tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / include / linux / security.h
at v4.18-rc8 49 kB view raw
1/* 2 * Linux Security plug 3 * 4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> 5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com> 6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> 7 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au> 8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group) 9 * Copyright (C) 2016 Mellanox Techonologies 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License as published by 13 * the Free Software Foundation; either version 2 of the License, or 14 * (at your option) any later version. 15 * 16 * Due to this file being licensed under the GPL there is controversy over 17 * whether this permits you to write a module that #includes this file 18 * without placing your module under the GPL. Please consult a lawyer for 19 * advice before doing this. 20 * 21 */ 22 23#ifndef __LINUX_SECURITY_H 24#define __LINUX_SECURITY_H 25 26#include <linux/key.h> 27#include <linux/capability.h> 28#include <linux/fs.h> 29#include <linux/slab.h> 30#include <linux/err.h> 31#include <linux/string.h> 32#include <linux/mm.h> 33#include <linux/fs.h> 34 35struct linux_binprm; 36struct cred; 37struct rlimit; 38struct siginfo; 39struct sembuf; 40struct kern_ipc_perm; 41struct audit_context; 42struct super_block; 43struct inode; 44struct dentry; 45struct file; 46struct vfsmount; 47struct path; 48struct qstr; 49struct iattr; 50struct fown_struct; 51struct file_operations; 52struct msg_msg; 53struct xattr; 54struct xfrm_sec_ctx; 55struct mm_struct; 56 57/* If capable should audit the security request */ 58#define SECURITY_CAP_NOAUDIT 0 59#define SECURITY_CAP_AUDIT 1 60 61/* LSM Agnostic defines for sb_set_mnt_opts */ 62#define SECURITY_LSM_NATIVE_LABELS 1 63 64struct ctl_table; 65struct audit_krule; 66struct user_namespace; 67struct timezone; 68 69enum lsm_event { 70 LSM_POLICY_CHANGE, 71}; 72 73/* These functions are in security/commoncap.c */ 74extern int cap_capable(const struct cred *cred, struct user_namespace *ns, 75 int cap, int audit); 76extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz); 77extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); 78extern int cap_ptrace_traceme(struct task_struct *parent); 79extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); 80extern int cap_capset(struct cred *new, const struct cred *old, 81 const kernel_cap_t *effective, 82 const kernel_cap_t *inheritable, 83 const kernel_cap_t *permitted); 84extern int cap_bprm_set_creds(struct linux_binprm *bprm); 85extern int cap_inode_setxattr(struct dentry *dentry, const char *name, 86 const void *value, size_t size, int flags); 87extern int cap_inode_removexattr(struct dentry *dentry, const char *name); 88extern int cap_inode_need_killpriv(struct dentry *dentry); 89extern int cap_inode_killpriv(struct dentry *dentry); 90extern int cap_inode_getsecurity(struct inode *inode, const char *name, 91 void **buffer, bool alloc); 92extern int cap_mmap_addr(unsigned long addr); 93extern int cap_mmap_file(struct file *file, unsigned long reqprot, 94 unsigned long prot, unsigned long flags); 95extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags); 96extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, 97 unsigned long arg4, unsigned long arg5); 98extern int cap_task_setscheduler(struct task_struct *p); 99extern int cap_task_setioprio(struct task_struct *p, int ioprio); 100extern int cap_task_setnice(struct task_struct *p, int nice); 101extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); 102 103struct msghdr; 104struct sk_buff; 105struct sock; 106struct sockaddr; 107struct socket; 108struct flowi; 109struct dst_entry; 110struct xfrm_selector; 111struct xfrm_policy; 112struct xfrm_state; 113struct xfrm_user_sec_ctx; 114struct seq_file; 115struct sctp_endpoint; 116 117#ifdef CONFIG_MMU 118extern unsigned long mmap_min_addr; 119extern unsigned long dac_mmap_min_addr; 120#else 121#define mmap_min_addr 0UL 122#define dac_mmap_min_addr 0UL 123#endif 124 125/* 126 * Values used in the task_security_ops calls 127 */ 128/* setuid or setgid, id0 == uid or gid */ 129#define LSM_SETID_ID 1 130 131/* setreuid or setregid, id0 == real, id1 == eff */ 132#define LSM_SETID_RE 2 133 134/* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */ 135#define LSM_SETID_RES 4 136 137/* setfsuid or setfsgid, id0 == fsuid or fsgid */ 138#define LSM_SETID_FS 8 139 140/* Flags for security_task_prlimit(). */ 141#define LSM_PRLIMIT_READ 1 142#define LSM_PRLIMIT_WRITE 2 143 144/* forward declares to avoid warnings */ 145struct sched_param; 146struct request_sock; 147 148/* bprm->unsafe reasons */ 149#define LSM_UNSAFE_SHARE 1 150#define LSM_UNSAFE_PTRACE 2 151#define LSM_UNSAFE_NO_NEW_PRIVS 4 152 153#ifdef CONFIG_MMU 154extern int mmap_min_addr_handler(struct ctl_table *table, int write, 155 void __user *buffer, size_t *lenp, loff_t *ppos); 156#endif 157 158/* security_inode_init_security callback function to write xattrs */ 159typedef int (*initxattrs) (struct inode *inode, 160 const struct xattr *xattr_array, void *fs_data); 161 162#ifdef CONFIG_SECURITY 163 164struct security_mnt_opts { 165 char **mnt_opts; 166 int *mnt_opts_flags; 167 int num_mnt_opts; 168}; 169 170int call_lsm_notifier(enum lsm_event event, void *data); 171int register_lsm_notifier(struct notifier_block *nb); 172int unregister_lsm_notifier(struct notifier_block *nb); 173 174static inline void security_init_mnt_opts(struct security_mnt_opts *opts) 175{ 176 opts->mnt_opts = NULL; 177 opts->mnt_opts_flags = NULL; 178 opts->num_mnt_opts = 0; 179} 180 181static inline