mirror of
https://github.com/Fishwaldo/Star64_linux.git
synced 2025-06-23 23:21:46 +00:00
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
"Highlights:
IMA:
- provide ">" and "<" operators for fowner/uid/euid rules
KEYS:
- add a system blacklist keyring
- add KEYCTL_RESTRICT_KEYRING, exposes keyring link restriction
functionality to userland via keyctl()
LSM:
- harden LSM API with __ro_after_init
- add prlmit security hook, implement for SELinux
- revive security_task_alloc hook
TPM:
- implement contextual TPM command 'spaces'"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (98 commits)
tpm: Fix reference count to main device
tpm_tis: convert to using locality callbacks
tpm: fix handling of the TPM 2.0 event logs
tpm_crb: remove a cruft constant
keys: select CONFIG_CRYPTO when selecting DH / KDF
apparmor: Make path_max parameter readonly
apparmor: fix parameters so that the permission test is bypassed at boot
apparmor: fix invalid reference to index variable of iterator line 836
apparmor: use SHASH_DESC_ON_STACK
security/apparmor/lsm.c: set debug messages
apparmor: fix boolreturn.cocci warnings
Smack: Use GFP_KERNEL for smk_netlbl_mls().
smack: fix double free in smack_parse_opts_str()
KEYS: add SP800-56A KDF support for DH
KEYS: Keyring asymmetric key restrict method with chaining
KEYS: Restrict asymmetric key linkage using a specific keychain
KEYS: Add a lookup_restriction function for the asymmetric key type
KEYS: Add KEYCTL_RESTRICT_KEYRING
KEYS: Consistent ordering for __key_link_begin and restrict check
KEYS: Add an optional lookup_restriction hook to key_type
...
This commit is contained in:
Linus Torvalds
commit
0302e28dee
95 changed files with 3243 additions and 1123 deletions
|
|
@ -32,6 +32,7 @@
|
|||
/* Maximum number of letters for an LSM name string */
|
||||
#define SECURITY_NAME_MAX 10
|
||||
|
||||
struct security_hook_heads security_hook_heads __lsm_ro_after_init;
|
||||
char *lsm_names;
|
||||
/* Boot-time LSM user choice */
|
||||
static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
|
||||
|
|
@ -54,6 +55,12 @@ static void __init do_security_initcalls(void)
|
|||
*/
|
||||
int __init security_init(void)
|
||||
{
|
||||
int i;
|
||||
struct list_head *list = (struct list_head *) &security_hook_heads;
|
||||
|
||||
for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct list_head);
|
||||
i++)
|
||||
INIT_LIST_HEAD(&list[i]);
|
||||
pr_info("Security Framework initialized\n");
|
||||
|
||||
/*
|
||||
|
|
@ -934,6 +941,11 @@ int security_task_create(unsigned long clone_flags)
|
|||
return call_int_hook(task_create, 0, clone_flags);
|
||||
}
|
||||
|
||||
int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
|
||||
{
|
||||
return call_int_hook(task_alloc, 0, task, clone_flags);
|
||||
}
|
||||
|
||||
void security_task_free(struct task_struct *task)
|
||||
{
|
||||
call_void_hook(task_free, task);
|
||||
|
|
@ -1040,6 +1052,12 @@ int security_task_getioprio(struct task_struct *p)
|
|||
return call_int_hook(task_getioprio, 0, p);
|
||||
}
|
||||
|
||||
int security_task_prlimit(const struct cred *cred, const struct cred *tcred,
|
||||
unsigned int flags)
|
||||
{
|
||||
return call_int_hook(task_prlimit, 0, cred, tcred, flags);
|
||||
}
|
||||
|
||||
int security_task_setrlimit(struct task_struct *p, unsigned int resource,
|
||||
struct rlimit *new_rlim)
|
||||
{
|
||||
|
|
@ -1625,355 +1643,3 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
|
|||
actx);
|
||||
}
|
||||
