LSM: convert over the remaining security calls to the new format.

ipc/msg.c

@@ -101,15 +101,14 @@ static int newque (key_t key, int msgflg)
 	msq->q_perm.key = key;
 
 	msq->q_perm.security = NULL;
-	retval = security_ops->msg_queue_alloc_security(msq);
-	if (retval) {
+	if ((retval = security_msg_queue_alloc(msq))) {
 		kfree(msq);
 		return retval;
 	}
 
 	id = ipc_addid(&msg_ids, &msq->q_perm, msg_ctlmni);
 	if(id == -1) {
-		security_ops->msg_queue_free_security(msq);
+		security_msg_queue_free(msq);
 		kfree(msq);
 		return -ENOSPC;
 	}
@@ -281,7 +280,7 @@ static void freeque (int id)
 		free_msg(msg);
 	}
 	atomic_sub(msq->q_cbytes, &msg_bytes);
-	security_ops->msg_queue_free_security(msq);
+	security_msg_queue_free(msq);
 	kfree(msq);
 }
 

ipc/sem.c

@@ -136,15 +136,14 @@ static int newary (key_t key, int nsems, int semflg)
 	sma->sem_perm.key = key;
 
 	sma->sem_perm.security = NULL;
-	retval = security_ops->sem_alloc_security(sma);
-	if (retval) {
+	if ((retval = security_sem_alloc(sma))) {
 		ipc_free(sma, size);
 		return retval;
 	}
 
 	id = ipc_addid(&sem_ids, &sma->sem_perm, sc_semmni);
 	if(id == -1) {
-		security_ops->sem_free_security(sma);
+		security_sem_free(sma);
 		ipc_free(sma, size);
 		return -ENOSPC;
 	}
@@ -427,7 +426,7 @@ static void freeary (int id)
 
 	used_sems -= sma->sem_nsems;
 	size = sizeof (*sma) + sma->sem_nsems * sizeof (struct sem);
-	security_ops->sem_free_security(sma);
+	security_sem_free(sma);
 	ipc_free(sma, size);
 }
 

ipc/shm.c

@@ -116,7 +116,7 @@ static void shm_destroy (struct shmid_kernel *shp)
 	shm_unlock(shp->id);
 	shmem_lock(shp->shm_file, 0);
 	fput (shp->shm_file);
-	security_ops->shm_free_security(shp);
+	security_shm_free(shp);
 	kfree (shp);
 }
 
@@ -188,8 +188,7 @@ static int newseg (key_t key, int shmflg, size_t size)
 	shp->shm_flags = (shmflg & S_IRWXUGO);
 
 	shp->shm_perm.security = NULL;
-	error = security_ops->shm_alloc_security(shp);
-	if (error) {
+	if ((error = security_shm_alloc(shp))) {
 		kfree(shp);
 		return error;
 	}
@@ -222,7 +221,7 @@ static int newseg (key_t key, int shmflg, size_t size)
 no_id:
 	fput(file);
 no_file:
-	security_ops->shm_free_security(shp);
+	security_shm_free(shp);
 	kfree(shp);
 	return error;
 }

ipc/util.c

@@ -264,7 +264,7 @@ int ipcperms (struct kern_ipc_perm *ipcp, short flag)
 	    !capable(CAP_IPC_OWNER))
 		return -1;
 
-	return security_ops->ipc_permission(ipcp, flag);
+	return security_ipc_permission(ipcp, flag);
 }
 
 /*

kernel/acct.c

@@ -223,8 +223,7 @@ asmlinkage long sys_acct(const char *name)
 		}
 	}
 
-	error = security_ops->acct(file);
-	if (error)
+	if ((error = security_acct(file)))
 		return error;
 
 	spin_lock(&acct_globals.lock);

kernel/capability.c

@@ -64,7 +64,7 @@ asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr)
      data.permitted = cap_t(target->cap_permitted);
      data.inheritable = cap_t(target->cap_inheritable); 
      data.effective = cap_t(target->cap_effective);
-     ret = security_ops->capget(target, &data.effective, &data.inheritable, &data.permitted);
+     ret = security_capget(target, &data.effective, &data.inheritable, &data.permitted);
 
 out:
      read_unlock(&tasklist_lock); 
@@ -89,7 +89,7 @@ static inline void cap_set_pg(int pgrp, kernel_cap_t *effective,
      do_each_thread(g, target) {
              if (target->pgrp != pgrp)
                      continue;
-	     security_ops->capset_set(target, effective, inheritable, permitted);
+	     security_capset_set(target, effective, inheritable, permitted);
      } while_each_thread(g, target);
 }
 
