LSM: change all of the VFS related security calls to the new format.

fs/attr.c

@@ -153,13 +153,12 @@ int notify_change(struct dentry * dentry, struct iattr * attr)
 	}
 
 	if (inode->i_op && inode->i_op->setattr) {
-		error = security_ops->inode_setattr(dentry, attr);
-		if (!error)
+		if (!(error = security_inode_setattr(dentry, attr)))
 			error = inode->i_op->setattr(dentry, attr);
 	} else {
 		error = inode_change_ok(inode, attr);
 		if (!error)
-			error = security_ops->inode_setattr(dentry, attr);
+			error = security_inode_setattr(dentry, attr);
 		if (!error) {
 			if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
 			    (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))

fs/dquot.c

@@ -1306,8 +1306,7 @@ int vfs_quota_on(struct super_block *sb, int type, int format_id, char *path)
 	error = -EIO;
 	if (!f->f_op || !f->f_op->read || !f->f_op->write)
 		goto out_f;
-	error = security_ops->quota_on(f);
-	if (error)
+	if ((error = security_quota_on(f)))
 		goto out_f;
 	inode = f->f_dentry->d_inode;
 	error = -EACCES;

fs/fcntl.c

@@ -274,8 +274,7 @@ int f_setown(struct file *filp, unsigned long arg, int force)
 {
 	int err;
 	
-	err = security_ops->file_set_fowner(filp);
-	if (err)
+	if ((err = security_file_set_fowner(filp)))
 		return err;
 
 	f_modown(filp, arg, current->uid, current->euid, force);
@@ -368,8 +367,7 @@ asmlinkage long sys_fcntl(unsigned int fd, unsigned int cmd, unsigned long arg)
 	if (!filp)
 		goto out;
 
-	err = security_ops->file_fcntl(filp, cmd, arg);
-	if (err) {
+	if ((err = security_file_fcntl(filp, cmd, arg))) {
 		fput(filp);
 		return err;
 	}
@@ -392,8 +390,7 @@ asmlinkage long sys_fcntl64(unsigned int fd, unsigned int cmd, unsigned long arg
 	if (!filp)
 		goto out;
 
-	err = security_ops->file_fcntl(filp, cmd, arg);
-	if (err) {
+	if ((err = security_file_fcntl(filp, cmd, arg))) {
 		fput(filp);
 		return err;
 	}
@@ -444,7 +441,7 @@ static void send_sigio_to_task(struct task_struct *p,
 	if (!sigio_perm(p, fown))
 		return;
 
-	if (security_ops->file_send_sigiotask(p, fown, fd, reason))
+	if (security_file_send_sigiotask(p, fown, fd, reason))
 		return;
 
 	switch (fown->signum) {

fs/file_table.c

@@ -46,7 +46,7 @@ struct file * get_empty_filp(void)
 		files_stat.nr_free_files--;
 	new_one:
 		memset(f, 0, sizeof(*f));
-		if (security_ops->file_alloc_security(f)) {
+		if (security_file_alloc(f)) {
 			list_add(&f->f_list, &free_list);
 			files_stat.nr_free_files++;
 			file_list_unlock();
@@ -127,7 +127,7 @@ void __fput(struct file * file)
 
 	if (file->f_op && file->f_op->release)
 		file->f_op->release(inode, file);
-	security_ops->file_free_security(file);
+	security_file_free(file);
 	fops_put(file->f_op);
 	if (file->f_mode & FMODE_WRITE)
 		put_write_access(inode);
@@ -160,7 +160,7 @@ struct file * fget(unsigned int fd)
 void put_filp(struct file *file)
 {
 	if(atomic_dec_and_test(&file->f_count)) {
-		security_ops->file_free_security(file);
+		security_file_free(file);
 		file_list_lock();
 		list_del(&file->f_list);
 		list_add(&file->f_list, &free_list);