void security_free_mnt_opts(struct security_mnt_opts *opts) 182{ 183 int i; 184 if (opts->mnt_opts) 185 for (i = 0; i < opts->num_mnt_opts; i++) 186 kfree(opts->mnt_opts[i]); 187 kfree(opts->mnt_opts); 188 opts->mnt_opts = NULL; 189 kfree(opts->mnt_opts_flags); 190 opts->mnt_opts_flags = NULL; 191 opts->num_mnt_opts = 0; 192} 193 194/* prototypes */ 195extern int security_init(void); 196 197/* Security operations */ 198int security_binder_set_context_mgr(struct task_struct *mgr); 199int security_binder_transaction(struct task_struct *from, 200 struct task_struct *to); 201int security_binder_transfer_binder(struct task_struct *from, 202 struct task_struct *to); 203int security_binder_transfer_file(struct task_struct *from, 204 struct task_struct *to, struct file *file); 205int security_ptrace_access_check(struct task_struct *child, unsigned int mode); 206int security_ptrace_traceme(struct task_struct *parent); 207int security_capget(struct task_struct *target, 208 kernel_cap_t *effective, 209 kernel_cap_t *inheritable, 210 kernel_cap_t *permitted); 211int security_capset(struct cred *new, const struct cred *old, 212 const kernel_cap_t *effective, 213 const kernel_cap_t *inheritable, 214 const kernel_cap_t *permitted); 215int security_capable(const struct cred *cred, struct user_namespace *ns, 216 int cap); 217int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns, 218 int cap); 219int security_quotactl(int cmds, int type, int id, struct super_block *sb); 220int security_quota_on(struct dentry *dentry); 221int security_syslog(int type); 222int security_settime64(const struct timespec64 *ts, const struct timezone *tz); 223int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); 224int security_bprm_set_creds(struct linux_binprm *bprm); 225int security_bprm_check(struct linux_binprm *bprm); 226void security_bprm_committing_creds(struct linux_binprm *bprm); 227void security_bprm_committed_creds(struct linux_binprm *bprm); 228int security_sb_alloc(struct super_block *sb); 229void security_sb_free(struct super_block *sb); 230int security_sb_copy_data(char *orig, char *copy); 231int security_sb_remount(struct super_block *sb, void *data); 232int security_sb_kern_mount(struct super_block *sb, int flags, void *data); 233int security_sb_show_options(struct seq_file *m, struct super_block *sb); 234int security_sb_statfs(struct dentry *dentry); 235int security_sb_mount(const char *dev_name, const struct path *path, 236 const char *type, unsigned long flags, void *data); 237int security_sb_umount(struct vfsmount *mnt, int flags); 238int security_sb_pivotroot(const struct path *old_path, const struct path *new_path); 239int security_sb_set_mnt_opts(struct super_block *sb, 240 struct security_mnt_opts *opts, 241 unsigned long kern_flags, 242 unsigned long *set_kern_flags); 243int security_sb_clone_mnt_opts(const struct super_block *oldsb, 244 struct super_block *newsb, 245 unsigned long kern_flags, 246 unsigned long *set_kern_flags); 247int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts); 248int security_dentry_init_security(struct dentry *dentry, int mode, 249 const struct qstr *name, void **ctx, 250 u32 *ctxlen); 251int security_dentry_create_files_as(struct dentry *dentry, int mode, 252 struct qstr *name, 253 const struct cred *old, 254 struct cred *new); 255 256int security_inode_alloc(struct inode *inode); 257void security_inode_free(struct inode *inode); 258int security_inode_init_security(struct inode *inode, struct inode *dir, 259 const struct qstr *qstr, 260 initxattrs initxattrs, void *fs_data); 261int security_old_inode_init_security(struct inode *inode, struct inode *dir, 262 const struct qstr *qstr, const char **name, 263 void **value, size_t *len); 264int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode); 265int security_inode_link(struct dentry *old_dentry, struct inode *dir, 266 struct dentry *new_dentry); 267int security_inode_unlink(struct inode *dir, struct dentry *dentry); 268int security_inode_symlink(struct inode *dir, struct dentry *dentry, 269 const char *old_name); 270int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode); 271int security_inode_rmdir(struct inode *dir, struct dentry *dentry); 272int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev); 273int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, 274 struct inode *new_dir, struct dentry *new_dentry, 275 unsigned int flags); 276int security_inode_readlink(struct dentry *dentry); 277int security_inode_follow_link(struct dentry *dentry, struct inode *inode, 278 bool rcu); 279int security_inode_permission(struct inode *inode, int mask); 280int security_inode_setattr(struct dentry *dentry, struct iattr *attr); 281int security_inode_getattr(const struct path *path); 282int security_inode_setxattr(struct dentry *dentry, const char *name, 283 const void *value, size_t size, int flags); 284void security_inode_post_setxattr(struct dentry *dentry, const char *name, 285 const void *value, size_t size, int flags); 286int security_inode_getxattr(struct dentry *dentry, const char *name); 287int security_inode_listxattr(struct dentry *dentry); 288int security_inode_removexattr(struct dentry *dentry, const char *name); 289int security_inode_need_killpriv(struct dentry *dentry); 290int security_inode_killpriv(struct dentry *dentry); 291int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc); 292int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); 293int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); 294void security_inode_getsecid(struct inode *inode, u32 *secid); 295int security_inode_copy_up(struct dentry *src, struct cred **new); 296int