diff options
Diffstat (limited to 'include/linux/lsm_hook_defs.h')
| -rw-r--r-- | include/linux/lsm_hook_defs.h | 43 | 
1 files changed, 34 insertions, 9 deletions
| diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 185924c56378..334e00efbde4 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -94,6 +94,8 @@ LSM_HOOK(int, 0, path_mkdir, const struct path *dir, struct dentry *dentry,  LSM_HOOK(int, 0, path_rmdir, const struct path *dir, struct dentry *dentry)  LSM_HOOK(int, 0, path_mknod, const struct path *dir, struct dentry *dentry,  	 umode_t mode, unsigned int dev) +LSM_HOOK(void, LSM_RET_VOID, path_post_mknod, struct mnt_idmap *idmap, +	 struct dentry *dentry)  LSM_HOOK(int, 0, path_truncate, const struct path *path)  LSM_HOOK(int, 0, path_symlink, const struct path *dir, struct dentry *dentry,  	 const char *old_name) @@ -119,6 +121,8 @@ LSM_HOOK(int, 0, inode_init_security_anon, struct inode *inode,  	 const struct qstr *name, const struct inode *context_inode)  LSM_HOOK(int, 0, inode_create, struct inode *dir, struct dentry *dentry,  	 umode_t mode) +LSM_HOOK(void, LSM_RET_VOID, inode_post_create_tmpfile, struct mnt_idmap *idmap, +	 struct inode *inode)  LSM_HOOK(int, 0, inode_link, struct dentry *old_dentry, struct inode *dir,  	 struct dentry *new_dentry)  LSM_HOOK(int, 0, inode_unlink, struct inode *dir, struct dentry *dentry) @@ -135,7 +139,10 @@ LSM_HOOK(int, 0, inode_readlink, struct dentry *dentry)  LSM_HOOK(int, 0, inode_follow_link, struct dentry *dentry, struct inode *inode,  	 bool rcu)  LSM_HOOK(int, 0, inode_permission, struct inode *inode, int mask) -LSM_HOOK(int, 0, inode_setattr, struct dentry *dentry, struct iattr *attr) +LSM_HOOK(int, 0, inode_setattr, struct mnt_idmap *idmap, struct dentry *dentry, +	 struct iattr *attr) +LSM_HOOK(void, LSM_RET_VOID, inode_post_setattr, struct mnt_idmap *idmap, +	 struct dentry *dentry, int ia_valid)  LSM_HOOK(int, 0, inode_getattr, const struct path *path)  LSM_HOOK(int, 0, inode_setxattr, struct mnt_idmap *idmap,  	 struct dentry *dentry, const char *name, const void *value, @@ -146,12 +153,18 @@ LSM_HOOK(int, 0, inode_getxattr, struct dentry *dentry, const char *name)  LSM_HOOK(int, 0, inode_listxattr, struct dentry *dentry)  LSM_HOOK(int, 0, inode_removexattr, struct mnt_idmap *idmap,  	 struct dentry *dentry, const char *name) +LSM_HOOK(void, LSM_RET_VOID, inode_post_removexattr, struct dentry *dentry, +	 const char *name)  LSM_HOOK(int, 0, inode_set_acl, struct mnt_idmap *idmap,  	 struct dentry *dentry, const char *acl_name, struct posix_acl *kacl) +LSM_HOOK(void, LSM_RET_VOID, inode_post_set_acl, struct dentry *dentry, +	 const char *acl_name, struct posix_acl *kacl)  LSM_HOOK(int, 0, inode_get_acl, struct mnt_idmap *idmap,  	 struct dentry *dentry, const char *acl_name)  LSM_HOOK(int, 0, inode_remove_acl, struct mnt_idmap *idmap,  	 struct dentry *dentry, const char *acl_name) +LSM_HOOK(void, LSM_RET_VOID, inode_post_remove_acl, struct mnt_idmap *idmap, +	 struct dentry *dentry, const char *acl_name)  LSM_HOOK(int, 0, inode_need_killpriv, struct dentry *dentry)  LSM_HOOK(int, 0, inode_killpriv, struct mnt_idmap *idmap,  	 struct dentry *dentry) @@ -168,6 +181,7 @@ LSM_HOOK(int, 0, kernfs_init_security, struct kernfs_node *kn_dir,  	 struct kernfs_node *kn)  LSM_HOOK(int, 0, file_permission, struct file *file, int mask)  LSM_HOOK(int, 0, file_alloc_security, struct file *file) +LSM_HOOK(void, LSM_RET_VOID, file_release, struct file *file)  LSM_HOOK(void, LSM_RET_VOID, file_free_security, struct file *file)  LSM_HOOK(int, 0, file_ioctl, struct file *file, unsigned int cmd,  	 unsigned long arg) @@ -186,6 +200,7 @@ LSM_HOOK(int, 0, file_send_sigiotask, struct