summaryrefslogtreecommitdiff
path: root/security/security.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-05-03 18:50:52 +0300
committerLinus Torvalds <torvalds@linux-foundation.org>2017-05-03 18:50:52 +0300
commit0302e28dee643932ee7b3c112ebccdbb9f8ec32c (patch)
tree405d4cb3f772ef069ed7f291adc4b74a4e73346e /security/security.c
parent89c9fea3c8034cdb2fd745f551cde0b507fd6893 (diff)
parent8979b02aaf1d6de8d52cc143aa4da961ed32e5a2 (diff)
downloadlinux-0302e28dee643932ee7b3c112ebccdbb9f8ec32c.tar.xz
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris: "Highlights: IMA: - provide ">" and "<" operators for fowner/uid/euid rules KEYS: - add a system blacklist keyring - add KEYCTL_RESTRICT_KEYRING, exposes keyring link restriction functionality to userland via keyctl() LSM: - harden LSM API with __ro_after_init - add prlmit security hook, implement for SELinux - revive security_task_alloc hook TPM: - implement contextual TPM command 'spaces'" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (98 commits) tpm: Fix reference count to main device tpm_tis: convert to using locality callbacks tpm: fix handling of the TPM 2.0 event logs tpm_crb: remove a cruft constant keys: select CONFIG_CRYPTO when selecting DH / KDF apparmor: Make path_max parameter readonly apparmor: fix parameters so that the permission test is bypassed at boot apparmor: fix invalid reference to index variable of iterator line 836 apparmor: use SHASH_DESC_ON_STACK security/apparmor/lsm.c: set debug messages apparmor: fix boolreturn.cocci warnings Smack: Use GFP_KERNEL for smk_netlbl_mls(). smack: fix double free in smack_parse_opts_str() KEYS: add SP800-56A KDF support for DH KEYS: Keyring asymmetric key restrict method with chaining KEYS: Restrict asymmetric key linkage using a specific keychain KEYS: Add a lookup_restriction function for the asymmetric key type KEYS: Add KEYCTL_RESTRICT_KEYRING KEYS: Consistent ordering for __key_link_begin and restrict check KEYS: Add an optional lookup_restriction hook to key_type ...
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c370
1 files changed, 18 insertions, 352 deletions
diff --git a/security/security.c b/security/security.c
index 23555c5504f6..b9fea3999cf8 100644
--- a/security/security.c
+++ b/security/security.c
@@ -32,6 +32,7 @@
/* Maximum number of letters for an LSM name string */
#define SECURITY_NAME_MAX 10
+struct security_hook_heads security_hook_heads __lsm_ro_after_init;
char *lsm_names;
/* Boot-time LSM user choice */
static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
@@ -54,6 +55,12 @@ static void __init do_security_initcalls(void)
*/
int __init security_init(void)
{
+ int i;
+ struct list_head *list = (struct list_head *) &security_hook_heads;
+
+ for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct list_head);
+ i++)
+ INIT_LIST_HEAD(&list[i]);
pr_info("Security Framework initialized\n");
/*
@@ -934,6 +941,11 @@ int security_task_create(unsigned long clone_flags)
return call_int_hook(task_create, 0, clone_flags);
}
+int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
+{
+ return call_int_hook(task_alloc, 0, task, clone_flags);
+}
+
void security_task_free(struct task_struct *task)
