security.c 54.8 KB
Newer Older
Linus Torvalds's avatar
Linus Torvalds committed
1 2 3 4 5 6 7 8 9 10 11 12 13
/*
 * Security plug functions
 *
 * Copyright (C) 2001 WireX Communications, Inc <[email protected]>
 * Copyright (C) 2001-2002 Greg Kroah-Hartman <[email protected]>
 * Copyright (C) 2001 Networks Associates Technology, Inc <[email protected]>
 *
 *	This program is free software; you can redistribute it and/or modify
 *	it under the terms of the GNU General Public License as published by
 *	the Free Software Foundation; either version 2 of the License, or
 *	(at your option) any later version.
 */

14
#include <linux/capability.h>
15
#include <linux/dcache.h>
Linus Torvalds's avatar
Linus Torvalds committed
16 17 18
#include <linux/module.h>
#include <linux/init.h>
#include <linux/kernel.h>
Casey Schaufler's avatar
Casey Schaufler committed
19
#include <linux/lsm_hooks.h>
20
#include <linux/integrity.h>
21
#include <linux/ima.h>
22
#include <linux/evm.h>
Al Viro's avatar
Al Viro committed
23
#include <linux/fsnotify.h>
24 25 26
#include <linux/mman.h>
#include <linux/mount.h>
#include <linux/personality.h>
Paul Mundt's avatar
Paul Mundt committed
27
#include <linux/backing-dev.h>
Al Viro's avatar
Al Viro committed
28
#include <net/flow.h>
Linus Torvalds's avatar
Linus Torvalds committed
29

30
#define MAX_LSM_EVM_XATTR	2
Linus Torvalds's avatar
Linus Torvalds committed
31

32 33 34
/* Maximum number of letters for an LSM name string */
#define SECURITY_NAME_MAX	10

35
/* Boot-time LSM user choice */
36 37
static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
	CONFIG_DEFAULT_SECURITY;
Linus Torvalds's avatar
Linus Torvalds committed
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55

static void __init do_security_initcalls(void)
{
	initcall_t *call;
	call = __security_initcall_start;
	while (call < __security_initcall_end) {
		(*call) ();
		call++;
	}
}

/**
 * security_init - initializes the security framework
 *
 * This should be called early in the kernel initialization sequence.
 */
int __init security_init(void)
{
56
	pr_info("Security Framework initialized\n");
Linus Torvalds's avatar
Linus Torvalds committed
57

58
	/*
59
	 * Load minor LSMs, with the capability module always first.
60 61 62
	 */
	capability_add_hooks();
	yama_add_hooks();
63
	loadpin_add_hooks();
64

65
	/*
66
	 * Load all the remaining security modules.
67
	 */
Linus Torvalds's avatar
Linus Torvalds committed
68 69 70 71 72
	do_security_initcalls();

	return 0;
}

73 74 75 76 77 78 79 80 81 82
/* Save user chosen LSM */
static int __init choose_lsm(char *str)
{
	strncpy(chosen_lsm, str, SECURITY_NAME_MAX);
	return 1;
}
__setup("security=", choose_lsm);

/**
 * security_module_enable - Load given security module on boot ?
83
 * @module: the name of the module
84 85 86
 *
 * Each LSM must pass this method before registering its own operations
 * to avoid security registration races. This method may also be used
87
 * to check if your LSM is currently loaded during kernel initialization.
88 89 90
 *
 * Return true if:
 *	-The passed LSM is the one chosen by user at boot time,
91
 *	-or the passed LSM is configured as the default and the user did not
92
 *	 choose an alternate LSM at boot time.
93 94
 * Otherwise, return false.
 */
95
int __init security_module_enable(const char *module)
96
{
97
	return !strcmp(module, chosen_lsm);
98 99
}

100
/*
101
 * Hook list operation macros.
Linus Torvalds's avatar
Linus Torvalds committed
102
 *
103 104
 * call_void_hook:
 *	This is a hook that does not return a value.
Linus Torvalds's avatar
Linus Torvalds committed
105
 *
106 107
 * call_int_hook:
 *	This is a hook that returns a value.
Linus Torvalds's avatar
Linus Torvalds committed
108 109
 */

