[RFC PATCH 2/3] include/linux: Update LSM hook text part1

Richard Haines richard_c_haines at btinternet.com
Tue Mar 9 14:39:52 UTC 2021


No hook definitions have been updated, only formatting to render
in kernel_docs.

Signed-off-by: Richard Haines <richard_c_haines at btinternet.com>
---
 include/linux/lsm_hooks.h | 1173 +++++++++++++++++++++----------------
 1 file changed, 677 insertions(+), 496 deletions(-)

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index fb7f31937..b7fdab1e9 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -32,743 +32,924 @@
 /**
  * union security_list_options - Linux Security Module hook function list
  *
- * Security hooks for program execution operations.
+ * **Security hooks for program execution operations:**
  *
- * @bprm_creds_for_exec:
- *	If the setup in prepare_exec_creds did not setup @bprm->cred->security
+ * int bprm_creds_for_exec(struct linux_binprm \*bprm)
+ *	If the setup in @prepare_exec_creds() did not setup @bprm->cred->security
  *	properly for executing @bprm->file, update the LSM's portion of
- *	@bprm->cred->security to be what commit_creds needs to install for the
- *	new program.  This hook may also optionally check permissions
+ *	@bprm->cred->security to be what @commit_creds() needs to install for
+ *	the new program.  This hook may also optionally check permissions
  *	(e.g. for transitions between security domains).
- *	The hook must set @bprm->secureexec to 1 if AT_SECURE should be set to
- *	request libc enable secure mode.
- *	@bprm contains the linux_binprm structure.
- *	Return 0 if the hook is successful and permission is granted.
- * @bprm_creds_from_file:
- *	If @file is setpcap, suid, sgid or otherwise marked to change
- *	privilege upon exec, update @bprm->cred to reflect that change.
+ *	The hook must set @bprm->secureexec to %1 if %AT_SECURE should be set to
+ *	request %libc enable secure mode.
+ *
+ *	* @bprm contains the @linux_binprm structure.
+ *	* Return %0 if the hook is successful and permission is granted.
+ *
+ * int bprm_creds_from_file(struct linux_binprm \*bprm, struct file \*file)
+ *	If @file is %setpcap, %suid, %sgid or otherwise marked to change
+ *	privilege upon @exec, update @bprm->cred to reflect that change.
  *	This is called after finding the binary that will be executed.
  *	without an interpreter.  This ensures that the credentials will not
  *	be derived from a script that the binary will need to reopen, which
  *	when reopend may end up being a completely different file.  This
  *	hook may also optionally check permissions (e.g. for transitions
  *	between security domains).
- *	The hook must set @bprm->secureexec to 1 if AT_SECURE should be set to
- *	request libc enable secure mode.
+ *	The hook must set @bprm->secureexec to %1 if %AT_SECURE should be set to
+ *	request %libc enable secure mode.
  *	The hook must add to @bprm->per_clear any personality flags that
- * 	should be cleared from current->personality.
- *	@bprm contains the linux_binprm structure.
- *	Return 0 if the hook is successful and permission is granted.
- * @bprm_check_security:
+ *	should be cleared from @current->personality.
+ *
+ *	* @bprm contains the @linux_binprm structure.
+ *	* Return %0 if the hook is successful and permission is granted.
+ *
+ * int bprm_check_security(struct linux_binprm \*bprm)
  *	This hook mediates the point when a search for a binary handler will
  *	begin.  It allows a check against the @bprm->cred->security value
- *	which was set in the preceding creds_for_exec call.  The argv list and
- *	envp list are reliably available in @bprm.  This hook may be called
- *	multiple times during a single execve.
- *	@bprm contains the linux_binprm structure.
- *	Return 0 if the hook is successful and permission is granted.
- * @bprm_committing_creds:
+ *	which was set in the preceding @creds_for_exec() call.  The %argv list
+ *	and %envp list are reliably available in @bprm.  This hook may be called
+ *	multiple times during a single @execve.
+ *
+ *	* @bprm contains the @linux_binprm structure.
+ *	* Return %0 if the hook is successful and permission is granted.
+ *
+ * void bprm_committing_creds(struct linux_binprm \*bprm)
  *	Prepare to install the new security attributes of a process being
- *	transformed by an execve operation, based on the old credentials
+ *	transformed by an @execve operation, based on the old credentials
  *	pointed to by @current->cred and the information set in @bprm->cred by
- *	the bprm_creds_for_exec hook.  @bprm points to the linux_binprm
+ *	the @bprm_creds_for_exec() hook.  @bprm points to the @linux_binprm
  *	structure.  This hook is a good place to perform state changes on the
  *	process such as closing open file descriptors to which access will no
  *	longer be granted when the attributes are changed.  This is called
- *	immediately before commit_creds().
- * @bprm_committed_creds:
+ *	immediately before @commit_creds().
+ *
+ * void bprm_committed_creds(struct linux_binprm \*bprm)
  *	Tidy up after the installation of the new security attributes of a
- *	process being transformed by an execve operation.  The new credentials
+ *	process being transformed by an @execve operation.  The new credentials
  *	have, by this point, been set to @current->cred.  @bprm points to the
- *	linux_binprm structure.  This hook is a good place to perform state
+ *	@linux_binprm structure.  This hook is a good place to perform state
  *	changes on the process such as clearing out non-inheritable signal
- *	state.  This is called immediately after commit_creds().
+ *	state.  This is called immediately after @commit_creds().
+ *
+ * **Security hooks for mount using fs_context**
+ * (See also Documentation/filesystems/mount_api.rst):
+ *
+ * int fs_context_dup(struct fs_context \*fc, struct fs_context \*src_fc)
+ *	Allocate and attach a security structure to @sc->security.  This pointer
+ *	is initialised to %NULL by the caller.
  *
- * Security hooks for mount using fs_context.
- *	[See also Documentation/filesystems/mount_api.rst]
+ *	* @fc indicates the new filesystem context.
+ *	* @src_fc indicates the original filesystem context.
  *
- * @fs_context_dup:
- *	Allocate and attach a security structure to sc->security.  This pointer
- *	is initialised to NULL by the caller.
- *	@fc indicates the new filesystem context.
- *	@src_fc indicates the original filesystem context.
- * @fs_context_parse_param:
+ * int fs_context_parse_param(struct fs_context \*fc, struct fs_parameter \*param)
  *	Userspace provided a parameter to configure a superblock.  The LSM may
  *	reject it with an error and may use it for itself, in which case it
- *	should return 0; otherwise it should return -ENOPARAM to pass it on to
+ *	should Return %0; otherwise it should return %-ENOPARAM to pass it on to
  *	the filesystem.
- *	@fc indicates the filesystem context.
- *	@param The parameter
  *
- * Security hooks for filesystem operations.
+ *	* @fc indicates the filesystem context.
+ *	* @param The parameter
  *
- * @sb_alloc_security:
- *	Allocate and attach a security structure to the sb->s_security field.
- *	The s_security field is initialized to NULL when the structure is
+ * **Security hooks for filesystem operations:**
+ *
+ * int sb_alloc_security(struct super_block \*sb)
+ *	Allocate and attach a security structure to the @sb->s_security field.
+ *	The @s_security field is initialized to %NULL when the structure is
  *	allocated.
- *	@sb contains the super_block structure to be modified.
- *	Return 0 if operation was successful.
- * @sb_free_security:
- *	Deallocate and clear the sb->s_security field.
- *	@sb contains the super_block structure to be modified.
- * @sb_free_mnt_opts:
+ *
+ *	* @sb contains the @super_block structure to be modified.
+ *	* Return %0 if operation was successful.
+ *
+ * void sb_free_security(struct super_block \*sb)
+ *	Deallocate and clear the @sb->s_security field.
+ *
+ *	* @sb contains the @super_block structure to be modified.
+ *
+ * void sb_free_mnt_opts(void \*mnt_opts)
  * 	Free memory associated with @mnt_ops.
- * @sb_eat_lsm_opts:
+ *
+ * int sb_eat_lsm_opts(char \*orig, void \*\*mnt_opts)
  * 	Eat (scan @orig options) and save them in @mnt_opts.
