The attached patch converts the remaining hooks in the lsm-2.5 tree to the new format. Builds and boots with CONFIG_SECURITY disabled or enabled. Any objections to committing this patch? -- Stephen Smalley, NSA sdsat_private Index: lsm-2.5/arch/i386/kernel/ioport.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/arch/i386/kernel/ioport.c,v retrieving revision 1.6 diff -u -r1.6 ioport.c --- lsm-2.5/arch/i386/kernel/ioport.c 6 Nov 2002 20:37:56 -0000 1.6 +++ lsm-2.5/arch/i386/kernel/ioport.c 4 Dec 2002 20:15:10 -0000 @@ -65,7 +65,7 @@ if (turn_on && !capable(CAP_SYS_RAWIO)) return -EPERM; - ret = security_ops->ioperm(from, num, turn_on); + ret = security_ioperm(from, num, turn_on); if (ret) return ret; @@ -127,7 +127,7 @@ if (!capable(CAP_SYS_RAWIO)) return -EPERM; } - retval = security_ops->iopl(old, level); + retval = security_iopl(old, level); if (retval) { return retval; } Index: lsm-2.5/arch/ia64/ia32/sys_ia32.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/arch/ia64/ia32/sys_ia32.c,v retrieving revision 1.16 diff -u -r1.16 sys_ia32.c --- lsm-2.5/arch/ia64/ia32/sys_ia32.c 19 Nov 2002 15:09:43 -0000 1.16 +++ lsm-2.5/arch/ia64/ia32/sys_ia32.c 4 Dec 2002 20:15:31 -0000 @@ -3187,7 +3187,7 @@ if (!capable(CAP_SYS_RAWIO)) return -EPERM; } - retval = security_ops->iopl(old,level); + retval = security_iopl(old,level); if (retval) { return retval; } Index: lsm-2.5/arch/parisc/kernel/ptrace.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/arch/parisc/kernel/ptrace.c,v retrieving revision 1.1.1.2 diff -u -r1.1.1.2 ptrace.c --- lsm-2.5/arch/parisc/kernel/ptrace.c 6 Nov 2002 19:28:13 -0000 1.1.1.2 +++ lsm-2.5/arch/parisc/kernel/ptrace.c 4 Dec 2002 20:15:48 -0000 @@ -103,7 +103,7 @@ if (current->ptrace & PT_PTRACED) goto out; - ret = security_ops->ptrace(current->parent, current); + ret = security_ptrace(current->parent, current); if (ret) goto out; Index: lsm-2.5/fs/file_table.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/fs/file_table.c,v retrieving revision 1.17 diff -u -r1.17 file_table.c --- lsm-2.5/fs/file_table.c 29 Nov 2002 17:14:31 -0000 1.17 +++ lsm-2.5/fs/file_table.c 4 Dec 2002 20:17:05 -0000 @@ -107,12 +107,12 @@ filp->f_uid = current->fsuid; filp->f_gid = current->fsgid; filp->f_op = dentry->d_inode->i_fop; - error = security_ops->file_alloc_security(filp); + error = security_file_alloc(filp); if (!error) if (filp->f_op->open) { error = filp->f_op->open(dentry->d_inode, filp); if (error) - security_ops->file_free_security(filp); + security_file_free(filp); } return error; } @@ -123,7 +123,7 @@ if (file->f_op && file->f_op->release) file->f_op->release(inode, file); - security_ops->file_free_security(file); + security_file_free(file); } void fput(struct file * file) Index: lsm-2.5/fs/super.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/fs/super.c,v retrieving revision 1.21 diff -u -r1.21 super.c --- lsm-2.5/fs/super.c 29 Nov 2002 17:14:32 -0000 1.21 +++ lsm-2.5/fs/super.c 4 Dec 2002 20:17:20 -0000 @@ -612,7 +612,7 @@ sb = type->get_sb(type, flags, name, data); if (IS_ERR(sb)) goto out_mnt; - error = security_ops->sb_kern_mount(sb); + error = security_sb_kern_mount(sb); if (error) { up_write(&sb->s_umount); deactivate_super(sb); Index: lsm-2.5/fs/hugetlbfs/inode.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/fs/hugetlbfs/inode.c,v retrieving revision 1.1.1.4 diff -u -r1.1.1.4 inode.c --- lsm-2.5/fs/hugetlbfs/inode.c 25 Nov 2002 13:32:09 -0000 1.1.1.4 +++ lsm-2.5/fs/hugetlbfs/inode.c 4 Dec 2002 20:17:48 -0000 @@ -209,7 +209,7 @@ if (inode->i_data.nrpages) truncate_hugepages(&inode->i_data, 0); - security_ops->inode_delete(inode); + security_inode_delete(inode); clear_inode(inode); destroy_inode(inode); @@ -333,7 +333,7 @@ if (error) goto out; - error = security_ops->inode_setattr(dentry, attr); + error = security_inode_setattr(dentry, attr); if (error) goto out; Index: lsm-2.5/include/linux/security.h =================================================================== RCS file: /home/pal/CVS/lsm-2.5/include/linux/security.h,v retrieving revision 1.29 diff -u -r1.29 security.h --- lsm-2.5/include/linux/security.h 2 Dec 2002 17:09:17 -0000 1.29 +++ lsm-2.5/include/linux/security.h 4 Dec 2002 21:29:46 -0000 @@ -42,6 +42,8 @@ struct sk_buff; extern int cap_netlink_send (struct sk_buff *skb); extern int cap_netlink_recv (struct sk_buff *skb); +extern int cap_ip_decode_options (struct sk_buff *skb, const char *optptr, + unsigned char **pp_ptr); extern int cap_ptrace (struct task_struct *parent, struct task_struct *child); extern int cap_capget (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); extern int cap_capset_check (struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); @@ -67,21 +69,19 @@ /* setfsuid or setfsgid, id0 == fsuid or fsgid */ #define LSM_SETID_FS 8 - -#ifdef CONFIG_SECURITY - /* forward declares to avoid warnings */ struct socket; struct sock; struct sockaddr; struct msghdr; -struct sk_buff; struct net_device; struct nfsctl_arg; struct sched_param; struct swap_info_struct; struct open_request; +#ifdef CONFIG_SECURITY + /** * struct security_operations - main security structure * Security hooks for program execution operations. @@ -1381,6 +1381,31 @@ extern struct security_operations *security_ops; /* inline stuff */ +static inline int security_sethostname (char *hostname) +{ + return security_ops->sethostname (hostname); +} + +static inline int security_setdomainname (char *domainname) +{ + return security_ops->setdomainname (domainname); +} + +static inline int security_reboot (unsigned int cmd) +{ + return security_ops->reboot (cmd); +} + +static inline int security_ioperm (unsigned long from, unsigned long num, int turn_on) +{ + return security_ops->ioperm (from, num, turn_on); +} + +static inline int security_iopl (unsigned int old, unsigned int level) +{ + return security_ops->iopl (old, level); +} + static inline int security_ptrace (struct task_struct * parent, struct task_struct * child) { return security_ops->ptrace (parent, child); @@ -1415,6 +1440,26 @@ return