security_inode_copy_up_xattr(const char *name); 297int security_file_permission(struct file *file, int mask); 298int security_file_alloc(struct file *file); 299void security_file_free(struct file *file); 300int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 301int security_mmap_file(struct file *file, unsigned long prot, 302 unsigned long flags); 303int security_mmap_addr(unsigned long addr); 304int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, 305 unsigned long prot); 306int security_file_lock(struct file *file, unsigned int cmd); 307int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg); 308void security_file_set_fowner(struct file *file); 309int security_file_send_sigiotask(struct task_struct *tsk, 310 struct fown_struct *fown, int sig); 311int security_file_receive(struct file *file); 312int security_file_open(struct file *file, const struct cred *cred); 313int security_task_alloc(struct task_struct *task, unsigned long clone_flags); 314void security_task_free(struct task_struct *task); 315int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); 316void security_cred_free(struct cred *cred); 317int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); 318void security_transfer_creds(struct cred *new, const struct cred *old); 319void security_cred_getsecid(const struct cred *c, u32 *secid); 320int security_kernel_act_as(struct cred *new, u32 secid); 321int security_kernel_create_files_as(struct cred *new, struct inode *inode); 322int security_kernel_module_request(char *kmod_name); 323int security_kernel_read_file(struct file *file, enum kernel_read_file_id id); 324int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, 325 enum kernel_read_file_id id); 326int security_task_fix_setuid(struct cred *new, const struct cred *old, 327 int flags); 328int security_task_setpgid(struct task_struct *p, pid_t pgid); 329int security_task_getpgid(struct task_struct *p); 330int security_task_getsid(struct task_struct *p); 331void security_task_getsecid(struct task_struct *p, u32 *secid); 332int security_task_setnice(struct task_struct *p, int nice); 333int security_task_setioprio(struct task_struct *p, int ioprio); 334int security_task_getioprio(struct task_struct *p); 335int security_task_prlimit(const struct cred *cred, const struct cred *tcred, 336 unsigned int flags); 337int security_task_setrlimit(struct task_struct *p, unsigned int resource, 338 struct rlimit *new_rlim); 339int security_task_setscheduler(struct task_struct *p); 340int security_task_getscheduler(struct task_struct *p); 341int security_task_movememory(struct task_struct *p); 342int security_task_kill(struct task_struct *p, struct siginfo *info, 343 int sig, const struct cred *cred); 344int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, 345 unsigned long arg4, unsigned long arg5); 346void security_task_to_inode(struct task_struct *p, struct inode *inode); 347int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); 348void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); 349int security_msg_msg_alloc(struct msg_msg *msg); 350void security_msg_msg_free(struct msg_msg *msg); 351int security_msg_queue_alloc(struct kern_ipc_perm *msq); 352void security_msg_queue_free(struct kern_ipc_perm *msq); 353int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg); 354int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd); 355int security_msg_queue_msgsnd(struct kern_ipc_perm *msq, 356 struct msg_msg *msg, int msqflg); 357int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg, 358 struct task_struct *target, long type, int mode); 359int security_shm_alloc(struct kern_ipc_perm *shp); 360void security_shm_free(struct kern_ipc_perm *shp); 361int security_shm_associate(struct kern_ipc_perm *shp, int shmflg); 362int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd); 363int security_shm_shmat(struct kern_ipc_perm *shp, char __user *shmaddr, int shmflg); 364int security_sem_alloc(struct kern_ipc_perm *sma); 365void security_sem_free(struct kern_ipc_perm *sma); 366int security_sem_associate(struct kern_ipc_perm *sma, int semflg); 367int security_sem_semctl(struct kern_ipc_perm *sma, int cmd); 368int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops, 369 unsigned nsops, int alter); 370void security_d_instantiate(struct dentry *dentry, struct inode *inode); 371int security_getprocattr(struct task_struct *p, char *name, char **value); 372int security_setprocattr(const char *name, void *value, size_t size); 373int security_netlink_send(struct sock *sk, struct sk_buff *skb); 374int security_ismaclabel(const char *name); 375int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); 376int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); 377void security_release_secctx(char *secdata, u32 seclen); 378 379void security_inode_invalidate_secctx(struct inode *inode); 380int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); 381int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); 382int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); 383#else /* CONFIG_SECURITY */ 384struct security_mnt_opts { 385}; 386 387static inline int call_lsm_notifier(enum lsm_event event, void *data) 388{ 389 return 0; 390} 391 392static inline int register_lsm_notifier(struct notifier_block *nb) 393{ 394 return 0; 395} 396 397static inline int unregister_lsm_notifier(struct notifier_block *nb) 398{ 399 return 0; 400} 401 402static inline void security_init_mnt_opts(struct security_mnt_opts *opts) 403{ 404} 405 406static inline void security_free_mnt_opts(struct security_mnt_opts *opts) 407{ 408} 409 410/* 411 * This is the default capabilities functionality. Most of these functions 412 * are just stubbed out, but a few must call the proper capable code. 413 */ 414 415static inline int security_init(void) 416{ 417 return 0; 418} 419 420static inline int security_binder_set_context_mgr(struct task_struct *mgr) 421{ 422 return 0; 423} 424 425static inline int security_binder_transaction(struct task_struct *from, 426 struct task_struct *to) 427{ 428 return 0; 429} 430 431static inline int security_binder_transfer_binder(struct task_struct *from, 432 struct task_struct *to) 433{ 434 return 0; 435} 436 437static inline int security_binder_transfer_file(struct task_struct *from, 438 struct task_struct *to, 439 struct file *file) 440{ 441 return 0; 442} 443 444static inline int security_ptrace_access_check(struct task_struct *child, 445 unsigned int mode) 446{ 447 return cap_ptrace_access_check(child, mode); 448} 449 450static inline int security_ptrace_traceme(struct task_struct *parent) 451{ 452 return cap_ptrace_traceme(parent); 453} 454 455static inline int security_capget(struct task_struct *target, 456 kernel_cap_t *effective, 457 kernel_cap_t *inheritable, 458 kernel_cap_t *permitted) 459{ 460 return cap_capget(target, effective, inheritable, permitted); 461} 462 463static inline int security_capset(struct cred *new, 464 const struct cred *old, 465 const kernel_cap_t *effective, 466 const kernel_cap_t *inheritable, 467 const kernel_cap_t *permitted) 468{ 469 return cap_capset(new, old, effective, inheritable, permitted); 470} 471 472static inline int security_capable(const struct cred *cred, 473 struct user_namespace *ns, int cap) 474{ 475 return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT); 476} 477 478static inline int security_capable_noaudit(const struct cred *cred, 479 struct user_namespace *ns, int cap) { 480 return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT); 481} 482 483static inline int security_quotactl(int cmds, int type, int id, 484 struct super_block *sb) 485{ 486 return 0; 487} 488 489static inline int security_quota_on(struct dentry *dentry) 490{ 491 return 0; 492} 493 494static inline int security_syslog(int type) 495{ 496 return 0; 497} 498 499static inline int security_settime64(const struct timespec64 *ts, 500 const struct timezone *tz) 501{ 502 return cap_settime(ts, tz); 503} 504 505static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) 506{ 507 return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages)); 508} 509 510static inline int security_bprm_set_creds(struct linux_binprm *bprm) 511{ 512 return cap_bprm_set_creds(bprm); 513} 514 515static inline int security_bprm_check(struct linux_binprm *bprm) 516{ 517 return 0; 518} 519 520static inline void security_bprm_committing_creds(struct linux_binprm *bprm) 521{ 522} 523 524static inline void security_bprm_committed_creds(struct linux_binprm *bprm) 525{ 526} 527 528static inline int security_sb_alloc(struct super_block *sb) 529{ 530 return 0; 531} 532 533static inline void security_sb_free(struct super_block *sb) 534{ } 535 536static inline int security_sb_copy_data(char *orig, char *copy) 537{ 538 return 0; 539} 540 541static inline int security_sb_remount(struct super_block *sb, void *data) 542{ 543 return 0; 544} 545 546static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data) 547{ 548 return 0; 549} 550 551static inline int security_sb_show_options(struct seq_file *m, 552 struct super_block *sb) 553{ 554 return 0; 555} 556 557static inline int security_sb_statfs(struct dentry *dentry) 558{ 559 return 0; 560} 561 562static inline int security_sb_mount(const char *dev_name, const struct path *path, 563 const char *type, unsigned long flags, 564 void *data) 565{ 566 return 0; 567} 568 569static inline int security_sb_umount(struct vfsmount *mnt, int flags) 570{ 571 return 0; 572} 573 574static inline int security_sb_pivotroot(const struct path *old_path, 575 const struct path *new_path) 576{ 577 return 0; 578} 579 580static inline int security_sb_set_mnt_opts(struct super_block *sb, 581 struct security_mnt_opts *opts, 582 unsigned long kern_flags, 583 unsigned long *set_kern_flags) 584{ 585 return 0; 586} 587 588static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb, 589 struct super_block *newsb, 590 unsigned long kern_flags, 591 unsigned long *set_kern_flags) 592{ 593 return 0; 594} 595 596static inline int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts) 597{ 598 return 0; 599} 600 601static inline int security_inode_alloc(struct inode *inode) 602{ 603 return 0; 604} 605 606static inline void security_inode_free(struct inode *inode) 607{ } 608 609static inline int security_dentry_init_security(struct dentry *dentry, 610 int mode, 611 const struct qstr *name, 612 void **ctx, 613 u32 *ctxlen) 614{ 615 return -EOPNOTSUPP; 616} 617 618static inline int security_dentry_create_files_as(struct dentry *dentry, 619 int mode, struct qstr *name, 620 const struct cred *old, 621 struct cred *new) 622{ 623 return 0; 624} 625 626 627static inline int security_inode_init_security(struct inode *inode, 628 struct inode *dir, 629 const struct qstr *qstr, 630 const initxattrs xattrs, 631 void *fs_data) 632{ 633 return 0; 634} 635 636static inline int security_old_inode_init_security(struct inode *inode, 637 struct inode *dir, 638 const struct qstr *qstr, 639 const char **name, 640 void **value, size_t *len) 641{ 642 return -EOPNOTSUPP; 643} 644 645static inline int security_inode_create(struct inode *dir, 646 struct dentry *dentry, 647 umode_t mode) 648{ 649 return 0; 650} 651 652static inline int security_inode_link(struct dentry *old_dentry, 653 struct inode *dir, 654 struct dentry *new_dentry) 655{ 656 return 0; 657} 658 