fs/inode.c

@@ -120,7 +120,7 @@ static struct inode *alloc_inode(struct super_block *sb)
 		inode->i_bdev = NULL;
 		inode->i_cdev = NULL;
 		inode->i_security = NULL;
-		if (security_ops->inode_alloc_security(inode)) {
+		if (security_inode_alloc(inode)) {
 			if (inode->i_sb->s_op->destroy_inode)
 				inode->i_sb->s_op->destroy_inode(inode);
 			else
@@ -146,7 +146,7 @@ static void destroy_inode(struct inode *inode)
 {
 	if (inode_has_buffers(inode))
 		BUG();
-	security_ops->inode_free_security(inode);
+	security_inode_free(inode);
 	if (inode->i_sb->s_op->destroy_inode) {
 		inode->i_sb->s_op->destroy_inode(inode);
 	} else {
@@ -922,7 +922,7 @@ void generic_delete_inode(struct inode *inode)
 	if (inode->i_data.nrpages)
 		truncate_inode_pages(&inode->i_data, 0);
 
-	security_ops->inode_delete(inode);
+	security_inode_delete(inode);
 
 	if (op && op->delete_inode) {
 		void (*delete)(struct inode *) = op->delete_inode;

fs/ioctl.c

@@ -59,8 +59,7 @@ asmlinkage long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
 		goto out;
 	error = 0;
 
-	error = security_ops->file_ioctl(filp, cmd, arg);
-        if (error) {
+	if ((error = security_file_ioctl(filp, cmd, arg))) {
                 fput(filp);
                 goto out;
         }

fs/locks.c

@@ -1175,8 +1175,7 @@ int fcntl_setlease(unsigned int fd, struct file *filp, long arg)
 		return -EACCES;
 	if (!S_ISREG(inode->i_mode))
 		return -EINVAL;
-	error = security_ops->file_lock(filp, arg);
-	if (error)
+	if ((error = security_file_lock(filp, arg)))
 		return error;
 
 	lock_kernel();
@@ -1289,8 +1288,7 @@ asmlinkage long sys_flock(unsigned int fd, unsigned int cmd)
 	if (error)
 		goto out_putf;
 
-	error = security_ops->file_lock(filp, cmd);
-	if (error)
+	if ((error = security_file_lock(filp, cmd)))
 		goto out_free;
 
 	for (;;) {
@@ -1439,8 +1437,7 @@ int fcntl_setlk(struct file *filp, unsigned int cmd, struct flock *l)
 		goto out;
 	}
 
-	error = security_ops->file_lock(filp, file_lock->fl_type);
-	if (error)
+	if ((error = security_file_lock(filp, file_lock->fl_type)))
 		goto out;
 
 	if (filp->f_op && filp->f_op->lock != NULL) {
@@ -1579,8 +1576,7 @@ int fcntl_setlk64(struct file *filp, unsigned int cmd, struct flock64 *l)
 		goto out;
 	}
 
-	error = security_ops->file_lock(filp, file_lock->fl_type);
-	if (error)
+	if ((error = security_file_lock(filp, file_lock->fl_type)))
 		goto out;
 
 	if (filp->f_op && filp->f_op->lock != NULL) {

fs/namei.c

@@ -218,7 +218,7 @@ int permission(struct inode * inode,int mask)
 	if (retval)
 		return retval;
 
-	return security_ops->inode_permission(inode, mask);
+	return security_inode_permission(inode, mask);
 }
 
 /*
@@ -340,7 +340,7 @@ static inline int exec_permission_lite(struct inode *inode)
 
 	return -EACCES;
 ok:
-	return security_ops->inode_permission_lite(inode, MAY_EXEC);
+	return security_inode_permission_lite(inode, MAY_EXEC);
 }
 
