[patch] Convert remaining hooks to new format

From: Stephen D. Smalley (sdsat_private)
Date: Wed Dec 04 2002 - 13:58:21 PST

  • Next message: Greg KH: "Re: [patch] Convert remaining hooks to new format"

    The attached patch converts the remaining hooks in the lsm-2.5 tree
    to the new format.  Builds and boots with CONFIG_SECURITY disabled
    or enabled.  Any objections to committing this patch? 
    
    --
    Stephen Smalley, NSA
    sdsat_private
    
    
    Index: lsm-2.5/arch/i386/kernel/ioport.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/arch/i386/kernel/ioport.c,v
    retrieving revision 1.6
    diff -u -r1.6 ioport.c
    --- lsm-2.5/arch/i386/kernel/ioport.c	6 Nov 2002 20:37:56 -0000	1.6
    +++ lsm-2.5/arch/i386/kernel/ioport.c	4 Dec 2002 20:15:10 -0000
    @@ -65,7 +65,7 @@
     	if (turn_on && !capable(CAP_SYS_RAWIO))
     		return -EPERM;
     
    -	ret = security_ops->ioperm(from, num, turn_on);
    +	ret = security_ioperm(from, num, turn_on);
     	if (ret)
     		return ret;
     
    @@ -127,7 +127,7 @@
     		if (!capable(CAP_SYS_RAWIO))
     			return -EPERM;
     	}
    -	retval = security_ops->iopl(old, level);
    +	retval = security_iopl(old, level);
     	if (retval) {
     		return retval;
     	}
    Index: lsm-2.5/arch/ia64/ia32/sys_ia32.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/arch/ia64/ia32/sys_ia32.c,v
    retrieving revision 1.16
    diff -u -r1.16 sys_ia32.c
    --- lsm-2.5/arch/ia64/ia32/sys_ia32.c	19 Nov 2002 15:09:43 -0000	1.16
    +++ lsm-2.5/arch/ia64/ia32/sys_ia32.c	4 Dec 2002 20:15:31 -0000
    @@ -3187,7 +3187,7 @@
     		if (!capable(CAP_SYS_RAWIO))
     			return -EPERM;
     	}
    -	retval = security_ops->iopl(old,level);
    +	retval = security_iopl(old,level);
     	if (retval) {
     		return retval;
     	}
    Index: lsm-2.5/arch/parisc/kernel/ptrace.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/arch/parisc/kernel/ptrace.c,v
    retrieving revision 1.1.1.2
    diff -u -r1.1.1.2 ptrace.c
    --- lsm-2.5/arch/parisc/kernel/ptrace.c	6 Nov 2002 19:28:13 -0000	1.1.1.2
    +++ lsm-2.5/arch/parisc/kernel/ptrace.c	4 Dec 2002 20:15:48 -0000
    @@ -103,7 +103,7 @@
     		if (current->ptrace & PT_PTRACED)
     			goto out;
     
    -		ret = security_ops->ptrace(current->parent, current);
    +		ret = security_ptrace(current->parent, current);
     		if (ret) 
     			goto out;
     
    Index: lsm-2.5/fs/file_table.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/fs/file_table.c,v
    retrieving revision 1.17
    diff -u -r1.17 file_table.c
    --- lsm-2.5/fs/file_table.c	29 Nov 2002 17:14:31 -0000	1.17
    +++ lsm-2.5/fs/file_table.c	4 Dec 2002 20:17:05 -0000
    @@ -107,12 +107,12 @@
     	filp->f_uid    = current->fsuid;
     	filp->f_gid    = current->fsgid;
     	filp->f_op     = dentry->d_inode->i_fop;
    -	error = security_ops->file_alloc_security(filp);
    +	error = security_file_alloc(filp);
     	if (!error)
     		if (filp->f_op->open) {
     			error = filp->f_op->open(dentry->d_inode, filp);
     			if (error)
    -				security_ops->file_free_security(filp);
    +				security_file_free(filp);
     		}
     	return error;
     }
    @@ -123,7 +123,7 @@
     
     	if (file->f_op && file->f_op->release)
     		file->f_op->release(inode, file);
    -	security_ops->file_free_security(file);
    +	security_file_free(file);
     }
     
     void fput(struct file * file)
    Index: lsm-2.5/fs/super.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/fs/super.c,v
    retrieving revision 1.21
    diff -u -r1.21 super.c
    --- lsm-2.5/fs/super.c	29 Nov 2002 17:14:32 -0000	1.21
    +++ lsm-2.5/fs/super.c	4 Dec 2002 20:17:20 -0000
    @@ -612,7 +612,7 @@
     	sb = type->get_sb(type, flags, name, data);
     	if (IS_ERR(sb))
     		goto out_mnt;
    - 	error = security_ops->sb_kern_mount(sb);
    + 	error = security_sb_kern_mount(sb);
      	if (error) {
      		up_write(&sb->s_umount);
      		deactivate_super(sb);
    Index: lsm-2.5/fs/hugetlbfs/inode.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/fs/hugetlbfs/inode.c,v
    retrieving revision 1.1.1.4
    diff -u -r1.1.1.4 inode.c
    --- lsm-2.5/fs/hugetlbfs/inode.c	25 Nov 2002 13:32:09 -0000	1.1.1.4
    +++ lsm-2.5/fs/hugetlbfs/inode.c	4 Dec 2002 20:17:48 -0000
    @@ -209,7 +209,7 @@
     	if (inode->i_data.nrpages)
     		truncate_hugepages(&inode->i_data, 0);
     
    -	security_ops->inode_delete(inode);
    +	security_inode_delete(inode);
     
     	clear_inode(inode);
     	destroy_inode(inode);
    @@ -333,7 +333,7 @@
     	if (error)
     		goto out;
     
    -	error = security_ops->inode_setattr(dentry, attr);
    +	error = security_inode_setattr(dentry, attr);
     	if (error)
     		goto out;
     
    Index: lsm-2.5/include/linux/security.h
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/include/linux/security.h,v
    retrieving revision 1.29
    diff -u -r1.29 security.h
    --- lsm-2.5/include/linux/security.h	2 Dec 2002 17:09:17 -0000	1.29
    +++ lsm-2.5/include/linux/security.h	4 Dec 2002 21:29:46 -0000
    @@ -42,6 +42,8 @@
     struct sk_buff;
     extern int cap_netlink_send (struct sk_buff *skb);
     extern int cap_netlink_recv (struct sk_buff *skb);
    +extern int cap_ip_decode_options (struct sk_buff *skb, const char *optptr,
    +				  unsigned char **pp_ptr);
     extern int cap_ptrace (struct task_struct *parent, struct task_struct *child);
     extern int cap_capget (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
     extern int cap_capset_check (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
    @@ -67,21 +69,19 @@
     /* setfsuid or setfsgid, id0 == fsuid or fsgid */
     #define LSM_SETID_FS	8
     
    -
    -#ifdef CONFIG_SECURITY
    -
     /* forward declares to avoid warnings */
     struct socket;
     struct sock;
     struct sockaddr;
     struct msghdr;
    -struct sk_buff;
     struct net_device;
     struct nfsctl_arg;
     struct sched_param;
     struct swap_info_struct;
     struct open_request;
     
    +#ifdef CONFIG_SECURITY
    +
     /**
      * struct security_operations - main security structure
      * Security hooks for program execution operations.
    @@ -1381,6 +1381,31 @@
     extern struct security_operations *security_ops;
     
     /* inline stuff */
    +static inline int security_sethostname (char *hostname)
    +{
    +	return security_ops->sethostname (hostname);
    +}
    +
    +static inline int security_setdomainname (char *domainname)
    +{
    +	return security_ops->setdomainname (domainname);
    +}
    +
    +static inline int security_reboot (unsigned int cmd)
    +{
    +	return security_ops->reboot (cmd);
    +}
    +
    +static inline int security_ioperm (unsigned long from, unsigned long num, int turn_on)
    +{
    +	return security_ops->ioperm (from, num, turn_on);
    +}
    +
    +static inline int security_iopl (unsigned int old, unsigned int level)
    +{
    +	return security_ops->iopl (old, level);
    +}
    +
     static inline int security_ptrace (struct task_struct * parent, struct task_struct * child)
     {
     	return security_ops->ptrace (parent, child);
    @@ -1415,6 +1440,26 @@
     	return security_ops->acct (file);
     }
     
