tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / include / linux / security.h
at v4.12-rc2 46 kB view raw
1/* 2 * Linux Security plug 3 * 4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> 5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com> 6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> 7 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au> 8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group) 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License as published by 12 * the Free Software Foundation; either version 2 of the License, or 13 * (at your option) any later version. 14 * 15 * Due to this file being licensed under the GPL there is controversy over 16 * whether this permits you to write a module that #includes this file 17 * without placing your module under the GPL. Please consult a lawyer for 18 * advice before doing this. 19 * 20 */ 21 22#ifndef __LINUX_SECURITY_H 23#define __LINUX_SECURITY_H 24 25#include <linux/key.h> 26#include <linux/capability.h> 27#include <linux/fs.h> 28#include <linux/slab.h> 29#include <linux/err.h> 30#include <linux/string.h> 31#include <linux/mm.h> 32#include <linux/fs.h> 33 34struct linux_binprm; 35struct cred; 36struct rlimit; 37struct siginfo; 38struct sem_array; 39struct sembuf; 40struct kern_ipc_perm; 41struct audit_context; 42struct super_block; 43struct inode; 44struct dentry; 45struct file; 46struct vfsmount; 47struct path; 48struct qstr; 49struct iattr; 50struct fown_struct; 51struct file_operations; 52struct shmid_kernel; 53struct msg_msg; 54struct msg_queue; 55struct xattr; 56struct xfrm_sec_ctx; 57struct mm_struct; 58 59/* If capable should audit the security request */ 60#define SECURITY_CAP_NOAUDIT 0 61#define SECURITY_CAP_AUDIT 1 62 63/* LSM Agnostic defines for sb_set_mnt_opts */ 64#define SECURITY_LSM_NATIVE_LABELS 1 65 66struct ctl_table; 67struct audit_krule; 68struct user_namespace; 69struct timezone; 70 71/* These functions are in security/commoncap.c */ 72extern int cap_capable(const struct cred *cred, struct user_namespace *ns, 73 int cap, int audit); 74extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz); 75extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); 76extern int cap_ptrace_traceme(struct task_struct *parent); 77extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); 78extern int cap_capset(struct cred *new, const struct cred *old, 79 const kernel_cap_t *effective, 80 const kernel_cap_t *inheritable, 81 const kernel_cap_t *permitted); 82extern int cap_bprm_set_creds(struct linux_binprm *bprm); 83extern int cap_bprm_secureexec(struct linux_binprm *bprm); 84extern int cap_inode_setxattr(struct dentry *dentry, const char *name, 85 const void *value, size_t size, int flags); 86extern int cap_inode_removexattr(struct dentry *dentry, const char *name); 87extern int cap_inode_need_killpriv(struct dentry *dentry); 88extern int cap_inode_killpriv(struct dentry *dentry); 89extern int cap_mmap_addr(unsigned long addr); 90extern int cap_mmap_file(struct file *file, unsigned long reqprot, 91 unsigned long prot, unsigned long flags); 92extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags); 93extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, 94 unsigned long arg4, unsigned long arg5); 95extern int cap_task_setscheduler(struct task_struct *p); 96extern int cap_task_setioprio(struct task_struct *p, int ioprio); 97extern int cap_task_setnice(struct task_struct *p, int nice); 98extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); 99 100struct msghdr; 101struct sk_buff; 102struct sock; 103struct sockaddr; 104struct socket; 105struct flowi; 106struct dst_entry; 107struct xfrm_selector; 108struct xfrm_policy; 109struct xfrm_state; 110struct xfrm_user_sec_ctx; 111struct seq_file; 112 113#ifdef CONFIG_MMU 114extern unsigned long mmap_min_addr; 115extern unsigned long dac_mmap_min_addr; 116#else 117#define mmap_min_addr 0UL 118#define dac_mmap_min_addr 0UL 119#endif 120 121/* 122 * Values used in the task_security_ops calls 123 */ 124/* setuid or setgid, id0 == uid or gid */ 125#define LSM_SETID_ID 1 126 127/* setreuid or setregid, id0 == real, id1 == eff */ 128#define LSM_SETID_RE 2 129 130/* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */ 131#define LSM_SETID_RES 4 132 133/* setfsuid or setfsgid, id0 == fsuid or fsgid */ 134#define LSM_SETID_FS 8 135 136/* Flags for security_task_prlimit(). */ 137#define LSM_PRLIMIT_READ 1 138#define LSM_PRLIMIT_WRITE 2 139 140/* forward declares to avoid warnings */ 141struct sched_param; 142struct request_sock; 143 144/* bprm->unsafe reasons */ 145#define LSM_UNSAFE_SHARE 1 146#define LSM_UNSAFE_PTRACE 2 147#define LSM_UNSAFE_NO_NEW_PRIVS 4 148 149#ifdef CONFIG_MMU 150extern int mmap_min_addr_handler(struct ctl_table *table, int write, 151 void __user *buffer, size_t *lenp, loff_t *ppos); 152#endif 153 154/* security_inode_init_security callback function to write xattrs */ 155typedef int (*initxattrs) (struct inode *inode, 156 const struct xattr *xattr_array, void *fs_data); 157 158#ifdef CONFIG_SECURITY 159 160struct security_mnt_opts { 161 char **mnt_opts; 162 int *mnt_opts_flags; 163 int num_mnt_opts; 164}; 165 166static inline void security_init_mnt_opts(struct security_mnt_opts *opts) 167{ 168 opts->mnt_opts = NULL; 169 opts->mnt_opts_flags = NULL; 170 opts->num_mnt_opts = 0; 171} 172 173static inline void security_free_mnt_opts(struct security_mnt_opts *opts) 174{ 175 int i; 176 if (opts->mnt_opts) 177 for (i = 0; i < opts->num_mnt_opts; i++) 178 kfree(opts->mnt_opts[i]); 179 kfree(opts->mnt_opts); 180 opts->mnt_opts = NULL; 181 kfree(opts->mnt_opts_flags); 182 opts->mnt_opts_flags = NULL; 183 opts->num_mnt_opts = 0; 184} 185 186/* prototypes */ 187extern int security_init(void); 188 189/* Security operations */ 190int security_binder_set_context_mgr(struct task_struct *mgr); 191int security_binder_transaction(struct task_struct *from, 192 struct task_struct *to); 193int security_binder_transfer_binder(struct task_struct *from, 194 struct task_struct *to); 195int