security_ops->acct (file); } +static inline int security_sysctl(ctl_table * table, int op) +{ + return security_ops->sysctl(table, op); +} + +static inline int security_capable(struct task_struct * tsk, int cap) +{ + return security_ops->capable(tsk, cap); +} + +static inline int security_swapon(struct swap_info_struct * swap) +{ + return security_ops->swapon(swap); +} + +static inline int security_swapoff(struct swap_info_struct * swap) +{ + return security_ops->swapoff(swap); +} + static inline int security_quotactl (int cmds, int type, int id, struct super_block *sb) { @@ -1426,6 +1471,41 @@ return security_ops->quota_on (file); } +static inline int security_syslog(int type) +{ + return security_ops->syslog(type); +} + +static inline int security_settime(struct timeval *tv, struct timezone *tz) +{ + return security_ops->settime(tv, tz); +} + +static inline int security_netlink_send(struct sk_buff * skb) +{ + return security_ops->netlink_send(skb); +} + +static inline int security_netlink_recv(struct sk_buff * skb) +{ + return security_ops->netlink_recv(skb); +} + + +static inline int security_unix_stream_connect(struct socket * sock, + struct socket * other, + struct sock * newsk) +{ + return security_ops->unix_stream_connect(sock, other, newsk); +} + + +static inline int security_unix_may_send(struct socket * sock, + struct socket * other) +{ + return security_ops->unix_may_send(sock, other); +} + static inline int security_bprm_alloc (struct linux_binprm *bprm) { return security_ops->bprm_alloc_security (bprm); @@ -1457,6 +1537,11 @@ security_ops->sb_free_security (sb); } +static inline int security_sb_kern_mount (struct super_block *sb) +{ + return security_ops->sb_kern_mount (sb); +} + static inline int security_sb_statfs (struct super_block *sb) { return security_ops->sb_statfs (sb); @@ -1861,12 +1946,222 @@ security_ops->task_reparent_to_init (p); } +static inline int security_socket_create (int family, int type, int protocol) +{ + return security_ops->socket_create(family, type, protocol); +} + +static inline void security_socket_post_create(struct socket * sock, + int family, + int type, + int protocol) +{ + security_ops->socket_post_create(sock, family, type, protocol); +} + +static inline int security_socket_bind(struct socket * sock, + struct sockaddr * address, + int addrlen) +{ + return security_ops->socket_bind(sock, address, addrlen); +} + +static inline int security_socket_connect(struct socket * sock, + struct sockaddr * address, + int addrlen) +{ + return security_ops->socket_connect(sock, address, addrlen); +} + +static inline int security_socket_listen(struct socket * sock, int backlog) +{ + return security_ops->socket_listen(sock, backlog); +} + +static inline int security_socket_accept(struct socket * sock, + struct socket * newsock) +{ + return security_ops->socket_accept(sock, newsock); +} + +static inline void security_socket_post_accept(struct socket * sock, + struct socket * newsock) +{ + security_ops->socket_post_accept(sock, newsock); +} + +static inline int security_socket_sendmsg(struct socket * sock, + struct msghdr * msg, int size) +{ + return security_ops->socket_sendmsg(sock, msg, size); +} + +static inline int security_socket_recvmsg(struct socket * sock, + struct msghdr * msg, int size, + int flags) +{ + return security_ops->socket_recvmsg(sock, msg, size, flags); +} + +static inline int security_socket_getsockname(struct socket * sock) +{ + return security_ops->socket_getsockname(sock); +} + +static inline int security_socket_getpeername(struct socket * sock) +{ + return security_ops->socket_getpeername(sock); +} + +static inline int security_socket_getsockopt(struct socket * sock, + int level, int optname) +{ + return security_ops->socket_getsockopt(sock, level, optname); +} + +static inline int security_socket_setsockopt(struct socket * sock, + int level, int optname) +{ + return security_ops->socket_setsockopt(sock, level, optname); +} + +static inline int security_socket_shutdown(struct socket * sock, int how) +{ + return security_ops->socket_shutdown(sock, how); +} + +static inline int security_sock_alloc(struct sock * sk, + int gfp_mask) +{ + return security_ops->socket_sock_alloc_security(sk, gfp_mask); +} + +static inline void security_sock_free(struct sock * sk) +{ + security_ops->socket_sock_free_security(sk); +} + +static inline int security_sock_rcv_skb (struct sock * sk, + struct sk_buff * skb) +{ + return security_ops->socket_sock_rcv_skb (sk, skb); +} + +static inline int security_open_request_alloc (struct open_request * req) +{ + return security_ops->open_request_alloc_security (req); +} + +static inline void security_open_request_free (struct open_request * req) +{ + security_ops->open_request_free_security (req); +} + +static inline void security_tcp_connection_request(struct sock * sk, + struct sk_buff * skb, + struct open_request * req) +{ + security_ops->tcp_connection_request(sk, skb, req); +} + +static inline void security_tcp_synack(struct sock * sk, + struct sk_buff * skb, + struct open_request * req) +{ + security_ops->tcp_synack(sk, skb, req); +} + +static inline void security_tcp_create_openreq_child(struct sock * sk, + struct sock * newsk, + struct sk_buff * skb, + struct open_request * req) +{ + security_ops->tcp_create_openreq_child(sk, newsk, skb, req); +} + +static inline int security_skb_alloc(struct sk_buff * skb, int gfp_mask) +{ + return security_ops->skb_alloc_security(skb, gfp_mask); +} + +static inline int security_skb_clone(struct sk_buff * newskb, + const struct sk_buff * oldskb) +{ + return security_ops->skb_clone(newskb, oldskb); +} + +static inline void security_skb_copy(struct sk_buff * newskb, + const struct sk_buff * oldskb) +{ + security_ops->skb_copy(newskb, oldskb); +} + +static inline void security_skb_set_owner_w (struct sk_buff * skb, + struct sock * sk) +{ + security_ops->skb_set_owner_w (skb, sk); +} + +static inline void security_skb_recv_datagram(struct sk_buff * skb, + struct sock * sk, unsigned flags) +{ + security_ops->skb_recv_datagram(skb, sk, flags); +} + +static inline void security_skb_free(struct sk_buff * skb) +{ + security_ops->skb_free_security(skb); +} + +static inline void security_ip_fragment(struct sk_buff * newskb, + const struct sk_buff * oldskb) +{ + security_ops->ip_fragment(newskb, oldskb); +} + +static inline int security_ip_defragment(struct sk_buff * skb) +{ + return security_ops->ip_defragment(skb); +} + +static inline void security_ip_encapsulate(struct sk_buff * skb) +{ + security_ops->ip_encapsulate(skb); +} + +static inline void security_ip_decapsulate(struct sk_buff * skb) +{ + security_ops->ip_decapsulate(skb); +} + +static inline int security_ip_decode_options(struct sk_buff * skb, + const char *optptr, + unsigned char **pp_ptr) +{ + return security_ops->ip_decode_options(skb, optptr, pp_ptr); +} + +static inline void security_netdev_unregister(struct net_device * dev) +{ + security_ops->netdev_unregister(dev); +} + static inline int security_ipc_permission (struct kern_ipc_perm *ipcp, short flag) { return security_ops->ipc_permission (ipcp, flag); } +static inline int security_msg_msg_alloc (struct msg_msg * msg) +{ + return security_ops->msg_msg_alloc_security (msg); +} + +static inline void security_msg_msg_free (struct msg_msg * msg) +{ + security_ops->msg_msg_free_security(msg); +} + static inline int security_msg_queue_alloc (struct msg_queue *msq) { return security_ops->msg_queue_alloc_security (msq); @@ -1877,6 +2172,31 @@ security_ops->msg_queue_free_security (msq); } +static inline int security_msg_queue_associate (struct msg_queue * msq, + int msqflg) +{ + return security_ops->msg_queue_associate (msq, msqflg); +} + +static inline int security_msg_queue_msgctl (struct msg_queue * msq, int cmd) +{ + return security_ops->msg_queue_msgctl (msq, cmd); +} + +static inline int security_msg_queue_msgsnd (struct msg_queue * msq, + struct msg_msg * msg, int msqflg) +{ + return security_ops->msg_queue_msgsnd (msq, msg, msqflg); +} + +static inline int security_msg_queue_msgrcv (struct msg_queue * msq, + struct msg_msg * msg, + struct task_struct * target, + long type, int mode) +{ + return security_ops->msg_queue_msgrcv (msq, msg, target, type, mode); +} + static inline int security_shm_alloc (struct shmid_kernel *shp) { return security_ops->shm_alloc_security (shp); @@ -1887,6 +2207,23 @@ security_ops->shm_free_security (shp); } +static inline int security_shm_associate (struct shmid_kernel * shp, + int shmflg) +{ + return security_ops->shm_associate(shp, shmflg); +} + +static inline int security_shm_shmctl (struct shmid_kernel * shp, int cmd) +{ + return security_ops->shm_shmctl (shp, cmd); +} + +static inline int security_shm_shmat (struct shmid_kernel * shp, + char *shmaddr, int shmflg) +{ + return security_ops->shm_shmat(shp, shmaddr, shmflg); +} + static inline int security_sem_alloc (struct sem_array *sma) { return security_ops->sem_alloc_security (sma); @@ -1897,6 +2234,16 @@ security_ops->sem_free_security (sma); } +static inline int security_sem_associate (struct sem_array * sma, int semflg) +{ + return security_ops->sem_associate (sma, semflg); +} + +static inline int security_sem_semctl (struct sem_array * sma, int cmd) +{ + return security_ops->sem_semctl(sma, cmd); +} + /* prototypes */ extern int security_scaffolding_startup (void); @@ -1918,6 +2265,31 @@ return 0; } +static inline int security_sethostname (char *hostname) +{ + return 0; +} + +static inline int security_setdomainname (char *domainname) +{ + return 0; +} + +static inline int security_reboot (unsigned int cmd) +{ + return 0; +} + +static inline int security_ioperm (unsigned long from, unsigned long num, int turn_on) +{ + return 0; +} + +static inline int security_iopl (unsigned int old, unsigned int level) +{ + return 0; +} + static inline int security_ptrace (struct task_struct *parent, struct task_struct * child) { return cap_ptrace (parent, child); @@ -1952,6 +2324,26 @@ return 0; } +static inline int security_sysctl(ctl_table * table, int op) +{ + return 0; +} + +static inline int security_capable(struct task_struct * tsk, int cap) +{ + return cap_capable(tsk, cap); +} + +static inline int security_swapon(struct swap_info_struct * swap) +{ + return 0; +} + +static inline int security_swapoff(struct swap_info_struct * swap) +{ + return 0; +} + static inline int security_quotactl (int cmds, int type, int id, struct super_block * sb) { @@ -1963,6 +2355,39 @@ return 0; } +static inline int security_syslog(int type) +{ + return 0; +} + +static inline int security_settime(struct timeval *tv, struct timezone *tz) +{ + return 0; +} + +static inline int security_netlink_send(struct sk_buff * skb) +{ + return cap_netlink_send(skb); +} + +static inline int security_netlink_recv(struct sk_buff * skb) +{ + return cap_netlink_recv(skb); +} + +static inline int security_unix_stream_connect(struct socket * sock, + struct socket * other, + struct sock * newsk) +{ + return 0; +} + +static inline int security_unix_may_send(struct socket * sock, + struct socket * other) +{ + return 0; +} + static inline int security_bprm_alloc (struct linux_binprm *bprm) { return 0; @@ -1994,6 +2419,11 @@ static inline void security_sb_free (struct super_block *sb) { } +static inline int security_sb_kern_mount (struct super_block *sb) +{ + return 0; +} + static inline int security_sb_statfs (struct super_block *sb) { return 0; @@ -2362,12 +2792,205 @@ cap_task_reparent_to_init (p); } +static inline int security_socket_create (int family, int type, int protocol) +{ + return 0; +} + +static inline void security_socket_post_create(struct socket * sock, + int family, + int type, + int protocol) +{ +} + +static inline int security_socket_bind(struct socket * sock, + struct sockaddr * address, + int addrlen) +{ + return 0; +} + +static inline int security_socket_connect(struct socket * sock, + struct sockaddr * address, + int addrlen) +{ + return 0; +} + +static inline int security_socket_listen(struct socket * sock, int backlog) +{ + return 0; +} + +static inline int security_socket_accept(struct