 /*
@@ -374,7 +374,7 @@ static struct dentry * real_lookup(struct dentry * parent, struct qstr * name, i
 				dput(dentry);
 			else {
 				result = dentry;
-				security_ops->inode_post_lookup(dir, result);
+				security_inode_post_lookup(dir, result);
 			}
 		}
 		up(&dir->i_sem);
@@ -413,8 +413,7 @@ static inline int do_follow_link(struct dentry *dentry, struct nameidata *nd)
 		current->state = TASK_RUNNING;
 		schedule();
 	}
-	err = security_ops->inode_follow_link(dentry, nd);
-	if (err)
+	if ((err = security_inode_follow_link(dentry, nd)))
 		goto loop;
 	current->link_count++;
 	current->total_link_count++;
@@ -918,7 +917,7 @@ struct dentry * lookup_hash(struct qstr *name, struct dentry * base)
 		dentry = inode->i_op->lookup(inode, new);
 		if (!dentry) {
 			dentry = new;
-			security_ops->inode_post_lookup(inode, dentry);
+			security_inode_post_lookup(inode, dentry);
 		} else
 			dput(new);
 	}
@@ -1125,14 +1124,13 @@ int vfs_create(struct inode *dir, struct dentry *dentry, int mode)
 		return -EACCES;	/* shouldn't it be ENOSYS? */
 	mode &= S_IALLUGO;
 	mode |= S_IFREG;
-	error = security_ops->inode_create(dir, dentry, mode);
-	if (error)
+	if ((error = security_inode_create(dir, dentry, mode)))
 		return error;
 	DQUOT_INIT(dir);
 	error = dir->i_op->create(dir, dentry, mode);
 	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
-		security_ops->inode_post_create(dir, dentry, mode);
+		security_inode_post_create(dir, dentry, mode);
 	}
 	return error;
 }
@@ -1344,8 +1342,7 @@ int open_namei(const char * pathname, int flag, int mode, struct nameidata *nd)
 	 * stored in nd->last.name and we will have to putname() it when we
 	 * are done. Procfs-like symlinks just set LAST_BIND.
 	 */
-	error = security_ops->inode_follow_link(dentry, nd);
-	if (error)
+	if ((error = security_inode_follow_link(dentry, nd)))
 		goto exit_dput;
 	UPDATE_ATIME(dentry->d_inode);
 	error = dentry->d_inode->i_op->follow_link(dentry, nd);
@@ -1410,15 +1407,14 @@ int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
 	if (!dir->i_op || !dir->i_op->mknod)
 		return -EPERM;
 
-	error = security_ops->inode_mknod(dir, dentry, mode, dev);
-	if (error)
+	if ((error = security_inode_mknod(dir, dentry, mode, dev)))
 		return error;
 
 	DQUOT_INIT(dir);
 	error = dir->i_op->mknod(dir, dentry, mode, dev);
 	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
-		security_ops->inode_post_mknod(dir, dentry, mode, dev);
+		security_inode_post_mknod(dir, dentry, mode, dev);
 	}
 	return error;
 }
@@ -1478,15 +1474,14 @@ int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
 		return -EPERM;
 
 	mode &= (S_IRWXUGO|S_ISVTX);
-	error = security_ops->inode_mkdir(dir, dentry, mode);
-	if (error)
+	if ((error = security_inode_mkdir(dir, dentry, mode)))
 		return error;
 
 	DQUOT_INIT(dir);
 	error = dir->i_op->mkdir(dir, dentry, mode);
 	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
-		security_ops->inode_post_mkdir(dir,dentry, mode);
+		security_inode_post_mkdir(dir,dentry, mode);
 	}
 	return error;
 }
@@ -1570,8 +1565,7 @@ int vfs_rmdir(struct inode *dir, struct dentry *dentry)
 	if (d_mountpoint(dentry))
 		error = -EBUSY;
 	else {
-		error = security_ops->inode_rmdir(dir, dentry);
-		if (!error) {
+		if (!(error = security_inode_rmdir(dir, dentry))) {
 			error = dir->i_op->rmdir(dir, dentry);
 			if (!error)
 				dentry->d_inode->i_flags |= S_DEAD;
@@ -1644,10 +1638,8 @@ int vfs_unlink(struct inode *dir, struct dentry *dentry)
 	if (d_mountpoint(dentry))
 		error = -EBUSY;
 	else {
-		error = security_ops->inode_unlink(dir, dentry);
-		if (!error) {
+		if (!(error = security_inode_unlink(dir, dentry)))
 			error = dir->i_op->unlink(dir, dentry);
-		}
 	}
 	up(&dentry->d_inode->i_sem);
 	if (!error) {
@@ -1709,15 +1701,14 @@ int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
 	if (!dir->i_op || !dir->i_op->symlink)
 		return -EPERM;
 