- * @sb_statfs:
+ *
+ * int sb_statfs(struct dentry \*dentry)
  *	Check permission before obtaining filesystem statistics for the @mnt
  *	mountpoint.
- *	@dentry is a handle on the superblock for the filesystem.
- *	Return 0 if permission is granted.
- * @sb_mount:
+ *
+ *	* @dentry is a handle on the superblock for the filesystem.
+ *	* Return %0 if permission is granted.
+ *
+ * int sb_mount(const char \*dev_name, const struct path \*path, const char \*type, unsigned long flags, void \*data)
  *	Check permission before an object specified by @dev_name is mounted on
  *	the mount point named by @nd.  For an ordinary mount, @dev_name
  *	identifies a device if the file system type requires a device.  For a
- *	remount (@flags & MS_REMOUNT), @dev_name is irrelevant.  For a
- *	loopback/bind mount (@flags & MS_BIND), @dev_name identifies the
+ *	remount (@flags & %MS_REMOUNT), @dev_name is irrelevant.  For a
+ *	loopback/bind mount (@flags & %MS_BIND), @dev_name identifies the
  *	pathname of the object being mounted.
- *	@dev_name contains the name for object being mounted.
- *	@path contains the path for mount point object.
- *	@type contains the filesystem type.
- *	@flags contains the mount flags.
- *	@data contains the filesystem-specific data.
- *	Return 0 if permission is granted.
- * @sb_copy_data:
+ *
+ *	* @dev_name contains the name for object being mounted.
+ *	* @path contains the path for mount point object.
+ *	* @type contains the filesystem type.
+ *	* @flags contains the mount flags.
+ *	* @data contains the filesystem-specific data.
+ *	* Return %0 if permission is granted.
+ *
+ * int sb_copy_data(char \*orig, char \*copy) - Deprecated
  *	Allow mount option data to be copied prior to parsing by the filesystem,
  *	so that the security module can extract security-specific mount
- *	options cleanly (a filesystem may modify the data e.g. with strsep()).
+ *	options cleanly (a filesystem may modify the data e.g. with @strsep()).
  *	This also allows the original mount data to be stripped of security-
  *	specific options to avoid having to make filesystems aware of them.
- *	@orig the original mount data copied from userspace.
- *	@copy copied data which will be passed to the security module.
- *	Returns 0 if the copy was successful.
- * @sb_remount:
+ *
+ *	* @orig the original mount data copied from userspace.
+ *	* @copy copied data which will be passed to the security module.
+ *	* Returns %0 if the copy was successful.
+ *
+ * int sb_remount(struct super_block \*sb, void \*mnt_opts)
  *	Extracts security system specific mount options and verifies no changes
  *	are being made to those options.
- *	@sb superblock being remounted
- *	@data contains the filesystem-specific data.
- *	Return 0 if permission is granted.
- * @sb_kern_mount:
+ *
+ *	* @sb superblock being remounted
+ *	* @data contains the filesystem-specific data.
+ *	* Return %0 if permission is granted.
+ *
+ * int sb_kern_mount(struct super_block \*sb)
  * 	Mount this @sb if allowed by permissions.
- * @sb_show_options:
+ *
+ * int sb_show_options(struct seq_file \*m, struct super_block \*sb)
  * 	Show (print on @m) mount options for this @sb.
- * @sb_umount:
+ *
+ * int sb_umount(struct vfsmount \*mnt, int flags)
  *	Check permission before the @mnt file system is unmounted.
- *	@mnt contains the mounted file system.
- *	@flags contains the unmount flags, e.g. MNT_FORCE.
- *	Return 0 if permission is granted.
- * @sb_pivotroot:
+ *
+ *	* @mnt contains the mounted file system.
+ *	* @flags contains the unmount flags, e.g. %MNT_FORCE.
+ *	* Return %0 if permission is granted.
+ *
+ * int sb_pivotroot(const struct path \*old_path, const struct path \*new_path)
  *	Check permission before pivoting the root filesystem.
- *	@old_path contains the path for the new location of the
- *	current root (put_old).
- *	@new_path contains the path for the new root (new_root).
- *	Return 0 if permission is granted.
- * @sb_set_mnt_opts:
- *	Set the security relevant mount options used for a superblock
- *	@sb the superblock to set security mount options for
- *	@opts binary data structure containing all lsm mount data
- * @sb_clone_mnt_opts:
+ *
+ *	* @old_path contains the path for the new location of the current root (put_old).
+ *	* @new_path contains the path for the new root (new_root).
+ *	* Return %0 if permission is granted.
+ *
+ * int sb_set_mnt_opts(struct super_block \*sb, void \*mnt_opts, unsigned long kern_flags, unsigned long \*set_kern_flags)
+ *	Set the security relevant mount options used for a superblock:
+ *
+ *	* @sb the superblock to set security mount options for
+ *	* @mnt_opts binary data structure containing all LSM mount data
+ *
+ * int sb_clone_mnt_opts(const struct super_block \*oldsb, struct super_block \*newsb, unsigned long kern_flags, unsigned long \*set_kern_flags)
  *	Copy all security options from a given superblock to another
  *	@oldsb old superblock which contain information to clone
  *	@newsb new superblock which needs filled in
- * @sb_add_mnt_opt:
+ *
+ * int sb_add_mnt_opt(const char \*option, const char \*val, int len, void \*\*mnt_opts)
  * 	Add one mount @option to @mnt_opts.
- * @sb_parse_opts_str:
+ *
+ * int sb_parse_opts_str(char \*options, struct security_mnt_opts \*opts) - Deprecated
  *	Parse a string of security data filling in the opts structure
  *	@options string containing all mount options known by the LSM
  *	@opts binary data structure usable by the LSM
- * @move_mount:
+ *
+ * int move_mount(const struct path \*from_path, const struct path \*to_path)
  *	Check permission before a mount is moved.
- *	@from_path indicates the mount that is going to be moved.
- *	@to_path indicates the mountpoint that will be mounted upon.
- * @dentry_init_security:
+ *
+ *	* @from_path indicates the mount that is going to be moved.
+ *	* @to_path indicates the mountpoint that will be mounted upon.
+ *
+ * int dentry_init_security(struct dentry \*dentry, int mode, const struct qstr \*name, void \*\*ctx, u32 \*ctxlen)
  *	Compute a context for a dentry as the inode is not yet available
  *	since NFSv4 has no label backed by an EA anyway.
- *	@dentry dentry to use in calculating the context.
- *	@mode mode used to determine resource type.
- *	@name name of the last path component used to create file
- *	@ctx pointer to place the pointer to the resulting context in.
- *	@ctxlen point to place the length of the resulting context.
- * @dentry_create_files_as:
+ *
+ *	* @dentry dentry to use in calculating the context.
+ *	* @mode mode used to determine resource type.
+ *	* @name name of the last path component used to create file
+ *	* @ctx pointer to place the pointer to the resulting context in.
+ *	* @ctxlen point to place the length of the resulting context.
+ *
+ * int dentry_create_files_as(struct dentry \*dentry, int mode, struct qstr \*name, const struct cred \*old, struct cred \*new)
  *	Compute a context for a dentry as the inode is not yet available
  *	and set that context in passed in creds so that new files are
  *	created using that context. Context is calculated using the
  *	passed in creds and not the creds of the caller.
- *	@dentry dentry to use in calculating the context.
- *	@mode mode used to determine resource type.
- *	@name name of the last path component used to create file
- *	@old creds which should be used for context calculation
- *	@new creds to modify
  *
+ *	* @dentry dentry to use in calculating the context.
+ *	* @mode mode used to determine resource type.
+ *	* @name name of the last path component used to create file
+ *	* @old creds which should be used for context calculation
+ *	* @new creds to modify
  *
- * Security hooks for inode operations.
+ * **Security hooks for inode operations:**
  *
- * @inode_alloc_security:
+ * int inode_alloc_security(struct inode \*inode)
  *	Allocate and attach a security structure to @inode->i_security.  The
- *	i_security field is initialized to NULL when the inode structure is
+ *	@i_security field is initialized to %NULL when the inode structure is
  *	allocated.
- *	@inode contains the inode structure.