socket * sock, + struct socket * newsock) +{ + return 0; +} + +static inline void security_socket_post_accept(struct socket * sock, + struct socket * newsock) +{ +} + +static inline int security_socket_sendmsg(struct socket * sock, + struct msghdr * msg, int size) +{ + return 0; +} + +static inline int security_socket_recvmsg(struct socket * sock, + struct msghdr * msg, int size, + int flags) +{ + return 0; +} + +static inline int security_socket_getsockname(struct socket * sock) +{ + return 0; +} + +static inline int security_socket_getpeername(struct socket * sock) +{ + return 0; +} + +static inline int security_socket_getsockopt(struct socket * sock, + int level, int optname) +{ + return 0; +} + +static inline int security_socket_setsockopt(struct socket * sock, + int level, int optname) +{ + return 0; +} + +static inline int security_socket_shutdown(struct socket * sock, int how) +{ + return 0; +} + +static inline int security_sock_alloc(struct sock * sk, + int gfp_mask) +{ + return 0; +} + +static inline void security_sock_free(struct sock * sk) +{ +} + +static inline int security_sock_rcv_skb (struct sock * sk, + struct sk_buff * skb) +{ + return 0; +} + +static inline int security_open_request_alloc (struct open_request * req) +{ + return 0; +} + +static inline void security_open_request_free (struct open_request * req) +{ +} + +static inline void security_tcp_connection_request(struct sock * sk, + struct sk_buff * skb, + struct open_request * req) +{ +} + +static inline void security_tcp_synack(struct sock * sk, + struct sk_buff * skb, + struct open_request * req) +{ +} + +static inline void security_tcp_create_openreq_child(struct sock * sk, + struct sock * newsk, + struct sk_buff * skb, + struct open_request * req) +{ +} + +static inline int security_skb_alloc(struct sk_buff * skb, int gfp_mask) +{ + return 0; +} + +static inline int security_skb_clone(struct sk_buff * newskb, + const struct sk_buff * oldskb) +{ + return 0; +} + +static inline void security_skb_copy(struct sk_buff * newskb, + const struct sk_buff * oldskb) +{ +} + +static inline void security_skb_set_owner_w (struct sk_buff * skb, + struct sock * sk) +{ +} + +static inline void security_skb_recv_datagram(struct sk_buff * skb, + struct sock * sk, unsigned flags) +{ +} + +static inline void security_skb_free(struct sk_buff * skb) +{ +} + +static inline void security_ip_fragment(struct sk_buff * newskb, + const struct sk_buff * oldskb) +{ +} + +static inline int security_ip_defragment(struct sk_buff * skb) +{ + return 0; +} + +static inline void security_ip_encapsulate(struct sk_buff * skb) +{ +} + +static inline void security_ip_decapsulate(struct sk_buff * skb) +{ +} + +static inline int security_ip_decode_options(struct sk_buff * skb, + const char *optptr, + unsigned char **pp_ptr) +{ + return cap_ip_decode_options(skb,optptr,pp_ptr); +} + +static inline void security_netdev_unregister(struct net_device * dev) +{ +} + static inline int security_ipc_permission (struct kern_ipc_perm *ipcp, short flag) { return 0; } +static inline int security_msg_msg_alloc (struct msg_msg * msg) +{ + return 0; +} + +static inline void security_msg_msg_free (struct msg_msg * msg) +{ } + static inline int security_msg_queue_alloc (struct msg_queue *msq) { return 0; @@ -2376,6 +2999,31 @@ static inline void security_msg_queue_free (struct msg_queue *msq) { } +static inline int security_msg_queue_associate (struct msg_queue * msq, + int msqflg) +{ + return 0; +} + +static inline int security_msg_queue_msgctl (struct msg_queue * msq, int cmd) +{ + return 0; +} + +static inline int security_msg_queue_msgsnd (struct msg_queue * msq, + struct msg_msg * msg, int msqflg) +{ + return 0; +} + +static inline int security_msg_queue_msgrcv (struct msg_queue * msq, + struct msg_msg * msg, + struct task_struct * target, + long type, int mode) +{ + return 0; +} + static inline int security_shm_alloc (struct shmid_kernel *shp) { return 0; @@ -2384,6 +3032,23 @@ static inline void security_shm_free (struct shmid_kernel *shp) { } +static inline int security_shm_associate (struct shmid_kernel * shp, + int shmflg) +{ + return 0; +} + +static inline int security_shm_shmctl (struct shmid_kernel * shp, int cmd) +{ + return 0; +} + +static inline int security_shm_shmat (struct shmid_kernel * shp, + char *shmaddr, int shmflg) +{ + return 0; +} + static inline int security_sem_alloc (struct sem_array *sma) { return 0; @@ -2392,6 +3057,15 @@ static inline void security_sem_free (struct sem_array *sma) { } +static inline int security_sem_associate (struct sem_array * sma, int semflg) +{ + return 0; +} + +static inline int security_sem_semctl (struct sem_array * sma, int cmd) +{ + return 0; +} #endif /* CONFIG_SECURITY */ Index: lsm-2.5/include/net/sock.h =================================================================== RCS file: /home/pal/CVS/lsm-2.5/include/net/sock.h,v retrieving revision 1.17 diff -u -r1.17 sock.h --- lsm-2.5/include/net/sock.h 29 Nov 2002 18:17:07 -0000 1.17 +++ lsm-2.5/include/net/sock.h 4 Dec 2002 21:04:25 -0000 @@ -705,7 +705,7 @@ skb->sk = sk; skb->destructor = sock_wfree; atomic_add(skb->truesize, &sk->wmem_alloc); - security_ops->skb_set_owner_w(skb, sk); + security_skb_set_owner_w(skb, sk); } static inline void skb_set_owner_r(struct sk_buff *skb, struct sock *sk) @@ -725,7 +725,7 @@ if (atomic_read(&sk->rmem_alloc) + skb->truesize >= (unsigned)sk->rcvbuf) return -ENOMEM; - err = security_ops->socket_sock_rcv_skb(sk, skb); + err = security_sock_rcv_skb(sk, skb); if (err) return err; Index: lsm-2.5/include/net/tcp.h =================================================================== RCS file: /home/pal/CVS/lsm-2.5/include/net/tcp.h,v retrieving revision 1.4 diff -u -r1.4 tcp.h --- lsm-2.5/include/net/tcp.h 6 Nov 2002 20:38:38 -0000 1.4 +++ lsm-2.5/include/net/tcp.h 4 Dec 2002 20:26:00 -0000 @@ -546,7 +546,7 @@ if (req != NULL) { req->security = NULL; - if (security_ops->open_request_alloc_security(req)) { + if (security_open_request_alloc(req)) { kmem_cache_free(tcp_openreq_cachep, req); return NULL; } @@ -556,7 +556,7 @@ static inline void tcp_openreq_fastfree(struct open_request *req) { - security_ops->open_request_free_security(req); + security_open_request_free(req); kmem_cache_free(tcp_openreq_cachep, req); } Index: lsm-2.5/ipc/msg.