security_binder_transfer_file(struct task_struct *from, 196 struct task_struct *to, struct file *file); 197int security_ptrace_access_check(struct task_struct *child, unsigned int mode); 198int security_ptrace_traceme(struct task_struct *parent); 199int security_capget(struct task_struct *target, 200 kernel_cap_t *effective, 201 kernel_cap_t *inheritable, 202 kernel_cap_t *permitted); 203int security_capset(struct cred *new, const struct cred *old, 204 const kernel_cap_t *effective, 205 const kernel_cap_t *inheritable, 206 const kernel_cap_t *permitted); 207int security_capable(const struct cred *cred, struct user_namespace *ns, 208 int cap); 209int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns, 210 int cap); 211int security_quotactl(int cmds, int type, int id, struct super_block *sb); 212int security_quota_on(struct dentry *dentry); 213int security_syslog(int type); 214int security_settime64(const struct timespec64 *ts, const struct timezone *tz); 215static inline int security_settime(const struct timespec *ts, const struct timezone *tz) 216{ 217 struct timespec64 ts64 = timespec_to_timespec64(*ts); 218 219 return security_settime64(&ts64, tz); 220} 221int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); 222int security_bprm_set_creds(struct linux_binprm *bprm); 223int security_bprm_check(struct linux_binprm *bprm); 224void security_bprm_committing_creds(struct linux_binprm *bprm); 225void security_bprm_committed_creds(struct linux_binprm *bprm); 226int security_bprm_secureexec(struct linux_binprm *bprm); 227int security_sb_alloc(struct super_block *sb); 228void security_sb_free(struct super_block *sb); 229int security_sb_copy_data(char *orig, char *copy); 230int security_sb_remount(struct super_block *sb, void *data); 231int security_sb_kern_mount(struct super_block *sb, int flags, void *data); 232int security_sb_show_options(struct seq_file *m, struct super_block *sb); 233int security_sb_statfs(struct dentry *dentry); 234int security_sb_mount(const char *dev_name, const struct path *path, 235 const char *type, unsigned long flags, void *data); 236int security_sb_umount(struct vfsmount *mnt, int flags); 237int security_sb_pivotroot(const struct path *old_path, const struct path *new_path); 238int security_sb_set_mnt_opts(struct super_block *sb, 239 struct security_mnt_opts *opts, 240 unsigned long kern_flags, 241 unsigned long *set_kern_flags); 242int security_sb_clone_mnt_opts(const struct super_block *oldsb, 243 struct super_block *newsb); 244int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts); 245int security_dentry_init_security(struct dentry *dentry, int mode, 246 const struct qstr *name, void **ctx, 247 u32 *ctxlen); 248int security_dentry_create_files_as(struct dentry *dentry, int mode, 249 struct qstr *name, 250 const struct cred *old, 251 struct cred *new); 252 253int security_inode_alloc(struct inode *inode); 254void security_inode_free(struct inode *inode); 255int security_inode_init_security(struct inode *inode, struct inode *dir, 256 const struct qstr *qstr, 257 initxattrs initxattrs, void *fs_data); 258int security_old_inode_init_security(struct inode *inode, struct inode *dir, 259 const struct qstr *qstr, const char **name, 260 void **value, size_t *len); 261int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode); 262int security_inode_link(struct dentry *old_dentry, struct inode *dir, 263 struct dentry *new_dentry); 264int security_inode_unlink(struct inode *dir, struct dentry *dentry); 265int security_inode_symlink(struct inode *dir, struct dentry *dentry, 266 const char *old_name); 267int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode); 268int security_inode_rmdir(struct inode *dir, struct dentry *dentry); 269int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev); 270int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, 271 struct inode *new_dir, struct dentry *new_dentry, 272 unsigned int flags); 273int security_inode_readlink(struct dentry *dentry); 274int security_inode_follow_link(struct dentry *dentry, struct inode *inode, 275 bool rcu); 276int security_inode_permission(struct inode *inode, int mask); 277int security_inode_setattr(struct dentry *dentry, struct iattr *attr); 278int security_inode_getattr(const struct path *path); 279int security_inode_setxattr(struct dentry *dentry, const char *name, 280 const void *value, size_t size, int flags); 281void security_inode_post_setxattr(struct dentry *dentry, const char *name, 282 const void *value, size_t size, int flags); 283int security_inode_getxattr(struct dentry *dentry, const char *name); 284int security_inode_listxattr(struct dentry *dentry); 285int security_inode_removexattr(struct dentry *dentry, const char *name); 286int security_inode_need_killpriv(struct dentry *dentry); 287int security_inode_killpriv(struct dentry *dentry); 288int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc); 289int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); 290int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); 291void security_inode_getsecid(struct inode *inode, u32 *secid); 292int security_inode_copy_up(struct dentry *src, struct cred **new); 293int security_inode_copy_up_xattr(const char *name); 294int security_file_permission(struct file *file, int mask); 295int security_file_alloc(struct file *file); 296void security_file_free(struct file *file); 297int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 298int security_mmap_file(struct file *file, unsigned long prot, 299 unsigned long flags); 300int security_mmap_addr(unsigned long addr); 301int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, 302 unsigned long prot); 303int security_file_lock(struct file *file, unsigned int cmd); 304int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg); 305void security_file_set_fowner(struct file *file); 306int security_file_send_sigiotask(struct task_struct *tsk, 307 struct fown_struct *fown, int sig); 308int security_file_receive(struct file *file); 309int security_file_open(struct file *file, const struct cred *cred); 310int