{
call_void_hook(task_free, task);
@@ -1040,6 +1052,12 @@ int security_task_getioprio(struct task_struct *p)
return call_int_hook(task_getioprio, 0, p);
}
+int security_task_prlimit(const struct cred *cred, const struct cred *tcred,
+ unsigned int flags)
+{
+ return call_int_hook(task_prlimit, 0, cred, tcred, flags);
+}
+
int security_task_setrlimit(struct task_struct *p, unsigned int resource,
struct rlimit *new_rlim)
{
@@ -1625,355 +1643,3 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
actx);
}
#endif /* CONFIG_AUDIT */
-
-struct security_hook_heads security_hook_heads = {
- .binder_set_context_mgr =
- LIST_HEAD_INIT(security_hook_heads.binder_set_context_mgr),
- .binder_transaction =
- LIST_HEAD_INIT(security_hook_heads.binder_transaction),
- .binder_transfer_binder =
- LIST_HEAD_INIT(security_hook_heads.binder_transfer_binder),
- .binder_transfer_file =
- LIST_HEAD_INIT(security_hook_heads.binder_transfer_file),
-
- .ptrace_access_check =
- LIST_HEAD_INIT(security_hook_heads.ptrace_access_check),
- .ptrace_traceme =
- LIST_HEAD_INIT(security_hook_heads.ptrace_traceme),
- .capget = LIST_HEAD_INIT(security_hook_heads.capget),
- .capset = LIST_HEAD_INIT(security_hook_heads.capset),
- .capable = LIST_HEAD_INIT(security_hook_heads.capable),
- .quotactl = LIST_HEAD_INIT(security_hook_heads.quotactl),
- .quota_on = LIST_HEAD_INIT(security_hook_heads.quota_on),
- .syslog = LIST_HEAD_INIT(security_hook_heads.syslog),
- .settime = LIST_HEAD_INIT(security_hook_heads.settime),
- .vm_enough_memory =
- LIST_HEAD_INIT(security_hook_heads.vm_enough_memory),
- .bprm_set_creds =
- LIST_HEAD_INIT(security_hook_heads.bprm_set_creds),
- .bprm_check_security =
- LIST_HEAD_INIT(security_hook_heads.bprm_check_security),
- .bprm_secureexec =
- LIST_HEAD_INIT(security_hook_heads.bprm_secureexec),
- .bprm_committing_creds =
- LIST_HEAD_INIT(security_hook_heads.bprm_committing_creds),
- .bprm_committed_creds =
- LIST_HEAD_INIT(security_hook_heads.bprm_committed_creds),
- .sb_alloc_security =
- LIST_HEAD_INIT(security_hook_heads.sb_alloc_security),
- .sb_free_security =
- LIST_HEAD_INIT(security_hook_heads.sb_free_security),
- .sb_copy_data = LIST_HEAD_INIT(security_hook_heads.sb_copy_data),
- .sb_remount = LIST_HEAD_INIT(security_hook_heads.sb_remount),
- .sb_kern_mount =
- LIST_HEAD_INIT(security_hook_heads.sb_kern_mount),
- .sb_show_options =
- LIST_HEAD_INIT(security_hook_heads.sb_show_options),
- .sb_statfs = LIST_HEAD_INIT(security_hook_heads.sb_statfs),
- .sb_mount = LIST_HEAD_INIT(security_hook_heads.sb_mount),
- .sb_umount = LIST_HEAD_INIT(security_hook_heads.sb_umount),
- .sb_pivotroot = LIST_HEAD_INIT(security_hook_heads.sb_pivotroot),
- .sb_set_mnt_opts =
- LIST_HEAD_INIT(security_hook_heads.sb_set_mnt_opts),
- .sb_clone_mnt_opts =
- LIST_HEAD_INIT(security_hook_heads.sb_clone_mnt_opts),
- .sb_parse_opts_str =
- LIST_HEAD_INIT(security_hook_heads.sb_parse_opts_str),
- .dentry_init_security =
- LIST_HEAD_INIT(security_hook_heads.dentry_init_security),
- .dentry_create_files_as =
- LIST_HEAD_INIT(security_hook_heads.dentry_create_files_as),
-#ifdef CONFIG_SECURITY_PATH
- .path_unlink = LIST_HEAD_INIT(security_hook_heads.path_unlink),