    +static inline int security_sysctl(ctl_table * table, int op)
    +{
    +	return security_ops->sysctl(table, op);
    +}
    +
    +static inline int security_capable(struct task_struct * tsk, int cap)
    +{
    +	return security_ops->capable(tsk, cap);
    +}
    +
    +static inline int security_swapon(struct swap_info_struct * swap)
    +{
    +	return security_ops->swapon(swap);
    +}
    +
    +static inline int security_swapoff(struct swap_info_struct * swap)
    +{
    +	return security_ops->swapoff(swap);
    +}
    +
     static inline int security_quotactl (int cmds, int type, int id,
     				     struct super_block *sb)
     {
    @@ -1426,6 +1471,41 @@
     	return security_ops->quota_on (file);
     }
     
    +static inline int security_syslog(int type)
    +{
    +	return security_ops->syslog(type);
    +}
    +
    +static inline int security_settime(struct timeval *tv, struct timezone *tz)
    +{
    +	return security_ops->settime(tv, tz);
    +}
    +
    +static inline int security_netlink_send(struct sk_buff * skb)
    +{
    +	return security_ops->netlink_send(skb);
    +}
    +
    +static inline int security_netlink_recv(struct sk_buff * skb)
    +{
    +	return security_ops->netlink_recv(skb);
    +}
    +
    +
    +static inline int security_unix_stream_connect(struct socket * sock,
    +					       struct socket * other, 
    +					       struct sock * newsk)
    +{
    +	return security_ops->unix_stream_connect(sock, other, newsk);
    +}
    +
    +
    +static inline int security_unix_may_send(struct socket * sock, 
    +					 struct socket * other)
    +{
    +	return security_ops->unix_may_send(sock, other);
    +}
    +
     static inline int security_bprm_alloc (struct linux_binprm *bprm)
     {
     	return security_ops->bprm_alloc_security (bprm);
    @@ -1457,6 +1537,11 @@
     	security_ops->sb_free_security (sb);
     }
     
    +static inline int security_sb_kern_mount (struct super_block *sb)
    +{
    +	return security_ops->sb_kern_mount (sb);
    +}
    +
     static inline int security_sb_statfs (struct super_block *sb)
     {
     	return security_ops->sb_statfs (sb);
    @@ -1861,12 +1946,222 @@
     	security_ops->task_reparent_to_init (p);
     }
     
    +static inline int security_socket_create (int family, int type, int protocol)
    +{
    +	return security_ops->socket_create(family, type, protocol);
    +}
    +
    +static inline void security_socket_post_create(struct socket * sock, 
    +					       int family,
    +					       int type, 
    +					       int protocol)
    +{
    +	security_ops->socket_post_create(sock, family, type, protocol);
    +}
    +
    +static inline int security_socket_bind(struct socket * sock, 
    +				       struct sockaddr * address, 
    +				       int addrlen)
    +{
    +	return security_ops->socket_bind(sock, address, addrlen);
    +}
    +
    +static inline int security_socket_connect(struct socket * sock, 
    +					  struct sockaddr * address, 
    +					  int addrlen)
    +{
    +	return security_ops->socket_connect(sock, address, addrlen);
    +}
    +
    +static inline int security_socket_listen(struct socket * sock, int backlog)
    +{
    +	return security_ops->socket_listen(sock, backlog);
    +}
    +
    +static inline int security_socket_accept(struct socket * sock, 
    +					 struct socket * newsock)
    +{
    +	return security_ops->socket_accept(sock, newsock);
    +}
    +
    +static inline void security_socket_post_accept(struct socket * sock, 
    +					       struct socket * newsock)
    +{
    +	security_ops->socket_post_accept(sock, newsock);
    +}
    +
    +static inline int security_socket_sendmsg(struct socket * sock, 
    +					  struct msghdr * msg, int size)
    +{
    +	return security_ops->socket_sendmsg(sock, msg, size);
    +}
    +
    +static inline int security_socket_recvmsg(struct socket * sock, 
    +					  struct msghdr * msg, int size, 
    +					  int flags)
    +{
    +	return security_ops->socket_recvmsg(sock, msg, size, flags);
    +}
    +
    +static inline int security_socket_getsockname(struct socket * sock)
    +{
    +	return security_ops->socket_getsockname(sock);
    +}
    +
    +static inline int security_socket_getpeername(struct socket * sock)
    +{
    +	return security_ops->socket_getpeername(sock);
    +}
    +
    +static inline int security_socket_getsockopt(struct socket * sock, 
    +					     int level, int optname)
    +{
    +	return security_ops->socket_getsockopt(sock, level, optname);
    +}
    +
    +static inline int security_socket_setsockopt(struct socket * sock, 
    +					     int level, int optname)
    +{
    +	return security_ops->socket_setsockopt(sock, level, optname);
    +}
    +
    +static inline int security_socket_shutdown(struct socket * sock, int how)
    +{
    +	return security_ops->socket_shutdown(sock, how);
    +}
    +
    +static inline int security_sock_alloc(struct sock * sk, 
    +				      int gfp_mask)
    +{
    +	return security_ops->socket_sock_alloc_security(sk, gfp_mask);
    +}
    +
    +static inline void security_sock_free(struct sock * sk)
    +{
    +	security_ops->socket_sock_free_security(sk);
    +}
    +
    +static inline int security_sock_rcv_skb (struct sock * sk, 
    +					 struct sk_buff * skb)
    +{
    +	return security_ops->socket_sock_rcv_skb (sk, skb);
    +}
    +
    +static inline int security_open_request_alloc (struct open_request * req)
    +{
    +	return security_ops->open_request_alloc_security (req);
    +}
    +
    +static inline void security_open_request_free (struct open_request * req)
    +{
    +	security_ops->open_request_free_security (req);
    +}
    +
    +static inline void security_tcp_connection_request(struct sock * sk, 
    +						   struct sk_buff * skb,
    +						   struct open_request * req)
    +{
    +	security_ops->tcp_connection_request(sk, skb, req);
    +}
    +
    +static inline void security_tcp_synack(struct sock * sk, 
    +				       struct sk_buff * skb, 
    +				       struct open_request * req)
    +{
    +	security_ops->tcp_synack(sk, skb, req);
    +}
    +
    +static inline void security_tcp_create_openreq_child(struct sock * sk, 
    +						     struct sock * newsk, 
    +						     struct sk_buff * skb, 
    +						     struct open_request * req)
    +{
    +	security_ops->tcp_create_openreq_child(sk, newsk, skb, req);
    +}
    +
    +static inline int security_skb_alloc(struct sk_buff * skb, int gfp_mask)
    +{
    +	return security_ops->skb_alloc_security(skb, gfp_mask);
    +}
    +
    +static inline int security_skb_clone(struct sk_buff * newskb, 
    +				     const struct sk_buff * oldskb)
    +{
    +	return security_ops->skb_clone(newskb, oldskb);
    +}
    +
    +static inline void security_skb_copy(struct sk_buff * newskb, 
    +				     const struct sk_buff * oldskb)
    +{
    +	security_ops->skb_copy(newskb, oldskb);
    +}
    +
    +static inline void security_skb_set_owner_w (struct sk_buff * skb, 
    +					     struct sock * sk)
    +{
    +	security_ops->skb_set_owner_w (skb, sk);
    +}
    +
    +static inline void security_skb_recv_datagram(struct sk_buff * skb, 
    +					      struct sock * sk, unsigned flags)
    +{
    +	security_ops->skb_recv_datagram(skb, sk, flags);
    +}
    +
    +static inline void security_skb_free(struct sk_buff * skb)
    +{
    +	security_ops->skb_free_security(skb);
    +}
    +
    +static inline void security_ip_fragment(struct sk_buff * newskb, 
    +					const struct sk_buff * oldskb)
    +{
    +	security_ops->ip_fragment(newskb, oldskb);
    +}
    +
    +static inline int security_ip_defragment(struct sk_buff * skb)
    +{
    +	return security_ops->ip_defragment(skb);
    +}
    +
    +static inline void security_ip_encapsulate(struct sk_buff * skb)
    +{
    +	security_ops->ip_encapsulate(skb);
    +}
    +
    +static inline void security_ip_decapsulate(struct sk_buff * skb)
    +{
    +	security_ops->ip_decapsulate(skb);
    +}
    +
    +static inline int security_ip_decode_options(struct sk_buff * skb, 
    +					     const char *optptr, 
    +					     unsigned char **pp_ptr)
    +{
    +	return security_ops->ip_decode_options(skb, optptr, pp_ptr);
    +}
    +
    +static inline void security_netdev_unregister(struct net_device * dev)
    +{
    +	security_ops->netdev_unregister(dev);
    +}
    +
     static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
     					   short flag)
     {
     	return security_ops->ipc_permission (ipcp, flag);
     }
     