110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130
#define call_void_hook(FUNC, ...)				\
	do {							\
		struct security_hook_list *P;			\
								\
		list_for_each_entry(P, &security_hook_heads.FUNC, list)	\
			P->hook.FUNC(__VA_ARGS__);		\
	} while (0)

#define call_int_hook(FUNC, IRC, ...) ({			\
	int RC = IRC;						\
	do {							\
		struct security_hook_list *P;			\
								\
		list_for_each_entry(P, &security_hook_heads.FUNC, list) { \
			RC = P->hook.FUNC(__VA_ARGS__);		\
			if (RC != 0)				\
				break;				\
		}						\
	} while (0);						\
	RC;							\
})
Linus Torvalds's avatar
Linus Torvalds committed
131

132 133
/* Security operations */

134 135
int security_binder_set_context_mgr(struct task_struct *mgr)
{
136
	return call_int_hook(binder_set_context_mgr, 0, mgr);
137 138 139 140 141
}

int security_binder_transaction(struct task_struct *from,
				struct task_struct *to)
{
142
	return call_int_hook(binder_transaction, 0, from, to);
143 144 145 146 147
}

int security_binder_transfer_binder(struct task_struct *from,
				    struct task_struct *to)
{
148
	return call_int_hook(binder_transfer_binder, 0, from, to);
149 150 151 152 153
}

int security_binder_transfer_file(struct task_struct *from,
				  struct task_struct *to, struct file *file)
{
154
	return call_int_hook(binder_transfer_file, 0, from, to, file);
155 156
}

157
int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
158
{
159
	return call_int_hook(ptrace_access_check, 0, child, mode);
160 161 162 163
}

int security_ptrace_traceme(struct task_struct *parent)
{
164
	return call_int_hook(ptrace_traceme, 0, parent);
165 166 167 168 169 170 171
}

int security_capget(struct task_struct *target,
		     kernel_cap_t *effective,
		     kernel_cap_t *inheritable,
		     kernel_cap_t *permitted)
{
172 173
	return call_int_hook(capget, 0, target,
				effective, inheritable, permitted);
174 175
}

176 177 178 179
int security_capset(struct cred *new, const struct cred *old,
		    const kernel_cap_t *effective,
		    const kernel_cap_t *inheritable,
		    const kernel_cap_t *permitted)
180
{
181 182
	return call_int_hook(capset, 0, new, old,
				effective, inheritable, permitted);
183 184
}

185
int security_capable(const struct cred *cred, struct user_namespace *ns,
186
		     int cap)
187
{
188
	return call_int_hook(capable, 0, cred, ns, cap, SECURITY_CAP_AUDIT);
189 190
}

191 192
int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
			     int cap)
193
{
194
	return call_int_hook(capable, 0, cred, ns, cap, SECURITY_CAP_NOAUDIT);
195 196 197 198
}

int security_quotactl(int cmds, int type, int id, struct super_block *sb)
{
199
	return call_int_hook(quotactl, 0, cmds, type, id, sb);
200 201 202 203
}

int security_quota_on(struct dentry *dentry)
{
204
	return call_int_hook(quota_on, 0, dentry);
205 206
}

207
int security_syslog(int type)
208
{
209
	return call_int_hook(syslog, 0, type);
210 211
}

212
int security_settime64(const struct timespec64 *ts, const struct timezone *tz)
213
{
214
	return call_int_hook(settime, 0, ts, tz);
215 216 217 218
}

int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
{
219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237
	struct security_hook_list *hp;
	int cap_sys_admin = 1;
	int rc;

	/*
	 * The module will respond with a positive value if
	 * it thinks the __vm_enough_memory() call should be
	 * made with the cap_sys_admin set. If all of the modules
	 * agree that it should be set it will. If any module
	 * thinks it should not be set it won't.
	 */
	list_for_each_entry(hp, &security_hook_heads.vm_enough_memory, list) {
		rc = hp->hook.vm_enough_memory(mm, pages);
		if (rc <= 0) {
			cap_sys_admin = 0;
			break;
		}
	}
	return __vm_enough_memory(mm, pages, cap_sys_admin);
238 239
}

240
int security_bprm_set_creds(struct linux_binprm *bprm)
241
{
242
	return call_int_hook(bprm_set_creds, 0, bprm);
243 244
}

245
int security_bprm_check(struct linux_binprm *bprm)
246
{
247 248
	int ret;