#endif /* CONFIG_AUDIT */
|
||||
|
||||
struct security_hook_heads security_hook_heads = {
|
||||
.binder_set_context_mgr =
|
||||
LIST_HEAD_INIT(security_hook_heads.binder_set_context_mgr),
|
||||
.binder_transaction =
|
||||
LIST_HEAD_INIT(security_hook_heads.binder_transaction),
|
||||
.binder_transfer_binder =
|
||||
LIST_HEAD_INIT(security_hook_heads.binder_transfer_binder),
|
||||
.binder_transfer_file =
|
||||
LIST_HEAD_INIT(security_hook_heads.binder_transfer_file),
|
||||
|
||||
.ptrace_access_check =
|
||||
LIST_HEAD_INIT(security_hook_heads.ptrace_access_check),
|
||||
.ptrace_traceme =
|
||||
LIST_HEAD_INIT(security_hook_heads.ptrace_traceme),
|
||||
.capget = LIST_HEAD_INIT(security_hook_heads.capget),
|
||||
.capset = LIST_HEAD_INIT(security_hook_heads.capset),
|
||||
.capable = LIST_HEAD_INIT(security_hook_heads.capable),
|
||||
.quotactl = LIST_HEAD_INIT(security_hook_heads.quotactl),
|
||||
.quota_on = LIST_HEAD_INIT(security_hook_heads.quota_on),
|
||||
.syslog = LIST_HEAD_INIT(security_hook_heads.syslog),
|
||||
.settime = LIST_HEAD_INIT(security_hook_heads.settime),
|
||||
.vm_enough_memory =
|
||||
LIST_HEAD_INIT(security_hook_heads.vm_enough_memory),
|
||||
.bprm_set_creds =
|
||||
LIST_HEAD_INIT(security_hook_heads.bprm_set_creds),
|
||||
.bprm_check_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.bprm_check_security),
|
||||
.bprm_secureexec =
|
||||
LIST_HEAD_INIT(security_hook_heads.bprm_secureexec),
|
||||
.bprm_committing_creds =
|
||||
LIST_HEAD_INIT(security_hook_heads.bprm_committing_creds),
|
||||
.bprm_committed_creds =
|
||||
LIST_HEAD_INIT(security_hook_heads.bprm_committed_creds),
|
||||
.sb_alloc_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.sb_alloc_security),
|
||||
.sb_free_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.sb_free_security),
|
||||
.sb_copy_data = LIST_HEAD_INIT(security_hook_heads.sb_copy_data),
|
||||
.sb_remount = LIST_HEAD_INIT(security_hook_heads.sb_remount),
|
||||
.sb_kern_mount =
|
||||
LIST_HEAD_INIT(security_hook_heads.sb_kern_mount),
|
||||
.sb_show_options =
|
||||
LIST_HEAD_INIT(security_hook_heads.sb_show_options),
|
||||
.sb_statfs = LIST_HEAD_INIT(security_hook_heads.sb_statfs),
|
||||
.sb_mount = LIST_HEAD_INIT(security_hook_heads.sb_mount),
|
||||
.sb_umount = LIST_HEAD_INIT(security_hook_heads.sb_umount),
|
||||
.sb_pivotroot = LIST_HEAD_INIT(security_hook_heads.sb_pivotroot),
|
||||
.sb_set_mnt_opts =
|
||||
LIST_HEAD_INIT(security_hook_heads.sb_set_mnt_opts),
|
||||
.sb_clone_mnt_opts =
|
||||
LIST_HEAD_INIT(security_hook_heads.sb_clone_mnt_opts),
|
||||
.sb_parse_opts_str =
|
||||
LIST_HEAD_INIT(security_hook_heads.sb_parse_opts_str),
|
||||
.dentry_init_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.dentry_init_security),
|
||||
.dentry_create_files_as =
|
||||
LIST_HEAD_INIT(security_hook_heads.dentry_create_files_as),
|
||||
#ifdef CONFIG_SECURITY_PATH
|
||||
.path_unlink = LIST_HEAD_INIT(security_hook_heads.path_unlink),
|
||||
.path_mkdir = LIST_HEAD_INIT(security_hook_heads.path_mkdir),
|
||||
.path_rmdir = LIST_HEAD_INIT(security_hook_heads.path_rmdir),
|
||||
.path_mknod = LIST_HEAD_INIT(security_hook_heads.path_mknod),
|
||||
.path_truncate =
|
||||
LIST_HEAD_INIT(security_hook_heads.path_truncate),
|
||||
.path_symlink = LIST_HEAD_INIT(security_hook_heads.path_symlink),
|
||||
.path_link = LIST_HEAD_INIT(security_hook_heads.path_link),
|
||||
.path_rename = LIST_HEAD_INIT(security_hook_heads.path_rename),