    +static inline int security_msg_msg_alloc (struct msg_msg * msg)
    +{
    +	return security_ops->msg_msg_alloc_security (msg);
    +}
    +
    +static inline void security_msg_msg_free (struct msg_msg * msg)
    +{
    +	security_ops->msg_msg_free_security(msg);
    +}
    +
     static inline int security_msg_queue_alloc (struct msg_queue *msq)
     {
     	return security_ops->msg_queue_alloc_security (msq);
    @@ -1877,6 +2172,31 @@
     	security_ops->msg_queue_free_security (msq);
     }
     
    +static inline int security_msg_queue_associate (struct msg_queue * msq, 
    +						int msqflg)
    +{
    +	return security_ops->msg_queue_associate (msq, msqflg);
    +}
    +
    +static inline int security_msg_queue_msgctl (struct msg_queue * msq, int cmd)
    +{
    +	return security_ops->msg_queue_msgctl (msq, cmd);
    +}
    +
    +static inline int security_msg_queue_msgsnd (struct msg_queue * msq,
    +					     struct msg_msg * msg, int msqflg)
    +{
    +	return security_ops->msg_queue_msgsnd (msq, msg, msqflg);
    +}
    +
    +static inline int security_msg_queue_msgrcv (struct msg_queue * msq,
    +					     struct msg_msg * msg,
    +					     struct task_struct * target,
    +					     long type, int mode)
    +{
    +	return security_ops->msg_queue_msgrcv (msq, msg, target, type, mode);
    +}
    +
     static inline int security_shm_alloc (struct shmid_kernel *shp)
     {
     	return security_ops->shm_alloc_security (shp);
    @@ -1887,6 +2207,23 @@
     	security_ops->shm_free_security (shp);
     }
     
    +static inline int security_shm_associate (struct shmid_kernel * shp, 
    +					  int shmflg)
    +{
    +	return security_ops->shm_associate(shp, shmflg);
    +}
    +
    +static inline int security_shm_shmctl (struct shmid_kernel * shp, int cmd)
    +{
    +	return security_ops->shm_shmctl (shp, cmd);
    +}
    +
    +static inline int security_shm_shmat (struct shmid_kernel * shp, 
    +				      char *shmaddr, int shmflg)
    +{
    +	return security_ops->shm_shmat(shp, shmaddr, shmflg);
    +}
    +
     static inline int security_sem_alloc (struct sem_array *sma)
     {
     	return security_ops->sem_alloc_security (sma);
    @@ -1897,6 +2234,16 @@
     	security_ops->sem_free_security (sma);
     }
     
    +static inline int security_sem_associate (struct sem_array * sma, int semflg)
    +{
    +	return security_ops->sem_associate (sma, semflg);
    +}
    +
    +static inline int security_sem_semctl (struct sem_array * sma, int cmd)
    +{
    +	return security_ops->sem_semctl(sma, cmd);
    +}
    +
     
     /* prototypes */
     extern int security_scaffolding_startup	(void);
    @@ -1918,6 +2265,31 @@
     	return 0;
     }
     
    +static inline int security_sethostname (char *hostname)
    +{
    +	return 0;
    +}
    +
    +static inline int security_setdomainname (char *domainname)
    +{
    +	return 0;
    +}
    +
    +static inline int security_reboot (unsigned int cmd)
    +{
    +	return 0;
    +}
    +
    +static inline int security_ioperm (unsigned long from, unsigned long num, int turn_on)
    +{
    +	return 0;
    +}
    +
    +static inline int security_iopl (unsigned int old, unsigned int level)
    +{
    +	return 0;
    +}
    +
     static inline int security_ptrace (struct task_struct *parent, struct task_struct * child)
     {
     	return cap_ptrace (parent, child);
    @@ -1952,6 +2324,26 @@
     	return 0;
     }
     
    +static inline int security_sysctl(ctl_table * table, int op)
    +{
    +	return 0;
    +}
    +
    +static inline int security_capable(struct task_struct * tsk, int cap)
    +{
    +	return cap_capable(tsk, cap);
    +}
    +
    +static inline int security_swapon(struct swap_info_struct * swap)
    +{
    +	return 0;
    +}
    +
    +static inline int security_swapoff(struct swap_info_struct * swap)
    +{
    +	return 0;
    +}
    +
     static inline int security_quotactl (int cmds, int type, int id,
     				     struct super_block * sb)
     {
    @@ -1963,6 +2355,39 @@
     	return 0;
     }
     
    +static inline int security_syslog(int type)
    +{
    +	return 0;
    +}
    +
    +static inline int security_settime(struct timeval *tv, struct timezone *tz)
    +{
    +	return 0;
    +}
    +
    +static inline int security_netlink_send(struct sk_buff * skb)
    +{
    +	return cap_netlink_send(skb);
    +}
    +
    +static inline int security_netlink_recv(struct sk_buff * skb)
    +{
    +	return cap_netlink_recv(skb);
    +}
    +
    +static inline int security_unix_stream_connect(struct socket * sock,
    +					       struct socket * other, 
    +					       struct sock * newsk)
    +{
    +	return 0;
    +}
    +
    +static inline int security_unix_may_send(struct socket * sock, 
    +					 struct socket * other)
    +{
    +	return 0;
    +}
    +
     static inline int security_bprm_alloc (struct linux_binprm *bprm)
     {
     	return 0;
    @@ -1994,6 +2419,11 @@
     static inline void security_sb_free (struct super_block *sb)
     { }
     
    +static inline int security_sb_kern_mount (struct super_block *sb)
    +{
    +	return 0;
    +}
    +
     static inline int security_sb_statfs (struct super_block *sb)
     {
     	return 0;
    @@ -2362,12 +2792,205 @@
     	cap_task_reparent_to_init (p);
     }
     
    +static inline int security_socket_create (int family, int type, int protocol)
    +{
    +	return 0;
    +}
    +
    +static inline void security_socket_post_create(struct socket * sock, 
    +					       int family,
    +					       int type, 
    +					       int protocol)
    +{
    +}
    +
    +static inline int security_socket_bind(struct socket * sock, 
    +				       struct sockaddr * address, 
    +				       int addrlen)
    +{
    +	return 0;
    +}
    +
    +static inline int security_socket_connect(struct socket * sock, 
    +					  struct sockaddr * address, 
    +					  int addrlen)
    +{
    +	return 0;
    +}
    +
    +static inline int security_socket_listen(struct socket * sock, int backlog)
    +{
    +	return 0;
    +}
    +
    +static inline int security_socket_accept(struct socket * sock, 
    +					 struct socket * newsock)
    +{
    +	return 0;
    +}
    +
    +static inline void security_socket_post_accept(struct socket * sock, 
    +					       struct socket * newsock)
    +{
    +}
    +
    +static inline int security_socket_sendmsg(struct socket * sock, 
    +					  struct msghdr * msg, int size)
    +{
    +	return 0;
    +}
    +
    +static inline int security_socket_recvmsg(struct socket * sock, 
    +					  struct msghdr * msg, int size, 
    +					  int flags)
    +{
    +	return 0;
    +}
    +
    +static inline int security_socket_getsockname(struct socket * sock)
    +{
    +	return 0;
    +}
    +
    +static inline int security_socket_getpeername(struct socket * sock)
    +{
    +	return 0;
    +}
    +
    +static inline int security_socket_getsockopt(struct socket * sock, 
    +					     int level, int optname)
    +{
    +	return 0;
    +}
    +
    +static inline int security_socket_setsockopt(struct socket * sock, 
    +					     int level, int optname)
    +{
    +	return 0;
    +}
    +
    +static inline int security_socket_shutdown(struct socket * sock, int how)
    +{
    +	return 0;
    +}
    +
    +static inline int security_sock_alloc(struct sock * sk, 
    +				      int gfp_mask)
    +{
    +	return 0;
    +}
    +
    +static inline void security_sock_free(struct sock * sk)
    +{
    +}
    +
    +static inline int security_sock_rcv_skb (struct sock * sk, 
    +					 struct sk_buff * skb)
    +{
    +	return 0;
    +}
    +
    +static inline int security_open_request_alloc (struct open_request * req)
    +{
    +	return 0;
    +}
    +
    +static inline void security_open_request_free (struct open_request * req)
    +{
    +}
    +
    +static inline void security_tcp_connection_request(struct sock * sk, 
    +						   struct sk_buff * skb,
    +						   struct open_request * req)
    +{
    +}
    +
    +static inline void security_tcp_synack(struct sock * sk, 
    +				       struct sk_buff * skb, 
    +				       struct open_request * req)
    +{
    +}
    +
    +static inline void security_tcp_create_openreq_child(struct sock * sk, 
    +						     struct sock * newsk, 
    +						     struct sk_buff * skb, 
    +						     struct open_request * req)
    +{
    +}
    +
    +static inline int security_skb_alloc(struct sk_buff * skb, int gfp_mask)
    +{
    +	return 0;
    +}
    +
    +static inline int security_skb_clone(struct sk_buff * newskb, 
    +				     const struct sk_buff * oldskb)
    +{
    +	return 0;
    +}
    +
    +static inline void security_skb_copy(struct sk_buff * newskb, 
    +				     const struct sk_buff * oldskb)
    +{
    +}
    +
    +static inline void security_skb_set_owner_w (struct sk_buff * skb, 
    +					     struct sock * sk)
    +{
    +}
    +
    +static inline void security_skb_recv_datagram(struct sk_buff * skb, 
    +					      struct sock * sk, unsigned flags)
    +{
    +}
    +
    +static inline void security_skb_free(struct sk_buff * skb)
    +{
    +}
    +
    +static inline void security_ip_fragment(struct sk_buff * newskb, 
    +					const struct sk_buff * oldskb)
    +{
    +}
    +
    +static inline int security_ip_defragment(struct sk_buff * skb)
    +{
    +	return 0;
    +}
    +
    +static inline void security_ip_encapsulate(struct sk_buff * skb)
    +{
    +}
    +
    +static inline void security_ip_decapsulate(struct sk_buff * skb)
    +{
    +}
    +
    +static inline int security_ip_decode_options(struct sk_buff * skb, 
    +					     const char *optptr, 
    +					     unsigned char **pp_ptr)
    +{
    +	return cap_ip_decode_options(skb,optptr,pp_ptr);
    +}
    +
    +static inline void security_netdev_unregister(struct net_device * dev)
    +{
    +}
    +
     static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
     					   short flag)
     {
     	return 0;
     }
     