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/ipc/msg.c,v retrieving revision 1.10 diff -u -r1.10 msg.c --- lsm-2.5/ipc/msg.c 29 Nov 2002 17:14:43 -0000 1.10 +++ lsm-2.5/ipc/msg.c 4 Dec 2002 20:31:24 -0000 @@ -130,7 +130,7 @@ { struct msg_msgseg* seg; - security_ops->msg_msg_free_security(msg); + security_msg_msg_free(msg); seg = msg->next; kfree(msg); @@ -188,7 +188,7 @@ src = ((char*)src)+alen; } - err = security_ops->msg_msg_alloc_security(msg); + err = security_msg_msg_alloc(msg); if (err) goto out_err; @@ -316,7 +316,7 @@ ret = -EACCES; else { int qid = msg_buildid(id, msq->q_perm.seq); - ret = security_ops->msg_queue_associate(msq, msgflg); + ret = security_msg_queue_associate(msq, msgflg); if (!ret) ret = qid; } @@ -442,7 +442,7 @@ * to set all member fields. */ - err = security_ops->msg_queue_msgctl(NULL, cmd); + err = security_msg_queue_msgctl(NULL, cmd); if (err) return err; @@ -496,7 +496,7 @@ if (ipcperms (&msq->q_perm, S_IRUGO)) goto out_unlock; - err = security_ops->msg_queue_msgctl(msq, cmd); + err = security_msg_queue_msgctl(msq, cmd); if (err) goto out_unlock; @@ -542,7 +542,7 @@ /* We _could_ check for CAP_CHOWN above, but we don't */ goto out_unlock_up; - err = security_ops->msg_queue_msgctl(msq, cmd); + err = security_msg_queue_msgctl(msq, cmd); if (err) goto out_unlock_up; @@ -618,7 +618,7 @@ msr = list_entry(tmp,struct msg_receiver,r_list); tmp = tmp->next; if(testmsg(msg,msr->r_msgtype,msr->r_mode) && - !security_ops->msg_queue_msgrcv(msq, msg, msr->r_tsk, msr->r_msgtype, msr->r_mode)) { + !security_msg_queue_msgrcv(msq, msg, msr->r_tsk, msr->r_msgtype, msr->r_mode)) { list_del(&msr->r_list); if(msr->r_maxsize < msg->m_ts) { msr->r_msg = ERR_PTR(-E2BIG); @@ -669,7 +669,7 @@ if (ipcperms(&msq->q_perm, S_IWUGO)) goto out_unlock_free; - err = security_ops->msg_queue_msgsnd(msq, msg, msgflg); + err = security_msg_queue_msgsnd(msq, msg, msgflg); if (err) goto out_unlock_free; @@ -772,7 +772,7 @@ while (tmp != &msq->q_messages) { msg = list_entry(tmp,struct msg_msg,m_list); if(testmsg(msg,msgtyp,mode) && - !security_ops->msg_queue_msgrcv(msq, msg, current, msgtyp, mode)) { + !security_msg_queue_msgrcv(msq, msg, current, msgtyp, mode)) { found_msg = msg; if(mode == SEARCH_LESSEQUAL && msg->m_type != 1) { found_msg=msg; Index: lsm-2.5/ipc/sem.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/ipc/sem.c,v retrieving revision 1.14 diff -u -r1.14 sem.c --- lsm-2.5/ipc/sem.c 29 Nov 2002 17:14:44 -0000 1.14 +++ lsm-2.5/ipc/sem.c 4 Dec 2002 20:36:08 -0000 @@ -188,7 +188,7 @@ err = -EACCES; else { int semid = sem_buildid(id, sma->sem_perm.seq); - err = security_ops->sem_associate(sma, semflg); + err = security_sem_associate(sma, semflg); if (!err) err = semid; } @@ -468,7 +468,7 @@ struct seminfo seminfo; int max_id; - err = security_ops->sem_semctl(NULL, cmd); + err = security_sem_semctl(NULL, cmd); if (err) return err; @@ -513,7 +513,7 @@ if (ipcperms (&sma->sem_perm, S_IRUGO)) goto out_unlock; - err = security_ops->sem_semctl(sma, cmd); + err = security_sem_semctl(sma, cmd); if (err) goto out_unlock; @@ -560,7 +560,7 @@ if (ipcperms (&sma->sem_perm, (cmd==SETVAL||cmd==SETALL)?S_IWUGO:S_IRUGO)) goto out_unlock; - err = security_ops->sem_semctl(sma, cmd); + err = security_sem_semctl(sma, cmd); if (err) goto out_unlock; @@ -756,7 +756,7 @@ goto out_unlock; } - err = security_ops->sem_semctl(sma, cmd); + err = security_sem_semctl(sma, cmd); if (err) goto out_unlock; Index: lsm-2.5/ipc/shm.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/ipc/shm.c,v retrieving revision 1.19 diff -u -r1.19 shm.c --- lsm-2.5/ipc/shm.c 29 Nov 2002 17:14:44 -0000 1.19 +++ lsm-2.5/ipc/shm.c 4 Dec 2002 20:35:51 -0000 @@ -258,7 +258,7 @@ err = -EACCES; else { int shmid = shm_buildid(id, shp->shm_perm.seq); - err = security_ops->shm_associate(shp, shmflg); + err = security_shm_associate(shp, shmflg); if (!err) err = shmid; } @@ -402,7 +402,7 @@ { struct shminfo64 shminfo; - err = security_ops->shm_shmctl(NULL, cmd); + err = security_shm_shmctl(NULL, cmd); if (err) return err; @@ -424,7 +424,7 @@ { struct shm_info shm_info; - err = security_ops->shm_shmctl(NULL, cmd); + err = security_shm_shmctl(NULL, cmd); if (err) return err; @@ -469,7 +469,7 @@ err=-EACCES; if (ipcperms (&shp->shm_perm, S_IRUGO)) goto out_unlock; - err = security_ops->shm_shmctl(shp, cmd); + err = security_shm_shmctl(shp, cmd); if (err) goto out_unlock; kernel_to_ipc64_perm(&shp->shm_perm, &tbuf.shm_perm); @@ -507,7 +507,7 @@ if(err) goto out_unlock; - err = security_ops->shm_shmctl(shp, cmd); + err = security_shm_shmctl(shp, cmd); if (err) goto out_unlock; @@ -551,7 +551,7 @@ goto out_unlock_up; } - err = security_ops->shm_shmctl(shp, cmd); + err = security_shm_shmctl(shp, cmd); if (err) goto out_unlock_up; @@ -588,7 +588,7 @@ goto out_unlock_up; } - err = security_ops->shm_shmctl(shp, cmd); + err = security_shm_shmctl(shp, cmd); if (err) goto out_unlock_up; @@ -681,7 +681,7 @@ goto out; } - err = security_ops->shm_shmat(shp, shmaddr, shmflg); + err = security_shm_shmat(shp, shmaddr, shmflg); if (err) { shm_unlock(shp); return err; Index: lsm-2.5/kernel/printk.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/kernel/printk.c,v retrieving revision 1.12 diff -u -r1.12 printk.c --- lsm-2.5/kernel/printk.c 29 Nov 2002 18:17:07 -0000 1.12 +++ lsm-2.5/kernel/printk.c 4 Dec 2002 20:37:23 -0000 @@ -176,7 +176,7 @@ char *lbuf = NULL; int error = 0; - error = security_ops->syslog(type); + error = security_syslog(type); if( error ) return error; Index: lsm-2.5/kernel/sys.