-	error = security_ops->inode_symlink(dir, dentry, oldname);
-	if (error)
+	if ((error = security_inode_symlink(dir, dentry, oldname)))
 		return error;
 
 	DQUOT_INIT(dir);
 	error = dir->i_op->symlink(dir, dentry, oldname);
 	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
-		security_ops->inode_post_symlink(dir, dentry, oldname);
+		security_inode_post_symlink(dir, dentry, oldname);
 	}
 	return error;
 }
@@ -1780,8 +1771,7 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de
 	if (S_ISDIR(old_dentry->d_inode->i_mode))
 		return -EPERM;
 
-	error = security_ops->inode_link(old_dentry, dir, new_dentry);
-	if (error)
+	if ((error = security_inode_link(old_dentry, dir, new_dentry)))
 		return error;
 
 	down(&old_dentry->d_inode->i_sem);
@@ -1790,7 +1780,7 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de
 	up(&old_dentry->d_inode->i_sem);
 	if (!error) {
 		inode_dir_notify(dir, DN_CREATE);
-		security_ops->inode_post_link(old_dentry, dir, new_dentry);
+		security_inode_post_link(old_dentry, dir, new_dentry);
 	}
 	return error;
 }
@@ -1889,8 +1879,7 @@ int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
 			return error;
 	}
 
-	error = security_ops->inode_rename(old_dir, old_dentry, new_dir, new_dentry);
-	if (error)
+	if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry)))
 		return error;
 
 	target = new_dentry->d_inode;
@@ -1912,8 +1901,8 @@ int vfs_rename_dir(struct inode *old_dir, struct dentry *old_dentry,
 	}
 	if (!error) {
 		d_move(old_dentry,new_dentry);
-		security_ops->inode_post_rename(old_dir, old_dentry,
-							new_dir, new_dentry);
+		security_inode_post_rename(old_dir, old_dentry,
+					   new_dir, new_dentry);
 	}
 	return error;
 }
@@ -1924,8 +1913,7 @@ int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
 	struct inode *target;
 	int error;
 
-	error = security_ops->inode_rename(old_dir, old_dentry, new_dir, new_dentry);
-	if (error)
+	if ((error = security_inode_rename(old_dir, old_dentry, new_dir, new_dentry)))
 		return error;
 
 	dget(new_dentry);
@@ -1940,7 +1928,7 @@ int vfs_rename_other(struct inode *old_dir, struct dentry *old_dentry,
 		/* The following d_move() should become unconditional */
 		if (!(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME))
 			d_move(old_dentry, new_dentry);
-		security_ops->inode_post_rename(old_dir, old_dentry, new_dir, new_dentry);
+		security_inode_post_rename(old_dir, old_dentry, new_dir, new_dentry);
 	}
 	if (target)
 		up(&target->i_sem);

fs/namespace.c

@@ -289,8 +289,7 @@ static int do_umount(struct vfsmount *mnt, int flags)
 	struct super_block * sb = mnt->mnt_sb;
 	int retval = 0;
 
-	retval = security_ops->sb_umount(mnt, flags);
-	if (retval)
+	if ((retval = security_sb_umount(mnt, flags)))
 		return retval;
 