    +static inline int security_msg_msg_alloc (struct msg_msg * msg)
    +{
    +	return 0;
    +}
    +
    +static inline void security_msg_msg_free (struct msg_msg * msg)
    +{ }
    +
     static inline int security_msg_queue_alloc (struct msg_queue *msq)
     {
     	return 0;
    @@ -2376,6 +2999,31 @@
     static inline void security_msg_queue_free (struct msg_queue *msq)
     { }
     
    +static inline int security_msg_queue_associate (struct msg_queue * msq, 
    +						int msqflg)
    +{
    +	return 0;
    +}
    +
    +static inline int security_msg_queue_msgctl (struct msg_queue * msq, int cmd)
    +{
    +	return 0;
    +}
    +
    +static inline int security_msg_queue_msgsnd (struct msg_queue * msq,
    +					     struct msg_msg * msg, int msqflg)
    +{
    +	return 0;
    +}
    +
    +static inline int security_msg_queue_msgrcv (struct msg_queue * msq,
    +					     struct msg_msg * msg,
    +					     struct task_struct * target,
    +					     long type, int mode)
    +{
    +	return 0;
    +}
    +
     static inline int security_shm_alloc (struct shmid_kernel *shp)
     {
     	return 0;
    @@ -2384,6 +3032,23 @@
     static inline void security_shm_free (struct shmid_kernel *shp)
     { }
     
    +static inline int security_shm_associate (struct shmid_kernel * shp, 
    +					  int shmflg)
    +{
    +	return 0;
    +}
    +
    +static inline int security_shm_shmctl (struct shmid_kernel * shp, int cmd)
    +{
    +	return 0;
    +}
    +
    +static inline int security_shm_shmat (struct shmid_kernel * shp, 
    +				      char *shmaddr, int shmflg)
    +{
    +	return 0;
    +}
    +
     static inline int security_sem_alloc (struct sem_array *sma)
     {
     	return 0;
    @@ -2392,6 +3057,15 @@
     static inline void security_sem_free (struct sem_array *sma)
     { }
     
    +static inline int security_sem_associate (struct sem_array * sma, int semflg)
    +{
    +	return 0;
    +}
    +
    +static inline int security_sem_semctl (struct sem_array * sma, int cmd)
    +{
    +	return 0;
    +}
     
     #endif	/* CONFIG_SECURITY */
     
    Index: lsm-2.5/include/net/sock.h
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/include/net/sock.h,v
    retrieving revision 1.17
    diff -u -r1.17 sock.h
    --- lsm-2.5/include/net/sock.h	29 Nov 2002 18:17:07 -0000	1.17
    +++ lsm-2.5/include/net/sock.h	4 Dec 2002 21:04:25 -0000
    @@ -705,7 +705,7 @@
     	skb->sk = sk;
     	skb->destructor = sock_wfree;
     	atomic_add(skb->truesize, &sk->wmem_alloc);
    -	security_ops->skb_set_owner_w(skb, sk);
    +	security_skb_set_owner_w(skb, sk);
     }
     
     static inline void skb_set_owner_r(struct sk_buff *skb, struct sock *sk)
    @@ -725,7 +725,7 @@
     	if (atomic_read(&sk->rmem_alloc) + skb->truesize >= (unsigned)sk->rcvbuf)
                     return -ENOMEM;
     
    -	err = security_ops->socket_sock_rcv_skb(sk, skb);
    +	err = security_sock_rcv_skb(sk, skb);
     	if (err) 
     		return err;
     
    Index: lsm-2.5/include/net/tcp.h
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/include/net/tcp.h,v
    retrieving revision 1.4
    diff -u -r1.4 tcp.h
    --- lsm-2.5/include/net/tcp.h	6 Nov 2002 20:38:38 -0000	1.4
    +++ lsm-2.5/include/net/tcp.h	4 Dec 2002 20:26:00 -0000
    @@ -546,7 +546,7 @@
     
     	if (req != NULL) {
     		req->security = NULL;
    -		if (security_ops->open_request_alloc_security(req)) {
    +		if (security_open_request_alloc(req)) {
     			kmem_cache_free(tcp_openreq_cachep, req);
     			return NULL;
     		}
    @@ -556,7 +556,7 @@
     
     static inline void tcp_openreq_fastfree(struct open_request *req)
     {
    -	security_ops->open_request_free_security(req);
    +	security_open_request_free(req);
     	kmem_cache_free(tcp_openreq_cachep, req);
     }
     
    Index: lsm-2.5/ipc/msg.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/ipc/msg.c,v
    retrieving revision 1.10
    diff -u -r1.10 msg.c
    --- lsm-2.5/ipc/msg.c	29 Nov 2002 17:14:43 -0000	1.10
    +++ lsm-2.5/ipc/msg.c	4 Dec 2002 20:31:24 -0000
    @@ -130,7 +130,7 @@
     {
     	struct msg_msgseg* seg;
     
    -	security_ops->msg_msg_free_security(msg);
    +	security_msg_msg_free(msg);
     
     	seg = msg->next;
     	kfree(msg);
    @@ -188,7 +188,7 @@
     		src = ((char*)src)+alen;
     	}
     	
    -	err = security_ops->msg_msg_alloc_security(msg);
    +	err = security_msg_msg_alloc(msg);
     	if (err)
     		goto out_err;
     
    @@ -316,7 +316,7 @@
     			ret = -EACCES;
     		else {
     			int qid = msg_buildid(id, msq->q_perm.seq);
    -		    	ret = security_ops->msg_queue_associate(msq, msgflg);
    +		    	ret = security_msg_queue_associate(msq, msgflg);
     			if (!ret)
     				ret = qid;
     		}
    @@ -442,7 +442,7 @@
     		 * to set all member fields.
     		 */
     
    -		err = security_ops->msg_queue_msgctl(NULL, cmd);
    +		err = security_msg_queue_msgctl(NULL, cmd);
     		if (err)
     			return err;
     
    @@ -496,7 +496,7 @@
     		if (ipcperms (&msq->q_perm, S_IRUGO))
     			goto out_unlock;
     
    -		err = security_ops->msg_queue_msgctl(msq, cmd);
    +		err = security_msg_queue_msgctl(msq, cmd);
     		if (err)
     			goto out_unlock;
     
    @@ -542,7 +542,7 @@
     	    /* We _could_ check for CAP_CHOWN above, but we don't */
     		goto out_unlock_up;
     
    -	err = security_ops->msg_queue_msgctl(msq, cmd);
    +	err = security_msg_queue_msgctl(msq, cmd);
     	if (err)
     		goto out_unlock_up;
     