- .path_mkdir = LIST_HEAD_INIT(security_hook_heads.path_mkdir),
- .path_rmdir = LIST_HEAD_INIT(security_hook_heads.path_rmdir),
- .path_mknod = LIST_HEAD_INIT(security_hook_heads.path_mknod),
- .path_truncate =
- LIST_HEAD_INIT(security_hook_heads.path_truncate),
- .path_symlink = LIST_HEAD_INIT(security_hook_heads.path_symlink),
- .path_link = LIST_HEAD_INIT(security_hook_heads.path_link),
- .path_rename = LIST_HEAD_INIT(security_hook_heads.path_rename),
- .path_chmod = LIST_HEAD_INIT(security_hook_heads.path_chmod),
- .path_chown = LIST_HEAD_INIT(security_hook_heads.path_chown),
- .path_chroot = LIST_HEAD_INIT(security_hook_heads.path_chroot),
-#endif
- .inode_alloc_security =
- LIST_HEAD_INIT(security_hook_heads.inode_alloc_security),
- .inode_free_security =
- LIST_HEAD_INIT(security_hook_heads.inode_free_security),
- .inode_init_security =
- LIST_HEAD_INIT(security_hook_heads.inode_init_security),
- .inode_create = LIST_HEAD_INIT(security_hook_heads.inode_create),
- .inode_link = LIST_HEAD_INIT(security_hook_heads.inode_link),
- .inode_unlink = LIST_HEAD_INIT(security_hook_heads.inode_unlink),
- .inode_symlink =
- LIST_HEAD_INIT(security_hook_heads.inode_symlink),
- .inode_mkdir = LIST_HEAD_INIT(security_hook_heads.inode_mkdir),
- .inode_rmdir = LIST_HEAD_INIT(security_hook_heads.inode_rmdir),
- .inode_mknod = LIST_HEAD_INIT(security_hook_heads.inode_mknod),
- .inode_rename = LIST_HEAD_INIT(security_hook_heads.inode_rename),
- .inode_readlink =
- LIST_HEAD_INIT(security_hook_heads.inode_readlink),
- .inode_follow_link =
- LIST_HEAD_INIT(security_hook_heads.inode_follow_link),
- .inode_permission =
- LIST_HEAD_INIT(security_hook_heads.inode_permission),
- .inode_setattr =
- LIST_HEAD_INIT(security_hook_heads.inode_setattr),
- .inode_getattr =
- LIST_HEAD_INIT(security_hook_heads.inode_getattr),
- .inode_setxattr =
- LIST_HEAD_INIT(security_hook_heads.inode_setxattr),
- .inode_post_setxattr =
- LIST_HEAD_INIT(security_hook_heads.inode_post_setxattr),
- .inode_getxattr =
- LIST_HEAD_INIT(security_hook_heads.inode_getxattr),
- .inode_listxattr =
- LIST_HEAD_INIT(security_hook_heads.inode_listxattr),
- .inode_removexattr =
- LIST_HEAD_INIT(security_hook_heads.inode_removexattr),
- .inode_need_killpriv =
- LIST_HEAD_INIT(security_hook_heads.inode_need_killpriv),
- .inode_killpriv =
- LIST_HEAD_INIT(security_hook_heads.inode_killpriv),
- .inode_getsecurity =
- LIST_HEAD_INIT(security_hook_heads.inode_getsecurity),
- .inode_setsecurity =
- LIST_HEAD_INIT(security_hook_heads.inode_setsecurity),
- .inode_listsecurity =
- LIST_HEAD_INIT(security_hook_heads.inode_listsecurity),
- .inode_getsecid =
- LIST_HEAD_INIT(security_hook_heads.inode_getsecid),
- .inode_copy_up =
- LIST_HEAD_INIT(security_hook_heads.inode_copy_up),
- .inode_copy_up_xattr =
- LIST_HEAD_INIT(security_hook_heads.inode_copy_up_xattr),
- .file_permission =
- LIST_HEAD_INIT(security_hook_heads.file_permission),
- .file_alloc_security =
- LIST_HEAD_INIT(security_hook_heads.file_alloc_security),
- .file_free_security =
- LIST_HEAD_INIT(security_hook_heads.file_free_security),
- .file_ioctl = LIST_HEAD_INIT(security_hook_heads.file_ioctl),
- .mmap_addr = LIST_HEAD_INIT(security_hook_heads.mmap_addr),
