Merge branch 'next-lockdown' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...

[sfrench/cifs-2.6.git] / include / linux / security.h

diff --git a/include/linux/security.h b/include/linux/security.h
index 669e8de5299dc1a5b83af33e73884e4e70be02b9..a8d59d612d274bdb5df8cbd13245b35fc2e08908 100644 (file)
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -115,8 +115,13 @@ enum lockdown_reason {
        LOCKDOWN_TIOCSSERIAL,
        LOCKDOWN_MODULE_PARAMETERS,
        LOCKDOWN_MMIOTRACE,
+       LOCKDOWN_DEBUGFS,
        LOCKDOWN_INTEGRITY_MAX,
        LOCKDOWN_KCORE,
+       LOCKDOWN_KPROBES,
+       LOCKDOWN_BPF_READ,
+       LOCKDOWN_PERF,
+       LOCKDOWN_TRACEFS,
        LOCKDOWN_CONFIDENTIALITY_MAX,
 };
 
@@ -232,9 +237,9 @@ static inline const char *kernel_load_data_id_str(enum kernel_load_data_id id)
 
 #ifdef CONFIG_SECURITY
 
-int call_lsm_notifier(enum lsm_event event, void *data);
-int register_lsm_notifier(struct notifier_block *nb);
-int unregister_lsm_notifier(struct notifier_block *nb);
+int call_blocking_lsm_notifier(enum lsm_event event, void *data);
+int register_blocking_lsm_notifier(struct notifier_block *nb);
+int unregister_blocking_lsm_notifier(struct notifier_block *nb);
 
 /* prototypes */
 extern int security_init(void);
@@ -303,7 +308,8 @@ int security_dentry_create_files_as(struct dentry *dentry, int mode,
                                        struct qstr *name,
                                        const struct cred *old,
                                        struct cred *new);
-
+int security_path_notify(const struct path *path, u64 mask,
+                                       unsigned int obj_type);
 int security_inode_alloc(struct inode *inode);
 void security_inode_free(struct inode *inode);
 int security_inode_init_security(struct inode *inode, struct inode *dir,
@@ -431,7 +437,6 @@ int security_ismaclabel(const char *name);
 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
 int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
 void security_release_secctx(char *secdata, u32 seclen);
-
 void security_inode_invalidate_secctx(struct inode *inode);
 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
@@ -439,17 +444,17 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
 int security_locked_down(enum lockdown_reason what);
 #else /* CONFIG_SECURITY */
 
-static inline int call_lsm_notifier(enum lsm_event event, void *data)
+static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data)
 {
        return 0;
 }
 
-static inline int register_lsm_notifier(struct notifier_block *nb)
+static inline int register_blocking_lsm_notifier(struct notifier_block *nb)
 {
        return 0;
 }
 
-static inline  int unregister_lsm_notifier(struct notifier_block *nb)
+static inline  int unregister_blocking_lsm_notifier(struct notifier_block *nb)
 {
        return 0;
 }
@@ -671,6 +676,12 @@ static inline int security_move_mount(const struct path *from_path,
        return 0;
 }
 
+static inline int security_path_notify(const struct path *path, u64 mask,
+                               unsigned int obj_type)
+{
+       return 0;
+}
+
 static inline int security_inode_alloc(struct inode *inode)
 {
        return 0;