    @@ -618,7 +618,7 @@
     		msr = list_entry(tmp,struct msg_receiver,r_list);
     		tmp = tmp->next;
     		if(testmsg(msg,msr->r_msgtype,msr->r_mode) &&
    -		   !security_ops->msg_queue_msgrcv(msq, msg, msr->r_tsk, msr->r_msgtype, msr->r_mode)) {
    +		   !security_msg_queue_msgrcv(msq, msg, msr->r_tsk, msr->r_msgtype, msr->r_mode)) {
     			list_del(&msr->r_list);
     			if(msr->r_maxsize < msg->m_ts) {
     				msr->r_msg = ERR_PTR(-E2BIG);
    @@ -669,7 +669,7 @@
     	if (ipcperms(&msq->q_perm, S_IWUGO)) 
     		goto out_unlock_free;
     
    -	err = security_ops->msg_queue_msgsnd(msq, msg, msgflg);
    +	err = security_msg_queue_msgsnd(msq, msg, msgflg);
     	if (err)
     		goto out_unlock_free;
     
    @@ -772,7 +772,7 @@
     	while (tmp != &msq->q_messages) {
     		msg = list_entry(tmp,struct msg_msg,m_list);
     		if(testmsg(msg,msgtyp,mode) &&
    -		   !security_ops->msg_queue_msgrcv(msq, msg, current, msgtyp, mode)) {
    +		   !security_msg_queue_msgrcv(msq, msg, current, msgtyp, mode)) {
     			found_msg = msg;
     			if(mode == SEARCH_LESSEQUAL && msg->m_type != 1) {
     				found_msg=msg;
    Index: lsm-2.5/ipc/sem.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/ipc/sem.c,v
    retrieving revision 1.14
    diff -u -r1.14 sem.c
    --- lsm-2.5/ipc/sem.c	29 Nov 2002 17:14:44 -0000	1.14
    +++ lsm-2.5/ipc/sem.c	4 Dec 2002 20:36:08 -0000
    @@ -188,7 +188,7 @@
     			err = -EACCES;
     		else {
     			int semid = sem_buildid(id, sma->sem_perm.seq);
    -			err = security_ops->sem_associate(sma, semflg);
    +			err = security_sem_associate(sma, semflg);
     			if (!err)
     				err = semid;
     		}
    @@ -468,7 +468,7 @@
     		struct seminfo seminfo;
     		int max_id;
     
    -		err = security_ops->sem_semctl(NULL, cmd);
    +		err = security_sem_semctl(NULL, cmd);
     		if (err)
     			return err;
     		
    @@ -513,7 +513,7 @@
     		if (ipcperms (&sma->sem_perm, S_IRUGO))
     			goto out_unlock;
     
    -		err = security_ops->sem_semctl(sma, cmd);
    +		err = security_sem_semctl(sma, cmd);
     		if (err)
     			goto out_unlock;
     
    @@ -560,7 +560,7 @@
     	if (ipcperms (&sma->sem_perm, (cmd==SETVAL||cmd==SETALL)?S_IWUGO:S_IRUGO))
     		goto out_unlock;
     
    -	err = security_ops->sem_semctl(sma, cmd);
    +	err = security_sem_semctl(sma, cmd);
     	if (err)
     		goto out_unlock;
     
    @@ -756,7 +756,7 @@
     		goto out_unlock;
     	}
     
    -	err = security_ops->sem_semctl(sma, cmd);
    +	err = security_sem_semctl(sma, cmd);
     	if (err)
     		goto out_unlock;
     
    Index: lsm-2.5/ipc/shm.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/ipc/shm.c,v
    retrieving revision 1.19
    diff -u -r1.19 shm.c
    --- lsm-2.5/ipc/shm.c	29 Nov 2002 17:14:44 -0000	1.19
    +++ lsm-2.5/ipc/shm.c	4 Dec 2002 20:35:51 -0000
    @@ -258,7 +258,7 @@
     			err = -EACCES;
     		else {
     			int shmid = shm_buildid(id, shp->shm_perm.seq);
    -			err = security_ops->shm_associate(shp, shmflg);
    +			err = security_shm_associate(shp, shmflg);
     			if (!err)
     				err = shmid;
     		}
    @@ -402,7 +402,7 @@
     	{
     		struct shminfo64 shminfo;
     
    -		err = security_ops->shm_shmctl(NULL, cmd);
    +		err = security_shm_shmctl(NULL, cmd);
     		if (err)
     			return err;
     
    @@ -424,7 +424,7 @@
     	{
     		struct shm_info shm_info;
     
    -		err = security_ops->shm_shmctl(NULL, cmd);
    +		err = security_shm_shmctl(NULL, cmd);
     		if (err)
     			return err;
     
    @@ -469,7 +469,7 @@
     		err=-EACCES;
     		if (ipcperms (&shp->shm_perm, S_IRUGO))
     			goto out_unlock;
    -		err = security_ops->shm_shmctl(shp, cmd);
    +		err = security_shm_shmctl(shp, cmd);
     		if (err)
     			goto out_unlock;
     		kernel_to_ipc64_perm(&shp->shm_perm, &tbuf.shm_perm);
    @@ -507,7 +507,7 @@
     		if(err)
     			goto out_unlock;
     
    -		err = security_ops->shm_shmctl(shp, cmd);
    +		err = security_shm_shmctl(shp, cmd);
     		if (err)
     			goto out_unlock;
     		
    @@ -551,7 +551,7 @@
     			goto out_unlock_up;
     		}
     
    -		err = security_ops->shm_shmctl(shp, cmd);
    +		err = security_shm_shmctl(shp, cmd);
     		if (err)
     			goto out_unlock_up;
     
    @@ -588,7 +588,7 @@
     			goto out_unlock_up;
     		}
     
    -		err = security_ops->shm_shmctl(shp, cmd);
    +		err = security_shm_shmctl(shp, cmd);
     		if (err)
     			goto out_unlock_up;
     		
    @@ -681,7 +681,7 @@
     		goto out;
     	}
     
    -	err = security_ops->shm_shmat(shp, shmaddr, shmflg);
    +	err = security_shm_shmat(shp, shmaddr, shmflg);
     	if (err) {
     		shm_unlock(shp);
     		return err;
    Index: lsm-2.5/kernel/printk.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/kernel/printk.c,v
    retrieving revision 1.12
    diff -u -r1.12 printk.c
    --- lsm-2.5/kernel/printk.c	29 Nov 2002 18:17:07 -0000	1.12
    +++ lsm-2.5/kernel/printk.c	4 Dec 2002 20:37:23 -0000
    @@ -176,7 +176,7 @@
     	char *lbuf = NULL;
     	int error = 0;
     
    -	error = security_ops->syslog(type);
    +	error = security_syslog(type);
     	if( error )
     		return error;
     
    Index: lsm-2.5/kernel/sys.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/kernel/sys.c,v
    retrieving revision 1.21
    diff -u -r1.21 sys.c
    --- lsm-2.5/kernel/sys.c	29 Nov 2002 17:14:46 -0000	1.21
    +++ lsm-2.5/kernel/sys.c	4 Dec 2002 20:38:27 -0000
    @@ -222,7 +222,7 @@
     		error = -EACCES;
     		goto out;
     	}
    -	no_nice = security_ops->task_setnice(p, niceval);
    +	no_nice = security_task_setnice(p, niceval);
     	if (no_nice) {
     		error = no_nice;
     		goto out;
    @@ -368,7 +368,7 @@
     	if (!capable(CAP_SYS_BOOT))
     		return -EPERM;
     
    -	retval = security_ops->reboot(cmd);
    +	retval = security_reboot(cmd);
     	if (retval) {
     		return retval;
     	}
    @@ -947,7 +947,7 @@
     	}
     
     ok_pgid:
    -	err = security_ops->task_setpgid(p, pgid);
    +	err = security_task_setpgid(p, pgid);
     	if (err)
     		goto out;
     
    @@ -1152,7 +1152,7 @@
     		return -EFAULT;
     	nodename[len] = 0;
     
    -	errno = security_ops->sethostname(nodename);
    +	errno = security_sethostname(nodename);
     	if (errno)
     		return errno;
     
    @@ -1196,7 +1196,7 @@
     		return -EFAULT;
     	domainname[len] = 0;
     
    -	errno = security_ops->setdomainname(domainname);
    +	errno = security_setdomainname(domainname);
     	if (errno)
     		return errno;
     