|
||||
.path_chmod = LIST_HEAD_INIT(security_hook_heads.path_chmod),
|
||||
.path_chown = LIST_HEAD_INIT(security_hook_heads.path_chown),
|
||||
.path_chroot = LIST_HEAD_INIT(security_hook_heads.path_chroot),
|
||||
#endif
|
||||
.inode_alloc_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_alloc_security),
|
||||
.inode_free_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_free_security),
|
||||
.inode_init_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_init_security),
|
||||
.inode_create = LIST_HEAD_INIT(security_hook_heads.inode_create),
|
||||
.inode_link = LIST_HEAD_INIT(security_hook_heads.inode_link),
|
||||
.inode_unlink = LIST_HEAD_INIT(security_hook_heads.inode_unlink),
|
||||
.inode_symlink =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_symlink),
|
||||
.inode_mkdir = LIST_HEAD_INIT(security_hook_heads.inode_mkdir),
|
||||
.inode_rmdir = LIST_HEAD_INIT(security_hook_heads.inode_rmdir),
|
||||
.inode_mknod = LIST_HEAD_INIT(security_hook_heads.inode_mknod),
|
||||
.inode_rename = LIST_HEAD_INIT(security_hook_heads.inode_rename),
|
||||
.inode_readlink =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_readlink),
|
||||
.inode_follow_link =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_follow_link),
|
||||
.inode_permission =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_permission),
|
||||
.inode_setattr =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_setattr),
|
||||
.inode_getattr =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_getattr),
|
||||
.inode_setxattr =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_setxattr),
|
||||
.inode_post_setxattr =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_post_setxattr),
|
||||
.inode_getxattr =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_getxattr),
|
||||
.inode_listxattr =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_listxattr),
|
||||
.inode_removexattr =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_removexattr),
|
||||
.inode_need_killpriv =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_need_killpriv),
|
||||
.inode_killpriv =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_killpriv),
|
||||
.inode_getsecurity =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_getsecurity),
|
||||
.inode_setsecurity =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_setsecurity),
|
||||
.inode_listsecurity =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_listsecurity),
|
||||
.inode_getsecid =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_getsecid),
|
||||
.inode_copy_up =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_copy_up),
|
||||
.inode_copy_up_xattr =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_copy_up_xattr),
|
||||
.file_permission =
|
||||
LIST_HEAD_INIT(security_hook_heads.file_permission),
|
||||
.file_alloc_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.file_alloc_security),
|
||||
.file_free_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.file_free_security),
|
||||
.file_ioctl = LIST_HEAD_INIT(security_hook_heads.file_ioctl),
|
||||
.mmap_addr = LIST_HEAD_INIT(security_hook_heads.mmap_addr),
|
||||
.mmap_file = LIST_HEAD_INIT(security_hook_heads.mmap_file),
|
||||
.file_mprotect =
|
||||
LIST_HEAD_INIT(security_hook_heads.file_mprotect),
|
||||
.file_lock = LIST_HEAD_INIT(security_hook_heads.file_lock),
|
||||
.file_fcntl = LIST_HEAD_INIT(security_hook_heads.file_fcntl),
|
||||
.file_set_fowner =
|
||||