249
	ret = call_int_hook(bprm_check_security, 0, bprm);
250 251 252
	if (ret)
		return ret;
	return ima_bprm_check(bprm);
253 254
}

255
void security_bprm_committing_creds(struct linux_binprm *bprm)
256
{
257
	call_void_hook(bprm_committing_creds, bprm);
258 259
}

260
void security_bprm_committed_creds(struct linux_binprm *bprm)
261
{
262
	call_void_hook(bprm_committed_creds, bprm);
263 264 265 266
}

int security_bprm_secureexec(struct linux_binprm *bprm)
{
267
	return call_int_hook(bprm_secureexec, 0, bprm);
268 269 270 271
}

int security_sb_alloc(struct super_block *sb)
{
272
	return call_int_hook(sb_alloc_security, 0, sb);
273 274 275 276
}

void security_sb_free(struct super_block *sb)
{
277
	call_void_hook(sb_free_security, sb);
278 279
}

280
int security_sb_copy_data(char *orig, char *copy)
281
{
282
	return call_int_hook(sb_copy_data, 0, orig, copy);
283
}
284
EXPORT_SYMBOL(security_sb_copy_data);
285

286 287
int security_sb_remount(struct super_block *sb, void *data)
{
288
	return call_int_hook(sb_remount, 0, sb, data);
289 290
}

291
int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
292
{
293
	return call_int_hook(sb_kern_mount, 0, sb, flags, data);
294 295
}

296 297
int security_sb_show_options(struct seq_file *m, struct super_block *sb)
{
298
	return call_int_hook(sb_show_options, 0, m, sb);
299 300
}

301 302
int security_sb_statfs(struct dentry *dentry)
{
303
	return call_int_hook(sb_statfs, 0, dentry);
304 305
}

Al Viro's avatar
Al Viro committed
306
int security_sb_mount(const char *dev_name, const struct path *path,
Al Viro's avatar
Al Viro committed
307
                       const char *type, unsigned long flags, void *data)
308
{
309
	return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data);
310 311 312 313
}

int security_sb_umount(struct vfsmount *mnt, int flags)
{
314
	return call_int_hook(sb_umount, 0, mnt, flags);
315 316
}

Al Viro's avatar
Al Viro committed
317
int security_sb_pivotroot(const struct path *old_path, const struct path *new_path)
318
{
319
	return call_int_hook(sb_pivotroot, 0, old_path, new_path);
320 321
}

322
int security_sb_set_mnt_opts(struct super_block *sb,
323 324 325
				struct security_mnt_opts *opts,
				unsigned long kern_flags,
				unsigned long *set_kern_flags)
326
{
327 328 329
	return call_int_hook(sb_set_mnt_opts,
				opts->num_mnt_opts ? -EOPNOTSUPP : 0, sb,
				opts, kern_flags, set_kern_flags);
330
}
331
EXPORT_SYMBOL(security_sb_set_mnt_opts);
332

333
int security_sb_clone_mnt_opts(const struct super_block *oldsb,
334 335
				struct super_block *newsb)
{
336
	return call_int_hook(sb_clone_mnt_opts, 0, oldsb, newsb);
337
}
338 339 340 341
EXPORT_SYMBOL(security_sb_clone_mnt_opts);

int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
{
342
	return call_int_hook(sb_parse_opts_str, 0, options, opts);
343 344
}
EXPORT_SYMBOL(security_sb_parse_opts_str);
345

346 347 348
int security_inode_alloc(struct inode *inode)
{
	inode->i_security = NULL;
349
	return call_int_hook(inode_alloc_security, 0, inode);
350 351 352 353
}

void security_inode_free(struct inode *inode)
{
354
	integrity_inode_free(inode);
355
	call_void_hook(inode_free_security, inode);
356 357
}

358
int security_dentry_init_security(struct dentry *dentry, int mode,
359
					const struct qstr *name, void **ctx,
360 361
					u32 *ctxlen)
{
362 363
	return call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode,
				name, ctx, ctxlen);
364 365 366
}
EXPORT_SYMBOL(security_dentry_init_security);

367 368 369 370 371 372 373 374 375
int security_dentry_create_files_as(struct dentry *dentry, int mode,
				    struct qstr *name,
				    const struct cred *old, struct cred *new)
{
	return call_int_hook(dentry_create_files_as, 0, dentry, mode,
				name, old, new);
}
EXPORT_SYMBOL(security_dentry_create_files_as);

376
int security_inode_init_security(struct inode *inode, struct inode *dir,
377 378
				 const struct qstr *qstr,
				 const initxattrs initxattrs, void *fs_data)
379
{
380 381
	struct xattr new_xattrs[MAX_LSM_EVM_XATTR + 1];
	struct xattr *lsm_xattr, *evm_xattr, *xattr;
382 383
	int ret;

384
	if (unlikely(IS_PRIVATE(inode)))
385
		return 0;
386 387

	if (!initxattrs)
388 389
		return call_int_hook(inode_init_security, -EOPNOTSUPP, inode,
				     dir, qstr, NULL, NULL, NULL);
390
	memset(new_xattrs, 0, sizeof(new_xattrs));
391
	lsm_xattr = new_xattrs;
392
	ret = call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr,
393 394 395 396 397
						&lsm_xattr->name,
						&lsm_xattr->value,
						&lsm_xattr->value_len);
	if (ret)
		goto out;
398 399 400 401 402

	evm_xattr = lsm_xattr + 1;
	ret = evm_inode_init_security(inode, lsm_xattr, evm_xattr);
	if (ret)
		goto out;
403 404
	ret = initxattrs(inode, new_xattrs, fs_data);
out:
405
	for (xattr = new_xattrs; xattr->value != NULL; xattr++)
406
		kfree(xattr->value);
407 408 409 410 411
	return (ret == -EOPNOTSUPP) ? 0 : ret;
}
EXPORT_SYMBOL(security_inode_init_security);

int security_old_inode_init_security(struct inode *inode, struct inode *dir,
412
				     const struct qstr *qstr, const char **name,
413
				     void **value, size_t *len)
414 415
{
	if (unlikely(IS_PRIVATE(inode)))
416
		return -EOPNOTSUPP;
417 418
	return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir,
			     qstr, name, value, len);
419
}
420
EXPORT_SYMBOL(security_old_inode_init_security);
421

422
#ifdef CONFIG_SECURITY_PATH
423
int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode,
424 425
			unsigned int dev)
{
426
	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
427
		return 0;
428
	return call_int_hook(path_mknod, 0, dir, dentry, mode, dev);
429 430 431
}
EXPORT_SYMBOL(security_path_mknod);

432
int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode)
433
{
434
	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
435
		return 0;
436
	return call_int_hook(path_mkdir, 0, dir, dentry, mode);
437
}
438
EXPORT_SYMBOL(security_path_mkdir);
439

440
int security_path_rmdir(const struct path *dir, struct dentry *dentry)
441
{
442
	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
443
		return 0;
444
	return call_int_hook(path_rmdir, 0, dir, dentry);
445 446
}

447
int security_path_unlink(const struct path *dir, struct dentry *dentry)
448
{
449
	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
450
		return 0;
451
	return call_int_hook(path_unlink, 0, dir, dentry);
452
}
453
EXPORT_SYMBOL(security_path_unlink);
454

455
int security_path_symlink(const struct path *dir, struct dentry *dentry,
456 457
			  const char *old_name)
{
458
	if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
459
		return 0;
460
	return call_int_hook(path_symlink, 0, dir, dentry, old_name);
461 462
}

463
int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
464 465
		       struct dentry *new_dentry)
{
466
	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry))))
467
		return 0;
468
	return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry);
469 470
}

471 472
int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
			 const struct path *new_dir, struct dentry *new_dentry,
473
			 unsigned int flags)
474
{
475 476
	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) ||
		     (d_is_positive(new_dentry) && IS_PRIVATE(d_backing_inode(new_dentry)))))
477
		return 0;
Miklos Szeredi's avatar
Miklos Szeredi committed
478 479

	if (flags & RENAME_EXCHANGE) {
480 481
		int err = call_int_hook(path_rename, 0, new_dir, new_dentry,
					old_dir, old_dentry);
Miklos Szeredi's avatar
Miklos Szeredi committed
482 483 484 485
		if (err)
			return err;
	}