- .mmap_file = LIST_HEAD_INIT(security_hook_heads.mmap_file),
- .file_mprotect =
- LIST_HEAD_INIT(security_hook_heads.file_mprotect),
- .file_lock = LIST_HEAD_INIT(security_hook_heads.file_lock),
- .file_fcntl = LIST_HEAD_INIT(security_hook_heads.file_fcntl),
- .file_set_fowner =
- LIST_HEAD_INIT(security_hook_heads.file_set_fowner),
- .file_send_sigiotask =
- LIST_HEAD_INIT(security_hook_heads.file_send_sigiotask),
- .file_receive = LIST_HEAD_INIT(security_hook_heads.file_receive),
- .file_open = LIST_HEAD_INIT(security_hook_heads.file_open),
- .task_create = LIST_HEAD_INIT(security_hook_heads.task_create),
- .task_free = LIST_HEAD_INIT(security_hook_heads.task_free),
- .cred_alloc_blank =
- LIST_HEAD_INIT(security_hook_heads.cred_alloc_blank),
- .cred_free = LIST_HEAD_INIT(security_hook_heads.cred_free),
- .cred_prepare = LIST_HEAD_INIT(security_hook_heads.cred_prepare),
- .cred_transfer =
- LIST_HEAD_INIT(security_hook_heads.cred_transfer),
- .kernel_act_as =
- LIST_HEAD_INIT(security_hook_heads.kernel_act_as),
- .kernel_create_files_as =
- LIST_HEAD_INIT(security_hook_heads.kernel_create_files_as),
- .kernel_module_request =
- LIST_HEAD_INIT(security_hook_heads.kernel_module_request),
- .kernel_read_file =
- LIST_HEAD_INIT(security_hook_heads.kernel_read_file),
- .kernel_post_read_file =
- LIST_HEAD_INIT(security_hook_heads.kernel_post_read_file),
- .task_fix_setuid =
- LIST_HEAD_INIT(security_hook_heads.task_fix_setuid),
- .task_setpgid = LIST_HEAD_INIT(security_hook_heads.task_setpgid),
- .task_getpgid = LIST_HEAD_INIT(security_hook_heads.task_getpgid),
- .task_getsid = LIST_HEAD_INIT(security_hook_heads.task_getsid),
- .task_getsecid =
- LIST_HEAD_INIT(security_hook_heads.task_getsecid),
- .task_setnice = LIST_HEAD_INIT(security_hook_heads.task_setnice),
- .task_setioprio =
- LIST_HEAD_INIT(security_hook_heads.task_setioprio),
- .task_getioprio =
- LIST_HEAD_INIT(security_hook_heads.task_getioprio),
- .task_setrlimit =
- LIST_HEAD_INIT(security_hook_heads.task_setrlimit),
- .task_setscheduler =
- LIST_HEAD_INIT(security_hook_heads.task_setscheduler),
- .task_getscheduler =
- LIST_HEAD_INIT(security_hook_heads.task_getscheduler),
- .task_movememory =
- LIST_HEAD_INIT(security_hook_heads.task_movememory),
- .task_kill = LIST_HEAD_INIT(security_hook_heads.task_kill),
- .task_prctl = LIST_HEAD_INIT(security_hook_heads.task_prctl),
- .task_to_inode =
- LIST_HEAD_INIT(security_hook_heads.task_to_inode),
- .ipc_permission =
- LIST_HEAD_INIT(security_hook_heads.ipc_permission),
- .ipc_getsecid = LIST_HEAD_INIT(security_hook_heads.ipc_getsecid),
- .msg_msg_alloc_security =
- LIST_HEAD_INIT(security_hook_heads.msg_msg_alloc_security),
- .msg_msg_free_security =
- LIST_HEAD_INIT(security_hook_heads.msg_msg_free_security),
- .msg_queue_alloc_security =
- LIST_HEAD_INIT(security_hook_heads.msg_queue_alloc_security),
- .msg_queue_free_security =
- LIST_HEAD_INIT(security_hook_heads.msg_queue_free_security),
- .msg_queue_associate =
- LIST_HEAD_INIT(security_hook_heads.msg_queue_associate),
- .msg_queue_msgctl =
- LIST_HEAD_INIT(security_hook_heads.msg_queue_msgctl),
- .msg_queue_msgsnd =
- LIST_HEAD_INIT(security_hook_heads.msg_queue_msgsnd),