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/kernel/sys.c,v retrieving revision 1.21 diff -u -r1.21 sys.c --- lsm-2.5/kernel/sys.c 29 Nov 2002 17:14:46 -0000 1.21 +++ lsm-2.5/kernel/sys.c 4 Dec 2002 20:38:27 -0000 @@ -222,7 +222,7 @@ error = -EACCES; goto out; } - no_nice = security_ops->task_setnice(p, niceval); + no_nice = security_task_setnice(p, niceval); if (no_nice) { error = no_nice; goto out; @@ -368,7 +368,7 @@ if (!capable(CAP_SYS_BOOT)) return -EPERM; - retval = security_ops->reboot(cmd); + retval = security_reboot(cmd); if (retval) { return retval; } @@ -947,7 +947,7 @@ } ok_pgid: - err = security_ops->task_setpgid(p, pgid); + err = security_task_setpgid(p, pgid); if (err) goto out; @@ -1152,7 +1152,7 @@ return -EFAULT; nodename[len] = 0; - errno = security_ops->sethostname(nodename); + errno = security_sethostname(nodename); if (errno) return errno; @@ -1196,7 +1196,7 @@ return -EFAULT; domainname[len] = 0; - errno = security_ops->setdomainname(domainname); + errno = security_setdomainname(domainname); if (errno) return errno; Index: lsm-2.5/kernel/sysctl.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/kernel/sysctl.c,v retrieving revision 1.17 diff -u -r1.17 sysctl.c --- lsm-2.5/kernel/sysctl.c 29 Nov 2002 18:17:08 -0000 1.17 +++ lsm-2.5/kernel/sysctl.c 4 Dec 2002 20:38:46 -0000 @@ -427,7 +427,7 @@ static inline int ctl_perm(ctl_table *table, int op) { int error; - error = security_ops->sysctl(table, op); + error = security_sysctl(table, op); if(error) { return error; } Index: lsm-2.5/kernel/time.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/kernel/time.c,v retrieving revision 1.4 diff -u -r1.4 time.c --- lsm-2.5/kernel/time.c 19 Nov 2002 15:10:42 -0000 1.4 +++ lsm-2.5/kernel/time.c 4 Dec 2002 20:41:35 -0000 @@ -154,7 +154,7 @@ return -EPERM; /* Call the Linux Security Module to perform its checks */ - error = security_ops->settime(tv, tz); + error = security_settime(tv, tz); if (error) return error; Index: lsm-2.5/mm/oom_kill.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/mm/oom_kill.c,v retrieving revision 1.10 diff -u -r1.10 oom_kill.c --- lsm-2.5/mm/oom_kill.c 29 Nov 2002 18:17:08 -0000 1.10 +++ lsm-2.5/mm/oom_kill.c 4 Dec 2002 20:41:53 -0000 @@ -89,7 +89,7 @@ * Superuser processes are usually more important, so we make it * less likely that we kill those. */ - if (!security_ops->capable(p,CAP_SYS_ADMIN) || + if (!security_capable(p,CAP_SYS_ADMIN) || p->uid == 0 || p->euid == 0) points /= 4; @@ -99,7 +99,7 @@ * tend to only have this flag set on applications they think * of as important. */ - if (!security_ops->capable(p,CAP_SYS_RAWIO)) + if (!security_capable(p,CAP_SYS_RAWIO)) points /= 4; #ifdef DEBUG printk(KERN_DEBUG "OOMkill: task %d (%s) got %d points\n", @@ -150,7 +150,7 @@ p->flags |= PF_MEMALLOC | PF_MEMDIE; /* This process has hardware access, be more careful. */ - if (!security_ops->capable(p,CAP_SYS_RAWIO)) { + if (!security_capable(p,CAP_SYS_RAWIO)) { force_sig(SIGTERM, p); } else { force_sig(SIGKILL, p); Index: lsm-2.5/mm/swapfile.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/mm/swapfile.c,v retrieving revision 1.26 diff -u -r1.26 swapfile.c --- lsm-2.5/mm/swapfile.c 29 Nov 2002 18:17:08 -0000 1.26 +++ lsm-2.5/mm/swapfile.c 4 Dec 2002 20:42:08 -0000 @@ -991,7 +991,7 @@ prev = type; } - err = security_ops->swapoff(p); + err = security_swapoff(p); if (err) { swap_list_unlock(); goto out_dput; @@ -1230,7 +1230,7 @@ } p->swap_file = swap_file; - error = security_ops->swapon(p); + error = security_swapon(p); if (error) goto bad_swap_2; Index: lsm-2.5/net/socket.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/socket.c,v retrieving revision 1.22 diff -u -r1.22 socket.c --- lsm-2.5/net/socket.c 25 Nov 2002 14:12:27 -0000 1.22 +++ lsm-2.5/net/socket.c 4 Dec 2002 21:02:29 -0000 @@ -528,7 +528,7 @@ si->msg = msg; si->size = size; - err = security_ops->socket_sendmsg(sock, msg, size); + err = security_socket_sendmsg(sock, msg, size); if (err) return err; @@ -565,7 +565,7 @@ si->size = size; si->flags = flags; - err = security_ops->socket_recvmsg(sock, msg, size, flags); + err = security_socket_recvmsg(sock, msg, size, flags); if (err) return err; @@ -997,7 +997,7 @@ family = PF_PACKET; } - err = security_ops->socket_create(family, type, protocol); + err = security_socket_create(family, type, protocol); if (err) return err; @@ -1046,7 +1046,7 @@ *res = sock; - security_ops->socket_post_create(sock, family, type, protocol); + security_socket_post_create(sock, family, type, protocol); out: net_family_read_unlock(); @@ -1158,7 +1158,7 @@ if((sock = sockfd_lookup(fd,&err))!=NULL) { if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0) { - err = security_ops->socket_bind(sock, (struct sockaddr *)address, addrlen); + err = security_socket_bind(sock, (struct sockaddr *)address, addrlen); if (err) { sockfd_put(sock); return err; @@ -1186,7 +1186,7 @@ if ((unsigned) backlog > SOMAXCONN) backlog = SOMAXCONN; - err = security_ops->socket_listen(sock, backlog); + err = security_socket_listen(sock, backlog); if (err) { sockfd_put(sock); return err; @@ -1228,7 +1228,7 @@ newsock->type = sock->type; newsock->ops = sock->ops; - err = security_ops->socket_accept(sock, newsock); + err = security_socket_accept(sock, newsock); if (err) goto out_release; @@ -1251,7 +1251,7 @@ if ((err = sock_map_fd(newsock)) < 0) goto out_release; - security_ops->socket_post_accept(sock, newsock); + security_socket_post_accept(sock, newsock); out_put: sockfd_put(sock); @@ -1289,7 +1289,7 @@ if (err < 0) goto out_put; - err = security_ops->socket_connect(sock, (struct sockaddr *)address, addrlen); + err = security_socket_connect(sock, (struct sockaddr *)address, addrlen); if (err) goto out_put; @@ -1317,7 +1317,7 @@ if (!sock) goto out; - err = security_ops->socket_getsockname(sock); + err = security_socket_getsockname(sock); if (err) goto out_put; @@ -1345,7 +1345,7 @@ if ((sock = sockfd_lookup(fd, &err))!=NULL) { - err = security_ops->socket_getpeername(sock); + err = security_socket_getpeername(sock); if (err) { sockfd_put(sock); return err; @@ -1479,7 +1479,7 @@ if ((sock = sockfd_lookup(fd, &err))!=NULL) { - err = security_ops->socket_setsockopt(sock,level,optname); + err = security_socket_setsockopt(sock,level,optname); if (err) { sockfd_put(sock); return err; @@ -1506,7 +1506,7 @@ if ((sock = sockfd_lookup(fd, &err))!