* Greg KH (gregat_private) wrote: > On Mon, Jul 01, 2002 at 12:25:54AM +1000, James Morris wrote: > > > > If it looks ok to everyone, I'll start work on the 2.5 version. > > Does the kerneldoc tools work ok with the way things are now split up? > > I'm worried that we will have to include the whole large comment > structure at the top of the structure for it to show up properly :( Heh, I was worried about the same thing. The patch actually does place all comments above the security_operations structure, but not in a way that kerneldoc can parse it. The patch below is relative to James' patch and makes the thing (almost) kerneldoc parseable. I also removed the tabs in the callback prototypes to be more consistent with other parts of the kernel. Sample of the kerneldoc bits. The junk at the end is not that different from current kerneldoc output. http://lsm.immunix.org/~chris/security.html thanks, -chris --- include/linux/security.h~ Thu Jul 4 20:07:19 2002 +++ include/linux/security.h Thu Jul 4 21:04:01 2002 @@ -48,7 +48,22 @@ /* setfsuid or setfsgid, id0 == fsuid or fsgid */ #define LSM_SETID_FS 8 +/* forward declares to avoid warnings */ +struct sk_buff; +struct net_device; +struct nfsctl_arg; +struct sched_param; +struct swap_info_struct; + +/* for netfilter-based hooks */ +typedef unsigned int (*ip_opfn) (unsigned int hooknum, + struct sk_buff ** skb, + const struct net_device * in, + const struct net_device * out, + int (*okfn) (struct sk_buff *)); + /** + * struct security_operations - main security structure * Security hooks for program execution operations. * * @bprm_alloc_security: @@ -93,9 +108,7 @@ * first. * @bprm contains the linux_binprm structure. * Return 0 if the hook is successful and permission is granted. - */ - -/** + * * Security hooks for filesystem operations. * * @sb_alloc_security: @@ -171,9 +184,7 @@ * Update module state after a successful pivot. * @old_nd contains the nameidata structure for the old root. * @new_nd contains the nameidata structure for the new root. - */ - -/** + * * Security hooks for inode operations. * * @inode_alloc_security: @@ -321,9 +332,7 @@ * with no hard links has its use count drop to zero). A security module * can use this hook to release any persistent label associated with the * inode. - */ - -/** + * * Security hooks for file operations * * @file_permission: @@ -417,9 +426,7 @@ * to receive an open file descriptor via socket IPC. * @file contains the file structure being received. * Return 0 if permission is granted. - */ - -/** + * * Security hooks for task operations. * * @task_create: @@ -546,9 +553,7 @@ * Set the security attributes in current->security for the kernel module * loader thread, so that it has the permissions needed to perform its * function. - */ - -/** + * * Security hooks for socket operations. * * @socket_create: @@ -658,9 +663,7 @@ * @sk contains the sock (not socket) associated with the incoming sk_buff. * @skb contains the incoming network data. * Return 0 if permission is granted. - */ - -/** + * * Lifecycle hooks for network buffers. * * @skb_alloc_security: @@ -703,9 +706,7 @@ * These are the lifecycle hooks for network buffers. They are used to help * manage the lifecycle of security blobs for &sk_buff structures, and are not * intended to be used for access decisions. - */ - -/** + * * IPv4 networking hooks. * * @ip_preroute_first: @@ -781,9 +782,7 @@ * A non-zero return value will cause an ICMP parameter problem message to * be generated and transmitted to the sender. The @pp_ptr parameter may * be used to point to the offending option parameter. - */ - -/** + * * Security hooks for network devices. * @netdev_unregister: * Update the module's state when a network device is unregistered, @@ -796,9 +795,7 @@ * initialization. Security modules can allocate and initialize the * dev->security field on the first access to the device, but should be careful * to use nonblocking allocation. - */ - -/** + * * Security hooks for kernel module operations. * * @module_create: @@ -818,9 +815,7 @@ * These are the hooks for kernel module operations. All hooks are called with * the big kernel lock held, and @delete_module is also called with the * unload_lock held. - */ - -/** + * * Security hooks affecting all System V IPC operations. * * @ipc_permission: @@ -836,9 +831,7 @@ * @id contains the resource identifier * @cmd contains the operation to be performed * Return 0 if permission is granted. - */ - -/** + * * Security hooks for individual messages held in System V IPC message queues * @msg_msg_alloc_security: * Allocate and attach a security structure to the msg->security field. @@ -850,9 +843,7 @@ * Deallocate the security structure for this message. * @msg contains the message structure to be modified. * - */ - -/** + * * Security hooks for System V IPC Message Queues * * @msg_queue_alloc_security: @@ -901,9 +892,7 @@ * @type contains the type of message requested. * @mode contains the operational flags. * Return 0 if permission is granted. - */ - -/** + * * Security hooks for System V Shared Memory Segments * * @shm_alloc_security: @@ -941,9 +930,7 @@ * @shmaddr contains the address to attach memory region to. * @shmflg contains the operational flags. * Return 0 if permission is granted. - */ - -/** + * * Security hooks for System V Semaphores * * @sem_alloc_security: @@ -981,24 +968,7 @@ * @nsops contains the number of operations to perform. * @alter contains the flag indicating whether changes are to be made. * Return 0 if permission is granted. - */ - -/* forward declares to avoid warnings */ -struct sk_buff; -struct net_device; -struct nfsctl_arg; -struct sched_param; -struct swap_info_struct; - -/* for netfilter-based hooks */ -typedef unsigned int (*ip_opfn)(unsigned int hooknum, - struct sk_buff **skb, - const struct net_device *in, - const struct net_device *out, - int (*okfn)(struct sk_buff *)); - -/** - * struct security_operations - main security structure + * * @sethostname: * Check permission before the hostname is set to @hostname. * @hostname contains the new hostname @@ -1196,298 +1166,260 @@ * * This is the main security structure. */ + struct security_operations { - int (*sethostname) (char *hostname); - int (*setdomainname) (char *domainname); - int (*reboot) (unsigned int cmd); - int (*ioperm) (unsigned long from, - unsigned long num, int turn_on); - int (*iopl) (unsigned int old, unsigned int level); - int (*ptrace) (struct task_struct *parent, - struct task_struct *child); - int (*capget) (struct task_struct *target, - kernel_cap_t *effective, - kernel_cap_t *inheritable, - kernel_cap_t *permitted); - int (*capset_check) (struct task_struct *target, - kernel_cap_t *effective, - kernel_cap_t *inheritable, - kernel_cap_t *permitted); - void (*capset_set) (struct task_struct *target, - kernel_cap_t *effective, - kernel_cap_t *inheritable, - kernel_cap_t *permitted); - int (*acct) (struct file *file); - int (*sysctl) (ctl_table * table, int op); - int (*capable) (struct task_struct *tsk, int cap); - int (*sys_security) (unsigned int id, unsigned call, - unsigned long *args); - int (*swapon) (struct swap_info_struct *swap); - int (*swapoff) (struct swap_info_struct *swap); - int (*nfsservctl) (int cmd, struct nfsctl_arg *arg); - int (*quotactl) (int cmds, int type, int id, - struct super_block *sb); - int (*quota_on) (struct file *f); - int (*bdflush) (int func, long data); - int (*syslog) (int type); - - int (*netlink_send) (struct sk_buff *skb); - int (*netlink_recv) (struct sk_buff *skb); - - int (*unix_stream_connect) (struct socket *sock, - struct socket *other); - int (*unix_may_send) (struct socket *sock, - struct socket *other); - - int (*bprm_alloc_security) (struct linux_binprm *bprm); - void (*bprm_free_security) (struct linux_binprm *bprm); - void (*bprm_compute_creds) (struct linux_binprm *bprm); - int (*bprm_set_security) (struct linux_binprm *bprm); - int (*bprm_check_security) (struct linux_binprm *bprm); - - int (*sb_alloc_security) (struct super_block *sb); - void (*sb_free_security) (struct super_block *sb); - int (*sb_statfs) (struct super_block *sb); - int (*sb_mount) (char *dev_name, struct nameidata *nd, - char *type, unsigned long flags, - void *data); - int (*sb_check_sb) (struct vfsmount *mnt, - struct nameidata *nd); - int (*sb_umount) (struct vfsmount *mnt, int flags); - void (*sb_umount_close) (struct vfsmount *mnt); - void (*sb_umount_busy) (struct vfsmount *mnt); - void (*sb_post_remount) (struct vfsmount *mnt, - unsigned long flags, void *data); - void (*sb_post_mountroot) (void); - void (*sb_post_addmount) (struct vfsmount *mnt, - struct nameidata *mountpoint_nd); - int (*sb_pivotroot) (struct nameidata *old_nd, - struct nameidata *new_nd); - void (*sb_post_pivotroot) (struct nameidata *old_nd, - struct nameidata *new_nd); - - int (*inode_alloc_security) (struct inode *inode); - void (*inode_free_security) (struct inode *inode); - int (*inode_create) (struct inode *dir, - struct dentry *dentry, int mode); - void (*inode_post_create) (struct inode *dir, - struct dentry *dentry, int mode); - int (*inode_link) (struct dentry *old_dentry, - struct inode *dir, - struct dentry *new_dentry); - void (*inode_post_link) (struct dentry *old_dentry, - struct inode *dir, - struct dentry *new_dentry); - int (*inode_unlink) (struct inode *dir, - struct dentry *dentry); - int (*inode_symlink) (struct inode *dir, - struct dentry *dentry, - const char *old_name); - void (*inode_post_symlink) (struct inode *dir, - struct dentry *dentry, - const char *old_name); - int (*inode_mkdir) (struct inode *dir, - struct dentry *dentry, int mode); - void (*inode_post_mkdir) (struct inode *dir, - struct dentry *dentry, int mode); - int (*inode_rmdir) (struct inode *dir, - struct dentry *dentry); - int (*inode_mknod) (struct inode *dir, - struct dentry *dentry, - int mode, dev_t dev); - void (*inode_post_mknod) (struct inode *dir, - struct dentry *dentry, - int mode, dev_t dev); - int (*inode_rename) (struct inode *old_dir, - struct dentry *old_dentry, - struct inode *new_dir, - struct dentry *new_dentry); - void (*inode_post_rename) (struct inode *old_dir, - struct dentry *old_dentry, - struct inode *new_dir, - struct dentry *new_dentry); - int (*inode_readlink) (struct dentry *dentry); - int (*inode_follow_link) (struct dentry *dentry, - struct nameidata *nd); - int (*inode_permission) (struct inode *inode, int mask); - int (*inode_revalidate) (struct dentry *dentry); - int (*inode_setattr) (struct dentry *dentry, - struct iattr *attr); - int (*inode_stat) (struct inode *inode); - void (*inode_post_lookup) (struct inode *inode, struct dentry *d); - void (*inode_delete) (struct inode *inode); - - int (*file_permission) (struct file *file, int mask); - int (*file_alloc_security) (struct file *file); - void (*file_free_security) (struct file *file); - int (*file_llseek) (struct file *file); - int (*file_ioctl) (struct file *file, unsigned int cmd, - unsigned long arg); - int (*file_mmap) (struct file *file, - unsigned long prot, - unsigned long flags); - int (*file_mprotect) (struct vm_area_struct *vma, - unsigned long prot); - int (*file_lock) (struct file *file, - unsigned int cmd, int blocking); - int (*file_fcntl) (struct file *file, unsigned int cmd, - unsigned long arg); - int (*file_set_fowner) (struct file *file); - int (*file_send_sigiotask) (struct task_struct *tsk, - struct fown_struct *fown, - int fd, int reason); - int (*file_receive) (struct file * file); - - - int (*task_create) (unsigned long clone_flags); - int (*task_alloc_security) (struct task_struct *p); - void (*task_free_security) (struct task_struct *p); - int (*task_setuid) (uid_t id0, uid_t id1, - uid_t id2, int flags); - int (*task_post_setuid) (uid_t old_ruid/* or fsuid */, - uid_t old_euid, uid_t old_suid, - int flags); - int (*task_setgid) (gid_t id0, gid_t id1, - gid_t id2, int flags); - int (*task_setpgid) (struct task_struct *p, pid_t pgid); - int (*task_getpgid) (struct task_struct *p); - int (*task_getsid) (struct