    Index: lsm-2.5/kernel/sysctl.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/kernel/sysctl.c,v
    retrieving revision 1.17
    diff -u -r1.17 sysctl.c
    --- lsm-2.5/kernel/sysctl.c	29 Nov 2002 18:17:08 -0000	1.17
    +++ lsm-2.5/kernel/sysctl.c	4 Dec 2002 20:38:46 -0000
    @@ -427,7 +427,7 @@
     static inline int ctl_perm(ctl_table *table, int op)
     {
     	int error;
    -	error = security_ops->sysctl(table, op);
    +	error = security_sysctl(table, op);
     	if(error) {
     		return error;
     	}
    Index: lsm-2.5/kernel/time.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/kernel/time.c,v
    retrieving revision 1.4
    diff -u -r1.4 time.c
    --- lsm-2.5/kernel/time.c	19 Nov 2002 15:10:42 -0000	1.4
    +++ lsm-2.5/kernel/time.c	4 Dec 2002 20:41:35 -0000
    @@ -154,7 +154,7 @@
     		return -EPERM;
     
             /* Call the Linux Security Module to perform its checks */
    -        error = security_ops->settime(tv, tz);
    +        error = security_settime(tv, tz);
             if (error)
                     return error;
     		
    Index: lsm-2.5/mm/oom_kill.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/mm/oom_kill.c,v
    retrieving revision 1.10
    diff -u -r1.10 oom_kill.c
    --- lsm-2.5/mm/oom_kill.c	29 Nov 2002 18:17:08 -0000	1.10
    +++ lsm-2.5/mm/oom_kill.c	4 Dec 2002 20:41:53 -0000
    @@ -89,7 +89,7 @@
     	 * Superuser processes are usually more important, so we make it
     	 * less likely that we kill those.
     	 */
    -	if (!security_ops->capable(p,CAP_SYS_ADMIN) ||
    +	if (!security_capable(p,CAP_SYS_ADMIN) ||
     				p->uid == 0 || p->euid == 0)
     		points /= 4;
     
    @@ -99,7 +99,7 @@
     	 * tend to only have this flag set on applications they think
     	 * of as important.
     	 */
    -	if (!security_ops->capable(p,CAP_SYS_RAWIO))
    +	if (!security_capable(p,CAP_SYS_RAWIO))
     		points /= 4;
     #ifdef DEBUG
     	printk(KERN_DEBUG "OOMkill: task %d (%s) got %d points\n",
    @@ -150,7 +150,7 @@
     	p->flags |= PF_MEMALLOC | PF_MEMDIE;
     
     	/* This process has hardware access, be more careful. */
    -	if (!security_ops->capable(p,CAP_SYS_RAWIO)) {
    +	if (!security_capable(p,CAP_SYS_RAWIO)) {
     		force_sig(SIGTERM, p);
     	} else {
     		force_sig(SIGKILL, p);
    Index: lsm-2.5/mm/swapfile.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/mm/swapfile.c,v
    retrieving revision 1.26
    diff -u -r1.26 swapfile.c
    --- lsm-2.5/mm/swapfile.c	29 Nov 2002 18:17:08 -0000	1.26
    +++ lsm-2.5/mm/swapfile.c	4 Dec 2002 20:42:08 -0000
    @@ -991,7 +991,7 @@
     		prev = type;
     	}
     
    -	err = security_ops->swapoff(p);
    +	err = security_swapoff(p);
     	if (err) {
     		swap_list_unlock();
     		goto out_dput;
    @@ -1230,7 +1230,7 @@
     	}
     
     	p->swap_file = swap_file;
    -	error = security_ops->swapon(p);
    +	error = security_swapon(p);
     	if (error)
     		goto bad_swap_2;
     
    Index: lsm-2.5/net/socket.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/net/socket.c,v
    retrieving revision 1.22
    diff -u -r1.22 socket.c
    --- lsm-2.5/net/socket.c	25 Nov 2002 14:12:27 -0000	1.22
    +++ lsm-2.5/net/socket.c	4 Dec 2002 21:02:29 -0000
    @@ -528,7 +528,7 @@
     	si->msg = msg;
     	si->size = size;
     
    -	err = security_ops->socket_sendmsg(sock, msg, size);
    +	err = security_socket_sendmsg(sock, msg, size);
     	if (err)
     		return err;
     
    @@ -565,7 +565,7 @@
     	si->size = size;
     	si->flags = flags;
     
    -	err = security_ops->socket_recvmsg(sock, msg, size, flags);
    +	err = security_socket_recvmsg(sock, msg, size, flags);
     	if (err)
     		return err;
     
    @@ -997,7 +997,7 @@
     		family = PF_PACKET;
     	}
     
    -	err = security_ops->socket_create(family, type, protocol);
    +	err = security_socket_create(family, type, protocol);
     	if (err)
     		return err;
     		
    @@ -1046,7 +1046,7 @@
     
     	*res = sock;
     
    -	security_ops->socket_post_create(sock, family, type, protocol);
    +	security_socket_post_create(sock, family, type, protocol);
     
     out:
     	net_family_read_unlock();
    @@ -1158,7 +1158,7 @@
     	if((sock = sockfd_lookup(fd,&err))!=NULL)
     	{
     		if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0) {
    -			err = security_ops->socket_bind(sock, (struct sockaddr *)address, addrlen);
    +			err = security_socket_bind(sock, (struct sockaddr *)address, addrlen);
     			if (err) {
     				sockfd_put(sock);
     				return err;
    @@ -1186,7 +1186,7 @@
     		if ((unsigned) backlog > SOMAXCONN)
     			backlog = SOMAXCONN;
     
    -		err = security_ops->socket_listen(sock, backlog);
    +		err = security_socket_listen(sock, backlog);
     		if (err) {
     			sockfd_put(sock);
     			return err;
    @@ -1228,7 +1228,7 @@
     	newsock->type = sock->type;
     	newsock->ops = sock->ops;
     
    -	err = security_ops->socket_accept(sock, newsock);
    +	err = security_socket_accept(sock, newsock);
     	if (err)
     		goto out_release;
     
    @@ -1251,7 +1251,7 @@
     	if ((err = sock_map_fd(newsock)) < 0)
     		goto out_release;
     
    -	security_ops->socket_post_accept(sock, newsock);
    +	security_socket_post_accept(sock, newsock);
     
     out_put:
     	sockfd_put(sock);
    @@ -1289,7 +1289,7 @@
     	if (err < 0)
     		goto out_put;
     
    -	err = security_ops->socket_connect(sock, (struct sockaddr *)address, addrlen);
    +	err = security_socket_connect(sock, (struct sockaddr *)address, addrlen);
     	if (err)
     		goto out_put;
     
    @@ -1317,7 +1317,7 @@
     	if (!sock)
     		goto out;
     
    -	err = security_ops->socket_getsockname(sock);
    +	err = security_socket_getsockname(sock);
     	if (err)
     		goto out_put;
     
    @@ -1345,7 +1345,7 @@
     
     	if ((sock = sockfd_lookup(fd, &err))!=NULL)
     	{
    -		err = security_ops->socket_getpeername(sock);
    +		err = security_socket_getpeername(sock);
     		if (err) {
     			sockfd_put(sock);
     			return err;
    @@ -1479,7 +1479,7 @@
     			
     	if ((sock = sockfd_lookup(fd, &err))!=NULL)
     	{
    -		err = security_ops->socket_setsockopt(sock,level,optname);
    +		err = security_socket_setsockopt(sock,level,optname);
     		if (err) {
     			sockfd_put(sock);
     			return err;
    @@ -1506,7 +1506,7 @@
     
     	if ((sock = sockfd_lookup(fd, &err))!=NULL)
     	{
    -		err = security_ops->socket_getsockopt(sock, level, 
    +		err = security_socket_getsockopt(sock, level, 
     							   optname);
     		if (err) {
     			sockfd_put(sock);
    @@ -1534,7 +1534,7 @@
     
     	if ((sock = sockfd_lookup(fd, &err))!=NULL)
     	{
    -		err = security_ops->socket_shutdown(sock, how);
    +		err = security_socket_shutdown(sock, how);
     		if (err) {
     			sockfd_put(sock);
     			return err;
    Index: lsm-2.5/net/core/datagram.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/net/core/datagram.c,v
    retrieving revision 1.5
    diff -u -r1.5 datagram.c
    --- lsm-2.5/net/core/datagram.c	14 Aug 2002 17:09:42 -0000	1.5
    +++ lsm-2.5/net/core/datagram.c	4 Dec 2002 21:02:38 -0000
    @@ -177,7 +177,7 @@
     			skb = skb_dequeue(&sk->receive_queue);
     
     		if (skb) {
    -			security_ops->skb_recv_datagram(skb, sk, flags);
    +			security_skb_recv_datagram(skb, sk, flags);
     			return skb;
     		}
     