659static inline int security_inode_unlink(struct inode *dir, 660 struct dentry *dentry) 661{ 662 return 0; 663} 664 665static inline int security_inode_symlink(struct inode *dir, 666 struct dentry *dentry, 667 const char *old_name) 668{ 669 return 0; 670} 671 672static inline int security_inode_mkdir(struct inode *dir, 673 struct dentry *dentry, 674 int mode) 675{ 676 return 0; 677} 678 679static inline int security_inode_rmdir(struct inode *dir, 680 struct dentry *dentry) 681{ 682 return 0; 683} 684 685static inline int security_inode_mknod(struct inode *dir, 686 struct dentry *dentry, 687 int mode, dev_t dev) 688{ 689 return 0; 690} 691 692static inline int security_inode_rename(struct inode *old_dir, 693 struct dentry *old_dentry, 694 struct inode *new_dir, 695 struct dentry *new_dentry, 696 unsigned int flags) 697{ 698 return 0; 699} 700 701static inline int security_inode_readlink(struct dentry *dentry) 702{ 703 return 0; 704} 705 706static inline int security_inode_follow_link(struct dentry *dentry, 707 struct inode *inode, 708 bool rcu) 709{ 710 return 0; 711} 712 713static inline int security_inode_permission(struct inode *inode, int mask) 714{ 715 return 0; 716} 717 718static inline int security_inode_setattr(struct dentry *dentry, 719 struct iattr *attr) 720{ 721 return 0; 722} 723 724static inline int security_inode_getattr(const struct path *path) 725{ 726 return 0; 727} 728 729static inline int security_inode_setxattr(struct dentry *dentry, 730 const char *name, const void *value, size_t size, int flags) 731{ 732 return cap_inode_setxattr(dentry, name, value, size, flags); 733} 734 735static inline void security_inode_post_setxattr(struct dentry *dentry, 736 const char *name, const void *value, size_t size, int flags) 737{ } 738 739static inline int security_inode_getxattr(struct dentry *dentry, 740 const char *name) 741{ 742 return 0; 743} 744 745static inline int security_inode_listxattr(struct dentry *dentry) 746{ 747 return 0; 748} 749 750static inline int security_inode_removexattr(struct dentry *dentry, 751 const char *name) 752{ 753 return cap_inode_removexattr(dentry, name); 754} 755 756static inline int security_inode_need_killpriv(struct dentry *dentry) 757{ 758 return cap_inode_need_killpriv(dentry); 759} 760 761static inline int security_inode_killpriv(struct dentry *dentry) 762{ 763 return cap_inode_killpriv(dentry); 764} 765 766static inline int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc) 767{ 768 return -EOPNOTSUPP; 769} 770 771static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) 772{ 773 return -EOPNOTSUPP; 774} 775 776static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) 777{ 778 return 0; 779} 780 781static inline void security_inode_getsecid(struct inode *inode, u32 *secid) 782{ 783 *secid = 0; 784} 785 786static inline int security_inode_copy_up(struct dentry *src, struct cred **new) 787{ 788 return 0; 789} 790 791static inline int security_inode_copy_up_xattr(const char *name) 792{ 793 return -EOPNOTSUPP; 794} 795 796static inline int security_file_permission(struct file *file, int mask) 797{ 798 return 0; 799} 800 801static inline int security_file_alloc(struct file *file) 802{ 803 return 0; 804} 805 806static inline void security_file_free(struct file *file) 807{ } 808 809static inline int security_file_ioctl(struct file *file, unsigned int cmd, 810 unsigned long arg) 811{ 812 return 0; 813} 814 815static inline int security_mmap_file(struct file *file, unsigned long prot, 816 unsigned long flags) 817{ 818 return 0; 819} 820 821static inline int security_mmap_addr(unsigned long addr) 822{ 823 return cap_mmap_addr(addr); 824} 825 826static inline int security_file_mprotect(struct vm_area_struct *vma, 827 unsigned long reqprot, 828 unsigned long prot) 829{ 830 return 0; 831} 832 833static inline int security_file_lock(struct file *file, unsigned int cmd) 834{ 835 return 0; 836} 837 838static inline int security_file_fcntl(struct file *file, unsigned int cmd, 839 unsigned long arg) 840{ 841 return 0; 842} 843 844static inline void security_file_set_fowner(struct file *file) 845{ 846 return; 847} 848 849static inline int security_file_send_sigiotask(struct task_struct *tsk, 850 struct fown_struct *fown, 851 int sig) 852{ 853 return 0; 854} 855 856static inline int security_file_receive(struct file *file) 857{ 858 return 0; 859} 860 861static inline int security_file_open(struct file *file, 862 const struct cred *cred) 863{ 864 return 0; 865} 866 867static inline int security_task_alloc(struct task_struct *task, 868 unsigned long clone_flags) 869{ 870 return 0; 871} 872 873static inline void security_task_free(struct task_struct *task) 874{ } 875 876static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) 877{ 878 return 0; 879} 880 881static inline void security_cred_free(struct cred *cred) 882{ } 883 884static inline int security_prepare_creds(struct cred *new, 885 const struct cred *old, 886 gfp_t gfp) 887{ 888 return 0; 889} 890 891static inline void security_transfer_creds(struct cred *new, 892 const struct cred *old) 893{ 894} 895 896static inline int security_kernel_act_as(struct cred *cred, u32 secid) 897{ 898 return 0; 899} 900 901static inline int security_kernel_create_files_as(struct cred *cred, 902 struct inode *inode) 903{ 904 return 0; 905} 906 907static inline int security_kernel_module_request(char *kmod_name) 908{ 909 return 0; 910} 911 912static inline int security_kernel_read_file(struct file *file, 913 enum kernel_read_file_id id) 914{ 915 return 0; 916} 917 918static inline int security_kernel_post_read_file(struct file *file, 919 char *buf, loff_t size, 920 enum