LIST_HEAD_INIT(security_hook_heads.file_set_fowner),
|
||||
.file_send_sigiotask =
|
||||
LIST_HEAD_INIT(security_hook_heads.file_send_sigiotask),
|
||||
.file_receive = LIST_HEAD_INIT(security_hook_heads.file_receive),
|
||||
.file_open = LIST_HEAD_INIT(security_hook_heads.file_open),
|
||||
.task_create = LIST_HEAD_INIT(security_hook_heads.task_create),
|
||||
.task_free = LIST_HEAD_INIT(security_hook_heads.task_free),
|
||||
.cred_alloc_blank =
|
||||
LIST_HEAD_INIT(security_hook_heads.cred_alloc_blank),
|
||||
.cred_free = LIST_HEAD_INIT(security_hook_heads.cred_free),
|
||||
.cred_prepare = LIST_HEAD_INIT(security_hook_heads.cred_prepare),
|
||||
.cred_transfer =
|
||||
LIST_HEAD_INIT(security_hook_heads.cred_transfer),
|
||||
.kernel_act_as =
|
||||
LIST_HEAD_INIT(security_hook_heads.kernel_act_as),
|
||||
.kernel_create_files_as =
|
||||
LIST_HEAD_INIT(security_hook_heads.kernel_create_files_as),
|
||||
.kernel_module_request =
|
||||
LIST_HEAD_INIT(security_hook_heads.kernel_module_request),
|
||||
.kernel_read_file =
|
||||
LIST_HEAD_INIT(security_hook_heads.kernel_read_file),
|
||||
.kernel_post_read_file =
|
||||
LIST_HEAD_INIT(security_hook_heads.kernel_post_read_file),
|
||||
.task_fix_setuid =
|
||||
LIST_HEAD_INIT(security_hook_heads.task_fix_setuid),
|
||||
.task_setpgid = LIST_HEAD_INIT(security_hook_heads.task_setpgid),
|
||||
.task_getpgid = LIST_HEAD_INIT(security_hook_heads.task_getpgid),
|
||||
.task_getsid = LIST_HEAD_INIT(security_hook_heads.task_getsid),
|
||||
.task_getsecid =
|
||||
LIST_HEAD_INIT(security_hook_heads.task_getsecid),
|
||||
.task_setnice = LIST_HEAD_INIT(security_hook_heads.task_setnice),
|
||||
.task_setioprio =
|
||||
LIST_HEAD_INIT(security_hook_heads.task_setioprio),
|
||||
.task_getioprio =
|
||||
LIST_HEAD_INIT(security_hook_heads.task_getioprio),
|
||||
.task_setrlimit =
|
||||
LIST_HEAD_INIT(security_hook_heads.task_setrlimit),
|
||||
.task_setscheduler =
|
||||
LIST_HEAD_INIT(security_hook_heads.task_setscheduler),
|
||||
.task_getscheduler =
|
||||
LIST_HEAD_INIT(security_hook_heads.task_getscheduler),
|
||||
.task_movememory =
|
||||
LIST_HEAD_INIT(security_hook_heads.task_movememory),
|
||||
.task_kill = LIST_HEAD_INIT(security_hook_heads.task_kill),
|
||||
.task_prctl = LIST_HEAD_INIT(security_hook_heads.task_prctl),
|
||||
.task_to_inode =
|
||||
LIST_HEAD_INIT(security_hook_heads.task_to_inode),
|
||||
.ipc_permission =
|
||||
LIST_HEAD_INIT(security_hook_heads.ipc_permission),
|
||||
.ipc_getsecid = LIST_HEAD_INIT(security_hook_heads.ipc_getsecid),
|
||||
.msg_msg_alloc_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.msg_msg_alloc_security),
|
||||
.msg_msg_free_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.msg_msg_free_security),
|
||||
.msg_queue_alloc_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.msg_queue_alloc_security),
|
||||
.msg_queue_free_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.msg_queue_free_security),
|
||||
.msg_queue_associate =
|
||||
LIST_HEAD_INIT(security_hook_heads.msg_queue_associate),
|
||||
.msg_queue_msgctl =
|
||||
LIST_HEAD_INIT(security_hook_heads.msg_queue_msgctl),
|
||||
.msg_queue_msgsnd =
|
||||
LIST_HEAD_INIT(security_hook_heads.msg_queue_msgsnd),
|
||||
.msg_queue_msgrcv =
|
||||
LIST_HEAD_INIT(security_hook_heads.msg_queue_msgrcv),
|
||||
.shm_alloc_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.shm_alloc_security),
|
||||
.shm_free_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.shm_free_security),