task_struct *p); - int (*task_setgroups) (int gidsetsize, gid_t *grouplist); - int (*task_setnice) (struct task_struct *p, int nice); - int (*task_setrlimit) (unsigned int resource, - struct rlimit *new_rlim); - int (*task_setscheduler) (struct task_struct *p, int policy, - struct sched_param *lp); - int (*task_getscheduler) (struct task_struct *p); - int (*task_kill) (struct task_struct *p, - struct siginfo *info, int sig); - int (*task_wait) (struct task_struct *p); - int (*task_prctl) (int option, unsigned long arg2, - unsigned long arg3, unsigned long arg4, - unsigned long arg5); - void (*task_kmod_set_label) (void); - - int (*socket_create) (int family, int type, int protocol); - void (*socket_post_create) (struct socket *sock, int family, - int type, int protocol); - int (*socket_bind) (struct socket *sock, - struct sockaddr *address, - int addrlen); - int (*socket_connect) (struct socket *sock, - struct sockaddr *address, - int addrlen); - int (*socket_listen) (struct socket *sock, - int backlog); - int (*socket_accept) (struct socket *sock, - struct socket *newsock); - void (*socket_post_accept) (struct socket *sock, - struct socket *newsock); - int (*socket_sendmsg) (struct socket *sock, - struct msghdr *msg, int size); - int (*socket_recvmsg) (struct socket *sock, - struct msghdr *msg, - int size, int flags); - int (*socket_getsockname) (struct socket *sock); - int (*socket_getpeername) (struct socket *sock); - int (*socket_getsockopt) (struct socket *sock, int level, - int optname); - int (*socket_setsockopt) (struct socket *sock, int level, - int optname); - int (*socket_shutdown) (struct socket *sock, int how); - int (*socket_sock_rcv_skb) (struct sock *sk, struct sk_buff *skb); - - int (*skb_alloc_security) (struct sk_buff *skb); - int (*skb_clone) (struct sk_buff *newskb, - const struct sk_buff *oldskb); - void (*skb_copy) (struct sk_buff *newskb, - const struct sk_buff *oldskb); - void (*skb_set_owner_w) (struct sk_buff *skb, struct sock *sk); - void (*skb_recv_datagram) (struct sk_buff *skb, struct sock *sk, - unsigned flags); - void (*skb_free_security) (struct sk_buff *skb); - - ip_opfn ip_preroute_first; - ip_opfn ip_preroute_last; - ip_opfn ip_input_first; - ip_opfn ip_input_last; - ip_opfn ip_forward_first; - ip_opfn ip_forward_last; - ip_opfn ip_output_first; - ip_opfn ip_output_last; - ip_opfn ip_postroute_first; - ip_opfn ip_postroute_last; - - void (*ip_fragment) (struct sk_buff *newskb, - const struct sk_buff *oldskb); - int (*ip_defragment) (struct sk_buff *skb); - void (*ip_encapsulate) (struct sk_buff *skb); - void (*ip_decapsulate) (struct sk_buff *skb); - int (*ip_decode_options) (struct sk_buff *skb, - const char *optptr, - unsigned char **pp_ptr); - - void (*netdev_unregister) (struct net_device *dev); - - int (*module_create) (const char *name, size_t size); - int (*module_initialize) (struct module *mod); - int (*module_delete) (const struct module *mod); - - int (*ipc_permission) (struct kern_ipc_perm *ipcp, - short flag); - int (*ipc_getinfo) (int id, int cmd); - - int (*msg_msg_alloc_security) (struct msg_msg *msg); - void (*msg_msg_free_security) (struct msg_msg *msg); - - int (*msg_queue_alloc_security) (struct msg_queue *msq); - void (*msg_queue_free_security) (struct msg_queue *msq); - int (*msg_queue_associate) (struct msg_queue *msq, int msqid, - int msqflg); - int (*msg_queue_msgctl) (struct msg_queue *msq, int msqid, - int cmd); - int (*msg_queue_msgsnd) (struct msg_queue *msq, - struct msg_msg *msg, int msqid, - int msqflg); - int (*msg_queue_msgrcv) (struct msg_queue *msq, - struct msg_msg *msg, - struct task_struct *target, - long type, int mode); - - int (*shm_alloc_security) (struct shmid_kernel *shp); - void (*shm_free_security) (struct shmid_kernel *shp); - int (*shm_associate) (struct shmid_kernel *shp, - int shmid, int shmflg); - int (*shm_shmctl) (struct shmid_kernel *shp, - int shmid, int cmd); - int (*shm_shmat) (struct shmid_kernel *shp, int shmid, - char *shmaddr, int shmflg); - - int (*sem_alloc_security) (struct sem_array *sma); - void (*sem_free_security) (struct sem_array *sma); - int (*sem_associate) (struct sem_array *sma, - int semid, int semflg); - int (*sem_semctl) (struct sem_array *sma, - int semid, int cmd); - int (*sem_semop) (struct sem_array *sma, int semid, - struct sembuf *sops, unsigned nsops, - int alter); + int (*sethostname) (char *hostname); + int (*setdomainname) (char *domainname); + int (*reboot) (unsigned int cmd); + int (*ioperm) (unsigned long from, unsigned long num, int turn_on); + int (*iopl) (unsigned int old, unsigned int level); + int (*ptrace) (struct task_struct * parent, struct task_struct * child); + int (*capget) (struct task_struct * target, + kernel_cap_t * effective, + kernel_cap_t * inheritable, kernel_cap_t * permitted); + int (*capset_check) (struct task_struct * target, + kernel_cap_t * effective, + kernel_cap_t * inheritable, + kernel_cap_t * permitted); + void (*capset_set) (struct task_struct * target, + kernel_cap_t * effective, + kernel_cap_t * inheritable, + kernel_cap_t * permitted); + int (*acct) (struct file * file); + int (*sysctl) (ctl_table * table, int op); + int (*capable) (struct task_struct * tsk, int cap); + int (*sys_security) (unsigned int id, unsigned call, + unsigned long *args); + int (*swapon) (struct swap_info_struct * swap); + int (*swapoff) (struct swap_info_struct * swap); + int (*nfsservctl) (int cmd, struct nfsctl_arg * arg); + int (*quotactl) (int cmds, int type, int id, struct super_block * sb); + int (*quota_on) (struct file * f); + int (*bdflush) (int func, long data); + int (*syslog) (int type); + + int (*netlink_send) (struct sk_buff * skb); + int (*netlink_recv) (struct sk_buff * skb); + + int (*unix_stream_connect) (struct socket * sock, + struct socket * other); + int (*unix_may_send) (struct socket * sock, struct socket * other); + + int (*bprm_alloc_security) (struct linux_binprm * bprm); + void (*bprm_free_security) (struct linux_binprm * bprm); + void (*bprm_compute_creds) (struct linux_binprm * bprm); + int (*bprm_set_security) (struct linux_binprm * bprm); + int (*bprm_check_security) (struct linux_binprm * bprm); + + int (*sb_alloc_security) (struct super_block * sb); + void (*sb_free_security) (struct super_block * sb); + int (*sb_statfs) (struct super_block * sb); + int (*sb_mount) (char *dev_name, struct nameidata * nd, + char *type, unsigned long flags, void *data); + int (*sb_check_sb) (struct vfsmount * mnt, struct nameidata * nd); + int (*sb_umount) (struct vfsmount * mnt, int flags); + void (*sb_umount_close) (struct vfsmount * mnt); + void (*sb_umount_busy) (struct vfsmount * mnt); + void (*sb_post_remount) (struct vfsmount * mnt, + unsigned long flags, void *data); + void (*sb_post_mountroot) (void); + void (*sb_post_addmount) (struct vfsmount * mnt, + struct nameidata * mountpoint_nd); + int (*sb_pivotroot) (struct nameidata * old_nd, + struct nameidata * new_nd); + void (*sb_post_pivotroot) (struct nameidata * old_nd, + struct nameidata * new_nd); + + int (*inode_alloc_security) (struct inode * inode); + void (*inode_free_security) (struct inode * inode); + int (*inode_create) (struct inode * dir, + struct dentry * dentry, int mode); + void (*inode_post_create) (struct inode * dir, + struct dentry * dentry, int mode); + int (*inode_link) (struct dentry * old_dentry, + struct inode * dir, struct dentry * new_dentry); + void (*inode_post_link) (struct dentry * old_dentry, + struct inode * dir, + struct dentry * new_dentry); + int (*inode_unlink) (struct inode * dir, struct dentry * dentry); + int (*inode_symlink) (struct inode * dir, + struct dentry * dentry, const char *old_name); + void (*inode_post_symlink) (struct inode * dir, + struct dentry * dentry, + const char *old_name); + int (*inode_mkdir) (struct inode * dir, + struct dentry * dentry, int mode); + void (*inode_post_mkdir) (struct inode * dir, + struct dentry * dentry, int mode); + int (*inode_rmdir) (struct inode * dir, struct dentry * dentry); + int (*inode_mknod) (struct inode * dir, + struct dentry * dentry, int mode, dev_t dev); + void (*inode_post_mknod) (struct inode * dir, + struct dentry * dentry, int mode, dev_t dev); + int (*inode_rename) (struct inode * old_dir, + struct dentry * old_dentry, + struct inode * new_dir, + struct dentry * new_dentry); + void (*inode_post_rename) (struct inode * old_dir, + struct dentry * old_dentry, + struct inode * new_dir, + struct dentry * new_dentry); + int (*inode_readlink) (struct dentry * dentry); + int (*inode_follow_link) (struct dentry * dentry, + struct nameidata * nd); + int (*inode_permission) (struct inode * inode, int mask); + int (*inode_revalidate) (struct dentry * dentry); + int (*inode_setattr) (struct dentry * dentry, struct iattr * attr); + int (*inode_stat) (struct inode * inode); + void (*inode_post_lookup) (struct inode * inode, struct dentry * d); + void (*inode_delete) (struct inode * inode); + + int (*file_permission) (struct file * file, int mask); + int (*file_alloc_security) (struct file * file); + void (*file_free_security) (struct file * file); + int (*file_llseek) (struct file * file); + int (*file_ioctl) (struct file * file, unsigned int cmd, + unsigned long arg); + int (*file_mmap) (struct file * file, + unsigned long prot, unsigned long flags); + int (*file_mprotect) (struct vm_area_struct * vma, unsigned long prot); + int (*file_lock) (struct file * file, unsigned int cmd, int blocking); + int (*file_fcntl) (struct file * file, unsigned int cmd, + unsigned long arg); + int (*file_set_fowner) (struct file * file); + int (*file_send_sigiotask) (struct task_struct * tsk, + struct fown_struct * fown, + int fd, int reason); + int (*file_receive) (struct file * file); + + int (*task_create) (unsigned long clone_flags); + int (*task_alloc_security) (struct task_struct * p); + void (*task_free_security) (struct task_struct * p); + int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); + int (*task_post_setuid) (uid_t old_ruid /* or fsuid */ , + uid_t old_euid, uid_t old_suid, int flags); + int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); + int (*task_setpgid) (struct task_struct * p, pid_t pgid); + int (*task_getpgid) (struct task_struct * p); + int (*task_getsid) (struct task_struct * p); + int (*task_setgroups) (int gidsetsize, gid_t * grouplist); + int (*task_setnice) (struct task_struct * p, int nice); + int (*task_setrlimit) (unsigned int resource, struct rlimit * new_rlim); + int (*task_setscheduler) (struct task_struct * p, int policy, + struct sched_param * lp); + int (*task_getscheduler) (struct task_struct * p); + int (*task_kill) (struct task_struct * p, + struct siginfo * info, int sig); + int (*task_wait) (struct task_struct * p); + int (*task_prctl) (int option, unsigned long arg2, + unsigned long arg3, unsigned long arg4, + unsigned long arg5); + void (*task_kmod_set_label) (void); + + int (*socket_create) (int family, int type, int protocol); + void (*socket_post_create) (struct socket * sock, int family, + int type, int protocol); + int (*socket_bind) (struct socket * sock, + struct sockaddr * address, int addrlen); + int (*socket_connect) (struct socket * sock, + struct sockaddr * address, int addrlen); + int (*socket_listen) (struct socket * sock, int backlog); + int (*socket_accept) (struct socket * sock, struct socket * newsock); + void (*socket_post_accept) (struct socket * sock, + struct socket * newsock); + int (*socket_sendmsg) (struct socket * sock, + struct msghdr * msg, int size); + int (*socket_recvmsg) (struct socket * sock, + struct msghdr * msg, int size, int flags); + int (*socket_getsockname) (struct socket * sock); + int (*socket_getpeername) (struct socket * sock); + int (*socket_getsockopt) (struct socket * sock, int level, int optname); + int (*socket_setsockopt) (struct socket * sock, int level, int optname); + int (*socket_shutdown) (struct socket * sock, int how); + int (*socket_sock_rcv_skb) (struct sock * sk, struct sk_buff * skb); + + int (*skb_alloc_security) (struct