kernel_read_file_id id) 921{ 922 return 0; 923} 924 925static inline int security_task_fix_setuid(struct cred *new, 926 const struct cred *old, 927 int flags) 928{ 929 return cap_task_fix_setuid(new, old, flags); 930} 931 932static inline int security_task_setpgid(struct task_struct *p, pid_t pgid) 933{ 934 return 0; 935} 936 937static inline int security_task_getpgid(struct task_struct *p) 938{ 939 return 0; 940} 941 942static inline int security_task_getsid(struct task_struct *p) 943{ 944 return 0; 945} 946 947static inline void security_task_getsecid(struct task_struct *p, u32 *secid) 948{ 949 *secid = 0; 950} 951 952static inline int security_task_setnice(struct task_struct *p, int nice) 953{ 954 return cap_task_setnice(p, nice); 955} 956 957static inline int security_task_setioprio(struct task_struct *p, int ioprio) 958{ 959 return cap_task_setioprio(p, ioprio); 960} 961 962static inline int security_task_getioprio(struct task_struct *p) 963{ 964 return 0; 965} 966 967static inline int security_task_prlimit(const struct cred *cred, 968 const struct cred *tcred, 969 unsigned int flags) 970{ 971 return 0; 972} 973 974static inline int security_task_setrlimit(struct task_struct *p, 975 unsigned int resource, 976 struct rlimit *new_rlim) 977{ 978 return 0; 979} 980 981static inline int security_task_setscheduler(struct task_struct *p) 982{ 983 return cap_task_setscheduler(p); 984} 985 986static inline int security_task_getscheduler(struct task_struct *p) 987{ 988 return 0; 989} 990 991static inline int security_task_movememory(struct task_struct *p) 992{ 993 return 0; 994} 995 996static inline int security_task_kill(struct task_struct *p, 997 struct siginfo *info, int sig, 998 const struct cred *cred) 999{ 1000 return 0; 1001} 1002 1003static inline int security_task_prctl(int option, unsigned long arg2, 1004 unsigned long arg3, 1005 unsigned long arg4, 1006 unsigned long arg5) 1007{ 1008 return cap_task_prctl(option, arg2, arg3, arg4, arg5); 1009} 1010 1011static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) 1012{ } 1013 1014static inline int security_ipc_permission(struct kern_ipc_perm *ipcp, 1015 short flag) 1016{ 1017 return 0; 1018} 1019 1020static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) 1021{ 1022 *secid = 0; 1023} 1024 1025static inline int security_msg_msg_alloc(struct msg_msg *msg) 1026{ 1027 return 0; 1028} 1029 1030static inline void security_msg_msg_free(struct msg_msg *msg) 1031{ } 1032 1033static inline int security_msg_queue_alloc(struct kern_ipc_perm *msq) 1034{ 1035 return 0; 1036} 1037 1038static inline void security_msg_queue_free(struct kern_ipc_perm *msq) 1039{ } 1040 1041static inline int security_msg_queue_associate(struct kern_ipc_perm *msq, 1042 int msqflg) 1043{ 1044 return 0; 1045} 1046 1047static inline int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd) 1048{ 1049 return 0; 1050} 1051 1052static inline int security_msg_queue_msgsnd(struct kern_ipc_perm *msq, 1053 struct msg_msg *msg, int msqflg) 1054{ 1055 return 0; 1056} 1057 1058static inline int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, 1059 struct msg_msg *msg, 1060 struct task_struct *target, 1061 long type, int mode) 1062{ 1063 return 0; 1064} 1065 1066static inline int security_shm_alloc(struct kern_ipc_perm *shp) 1067{ 1068 return 0; 1069} 1070 1071static inline void security_shm_free(struct kern_ipc_perm *shp) 1072{ } 1073 1074static inline int security_shm_associate(struct kern_ipc_perm *shp, 1075 int shmflg) 1076{ 1077 return 0; 1078} 1079 1080static inline int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd) 1081{ 1082 return 0; 1083} 1084 1085static inline int security_shm_shmat(struct kern_ipc_perm *shp, 1086 char __user *shmaddr, int shmflg) 1087{ 1088 return 0; 1089} 1090 1091static inline int security_sem_alloc(struct kern_ipc_perm *sma) 1092{ 1093 return 0; 1094} 1095 1096static inline void security_sem_free(struct kern_ipc_perm *sma) 1097{ } 1098 1099static inline int security_sem_associate(struct kern_ipc_perm *sma, int semflg) 1100{ 1101 return 0; 1102} 1103 1104static inline int security_sem_semctl(struct kern_ipc_perm *sma, int cmd) 1105{ 1106 return 0; 1107} 1108 1109static inline int security_sem_semop(struct kern_ipc_perm *sma, 1110 struct sembuf *sops, unsigned nsops, 1111 int alter) 1112{ 1113 return 0; 1114} 1115 1116static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode) 1117{ } 1118 1119static inline int security_getprocattr(struct task_struct *p, char *name, char **value) 1120{ 1121 return -EINVAL; 1122} 1123 1124static inline int security_setprocattr(char *name, void *value, size_t size) 1125{ 1126 return -EINVAL; 1127} 1128 1129static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb) 1130{ 1131 return 0; 1132} 1133 1134static inline int security_ismaclabel(const char *name) 1135{ 1136 return 0; 1137} 1138 1139static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 1140{ 1141 return -EOPNOTSUPP; 1142} 1143 1144static inline int security_secctx_to_secid(const char *secdata, 1145 u32 seclen, 1146 u32 *secid) 1147{ 1148 return -EOPNOTSUPP; 1149} 1150 1151static inline void security_release_secctx(char *secdata, u32 seclen) 1152{ 1153} 1154 1155static inline void security_inode_invalidate_secctx(struct inode *inode) 1156{ 1157} 1158 1159static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 1160{ 1161 return -EOPNOTSUPP; 1162} 1163static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 1164{ 1165 return -EOPNOTSUPP; 1166} 1167static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 1168{ 1169 return -EOPNOTSUPP; 1170} 1171#endif /* CONFIG_SECURITY */ 1172 1173#ifdef CONFIG_SECURITY_NETWORK 