- *	Return 0 if operation was successful.
- * @inode_free_security:
+ *
+ *	* @inode contains the inode structure.
+ *	* Return %0 if operation was successful.
+ *
+ * void inode_free_security(struct inode \*inode)
  *	@inode contains the inode structure.
  *	Deallocate the inode security structure and set @inode->i_security to
- *	NULL.
- * @inode_init_security:
+ *	%NULL.
+ *
+ * int inode_init_security(struct inode \*inode, struct inode \*dir, const struct qstr \*qstr, const char \*\*name, void \*\*value, size_t \*len)
  *	Obtain the security attribute name suffix and value to set on a newly
  *	created inode and set up the incore security field for the new inode.
  *	This hook is called by the fs code as part of the inode creation
  *	transaction and provides for atomic labeling of the inode, unlike
  *	the post_create/mkdir/... hooks called by the VFS.  The hook function
- *	is expected to allocate the name and value via kmalloc, with the caller
- *	being responsible for calling kfree after using them.
+ *	is expected to allocate the name and value via @kmalloc(), with the caller
+ *	being responsible for calling @kfree() after using them.
  *	If the security module does not use security attributes or does
  *	not wish to put a security attribute on this particular inode,
- *	then it should return -EOPNOTSUPP to skip this processing.
- *	@inode contains the inode structure of the newly created inode.
- *	@dir contains the inode structure of the parent directory.
- *	@qstr contains the last path component of the new object
- *	@name will be set to the allocated name suffix (e.g. selinux).
- *	@value will be set to the allocated attribute value.
- *	@len will be set to the length of the value.
- *	Returns 0 if @name and @value have been successfully set,
- *	-EOPNOTSUPP if no security attribute is needed, or
- *	-ENOMEM on memory allocation failure.
- * @inode_init_security_anon:
+ *	then it should return %-EOPNOTSUPP to skip this processing.
+ *
+ *	* @inode contains the inode structure of the newly created inode.
+ *	* @dir contains the inode structure of the parent directory.
+ *	* @qstr contains the last path component of the new object
+ *	* @name will be set to the allocated name suffix (e.g. selinux).
+ *	* @value will be set to the allocated attribute value.
+ *	* @len will be set to the length of the value.
+ *	* Returns %0 if @name and @value have been successfully set,
+ *	* %-EOPNOTSUPP if no security attribute is needed, or
+ *	* %-ENOMEM on memory allocation failure.
+ *
+ * int inode_init_security_anon(struct inode \*inode, const struct qstr \*name, const struct inode \*context_inode)
  *      Set up the incore security field for the new anonymous inode
  *      and return whether the inode creation is permitted by the security
  *      module or not.
- *      @inode contains the inode structure
- *      @name name of the anonymous inode class
- *      @context_inode optional related inode
- *	Returns 0 on success, -EACCES if the security module denies the
- *	creation of this inode, or another -errno upon other errors.
- * @inode_create:
+ *
+ *      * @inode contains the inode structure
+ *      * @name name of the anonymous inode class
+ *      * @context_inode optional related inode
+ *	* Returns %0 on success,
+ *	* %-EACCES if the security module denies the creation of this inode,
+ *	* or another %-errno upon other errors.
+ *
+ * int inode_create(struct inode \*dir, struct dentry \*dentry, umode_t mode)
  *	Check permission to create a regular file.
- *	@dir contains inode structure of the parent of the new file.
- *	@dentry contains the dentry structure for the file to be created.
- *	@mode contains the file mode of the file to be created.
- *	Return 0 if permission is granted.
- * @inode_link:
+ *
+ *	* @dir contains inode structure of the parent of the new file.
+ *	* @dentry contains the dentry structure for the file to be created.
+ *	* @mode contains the file mode of the file to be created.
+ *	* Return %0 if permission is granted.
+ *
+ * int inode_link(struct dentry \*old_dentry, struct inode \*dir, struct dentry \*new_dentry)
  *	Check permission before creating a new hard link to a file.
- *	@old_dentry contains the dentry structure for an existing
- *	link to the file.
- *	@dir contains the inode structure of the parent directory
- *	of the new link.
- *	@new_dentry contains the dentry structure for the new link.
- *	Return 0 if permission is granted.
- * @path_link:
+ *
+ *	* @old_dentry contains the dentry structure for an existing link to the file.
+ *	* @dir contains the inode structure of the parent directory of the new link.
+ *	* @new_dentry contains the dentry structure for the new link.
+ *	* Return %0 if permission is granted.
+ *
+ * int path_link(struct dentry \*old_dentry, const struct path \*new_dir, struct dentry \*new_dentry)
  *	Check permission before creating a new hard link to a file.
- *	@old_dentry contains the dentry structure for an existing link
- *	to the file.
- *	@new_dir contains the path structure of the parent directory of
- *	the new link.
- *	@new_dentry contains the dentry structure for the new link.
- *	Return 0 if permission is granted.
- * @inode_unlink:
+ *
+ *	* @old_dentry contains the dentry structure for an existing link to the file.
+ *	* @new_dir contains the path structure of the parent directory of the new link.
+ *	* @new_dentry contains the dentry structure for the new link.
+ *	* Return %0 if permission is granted.
+ *
+ * int inode_unlink(struct inode \*dir, struct dentry \*dentry)
  *	Check the permission to remove a hard link to a file.
- *	@dir contains the inode structure of parent directory of the file.
- *	@dentry contains the dentry structure for file to be unlinked.
- *	Return 0 if permission is granted.
- * @path_unlink:
+ *
+ *	* @dir contains the inode structure of parent directory of the file.
+ *	* @dentry contains the dentry structure for file to be unlinked.
+ *	* Return %0 if permission is granted.
+ *
+ * int path_unlink(const struct path \*dir, struct dentry \*dentry)
  *	Check the permission to remove a hard link to a file.
- *	@dir contains the path structure of parent directory of the file.
- *	@dentry contains the dentry structure for file to be unlinked.
- *	Return 0 if permission is granted.
- * @inode_symlink:
+ *
+ *	* @dir contains the path structure of parent directory of the file.
+ *	* @dentry contains the dentry structure for file to be unlinked.
+ *	* Return %0 if permission is granted.
+ *
+ * int inode_symlink(struct inode \*dir, struct dentry \*dentry, const char \*old_name)
  *	Check the permission to create a symbolic link to a file.
- *	@dir contains the inode structure of parent directory of
- *	the symbolic link.
- *	@dentry contains the dentry structure of the symbolic link.
- *	@old_name contains the pathname of file.
- *	Return 0 if permission is granted.
- * @path_symlink:
+ *
+ *	* @dir contains the inode structure of parent directory of the symbolic link.
+ *	* @dentry contains the dentry structure of the symbolic link.
+ *	* @old_name contains the pathname of file.
+ *	* Return %0 if permission is granted.
+ *
+ * int path_symlink(const struct path \*dir, struct dentry \*dentry, const char \*old_name)
  *	Check the permission to create a symbolic link to a file.
- *	@dir contains the path structure of parent directory of
- *	the symbolic link.
- *	@dentry contains the dentry structure of the symbolic link.
- *	@old_name contains the pathname of file.
- *	Return 0 if permission is granted.
- * @inode_mkdir:
+ *
+ *	* @dir contains the path structure of parent directory of the symbolic link.
+ *	* @dentry contains the dentry structure of the symbolic link.
+ *	* @old_name contains the pathname of file.
+ *	* Return %0 if permission is granted.
+ *
+ * int inode_mkdir(struct inode \*dir, struct dentry \*dentry, umode_t mode)
  *	Check permissions to create a new directory in the existing directory
  *	associated with inode structure @dir.
- *	@dir contains the inode structure of parent of the directory
- *	to be created.
- *	@dentry contains the dentry structure of new directory.
- *	@mode contains the mode of new directory.
- *	Return 0 if permission is granted.
- * @path_mkdir:
+ *
+ *	* @dir contains the inode structure of parent of the directory to be created.
+ *	* @dentry contains the dentry structure of new directory.
+ *	* @mode contains the mode of new directory.
+ *	* Return %0 if permission is granted.