 	/*
@@ -342,7 +341,7 @@ static int do_umount(struct vfsmount *mnt, int flags)
 		DQUOT_OFF(sb);
 		acct_auto_close(sb);
 		unlock_kernel();
-		security_ops->sb_umount_close(mnt);
+		security_sb_umount_close(mnt);
 		spin_lock(&dcache_lock);
 	}
 	retval = -EBUSY;
@@ -353,7 +352,7 @@ static int do_umount(struct vfsmount *mnt, int flags)
 	}
 	spin_unlock(&dcache_lock);
 	if (retval)
-		security_ops->sb_umount_busy(mnt);
+		security_sb_umount_busy(mnt);
 	up_write(&current->namespace->sem);
 	return retval;
 }
@@ -471,8 +470,7 @@ static int graft_tree(struct vfsmount *mnt, struct nameidata *nd)
 	if (IS_DEADDIR(nd->dentry->d_inode))
 		goto out_unlock;
 
-	err = security_ops->sb_check_sb(mnt, nd);
-	if (err)
+	if ((err = security_sb_check_sb(mnt, nd)))
 		goto out_unlock;
 
 	spin_lock(&dcache_lock);
@@ -488,7 +486,7 @@ static int graft_tree(struct vfsmount *mnt, struct nameidata *nd)
 out_unlock:
 	up(&nd->dentry->d_inode->i_sem);
 	if (!err)
-		security_ops->sb_post_addmount(mnt, nd);
+		security_sb_post_addmount(mnt, nd);
 	return err;
 }
 
@@ -559,7 +557,7 @@ static int do_remount(struct nameidata *nd,int flags,int mnt_flags,void *data)
 		nd->mnt->mnt_flags=mnt_flags;
 	up_write(&sb->s_umount);
 	if (!err)
-		security_ops->sb_post_remount(nd->mnt, flags, data);
+		security_sb_post_remount(nd->mnt, flags, data);
 	return err;
 }
 
@@ -742,8 +740,7 @@ long do_mount(char * dev_name, char * dir_name, char *type_page,
 	if (retval)
 		return retval;
 
-	retval = security_ops->sb_mount(dev_name, &nd, type_page, flags, data_page);
-	if (retval)
+	if ((retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page)))
 		goto dput_out;
 
 	if (flags & MS_REMOUNT)
@@ -940,8 +937,7 @@ asmlinkage long sys_pivot_root(const char *new_root, const char *put_old)
 	if (error)
 		goto out1;
 
-	error = security_ops->sb_pivotroot(&old_nd, &new_nd);
-	if (error) {
+	if ((error = security_sb_pivotroot(&old_nd, &new_nd))) {
 		path_release(&old_nd);
 		goto out1;
 	}
@@ -990,7 +986,7 @@ asmlinkage long sys_pivot_root(const char *new_root, const char *put_old)
 	attach_mnt(new_nd.mnt, &root_parent);
 	spin_unlock(&dcache_lock);
 	chroot_fs_refs(&user_nd, &new_nd);
-	security_ops->sb_post_pivotroot(&user_nd, &new_nd);
+	security_sb_post_pivotroot(&user_nd, &new_nd);
 	error = 0;
 	path_release(&root_parent);
 	path_release(&parent_nd);

fs/open.c

@@ -30,8 +30,7 @@ int vfs_statfs(struct super_block *sb, struct statfs *buf)
 		retval = -ENOSYS;
 		if (sb->s_op && sb->s_op->statfs) {
 			memset(buf, 0, sizeof(struct statfs));
-			retval = security_ops->sb_statfs(sb);
-			if (retval)
+			if ((retval = security_sb_statfs(sb)))
 				return retval;
 			retval = sb->s_op->statfs(sb, buf);
 		}

fs/proc/base.c

@@ -395,7 +395,7 @@ static struct file_operations proc_info_file_operations = {
 };
 
 #define MAY_PTRACE(p) \
-(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ops->ptrace(current,p)==0))
+(p==current||(p->parent==current&&(p->ptrace & PT_PTRACED)&&p->state==TASK_STOPPED&&security_ptrace(current,p)==0))
 
 
 static int mem_open(struct inode* inode, struct file* file)

fs/quota.c

@@ -98,7 +98,7 @@ static int check_quotactl_valid(struct super_block *sb, int type, int cmd, qid_t
 		if (!capable(CAP_SYS_ADMIN))
 			return -EPERM;
 