|
||||
.shm_associate =
|
||||
LIST_HEAD_INIT(security_hook_heads.shm_associate),
|
||||
.shm_shmctl = LIST_HEAD_INIT(security_hook_heads.shm_shmctl),
|
||||
.shm_shmat = LIST_HEAD_INIT(security_hook_heads.shm_shmat),
|
||||
.sem_alloc_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.sem_alloc_security),
|
||||
.sem_free_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.sem_free_security),
|
||||
.sem_associate =
|
||||
LIST_HEAD_INIT(security_hook_heads.sem_associate),
|
||||
.sem_semctl = LIST_HEAD_INIT(security_hook_heads.sem_semctl),
|
||||
.sem_semop = LIST_HEAD_INIT(security_hook_heads.sem_semop),
|
||||
.netlink_send = LIST_HEAD_INIT(security_hook_heads.netlink_send),
|
||||
.d_instantiate =
|
||||
LIST_HEAD_INIT(security_hook_heads.d_instantiate),
|
||||
.getprocattr = LIST_HEAD_INIT(security_hook_heads.getprocattr),
|
||||
.setprocattr = LIST_HEAD_INIT(security_hook_heads.setprocattr),
|
||||
.ismaclabel = LIST_HEAD_INIT(security_hook_heads.ismaclabel),
|
||||
.secid_to_secctx =
|
||||
LIST_HEAD_INIT(security_hook_heads.secid_to_secctx),
|
||||
.secctx_to_secid =
|
||||
LIST_HEAD_INIT(security_hook_heads.secctx_to_secid),
|
||||
.release_secctx =
|
||||
LIST_HEAD_INIT(security_hook_heads.release_secctx),
|
||||
.inode_invalidate_secctx =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_invalidate_secctx),
|
||||
.inode_notifysecctx =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_notifysecctx),
|
||||
.inode_setsecctx =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_setsecctx),
|
||||
.inode_getsecctx =
|
||||
LIST_HEAD_INIT(security_hook_heads.inode_getsecctx),
|
||||
#ifdef CONFIG_SECURITY_NETWORK
|
||||
.unix_stream_connect =
|
||||
LIST_HEAD_INIT(security_hook_heads.unix_stream_connect),
|
||||
.unix_may_send =
|
||||
LIST_HEAD_INIT(security_hook_heads.unix_may_send),
|
||||
.socket_create =
|
||||
LIST_HEAD_INIT(security_hook_heads.socket_create),
|
||||
.socket_post_create =
|
||||
LIST_HEAD_INIT(security_hook_heads.socket_post_create),
|
||||
.socket_bind = LIST_HEAD_INIT(security_hook_heads.socket_bind),
|
||||
.socket_connect =
|
||||
LIST_HEAD_INIT(security_hook_heads.socket_connect),
|
||||
.socket_listen =
|
||||
LIST_HEAD_INIT(security_hook_heads.socket_listen),
|
||||
.socket_accept =
|
||||
LIST_HEAD_INIT(security_hook_heads.socket_accept),
|
||||
.socket_sendmsg =
|
||||
LIST_HEAD_INIT(security_hook_heads.socket_sendmsg),
|
||||
.socket_recvmsg =
|
||||
LIST_HEAD_INIT(security_hook_heads.socket_recvmsg),
|
||||
.socket_getsockname =
|
||||
LIST_HEAD_INIT(security_hook_heads.socket_getsockname),
|
||||
.socket_getpeername =
|
||||
LIST_HEAD_INIT(security_hook_heads.socket_getpeername),
|
||||
.socket_getsockopt =
|
||||
LIST_HEAD_INIT(security_hook_heads.socket_getsockopt),
|
||||
.socket_setsockopt =
|
||||
LIST_HEAD_INIT(security_hook_heads.socket_setsockopt),
|
||||
.socket_shutdown =
|
||||
LIST_HEAD_INIT(security_hook_heads.socket_shutdown),
|
||||
.socket_sock_rcv_skb =
|
||||
LIST_HEAD_INIT(security_hook_heads.socket_sock_rcv_skb),
|
||||
.socket_getpeersec_stream =
|
||||
LIST_HEAD_INIT(security_hook_heads.socket_getpeersec_stream),
|
||||
.socket_getpeersec_dgram =
|
||||
LIST_HEAD_INIT(security_hook_heads.socket_getpeersec_dgram),
|
||||
.sk_alloc_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.sk_alloc_security),
|
||||
.sk_free_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.sk_free_security),
|
||||