security_task_create(unsigned long clone_flags); 311int security_task_alloc(struct task_struct *task, unsigned long clone_flags); 312void security_task_free(struct task_struct *task); 313int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); 314void security_cred_free(struct cred *cred); 315int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); 316void security_transfer_creds(struct cred *new, const struct cred *old); 317int security_kernel_act_as(struct cred *new, u32 secid); 318int security_kernel_create_files_as(struct cred *new, struct inode *inode); 319int security_kernel_module_request(char *kmod_name); 320int security_kernel_read_file(struct file *file, enum kernel_read_file_id id); 321int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, 322 enum kernel_read_file_id id); 323int security_task_fix_setuid(struct cred *new, const struct cred *old, 324 int flags); 325int security_task_setpgid(struct task_struct *p, pid_t pgid); 326int security_task_getpgid(struct task_struct *p); 327int security_task_getsid(struct task_struct *p); 328void security_task_getsecid(struct task_struct *p, u32 *secid); 329int security_task_setnice(struct task_struct *p, int nice); 330int security_task_setioprio(struct task_struct *p, int ioprio); 331int security_task_getioprio(struct task_struct *p); 332int security_task_prlimit(const struct cred *cred, const struct cred *tcred, 333 unsigned int flags); 334int security_task_setrlimit(struct task_struct *p, unsigned int resource, 335 struct rlimit *new_rlim); 336int security_task_setscheduler(struct task_struct *p); 337int security_task_getscheduler(struct task_struct *p); 338int security_task_movememory(struct task_struct *p); 339int security_task_kill(struct task_struct *p, struct siginfo *info, 340 int sig, u32 secid); 341int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, 342 unsigned long arg4, unsigned long arg5); 343void security_task_to_inode(struct task_struct *p, struct inode *inode); 344int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); 345void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); 346int security_msg_msg_alloc(struct msg_msg *msg); 347void security_msg_msg_free(struct msg_msg *msg); 348int security_msg_queue_alloc(struct msg_queue *msq); 349void security_msg_queue_free(struct msg_queue *msq); 350int security_msg_queue_associate(struct msg_queue *msq, int msqflg); 351int security_msg_queue_msgctl(struct msg_queue *msq, int cmd); 352int security_msg_queue_msgsnd(struct msg_queue *msq, 353 struct msg_msg *msg, int msqflg); 354int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, 355 struct task_struct *target, long type, int mode); 356int security_shm_alloc(struct shmid_kernel *shp); 357void security_shm_free(struct shmid_kernel *shp); 358int security_shm_associate(struct shmid_kernel *shp, int shmflg); 359int security_shm_shmctl(struct shmid_kernel *shp, int cmd); 360int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg); 361int security_sem_alloc(struct sem_array *sma); 362void security_sem_free(struct sem_array *sma); 363int security_sem_associate(struct sem_array *sma, int semflg); 364int security_sem_semctl(struct sem_array *sma, int cmd); 365int security_sem_semop(struct sem_array *sma, struct sembuf *sops, 366 unsigned nsops, int alter); 367void security_d_instantiate(struct dentry *dentry, struct inode *inode); 368int security_getprocattr(struct task_struct *p, char *name, char **value); 369int security_setprocattr(const char *name, void *value, size_t size); 370int security_netlink_send(struct sock *sk, struct sk_buff *skb); 371int security_ismaclabel(const char *name); 372int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); 373int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); 374void security_release_secctx(char *secdata, u32 seclen); 375 376void security_inode_invalidate_secctx(struct inode *inode); 377int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); 378int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); 379int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); 380#else /* CONFIG_SECURITY */ 381struct security_mnt_opts { 382}; 383 384static inline void security_init_mnt_opts(struct security_mnt_opts *opts) 385{ 386} 387 388static inline void security_free_mnt_opts(struct security_mnt_opts *opts) 389{ 390} 391 392/* 393 * This is the default capabilities functionality. Most of these functions 394 * are just stubbed out, but a few must call the proper capable code. 395 */ 396 397static inline int security_init(void) 398{ 399 return 0; 400} 401 402static inline int security_binder_set_context_mgr(struct task_struct *mgr) 403{ 404 return 0; 405} 406 407static inline int security_binder_transaction(struct task_struct *from, 408 struct task_struct *to) 409{ 410 return 0; 411} 412 413static inline int security_binder_transfer_binder(struct task_struct *from, 414 struct task_struct *to) 415{ 416 return 0; 417} 418 419static inline int security_binder_transfer_file(struct task_struct *from, 420 struct task_struct *to, 421 struct file *file) 422{ 423 return 0; 424} 425 426static inline int security_ptrace_access_check(struct task_struct *child, 427 unsigned int mode) 428{ 429 return cap_ptrace_access_check(child, mode); 430} 431 432static inline int security_ptrace_traceme(struct task_struct *parent) 433{ 434 return cap_ptrace_traceme(parent); 435} 436 437static inline int security_capget(struct task_struct *target, 438 kernel_cap_t *effective, 439 kernel_cap_t *inheritable, 440 kernel_cap_t *permitted) 441{ 442 return cap_capget(target, effective, inheritable, permitted); 443} 444 445static inline int security_capset(struct cred *new, 446 const struct cred *old, 447 const kernel_cap_t *effective, 448 const kernel_cap_t *inheritable, 449 const kernel_cap_t *permitted) 450{ 451 return cap_capset(new, old, effective, inheritable, permitted); 452} 453 454static inline int security_capable(const struct cred *cred, 455 struct user_namespace *ns, int cap) 456{ 457 return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT); 458} 459 