > + struct list_head audit_rule_known; > + struct list_head audit_rule_match; > + struct list_head audit_rule_free; > +#endif /* CONFIG_AUDIT */ > +}; > + > +/* > + * Initializing a security_hook_list structure takes > + * up a lot of space in a source file. This macro takes > + * care of the common case and reduces the amount of > + * text involved. > + * Casey says: Comment is true in the next patch. > + */ > +#define LSM_HOOK_INIT(HEAD, HOOK) .HEAD = HOOK > + > /* prototypes */ > extern int security_module_enable(struct security_operations *ops); > extern int register_security(struct security_operations *ops); > diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c > index fead41b..f542532 100644 > --- a/security/apparmor/lsm.c > +++ b/security/apparmor/lsm.c > @@ -616,48 +616,48 @@ static int apparmor_task_setrlimit(struct task_struct > *task, } > > static struct security_operations apparmor_ops = { > - .name = "apparmor", > - > - .ptrace_access_check = apparmor_ptrace_access_check, > - .ptrace_traceme = apparmor_ptrace_traceme, > - .capget = apparmor_capget, > - .capable = apparmor_capable, > - > - .path_link = apparmor_path_link, > - .path_unlink = apparmor_path_unlink, > - .path_symlink = apparmor_path_symlink, > - .path_mkdir = apparmor_path_mkdir, > - .path_rmdir = apparmor_path_rmdir, > - .path_mknod = apparmor_path_mknod, > - .path_rename = apparmor_path_rename, > - .path_chmod = apparmor_path_chmod, > - .path_chown = apparmor_path_chown, > - .path_truncate = apparmor_path_truncate, > - .inode_getattr = apparmor_inode_getattr, > - > - .file_open = apparmor_file_open, > - .file_permission = apparmor_file_permission, > - .file_alloc_security = apparmor_file_alloc_security, > - .file_free_security = apparmor_file_free_security, > - .mmap_file = apparmor_mmap_file, > - .mmap_addr = cap_mmap_addr, > - .file_mprotect = apparmor_file_mprotect, > - .file_lock = apparmor_file_lock, > - > - .getprocattr = apparmor_getprocattr, > - .setprocattr = apparmor_setprocattr, > - > - .cred_alloc_blank = apparmor_cred_alloc_blank, > - .cred_free = apparmor_cred_free, > - .cred_prepare = apparmor_cred_prepare, > - .cred_transfer = apparmor_cred_transfer, > - > - .bprm_set_creds = apparmor_bprm_set_creds, > - .bprm_committing_creds = apparmor_bprm_committing_creds, > - .bprm_committed_creds = apparmor_bprm_committed_creds, > - .bprm_secureexec = apparmor_bprm_secureexec, > - > - .task_setrlimit = apparmor_task_setrlimit, > + LSM_HOOK_INIT(name, "apparmor"), > + > + LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check), > + LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme), > + LSM_HOOK_INIT(capget, apparmor_capget), > + LSM_HOOK_INIT(capable, apparmor_capable), > + > + LSM_HOOK_INIT(path_link, apparmor_path_link), > + LSM_HOOK_INIT(path_unlink, apparmor_path_unlink), > + LSM_HOOK_INIT(path_symlink, apparmor_path_symlink), > + LSM_HOOK_INIT(path_mkdir, apparmor_path_mkdir), > + LSM_HOOK_INIT(path_rmdir, apparmor_path_rmdir), > + LSM_HOOK_INIT(path_mknod, apparmor_path_mknod), > + LSM_HOOK_INIT(path_rename, apparmor_path_rename), > + LSM_HOOK_INIT(path_chmod, apparmor_path_chmod), > + LSM_HOOK_INIT(path_chown, apparmor_path_chown), > + LSM_HOOK_INIT(path_truncate, apparmor_path_truncate), > + LSM_HOOK_INIT(inode_getattr, apparmor_inode_getattr), > + > + LSM_HOOK_INIT(file_open, apparmor_file_open), > + LSM_HOOK_INIT(file_permission, apparmor_file_permission), > + LSM_HOOK_INIT(file_alloc_security, apparmor_file_alloc_security), > + LSM_HOOK_INIT(file_free_security, apparmor_file_free_security), > + LSM_HOOK_INIT(mmap_file, apparmor_mmap_file), > + LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), > + LSM_HOOK_INIT(file_mprotect, apparmor_file_mprotect), > + LSM_HOOK_INIT(file_lock, apparmor_file_lock), > + > + LSM_HOOK_INIT(getprocattr, apparmor_getprocattr), > + LSM_HOOK_INIT(setprocattr, apparmor_setprocattr), > + > + LSM_HOOK_INIT(cred_alloc_blank, apparmor_cred_alloc_blank), > + LSM_HOOK_INIT(cred_free, apparmor_cred_free), > + LSM_HOOK_INIT(cred_prepare, apparmor_cred_prepare), > + LSM_HOOK_INIT(cred_transfer, apparmor_cred_transfer), > + > + LSM_HOOK_INIT(bprm_set_creds, apparmor_bprm_set_creds), > + LSM_HOOK_INIT(bprm_committing_creds, apparmor_bprm_committing_creds), > + LSM_HOOK_INIT(bprm_committed_creds, apparmor_bprm_committed_creds), > + LSM_HOOK_INIT(bprm_secureexec, apparmor_bprm_secureexec), > + > + LSM_HOOK_INIT(task_setrlimit, apparmor_task_setrlimit), > }; > > /* > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 40e3f77..0cf105f 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -5841,211 +5841,215 @@ static int selinux_key_getsecurity(struct key > *key, char **_buffer) #endif > > static struct security_operations selinux_ops = { > - .name = "selinux", > - > - .binder_set_context_mgr = selinux_binder_set_context_mgr, > - .binder_transaction = selinux_binder_transaction, > - .binder_transfer_binder = selinux_binder_transfer_binder, > - .binder_transfer_file = selinux_binder_transfer_file, > - > - .ptrace_access_check = selinux_ptrace_access_check, > - .ptrace_traceme = selinux_ptrace_traceme, > - .capget = selinux_capget, > - .capset = selinux_capset, > - .capable = selinux_capable, > - .quotactl = selinux_quotactl, > - .quota_on = selinux_quota_on, > - .syslog = selinux_syslog, > - .vm_enough_memory = selinux_vm_enough_memory, > - > - .netlink_send = selinux_netlink_send, > - > - .bprm_set_creds = selinux_bprm_set_creds, > - .bprm_committing_creds = selinux_bprm_committing_creds, > - .bprm_committed_creds = selinux_bprm_committed_creds, > - .bprm_secureexec = selinux_bprm_secureexec, > - > - .sb_alloc_security = selinux_sb_alloc_security, > - .sb_free_security = selinux_sb_free_security, > - .sb_copy_data = selinux_sb_copy_data, > - .sb_remount = selinux_sb_remount, > - .sb_kern_mount = selinux_sb_kern_mount, > - .sb_show_options = selinux_sb_show_options, > - .sb_statfs = selinux_sb_statfs, > - .sb_mount = selinux_mount, > - .sb_umount = selinux_umount, > - .sb_set_mnt_opts = selinux_set_mnt_opts, > - .sb_clone_mnt_opts = selinux_sb_clone_mnt_opts, > - .sb_parse_opts_str = selinux_parse_opts_str, > - > - .dentry_init_security = selinux_dentry_init_security, > - > - .inode_alloc_security = selinux_inode_alloc_security, > - .inode_free_security = selinux_inode_free_security, > - .inode_init_security = selinux_inode_init_security, > - .inode_create = selinux_inode_create, > - .inode_link = selinux_inode_link, > - .inode_unlink = selinux_inode_unlink, > - .inode_symlink = selinux_inode_symlink, > - .inode_mkdir = selinux_inode_mkdir, > - .inode_rmdir = selinux_inode_rmdir, > - .inode_mknod = selinux_inode_mknod, > - .inode_rename = selinux_inode_rename, > - .inode_readlink = selinux_inode_readlink, > - .inode_follow_link = selinux_inode_follow_link, > - .inode_permission = selinux_inode_permission, > - .inode_setattr = selinux_inode_setattr, > - .inode_getattr = selinux_inode_getattr, > - .inode_setxattr = selinux_inode_setxattr, > - .inode_post_setxattr = selinux_inode_post_setxattr, > - .inode_getxattr = selinux_inode_getxattr, > - .inode_listxattr = selinux_inode_listxattr, > - .inode_removexattr = selinux_inode_removexattr, > - .inode_getsecurity = selinux_inode_getsecurity, > - .inode_setsecurity = selinux_inode_setsecurity, > - .inode_listsecurity = selinux_inode_listsecurity, > - .inode_getsecid = selinux_inode_getsecid, > - > - .file_permission = selinux_file_permission, > - .file_alloc_security = selinux_file_alloc_security, > - .file_free_security = selinux_file_free_security, > - .file_ioctl = selinux_file_ioctl, > - .mmap_file = selinux_mmap_file, > - .mmap_addr = selinux_mmap_addr, > - .file_mprotect = selinux_file_mprotect, > - .file_lock = selinux_file_lock, > - .file_fcntl = selinux_file_fcntl, > - .file_set_fowner = selinux_file_set_fowner, > - .file_send_sigiotask = selinux_file_send_sigiotask, > - .file_receive = selinux_file_receive, > - > - .file_open = selinux_file_open, > - > - .task_create = selinux_task_create, > - .cred_alloc_blank = selinux_cred_alloc_blank, > - .cred_free = selinux_cred_free, > - .cred_prepare = selinux_cred_prepare, > - .cred_transfer = selinux_cred_transfer, > - .kernel_act_as = selinux_kernel_act_as, > - .kernel_create_files_as = selinux_kernel_create_files_as, > - .kernel_module_request = selinux_kernel_module_request, > - .task_setpgid = selinux_task_setpgid, > - .task_getpgid = selinux_task_getpgid, > - .task_getsid = selinux_task_getsid, > - .task_getsecid = selinux_task_getsecid, > - .task_setnice = selinux_task_setnice, > - .task_setioprio = selinux_task_setioprio, > - .task_getioprio = selinux_task_getioprio, > - .task_setrlimit = selinux_task_setrlimit, > - .task_setscheduler = selinux_task_setscheduler, > - .task_getscheduler = selinux_task_getscheduler, > - .task_movememory = selinux_task_movememory, > - .task_kill = selinux_task_kill, > - .task_wait = selinux_task_wait, > - .task_to_inode = selinux_task_to_inode, > - > - .ipc_permission = selinux_ipc_permission, > - .ipc_getsecid = selinux_ipc_getsecid, > - > - .msg_msg_alloc_security = selinux_msg_msg_alloc_security, > - .msg_msg_free_security = selinux_msg_msg_free_security, > - > - .msg_queue_alloc_security = selinux_msg_queue_alloc_security, > - .msg_queue_free_security = selinux_msg_queue_free_security, > - .msg_queue_associate = selinux_msg_queue_associate, > - .msg_queue_msgctl = selinux_msg_queue_msgctl, > - .msg_queue_msgsnd = selinux_msg_queue_msgsnd, > - .msg_queue_msgrcv = selinux_msg_queue_msgrcv, > - > - .shm_alloc_security = selinux_shm_alloc_security, > - .shm_free_security = selinux_shm_free_security, > - .shm_associate = selinux_shm_associate, > - .shm_shmctl = selinux_shm_shmctl, > - .shm_shmat = selinux_shm_shmat, > - > - .sem_alloc_security = selinux_sem_alloc_security, > - .sem_free_security = selinux_sem_free_security, > - .sem_associate = selinux_sem_associate, > - .sem_semctl = selinux_sem_semctl, > - .sem_semop = selinux_sem_semop, > - > - .d_instantiate = selinux_d_instantiate, > - > - .getprocattr = selinux_getprocattr, > - .setprocattr = selinux_setprocattr, > - > - .ismaclabel = selinux_ismaclabel, > - .secid_to_secctx = selinux_secid_to_secctx, > - .secctx_to_secid = selinux_secctx_to_secid, > - .release_secctx = selinux_release_secctx, > - .inode_notifysecctx = selinux_inode_notifysecctx, > - .inode_setsecctx = selinux_inode_setsecctx, > - .inode_getsecctx = selinux_inode_getsecctx, > - > - .unix_stream_connect = selinux_socket_unix_stream_connect, > - .unix_may_send = selinux_socket_unix_may_send, > - > - .socket_create = selinux_socket_create, > - .socket_post_create = selinux_socket_post_create, > - .socket_bind = selinux_socket_bind, > - .socket_connect = selinux_socket_connect, > - .socket_listen = selinux_socket_listen, > - .socket_accept = selinux_socket_accept, > - .socket_sendmsg = selinux_socket_sendmsg, > - .socket_recvmsg = selinux_socket_recvmsg, > - .socket_getsockname = selinux_socket_getsockname, > - .socket_getpeername = selinux_socket_getpeername, > - .socket_getsockopt = selinux_socket_getsockopt, > - .socket_setsockopt = selinux_socket_setsockopt, > - .socket_shutdown = selinux_socket_shutdown, > - .socket_sock_rcv_skb = selinux_socket_sock_rcv_skb, > - .socket_getpeersec_stream = selinux_socket_getpeersec_stream, > - .socket_getpeersec_dgram = selinux_socket_getpeersec_dgram, > - .sk_alloc_security = selinux_sk_alloc_security, > - .sk_free_security = selinux_sk_free_security, > - .sk_clone_security = selinux_sk_clone_security, > - .sk_getsecid = selinux_sk_getsecid, > - .sock_graft = selinux_sock_graft, > - .inet_conn_request = selinux_inet_conn_request, > - .inet_csk_clone = selinux_inet_csk_clone, > - .inet_conn_established = selinux_inet_conn_established, > - .secmark_relabel_packet = selinux_secmark_relabel_packet, > - .secmark_refcount_inc = selinux_secmark_refcount_inc, > - .secmark_refcount_dec = selinux_secmark_refcount_dec, > - .req_classify_flow = selinux_req_classify_flow, > - .tun_dev_alloc_security = selinux_tun_dev_alloc_security, > - .tun_dev_free_security = selinux_tun_dev_free_security, > - .tun_dev_create = selinux_tun_dev_create, > - .tun_dev_attach_queue = selinux_tun_dev_attach_queue, > - .tun_dev_attach = selinux_tun_dev_attach, > - .tun_dev_open = selinux_tun_dev_open, > + LSM_HOOK_INIT(name, "selinux"), > + > + LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr), > + LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction), > + LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder), > + LSM_HOOK_INIT(binder_transfer_file, selinux_binder_transfer_file), > + > + LSM_HOOK_INIT(ptrace_access_check, selinux_ptrace_access_check), > + LSM_HOOK_INIT(ptrace_traceme, selinux_ptrace_traceme), > + LSM_HOOK_INIT(capget, selinux_capget), > + LSM_HOOK_INIT(capset, selinux_capset), > + LSM_HOOK_INIT(capable, selinux_capable), > + LSM_HOOK_INIT(quotactl, selinux_quotactl), > + LSM_HOOK_INIT(quota_on, selinux_quota_on), > + LSM_HOOK_INIT(syslog, selinux_syslog), > + LSM_HOOK_INIT(vm_enough_memory, selinux_vm_enough_memory), > + > + LSM_HOOK_INIT(netlink_send, selinux_netlink_send), > + > + LSM_HOOK_INIT(bprm_set_creds, selinux_bprm_set_creds), > + LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds), > + LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds), > + LSM_HOOK_INIT(bprm_secureexec, selinux_bprm_secureexec), > + > + LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security), > + LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security), > + LSM_HOOK_INIT(sb_copy_data, selinux_sb_copy_data), > + LSM_HOOK_INIT(sb_remount, selinux_sb_remount), > + LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount), > + LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options), > + LSM_HOOK_INIT(sb_statfs, selinux_sb_statfs), > + LSM_HOOK_INIT(sb_mount, selinux_mount), > + LSM_HOOK_INIT(sb_umount, selinux_umount), > + LSM_HOOK_INIT(sb_set_mnt_opts, selinux_set_mnt_opts), > + LSM_HOOK_INIT(sb_clone_mnt_opts, selinux_sb_clone_mnt_opts), > + LSM_HOOK_INIT(sb_parse_opts_str, selinux_parse_opts_str), > + > + LSM_HOOK_INIT(dentry_init_security, selinux_dentry_init_security), > + > + LSM_HOOK_INIT(inode_alloc_security, selinux_inode_alloc_security), > + LSM_HOOK_INIT(inode_free_security, selinux_inode_free_security), > + LSM_HOOK_INIT(inode_init_security, selinux_inode_init_security), > + LSM_HOOK_INIT(inode_create, selinux_inode_create), > + LSM_HOOK_INIT(inode_link, selinux_inode_link), > + LSM_HOOK_INIT(inode_unlink, selinux_inode_unlink), > + LSM_HOOK_INIT(inode_symlink, selinux_inode_symlink), > + LSM_HOOK_INIT(inode_mkdir, selinux_inode_mkdir), > + LSM_HOOK_INIT(inode_rmdir, selinux_inode_rmdir), > + LSM_HOOK_INIT(inode_mknod, selinux_inode_mknod), > + LSM_HOOK_INIT(inode_rename, selinux_inode_rename), > + LSM_HOOK_INIT(inode_readlink, selinux_inode_readlink), > + LSM_HOOK_INIT(inode_follow_link, selinux_inode_follow_link), > + LSM_HOOK_INIT(inode_permission, selinux_inode_permission), > + LSM_HOOK_INIT(inode_setattr, selinux_inode_setattr), > + LSM_HOOK_INIT(inode_getattr, selinux_inode_getattr), > + LSM_HOOK_INIT(inode_setxattr, selinux_inode_setxattr), > + LSM_HOOK_INIT(inode_post_setxattr, selinux_inode_post_setxattr), > + LSM_HOOK_INIT(inode_getxattr, selinux_inode_getxattr), > + LSM_HOOK_INIT(inode_listxattr, selinux_inode_listxattr), > + LSM_HOOK_INIT(inode_removexattr, selinux_inode_removexattr), > + LSM_HOOK_INIT(inode_getsecurity, selinux_inode_getsecurity), > + LSM_HOOK_INIT(inode_setsecurity, selinux_inode_setsecurity), > + LSM_HOOK_INIT(inode_listsecurity, selinux_inode_listsecurity), > + LSM_HOOK_INIT(inode_getsecid, selinux_inode_getsecid), > + > + LSM_HOOK_INIT(file_permission, selinux_file_permission), > + LSM_HOOK_INIT(file_alloc_security, selinux_file_alloc_security), > + LSM_HOOK_INIT(file_free_security, selinux_file_free_security), > + LSM_HOOK_INIT(file_ioctl, selinux_file_ioctl), > + LSM_HOOK_INIT(mmap_file, selinux_mmap_file), > + LSM_HOOK_INIT(mmap_addr, selinux_mmap_addr), > + LSM_HOOK_INIT(file_mprotect, selinux_file_mprotect), > + LSM_HOOK_INIT(file_lock, selinux_file_lock), > + LSM_HOOK_INIT(file_fcntl, selinux_file_fcntl), > + LSM_HOOK_INIT(file_set_fowner, selinux_file_set_fowner), > + LSM_HOOK_INIT(file_send_sigiotask, selinux_file_send_sigiotask), > + LSM_HOOK_INIT(file_receive, selinux_file_receive), > + > + LSM_HOOK_INIT(file_open, selinux_file_open), > + > + LSM_HOOK_INIT(task_create, selinux_task_create), > + LSM_HOOK_INIT(cred_alloc_blank, selinux_cred_alloc_blank), > + LSM_HOOK_INIT(cred_free, selinux_cred_free), > + LSM_HOOK_INIT(cred_prepare, selinux_cred_prepare), > + LSM_HOOK_INIT(cred_transfer, selinux_cred_transfer), > + LSM_HOOK_INIT(kernel_act_as, selinux_kernel_act_as), > + LSM_HOOK_INIT(kernel_create_files_as, selinux_kernel_create_files_as), > + LSM_HOOK_INIT(kernel_module_request, selinux_kernel_module_request), > + LSM_HOOK_INIT(task_setpgid, selinux_task_setpgid), > + LSM_HOOK_INIT(task_getpgid, selinux_task_getpgid), > + LSM_HOOK_INIT(task_getsid, selinux_task_getsid), > + LSM_HOOK_INIT(task_getsecid, selinux_task_getsecid), > + LSM_HOOK_INIT(task_setnice, selinux_task_setnice), > + LSM_HOOK_INIT(task_setioprio, selinux_task_setioprio), > + LSM_HOOK_INIT(task_getioprio, selinux_task_getioprio), > + LSM_HOOK_INIT(task_setrlimit, selinux_task_setrlimit), > + LSM_HOOK_INIT(task_setscheduler, selinux_task_setscheduler), > + LSM_HOOK_INIT(task_getscheduler, selinux_task_getscheduler), > + LSM_HOOK_INIT(task_movememory, selinux_task_movememory), > + LSM_HOOK_INIT(task_kill, selinux_task_kill), > + LSM_HOOK_INIT(task_wait, selinux_task_wait), > + LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode), > + > + LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission), > + LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid), > + > + LSM_HOOK_INIT(msg_msg_alloc_security, selinux_msg_msg_alloc_security), > + LSM_HOOK_INIT(msg_msg_free_security, selinux_msg_msg_free_security), > + > + LSM_HOOK_INIT(msg_queue_alloc_security, > + selinux_msg_queue_alloc_security), > + LSM_HOOK_INIT(msg_queue_free_security, selinux_msg_queue_free_security), > + LSM_HOOK_INIT(msg_queue_associate, selinux_msg_queue_associate), > + LSM_HOOK_INIT(msg_queue_msgctl, selinux_msg_queue_msgctl), > + LSM_HOOK_INIT(msg_queue_msgsnd, selinux_msg_queue_msgsnd), > + LSM_HOOK_INIT(msg_queue_msgrcv, selinux_msg_queue_msgrcv), > + > + LSM_HOOK_INIT(shm_alloc_security, selinux_shm_alloc_security), > + LSM_HOOK_INIT(shm_free_security, selinux_shm_free_security), > + LSM_HOOK_INIT(shm_associate, selinux_shm_associate), > + LSM_HOOK_INIT(shm_shmctl, selinux_shm_shmctl), > + LSM_HOOK_INIT(shm_shmat, selinux_shm_shmat), > + > + LSM_HOOK_INIT(sem_alloc_security, selinux_sem_alloc_security), > + LSM_HOOK_INIT(sem_free_security, selinux_sem_free_security), > + LSM_HOOK_INIT(sem_associate, selinux_sem_associate), > + LSM_HOOK_INIT(sem_semctl, selinux_sem_semctl), > + LSM_HOOK_INIT(sem_semop, selinux_sem_semop), > + > + LSM_HOOK_INIT(d_instantiate, selinux_d_instantiate), > + > + LSM_HOOK_INIT(getprocattr, selinux_getprocattr), > + LSM_HOOK_INIT(setprocattr, selinux_setprocattr), > + > + LSM_HOOK_INIT(ismaclabel, selinux_ismaclabel), > + LSM_HOOK_INIT(secid_to_secctx, selinux_secid_to_secctx), > + LSM_HOOK_INIT(secctx_to_secid, selinux_secctx_to_secid), > + LSM_HOOK_INIT(release_secctx, selinux_release_secctx), > + LSM_HOOK_INIT(inode_notifysecctx, selinux_inode_notifysecctx), > + LSM_HOOK_INIT(inode_setsecctx, selinux_inode_setsecctx), > + LSM_HOOK_INIT(inode_getsecctx, selinux_inode_getsecctx), > + > + LSM_HOOK_INIT(unix_stream_connect, selinux_socket_unix_stream_connect), > + LSM_HOOK_INIT(unix_may_send, selinux_socket_unix_may_send), > + > + LSM_HOOK_INIT(socket_create, selinux_socket_create), > + LSM_HOOK_INIT(socket_post_create, selinux_socket_post_create), > + LSM_HOOK_INIT(socket_bind, selinux_socket_bind), > + LSM_HOOK_INIT(socket_connect, selinux_socket_connect), > + LSM_HOOK_INIT(socket_listen, selinux_socket_listen), > + LSM_HOOK_INIT(socket_accept, selinux_socket_accept), > + LSM_HOOK_INIT(socket_sendmsg, selinux_socket_sendmsg), > + LSM_HOOK_INIT(socket_recvmsg, selinux_socket_recvmsg), > + LSM_HOOK_INIT(socket_getsockname, selinux_socket_getsockname), > + LSM_HOOK_INIT(socket_getpeername, selinux_socket_getpeername), > + LSM_HOOK_INIT(socket_getsockopt, selinux_socket_getsockopt), > + LSM_HOOK_INIT(socket_setsockopt, selinux_socket_setsockopt), > + LSM_HOOK_INIT(socket_shutdown, selinux_socket_shutdown), > + LSM_HOOK_INIT(socket_sock_rcv_skb, selinux_socket_sock_rcv_skb), > + LSM_HOOK_INIT(socket_getpeersec_stream, > + selinux_socket_getpeersec_stream), > + LSM_HOOK_INIT(socket_getpeersec_dgram, selinux_socket_getpeersec_dgram), > + LSM_HOOK_INIT(sk_alloc_security, selinux_sk_alloc_security), > + LSM_HOOK_INIT(sk_free_security, selinux_sk_free_security), > + LSM_HOOK_INIT(sk_clone_security, selinux_sk_clone_security), > + LSM_HOOK_INIT(sk_getsecid, selinux_sk_getsecid), > + LSM_HOOK_INIT(sock_graft, selinux_sock_graft), > + LSM_HOOK_INIT(inet_conn_request, selinux_inet_conn_request), > + LSM_HOOK_INIT(inet_csk_clone, selinux_inet_csk_clone), > + LSM_HOOK_INIT(inet_conn_established, selinux_inet_conn_established), > + LSM_HOOK_INIT(secmark_relabel_packet, selinux_secmark_relabel_packet), > + LSM_HOOK_INIT(secmark_refcount_inc, selinux_secmark_refcount_inc), > + LSM_HOOK_INIT(secmark_refcount_dec, selinux_secmark_refcount_dec), > + LSM_HOOK_INIT(req_classify_flow, selinux_req_classify_flow), > + LSM_HOOK_INIT(tun_dev_alloc_security, selinux_tun_dev_alloc_security), > + LSM_HOOK_INIT(tun_dev_free_security, selinux_tun_dev_free_security), > + LSM_HOOK_INIT(tun_dev_create, selinux_tun_dev_create), > + LSM_HOOK_INIT(tun_dev_attach_queue, selinux_tun_dev_attach_queue), > + LSM_HOOK_INIT(tun_dev_attach, selinux_tun_dev_attach), > + LSM_HOOK_INIT(tun_dev_open, selinux_tun_dev_open), > > #ifdef CONFIG_SECURITY_NETWORK_XFRM > - .xfrm_policy_alloc_security = selinux_xfrm_policy_alloc, > - .xfrm_policy_clone_security = selinux_xfrm_policy_clone, > - .xfrm_policy_free_security = selinux_xfrm_policy_free, > - .xfrm_policy_delete_security = selinux_xfrm_policy_delete, > - .xfrm_state_alloc = selinux_xfrm_state_alloc, > - .xfrm_state_alloc_acquire = selinux_xfrm_state_alloc_acquire, > - .xfrm_state_free_security = selinux_xfrm_state_free, > - .xfrm_state_delete_security = selinux_xfrm_state_delete, > - .xfrm_policy_lookup = selinux_xfrm_policy_lookup, > - .xfrm_state_pol_flow_match = selinux_xfrm_state_pol_flow_match, > - .xfrm_decode_session = selinux_xfrm_decode_session, > + LSM_HOOK_INIT(xfrm_policy_alloc_security, selinux_xfrm_policy_alloc), > + LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone), > + LSM_HOOK_INIT(xfrm_policy_free_security, selinux_xfrm_policy_free), > + LSM_HOOK_INIT(xfrm_policy_delete_security, selinux_xfrm_policy_delete), > + LSM_HOOK_INIT(xfrm_state_alloc, selinux_xfrm_state_alloc), > + LSM_HOOK_INIT(xfrm_state_alloc_acquire, > + selinux_xfrm_state_alloc_acquire), > + LSM_HOOK_INIT(xfrm_state_free_security, selinux_xfrm_state_free), > + LSM_HOOK_INIT(xfrm_state_delete_security, selinux_xfrm_state_delete), > + LSM_HOOK_INIT(xfrm_policy_lookup, selinux_xfrm_policy_lookup), > + LSM_HOOK_INIT(xfrm_state_pol_flow_match, > + selinux_xfrm_state_pol_flow_match), > + LSM_HOOK_INIT(xfrm_decode_session, selinux_xfrm_decode_session), > #endif > > #ifdef CONFIG_KEYS > - .key_alloc = selinux_key_alloc, > - .key_free = selinux_key_free, > - .key_permission = selinux_key_permission, > - .key_getsecurity = selinux_key_getsecurity, > + LSM_HOOK_INIT(key_alloc, selinux_key_alloc), > + LSM_HOOK_INIT(key_free, selinux_key_free), > + LSM_HOOK_INIT(key_permission, selinux_key_permission), > + LSM_HOOK_INIT(key_getsecurity, selinux_key_getsecurity), > #endif > > #ifdef CONFIG_AUDIT > - .audit_rule_init = selinux_audit_rule_init, > - .audit_rule_known = selinux_audit_rule_known, > - .audit_rule_match = selinux_audit_rule_match, > - .audit_rule_free = selinux_audit_rule_free, > + LSM_HOOK_INIT(audit_rule_init, selinux_audit_rule_init), > + LSM_HOOK_INIT(audit_rule_known, selinux_audit_rule_known), > + LSM_HOOK_INIT(audit_rule_match, selinux_audit_rule_match), > + LSM_HOOK_INIT(audit_rule_free, selinux_audit_rule_free), > #endif > }; > > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index b644757..4313bf4 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -4267,146 +4267,146 @@ static int smack_inode_getsecctx(struct inode > *inode, void **ctx, u32 *ctxlen) } > > struct security_operations smack_ops = { > - .name = "smack", > - > - .ptrace_access_check = smack_ptrace_access_check, > - .ptrace_traceme = smack_ptrace_traceme, > - .syslog = smack_syslog, > - > - .sb_alloc_security = smack_sb_alloc_security, > - .sb_free_security = smack_sb_free_security, > - .sb_copy_data = smack_sb_copy_data, > - .sb_kern_mount = smack_sb_kern_mount, > - .sb_statfs = smack_sb_statfs, > - > - .bprm_set_creds = smack_bprm_set_creds, > - .bprm_committing_creds = smack_bprm_committing_creds, > - .bprm_secureexec = smack_bprm_secureexec, > - > - .inode_alloc_security = smack_inode_alloc_security, > - .inode_free_security = smack_inode_free_security, > - .inode_init_security = smack_inode_init_security, > - .inode_link = smack_inode_link, > - .inode_unlink = smack_inode_unlink, > - .inode_rmdir = smack_inode_rmdir, > - .inode_rename = smack_inode_rename, > - .inode_permission = smack_inode_permission, > - .inode_setattr = smack_inode_setattr, > - .inode_getattr = smack_inode_getattr, > - .inode_setxattr = smack_inode_setxattr, > - .inode_post_setxattr = smack_inode_post_setxattr, > - .inode_getxattr = smack_inode_getxattr, > - .inode_removexattr = smack_inode_removexattr, > - .inode_getsecurity = smack_inode_getsecurity, > - .inode_setsecurity = smack_inode_setsecurity, > - .inode_listsecurity = smack_inode_listsecurity, > - .inode_getsecid = smack_inode_getsecid, > - > - .file_permission = smack_file_permission, > - .file_alloc_security = smack_file_alloc_security, > - .file_free_security = smack_file_free_security, > - .file_ioctl = smack_file_ioctl, > - .file_lock = smack_file_lock, > - .file_fcntl = smack_file_fcntl, > - .mmap_file = smack_mmap_file, > - .mmap_addr = cap_mmap_addr, > - .file_set_fowner = smack_file_set_fowner, > - .file_send_sigiotask = smack_file_send_sigiotask, > - .file_receive = smack_file_receive, > - > - .file_open = smack_file_open, > - > - .cred_alloc_blank = smack_cred_alloc_blank, > - .cred_free = smack_cred_free, > - .cred_prepare = smack_cred_prepare, > - .cred_transfer = smack_cred_transfer, > - .kernel_act_as = smack_kernel_act_as, > - .kernel_create_files_as = smack_kernel_create_files_as, > - .task_setpgid = smack_task_setpgid, > - .task_getpgid = smack_task_getpgid, > - .task_getsid = smack_task_getsid, > - .task_getsecid = smack_task_getsecid, > - .task_setnice = smack_task_setnice, > - .task_setioprio = smack_task_setioprio, > - .task_getioprio = smack_task_getioprio, > - .task_setscheduler = smack_task_setscheduler, > - .task_getscheduler = smack_task_getscheduler, > - .task_movememory = smack_task_movememory, > - .task_kill = smack_task_kill, > - .task_wait = smack_task_wait, > - .task_to_inode = smack_task_to_inode, > - > - .ipc_permission = smack_ipc_permission, > - .ipc_getsecid = smack_ipc_getsecid, > - > - .msg_msg_alloc_security = smack_msg_msg_alloc_security, > - .msg_msg_free_security = smack_msg_msg_free_security, > - > - .msg_queue_alloc_security = smack_msg_queue_alloc_security, > - .msg_queue_free_security = smack_msg_queue_free_security, > - .msg_queue_associate = smack_msg_queue_associate, > - .msg_queue_msgctl = smack_msg_queue_msgctl, > - .msg_queue_msgsnd = smack_msg_queue_msgsnd, > - .msg_queue_msgrcv = smack_msg_queue_msgrcv, > - > - .shm_alloc_security = smack_shm_alloc_security, > - .shm_free_security = smack_shm_free_security, > - .shm_associate = smack_shm_associate, > - .shm_shmctl = smack_shm_shmctl, > - .shm_shmat = smack_shm_shmat, > - > - .sem_alloc_security = smack_sem_alloc_security, > - .sem_free_security = smack_sem_free_security, > - .sem_associate = smack_sem_associate, > - .sem_semctl = smack_sem_semctl, > - .sem_semop = smack_sem_semop, > - > - .d_instantiate = smack_d_instantiate, > - > - .getprocattr = smack_getprocattr, > - .setprocattr = smack_setprocattr, > - > - .unix_stream_connect = smack_unix_stream_connect, > - .unix_may_send = smack_unix_may_send, > - > - .socket_post_create = smack_socket_post_create, > + LSM_HOOK_INIT(name, "smack"), > + > + LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check), > + LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme), > + LSM_HOOK_INIT(syslog, smack_syslog), > + > + LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), > + LSM_HOOK_INIT(sb_free_security, smack_sb_free_security), > + LSM_HOOK_INIT(sb_copy_data, smack_sb_copy_data), > + LSM_HOOK_INIT(sb_kern_mount, smack_sb_kern_mount), > + LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), > + > + LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds), > + LSM_HOOK_INIT(bprm_committing_creds, smack_bprm_committing_creds), > + LSM_HOOK_INIT(bprm_secureexec, smack_bprm_secureexec), > + > + LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), > + LSM_HOOK_INIT(inode_free_security, smack_inode_free_security), > + LSM_HOOK_INIT(inode_init_security, smack_inode_init_security), > + LSM_HOOK_INIT(inode_link, smack_inode_link), > + LSM_HOOK_INIT(inode_unlink, smack_inode_unlink), > + LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir), > + LSM_HOOK_INIT(inode_rename, smack_inode_rename), > + LSM_HOOK_INIT(inode_permission, smack_inode_permission), > + LSM_HOOK_INIT(inode_setattr, smack_inode_setattr), > + LSM_HOOK_INIT(inode_getattr, smack_inode_getattr), > + LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr), > + LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr), > + LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr), > + LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr), > + LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity), > + LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity), > + LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity), > + LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid), > + > + LSM_HOOK_INIT(file_permission, smack_file_permission), > + LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security), > + LSM_HOOK_INIT(file_free_security, smack_file_free_security), > + LSM_HOOK_INIT(file_ioctl, smack_file_ioctl), > + LSM_HOOK_INIT(file_lock, smack_file_lock), > + LSM_HOOK_INIT(file_fcntl, smack_file_fcntl), > + LSM_HOOK_INIT(mmap_file, smack_mmap_file), > + LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), > + LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner), > + LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask), > + LSM_HOOK_INIT(file_receive, smack_file_receive), > + > + LSM_HOOK_INIT(file_open, smack_file_open), > + > + LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank), > + LSM_HOOK_INIT(cred_free, smack_cred_free), > + LSM_HOOK_INIT(cred_prepare, smack_cred_prepare), > + LSM_HOOK_INIT(cred_transfer, smack_cred_transfer), > + LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as), > + LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as), > + LSM_HOOK_INIT(task_setpgid, smack_task_setpgid), > + LSM_HOOK_INIT(task_getpgid, smack_task_getpgid), > + LSM_HOOK_INIT(task_getsid, smack_task_getsid), > + LSM_HOOK_INIT(task_getsecid, smack_task_getsecid), > + LSM_HOOK_INIT(task_setnice, smack_task_setnice), > + LSM_HOOK_INIT(task_setioprio, smack_task_setioprio), > + LSM_HOOK_INIT(task_getioprio, smack_task_getioprio), > + LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler), > + LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler), > + LSM_HOOK_INIT(task_movememory, smack_task_movememory), > + LSM_HOOK_INIT(task_kill, smack_task_kill), > + LSM_HOOK_INIT(task_wait, smack_task_wait), > + LSM_HOOK_INIT(task_to_inode, smack_task_to_inode), > + > + LSM_HOOK_INIT(ipc_permission, smack_ipc_permission), > + LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid), > + > + LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security), > + LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security), > + > + LSM_HOOK_INIT(msg_queue_alloc_security, smack_msg_queue_alloc_security), > + LSM_HOOK_INIT(msg_queue_free_security, smack_msg_queue_free_security), > + LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate), > + LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl), > + LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd), > + LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv), > + > + LSM_HOOK_INIT(shm_alloc_security, smack_shm_alloc_security), > + LSM_HOOK_INIT(shm_free_security, smack_shm_free_security), > + LSM_HOOK_INIT(shm_associate, smack_shm_associate), > + LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl), > + LSM_HOOK_INIT(shm_shmat, smack_shm_shmat), > + > + LSM_HOOK_INIT(sem_alloc_security, smack_sem_alloc_security), > + LSM_HOOK_INIT(sem_free_security, smack_sem_free_security), > + LSM_HOOK_INIT(sem_associate, smack_sem_associate), > + LSM_HOOK_INIT(sem_semctl, smack_sem_semctl), > + LSM_HOOK_INIT(sem_semop, smack_sem_semop), > + > + LSM_HOOK_INIT(d_instantiate, smack_d_instantiate), > + > + LSM_HOOK_INIT(getprocattr, smack_getprocattr), > + LSM_HOOK_INIT(setprocattr, smack_setprocattr), > + > + LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect), > + LSM_HOOK_INIT(unix_may_send, smack_unix_may_send), > + > + LSM_HOOK_INIT(socket_post_create, smack_socket_post_create), > #ifndef CONFIG_SECURITY_SMACK_NETFILTER > - .socket_bind = smack_socket_bind, > + LSM_HOOK_INIT(socket_bind, smack_socket_bind), > #endif /* CONFIG_SECURITY_SMACK_NETFILTER */ > - .socket_connect = smack_socket_connect, > - .socket_sendmsg = smack_socket_sendmsg, > - .socket_sock_rcv_skb = smack_socket_sock_rcv_skb, > - .socket_getpeersec_stream = smack_socket_getpeersec_stream, > - .socket_getpeersec_dgram = smack_socket_getpeersec_dgram, > - .sk_alloc_security = smack_sk_alloc_security, > - .sk_free_security = smack_sk_free_security, > - .sock_graft = smack_sock_graft, > - .inet_conn_request = smack_inet_conn_request, > - .inet_csk_clone = smack_inet_csk_clone, > + LSM_HOOK_INIT(socket_connect, smack_socket_connect), > + LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg), > + LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb), > + LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream), > + LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram), > + LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security), > + LSM_HOOK_INIT(sk_free_security, smack_sk_free_security), > + LSM_HOOK_INIT(sock_graft, smack_sock_graft), > + LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request), > + LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone), > > /* key management security hooks */ > #ifdef CONFIG_KEYS > - .key_alloc = smack_key_alloc, > - .key_free = smack_key_free, > - .key_permission = smack_key_permission, > - .key_getsecurity = smack_key_getsecurity, > + LSM_HOOK_INIT(key_alloc, smack_key_alloc), > + LSM_HOOK_INIT(key_free, smack_key_free), > + LSM_HOOK_INIT(key_permission, smack_key_permission), > + LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity), > #endif /* CONFIG_KEYS */ > > /* Audit hooks */ > #ifdef CONFIG_AUDIT > - .audit_rule_init = smack_audit_rule_init, > - .audit_rule_known = smack_audit_rule_known, > - .audit_rule_match = smack_audit_rule_match, > - .audit_rule_free = smack_audit_rule_free, > + LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init), > + LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known), > + LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match), > + LSM_HOOK_INIT(audit_rule_free, smack_audit_rule_free), > #endif /* CONFIG_AUDIT */ > > - .ismaclabel = smack_ismaclabel, > - .secid_to_secctx = smack_secid_to_secctx, > - .secctx_to_secid = smack_secctx_to_secid, > - .release_secctx = smack_release_secctx, > - .inode_notifysecctx = smack_inode_notifysecctx, > - .inode_setsecctx = smack_inode_setsecctx, > - .inode_getsecctx = smack_inode_getsecctx, > + LSM_HOOK_INIT(ismaclabel, smack_ismaclabel), > + LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx), > + LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid), > + LSM_HOOK_INIT(release_secctx, smack_release_secctx), > + LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx), > + LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx), > + LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx), > }; > > > diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c > index 2f7b468..bce1358 100644 > --- a/security/tomoyo/tomoyo.c > +++ b/security/tomoyo/tomoyo.c > @@ -503,35 +503,35 @@ static int tomoyo_socket_sendmsg(struct socket *sock, > struct msghdr *msg, * registering TOMOYO. > */ > static struct security_operations tomoyo_security_ops = { > - .name = "tomoyo", > - .cred_alloc_blank = tomoyo_cred_alloc_blank, > - .cred_prepare = tomoyo_cred_prepare, > - .cred_transfer = tomoyo_cred_transfer, > - .cred_free = tomoyo_cred_free, > - .bprm_set_creds = tomoyo_bprm_set_creds, > - .bprm_check_security = tomoyo_bprm_check_security, > - .file_fcntl = tomoyo_file_fcntl, > - .file_open = tomoyo_file_open, > - .path_truncate = tomoyo_path_truncate, > - .path_unlink = tomoyo_path_unlink, > - .path_mkdir = tomoyo_path_mkdir, > - .path_rmdir = tomoyo_path_rmdir, > - .path_symlink = tomoyo_path_symlink, > - .path_mknod = tomoyo_path_mknod, > - .path_link = tomoyo_path_link, > - .path_rename = tomoyo_path_rename, > - .inode_getattr = tomoyo_inode_getattr, > - .file_ioctl = tomoyo_file_ioctl, > - .path_chmod = tomoyo_path_chmod, > - .path_chown = tomoyo_path_chown, > - .path_chroot = tomoyo_path_chroot, > - .sb_mount = tomoyo_sb_mount, > - .sb_umount = tomoyo_sb_umount, > - .sb_pivotroot = tomoyo_sb_pivotroot, > - .socket_bind = tomoyo_socket_bind, > - .socket_connect = tomoyo_socket_connect, > - .socket_listen = tomoyo_socket_listen, > - .socket_sendmsg = tomoyo_socket_sendmsg, > + LSM_HOOK_INIT(name, "tomoyo"), > + LSM_HOOK_INIT(cred_alloc_blank, tomoyo_cred_alloc_blank), > + LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare), > + LSM_HOOK_INIT(cred_transfer, tomoyo_cred_transfer), > + LSM_HOOK_INIT(cred_free, tomoyo_cred_free), > + LSM_HOOK_INIT(bprm_set_creds, tomoyo_bprm_set_creds), > + LSM_HOOK_INIT(bprm_check_security, tomoyo_bprm_check_security), > + LSM_HOOK_INIT(file_fcntl, tomoyo_file_fcntl), > + LSM_HOOK_INIT(file_open, tomoyo_file_open), > + LSM_HOOK_INIT(path_truncate, tomoyo_path_truncate), > + LSM_HOOK_INIT(path_unlink, tomoyo_path_unlink), > + LSM_HOOK_INIT(path_mkdir, tomoyo_path_mkdir), > + LSM_HOOK_INIT(path_rmdir, tomoyo_path_rmdir), > + LSM_HOOK_INIT(path_symlink, tomoyo_path_symlink), > + LSM_HOOK_INIT(path_mknod, tomoyo_path_mknod), > + LSM_HOOK_INIT(path_link, tomoyo_path_link), > + LSM_HOOK_INIT(path_rename, tomoyo_path_rename), > + LSM_HOOK_INIT(inode_getattr, tomoyo_inode_getattr), > + LSM_HOOK_INIT(file_ioctl, tomoyo_file_ioctl), > + LSM_HOOK_INIT(path_chmod, tomoyo_path_chmod), > + LSM_HOOK_INIT(path_chown, tomoyo_path_chown), > + LSM_HOOK_INIT(path_chroot, tomoyo_path_chroot), > + LSM_HOOK_INIT(sb_mount, tomoyo_sb_mount), > + LSM_HOOK_INIT(sb_umount, tomoyo_sb_umount), > + LSM_HOOK_INIT(sb_pivotroot, tomoyo_sb_pivotroot), > + LSM_HOOK_INIT(socket_bind, tomoyo_socket_bind), > + LSM_HOOK_INIT(socket_connect, tomoyo_socket_connect), > + LSM_HOOK_INIT(socket_listen, tomoyo_socket_listen), > + LSM_HOOK_INIT(socket_sendmsg, tomoyo_socket_sendmsg), > }; > > /* Lock for GC. */ > diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c > index 14557ff..23dd4c6 100644 > --- a/security/yama/yama_lsm.c > +++ b/security/yama/yama_lsm.c > @@ -366,12 +366,12 @@ int yama_ptrace_traceme(struct task_struct *parent) > > #ifndef CONFIG_SECURITY_YAMA_STACKED > static struct security_operations yama_ops = { > - .name = "yama", > + LSM_HOOK_INIT(name, "yama"), > > - .ptrace_access_check = yama_ptrace_access_check, > - .ptrace_traceme = yama_ptrace_traceme, > - .task_prctl = yama_task_prctl, > - .task_free = yama_task_free, > + LSM_HOOK_INIT(ptrace_access_check, yama_ptrace_access_check), > + LSM_HOOK_INIT(ptrace_traceme, yama_ptrace_traceme), > + LSM_HOOK_INIT(task_prctl, yama_task_prctl), > + LSM_HOOK_INIT(task_free, yama_task_free), > }; > #endif > > > -- > To unsubscribe from this list: send the line "unsubscribe > linux-security-module" in the body of a message to > majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- paul moore security @ redhat -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/