+ *
+ * int path_mkdir(const struct path \*dir, struct dentry \*dentry, umode_t mode)
  *	Check permissions to create a new directory in the existing directory
  *	associated with path structure @path.
- *	@dir contains the path structure of parent of the directory
- *	to be created.
- *	@dentry contains the dentry structure of new directory.
- *	@mode contains the mode of new directory.
- *	Return 0 if permission is granted.
- * @inode_rmdir:
+ *
+ *	* @dir contains the path structure of parent of the directory to be created.
+ *	* @dentry contains the dentry structure of new directory.
+ *	* @mode contains the mode of new directory.
+ *	* Return %0 if permission is granted.
+ *
+ * int inode_rmdir(struct inode \*dir, struct dentry \*dentry)
  *	Check the permission to remove a directory.
- *	@dir contains the inode structure of parent of the directory
- *	to be removed.
- *	@dentry contains the dentry structure of directory to be removed.
- *	Return 0 if permission is granted.
- * @path_rmdir:
+ *
+ *	* @dir contains the inode structure of parent of the directory to be removed.
+ *	* @dentry contains the dentry structure of directory to be removed.
+ *	* Return %0 if permission is granted.
+ *
+ * int path_rmdir(const struct path \*dir, struct dentry \*dentry)
  *	Check the permission to remove a directory.
- *	@dir contains the path structure of parent of the directory to be
- *	removed.
- *	@dentry contains the dentry structure of directory to be removed.
- *	Return 0 if permission is granted.
- * @inode_mknod:
+ *
+ *	* @dir contains the path structure of parent of the directory to be removed.
+ *	* @dentry contains the dentry structure of directory to be removed.
+ *	* Return %0 if permission is granted.
+ *
+ * int inode_mknod(struct inode \*dir, struct dentry \*dentry, umode_t mode, dev_t dev)
  *	Check permissions when creating a special file (or a socket or a fifo
- *	file created via the mknod system call).  Note that if mknod operation
+ *	file created via the @mknod() system call).  Note that if mknod operation
  *	is being done for a regular file, then the create hook will be called
  *	and not this hook.
- *	@dir contains the inode structure of parent of the new file.
- *	@dentry contains the dentry structure of the new file.
- *	@mode contains the mode of the new file.
- *	@dev contains the device number.
- *	Return 0 if permission is granted.
- * @path_mknod:
+ *
+ *	* @dir contains the inode structure of parent of the new file.
+ *	* @dentry contains the dentry structure of the new file.
+ *	* @mode contains the mode of the new file.
+ *	* @dev contains the device number.
+ *	* Return %0 if permission is granted.
+ *
+ * int path_mknod(const struct path \*dir, struct dentry \*dentry, umode_t mode, unsigned int dev)
  *	Check permissions when creating a file. Note that this hook is called
  *	even if mknod operation is being done for a regular file.
- *	@dir contains the path structure of parent of the new file.
- *	@dentry contains the dentry structure of the new file.
- *	@mode contains the mode of the new file.
- *	@dev contains the undecoded device number. Use new_decode_dev() to get
- *	the decoded device number.
- *	Return 0 if permission is granted.
- * @inode_rename:
+ *
+ *	* @dir contains the path structure of parent of the new file.
+ *	* @dentry contains the dentry structure of the new file.
+ *	* @mode contains the mode of the new file.
+ *	* @dev contains the undecoded device number. Use new_decode_dev() to get the decoded device number.
+ *	* Return %0 if permission is granted.
+ *
+ * int inode_rename(struct inode \*old_dir, struct dentry \*old_dentry, struct inode \*new_dir, struct dentry \*new_dentry)
  *	Check for permission to rename a file or directory.
- *	@old_dir contains the inode structure for parent of the old link.
- *	@old_dentry contains the dentry structure of the old link.
- *	@new_dir contains the inode structure for parent of the new link.
- *	@new_dentry contains the dentry structure of the new link.
- *	Return 0 if permission is granted.
- * @path_rename:
+ *
+ *	* @old_dir contains the inode structure for parent of the old link.
+ *	* @old_dentry contains the dentry structure of the old link.
+ *	* @new_dir contains the inode structure for parent of the new link.
+ *	* @new_dentry contains the dentry structure of the new link.
+ *	* Return %0 if permission is granted.
+ *
+ * int path_rename(const struct path \*old_dir, struct dentry \*old_dentry, const struct path \*new_dir, struct dentry \*new_dentry)
  *	Check for permission to rename a file or directory.
- *	@old_dir contains the path structure for parent of the old link.
- *	@old_dentry contains the dentry structure of the old link.
- *	@new_dir contains the path structure for parent of the new link.
- *	@new_dentry contains the dentry structure of the new link.
- *	Return 0 if permission is granted.
- * @path_chmod:
+ *
+ *	* @old_dir contains the path structure for parent of the old link.
+ *	* @old_dentry contains the dentry structure of the old link.
+ *	* @new_dir contains the path structure for parent of the new link.
+ *	* @new_dentry contains the dentry structure of the new link.
+ *	* Return %0 if permission is granted.
+ *
+ * int path_chmod(const struct path \*path, umode_t mode)
  *	Check for permission to change a mode of the file @path. The new
  *	mode is specified in @mode.
- *	@path contains the path structure of the file to change the mode.
- *	@mode contains the new DAC's permission, which is a bitmask of
- *	constants from <include/uapi/linux/stat.h>
- *	Return 0 if permission is granted.
- * @path_chown:
+ *
+ *	* @path contains the path structure of the file to change the mode.
+ *	* @mode contains the new DAC's permission, which is a bitmask of constants from <include/uapi/linux/stat.h>
+ *	* Return %0 if permission is granted.
+ *
+ * int path_chown(const struct path \*path, kuid_t uid, kgid_t gid)
  *	Check for permission to change owner/group of a file or directory.
- *	@path contains the path structure.
- *	@uid contains new owner's ID.
- *	@gid contains new group's ID.
- *	Return 0 if permission is granted.
- * @path_chroot:
+ *
+ *	* @path contains the path structure.
+ *	* @uid contains new owner's ID.
+ *	* @gid contains new group's ID.
+ *	* Return %0 if permission is granted.
+ *
+ * int path_chroot(const struct path \*path)
  *	Check for permission to change root directory.
- *	@path contains the path structure.
- *	Return 0 if permission is granted.
- * @path_notify:
+ *
+ *	* @path contains the path structure.
+ *	* Return %0 if permission is granted.
+ *
+ * int path_notify(const struct path \*path, u64 mask, unsigned int obj_type)
  *	Check permissions before setting a watch on events as defined by @mask,
  *	on an object at @path, whose type is defined by @obj_type.
- * @inode_readlink:
+ *
+ * int inode_readlink(struct dentry \*dentry)
  *	Check the permission to read the symbolic link.
- *	@dentry contains the dentry structure for the file link.
- *	Return 0 if permission is granted.
- * @inode_follow_link:
+ *
+ *	* @dentry contains the dentry structure for the file link.
+ *	* Return %0 if permission is granted.
+ *
+ * int inode_follow_link(struct dentry \*dentry, struct inode \*inode,  bool rcu)
  *	Check permission to follow a symbolic link when looking up a pathname.
- *	@dentry contains the dentry structure for the link.
- *	@inode contains the inode, which itself is not stable in RCU-walk
- *	@rcu indicates whether we are in RCU-walk mode.
- *	Return 0 if permission is granted.
- * @inode_permission:
+ *
+ *	* @dentry contains the dentry structure for the link.
+ *	* @inode contains the inode, which itself is not stable in RCU-walk
+ *	* @rcu indicates whether we are in RCU-walk mode.
+ *	* Return %0 if permission is granted.
+ *
+ * int inode_permission(struct inode \*inode, int mask)
  *	Check permission before accessing an inode.  This hook is called by the
  *	existing Linux permission function, so a security module can use it to
  *	provide additional checking for existing Linux permission checks.
  *	Notice that this hook is called when a file is opened (as well as many
- *	other operations), whereas the file_security_ops permission hook is
+ *	other operations), whereas the @file_security_ops() permission hook is
  *	called when the actual read/write operations are performed.
- *	@inode contains the inode structure to check.