1174 1175int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk); 1176int security_unix_may_send(struct socket *sock, struct socket *other); 1177int security_socket_create(int family, int type, int protocol, int kern); 1178int security_socket_post_create(struct socket *sock, int family, 1179 int type, int protocol, int kern); 1180int security_socket_socketpair(struct socket *socka, struct socket *sockb); 1181int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen); 1182int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen); 1183int security_socket_listen(struct socket *sock, int backlog); 1184int security_socket_accept(struct socket *sock, struct socket *newsock); 1185int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size); 1186int security_socket_recvmsg(struct socket *sock, struct msghdr *msg, 1187 int size, int flags); 1188int security_socket_getsockname(struct socket *sock); 1189int security_socket_getpeername(struct socket *sock); 1190int security_socket_getsockopt(struct socket *sock, int level, int optname); 1191int security_socket_setsockopt(struct socket *sock, int level, int optname); 1192int security_socket_shutdown(struct socket *sock, int how); 1193int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb); 1194int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, 1195 int __user *optlen, unsigned len); 1196int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid); 1197int security_sk_alloc(struct sock *sk, int family, gfp_t priority); 1198void security_sk_free(struct sock *sk); 1199void security_sk_clone(const struct sock *sk, struct sock *newsk); 1200void security_sk_classify_flow(struct sock *sk, struct flowi *fl); 1201void security_req_classify_flow(const struct request_sock *req, struct flowi *fl); 1202void security_sock_graft(struct sock*sk, struct socket *parent); 1203int security_inet_conn_request(struct sock *sk, 1204 struct sk_buff *skb, struct request_sock *req); 1205void security_inet_csk_clone(struct sock *newsk, 1206 const struct request_sock *req); 1207void security_inet_conn_established(struct sock *sk, 1208 struct sk_buff *skb); 1209int security_secmark_relabel_packet(u32 secid); 1210void security_secmark_refcount_inc(void); 1211void security_secmark_refcount_dec(void); 1212int security_tun_dev_alloc_security(void **security); 1213void security_tun_dev_free_security(void *security); 1214int security_tun_dev_create(void); 1215int security_tun_dev_attach_queue(void *security); 1216int security_tun_dev_attach(struct sock *sk, void *security); 1217int security_tun_dev_open(void *security); 1218int security_sctp_assoc_request(struct sctp_endpoint *ep, struct sk_buff *skb); 1219int security_sctp_bind_connect(struct sock *sk, int optname, 1220 struct sockaddr *address, int addrlen); 1221void security_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk, 1222 struct sock *newsk); 1223 1224#else /* CONFIG_SECURITY_NETWORK */ 1225static inline int security_unix_stream_connect(struct sock *sock, 1226 struct sock *other, 1227 struct sock *newsk) 1228{ 1229 return 0; 1230} 1231 1232static inline int security_unix_may_send(struct socket *sock, 1233 struct socket *other) 1234{ 1235 return 0; 1236} 1237 1238static inline int security_socket_create(int family, int type, 1239 int protocol, int kern) 1240{ 1241 return 0; 1242} 1243 1244static inline int security_socket_post_create(struct socket *sock, 1245 int family, 1246 int type, 1247 int protocol, int kern) 1248{ 1249 return 0; 1250} 1251 1252static inline int security_socket_socketpair(struct socket *socka, 1253 struct socket *sockb) 1254{ 1255 return 0; 1256} 1257 1258static inline int security_socket_bind(struct socket *sock, 1259 struct sockaddr *address, 1260 int addrlen) 1261{ 1262 return 0; 1263} 1264 1265static inline int security_socket_connect(struct socket *sock, 1266 struct sockaddr *address, 1267 int addrlen) 1268{ 1269 return 0; 1270} 1271 1272static inline int security_socket_listen(struct socket *sock, int backlog) 1273{ 1274 return 0; 1275} 1276 1277static inline int security_socket_accept(struct socket *sock, 1278 struct socket *newsock) 1279{ 1280 return 0; 1281} 1282 1283static inline int security_socket_sendmsg(struct socket *sock, 1284 struct msghdr *msg, int size) 1285{ 1286 return 0; 1287} 1288 1289static inline int security_socket_recvmsg(struct socket *sock, 1290 struct msghdr *msg, int size, 1291 int flags) 1292{ 1293 return 0; 1294} 1295 1296static inline int security_socket_getsockname(struct socket *sock) 1297{ 1298 return 0; 1299} 1300 1301static inline int security_socket_getpeername(struct socket *sock) 1302{ 1303 return 0; 1304} 1305 1306static inline int security_socket_getsockopt(struct socket *sock, 1307 int level, int optname) 1308{ 1309 return 0; 1310} 1311 1312static inline int security_socket_setsockopt(struct socket *sock, 1313 int level, int optname) 1314{ 1315 return 0; 1316} 1317 1318static inline int security_socket_shutdown(struct socket *sock, int how) 1319{ 1320 return 0; 1321} 1322static inline int security_sock_rcv_skb(struct sock *sk, 1323 struct sk_buff *skb) 1324{ 1325 return 0; 1326} 1327 1328static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, 1329 int __user *optlen, unsigned len) 1330{ 1331 return -ENOPROTOOPT; 1332} 1333 1334static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) 1335{ 1336 return -ENOPROTOOPT; 1337} 1338 1339static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority) 1340{ 1341 return 0; 1342} 1343 1344static inline void security_sk_free(struct sock *sk) 1345{ 1346} 1347 1348static inline void security_sk_clone(const struct sock *sk, struct sock *newsk) 1349{ 