    Index: lsm-2.5/net/core/dev.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/net/core/dev.c,v
    retrieving revision 1.16
    diff -u -r1.16 dev.c
    --- lsm-2.5/net/core/dev.c	25 Nov 2002 14:12:30 -0000	1.16
    +++ lsm-2.5/net/core/dev.c	4 Dec 2002 21:04:55 -0000
    @@ -2594,7 +2594,7 @@
     	free_divert_blk(dev);
     #endif
     
    -	security_ops->netdev_unregister(dev);
    +	security_netdev_unregister(dev);
     
     	if (dev->features & NETIF_F_DYNALLOC) {
     #ifdef NET_REFCNT_DEBUG
    Index: lsm-2.5/net/core/rtnetlink.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/net/core/rtnetlink.c,v
    retrieving revision 1.4
    diff -u -r1.4 rtnetlink.c
    --- lsm-2.5/net/core/rtnetlink.c	6 Nov 2002 20:38:55 -0000	1.4
    +++ lsm-2.5/net/core/rtnetlink.c	4 Dec 2002 21:05:02 -0000
    @@ -316,7 +316,7 @@
     	sz_idx = type>>2;
     	kind = type&3;
     
    -	if (kind != 2 && security_ops->netlink_recv(skb)) {
    +	if (kind != 2 && security_netlink_recv(skb)) {
     		*errp = -EPERM;
     		return -1;
     	}
    Index: lsm-2.5/net/core/skbuff.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/net/core/skbuff.c,v
    retrieving revision 1.10
    diff -u -r1.10 skbuff.c
    --- lsm-2.5/net/core/skbuff.c	6 Nov 2002 20:38:55 -0000	1.10
    +++ lsm-2.5/net/core/skbuff.c	4 Dec 2002 21:05:21 -0000
    @@ -196,7 +196,7 @@
     	if (!data)
     		goto nodata;
     
    -	if (security_ops->skb_alloc_security(skb, gfp_mask)) {
    +	if (security_skb_alloc(skb, gfp_mask)) {
      		kfree(data);
     		goto nodata;
     	}
    @@ -344,7 +344,7 @@
     	nf_bridge_put(skb->nf_bridge);
     #endif
     #endif
    -	security_ops->skb_free_security(skb);
    +	security_skb_free(skb);
     	skb_headerinit(skb, NULL, 0);  /* clean state */
     	kfree_skbmem(skb);
     }
    @@ -373,7 +373,7 @@
     			return NULL;
     	}
     	
    -	if (security_ops->skb_clone(n, skb)) {
    +	if (security_skb_clone(n, skb)) {
     		skb_head_to_pool(n);
     		return NULL;
     	}
    @@ -477,7 +477,7 @@
     #ifdef CONFIG_NET_SCHED
     	new->tc_index	= old->tc_index;
     #endif
    -	security_ops->skb_copy(new, old);
    +	security_skb_copy(new, old);
     }
     
     /**
    Index: lsm-2.5/net/core/sock.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/net/core/sock.c,v
    retrieving revision 1.6
    diff -u -r1.6 sock.c
    --- lsm-2.5/net/core/sock.c	22 Oct 2002 12:59:09 -0000	1.6
    +++ lsm-2.5/net/core/sock.c	4 Dec 2002 21:04:13 -0000
    @@ -601,7 +601,7 @@
     			sock_lock_init(sk);
     		}
     		sk->security = NULL;
    -		if (security_ops->socket_sock_alloc_security(sk, priority)) {
    +		if (security_sock_alloc(sk, priority)) {
     			kmem_cache_free(slab, sk);
     			return NULL;
     		}
    @@ -631,7 +631,7 @@
     	if (atomic_read(&sk->omem_alloc))
     		printk(KERN_DEBUG "sk_free: optmem leakage (%d bytes) detected.\n", atomic_read(&sk->omem_alloc));
     
    -	security_ops->socket_sock_free_security(sk);
    +	security_sock_free(sk);
     
     	kmem_cache_free(sk->slab, sk);
     }
    Index: lsm-2.5/net/ipv4/ip_fragment.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ip_fragment.c,v
    retrieving revision 1.5
    diff -u -r1.5 ip_fragment.c
    --- lsm-2.5/net/ipv4/ip_fragment.c	8 Jul 2002 12:46:26 -0000	1.5
    +++ lsm-2.5/net/ipv4/ip_fragment.c	4 Dec 2002 21:05:50 -0000
    @@ -375,7 +375,7 @@
     	int flags, offset;
     	int ihl, end, ret;
     
    -	ret = security_ops->ip_defragment(skb);
    +	ret = security_ip_defragment(skb);
     	if (ret)
     		goto err;
     
    Index: lsm-2.5/net/ipv4/ip_gre.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ip_gre.c,v
    retrieving revision 1.11
    diff -u -r1.11 ip_gre.c
    --- lsm-2.5/net/ipv4/ip_gre.c	12 Nov 2002 14:56:44 -0000	1.11
    +++ lsm-2.5/net/ipv4/ip_gre.c	4 Dec 2002 21:05:58 -0000
    @@ -661,7 +661,7 @@
     		skb->nf_debug = 0;
     #endif
     #endif
    -		security_ops->ip_decapsulate(skb);
    +		security_ip_decapsulate(skb);
     		ipgre_ecn_decapsulate(iph, skb);
     		netif_rx(skb);
     		read_unlock(&ipgre_lock);
    @@ -899,7 +899,7 @@
     	skb->nf_debug = 0;
     #endif
     #endif
    -	security_ops->ip_encapsulate(skb);
    +	security_ip_encapsulate(skb);
     
     	IPTUNNEL_XMIT();
     	tunnel->recursion--;
    Index: lsm-2.5/net/ipv4/ip_options.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ip_options.c,v
    retrieving revision 1.4
    diff -u -r1.4 ip_options.c
    --- lsm-2.5/net/ipv4/ip_options.c	26 Sep 2002 19:31:18 -0000	1.4
    +++ lsm-2.5/net/ipv4/ip_options.c	4 Dec 2002 21:06:06 -0000
    @@ -435,7 +435,7 @@
     		      case IPOPT_SEC:
     		      case IPOPT_CIPSO:
     		      case IPOPT_SID:
    -		      	if (security_ops->ip_decode_options(skb, optptr, &pp_ptr))
    +		      	if (security_ip_decode_options(skb, optptr, &pp_ptr))
     				goto error;
     			break;
     		      default:
    Index: lsm-2.5/net/ipv4/ip_output.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ip_output.c,v
    retrieving revision 1.14
    diff -u -r1.14 ip_output.c
    --- lsm-2.5/net/ipv4/ip_output.c	19 Nov 2002 15:10:50 -0000	1.14
    +++ lsm-2.5/net/ipv4/ip_output.c	4 Dec 2002 21:06:13 -0000
    @@ -633,7 +633,7 @@
     		ptr += len;
     		offset += len;
     
    -		security_ops->ip_fragment(skb2, skb);
    +		security_ip_fragment(skb2, skb);
     
     		/*
     		 *	Put this fragment into the sending queue.
    Index: lsm-2.5/net/ipv4/ipip.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ipip.c,v
    retrieving revision 1.10
    diff -u -r1.10 ipip.c
    --- lsm-2.5/net/ipv4/ipip.c	12 Nov 2002 14:56:44 -0000	1.10
    +++ lsm-2.5/net/ipv4/ipip.c	4 Dec 2002 21:06:26 -0000
    @@ -508,7 +508,7 @@
     		skb->nf_debug = 0;
     #endif
     #endif
    -		security_ops->ip_decapsulate(skb);
    +		security_ip_decapsulate(skb);
     		ipip_ecn_decapsulate(iph, skb);
     		netif_rx(skb);
     		read_unlock(&ipip_lock);
    @@ -663,7 +663,7 @@
     #endif
     #endif
     
    -	security_ops->ip_encapsulate(skb);
    +	security_ip_encapsulate(skb);
     