.sk_clone_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.sk_clone_security),
|
||||
.sk_getsecid = LIST_HEAD_INIT(security_hook_heads.sk_getsecid),
|
||||
.sock_graft = LIST_HEAD_INIT(security_hook_heads.sock_graft),
|
||||
.inet_conn_request =
|
||||
LIST_HEAD_INIT(security_hook_heads.inet_conn_request),
|
||||
.inet_csk_clone =
|
||||
LIST_HEAD_INIT(security_hook_heads.inet_csk_clone),
|
||||
.inet_conn_established =
|
||||
LIST_HEAD_INIT(security_hook_heads.inet_conn_established),
|
||||
.secmark_relabel_packet =
|
||||
LIST_HEAD_INIT(security_hook_heads.secmark_relabel_packet),
|
||||
.secmark_refcount_inc =
|
||||
LIST_HEAD_INIT(security_hook_heads.secmark_refcount_inc),
|
||||
.secmark_refcount_dec =
|
||||
LIST_HEAD_INIT(security_hook_heads.secmark_refcount_dec),
|
||||
.req_classify_flow =
|
||||
LIST_HEAD_INIT(security_hook_heads.req_classify_flow),
|
||||
.tun_dev_alloc_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.tun_dev_alloc_security),
|
||||
.tun_dev_free_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.tun_dev_free_security),
|
||||
.tun_dev_create =
|
||||
LIST_HEAD_INIT(security_hook_heads.tun_dev_create),
|
||||
.tun_dev_attach_queue =
|
||||
LIST_HEAD_INIT(security_hook_heads.tun_dev_attach_queue),
|
||||
.tun_dev_attach =
|
||||
LIST_HEAD_INIT(security_hook_heads.tun_dev_attach),
|
||||
.tun_dev_open = LIST_HEAD_INIT(security_hook_heads.tun_dev_open),
|
||||
#endif /* CONFIG_SECURITY_NETWORK */
|
||||
#ifdef CONFIG_SECURITY_NETWORK_XFRM
|
||||
.xfrm_policy_alloc_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.xfrm_policy_alloc_security),
|
||||
.xfrm_policy_clone_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.xfrm_policy_clone_security),
|
||||
.xfrm_policy_free_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.xfrm_policy_free_security),
|
||||
.xfrm_policy_delete_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.xfrm_policy_delete_security),
|
||||
.xfrm_state_alloc =
|
||||
LIST_HEAD_INIT(security_hook_heads.xfrm_state_alloc),
|
||||
.xfrm_state_alloc_acquire =
|
||||
LIST_HEAD_INIT(security_hook_heads.xfrm_state_alloc_acquire),
|
||||
.xfrm_state_free_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.xfrm_state_free_security),
|
||||
.xfrm_state_delete_security =
|
||||
LIST_HEAD_INIT(security_hook_heads.xfrm_state_delete_security),
|
||||
.xfrm_policy_lookup =
|
||||
LIST_HEAD_INIT(security_hook_heads.xfrm_policy_lookup),
|
||||
.xfrm_state_pol_flow_match =
|
||||
LIST_HEAD_INIT(security_hook_heads.xfrm_state_pol_flow_match),
|
||||
.xfrm_decode_session =
|
||||
LIST_HEAD_INIT(security_hook_heads.xfrm_decode_session),
|
||||
#endif /* CONFIG_SECURITY_NETWORK_XFRM */
|
||||
#ifdef CONFIG_KEYS
|
||||
.key_alloc = LIST_HEAD_INIT(security_hook_heads.key_alloc),
|
||||
.key_free = LIST_HEAD_INIT(security_hook_heads.key_free),
|
||||
.key_permission =
|
||||
LIST_HEAD_INIT(security_hook_heads.key_permission),
|
||||
.key_getsecurity =
|
||||
LIST_HEAD_INIT(security_hook_heads.key_getsecurity),
|
||||
#endif /* CONFIG_KEYS */
|
||||
#ifdef CONFIG_AUDIT
|
||||
.audit_rule_init =
|
||||
LIST_HEAD_INIT(security_hook_heads.audit_rule_init),
|
||||
.audit_rule_known =
|
||||
LIST_HEAD_INIT(security_hook_heads.audit_rule_known),
|
||||
.audit_rule_match =
|
||||
LIST_HEAD_INIT(security_hook_heads.audit_rule_match),
|
||||
.audit_rule_free =
|
||||
LIST_HEAD_INIT(security_hook_heads.audit_rule_free),
|
||||
#endif /* CONFIG_AUDIT */
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue