172
172
effective, inheritable, permitted);
175
int security_capable(const struct cred *cred, int cap)
177
return security_ops->capable(current, cred, cap, SECURITY_CAP_AUDIT);
180
int security_real_capable(struct task_struct *tsk, int cap)
182
const struct cred *cred;
185
cred = get_task_cred(tsk);
186
ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_AUDIT);
191
int security_real_capable_noaudit(struct task_struct *tsk, int cap)
193
const struct cred *cred;
196
cred = get_task_cred(tsk);
197
ret = security_ops->capable(tsk, cred, cap, SECURITY_CAP_NOAUDIT);
202
int security_sysctl(struct ctl_table *table, int op)
204
return security_ops->sysctl(table, op);
175
int security_capable(struct user_namespace *ns, const struct cred *cred,
178
return security_ops->capable(current, cred, ns, cap,
182
int security_real_capable(struct task_struct *tsk, struct user_namespace *ns,
185
const struct cred *cred;
188
cred = get_task_cred(tsk);
189
ret = security_ops->capable(tsk, cred, ns, cap, SECURITY_CAP_AUDIT);
194
int security_real_capable_noaudit(struct task_struct *tsk,
195
struct user_namespace *ns, int cap)
197
const struct cred *cred;
200
cred = get_task_cred(tsk);
201
ret = security_ops->capable(tsk, cred, ns, cap, SECURITY_CAP_NOAUDIT);
207
206
int security_quotactl(int cmds, int type, int id, struct super_block *sb)
219
218
return security_ops->syslog(type);
222
int security_settime(struct timespec *ts, struct timezone *tz)
221
int security_settime(const struct timespec *ts, const struct timezone *tz)
224
223
return security_ops->settime(ts, tz);
290
289
EXPORT_SYMBOL(security_sb_copy_data);
291
int security_sb_remount(struct super_block *sb, void *data)
293
return security_ops->sb_remount(sb, data);
292
296
int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
294
298
return security_ops->sb_kern_mount(sb, flags, data);
355
359
int security_inode_init_security(struct inode *inode, struct inode *dir,
356
char **name, void **value, size_t *len)
360
const struct qstr *qstr, char **name,
361
void **value, size_t *len)
358
363
if (unlikely(IS_PRIVATE(inode)))
359
364
return -EOPNOTSUPP;
360
return security_ops->inode_init_security(inode, dir, name, value, len);
365
return security_ops->inode_init_security(inode, dir, qstr, name, value,
362
368
EXPORT_SYMBOL(security_inode_init_security);
548
554
if (unlikely(IS_PRIVATE(inode)))
550
return security_ops->inode_permission(inode, mask);
556
return security_ops->inode_permission(inode, mask, 0);
552
558
EXPORT_SYMBOL(security_inode_permission);
556
562
if (unlikely(IS_PRIVATE(inode)))
560
return security_ops->inode_permission(inode, MAY_EXEC);
564
return security_ops->inode_permission(inode, MAY_EXEC, flags);
563
567
int security_inode_setattr(struct dentry *dentry, struct iattr *attr)
1158
1162
void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
1160
security_ops->sk_getsecid(sk, &fl->secid);
1164
security_ops->sk_getsecid(sk, &fl->flowi_secid);
1162
1166
EXPORT_SYMBOL(security_sk_classify_flow);
1292
1296
int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
1293
struct xfrm_policy *xp, struct flowi *fl)
1297
struct xfrm_policy *xp,
1298
const struct flowi *fl)
1295
1300
return security_ops->xfrm_state_pol_flow_match(x, xp, fl);
1303
1308
void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
1305
int rc = security_ops->xfrm_decode_session(skb, &fl->secid, 0);
1310
int rc = security_ops->xfrm_decode_session(skb, &fl->flowi_secid, 0);