- .msg_queue_msgrcv =
- LIST_HEAD_INIT(security_hook_heads.msg_queue_msgrcv),
- .shm_alloc_security =
- LIST_HEAD_INIT(security_hook_heads.shm_alloc_security),
- .shm_free_security =
- LIST_HEAD_INIT(security_hook_heads.shm_free_security),
- .shm_associate =
- LIST_HEAD_INIT(security_hook_heads.shm_associate),
- .shm_shmctl = LIST_HEAD_INIT(security_hook_heads.shm_shmctl),
- .shm_shmat = LIST_HEAD_INIT(security_hook_heads.shm_shmat),
- .sem_alloc_security =
- LIST_HEAD_INIT(security_hook_heads.sem_alloc_security),
- .sem_free_security =
- LIST_HEAD_INIT(security_hook_heads.sem_free_security),
- .sem_associate =
- LIST_HEAD_INIT(security_hook_heads.sem_associate),
- .sem_semctl = LIST_HEAD_INIT(security_hook_heads.sem_semctl),
- .sem_semop = LIST_HEAD_INIT(security_hook_heads.sem_semop),
- .netlink_send = LIST_HEAD_INIT(security_hook_heads.netlink_send),
- .d_instantiate =
- LIST_HEAD_INIT(security_hook_heads.d_instantiate),
- .getprocattr = LIST_HEAD_INIT(security_hook_heads.getprocattr),
- .setprocattr = LIST_HEAD_INIT(security_hook_heads.setprocattr),
- .ismaclabel = LIST_HEAD_INIT(security_hook_heads.ismaclabel),
- .secid_to_secctx =
- LIST_HEAD_INIT(security_hook_heads.secid_to_secctx),
- .secctx_to_secid =
- LIST_HEAD_INIT(security_hook_heads.secctx_to_secid),
- .release_secctx =
- LIST_HEAD_INIT(security_hook_heads.release_secctx),
- .inode_invalidate_secctx =
- LIST_HEAD_INIT(security_hook_heads.inode_invalidate_secctx),
- .inode_notifysecctx =
- LIST_HEAD_INIT(security_hook_heads.inode_notifysecctx),
- .inode_setsecctx =
- LIST_HEAD_INIT(security_hook_heads.inode_setsecctx),
- .inode_getsecctx =
- LIST_HEAD_INIT(security_hook_heads.inode_getsecctx),
-#ifdef CONFIG_SECURITY_NETWORK
- .unix_stream_connect =
- LIST_HEAD_INIT(security_hook_heads.unix_stream_connect),
- .unix_may_send =
- LIST_HEAD_INIT(security_hook_heads.unix_may_send),
- .socket_create =
- LIST_HEAD_INIT(security_hook_heads.socket_create),
- .socket_post_create =
- LIST_HEAD_INIT(security_hook_heads.socket_post_create),
- .socket_bind = LIST_HEAD_INIT(security_hook_heads.socket_bind),
- .socket_connect =
- LIST_HEAD_INIT(security_hook_heads.socket_connect),
- .socket_listen =
- LIST_HEAD_INIT(security_hook_heads.socket_listen),
- .socket_accept =
- LIST_HEAD_INIT(security_hook_heads.socket_accept),
- .socket_sendmsg =
- LIST_HEAD_INIT(security_hook_heads.socket_sendmsg),
- .socket_recvmsg =
- LIST_HEAD_INIT(security_hook_heads.socket_recvmsg),
- .socket_getsockname =
- LIST_HEAD_INIT(security_hook_heads.socket_getsockname),
- .socket_getpeername =
- LIST_HEAD_INIT(security_hook_heads.socket_getpeername),
- .socket_getsockopt =
- LIST_HEAD_INIT(security_hook_heads.socket_getsockopt),
- .socket_setsockopt =
- LIST_HEAD_INIT(security_hook_heads.socket_setsockopt),
- .socket_shutdown =
- LIST_HEAD_INIT(security_hook_heads.socket_shutdown),
- .socket_sock_rcv_skb =
- LIST_HEAD_INIT(security_hook_heads.socket_sock_rcv_skb),
- .socket_getpeersec_stream =
- LIST_HEAD_INIT(security_hook_heads.socket_getpeersec_stream),
- .socket_getpeersec_dgram =
- LIST_HEAD_INIT(security_hook_heads.socket_getpeersec_dgram),
- .sk_alloc_security =