- *	@mask contains the permission mask.
- *	Return 0 if permission is granted.
- * @inode_setattr:
+ *
+ *	* @inode contains the inode structure to check.
+ *	* @mask contains the permission mask.
+ *	* Return %0 if permission is granted.
+ *
+ * int inode_setattr(struct dentry \*dentry, struct iattr \*attr)
  *	Check permission before setting file attributes.  Note that the kernel
- *	call to notify_change is performed from several locations, whenever
+ *	call to @notify_change() is performed from several locations, whenever
  *	file attributes change (such as when a file is truncated, chown/chmod
  *	operations, transferring disk quotas, etc).
- *	@dentry contains the dentry structure for the file.
- *	@attr is the iattr structure containing the new file attributes.
- *	Return 0 if permission is granted.
- * @path_truncate:
+ *
+ *	* @dentry contains the dentry structure for the file.
+ *	* @attr is the @iattr structure containing the new file attributes.
+ *	* Return %0 if permission is granted.
+ *
+ * int path_truncate(const struct path \*path)
  *	Check permission before truncating a file.
- *	@path contains the path structure for the file.
- *	Return 0 if permission is granted.
- * @inode_getattr:
+ *
+ *	* @path contains the path structure for the file.
+ *	* Return %0 if permission is granted.
+ *
+ * int inode_getattr(const struct path \*path)
  *	Check permission before obtaining file attributes.
- *	@path contains the path structure for the file.
- *	Return 0 if permission is granted.
- * @inode_setxattr:
+ *
+ *	* @path contains the path structure for the file.
+ *	* Return %0 if permission is granted.
+ *
+ * int inode_setxattr(struct user_namespace \*mnt_userns, struct dentry \*dentry, const char \*name, const void \*value, size_t size, int flags)
  *	Check permission before setting the extended attributes
- *	@value identified by @name for @dentry.
- *	Return 0 if permission is granted.
- * @inode_post_setxattr:
- *	Update inode security field after successful setxattr operation.
- *	@value identified by @name for @dentry.
- * @inode_getxattr:
+ *
+ *	* @value identified by @name for @dentry.
+ *	* Return %0 if permission is granted.
+ *
+ * int inode_post_setxattr(struct dentry \*dentry, const char \*name, const void \*value, size_t size, int flags)
+ *	Update inode security field after successful @setxattr operation.
+ *
+ *	* @value identified by @name for @dentry.
+ *
+ * int inode_getxattr(struct dentry \*dentry, const char \*name)
  *	Check permission before obtaining the extended attributes
  *	identified by @name for @dentry.
- *	Return 0 if permission is granted.
- * @inode_listxattr:
+ *
+ *	* Return %0 if permission is granted.
+ *
+ * int inode_listxattr(struct dentry \*dentry)
  *	Check permission before obtaining the list of extended attribute
  *	names for @dentry.
- *	Return 0 if permission is granted.
- * @inode_removexattr:
+ *
+ *	* Return %0 if permission is granted.
+ *
+ * int inode_removexattr(struct user_namespace \*mnt_userns, struct dentry \*dentry, const char \*name)
  *	Check permission before removing the extended attribute
  *	identified by @name for @dentry.
- *	Return 0 if permission is granted.
- * @inode_getsecurity:
+ *
+ *	* Return %0 if permission is granted.
+ *
+ * int inode_getsecurity(struct user_namespace \*mnt_userns, struct inode \*inode, const char \*name, void \*\*buffer, bool alloc)
  *	Retrieve a copy of the extended attribute representation of the
  *	security label associated with @name for @inode via @buffer.  Note that
  *	@name is the remainder of the attribute name after the security prefix
  *	has been removed. @alloc is used to specify of the call should return a
  *	value via the buffer or just the value length Return size of buffer on
  *	success.
- * @inode_setsecurity:
+ *
+ * int inode_setsecurity(struct inode \*inode, const char \*name, const void \*value, size_t size, int flags)
  *	Set the security label associated with @name for @inode from the
  *	extended attribute value @value.  @size indicates the size of the
- *	@value in bytes.  @flags may be XATTR_CREATE, XATTR_REPLACE, or 0.
+ *	@value in bytes.  @flags may be %XATTR_CREATE, %XATTR_REPLACE, or %0.
  *	Note that @name is the remainder of the attribute name after the
  *	security. prefix has been removed.
- *	Return 0 on success.
- * @inode_listsecurity:
+ *
+ *	* Return %0 on success.
+ *
+ * int inode_listsecurity(struct inode \*inode, char \*buffer, size_t buffer_size)
  *	Copy the extended attribute names for the security labels
  *	associated with @inode into @buffer.  The maximum size of @buffer
- *	is specified by @buffer_size.  @buffer may be NULL to request
+ *	is specified by @buffer_size.  @buffer may be %NULL to request
  *	the size of the buffer required.
- *	Returns number of bytes used/required on success.
- * @inode_need_killpriv:
+ *
+ *	* Returns number of bytes used/required on success.
+ *
+ * int inode_need_killpriv(struct dentry \*dentry)
  *	Called when an inode has been changed.
- *	@dentry is the dentry being changed.
- *	Return <0 on error to abort the inode change operation.
- *	Return 0 if inode_killpriv does not need to be called.
- *	Return >0 if inode_killpriv does need to be called.
- * @inode_killpriv:
- *	The setuid bit is being removed.  Remove similar security labels.
- *	Called with the dentry->d_inode->i_mutex held.
- *	@mnt_userns: user namespace of the mount
- *	@dentry is the dentry being changed.
- *	Return 0 on success.  If error is returned, then the operation
- *	causing setuid bit removal is failed.
- * @inode_getsecid:
- *	Get the secid associated with the node.
- *	@inode contains a pointer to the inode.
- *	@secid contains a pointer to the location where result will be saved.
- *	In case of failure, @secid will be set to zero.
- * @inode_copy_up:
+ *
+ *	* @dentry is the dentry being changed.
+ *	* Return %<0 on error to abort the inode change operation.
+ *	* Return %0 if @inode_killpriv() does not need to be called.
+ *	* Return %>0 if @inode_killpriv() does need to be called.
+ *
+ * int inode_killpriv(struct user_namespace \*mnt_userns, struct dentry \*dentry)
+ *	The %setuid bit is being removed.  Remove similar security labels.
+ *	Called with the @dentry->d_inode->i_mutex held.
+ *
+ *	* @mnt_userns: user namespace of the mount
+ *	* @dentry is the dentry being changed.
+ *	* Return %0 on success.
+ *	* If error is returned, then the operation causing %setuid bit removal is failed.
+ *
+ * void inode_getsecid(struct inode \*inode, u32 \*secid)
+ *	Get the %secid associated with the node.
+ *
+ *	* @inode contains a pointer to the inode.
+ *	* @secid contains a pointer to the location where result will be saved.
+ *	* In case of failure, @secid will be set to zero.
+ *
+ * int inode_copy_up(struct dentry \*src, struct cred \*\*new)
  *	A file is about to be copied up from lower layer to upper layer of
  *	overlay filesystem. Security module can prepare a set of new creds
  *	and modify as need be and return new creds. Caller will switch to
  *	new creds temporarily to create new file and release newly allocated
  *	creds.
- *	@src indicates the union dentry of file that is being copied up.
- *	@new pointer to pointer to return newly allocated creds.
- *	Returns 0 on success or a negative error code on error.
- * @inode_copy_up_xattr:
+ *
+ *	* @src indicates the union @dentry of file that is being copied up.
+ *	* @new pointer to pointer to return newly allocated creds.
+ *	* Returns %0 on success or a negative error code on error.
+ *
+ * int inode_copy_up_xattr(const char \*name)
  *	Filter the xattrs being copied up when a unioned file is copied
  *	up from a lower layer to the union/overlay layer.
- *	@name indicates the name of the xattr.
- *	Returns 0 to accept the xattr, 1 to discard the xattr, -EOPNOTSUPP if
- *	security module does not know about attribute or a negative error code
- *	to abort the copy up. Note that the caller is responsible for reading
- *	and writing the xattrs as this hook is merely a filter.