task_struct *tsk,  	 struct fown_struct *fown, int sig)  LSM_HOOK(int, 0, file_receive, struct file *file)  LSM_HOOK(int, 0, file_open, struct file *file) +LSM_HOOK(int, 0, file_post_open, struct file *file, int mask)  LSM_HOOK(int, 0, file_truncate, struct file *file)  LSM_HOOK(int, 0, task_alloc, struct task_struct *task,  	 unsigned long clone_flags) @@ -265,9 +280,9 @@ LSM_HOOK(int, 0, netlink_send, struct sock *sk, struct sk_buff *skb)  LSM_HOOK(void, LSM_RET_VOID, d_instantiate, struct dentry *dentry,  	 struct inode *inode)  LSM_HOOK(int, -EOPNOTSUPP, getselfattr, unsigned int attr, -	 struct lsm_ctx __user *ctx, size_t *size, u32 flags) +	 struct lsm_ctx __user *ctx, u32 *size, u32 flags)  LSM_HOOK(int, -EOPNOTSUPP, setselfattr, unsigned int attr, -	 struct lsm_ctx *ctx, size_t size, u32 flags) +	 struct lsm_ctx *ctx, u32 size, u32 flags)  LSM_HOOK(int, -EINVAL, getprocattr, struct task_struct *p, const char *name,  	 char **value)  LSM_HOOK(int, -EINVAL, setprocattr, const char *name, void *value, size_t size) @@ -315,9 +330,9 @@ LSM_HOOK(int, 0, socket_getsockopt, struct socket *sock, int level, int optname)  LSM_HOOK(int, 0, socket_setsockopt, struct socket *sock, int level, int optname)  LSM_HOOK(int, 0, socket_shutdown, struct socket *sock, int how)  LSM_HOOK(int, 0, socket_sock_rcv_skb, struct sock *sk, struct sk_buff *skb) -LSM_HOOK(int, 0, socket_getpeersec_stream, struct socket *sock, +LSM_HOOK(int, -ENOPROTOOPT, socket_getpeersec_stream, struct socket *sock,  	 sockptr_t optval, sockptr_t optlen, unsigned int len) -LSM_HOOK(int, 0, socket_getpeersec_dgram, struct socket *sock, +LSM_HOOK(int, -ENOPROTOOPT, socket_getpeersec_dgram, struct socket *sock,  	 struct sk_buff *skb, u32 *secid)  LSM_HOOK(int, 0, sk_alloc_security, struct sock *sk, int family, gfp_t priority)  LSM_HOOK(void, LSM_RET_VOID, sk_free_security, struct sock *sk) @@ -390,6 +405,9 @@ LSM_HOOK(void, LSM_RET_VOID, key_free, struct key *key)  LSM_HOOK(int, 0, key_permission, key_ref_t key_ref, const struct cred *cred,  	 enum key_need_perm need_perm)  LSM_HOOK(int, 0, key_getsecurity, struct key *key, char **buffer) +LSM_HOOK(void, LSM_RET_VOID, key_post_create_or_update, struct key *keyring, +	 struct key *key, const void *payload, size_t payload_len, +	 unsigned long flags, bool create)  #endif /* CONFIG_KEYS */  #ifdef CONFIG_AUDIT @@ -404,10 +422,17 @@ LSM_HOOK(void, LSM_RET_VOID, audit_rule_free, void *lsmrule)  LSM_HOOK(int, 0, bpf, int cmd, union bpf_attr *attr, unsigned int size)  LSM_HOOK(int, 0, bpf_map, struct bpf_map *map, fmode_t fmode)  LSM_HOOK(int, 0, bpf_prog, struct bpf_prog *prog) -LSM_HOOK(int, 0, bpf_map_alloc_security, struct bpf_map *map) -LSM_HOOK(void, LSM_RET_VOID, bpf_map_free_security, struct bpf_map *map) -LSM_HOOK(int, 0, bpf_prog_alloc_security, struct bpf_prog_aux *aux) -LSM_HOOK(void, LSM_RET_VOID, bpf_prog_free_security, struct bpf_prog_aux *aux) +LSM_HOOK(int, 0, bpf_map_create, struct bpf_map *map, union bpf_attr *attr, +	 struct bpf_token *token) +LSM_HOOK(void, LSM_RET_VOID, bpf_map_free, struct bpf_map *map) +LSM_HOOK(int, 0, bpf_prog_load, struct bpf_prog *prog, union bpf_attr *attr, +	 struct bpf_token *token) +LSM_HOOK(void, LSM_RET_VOID, bpf_prog_free, struct bpf_prog *prog) +LSM_HOOK(int, 0, bpf_token_create, struct bpf_token *token, union bpf_attr *attr, +	 struct path *path) +LSM_HOOK(void, LSM_RET_VOID, bpf_token_free, struct bpf_token *token) +LSM_HOOK(int, 0, bpf_token_cmd, const struct bpf_token *token, enum bpf_cmd cmd) +LSM_HOOK(int, 0, bpf_token_capable, const struct bpf_token *token, int cap)  #endif /* CONFIG_BPF_SYSCALL */  LSM_HOOK(int, 0, locked_down, enum lockdown_reason what) |