-	return security_ops->quotactl (cmd, type, id, sb);
+	return security_quotactl (cmd, type, id, sb);
 }
 
 /* Resolve device pathname to superblock */

fs/read_write.c

@@ -193,8 +193,7 @@ ssize_t vfs_read(struct file *file, char *buf, size_t count, loff_t *pos)
 
 	ret = locks_verify_area(FLOCK_VERIFY_READ, inode, file, *pos, count);
 	if (!ret) {
-		ret = security_ops->file_permission (file, MAY_READ);
-		if (!ret) {
+		if (!(ret = security_file_permission (file, MAY_READ))) {
 			if (file->f_op->read)
 				ret = file->f_op->read(file, buf, count, pos);
 			else
@@ -233,8 +232,7 @@ ssize_t vfs_write(struct file *file, const char *buf, size_t count, loff_t *pos)
 
 	ret = locks_verify_area(FLOCK_VERIFY_WRITE, inode, file, *pos, count);
 	if (!ret) {
-		ret = security_ops->file_permission (file, MAY_WRITE);
-		if (!ret) {
+		if (!(ret = security_file_permission (file, MAY_WRITE))) {
 			if (file->f_op->write)
 				ret = file->f_op->write(file, buf, count, pos);
 			else
@@ -465,8 +463,7 @@ sys_readv(unsigned long fd, const struct iovec *vector, unsigned long nr_segs)
 		goto bad_file;
 	if (file->f_op && (file->f_mode & FMODE_READ) &&
 	    (file->f_op->readv || file->f_op->read)) {
-		ret = security_ops->file_permission (file, MAY_READ);
-		if (!ret)
+		if (!(ret = security_file_permission (file, MAY_READ)))
 			ret = do_readv_writev(READ, file, vector, nr_segs);
 	}
 	fput(file);
@@ -488,8 +485,7 @@ sys_writev(unsigned long fd, const struct iovec * vector, unsigned long nr_segs)
 		goto bad_file;
 	if (file->f_op && (file->f_mode & FMODE_WRITE) &&
 	    (file->f_op->writev || file->f_op->write)) {
-		ret = security_ops->file_permission (file, MAY_WRITE);
-		if (!ret)
+		if (!(ret = security_file_permission (file, MAY_WRITE)))
 			ret = do_readv_writev(WRITE, file, vector, nr_segs);
 	}
 	fput(file);

fs/readdir.c

@@ -22,8 +22,7 @@ int vfs_readdir(struct file *file, filldir_t filler, void *buf)
 	if (!file->f_op || !file->f_op->readdir)
 		goto out;
 
-	res = security_ops->file_permission(file, MAY_READ);
-	if (res)
+	if ((res = security_file_permission(file, MAY_READ)))
 		goto out;
 
 	down(&inode->i_sem);

fs/stat.c

@@ -39,8 +39,7 @@ int vfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
 	struct inode *inode = dentry->d_inode;
 	int retval;
 
-	retval = security_ops->inode_getattr(mnt, dentry);
-	if (retval)
+	if ((retval = security_inode_getattr(mnt, dentry)))
 		return retval;
 
 	if (inode->i_op->getattr)
@@ -238,8 +237,7 @@ asmlinkage long sys_readlink(const char * path, char * buf, int bufsiz)
 
 		error = -EINVAL;
 		if (inode->i_op && inode->i_op->readlink) {
-			error = security_ops->inode_readlink(nd.dentry);
-			if (!error) {
+			if (!(error = security_inode_readlink(nd.dentry))) {
 				UPDATE_ATIME(inode);
 				error = inode->i_op->readlink(nd.dentry, buf, bufsiz);
 			}