- * @d_instantiate:
+ *	Note that the caller is responsible for reading and writing the
+ *	xattrs as this hook is merely a filter.
+ *
+ *	* @name indicates the name of the xattr.
+ *	* Returns %0 to accept the xattr,
+ *	* Returns %1 to discard the xattr,
+ *	* Returns %-EOPNOTSUPP if security module does not know about attribute or a negative error code to abort the copy up.
+ *
+ * void d_instantiate(struct dentry \*dentry, struct inode \*inode)
  * 	Fill in @inode security information for a @dentry if allowed.
- * @getprocattr:
+ *
+ * int getprocattr(struct task_struct \*p, char \*name, char \*\*value)
  * 	Read attribute @name for process @p and store it into @value if allowed.
- * @setprocattr:
+ *
+ * int setprocattr(const char \*name, void \*value, size_t size)
  * 	Write (set) attribute @name to @value, size @size if allowed.
  *
- * Security hooks for kernfs node operations
+ * **Security hooks for kernfs node operations:**
  *
- * @kernfs_init_security:
- *	Initialize the security context of a newly created kernfs node based
+ * int kernfs_init_security(struct kernfs_node \*kn_dir, struct kernfs_node \*kn)
+ *	Initialize the security context of a newly created @kernfs node based
  *	on its own and its parent's attributes.
  *
- *	@kn_dir the parent kernfs node
- *	@kn the new child kernfs node
+ *	* @kn_dir the parent kernfs node
+ *	* @kn the new child kernfs node
  *
- * Security hooks for file operations
+ * **Security hooks for file operations:**
  *
- * @file_permission:
+ * int file_permission(struct file \*file, int mask)
  *	Check file permissions before accessing an open file.  This hook is
  *	called by various operations that read or write files.  A security
  *	module can use this hook to perform additional checking on these
  *	operations, e.g.  to revalidate permissions on use to support privilege
  *	bracketing or policy changes.  Notice that this hook is used when the
  *	actual read/write operations are performed, whereas the
- *	inode_security_ops hook is called when a file is opened (as well as
+ *	@inode_security_ops() hook is called when a file is opened (as well as
  *	many other operations).
  *	Caveat:  Although this hook can be used to revalidate permissions for
  *	various system call operations that read or write files, it does not
  *	address the revalidation of permissions for memory-mapped files.
  *	Security modules must handle this separately if they need such
  *	revalidation.
- *	@file contains the file structure being accessed.
- *	@mask contains the requested permissions.
- *	Return 0 if permission is granted.
- * @file_alloc_security:
- *	Allocate and attach a security structure to the file->f_security field.
- *	The security field is initialized to NULL when the structure is first
+ *
+ *	* @file contains the file structure being accessed.
+ *	* @mask contains the requested permissions.
+ *	* Return %0 if permission is granted.
+ *
+ * int file_alloc_security(struct file \*file)
+ *	Allocate and attach a security structure to the @file->f_security field.
+ *	The security field is initialized to %NULL when the structure is first
  *	created.
- *	@file contains the file structure to secure.
- *	Return 0 if the hook is successful and permission is granted.
- * @file_free_security:
- *	Deallocate and free any security structures stored in file->f_security.
+ *
+ *	* @file contains the file structure to secure.
+ *	* Return %0 if the hook is successful and permission is granted.
+ *
+ * void file_free_security(struct file \*file)
+ *	Deallocate and free any security structures stored in @file->f_security.
+ *
  *	@file contains the file structure being modified.
- * @file_ioctl:
- *	@file contains the file structure.
- *	@cmd contains the operation to perform.
- *	@arg contains the operational arguments.
+ *
+ * int file_ioctl(struct file \*file, unsigned int cmd, unsigned long arg)
  *	Check permission for an ioctl operation on @file.  Note that @arg
  *	sometimes represents a user space pointer; in other cases, it may be a
  *	simple integer value.  When @arg represents a user space pointer, it
  *	should never be used by the security module.
- *	Return 0 if permission is granted.
- * @mmap_addr :
+ *
+ *	* @file contains the file structure.
+ *	* @cmd contains the operation to perform.
+ *	* @arg contains the operational arguments.
+ *	* Return %0 if permission is granted.
+ *
+ * int mmap_addr(unsigned long addr)
  *	Check permissions for a mmap operation at @addr.
- *	@addr contains virtual address that will be used for the operation.
- *	Return 0 if permission is granted.
- * @mmap_file :
- *	Check permissions for a mmap operation.  The @file may be NULL, e.g.
+ *
+ *	* @addr contains virtual address that will be used for the operation.
+ *	* Return %0 if permission is granted.
+ *
+ * int mmap_file(struct file \*file, unsigned long reqprot, unsigned long prot, unsigned long flags)
+ *	Check permissions for a @mmap operation.  The @file may be %NULL, e.g.
  *	if mapping anonymous memory.
- *	@file contains the file structure for file to map (may be NULL).
- *	@reqprot contains the protection requested by the application.
- *	@prot contains the protection that will be applied by the kernel.
- *	@flags contains the operational flags.
- *	Return 0 if permission is granted.
- * @file_mprotect:
+ *
+ *	* @file contains the file structure for file to map (may be %NULL).
+ *	* @reqprot contains the protection requested by the application.
+ *	* @prot contains the protection that will be applied by the kernel.
+ *	* @flags contains the operational flags.
+ *	* Return %0 if permission is granted.
+ *
+ * int file_mprotect(struct vm_area_struct \*vma, unsigned long reqprot, unsigned long prot)
  *	Check permissions before changing memory access permissions.
- *	@vma contains the memory region to modify.
- *	@reqprot contains the protection requested by the application.
- *	@prot contains the protection that will be applied by the kernel.
- *	Return 0 if permission is granted.
- * @file_lock:
+ *
+ *	* @vma contains the memory region to modify.
+ *	* @reqprot contains the protection requested by the application.
+ *	* @prot contains the protection that will be applied by the kernel.
+ *	* Return %0 if permission is granted.
+ *
+ * int file_lock(struct file \*file, unsigned int cmd)
  *	Check permission before performing file locking operations.
  *	Note the hook mediates both flock and fcntl style locks.
- *	@file contains the file structure.
- *	@cmd contains the posix-translated lock operation to perform
- *	(e.g. F_RDLCK, F_WRLCK).
- *	Return 0 if permission is granted.
- * @file_fcntl:
+ *
+ *	* @file contains the file structure.
+ *	* @cmd contains the posix-translated lock operation to perform (e.g. %F_RDLCK, %F_WRLCK).
+ *	* Return %0 if permission is granted.
+ *
+ * int file_fcntl(struct file \*file, unsigned int cmd, unsigned long arg)
  *	Check permission before allowing the file operation specified by @cmd
  *	from being performed on the file @file.  Note that @arg sometimes
  *	represents a user space pointer; in other cases, it may be a simple
  *	integer value.  When @arg represents a user space pointer, it should
  *	never be used by the security module.
- *	@file contains the file structure.
- *	@cmd contains the operation to be performed.
- *	@arg contains the operational arguments.
- *	Return 0 if permission is granted.
- * @file_set_fowner:
- *	Save owner security information (typically from current->security) in
- *	file->f_security for later use by the send_sigiotask hook.
- *	@file contains the file structure to update.
- *	Return 0 on success.
- * @file_send_sigiotask:
- *	Check permission for the file owner @fown to send SIGIO or SIGURG to the
+ *
+ *	* @file contains the file structure.
+ *	* @cmd contains the operation to be performed.
+ *	* @arg contains the operational arguments.
+ *	* Return %0 if permission is granted.
+ *
+ * void file_set_fowner(struct file \*file)
+ *	Save owner security information (typically from @current->security) in
+ *	@file->f_security for later use by the @send_sigiotask() hook.
+ *
+ *	* @file contains the file structure to update.
+ *
+ * int file_send_sigiotask(struct task_struct \*tsk, struct fown_struct \*fown, int sig)
+ *	Check permission for the file owner @fown to send %SIGIO or %SIGURG to the
  *	process @tsk.  Note that this hook is sometimes called from interrupt.