@@ -106,7 +106,7 @@ static inline void cap_set_all(kernel_cap_t *effective,
      do_each_thread(g, target) {
              if (target == current || target->pid == 1)
                      continue;
-	     security_ops->capset_set(target, effective, inheritable, permitted);
+	     security_capset_set(target, effective, inheritable, permitted);
      } while_each_thread(g, target);
 }
 
@@ -164,7 +164,7 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data)
 
      ret = -EPERM;
 
-     if (security_ops->capset_check(target, &effective, &inheritable, &permitted))
+     if (security_capset_check(target, &effective, &inheritable, &permitted))
 	     goto out;
 
      if (!cap_issubset(inheritable, cap_combine(target->cap_inheritable,
@@ -191,7 +191,7 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data)
              else            /* all procs in process group */
                      cap_set_pg(-pid, &effective, &inheritable, &permitted);
      } else {
-	     security_ops->capset_set(target, &effective, &inheritable, &permitted);
+	     security_capset_set(target, &effective, &inheritable, &permitted);
      }
 
 out:

kernel/exit.c

@@ -67,7 +67,7 @@ void release_task(struct task_struct * p)
 		wait_task_inactive(p);
 
 	atomic_dec(&p->user->processes);
-	security_ops->task_free_security(p);
+	security_task_free(p);
 	free_uid(p->user);
 	write_lock_irq(&tasklist_lock);
 	if (unlikely(p->ptrace))
@@ -248,7 +248,7 @@ void reparent_to_init(void)
 	/* cpus_allowed? */
 	/* rt_priority? */
 	/* signals? */
-	security_ops->task_reparent_to_init(current);
+	security_task_reparent_to_init(current);
 	memcpy(current->rlim, init_task.rlim, sizeof(*(current->rlim)));
 	current->user = INIT_USER;
 
@@ -774,7 +774,7 @@ static int eligible_child(pid_t pid, int options, task_t *p)
 	if (current->tgid != p->tgid && delay_group_leader(p))
 		return 2;
 
-	if (security_ops->task_wait(p))
+	if (security_task_wait(p))
 		return 0;
 
 	return 1;

kernel/fork.c

@@ -682,8 +682,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
 	if ((clone_flags & CLONE_DETACHED) && !(clone_flags & CLONE_THREAD))
 		return ERR_PTR(-EINVAL);
 
-	retval = security_ops->task_create(clone_flags);
-	if (retval)
+	if ((retval = security_task_create(clone_flags)))
 		goto fork_out;
 
 	retval = -ENOMEM;
@@ -772,7 +771,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
 	INIT_LIST_HEAD(&p->local_pages);
 
 	retval = -ENOMEM;
-	if (security_ops->task_alloc_security(p))
+	if (security_task_alloc(p))
 		goto bad_fork_cleanup;
 	/* copy all the process information */
 	if (copy_semundo(clone_flags, p))
@@ -922,7 +921,7 @@ static struct task_struct *copy_process(unsigned long clone_flags,
 bad_fork_cleanup_semundo:
 	exit_semundo(p);
 bad_fork_cleanup_security:
-	security_ops->task_free_security(p);
+	security_task_free(p);
 bad_fork_cleanup:
 	if (p->pid > 0)
 		free_pidmap(p->pid);

kernel/kmod.c

@@ -135,7 +135,7 @@ int exec_usermodehelper(char *program_path, char *argv[], char *envp[])
 	/* Give kmod all effective privileges.. */
 	curtask->euid = curtask->fsuid = 0;
 	curtask->egid = curtask->fsgid = 0;
-	security_ops->task_kmod_set_label();
+	security_task_kmod_set_label();
 
 	/* Allow execve args to be in kernel space. */
 	set_fs(KERNEL_DS);

kernel/sched.c

@@ -1329,8 +1329,7 @@ asmlinkage long sys_nice(int increment)
 	if (nice > 19)
 		nice = 19;
 
-	retval = security_ops->task_setnice(current, nice);
-	if (retval)
+	if ((retval = security_task_setnice(current, nice)))
 		return retval;
 
 	set_user_nice(current, nice);
@@ -1451,8 +1450,7 @@ static int setscheduler(pid_t pid, int policy, struct sched_param *param)
 	    !capable(CAP_SYS_NICE))
 		goto out_unlock;
 