fs/super.c

@@ -51,7 +51,7 @@ static struct super_block *alloc_super(void)
 	struct super_block *s = kmalloc(sizeof(struct super_block),  GFP_USER);
 	if (s) {
 		memset(s, 0, sizeof(struct super_block));
-		if (security_ops->sb_alloc_security(s)) {
+		if (security_sb_alloc(s)) {
 			kfree(s);
 			s = NULL;
 			goto out;
@@ -85,7 +85,7 @@ static struct super_block *alloc_super(void)
  */
 static inline void destroy_super(struct super_block *s)
 {
-	security_ops->sb_free_security(s);
+	security_sb_free(s);
 	kfree(s);
 }
 

fs/xattr.c

@@ -86,9 +86,7 @@ setxattr(struct dentry *d, char *name, void *value, size_t size, int flags)
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->setxattr) {
-		error = security_ops->inode_setxattr(d, kname, kvalue,
-				size, flags);
-		if (error)
+		if ((error = security_inode_setxattr(d, kname, kvalue, size, flags)))
 			goto out;
 		down(&d->d_inode->i_sem);
 		error = d->d_inode->i_op->setxattr(d, kname, kvalue, size, flags);
@@ -164,8 +162,7 @@ getxattr(struct dentry *d, char *name, void *value, size_t size)
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->getxattr) {
-		error = security_ops->inode_getxattr(d, kname);
-		if (error)
+		if ((error = security_inode_getxattr(d, kname)))
 			goto out;
 		down(&d->d_inode->i_sem);
 		error = d->d_inode->i_op->getxattr(d, kname, kvalue, size);
@@ -237,8 +234,7 @@ listxattr(struct dentry *d, char *list, size_t size)
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->listxattr) {
-		error = security_ops->inode_listxattr(d);
-		if (error)
+		if ((error = security_inode_listxattr(d)))
 			goto out;
 		down(&d->d_inode->i_sem);
 		error = d->d_inode->i_op->listxattr(d, klist, size);
@@ -312,8 +308,7 @@ removexattr(struct dentry *d, char *name)
 
 	error = -EOPNOTSUPP;
 	if (d->d_inode->i_op && d->d_inode->i_op->removexattr) {
-		error = security_ops->inode_removexattr(d, kname);
-		if (error)
+		if ((error = security_inode_removexattr(d, kname)))
 			goto out;
 		down(&d->d_inode->i_sem);
 		error = d->d_inode->i_op->removexattr(d, kname);

init/do_mounts.c

@@ -800,7 +800,7 @@ void prepare_namespace(void)
 	sys_umount("/dev", 0);
 	sys_mount(".", "/", NULL, MS_MOVE, NULL);
 	sys_chroot(".");
-	security_ops->sb_post_mountroot();
+	security_sb_post_mountroot();
 	mount_devfs_fs ();
 }
 

mm/mmap.c

@@ -498,8 +498,7 @@ unsigned long do_mmap_pgoff(struct file * file, unsigned long addr,
 		}
 	}
 
-	error = security_ops->file_mmap(file, prot, flags);
-	if (error)
+	if ((error = security_file_mmap(file, prot, flags)))
 		return error;
 		
 	/* Clear old maps */

mm/mprotect.c

@@ -262,8 +262,7 @@ sys_mprotect(unsigned long start, size_t len, unsigned long prot)
 			goto out;
 		}
 
-		error = security_ops->file_mprotect(vma, prot);
-		if (error)
+		if ((error = security_file_mprotect(vma, prot)))
 			goto out;
 
 		if (vma->vm_end > end) {

net/core/scm.c

@@ -217,8 +217,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
 	for (i=0, cmfptr=(int*)CMSG_DATA(cm); i<fdmax; i++, cmfptr++)
 	{
 		int new_fd;
-		err = security_ops->file_receive(fp[i]);
-		if (err)
+		if ((err = security_file_receive(fp[i])))
 			break;
 		err = get_unused_fd();
 		if (err < 0)