sk_buff * skb); + int (*skb_clone) (struct sk_buff * newskb, + const struct sk_buff * oldskb); + void (*skb_copy) (struct sk_buff * newskb, + const struct sk_buff * oldskb); + void (*skb_set_owner_w) (struct sk_buff * skb, struct sock * sk); + void (*skb_recv_datagram) (struct sk_buff * skb, struct sock * sk, + unsigned flags); + void (*skb_free_security) (struct sk_buff * skb); + + ip_opfn ip_preroute_first; + ip_opfn ip_preroute_last; + ip_opfn ip_input_first; + ip_opfn ip_input_last; + ip_opfn ip_forward_first; + ip_opfn ip_forward_last; + ip_opfn ip_output_first; + ip_opfn ip_output_last; + ip_opfn ip_postroute_first; + ip_opfn ip_postroute_last; + + void (*ip_fragment) (struct sk_buff * newskb, + const struct sk_buff * oldskb); + int (*ip_defragment) (struct sk_buff * skb); + void (*ip_encapsulate) (struct sk_buff * skb); + void (*ip_decapsulate) (struct sk_buff * skb); + int (*ip_decode_options) (struct sk_buff * skb, + const char *optptr, unsigned char **pp_ptr); + + void (*netdev_unregister) (struct net_device * dev); + + int (*module_create) (const char *name, size_t size); + int (*module_initialize) (struct module * mod); + int (*module_delete) (const struct module * mod); + + int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); + int (*ipc_getinfo) (int id, int cmd); + + int (*msg_msg_alloc_security) (struct msg_msg * msg); + void (*msg_msg_free_security) (struct msg_msg * msg); + + int (*msg_queue_alloc_security) (struct msg_queue * msq); + void (*msg_queue_free_security) (struct msg_queue * msq); + int (*msg_queue_associate) (struct msg_queue * msq, int msqid, + int msqflg); + int (*msg_queue_msgctl) (struct msg_queue * msq, int msqid, int cmd); + int (*msg_queue_msgsnd) (struct msg_queue * msq, + struct msg_msg * msg, int msqid, int msqflg); + int (*msg_queue_msgrcv) (struct msg_queue * msq, + struct msg_msg * msg, + struct task_struct * target, + long type, int mode); + + int (*shm_alloc_security) (struct shmid_kernel * shp); + void (*shm_free_security) (struct shmid_kernel * shp); + int (*shm_associate) (struct shmid_kernel * shp, int shmid, int shmflg); + int (*shm_shmctl) (struct shmid_kernel * shp, int shmid, int cmd); + int (*shm_shmat) (struct shmid_kernel * shp, int shmid, + char *shmaddr, int shmflg); + + int (*sem_alloc_security) (struct sem_array * sma); + void (*sem_free_security) (struct sem_array * sma); + int (*sem_associate) (struct sem_array * sma, int semid, int semflg); + int (*sem_semctl) (struct sem_array * sma, int semid, int cmd); + int (*sem_semop) (struct sem_array * sma, int semid, + struct sembuf * sops, unsigned nsops, int alter); /* allow module stacking */ - int (*register_security) (const char *name, - struct security_operations *ops); - int (*unregister_security) (const char *name, - struct security_operations *ops); + int (*register_security) (const char *name, + struct security_operations * ops); + int (*unregister_security) (const char *name, + struct security_operations * ops); }; /* prototypes */ -extern int security_scaffolding_startup (void); -extern int register_security (struct security_operations *ops); -extern int unregister_security (struct security_operations *ops); -extern int mod_reg_security (const char *name, - struct security_operations *ops); -extern int mod_unreg_security (const char *name, - struct security_operations *ops); -extern int capable (int cap); +extern int security_scaffolding_startup(void); +extern int register_security(struct security_operations *ops); +extern int unregister_security(struct security_operations *ops); +extern int mod_reg_security(const char *name, struct security_operations *ops); +extern int mod_unreg_security(const char *name, + struct security_operations *ops); +extern int capable(int cap); /* global variables */ extern struct security_operations *security_ops; @@ -1495,4 +1427,3 @@ #endif /* __KERNEL__ */ #endif /* ! __LINUX_SECURITY_H */ - -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Jul 04 2002 - 21:09:34 PDT