-	retval = security_ops->task_setscheduler(p, policy, &lp);
-	if (retval)
+	if ((retval = security_task_setscheduler(p, policy, &lp)))
 		goto out_unlock;
 
 	array = p->array;
@@ -1515,8 +1513,7 @@ asmlinkage long sys_sched_getscheduler(pid_t pid)
 	read_lock(&tasklist_lock);
 	p = find_process_by_pid(pid);
 	if (p) {
-		retval = security_ops->task_getscheduler(p);
-		if (!retval)
+		if (!(retval = security_task_getscheduler(p)))
 			retval = p->policy;
 	}
 	read_unlock(&tasklist_lock);
@@ -1545,8 +1542,7 @@ asmlinkage long sys_sched_getparam(pid_t pid, struct sched_param *param)
 	if (!p)
 		goto out_unlock;
 
-	retval = security_ops->task_getscheduler(p);
-	if (retval)
+	if ((retval = security_task_getscheduler(p)))
 		goto out_unlock;
 
 	lp.sched_priority = p->rt_priority;
@@ -1778,8 +1774,7 @@ asmlinkage long sys_sched_rr_get_interval(pid_t pid, struct timespec *interval)
 	if (!p)
 		goto out_unlock;
 
-	retval = security_ops->task_getscheduler(p);
-	if (retval)
+	if ((retval = security_task_getscheduler(p)))
 		goto out_unlock;
 
 	jiffies_to_timespec(p->policy & SCHED_FIFO ?

kernel/signal.c

@@ -707,8 +707,7 @@ specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t, int
 	ret = -EPERM;
 	if (bad_signal(sig, info, t))
 		goto out;
-	ret = security_ops->task_kill(t, info, sig);
-	if (ret)
+	if ((ret = security_task_kill(t, info, sig)))
 		goto out;
 
 	/* The null signal is a permissions and process existence probe.

kernel/sys.c

@@ -204,6 +204,7 @@ cond_syscall(sys_nfsservctl)
 cond_syscall(sys_quotactl)
 cond_syscall(sys_acct)
 cond_syscall(sys_lookup_dcookie)
+cond_syscall(sys_security)
 
 static int set_one_prio(struct task_struct *p, int niceval, int error)
 {
@@ -479,8 +480,7 @@ asmlinkage long sys_setregid(gid_t rgid, gid_t egid)
 	int new_egid = old_egid;
 	int retval;
 
-	retval = security_ops->task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE);
-	if (retval)
+	if ((retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE)))
 		return retval;
 
 	if (rgid != (gid_t) -1) {
@@ -525,8 +525,7 @@ asmlinkage long sys_setgid(gid_t gid)
 	int old_egid = current->egid;
 	int retval;
 
-	retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID);
-	if (retval)
+	if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID)))
 		return retval;
 
 	if (capable(CAP_SETGID))
@@ -599,8 +598,7 @@ asmlinkage long sys_setreuid(uid_t ruid, uid_t euid)
 	int old_ruid, old_euid, old_suid, new_ruid, new_euid;
 	int retval;
 
-	retval = security_ops->task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE);
-	if (retval)
+	if ((retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE)))
 		return retval;
 
 	new_ruid = old_ruid = current->uid;
@@ -638,7 +636,7 @@ asmlinkage long sys_setreuid(uid_t ruid, uid_t euid)
 		current->suid = current->euid;
 	current->fsuid = current->euid;
 
-	return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
+	return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RE);
 }
 
 
@@ -660,8 +658,7 @@ asmlinkage long sys_setuid(uid_t uid)
 	int old_ruid, old_suid, new_ruid, new_suid;
 	int retval;
 
-	retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID);
-	if (retval)
+	if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID)))
 		return retval;
 
 	old_ruid = new_ruid = current->uid;
@@ -683,7 +680,7 @@ asmlinkage long sys_setuid(uid_t uid)
 	current->fsuid = current->euid = uid;
 	current->suid = new_suid;
 
-	return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID);
+	return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_ID);
 }
 
 
@@ -698,8 +695,7 @@ asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid)
 	int old_suid = current->suid;
 	int retval;
 
-	retval = security_ops->task_setuid(ruid, euid, suid, LSM_SETID_RES);
-	if (retval)
+	if ((retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES)))
 		return retval;
 
 	if (!capable(CAP_SETUID)) {
@@ -729,7 +725,7 @@ asmlinkage long sys_setresuid(uid_t ruid, uid_t euid, uid_t suid)
 	if (suid != (uid_t) -1)
 		current->suid = suid;
 