- *	Note that the fown_struct, @fown, is never outside the context of a
+ *	Note that the @fown_struct, @fown, is never outside the context of a
  *	struct file, so the file structure (and associated security information)
  *	can always be obtained: container_of(fown, struct file, f_owner)
- *	@tsk contains the structure of task receiving signal.
- *	@fown contains the file owner information.
- *	@sig is the signal that will be sent.  When 0, kernel sends SIGIO.
- *	Return 0 if permission is granted.
- * @file_receive:
+ *
+ *	* @tsk contains the structure of task receiving signal.
+ *	* @fown contains the file owner information.
+ *	* @sig is the signal that will be sent.  When 0, kernel sends %SIGIO.
+ *	* Return %0 if permission is granted.
+ *
+ * int file_receive(struct file \*file)
  *	This hook allows security modules to control the ability of a process
  *	to receive an open file descriptor via socket IPC.
- *	@file contains the file structure being received.
- *	Return 0 if permission is granted.
- * @file_open:
+ *
+ *	* @file contains the file structure being received.
+ *	* Return %0 if permission is granted.
+ *
+ * int file_open(struct file \*file)
  *	Save open-time permission checking state for later use upon
- *	file_permission, and recheck access if anything has changed
- *	since inode_permission.
+ *	@file_permission(), and recheck access if anything has changed
+ *	since @inode_permission().
  *
- * Security hooks for task operations.
+ * **Security hooks for task operations:**
  *
- * @task_alloc:
- *	@task task being allocated.
- *	@clone_flags contains the flags indicating what should be shared.
+ * int task_alloc(struct task_struct \*task, unsigned long clone_flags)
  *	Handle allocation of task-related resources.
- *	Returns a zero on success, negative values on failure.
- * @task_free:
- *	@task task about to be freed.
+ *
+ *	* @task task being allocated.
+ *	* @clone_flags contains the flags indicating what should be shared.
+ *	* Returns a zero on success, negative values on failure.
+ *
+ * void task_free(struct task_struct \*task)
  *	Handle release of task-related resources. (Note that this can be called
  *	from interrupt context.)
- * @cred_alloc_blank:
- *	@cred points to the credentials.
- *	@gfp indicates the atomicity of any memory allocations.
+ *
+ *	* @task task about to be freed.
+ *
+ * int cred_alloc_blank(struct cred \*cred, gfp_t gfp)
  *	Only allocate sufficient memory and attach to @cred such that
- *	cred_transfer() will not get ENOMEM.
- * @cred_free:
- *	@cred points to the credentials.
- *	Deallocate and clear the cred->security field in a set of credentials.
- * @cred_prepare:
- *	@new points to the new credentials.
- *	@old points to the original credentials.
- *	@gfp indicates the atomicity of any memory allocations.
+ *	@cred_transfer() will not get %ENOMEM.
+ *
+ *	* @cred points to the credentials.
+ *	* @gfp indicates the atomicity of any memory allocations.
+ *
+ * void cred_free(struct cred \*cred)
+ *	Deallocate and clear the @cred->security field in a set of credentials.
+ *
+ *	* @cred points to the credentials.
+ *
+ * int cred_prepare(struct cred \*new, const struct cred \*old, gfp_t gfp)
  *	Prepare a new set of credentials by copying the data from the old set.
- * @cred_transfer:
- *	@new points to the new credentials.
- *	@old points to the original credentials.
+ *
+ *	* @new points to the new credentials.
+ *	* @old points to the original credentials.
+ *	* @gfp indicates the atomicity of any memory allocations.
+ *
+ * void cred_transfer(cred_transfer, struct cred \*new, const struct cred \*old)
  *	Transfer data from original creds to new creds
- * @cred_getsecid:
+ *
+ *	* @new points to the new credentials.
+ *	* @old points to the original credentials.
+ *
+ * void cred_getsecid(const struct cred \*c, u32 \*secid)
  *	Retrieve the security identifier of the cred structure @c
  *	@c contains the credentials, secid will be placed into @secid.
  *	In case of failure, @secid will be set to zero.
- * @kernel_act_as:
+ *
+ * int kernel_act_as(struct cred \*new, u32 secid)
  *	Set the credentials for a kernel service to act as (subjective context).
- *	@new points to the credentials to be modified.
- *	@secid specifies the security ID to be set
  *	The current task must be the one that nominated @secid.
- *	Return 0 if successful.
- * @kernel_create_files_as:
+ *
+ *	* @new points to the credentials to be modified.
+ *	* @secid specifies the security ID to be set
+ *	* Return %0 if successful.
+ *
+ * int kernel_create_files_as(struct cred \*new, struct inode \*inode)
  *	Set the file creation context in a set of credentials to be the same as
  *	the objective context of the specified inode.
- *	@new points to the credentials to be modified.
- *	@inode points to the inode to use as a reference.
  *	The current task must be the one that nominated @inode.
- *	Return 0 if successful.
- * @kernel_module_request:
+ *
+ *	* @new points to the credentials to be modified.
+ *	* @inode points to the inode to use as a reference.
+ *	* Return %0 if successful.
+ *
+ * int kernel_module_request(char \*kmod_name)
  *	Ability to trigger the kernel to automatically upcall to userspace for
  *	userspace to load a kernel module with the given name.
- *	@kmod_name name of the module requested by the kernel
- *	Return 0 if successful.
- * @kernel_load_data:
+ *
+ *	* @kmod_name name of the module requested by the kernel
+ *	* Return %0 if successful.
+ *
+ * int kernel_load_data(enum kernel_load_data_id id, bool contents)
  *	Load data provided by userspace.
- *	@id kernel load data identifier
- *	@contents if a subsequent @kernel_post_load_data will be called.
- *	Return 0 if permission is granted.
- * @kernel_post_load_data:
+ *
+ *	* @id kernel load data identifier
+ *	* @contents if a subsequent @kernel_post_load_data will be called.
+ *	* Return %0 if permission is granted.
+ *
+ * int kernel_post_load_data(char \*buf, loff_t size, enum kernel_load_data_id id, char \*description)
  *	Load data provided by a non-file source (usually userspace buffer).
- *	@buf pointer to buffer containing the data contents.
- *	@size length of the data contents.
- *	@id kernel load data identifier
- *	@description a text description of what was loaded, @id-specific
- *	Return 0 if permission is granted.
  *	This must be paired with a prior @kernel_load_data call that had
  *	@contents set to true.
- * @kernel_read_file:
+ *
+ *	* @buf pointer to buffer containing the data contents.
+ *	* @size length of the data contents.
+ *	* @id kernel load data identifier
+ *	* @description a text description of what was loaded, id-specific
+ *	* Return %0 if permission is granted.
+ *
+ * int kernel_read_file(struct file \*file, enum kernel_read_file_id id, bool contents)
  *	Read a file specified by userspace.
- *	@file contains the file structure pointing to the file being read
- *	by the kernel.
- *	@id kernel read file identifier
- *	@contents if a subsequent @kernel_post_read_file will be called.
- *	Return 0 if permission is granted.
- * @kernel_post_read_file:
+ *
+ *	* @file contains the file structure pointing to the file being read by the kernel.
+ *	* @id kernel read file identifier
+ *	* @contents if a subsequent @kernel_post_read_file will be called.
+ *	* Return %0 if permission is granted.
+ *
+ * int kernel_post_read_file(struct file \*file, char \*buf, loff_t size, enum kernel_read_file_id id)
  *	Read a file specified by userspace.
- *	@file contains the file structure pointing to the file being read
- *	by the kernel.
- *	@buf pointer to buffer containing the file contents.
- *	@size length of the file contents.
- *	@id kernel read file identifier
- *	This must be paired with a prior @kernel_read_file call that had
- *	@contents set to true.
- *	Return 0 if permission is granted.
- * @task_fix_setuid:
+ *
+ *	* @file contains the file structure pointing to the file being read by the kernel.
+ *	* @buf pointer to buffer containing the file contents.
+ *	* @size length of the file contents.
+ *	* @id kernel read file identifier. This must be paired with a prior @kernel_read_file() call that had @contents set to true.
+ *	* Return %0 if permission is granted.