     	IPTUNNEL_XMIT();
     	tunnel->recursion--;
    Index: lsm-2.5/net/ipv4/ipmr.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ipmr.c,v
    retrieving revision 1.10
    diff -u -r1.10 ipmr.c
    --- lsm-2.5/net/ipv4/ipmr.c	12 Nov 2002 14:56:45 -0000	1.10
    +++ lsm-2.5/net/ipv4/ipmr.c	4 Dec 2002 21:06:44 -0000
    @@ -1105,7 +1105,7 @@
     	nf_conntrack_put(skb->nfct);
     	skb->nfct = NULL;
     #endif
    -	security_ops->ip_encapsulate(skb);
    +	security_ip_encapsulate(skb);
     }
     
     static inline int ipmr_forward_finish(struct sk_buff *skb)
    @@ -1462,7 +1462,7 @@
     	nf_conntrack_put(skb->nfct);
     	skb->nfct = NULL;
     #endif
    -	security_ops->ip_decapsulate(skb);
    +	security_ip_decapsulate(skb);
     	netif_rx(skb);
     	dev_put(reg_dev);
     	return 0;
    @@ -1530,7 +1530,7 @@
     	nf_conntrack_put(skb->nfct);
     	skb->nfct = NULL;
     #endif
    -	security_ops->ip_decapsulate(skb);
    +	security_ip_decapsulate(skb);
     	netif_rx(skb);
     	dev_put(reg_dev);
     	return 0;
    Index: lsm-2.5/net/ipv4/syncookies.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/syncookies.c,v
    retrieving revision 1.3
    diff -u -r1.3 syncookies.c
    --- lsm-2.5/net/ipv4/syncookies.c	6 Nov 2002 20:39:00 -0000	1.3
    +++ lsm-2.5/net/ipv4/syncookies.c	4 Dec 2002 21:06:51 -0000
    @@ -188,7 +188,7 @@
     		}
     	}
     
    -	security_ops->tcp_connection_request(sk, skb, req);
    +	security_tcp_connection_request(sk, skb, req);
     
     	/* Try to redo what tcp_v4_send_synack did. */
     	req->window_clamp = dst_metric(&rt->u.dst, RTAX_WINDOW);
    Index: lsm-2.5/net/ipv4/tcp_ipv4.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/tcp_ipv4.c,v
    retrieving revision 1.19
    diff -u -r1.19 tcp_ipv4.c
    --- lsm-2.5/net/ipv4/tcp_ipv4.c	19 Nov 2002 15:10:50 -0000	1.19
    +++ lsm-2.5/net/ipv4/tcp_ipv4.c	4 Dec 2002 21:07:08 -0000
    @@ -1331,7 +1331,7 @@
     	if (skb) {
     		struct tcphdr *th = skb->h.th;
     
    -		security_ops->tcp_synack(sk, skb, req);
    +		security_tcp_synack(sk, skb, req);
     
     		th->check = tcp_v4_check(th, skb->len,
     					 req->af.v4_req.loc_addr,
    @@ -1549,7 +1549,7 @@
     	}
     	req->snt_isn = isn;
     
    -	security_ops->tcp_connection_request(sk, skb, req);
    +	security_tcp_connection_request(sk, skb, req);
     
     	if (tcp_v4_send_synack(sk, req, dst))
     		goto drop_and_free;
    @@ -1800,7 +1800,7 @@
     		goto no_tcp_socket;
     
     process:
    -	if (security_ops->socket_sock_rcv_skb(sk, skb))
    +	if (security_sock_rcv_skb(sk, skb))
     		goto discard_and_relse;
     
     	if (sk->state == TCP_TIME_WAIT)
    Index: lsm-2.5/net/ipv4/tcp_minisocks.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/tcp_minisocks.c,v
    retrieving revision 1.10
    diff -u -r1.10 tcp_minisocks.c
    --- lsm-2.5/net/ipv4/tcp_minisocks.c	12 Nov 2002 14:56:45 -0000	1.10
    +++ lsm-2.5/net/ipv4/tcp_minisocks.c	4 Dec 2002 21:07:36 -0000
    @@ -803,7 +803,7 @@
     
     		TCP_INC_STATS_BH(TcpPassiveOpens);
     
    -		security_ops->tcp_create_openreq_child(sk, newsk, skb, req);
    +		security_tcp_create_openreq_child(sk, newsk, skb, req);
     	}
     	return newsk;
     }
    Index: lsm-2.5/net/ipv4/netfilter/ip_queue.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/netfilter/ip_queue.c,v
    retrieving revision 1.6
    diff -u -r1.6 ip_queue.c
    --- lsm-2.5/net/ipv4/netfilter/ip_queue.c	14 Aug 2002 17:09:44 -0000	1.6
    +++ lsm-2.5/net/ipv4/netfilter/ip_queue.c	4 Dec 2002 21:07:45 -0000
    @@ -496,7 +496,7 @@
     	if (type <= IPQM_BASE)
     		return;
     		
    -	if (security_ops->netlink_recv(skb))
    +	if (security_netlink_recv(skb))
     		RCV_SKB_FAIL(-EPERM);
     	
     	write_lock_bh(&queue_lock);
    Index: lsm-2.5/net/netlink/af_netlink.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/net/netlink/af_netlink.c,v
    retrieving revision 1.9
    diff -u -r1.9 af_netlink.c
    --- lsm-2.5/net/netlink/af_netlink.c	25 Nov 2002 14:12:33 -0000	1.9
    +++ lsm-2.5/net/netlink/af_netlink.c	4 Dec 2002 21:07:58 -0000
    @@ -637,7 +637,7 @@
     	   to corresponding kernel module.   --ANK (980802)
     	 */
     
    -	err = security_ops->netlink_send(skb);
    +	err = security_netlink_send(skb);
     	if (err) {
     		kfree_skb(skb);
     		goto out;
    Index: lsm-2.5/net/unix/af_unix.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/net/unix/af_unix.c,v
    retrieving revision 1.18
    diff -u -r1.18 af_unix.c
    --- lsm-2.5/net/unix/af_unix.c	29 Nov 2002 17:14:55 -0000	1.18
    +++ lsm-2.5/net/unix/af_unix.c	4 Dec 2002 21:08:14 -0000
    @@ -818,7 +818,7 @@
     		if (!unix_may_send(sk, other))
     			goto out_unlock;
     
    -		err = security_ops->unix_may_send(sk->socket, other->socket);
    +		err = security_unix_may_send(sk->socket, other->socket);
     		if (err)
     			goto out_unlock;
     
    @@ -987,7 +987,7 @@
     		goto restart;
     	}
     
    -	err = security_ops->unix_stream_connect(sock, other->socket, newsk);
    +	err = security_unix_stream_connect(sock, other->socket, newsk);
     	if (err) {
     		unix_state_wunlock(sk);
     		goto out_unlock;
    @@ -1291,7 +1291,7 @@
     	if (other->shutdown&RCV_SHUTDOWN)
     		goto out_unlock;
     
    -	err = security_ops->unix_may_send(sk->socket, other->socket);
    +	err = security_unix_may_send(sk->socket, other->socket);
     	if (err)
     		goto out_unlock;
     
    Index: lsm-2.5/security/capability.c
    ===================================================================
    RCS file: /home/pal/CVS/lsm-2.5/security/capability.c,v
    retrieving revision 1.29
    diff -u -r1.29 capability.c
    --- lsm-2.5/security/capability.c	2 Dec 2002 17:09:19 -0000	1.29
    +++ lsm-2.5/security/capability.c	4 Dec 2002 20:59:03 -0000
    @@ -279,6 +279,16 @@
     	return;
     }
     
    +int cap_ip_decode_options (struct sk_buff *skb, const char *optptr,
    +			   unsigned char **pp_ptr)
    +{
    +	if (!skb && !capable (CAP_NET_RAW)) {
    +		(const unsigned char *) *pp_ptr = optptr;
    +		return -EPERM;
    +	}
    +	return 0;
    +}
    +
     EXPORT_SYMBOL(cap_capable);
     EXPORT_SYMBOL(cap_ptrace);
     EXPORT_SYMBOL(cap_capget);
    @@ -289,6 +299,9 @@
     EXPORT_SYMBOL(cap_task_post_setuid);
     EXPORT_SYMBOL(cap_task_kmod_set_label);
     EXPORT_SYMBOL(cap_task_reparent_to_init);
    +EXPORT_SYMBOL(cap_netlink_send);
    +EXPORT_SYMBOL(cap_netlink_recv);
    +EXPORT_SYMBOL(cap_ip_decode_options);
     
     #ifdef CONFIG_SECURITY
     
    @@ -761,16 +774,6 @@
     static void cap_ip_decapsulate (struct sk_buff *skb)
     {
     	return;
    -}
    -
    -static int cap_ip_decode_options (struct sk_buff *skb, const char *optptr,
    -				  unsigned char **pp_ptr)
    -{
    -	if (!skb && !capable (CAP_NET_RAW)) {
    -		(const unsigned char *) *pp_ptr = optptr;
    -		return -EPERM;
    -	}
    -	return 0;
     }
     
     static void cap_netdev_unregister (struct net_device *dev)
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Dec 04 2002 - 13:52:42 PST