460static inline int security_capable_noaudit(const struct cred *cred, 461 struct user_namespace *ns, int cap) { 462 return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT); 463} 464 465static inline int security_quotactl(int cmds, int type, int id, 466 struct super_block *sb) 467{ 468 return 0; 469} 470 471static inline int security_quota_on(struct dentry *dentry) 472{ 473 return 0; 474} 475 476static inline int security_syslog(int type) 477{ 478 return 0; 479} 480 481static inline int security_settime64(const struct timespec64 *ts, 482 const struct timezone *tz) 483{ 484 return cap_settime(ts, tz); 485} 486 487static inline int security_settime(const struct timespec *ts, 488 const struct timezone *tz) 489{ 490 struct timespec64 ts64 = timespec_to_timespec64(*ts); 491 492 return cap_settime(&ts64, tz); 493} 494 495static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) 496{ 497 return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages)); 498} 499 500static inline int security_bprm_set_creds(struct linux_binprm *bprm) 501{ 502 return cap_bprm_set_creds(bprm); 503} 504 505static inline int security_bprm_check(struct linux_binprm *bprm) 506{ 507 return 0; 508} 509 510static inline void security_bprm_committing_creds(struct linux_binprm *bprm) 511{ 512} 513 514static inline void security_bprm_committed_creds(struct linux_binprm *bprm) 515{ 516} 517 518static inline int security_bprm_secureexec(struct linux_binprm *bprm) 519{ 520 return cap_bprm_secureexec(bprm); 521} 522 523static inline int security_sb_alloc(struct super_block *sb) 524{ 525 return 0; 526} 527 528static inline void security_sb_free(struct super_block *sb) 529{ } 530 531static inline int security_sb_copy_data(char *orig, char *copy) 532{ 533 return 0; 534} 535 536static inline int security_sb_remount(struct super_block *sb, void *data) 537{ 538 return 0; 539} 540 541static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data) 542{ 543 return 0; 544} 545 546static inline int security_sb_show_options(struct seq_file *m, 547 struct super_block *sb) 548{ 549 return 0; 550} 551 552static inline int security_sb_statfs(struct dentry *dentry) 553{ 554 return 0; 555} 556 557static inline int security_sb_mount(const char *dev_name, const struct path *path, 558 const char *type, unsigned long flags, 559 void *data) 560{ 561 return 0; 562} 563 564static inline int security_sb_umount(struct vfsmount *mnt, int flags) 565{ 566 return 0; 567} 568 569static inline int security_sb_pivotroot(const struct path *old_path, 570 const struct path *new_path) 571{ 572 return 0; 573} 574 575static inline int security_sb_set_mnt_opts(struct super_block *sb, 576 struct security_mnt_opts *opts, 577 unsigned long kern_flags, 578 unsigned long *set_kern_flags) 579{ 580 return 0; 581} 582 583static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb, 584 struct super_block *newsb) 585{ 586 return 0; 587} 588 589static inline int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts) 590{ 591 return 0; 592} 593 594static inline int security_inode_alloc(struct inode *inode) 595{ 596 return 0; 597} 598 599static inline void security_inode_free(struct inode *inode) 600{ } 601 602static inline int security_dentry_init_security(struct dentry *dentry, 603 int mode, 604 const struct qstr *name, 605 void **ctx, 606 u32 *ctxlen) 607{ 608 return -EOPNOTSUPP; 609} 610 611static inline int security_dentry_create_files_as(struct dentry *dentry, 612 int mode, struct qstr *name, 613 const struct cred *old, 614 struct cred *new) 615{ 616 return 0; 617} 618 619 620static inline int security_inode_init_security(struct inode *inode, 621 struct inode *dir, 622 const struct qstr *qstr, 623 const initxattrs xattrs, 624 void *fs_data) 625{ 626 return 0; 627} 628 629static inline int security_old_inode_init_security(struct inode *inode, 630 struct inode *dir, 631 const struct qstr *qstr, 632 const char **name, 633 void **value, size_t *len) 634{ 635 return -EOPNOTSUPP; 636} 637 638static inline int security_inode_create(struct inode *dir, 639 struct dentry *dentry, 640 umode_t mode) 641{ 642 return 0; 643} 644 645static inline int security_inode_link(struct dentry *old_dentry, 646 struct inode *dir, 647 struct dentry *new_dentry) 648{ 649 return 0; 650} 651 652static inline int security_inode_unlink(struct inode *dir, 653 struct dentry *dentry) 654{ 655 return 0; 656} 657 658static inline int security_inode_symlink(struct inode *dir, 659 struct dentry *dentry, 660 const char *old_name) 661{ 662 return 0; 663} 664 665static inline int security_inode_mkdir(struct inode *dir, 666 struct dentry *dentry, 667 int mode) 668{ 669 return 0; 670} 671 672static inline int security_inode_rmdir(struct inode *dir, 673 struct dentry *dentry) 674{ 675 return 0; 676} 677 678static inline int security_inode_mknod(struct inode *dir, 679 struct dentry *dentry, 680 int mode, dev_t dev) 681{ 682 return 0; 683} 684 685static inline int security_inode_rename(struct inode *old_dir, 686 struct dentry *old_dentry, 687 struct inode *new_dir, 688 struct dentry *new_dentry, 689 unsigned int flags) 690{ 691 return 0; 692} 693 694static inline int security_inode_readlink(struct dentry *dentry) 695{ 696 return 0; 697} 698 699static inline int security_inode_follow_link(struct dentry *dentry, 700 struct inode *inode, 701 bool rcu) 702{ 703 return 0; 704} 705 706static inline int security_inode_permission(struct inode *inode, int mask) 707{ 708 return 0; 709} 710 711static inline int security_inode_setattr(struct dentry *dentry, 712 struct iattr *attr) 713{ 714 return 0; 715} 716 717static inline int security_inode_getattr(const struct path *path) 718{ 719 return 0; 720} 721 722static inline int security_inode_setxattr(struct dentry *dentry, 723 const char *name, const void *value, size_t size, int flags) 724{ 725 return cap_inode_setxattr(dentry, name, value, size, flags); 726} 727 728static inline void security_inode_post_setxattr(struct dentry *dentry, 729 const char *name, const void *value, size_t size, int flags) 730{ } 731 732static inline int