-	return security_ops->task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES);
+	return security_task_post_setuid(old_ruid, old_euid, old_suid, LSM_SETID_RES);
 }
 
 asmlinkage long sys_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid)
@@ -750,8 +746,7 @@ asmlinkage long sys_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
 {
 	int retval;
 
-	retval = security_ops->task_setgid(rgid, egid, sgid, LSM_SETID_RES);
-	if (retval)
+	if ((retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES)))
 		return retval;
 
 	if (!capable(CAP_SETGID)) {
@@ -804,8 +799,7 @@ asmlinkage long sys_setfsuid(uid_t uid)
 	int old_fsuid;
 	int retval;
 
-	retval = security_ops->task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
-	if (retval)
+	if ((retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)))
 		return retval;
 
 	old_fsuid = current->fsuid;
@@ -821,8 +815,7 @@ asmlinkage long sys_setfsuid(uid_t uid)
 		current->fsuid = uid;
 	}
 
-	retval = security_ops->task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS);
-	if (retval)
+	if ((retval = security_task_post_setuid(old_fsuid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS)))
 		return retval;
 
 	return old_fsuid;
@@ -836,8 +829,7 @@ asmlinkage long sys_setfsgid(gid_t gid)
 	int old_fsgid;
 	int retval;
 
-	retval = security_ops->task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS);
-	if (retval)
+	if ((retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS)))
 		return retval;
 
 	old_fsgid = current->fsgid;
@@ -962,8 +954,7 @@ asmlinkage long sys_getpgid(pid_t pid)
 
 		retval = -ESRCH;
 		if (p) {
-			retval = security_ops->task_getpgid(p);
-			if (!retval)
+			if (!(retval = security_task_getpgid(p)))
 				retval = p->pgrp;
 		}
 		read_unlock(&tasklist_lock);
@@ -990,8 +981,7 @@ asmlinkage long sys_getsid(pid_t pid)
 
 		retval = -ESRCH;
 		if(p) {
-			retval = security_ops->task_getsid(p);
-			if (!retval)
+			if (!(retval = security_task_getsid(p)))
 				retval = p->session;
 		}
 		read_unlock(&tasklist_lock);
@@ -1072,8 +1062,7 @@ asmlinkage long sys_setgroups(int gidsetsize, gid_t *grouplist)
 		return -EINVAL;
 	if(copy_from_user(groups, grouplist, gidsetsize * sizeof(gid_t)))
 		return -EFAULT;
-	retval = security_ops->task_setgroups(gidsetsize, groups);
-	if (retval)
+	if ((retval = security_task_setgroups(gidsetsize, groups)))
 		return retval;
 	memcpy(current->groups, groups, gidsetsize * sizeof(gid_t));
 	current->ngroups = gidsetsize;
@@ -1236,8 +1225,7 @@ asmlinkage long sys_setrlimit(unsigned int resource, struct rlimit *rlim)
 			return -EPERM;
 	}
 
-	retval = security_ops->task_setrlimit(resource, &new_rlim);
-	if (retval)
+	if ((retval = security_task_setrlimit(resource, &new_rlim)))
 		return retval;
 
 	*old_rlim = new_rlim;
@@ -1311,8 +1299,7 @@ asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3,
 	int error = 0;
 	int sig;
 
-	error = security_ops->task_prctl(option, arg2, arg3, arg4, arg5);
-	if (error)
+	if ((error = security_task_prctl(option, arg2, arg3, arg4, arg5)))
 		return error;
 
 	switch (option) {

kernel/uid16.c

@@ -140,8 +140,7 @@ asmlinkage long sys_setgroups16(int gidsetsize, old_gid_t *grouplist)
 		return -EFAULT;
 	for (i = 0 ; i < gidsetsize ; i++)
 		new_groups[i] = (gid_t)groups[i];
-	i = security_ops->task_setgroups(gidsetsize, new_groups);
-	if (i)
+	if ((i = security_task_setgroups(gidsetsize, new_groups)))
 		return i;
 	memcpy(current->groups, new_groups, gidsetsize * sizeof(gid_t));
 	current->ngroups = gidsetsize;

net/decnet/af_decnet.c

@@ -794,7 +794,7 @@ static int dn_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
 	 * dn_prot_sock ? Would be nice if the capable call would go there
 	 * too.
 	 */
-	if (security_ops->dn_prot_sock(saddr) &&
+	if (security_dn_prot_sock(saddr) &&
 	    !capable(CAP_NET_BIND_SERVICE) || 
 	    saddr->sdn_objnum || (saddr->sdn_flags & SDF_WILD))
 		return -EACCES;