486 487
	return call_int_hook(path_rename, 0, old_dir, old_dentry, new_dir,
				new_dentry);
488
}
489
EXPORT_SYMBOL(security_path_rename);
490

Al Viro's avatar
Al Viro committed
491
int security_path_truncate(const struct path *path)
492
{
493
	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
494
		return 0;
495
	return call_int_hook(path_truncate, 0, path);
496
}
497

498
int security_path_chmod(const struct path *path, umode_t mode)
499
{
500
	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
501
		return 0;
502
	return call_int_hook(path_chmod, 0, path, mode);
503 504
}

505
int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
506
{
507
	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
508
		return 0;
509
	return call_int_hook(path_chown, 0, path, uid, gid);
510
}
511

Al Viro's avatar
Al Viro committed
512
int security_path_chroot(const struct path *path)
513
{
514
	return call_int_hook(path_chroot, 0, path);
515
}
516 517
#endif

Al Viro's avatar
Al Viro committed
518
int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
519 520 521
{
	if (unlikely(IS_PRIVATE(dir)))
		return 0;
522
	return call_int_hook(inode_create, 0, dir, dentry, mode);
523
}
524
EXPORT_SYMBOL_GPL(security_inode_create);
525 526 527 528

int security_inode_link(struct dentry *old_dentry, struct inode *dir,
			 struct dentry *new_dentry)
{
529
	if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry))))
530
		return 0;
531
	return call_int_hook(inode_link, 0, old_dentry, dir, new_dentry);
532 533 534 535
}

int security_inode_unlink(struct inode *dir, struct dentry *dentry)
{
536
	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
537
		return 0;
538
	return call_int_hook(inode_unlink, 0, dir, dentry);
539 540 541 542 543 544 545
}

int security_inode_symlink(struct inode *dir, struct dentry *dentry,
			    const char *old_name)
{
	if (unlikely(IS_PRIVATE(dir)))
		return 0;
546
	return call_int_hook(inode_symlink, 0, dir, dentry, old_name);
547 548
}

549
int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
550 551 552
{
	if (unlikely(IS_PRIVATE(dir)))
		return 0;
553
	return call_int_hook(inode_mkdir, 0, dir, dentry, mode);
554
}
555
EXPORT_SYMBOL_GPL(security_inode_mkdir);
556 557 558

int security_inode_rmdir(struct inode *dir, struct dentry *dentry)
{
559
	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
560
		return 0;
561
	return call_int_hook(inode_rmdir, 0, dir, dentry);
562 563
}

Al Viro's avatar
Al Viro committed
564
int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
565 566 567
{
	if (unlikely(IS_PRIVATE(dir)))
		return 0;
568
	return call_int_hook(inode_mknod, 0, dir, dentry, mode, dev);
569 570 571
}

int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
572 573
			   struct inode *new_dir, struct dentry *new_dentry,
			   unsigned int flags)
574
{
575 576
        if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) ||
            (d_is_positive(new_dentry) && IS_PRIVATE(d_backing_inode(new_dentry)))))
577
		return 0;
Miklos Szeredi's avatar
Miklos Szeredi committed
578 579

	if (flags & RENAME_EXCHANGE) {
580
		int err = call_int_hook(inode_rename, 0, new_dir, new_dentry,
Miklos Szeredi's avatar
Miklos Szeredi committed
581 582 583 584 585
						     old_dir, old_dentry);
		if (err)
			return err;
	}

586
	return call_int_hook(inode_rename, 0, old_dir, old_dentry,
587 588 589 590 591
					   new_dir, new_dentry);
}

int security_inode_readlink(struct dentry *dentry)
{
592
	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
593
		return 0;
594
	return call_int_hook(inode_readlink, 0, dentry);
595 596
}

597 598
int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
			       bool rcu)
599
{
600
	if (unlikely(IS_PRIVATE(inode)))
601
		return 0;
602
	return call_int_hook(inode_follow_link, 0, dentry, inode, rcu);
603 604
}

605
int security_inode_permission(struct inode *inode, int mask)
606 607 608
{
	if (unlikely(IS_PRIVATE(inode)))
		return 0;
609
	return call_int_hook(inode_permission, 0, inode, mask);
610 611 612 613
}

int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
{
614 615
	int ret;