security_inode_getxattr(struct dentry *dentry, 733 const char *name) 734{ 735 return 0; 736} 737 738static inline int security_inode_listxattr(struct dentry *dentry) 739{ 740 return 0; 741} 742 743static inline int security_inode_removexattr(struct dentry *dentry, 744 const char *name) 745{ 746 return cap_inode_removexattr(dentry, name); 747} 748 749static inline int security_inode_need_killpriv(struct dentry *dentry) 750{ 751 return cap_inode_need_killpriv(dentry); 752} 753 754static inline int security_inode_killpriv(struct dentry *dentry) 755{ 756 return cap_inode_killpriv(dentry); 757} 758 759static inline int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc) 760{ 761 return -EOPNOTSUPP; 762} 763 764static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) 765{ 766 return -EOPNOTSUPP; 767} 768 769static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) 770{ 771 return 0; 772} 773 774static inline void security_inode_getsecid(struct inode *inode, u32 *secid) 775{ 776 *secid = 0; 777} 778 779static inline int security_inode_copy_up(struct dentry *src, struct cred **new) 780{ 781 return 0; 782} 783 784static inline int security_inode_copy_up_xattr(const char *name) 785{ 786 return -EOPNOTSUPP; 787} 788 789static inline int security_file_permission(struct file *file, int mask) 790{ 791 return 0; 792} 793 794static inline int security_file_alloc(struct file *file) 795{ 796 return 0; 797} 798 799static inline void security_file_free(struct file *file) 800{ } 801 802static inline int security_file_ioctl(struct file *file, unsigned int cmd, 803 unsigned long arg) 804{ 805 return 0; 806} 807 808static inline int security_mmap_file(struct file *file, unsigned long prot, 809 unsigned long flags) 810{ 811 return 0; 812} 813 814static inline int security_mmap_addr(unsigned long addr) 815{ 816 return cap_mmap_addr(addr); 817} 818 819static inline int security_file_mprotect(struct vm_area_struct *vma, 820 unsigned long reqprot, 821 unsigned long prot) 822{ 823 return 0; 824} 825 826static inline int security_file_lock(struct file *file, unsigned int cmd) 827{ 828 return 0; 829} 830 831static inline int security_file_fcntl(struct file *file, unsigned int cmd, 832 unsigned long arg) 833{ 834 return 0; 835} 836 837static inline void security_file_set_fowner(struct file *file) 838{ 839 return; 840} 841 842static inline int security_file_send_sigiotask(struct task_struct *tsk, 843 struct fown_struct *fown, 844 int sig) 845{ 846 return 0; 847} 848 849static inline int security_file_receive(struct file *file) 850{ 851 return 0; 852} 853 854static inline int security_file_open(struct file *file, 855 const struct cred *cred) 856{ 857 return 0; 858} 859 860static inline int security_task_create(unsigned long clone_flags) 861{ 862 return 0; 863} 864 865static inline int security_task_alloc(struct task_struct *task, 866 unsigned long clone_flags) 867{ 868 return 0; 869} 870 871static inline void security_task_free(struct task_struct *task) 872{ } 873 874static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) 875{ 876 return 0; 877} 878 879static inline void security_cred_free(struct cred *cred) 880{ } 881 882static inline int security_prepare_creds(struct cred *new, 883 const struct cred *old, 884 gfp_t gfp) 885{ 886 return 0; 887} 888 889static inline void security_transfer_creds(struct cred *new, 890 const struct cred *old) 891{ 892} 893 894static inline int security_kernel_act_as(struct cred *cred, u32 secid) 895{ 896 return 0; 897} 898 899static inline int security_kernel_create_files_as(struct cred *cred, 900 struct inode *inode) 901{ 902 return 0; 903} 904 905static inline int security_kernel_module_request(char *kmod_name) 906{ 907 return 0; 908} 909 910static inline int security_kernel_read_file(struct file *file, 911 enum kernel_read_file_id id) 912{ 913 return 0; 914} 915 916static inline int security_kernel_post_read_file(struct file *file, 917 char *buf, loff_t size, 918 enum kernel_read_file_id id) 919{ 920 return 0; 921} 922 923static inline int security_task_fix_setuid(struct cred *new, 924 const struct cred *old, 925 int flags) 926{ 927 return cap_task_fix_setuid(new, old, flags); 928} 929 930static inline int security_task_setpgid(struct task_struct *p, pid_t pgid) 931{ 932 return 0; 933} 934 935static inline int security_task_getpgid(struct task_struct *p) 936{ 937 return 0; 938} 939 940static inline int security_task_getsid(struct task_struct *p) 941{ 942 return 0; 943} 944 945static inline void security_task_getsecid(struct task_struct *p, u32 *secid) 946{ 947 *secid = 0; 948} 949 950static inline int security_task_setnice(struct task_struct *p, int nice) 951{ 952 return cap_task_setnice(p, nice); 953} 954 955static inline int security_task_setioprio(struct task_struct *p, int ioprio) 956{ 957 return cap_task_setioprio(p, ioprio); 958} 959 960static inline int security_task_getioprio(struct task_struct *p) 961{ 962 return 0; 963} 964 965static inline int security_task_prlimit(const struct cred *cred, 966 const struct cred *tcred, 967 unsigned int flags) 968{ 969 return 0; 970} 971 972static inline int security_task_setrlimit(struct task_struct *p, 973 unsigned int resource, 974 struct rlimit *new_rlim) 975{ 976 return 0; 977} 978 979static inline int security_task_setscheduler(struct task_struct *p) 980{ 981 return cap_task_setscheduler(p); 982} 983 984static inline int security_task_getscheduler(struct task_struct *p) 985{ 986 return 0; 987} 988 989static inline int security_task_movememory(struct task_struct *p) 990{ 991 return 0; 992} 993 994static inline int security_task_kill(struct task_struct *p, 995 struct siginfo *info, int sig, 996 u32 secid) 997{ 998 return 0; 999} 1000 1001static inline int security_task_prctl(int option, unsigned long arg2, 1002 unsigned long arg3, 1003 unsigned long arg4, 1004 unsigned long arg5) 1005{ 1006 return cap_task_prctl(option, arg2, arg3, arg4, arg5); 1007} 1008 1009static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) 1010{ } 1011 1012static inline int security_ipc_permission(struct kern_ipc_perm *ipcp, 1013 short flag) 1014{ 1015 return 0; 1016} 1017 1018static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) 1019{ 1020 *secid = 0; 1021} 1022 1023static inline int security_msg_msg_alloc(struct msg_msg *msg) 1024{ 1025 return 0; 1026} 1027 1028static inline void security_msg_msg_free(struct msg_msg *msg) 1029{ } 1030 1031static inline int security_msg_queue_alloc(struct msg_queue *msq) 1032{ 1033 return 0; 1034} 1035 1036static inline void security_msg_queue_free(struct msg_queue *msq) 1037{ } 1038 1039static inline int security_msg_queue_associate(struct msg_queue *msq, 1040 int msqflg) 1041{ 1042 return 0; 1043} 1044 1045static inline int security_msg_queue_msgctl(struct msg_queue *msq, int cmd) 1046{ 1047 return 0; 1048} 1049 1050static inline int security_msg_queue_msgsnd(struct msg_queue *msq, 1051 struct msg_msg *msg, int msqflg) 1052{ 1053 return 0; 1054} 1055 1056static inline int security_msg_queue_msgrcv(struct msg_queue *msq, 1057 struct msg_msg *msg, 1058 struct task_struct *target, 1059 long type, int mode) 1060{ 1061 return 0; 1062} 1063 1064static inline int security_shm_alloc(struct shmid_kernel *shp) 1065{ 1066 return 0; 1067} 1068 1069static inline void security_shm_free(struct shmid_kernel *shp) 1070{ } 1071 1072static inline int security_shm_associate(struct shmid_kernel *shp, 1073 int shmflg) 1074{ 1075 return 0; 1076} 1077 1078static inline int security_shm_shmctl(struct shmid_kernel *shp, int cmd) 1079{ 1080 return 0; 1081} 1082 1083static inline int security_shm_shmat(struct shmid_kernel *shp, 1084 char __user *shmaddr, int shmflg) 1085{ 1086 return 0; 1087} 1088 1089static inline int security_sem_alloc(struct sem_array *sma) 1090{ 1091 return 0; 1092} 1093 1094static inline void security_sem_free(struct sem_array *sma) 1095{ } 1096 1097static inline int security_sem_associate(struct sem_array *sma, int semflg) 1098{ 1099 return 0; 1100} 1101 1102static inline int security_sem_semctl(struct sem_array *sma, int cmd) 1103{ 1104 return 0; 1105} 1106 1107static inline int security_sem_semop(struct sem_array *sma, 1108 struct sembuf *sops, unsigned nsops, 1109 int alter) 1110{ 1111 return 0; 1112} 1113 1114static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode) 1115{ } 1116 1117static inline int security_getprocattr(struct task_struct *p, char *name, char **value) 1118{ 1119 return -EINVAL; 1120} 1121 1122static inline int security_setprocattr(char *name, void *value, size_t size) 1123{ 1124 return -EINVAL; 1125} 1126 1127static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb) 1128{ 1129 return 0; 1130} 1131 1132static inline int security_ismaclabel(const char *name) 1133{ 1134 return 0; 1135} 1136 1137static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 1138{ 1139 return -EOPNOTSUPP; 1140} 1141 1142static inline int security_secctx_to_secid(const char *secdata, 1143 u32 seclen, 1144 u32 *secid) 1145{ 1146 return -EOPNOTSUPP; 1147} 1148 1149static inline void security_release_secctx(char *secdata, u32 seclen) 1150{ 1151} 1152 1153static inline void security_inode_invalidate_secctx(struct inode *inode) 1154{ 1155} 1156 1157static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 1158{ 1159 return -EOPNOTSUPP; 1160} 1161static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 1162{ 1163 return -EOPNOTSUPP; 1164} 1165static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 1166{ 1167 return -EOPNOTSUPP; 1168} 1169#endif /* CONFIG_SECURITY */ 1170 1171#ifdef CONFIG_SECURITY_NETWORK 1172 1173int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk); 1174int security_unix_may_send(struct socket *sock, struct socket *other); 1175int security_socket_create(int family, int type, int protocol, int kern); 1176int security_socket_post_create(struct socket *sock, int family, 1177 int type, int protocol, int kern); 1178int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen); 1179int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen); 1180int security_socket_listen(struct socket *sock, int backlog); 1181int security_socket_accept(struct socket *sock, struct socket *newsock); 1182int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size); 1183int security_socket_recvmsg(struct socket *sock, struct msghdr *msg, 1184 int size, int flags); 1185int security_socket_getsockname(struct socket *sock); 1186int security_socket_getpeername(struct socket *sock); 1187int security_socket_getsockopt(struct socket *sock, int level, int optname); 1188int security_socket_setsockopt(struct socket *sock, int level, int optname); 1189int security_socket_shutdown(struct socket *sock, int how); 1190int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb); 1191int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, 1192 int __user *optlen, unsigned len); 1193int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid); 1194int security_sk_alloc(struct sock *sk, int family, gfp_t priority); 1195void security_sk_free(struct sock *sk); 1196void security_sk_clone(const struct sock *sk, struct sock *newsk); 1197void security_sk_classify_flow(struct sock *sk, struct flowi *fl); 1198void security_req_classify_flow(const struct request_sock *req, struct flowi *fl); 1199void security_sock_graft(struct sock*sk, struct socket *parent); 1200int security_inet_conn_request(struct sock *sk, 1201 struct sk_buff *skb, struct request_sock *req); 1202void security_inet_csk_clone(struct sock *newsk, 1203 const struct request_sock *req); 1204void security_inet_conn_established(struct sock *sk, 1205 struct sk_buff *skb); 1206int security_secmark_relabel_packet(u32 secid); 1207void security_secmark_refcount_inc(void); 1208void security_secmark_refcount_dec(void); 1209int security_tun_dev_alloc_security(void **security); 1210void security_tun_dev_free_security(void *security); 1211int security_tun_dev_create(void); 1212int security_tun_dev_attach_queue(void *security); 1213int security_tun_dev_attach(struct sock *sk, void *security); 1214int security_tun_dev_open(void *security); 1215 1216#else /* CONFIG_SECURITY_NETWORK */ 1217static inline int security_unix_stream_connect(struct sock *sock, 1218 struct sock *other, 1219 struct sock *newsk) 1220{ 1221 return 0; 1222} 1223 1224static inline int security_unix_may_send(struct socket *sock, 1225 struct socket *other) 1226{ 1227 return 0; 1228} 1229 1230static inline int security_socket_create(int family, int type, 1231 int protocol, int kern) 1232{ 1233 return 0; 1234} 1235 1236static inline int security_socket_post_create(struct socket *sock, 1237 int family, 1238 int type, 1239 int protocol, int kern) 1240{ 1241 return 0; 1242} 1243 1244static inline int security_socket_bind(struct socket *sock, 1245 struct sockaddr *address, 1246 int addrlen) 1247{ 1248 return 0; 1249} 1250 1251static inline int security_socket_connect(struct socket *sock, 1252 struct sockaddr *address, 1253 int addrlen) 1254{ 1255 return 0; 1256} 1257 1258static inline int security_socket_listen(struct socket *sock, int backlog) 1259{ 1260 return 0; 1261} 1262 1263static inline int security_socket_accept(struct socket *sock, 1264 struct socket *newsock) 1265{ 1266 return 0; 1267} 1268 1269static inline int security_socket_sendmsg(struct socket *sock, 1270 struct msghdr *msg, int size) 1271{ 1272 return 0; 1273} 1274 1275static inline int security_socket_recvmsg(struct socket *sock, 1276 struct msghdr *msg, int size, 1277 int flags) 1278{ 1279 return 0; 1280} 1281 1282static inline int security_socket_getsockname(struct socket *sock) 1283{ 1284 return 0; 1285} 1286 1287static inline int security_socket_getpeername(struct socket *sock) 1288{ 1289 return 0; 1290} 1291 1292static inline int security_socket_getsockopt(struct socket *sock, 1293 int level, int optname) 1294{ 1295 return 0; 1296} 1297 1298static inline int security_socket_setsockopt(struct socket *sock, 1299 int level, int optname) 1300{ 1301 return 0; 1302} 1303 1304static inline int security_socket_shutdown(struct socket *sock, int how) 1305{ 1306 return 0; 1307} 1308static inline int security_sock_rcv_skb(struct sock *sk, 1309 struct sk_buff *skb) 1310{ 1311 return 0; 1312} 1313 1314static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, 1315 int __user *optlen, unsigned len) 1316{ 1317 return -ENOPROTOOPT; 1318} 1319 1320static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) 1321{ 1322 return -ENOPROTOOPT; 1323} 1324 1325static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority) 1326{ 1327 return 0; 1328} 1329 1330static inline void security_sk_free(struct sock *sk) 1331{ 1332} 1333 1334static inline void security_sk_clone(const struct sock *sk, struct sock *newsk) 1335{ 1336} 1337 1338static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl) 1339{ 1340} 1341 1342static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl) 1343{ 1344} 1345 1346static inline void security_sock_graft(struct sock *sk, struct socket *parent) 1347{ 1348} 1349 1350static inline int security_inet_conn_request(struct sock *sk, 1351 struct sk_buff *skb, struct request_sock *req) 1352{ 1353 return 0; 1354} 1355 1356static inline void security_inet_csk_clone(struct sock *newsk, 1357 const struct request_sock *req) 1358{ 1359} 1360 1361static inline void security_inet_conn_established(struct sock *sk, 1362 struct sk_buff *skb) 1363{ 1364} 1365 1366static inline int security_secmark_relabel_packet(u32 secid) 1367{ 1368 return 0; 1369} 1370 1371static inline void security_secmark_refcount_inc(void) 1372{ 1373} 1374 1375static inline void security_secmark_refcount_dec(void) 1376{ 1377} 1378 1379static inline int security_tun_dev_alloc_security(void **security) 1380{ 1381 return 0; 1382} 1383 1384static inline void security_tun_dev_free_security(void *security) 1385{ 1386} 1387 1388static inline int security_tun_dev_create(void) 1389{ 1390 return 0; 1391} 1392 1393static inline int security_tun_dev_attach_queue(void *security) 1394{ 1395 return 0; 1396} 1397 1398static inline int security_tun_dev_attach(struct sock *sk, void *security) 1399{ 1400 return 0; 1401} 1402 1403static inline int security_tun_dev_open(void *security) 1404{ 1405 return 0; 1406} 1407#endif /* CONFIG_SECURITY_NETWORK */ 1408 1409#ifdef CONFIG_SECURITY_NETWORK_XFRM 1410 1411int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, 1412 struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp); 1413int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp); 1414void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx); 1415int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx); 1416int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx); 1417int security_xfrm_state_alloc_acquire(struct xfrm_state *x, 1418 struct xfrm_sec_ctx *polsec, u32 secid); 1419int security_xfrm_state_delete(struct xfrm_state *x); 1420void security_xfrm_state_free(struct xfrm_state *x); 1421int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir); 1422int security_xfrm_state_pol_flow_match(struct xfrm_state *x, 1423 struct xfrm_policy *xp, 1424 const struct flowi *fl); 1425int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid); 1426void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl); 1427 1428#else /* CONFIG_SECURITY_NETWORK_XFRM */ 1429 1430static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, 1431 struct xfrm_user_sec_ctx *sec_ctx, 1432 gfp_t gfp) 1433{ 1434 return 0; 1435} 1436 1437static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp) 1438{ 1439 return 0; 1440} 1441 1442static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx) 1443{ 1444} 1445 1446static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) 1447{ 1448 return 0; 1449} 1450 1451static inline int security_xfrm_state_alloc(struct xfrm_state *x, 1452 struct xfrm_user_sec_ctx *sec_ctx) 1453{ 1454 return 0; 1455} 1456 1457static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x, 1458 struct xfrm_sec_ctx *polsec, u32 secid) 1459{ 1460 return 0; 1461} 1462 1463static inline void security_xfrm_state_free(struct xfrm_state *x) 1464{ 1465} 1466 1467static inline int security_xfrm_state_delete(struct xfrm_state *x) 1468{ 1469 return 0; 1470} 1471 