Merge "security: switched to stackable model for PFT/PFK module"

				 struct fown_struct *fown, int sig);

int security_file_receive(struct file *file);

int security_file_open(struct file *file, const struct cred *cred);

int security_file_close(struct file *file);

int security_task_create(unsigned long clone_flags);

void security_task_free(struct task_struct *task);

int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);

	return 0;

}

static inline int security_file_close(struct file *file)

{

	return 0;

}

static inline int security_task_create(unsigned long clone_flags)

{

	return 0;

config PFK

	bool "Per-File-Key driver"

	depends on SECURITY

	depends on SECURITY_SELINUX

	default n

	help

		This driver is used for storing eCryptfs information

/*

 * Copyright (c) 2015-2016, The Linux Foundation. All rights reserved.

 * Copyright (c) 2015-2017, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and

	return true;

}

static int pfk_ecryptfs_inode_alloc_security(struct inode *inode)

{

	struct inode_security_struct *i_sec = NULL;

	if (inode == NULL)

		return -EINVAL;

	i_sec = kzalloc(sizeof(*i_sec), GFP_KERNEL);

	if (i_sec == NULL)

		return -ENOMEM;

	inode->i_security = i_sec;

	return 0;

}

static void pfk_ecryptfs_inode_free_security(struct inode *inode)

{

	if (inode == NULL)

		return;

	kzfree(inode->i_security);

}

static struct security_hook_list pfk_ecryptfs_hooks[] = {

	LSM_HOOK_INIT(inode_alloc_security, pfk_ecryptfs_inode_alloc_security),

	LSM_HOOK_INIT(inode_free_security, pfk_ecryptfs_inode_free_security),

};

/*

 *  pfk_ecryptfs_lsm_init() - makes sure either se-linux or pfk_ecryptfs are

 *  registered as security module.

 *  pfk_ecryptfs_lsm_init() - makes sure either se-linux is

 *  registered as security module as it is required by pfk_ecryptfs.

 *

 *  This is required because ecryptfs uses a field inside security struct in

 *  inode to store its info

 */

static int __init pfk_ecryptfs_lsm_init(void)

{

	/* Check if PFK is the chosen lsm via security_module_enable() */

	if (security_module_enable("pfk_ecryptfs")) {

		security_add_hooks(pfk_ecryptfs_hooks,

			ARRAY_SIZE(pfk_ecryptfs_hooks));

		pr_debug("pfk_ecryptfs is the chosen lsm, registered successfully !\n");

	} else {

		pr_debug("pfk_ecryptfs is not the chosen lsm.\n");

	if (!selinux_is_enabled()) {

			pr_err("se linux is not enabled.\n");

		pr_err("PFE eCryptfs requires se linux to be enabled\n");

		return -ENODEV;

	}

	}

	return 0;

}

/*

 * Copyright (c) 2016, The Linux Foundation. All rights reserved.

 * Copyright (c) 2016-2017, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and

	LSM_HOOK_INIT(file_open, pft_file_open),

	LSM_HOOK_INIT(file_permission, pft_file_permission),

	LSM_HOOK_INIT(file_close, pft_file_close),

	LSM_HOOK_INIT(allow_merge_bio, pft_allow_merge_bio),

};

static int __init pft_lsm_init(struct pft_device *dev)

		dev->is_chosen_lsm = true;

		pr_debug("pft is the chosen lsm, registered successfully !\n");

	} else {

		pr_debug("pft is not the chosen lsm.\n");

		pr_err("pft is not the chosen lsm\n");

		return -ENODEV;

	}

	return 0;

	return fsnotify_perm(file, MAY_OPEN);

}

int security_file_close(struct file *file)

{

	return call_int_hook(file_close, 0, file);

}

int security_task_create(unsigned long clone_flags)

{

	return call_int_hook(task_create, 0, clone_flags);