=NULL) { - err = security_ops->socket_getsockopt(sock, level, + err = security_socket_getsockopt(sock, level, optname); if (err) { sockfd_put(sock); @@ -1534,7 +1534,7 @@ if ((sock = sockfd_lookup(fd, &err))!=NULL) { - err = security_ops->socket_shutdown(sock, how); + err = security_socket_shutdown(sock, how); if (err) { sockfd_put(sock); return err; Index: lsm-2.5/net/core/datagram.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/core/datagram.c,v retrieving revision 1.5 diff -u -r1.5 datagram.c --- lsm-2.5/net/core/datagram.c 14 Aug 2002 17:09:42 -0000 1.5 +++ lsm-2.5/net/core/datagram.c 4 Dec 2002 21:02:38 -0000 @@ -177,7 +177,7 @@ skb = skb_dequeue(&sk->receive_queue); if (skb) { - security_ops->skb_recv_datagram(skb, sk, flags); + security_skb_recv_datagram(skb, sk, flags); return skb; } Index: lsm-2.5/net/core/dev.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/core/dev.c,v retrieving revision 1.16 diff -u -r1.16 dev.c --- lsm-2.5/net/core/dev.c 25 Nov 2002 14:12:30 -0000 1.16 +++ lsm-2.5/net/core/dev.c 4 Dec 2002 21:04:55 -0000 @@ -2594,7 +2594,7 @@ free_divert_blk(dev); #endif - security_ops->netdev_unregister(dev); + security_netdev_unregister(dev); if (dev->features & NETIF_F_DYNALLOC) { #ifdef NET_REFCNT_DEBUG Index: lsm-2.5/net/core/rtnetlink.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/core/rtnetlink.c,v retrieving revision 1.4 diff -u -r1.4 rtnetlink.c --- lsm-2.5/net/core/rtnetlink.c 6 Nov 2002 20:38:55 -0000 1.4 +++ lsm-2.5/net/core/rtnetlink.c 4 Dec 2002 21:05:02 -0000 @@ -316,7 +316,7 @@ sz_idx = type>>2; kind = type&3; - if (kind != 2 && security_ops->netlink_recv(skb)) { + if (kind != 2 && security_netlink_recv(skb)) { *errp = -EPERM; return -1; } Index: lsm-2.5/net/core/skbuff.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/core/skbuff.c,v retrieving revision 1.10 diff -u -r1.10 skbuff.c --- lsm-2.5/net/core/skbuff.c 6 Nov 2002 20:38:55 -0000 1.10 +++ lsm-2.5/net/core/skbuff.c 4 Dec 2002 21:05:21 -0000 @@ -196,7 +196,7 @@ if (!data) goto nodata; - if (security_ops->skb_alloc_security(skb, gfp_mask)) { + if (security_skb_alloc(skb, gfp_mask)) { kfree(data); goto nodata; } @@ -344,7 +344,7 @@ nf_bridge_put(skb->nf_bridge); #endif #endif - security_ops->skb_free_security(skb); + security_skb_free(skb); skb_headerinit(skb, NULL, 0); /* clean state */ kfree_skbmem(skb); } @@ -373,7 +373,7 @@ return NULL; } - if (security_ops->skb_clone(n, skb)) { + if (security_skb_clone(n, skb)) { skb_head_to_pool(n); return NULL; } @@ -477,7 +477,7 @@ #ifdef CONFIG_NET_SCHED new->tc_index = old->tc_index; #endif - security_ops->skb_copy(new, old); + security_skb_copy(new, old); } /** Index: lsm-2.5/net/core/sock.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/core/sock.c,v retrieving revision 1.6 diff -u -r1.6 sock.c --- lsm-2.5/net/core/sock.c 22 Oct 2002 12:59:09 -0000 1.6 +++ lsm-2.5/net/core/sock.c 4 Dec 2002 21:04:13 -0000 @@ -601,7 +601,7 @@ sock_lock_init(sk); } sk->security = NULL; - if (security_ops->socket_sock_alloc_security(sk, priority)) { + if (security_sock_alloc(sk, priority)) { kmem_cache_free(slab, sk); return NULL; } @@ -631,7 +631,7 @@ if (atomic_read(&sk->omem_alloc)) printk(KERN_DEBUG "sk_free: optmem leakage (%d bytes) detected.\n", atomic_read(&sk->omem_alloc)); - security_ops->socket_sock_free_security(sk); + security_sock_free(sk); kmem_cache_free(sk->slab, sk); } Index: lsm-2.5/net/ipv4/ip_fragment.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ip_fragment.c,v retrieving revision 1.5 diff -u -r1.5 ip_fragment.c --- lsm-2.5/net/ipv4/ip_fragment.c 8 Jul 2002 12:46:26 -0000 1.5 +++ lsm-2.5/net/ipv4/ip_fragment.c 4 Dec 2002 21:05:50 -0000 @@ -375,7 +375,7 @@ int flags, offset; int ihl, end, ret; - ret = security_ops->ip_defragment(skb); + ret = security_ip_defragment(skb); if (ret) goto err; Index: lsm-2.5/net/ipv4/ip_gre.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ip_gre.c,v retrieving revision 1.11 diff -u -r1.11 ip_gre.c --- lsm-2.5/net/ipv4/ip_gre.c 12 Nov 2002 14:56:44 -0000 1.11 +++ lsm-2.5/net/ipv4/ip_gre.c 4 Dec 2002 21:05:58 -0000 @@ -661,7 +661,7 @@ skb->nf_debug = 0; #endif #endif - security_ops->ip_decapsulate(skb); + security_ip_decapsulate(skb); ipgre_ecn_decapsulate(iph, skb); netif_rx(skb); read_unlock(&ipgre_lock); @@ -899,7 +899,7 @@ skb->nf_debug = 0; #endif #endif - security_ops->ip_encapsulate(skb); + security_ip_encapsulate(skb); IPTUNNEL_XMIT(); tunnel->recursion--; Index: lsm-2.5/net/ipv4/ip_options.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ip_options.c,v retrieving revision 1.4 diff -u -r1.4 ip_options.c --- lsm-2.5/net/ipv4/ip_options.c 26 Sep 2002 19:31:18 -0000 1.4 +++ lsm-2.5/net/ipv4/ip_options.c 4 Dec 2002 21:06:06 -0000 @@ -435,7 +435,7 @@ case IPOPT_SEC: case IPOPT_CIPSO: case IPOPT_SID: - if (security_ops->ip_decode_options(skb, optptr, &pp_ptr)) + if (security_ip_decode_options(skb, optptr, &pp_ptr)) goto error; break; default: Index: lsm-2.5/net/ipv4/ip_output.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ip_output.c,v retrieving revision 1.14 diff -u -r1.14 ip_output.c --- lsm-2.5/net/ipv4/ip_output.c 19 Nov 2002 15:10:50 -0000 1.14 +++ lsm-2.5/net/ipv4/ip_output.c 4 Dec 2002 21:06:13 -0000 @@ -633,7 +633,7 @@ ptr += len; offset += len; - security_ops->ip_fragment(skb2, skb); + security_ip_fragment(skb2, skb); /* * Put this fragment into the sending queue. Index: lsm-2.5/net/ipv4/ipip.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ipip.c,v retrieving revision 1.10 diff -u -r1.10 ipip.c --- lsm-2.5/net/ipv4/ipip.c 12 Nov 2002 14:56:44 -0000 1.10 +++ lsm-2.5/net/ipv4/ipip.c 4 Dec 2002 21:06:26 -0000 @@ -508,7 +508,7 @@ skb->nf_debug = 0; #endif #endif - security_ops->ip_decapsulate(skb); + security_ip_decapsulate(skb); ipip_ecn_decapsulate(iph, skb); netif_rx(skb); read_unlock(&ipip_lock); @@ -663,7 +663,7 @@ #endif #endif - security_ops->ip_encapsulate(skb); + security_ip_encapsulate(skb); IPTUNNEL_XMIT(); tunnel->recursion--; Index: lsm-2.5/net/ipv4/ipmr.