1472static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) 1473{ 1474 return 0; 1475} 1476 1477static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x, 1478 struct xfrm_policy *xp, const struct flowi *fl) 1479{ 1480 return 1; 1481} 1482 1483static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) 1484{ 1485 return 0; 1486} 1487 1488static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl) 1489{ 1490} 1491 1492#endif /* CONFIG_SECURITY_NETWORK_XFRM */ 1493 1494#ifdef CONFIG_SECURITY_PATH 1495int security_path_unlink(const struct path *dir, struct dentry *dentry); 1496int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode); 1497int security_path_rmdir(const struct path *dir, struct dentry *dentry); 1498int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, 1499 unsigned int dev); 1500int security_path_truncate(const struct path *path); 1501int security_path_symlink(const struct path *dir, struct dentry *dentry, 1502 const char *old_name); 1503int security_path_link(struct dentry *old_dentry, const struct path *new_dir, 1504 struct dentry *new_dentry); 1505int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, 1506 const struct path *new_dir, struct dentry *new_dentry, 1507 unsigned int flags); 1508int security_path_chmod(const struct path *path, umode_t mode); 1509int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid); 1510int security_path_chroot(const struct path *path); 1511#else /* CONFIG_SECURITY_PATH */ 1512static inline int security_path_unlink(const struct path *dir, struct dentry *dentry) 1513{ 1514 return 0; 1515} 1516 1517static inline int security_path_mkdir(const struct path *dir, struct dentry *dentry, 1518 umode_t mode) 1519{ 1520 return 0; 1521} 1522 1523static inline int security_path_rmdir(const struct path *dir, struct dentry *dentry) 1524{ 1525 return 0; 1526} 1527 1528static inline int security_path_mknod(const struct path *dir, struct dentry *dentry, 1529 umode_t mode, unsigned int dev) 1530{ 1531 return 0; 1532} 1533 1534static inline int security_path_truncate(const struct path *path) 1535{ 1536 return 0; 1537} 1538 1539static inline int security_path_symlink(const struct path *dir, struct dentry *dentry, 1540 const char *old_name) 1541{ 1542 return 0; 1543} 1544 1545static inline int security_path_link(struct dentry *old_dentry, 1546 const struct path *new_dir, 1547 struct dentry *new_dentry) 1548{ 1549 return 0; 1550} 1551 1552static inline int security_path_rename(const struct path *old_dir, 1553 struct dentry *old_dentry, 1554 const struct path *new_dir, 1555 struct dentry *new_dentry, 1556 unsigned int flags) 1557{ 1558 return 0; 1559} 1560 1561static inline int security_path_chmod(const struct path *path, umode_t mode) 1562{ 1563 return 0; 1564} 1565 1566static inline int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) 1567{ 1568 return 0; 1569} 1570 1571static inline int security_path_chroot(const struct path *path) 1572{ 1573 return 0; 1574} 1575#endif /* CONFIG_SECURITY_PATH */ 1576 1577#ifdef CONFIG_KEYS 1578#ifdef CONFIG_SECURITY 1579 1580int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags); 1581void security_key_free(struct key *key); 1582int security_key_permission(key_ref_t key_ref, 1583 const struct cred *cred, unsigned perm); 1584int security_key_getsecurity(struct key *key, char **_buffer); 1585 1586#else 1587 1588static inline int security_key_alloc(struct key *key, 1589 const struct cred *cred, 1590 unsigned long flags) 1591{ 1592 return 0; 1593} 1594 1595static inline void security_key_free(struct key *key) 1596{ 1597} 1598 1599static inline int security_key_permission(key_ref_t key_ref, 1600 const struct cred *cred, 1601 unsigned perm) 1602{ 1603 return 0; 1604} 1605 1606static inline int security_key_getsecurity(struct key *key, char **_buffer) 1607{ 1608 *_buffer = NULL; 1609 return 0; 1610} 1611 1612#endif 1613#endif /* CONFIG_KEYS */ 1614 1615#ifdef CONFIG_AUDIT 1616#ifdef CONFIG_SECURITY 1617int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); 1618int security_audit_rule_known(struct audit_krule *krule); 1619int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, 1620 struct audit_context *actx); 1621void security_audit_rule_free(void *lsmrule); 1622 1623#else 1624 1625static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr, 1626 void **lsmrule) 1627{ 1628 return 0; 1629} 1630 1631static inline int security_audit_rule_known(struct audit_krule *krule) 1632{ 1633 return 0; 1634} 1635 1636static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, 1637 void *lsmrule, struct audit_context *actx) 1638{ 1639 return 0; 1640} 1641 1642static inline void security_audit_rule_free(void *lsmrule) 1643{ } 1644 1645#endif /* CONFIG_SECURITY */ 1646#endif /* CONFIG_AUDIT */ 1647 1648#ifdef CONFIG_SECURITYFS 1649 1650extern struct dentry *securityfs_create_file(const char *name, umode_t mode, 1651 struct dentry *parent, void *data, 1652 const struct file_operations *fops); 1653extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent); 1654extern void securityfs_remove(struct dentry *dentry); 1655 1656#else /* CONFIG_SECURITYFS */ 1657 1658static inline struct dentry *securityfs_create_dir(const char *name, 1659 struct dentry *parent) 1660{ 1661 return ERR_PTR(-ENODEV); 1662} 1663 1664static inline struct dentry *securityfs_create_file(const char *name, 1665 umode_t mode, 1666 struct dentry *parent, 1667 void *data, 1668 const struct file_operations *fops) 1669{ 1670 return ERR_PTR(-ENODEV); 1671} 1672 1673static inline void securityfs_remove(struct dentry *dentry) 1674{} 1675 1676#endif 1677 1678#ifdef CONFIG_SECURITY 1679 1680static inline char *alloc_secdata(void) 1681{ 1682 return (char *)get_zeroed_page(GFP_KERNEL); 1683} 1684 1685static inline void free_secdata(void *secdata) 1686{ 1687 free_page((unsigned long)secdata); 1688} 1689 1690#else 1691 1692static inline char *alloc_secdata(void) 1693{ 1694 return (char *)1; 1695} 1696 1697static inline void free_secdata(void *secdata) 1698{ } 1699#endif /* CONFIG_SECURITY */ 1700 1701#endif /* ! __LINUX_SECURITY_H */ 1702