security: switched to stackable model for PFT/PFK module

				    struct fown_struct *fown, int sig);

	int (*file_receive) (struct file *file);

	int (*file_open) (struct file *file, const struct cred *cred);

	int (*file_close)(struct file *file);

	bool (*allow_merge_bio)(struct bio *bio1, struct bio *bio2);

	int (*task_create) (unsigned long clone_flags);

				 struct fown_struct *fown, int sig);

int security_file_receive(struct file *file);

int security_file_open(struct file *file, const struct cred *cred);

int security_file_close(struct file *file);

bool security_allow_merge_bio(struct bio *bio1, struct bio *bio2);

int security_task_create(unsigned long clone_flags);

	return 0;

}

static inline int security_file_close(struct file *file)

{

	return 0;

}

static inline bool security_allow_merge_bio(struct bio *bio1, struct bio *bio2)

{

	return true;

	bool "Per-File-Key driver"

	depends on SECURITY

	depends on ECRYPT_FS

	depends on SECURITY_SELINUX

	default n

	help

		This driver is used for storing eCryptfs information

	return filename;

}

static int pfk_inode_alloc_security(struct inode *inode)

{

	struct inode_security_struct *i_sec = NULL;

	if (inode == NULL)

		return -EINVAL;

	i_sec = kzalloc(sizeof(*i_sec), GFP_KERNEL);

	if (i_sec == NULL)

		return -ENOMEM;

	inode->i_security = i_sec;

	return 0;

}

static void pfk_inode_free_security(struct inode *inode)

{

	if (inode == NULL)

		return;

	kzfree(inode->i_security);

}

static struct security_operations pfk_security_ops = {

	.name			= "pfk",

	.inode_alloc_security	= pfk_inode_alloc_security,

	.inode_free_security	= pfk_inode_free_security,

	.allow_merge_bio	= pfk_allow_merge_bio,

};

static int __init pfk_lsm_init(void)

{

	int ret;

	/* Check if PFK is the chosen lsm via security_module_enable() */

	if (security_module_enable(&pfk_security_ops)) {

		/* replace null callbacks with empty callbacks */

		security_fixup_ops(&pfk_security_ops);

		ret = register_security(&pfk_security_ops);

		if (ret != 0) {

			pr_err("pfk lsm registeration failed, ret=%d.\n", ret);

			return ret;

		}

		pr_debug("pfk is the chosen lsm, registered successfully !\n");

	} else {

		pr_debug("pfk is not the chosen lsm.\n");

	if (!selinux_is_enabled()) {

		pr_err("se linux is not enabled.\n");

		return -ENODEV;

	}

	}

	return 0;

}

/*

 * Copyright (c) 2014-2015, The Linux Foundation. All rights reserved.

 * Copyright (c) 2014-2016, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and

		ret = register_security(&pft_security_ops);

		if (ret) {

			pr_err("pft lsm registeration failed, ret=%d.\n", ret);

			return 0;

			return ret;

		}

		dev->is_chosen_lsm = true;

		pr_debug("pft is the chosen lsm, registered successfully !\n");

	} else {

		pr_debug("pft is not the chosen lsm.\n");

		pr_err("pft is not the chosen lsm.\n");

		return -ENODEV;

	}

	return 0;

#include <linux/mount.h>

#include <linux/personality.h>

#include <linux/backing-dev.h>

#include <linux/pfk.h>

#include <net/flow.h>

#define MAX_LSM_EVM_XATTR	2

	return fsnotify_perm(file, MAY_OPEN);

}

int security_file_close(struct file *file)

{

	if (security_ops->file_close)

		return security_ops->file_close(file);

	return 0;

}

bool security_allow_merge_bio(struct bio *bio1, struct bio *bio2)

{

	bool ret = pfk_allow_merge_bio(bio1, bio2);

	if (security_ops->allow_merge_bio)

		return security_ops->allow_merge_bio(bio1, bio2);

		ret = ret && security_ops->allow_merge_bio(bio1, bio2);

	return true;

	return ret;

}

int security_task_create(unsigned long clone_flags)