616
	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
617
		return 0;
618
	ret = call_int_hook(inode_setattr, 0, dentry, attr);
619 620 621
	if (ret)
		return ret;
	return evm_inode_setattr(dentry, attr);
622
}
623
EXPORT_SYMBOL_GPL(security_inode_setattr);
624

625
int security_inode_getattr(const struct path *path)
626
{
627
	if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
628
		return 0;
629
	return call_int_hook(inode_getattr, 0, path);
630 631
}

632 633
int security_inode_setxattr(struct dentry *dentry, const char *name,
			    const void *value, size_t size, int flags)
634
{
635 636
	int ret;

637
	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
638
		return 0;
639 640 641 642 643
	/*
	 * SELinux and Smack integrate the cap call,
	 * so assume that all LSMs supplying this call do so.
	 */
	ret = call_int_hook(inode_setxattr, 1, dentry, name, value, size,
644
				flags);
645 646 647

	if (ret == 1)
		ret = cap_inode_setxattr(dentry, name, value, size, flags);
648 649 650
	if (ret)
		return ret;
	ret = ima_inode_setxattr(dentry, name, value, size);
651 652 653
	if (ret)
		return ret;
	return evm_inode_setxattr(dentry, name, value, size);
654 655
}

656 657
void security_inode_post_setxattr(struct dentry *dentry, const char *name,
				  const void *value, size_t size, int flags)
658
{
659
	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
660
		return;
661
	call_void_hook(inode_post_setxattr, dentry, name, value, size, flags);
662
	evm_inode_post_setxattr(dentry, name, value, size);
663 664
}

665
int security_inode_getxattr(struct dentry *dentry, const char *name)
666
{
667
	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
668
		return 0;
669
	return call_int_hook(inode_getxattr, 0, dentry, name);
670 671 672 673
}

int security_inode_listxattr(struct dentry *dentry)
{
674
	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
675
		return 0;
676
	return call_int_hook(inode_listxattr, 0, dentry);
677 678
}

679
int security_inode_removexattr(struct dentry *dentry, const char *name)
680
{
681 682
	int ret;

683
	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
684
		return 0;
685 686 687 688 689 690 691
	/*
	 * SELinux and Smack integrate the cap call,
	 * so assume that all LSMs supplying this call do so.
	 */
	ret = call_int_hook(inode_removexattr, 1, dentry, name);
	if (ret == 1)
		ret = cap_inode_removexattr(dentry, name);
692 693 694
	if (ret)
		return ret;
	ret = ima_inode_removexattr(dentry, name);
695 696 697
	if (ret)
		return ret;
	return evm_inode_removexattr(dentry, name);
698 699
}

700 701
int security_inode_need_killpriv(struct dentry *dentry)
{
702
	return call_int_hook(inode_need_killpriv, 0, dentry);
703 704 705 706
}

int security_inode_killpriv(struct dentry *dentry)
{
707
	return call_int_hook(inode_killpriv, 0, dentry);
708 709
}

710
int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
711
{
712 713 714
	struct security_hook_list *hp;
	int rc;

715
	if (unlikely(IS_PRIVATE(inode)))
716
		return -EOPNOTSUPP;
717 718 719 720 721 722 723 724 725
	/*
	 * Only one module will provide an attribute with a given name.
	 */
	list_for_each_entry(hp, &security_hook_heads.inode_getsecurity, list) {
		rc = hp->hook.inode_getsecurity(inode, name, buffer, alloc);
		if (rc != -EOPNOTSUPP)
			return rc;
	}
	return -EOPNOTSUPP;
726 727 728 729
}

int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
{
730 731 732
	struct security_hook_list *hp;
	int rc;

733
	if (unlikely(IS_PRIVATE(inode)))
734
		return -EOPNOTSUPP;
735 736 737 738 739 740 741 742 743 744
	/*
	 * Only one module will provide an attribute with a given name.
	 */
	list_for_each_entry(hp, &security_hook_heads.inode_setsecurity, list) {
		rc = hp->hook.inode_setsecurity(inode, name, value, size,
								flags);
		if (rc != -EOPNOTSUPP)
			return rc;
	}
	return -EOPNOTSUPP;
745 746 747 748 749 750
}

int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
{
	if (unlikely(IS_PRIVATE(inode)))
		return 0;
751
	return call_int_hook(inode_listsecurity, 0, inode, buffer, buffer_size);
752
}
753
EXPORT_SYMBOL(security_inode_listsecurity);
754