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/ipmr.c,v retrieving revision 1.10 diff -u -r1.10 ipmr.c --- lsm-2.5/net/ipv4/ipmr.c 12 Nov 2002 14:56:45 -0000 1.10 +++ lsm-2.5/net/ipv4/ipmr.c 4 Dec 2002 21:06:44 -0000 @@ -1105,7 +1105,7 @@ nf_conntrack_put(skb->nfct); skb->nfct = NULL; #endif - security_ops->ip_encapsulate(skb); + security_ip_encapsulate(skb); } static inline int ipmr_forward_finish(struct sk_buff *skb) @@ -1462,7 +1462,7 @@ nf_conntrack_put(skb->nfct); skb->nfct = NULL; #endif - security_ops->ip_decapsulate(skb); + security_ip_decapsulate(skb); netif_rx(skb); dev_put(reg_dev); return 0; @@ -1530,7 +1530,7 @@ nf_conntrack_put(skb->nfct); skb->nfct = NULL; #endif - security_ops->ip_decapsulate(skb); + security_ip_decapsulate(skb); netif_rx(skb); dev_put(reg_dev); return 0; Index: lsm-2.5/net/ipv4/syncookies.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/syncookies.c,v retrieving revision 1.3 diff -u -r1.3 syncookies.c --- lsm-2.5/net/ipv4/syncookies.c 6 Nov 2002 20:39:00 -0000 1.3 +++ lsm-2.5/net/ipv4/syncookies.c 4 Dec 2002 21:06:51 -0000 @@ -188,7 +188,7 @@ } } - security_ops->tcp_connection_request(sk, skb, req); + security_tcp_connection_request(sk, skb, req); /* Try to redo what tcp_v4_send_synack did. */ req->window_clamp = dst_metric(&rt->u.dst, RTAX_WINDOW); Index: lsm-2.5/net/ipv4/tcp_ipv4.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/tcp_ipv4.c,v retrieving revision 1.19 diff -u -r1.19 tcp_ipv4.c --- lsm-2.5/net/ipv4/tcp_ipv4.c 19 Nov 2002 15:10:50 -0000 1.19 +++ lsm-2.5/net/ipv4/tcp_ipv4.c 4 Dec 2002 21:07:08 -0000 @@ -1331,7 +1331,7 @@ if (skb) { struct tcphdr *th = skb->h.th; - security_ops->tcp_synack(sk, skb, req); + security_tcp_synack(sk, skb, req); th->check = tcp_v4_check(th, skb->len, req->af.v4_req.loc_addr, @@ -1549,7 +1549,7 @@ } req->snt_isn = isn; - security_ops->tcp_connection_request(sk, skb, req); + security_tcp_connection_request(sk, skb, req); if (tcp_v4_send_synack(sk, req, dst)) goto drop_and_free; @@ -1800,7 +1800,7 @@ goto no_tcp_socket; process: - if (security_ops->socket_sock_rcv_skb(sk, skb)) + if (security_sock_rcv_skb(sk, skb)) goto discard_and_relse; if (sk->state == TCP_TIME_WAIT) Index: lsm-2.5/net/ipv4/tcp_minisocks.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/tcp_minisocks.c,v retrieving revision 1.10 diff -u -r1.10 tcp_minisocks.c --- lsm-2.5/net/ipv4/tcp_minisocks.c 12 Nov 2002 14:56:45 -0000 1.10 +++ lsm-2.5/net/ipv4/tcp_minisocks.c 4 Dec 2002 21:07:36 -0000 @@ -803,7 +803,7 @@ TCP_INC_STATS_BH(TcpPassiveOpens); - security_ops->tcp_create_openreq_child(sk, newsk, skb, req); + security_tcp_create_openreq_child(sk, newsk, skb, req); } return newsk; } Index: lsm-2.5/net/ipv4/netfilter/ip_queue.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/ipv4/netfilter/ip_queue.c,v retrieving revision 1.6 diff -u -r1.6 ip_queue.c --- lsm-2.5/net/ipv4/netfilter/ip_queue.c 14 Aug 2002 17:09:44 -0000 1.6 +++ lsm-2.5/net/ipv4/netfilter/ip_queue.c 4 Dec 2002 21:07:45 -0000 @@ -496,7 +496,7 @@ if (type <= IPQM_BASE) return; - if (security_ops->netlink_recv(skb)) + if (security_netlink_recv(skb)) RCV_SKB_FAIL(-EPERM); write_lock_bh(&queue_lock); Index: lsm-2.5/net/netlink/af_netlink.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/netlink/af_netlink.c,v retrieving revision 1.9 diff -u -r1.9 af_netlink.c --- lsm-2.5/net/netlink/af_netlink.c 25 Nov 2002 14:12:33 -0000 1.9 +++ lsm-2.5/net/netlink/af_netlink.c 4 Dec 2002 21:07:58 -0000 @@ -637,7 +637,7 @@ to corresponding kernel module. --ANK (980802) */ - err = security_ops->netlink_send(skb); + err = security_netlink_send(skb); if (err) { kfree_skb(skb); goto out; Index: lsm-2.5/net/unix/af_unix.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/net/unix/af_unix.c,v retrieving revision 1.18 diff -u -r1.18 af_unix.c --- lsm-2.5/net/unix/af_unix.c 29 Nov 2002 17:14:55 -0000 1.18 +++ lsm-2.5/net/unix/af_unix.c 4 Dec 2002 21:08:14 -0000 @@ -818,7 +818,7 @@ if (!unix_may_send(sk, other)) goto out_unlock; - err = security_ops->unix_may_send(sk->socket, other->socket); + err = security_unix_may_send(sk->socket, other->socket); if (err) goto out_unlock; @@ -987,7 +987,7 @@ goto restart; } - err = security_ops->unix_stream_connect(sock, other->socket, newsk); + err = security_unix_stream_connect(sock, other->socket, newsk); if (err) { unix_state_wunlock(sk); goto out_unlock; @@ -1291,7 +1291,7 @@ if (other->shutdown&RCV_SHUTDOWN) goto out_unlock; - err = security_ops->unix_may_send(sk->socket, other->socket); + err = security_unix_may_send(sk->socket, other->socket); if (err) goto out_unlock; Index: lsm-2.5/security/capability.c =================================================================== RCS file: /home/pal/CVS/lsm-2.5/security/capability.c,v retrieving revision 1.29 diff -u -r1.29 capability.c --- lsm-2.5/security/capability.c 2 Dec 2002 17:09:19 -0000 1.29 +++ lsm-2.5/security/capability.c 4 Dec 2002 20:59:03 -0000 @@ -279,6 +279,16 @@ return; } +int cap_ip_decode_options (struct sk_buff *skb, const char *optptr, + unsigned char **pp_ptr) +{ + if (!skb && !capable (CAP_NET_RAW)) { + (const unsigned char *) *pp_ptr = optptr; + return -EPERM; + } + return 0; +} + EXPORT_SYMBOL(cap_capable); EXPORT_SYMBOL(cap_ptrace); EXPORT_SYMBOL(cap_capget); @@ -289,6 +299,9 @@ EXPORT_SYMBOL(cap_task_post_setuid); EXPORT_SYMBOL(cap_task_kmod_set_label); EXPORT_SYMBOL(cap_task_reparent_to_init); +EXPORT_SYMBOL(cap_netlink_send); +EXPORT_SYMBOL(cap_netlink_recv); +EXPORT_SYMBOL(cap_ip_decode_options); #ifdef CONFIG_SECURITY @@ -761,16 +774,6 @@ static void cap_ip_decapsulate (struct sk_buff *skb) { return; -} - -static int cap_ip_decode_options (struct sk_buff *skb, const char *optptr, - unsigned char **pp_ptr) -{ - if (!skb && !capable (CAP_NET_RAW)) { - (const unsigned char *) *pp_ptr = optptr; - return -EPERM; - } - return 0; } static void cap_netdev_unregister (struct net_device *dev) _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Dec 04 2002 - 13:52:42 PST