+ *
+ * int task_fix_setuid(struct cred \*new, const struct cred \*old, int flags)
  *	Update the module's state after setting one or more of the user
  *	identity attributes of the current process.  The @flags parameter
  *	indicates which of the set*uid system calls invoked this hook.  If
  *	@new is the set of credentials that will be installed.  Modifications
  *	should be made to this rather than to @current->cred.
  *	@old is the set of credentials that are being replaces
- *	@flags contains one of the LSM_SETID_* values.
- *	Return 0 on success.
- * @task_fix_setgid:
+ *	@flags contains one of the %LSM_SETID_\* values.
+ *
+ *	* Return %0 on success.
+ *
+ * int task_fix_setgid(struct cred \*new, const struct cred \*old, int flags)
  *	Update the module's state after setting one or more of the group
  *	identity attributes of the current process.  The @flags parameter
- *	indicates which of the set*gid system calls invoked this hook.
- *	@new is the set of credentials that will be installed.  Modifications
- *	should be made to this rather than to @current->cred.
- *	@old is the set of credentials that are being replaced.
- *	@flags contains one of the LSM_SETID_* values.
- *	Return 0 on success.
- * @task_setpgid:
+ *	indicates which of the set\*gid() system calls invoked this hook.
+ *
+ *	* @new is the set of credentials that will be installed.  Modifications should be made to this rather than to @current->cred.
+ *	* @old is the set of credentials that are being replaced.
+ *	* @flags contains one of the %LSM_SETID_\* values.
+ *	* Return %0 on success.
+ *
+ * int task_setpgid(struct task_struct \*p, pid_t pgid)
  *	Check permission before setting the process group identifier of the
  *	process @p to @pgid.
- *	@p contains the task_struct for process being modified.
- *	@pgid contains the new pgid.
- *	Return 0 if permission is granted.
- * @task_getpgid:
+ *
+ *	* @p contains the task_struct for process being modified.
+ *	* @pgid contains the new @pgid.
+ *	* Return %0 if permission is granted.
+ *
+ * int task_getpgid(struct task_struct \*p)
  *	Check permission before getting the process group identifier of the
  *	process @p.
- *	@p contains the task_struct for the process.
- *	Return 0 if permission is granted.
- * @task_getsid:
+ *
+ *	* @p contains the task_struct for the process.
+ *	* Return %0 if permission is granted.
+ *
+ * int task_getsid(struct task_struct \*p)
  *	Check permission before getting the session identifier of the process
  *	@p.
- *	@p contains the task_struct for the process.
- *	Return 0 if permission is granted.
- * @task_getsecid:
+ *
+ *	* @p contains the task_struct for the process.
+ *	* Return %0 if permission is granted.
+ *
+ * void task_getsecid(struct task_struct \*p, u32 \*secid)
  *	Retrieve the security identifier of the process @p.
- *	@p contains the task_struct for the process and place is into @secid.
- *	In case of failure, @secid will be set to zero.
  *
- * @task_setnice:
+ *	* @p contains the task_struct for the process and place is into @secid.
+ *	* In case of failure, @secid will be set to zero.
+ *
+ * int task_setnice(struct task_struct \*p, int nice)
  *	Check permission before setting the nice value of @p to @nice.
- *	@p contains the task_struct of process.
- *	@nice contains the new nice value.
- *	Return 0 if permission is granted.
- * @task_setioprio:
+ *
+ *	* @p contains the task_struct of process.
+ *	* @nice contains the new nice value.
+ *	* Return %0 if permission is granted.
+ *
+ * int task_setioprio(struct task_struct \*p, int ioprio)
  *	Check permission before setting the ioprio value of @p to @ioprio.
- *	@p contains the task_struct of process.
- *	@ioprio contains the new ioprio value
- *	Return 0 if permission is granted.
- * @task_getioprio:
+ *
+ *	* @p contains the task_struct of process.
+ *	* @ioprio contains the new @ioprio value
+ *	* Return %0 if permission is granted.
+ *
+ * int task_getioprio(struct task_struct \*p)
  *	Check permission before getting the ioprio value of @p.
- *	@p contains the task_struct of process.
- *	Return 0 if permission is granted.
- * @task_prlimit:
+ *
+ *	* @p contains the task_struct of process.
+ *	* Return %0 if permission is granted.
+ *
+ * int task_prlimit(const struct cred \*cred, const struct cred \*tcred, unsigned int flags)
  *	Check permission before getting and/or setting the resource limits of
  *	another task.
- *	@cred points to the cred structure for the current task.
- *	@tcred points to the cred structure for the target task.
- *	@flags contains the LSM_PRLIMIT_* flag bits indicating whether the
- *	resource limits are being read, modified, or both.
- *	Return 0 if permission is granted.
- * @task_setrlimit:
+ *
+ *	* @cred points to the @cred structure for the current task.
+ *	* @tcred points to the @cred structure for the target task.
+ *	* @flags contains the %LSM_PRLIMIT_\* flag bits indicating whether the resource limits are being read, modified, or both.
+ *	* Return %0 if permission is granted.
+ *
+ * int task_setrlimit(struct task_struct \*p, unsigned int resource, struct rlimit \*new_rlim)
  *	Check permission before setting the resource limits of process @p
  *	for @resource to @new_rlim.  The old resource limit values can
  *	be examined by dereferencing (p->signal->rlim + resource).
- *	@p points to the task_struct for the target task's group leader.
- *	@resource contains the resource whose limit is being set.
- *	@new_rlim contains the new limits for @resource.
- *	Return 0 if permission is granted.
- * @task_setscheduler:
+ *
+ *	* @p points to the task_struct for the target task's group leader.
+ *	* @resource contains the resource whose limit is being set.
+ *	* @new_rlim contains the new limits for @resource.
+ *	* Return %0 if permission is granted.
+ *
+ * int task_setscheduler(struct task_struct \*p)
  *	Check permission before setting scheduling policy and/or parameters of
  *	process @p.
- *	@p contains the task_struct for process.
- *	Return 0 if permission is granted.
- * @task_getscheduler:
+ *
+ *	* @p contains the task_struct for process.
+ *	* Return %0 if permission is granted.
+ *
+ * int task_getscheduler(struct task_struct \*p)
  *	Check permission before obtaining scheduling information for process
  *	@p.
- *	@p contains the task_struct for process.
- *	Return 0 if permission is granted.
- * @task_movememory:
+ *
+ *	* @p contains the task_struct for process.
+ *	* Return %0 if permission is granted.
+ *
+ * int task_movememory(struct task_struct \*p)
  *	Check permission before moving memory owned by process @p.
- *	@p contains the task_struct for process.
- *	Return 0 if permission is granted.
- * @task_kill:
- *	Check permission before sending signal @sig to @p.  @info can be NULL,
- *	the constant 1, or a pointer to a kernel_siginfo structure.  If @info is 1 or
+ *
+ *	* @p contains the task_struct for process.
+ *	* Return %0 if permission is granted.
+ *
+ * int task_kill(struct task_struct \*p, struct kernel_siginfo \*info, int sig, const struct cred \*cred)
+ *	Check permission before sending signal @sig to @p.  @info can be %NULL,
+ *	the constant %1, or a pointer to a @kernel_siginfo structure.  If @info is %1 or
  *	SI_FROMKERNEL(info) is true, then the signal should be viewed as coming
  *	from the kernel and should typically be permitted.
- *	SIGIO signals are handled separately by the send_sigiotask hook in
- *	file_security_ops.
- *	@p contains the task_struct for process.
- *	@info contains the signal information.
- *	@sig contains the signal value.
- *	@cred contains the cred of the process where the signal originated, or
- *	NULL if the current task is the originator.
- *	Return 0 if permission is granted.
+ *	%SIGIO signals are handled separately by the @send_sigiotask() hook in
+ *	@file_security_ops().
+ *
+ *	* @p contains the task_struct for process.
+ *	* @info contains the signal information.
+ *	* @sig contains the signal value.
+ *	* @cred contains the cred of the process where the signal originated, or %NULL if the current task is the originator.
+ *	* Return %0 if permission is granted.
  * @task_prctl:
  *	Check permission before performing a process control operation on the
  *	current process.
-- 
2.29.2



More information about the Linux-security-module-archive mailing list