755
void security_inode_getsecid(struct inode *inode, u32 *secid)
756
{
757
	call_void_hook(inode_getsecid, inode, secid);
758 759
}

760 761 762 763 764 765
int security_inode_copy_up(struct dentry *src, struct cred **new)
{
	return call_int_hook(inode_copy_up, 0, src, new);
}
EXPORT_SYMBOL(security_inode_copy_up);

766 767 768 769 770 771
int security_inode_copy_up_xattr(const char *name)
{
	return call_int_hook(inode_copy_up_xattr, -EOPNOTSUPP, name);
}
EXPORT_SYMBOL(security_inode_copy_up_xattr);

772 773
int security_file_permission(struct file *file, int mask)
{
774 775
	int ret;

776
	ret = call_int_hook(file_permission, 0, file, mask);
777 778 779 780
	if (ret)
		return ret;

	return fsnotify_perm(file, mask);
781 782 783 784
}

int security_file_alloc(struct file *file)
{
785
	return call_int_hook(file_alloc_security, 0, file);
786 787 788 789
}

void security_file_free(struct file *file)
{
790
	call_void_hook(file_free_security, file);
791 792 793 794
}

int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{
795
	return call_int_hook(file_ioctl, 0, file, cmd, arg);
796 797
}

798
static inline unsigned long mmap_prot(struct file *file, unsigned long prot)
799
{
800
	/*
801 802
	 * Does we have PROT_READ and does the application expect
	 * it to imply PROT_EXEC?  If not, nothing to talk about...
803
	 */
804 805
	if ((prot & (PROT_READ | PROT_EXEC)) != PROT_READ)
		return prot;
806
	if (!(current->personality & READ_IMPLIES_EXEC))
807 808 809 810 811 812 813 814
		return prot;
	/*
	 * if that's an anonymous mapping, let it.
	 */
	if (!file)
		return prot | PROT_EXEC;
	/*
	 * ditto if it's not on noexec mount, except that on !MMU we need
815
	 * NOMMU_MAP_EXEC (== VM_MAYEXEC) in this case
816
	 */
817
	if (!path_noexec(&file->f_path)) {
818
#ifndef CONFIG_MMU
819 820 821 822 823
		if (file->f_op->mmap_capabilities) {
			unsigned caps = file->f_op->mmap_capabilities(file);
			if (!(caps & NOMMU_MAP_EXEC))
				return prot;
		}
824
#endif
825
		return prot | PROT_EXEC;
826
	}
827 828 829 830 831 832 833 834
	/* anything on noexec mount won't get PROT_EXEC */
	return prot;
}

int security_mmap_file(struct file *file, unsigned long prot,
			unsigned long flags)
{
	int ret;
835
	ret = call_int_hook(mmap_file, 0, file, prot,
836
					mmap_prot(file, prot), flags);
837 838 839
	if (ret)
		return ret;
	return ima_file_mmap(file, prot);
840 841
}

842 843
int security_mmap_addr(unsigned long addr)
{
844
	return call_int_hook(mmap_addr, 0, addr);
845 846
}

847 848 849
int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
			    unsigned long prot)
{
850
	return call_int_hook(file_mprotect, 0, vma, reqprot, prot);
851 852 853 854
}

int security_file_lock(struct file *file, unsigned int cmd)
{
855
	return call_int_hook(file_lock, 0, file, cmd);
856 857 858 859
}

int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
{
860
	return call_int_hook(file_fcntl, 0, file, cmd, arg);
861 862
}

863
void security_file_set_fowner(struct file *file)
864
{
865
	call_void_hook(file_set_fowner, file);
866 867 868 869 870
}

int security_file_send_sigiotask(struct task_struct *tsk,
				  struct fown_struct *fown, int sig)
{
871
	return call_int_hook(file_send_sigiotask, 0, tsk, fown, sig);
872 873 874 875
}

int security_file_receive(struct file *file)
{
876
	return call_int_hook(file_receive, 0, file);
877 878
}

879
int security_file_open(struct file *file, const struct cred *cred)
880
{
881 882
	int ret;

883
	ret = call_int_hook(file_open, 0, file, cred);