security: add/fix security kernel-doc

  <chapter id="security">

     <title>Security Framework</title>

!Isecurity/security.c

!Esecurity/inode.c

  </chapter>

  <chapter id="audit">

 * @name: a pointer to a string containing the name of the file to create.

 * @mode: the permission that the file should have

 * @parent: a pointer to the parent dentry for this file.  This should be a

 *          directory dentry if set.  If this paramater is NULL, then the

 *          directory dentry if set.  If this parameter is %NULL, then the

 *          file will be created in the root of the securityfs filesystem.

 * @data: a pointer to something that the caller will want to get to later

 *        on.  The inode.i_private pointer will point to this value on

 *        this file.

 *

 * This is the basic "create a file" function for securityfs.  It allows for a

 * wide range of flexibility in createing a file, or a directory (if you

 * wide range of flexibility in creating a file, or a directory (if you

 * want to create a directory, the securityfs_create_dir() function is

 * recommended to be used instead.)

 * recommended to be used instead).

 *

 * This function will return a pointer to a dentry if it succeeds.  This

 * This function returns a pointer to a dentry if it succeeds.  This

 * pointer must be passed to the securityfs_remove() function when the file is

 * to be removed (no automatic cleanup happens if your module is unloaded,

 * you are responsible here.)  If an error occurs, NULL will be returned.

 * you are responsible here).  If an error occurs, %NULL is returned.

 *

 * If securityfs is not enabled in the kernel, the value -ENODEV will be

 * If securityfs is not enabled in the kernel, the value %-ENODEV is

 * returned.  It is not wise to check for this value, but rather, check for

 * NULL or !NULL instead as to eliminate the need for #ifdef in the calling

 * %NULL or !%NULL instead as to eliminate the need for #ifdef in the calling

 * code.

 */

struct dentry *securityfs_create_file(const char *name, mode_t mode,

 * @name: a pointer to a string containing the name of the directory to

 *        create.

 * @parent: a pointer to the parent dentry for this file.  This should be a

 *          directory dentry if set.  If this paramater is NULL, then the

 *          directory dentry if set.  If this parameter is %NULL, then the

 *          directory will be created in the root of the securityfs filesystem.

 *

 * This function creates a directory in securityfs with the given name.

 * This function creates a directory in securityfs with the given @name.

 *

 * This function will return a pointer to a dentry if it succeeds.  This

 * This function returns a pointer to a dentry if it succeeds.  This

 * pointer must be passed to the securityfs_remove() function when the file is

 * to be removed (no automatic cleanup happens if your module is unloaded,

 * you are responsible here.)  If an error occurs, NULL will be returned.

 * you are responsible here).  If an error occurs, %NULL will be returned.

 *

 * If securityfs is not enabled in the kernel, the value -ENODEV will be

 * If securityfs is not enabled in the kernel, the value %-ENODEV is

 * returned.  It is not wise to check for this value, but rather, check for

 * NULL or !NULL instead as to eliminate the need for #ifdef in the calling

 * %NULL or !%NULL instead as to eliminate the need for #ifdef in the calling

 * code.

 */

struct dentry *securityfs_create_dir(const char *name, struct dentry *parent)

/**

 * securityfs_remove - removes a file or directory from the securityfs filesystem

 *

 * @dentry: a pointer to a the dentry of the file or directory to be

 *          removed.

 * @dentry: a pointer to a the dentry of the file or directory to be removed.

 *

 * This function removes a file or directory in securityfs that was previously

 * created with a call to another securityfs function (like

 * securityfs_create_file() or variants thereof.)

 *

 * This function is required to be called in order for the file to be

 * removed, no automatic cleanup of files will happen when a module is

 * removed, you are responsible here.

 * removed. No automatic cleanup of files will happen when a module is

 * removed; you are responsible here.

 */

void securityfs_remove(struct dentry *dentry)

{

 *

 * Return true if:

 *	-The passed LSM is the one chosen by user at boot time,

 *	-or user didsn't specify a specific LSM and we're the first to ask

 *	 for registeration permissoin,

 *	-or user didn't specify a specific LSM and we're the first to ask

 *	 for registration permission,

 *	-or the passed LSM is currently loaded.

 * Otherwise, return false.

 */

 * register_security - registers a security framework with the kernel

 * @ops: a pointer to the struct security_options that is to be registered

 *

 * This function is to allow a security module to register itself with the

 * This function allows a security module to register itself with the

 * kernel security subsystem.  Some rudimentary checking is done on the @ops

 * value passed to this function. You'll need to check first if your LSM

 * is allowed to register its @ops by calling security_module_enable(@ops).

 *

 * If there is already a security module registered with the kernel,

 * an error will be returned.  Otherwise 0 is returned on success.

 * an error will be returned.  Otherwise %0 is returned on success.

 */

int register_security(struct security_operations *ops)

{