- LIST_HEAD_INIT(security_hook_heads.sk_alloc_security),
- .sk_free_security =
- LIST_HEAD_INIT(security_hook_heads.sk_free_security),
- .sk_clone_security =
- LIST_HEAD_INIT(security_hook_heads.sk_clone_security),
- .sk_getsecid = LIST_HEAD_INIT(security_hook_heads.sk_getsecid),
- .sock_graft = LIST_HEAD_INIT(security_hook_heads.sock_graft),
- .inet_conn_request =
- LIST_HEAD_INIT(security_hook_heads.inet_conn_request),
- .inet_csk_clone =
- LIST_HEAD_INIT(security_hook_heads.inet_csk_clone),
- .inet_conn_established =
- LIST_HEAD_INIT(security_hook_heads.inet_conn_established),
- .secmark_relabel_packet =
- LIST_HEAD_INIT(security_hook_heads.secmark_relabel_packet),
- .secmark_refcount_inc =
- LIST_HEAD_INIT(security_hook_heads.secmark_refcount_inc),
- .secmark_refcount_dec =
- LIST_HEAD_INIT(security_hook_heads.secmark_refcount_dec),
- .req_classify_flow =
- LIST_HEAD_INIT(security_hook_heads.req_classify_flow),
- .tun_dev_alloc_security =
- LIST_HEAD_INIT(security_hook_heads.tun_dev_alloc_security),
- .tun_dev_free_security =
- LIST_HEAD_INIT(security_hook_heads.tun_dev_free_security),
- .tun_dev_create =
- LIST_HEAD_INIT(security_hook_heads.tun_dev_create),
- .tun_dev_attach_queue =
- LIST_HEAD_INIT(security_hook_heads.tun_dev_attach_queue),
- .tun_dev_attach =
- LIST_HEAD_INIT(security_hook_heads.tun_dev_attach),
- .tun_dev_open = LIST_HEAD_INIT(security_hook_heads.tun_dev_open),
-#endif /* CONFIG_SECURITY_NETWORK */
-#ifdef CONFIG_SECURITY_NETWORK_XFRM
- .xfrm_policy_alloc_security =
- LIST_HEAD_INIT(security_hook_heads.xfrm_policy_alloc_security),
- .xfrm_policy_clone_security =
- LIST_HEAD_INIT(security_hook_heads.xfrm_policy_clone_security),
- .xfrm_policy_free_security =
- LIST_HEAD_INIT(security_hook_heads.xfrm_policy_free_security),
- .xfrm_policy_delete_security =
- LIST_HEAD_INIT(security_hook_heads.xfrm_policy_delete_security),
- .xfrm_state_alloc =
- LIST_HEAD_INIT(security_hook_heads.xfrm_state_alloc),
- .xfrm_state_alloc_acquire =
- LIST_HEAD_INIT(security_hook_heads.xfrm_state_alloc_acquire),
- .xfrm_state_free_security =
- LIST_HEAD_INIT(security_hook_heads.xfrm_state_free_security),
- .xfrm_state_delete_security =
- LIST_HEAD_INIT(security_hook_heads.xfrm_state_delete_security),
- .xfrm_policy_lookup =
- LIST_HEAD_INIT(security_hook_heads.xfrm_policy_lookup),
- .xfrm_state_pol_flow_match =
- LIST_HEAD_INIT(security_hook_heads.xfrm_state_pol_flow_match),
- .xfrm_decode_session =
- LIST_HEAD_INIT(security_hook_heads.xfrm_decode_session),
-#endif /* CONFIG_SECURITY_NETWORK_XFRM */
-#ifdef CONFIG_KEYS
- .key_alloc = LIST_HEAD_INIT(security_hook_heads.key_alloc),
- .key_free = LIST_HEAD_INIT(security_hook_heads.key_free),
- .key_permission =
- LIST_HEAD_INIT(security_hook_heads.key_permission),
- .key_getsecurity =
- LIST_HEAD_INIT(security_hook_heads.key_getsecurity),
-#endif /* CONFIG_KEYS */
-#ifdef CONFIG_AUDIT
- .audit_rule_init =
- LIST_HEAD_INIT(security_hook_heads.audit_rule_init),
- .audit_rule_known =
- LIST_HEAD_INIT(security_hook_heads.audit_rule_known),
- .audit_rule_match =
- LIST_HEAD_INIT(security_hook_heads.audit_rule_match),
- .audit_rule_free =
- LIST_HEAD_INIT(security_hook_heads.audit_rule_free),
-#endif /* CONFIG_AUDIT */
-};