1350} 1351 1352static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl) 1353{ 1354} 1355 1356static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl) 1357{ 1358} 1359 1360static inline void security_sock_graft(struct sock *sk, struct socket *parent) 1361{ 1362} 1363 1364static inline int security_inet_conn_request(struct sock *sk, 1365 struct sk_buff *skb, struct request_sock *req) 1366{ 1367 return 0; 1368} 1369 1370static inline void security_inet_csk_clone(struct sock *newsk, 1371 const struct request_sock *req) 1372{ 1373} 1374 1375static inline void security_inet_conn_established(struct sock *sk, 1376 struct sk_buff *skb) 1377{ 1378} 1379 1380static inline int security_secmark_relabel_packet(u32 secid) 1381{ 1382 return 0; 1383} 1384 1385static inline void security_secmark_refcount_inc(void) 1386{ 1387} 1388 1389static inline void security_secmark_refcount_dec(void) 1390{ 1391} 1392 1393static inline int security_tun_dev_alloc_security(void **security) 1394{ 1395 return 0; 1396} 1397 1398static inline void security_tun_dev_free_security(void *security) 1399{ 1400} 1401 1402static inline int security_tun_dev_create(void) 1403{ 1404 return 0; 1405} 1406 1407static inline int security_tun_dev_attach_queue(void *security) 1408{ 1409 return 0; 1410} 1411 1412static inline int security_tun_dev_attach(struct sock *sk, void *security) 1413{ 1414 return 0; 1415} 1416 1417static inline int security_tun_dev_open(void *security) 1418{ 1419 return 0; 1420} 1421 1422static inline int security_sctp_assoc_request(struct sctp_endpoint *ep, 1423 struct sk_buff *skb) 1424{ 1425 return 0; 1426} 1427 1428static inline int security_sctp_bind_connect(struct sock *sk, int optname, 1429 struct sockaddr *address, 1430 int addrlen) 1431{ 1432 return 0; 1433} 1434 1435static inline void security_sctp_sk_clone(struct sctp_endpoint *ep, 1436 struct sock *sk, 1437 struct sock *newsk) 1438{ 1439} 1440#endif /* CONFIG_SECURITY_NETWORK */ 1441 1442#ifdef CONFIG_SECURITY_INFINIBAND 1443int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey); 1444int security_ib_endport_manage_subnet(void *sec, const char *name, u8 port_num); 1445int security_ib_alloc_security(void **sec); 1446void security_ib_free_security(void *sec); 1447#else /* CONFIG_SECURITY_INFINIBAND */ 1448static inline int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey) 1449{ 1450 return 0; 1451} 1452 1453static inline int security_ib_endport_manage_subnet(void *sec, const char *dev_name, u8 port_num) 1454{ 1455 return 0; 1456} 1457 1458static inline int security_ib_alloc_security(void **sec) 1459{ 1460 return 0; 1461} 1462 1463static inline void security_ib_free_security(void *sec) 1464{ 1465} 1466#endif /* CONFIG_SECURITY_INFINIBAND */ 1467 1468#ifdef CONFIG_SECURITY_NETWORK_XFRM 1469 1470int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, 1471 struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp); 1472int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp); 1473void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx); 1474int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx); 1475int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx); 1476int security_xfrm_state_alloc_acquire(struct xfrm_state *x, 1477 struct xfrm_sec_ctx *polsec, u32 secid); 1478int security_xfrm_state_delete(struct xfrm_state *x); 1479void security_xfrm_state_free(struct xfrm_state *x); 1480int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir); 1481int security_xfrm_state_pol_flow_match(struct xfrm_state *x, 1482 struct xfrm_policy *xp, 1483 const struct flowi *fl); 1484int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid); 1485void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl); 1486 1487#else /* CONFIG_SECURITY_NETWORK_XFRM */ 1488 1489static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, 1490 struct xfrm_user_sec_ctx *sec_ctx, 1491 gfp_t gfp) 1492{ 1493 return 0; 1494} 1495 1496static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp) 1497{ 1498 return 0; 1499} 1500 1501static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx) 1502{ 1503} 1504 1505static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) 1506{ 1507 return 0; 1508} 1509 1510static inline int security_xfrm_state_alloc(struct xfrm_state *x, 1511 struct xfrm_user_sec_ctx *sec_ctx) 1512{ 1513 return 0; 1514} 1515 1516static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x, 1517 struct xfrm_sec_ctx *polsec, u32 secid) 1518{ 1519 return 0; 1520} 1521 1522static inline void security_xfrm_state_free(struct xfrm_state *x) 1523{ 1524} 1525 1526static inline int security_xfrm_state_delete(struct xfrm_state *x) 1527{ 1528 return 0; 1529} 1530 1531static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) 1532{ 1533 return 0; 1534} 1535 1536static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x, 1537 struct xfrm_policy *xp, const struct flowi *fl) 1538{ 1539 return 1; 1540} 1541 1542static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) 1543{ 1544 return 0; 1545} 1546 1547static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl) 1548{ 1549} 1550 1551#endif /* CONFIG_SECURITY_NETWORK_XFRM */ 1552 1553#ifdef CONFIG_SECURITY_PATH 1554int security_path_unlink(const struct path *dir, struct dentry *dentry); 1555int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode); 1556int security_path_rmdir(const struct path *dir, struct dentry *dentry); 1557int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, 1558 unsigned int dev); 1559int security_path_truncate(const struct path *path); 1560int security_path_symlink(const struct path *dir, struct dentry *dentry, 1561 const char *old_name); 1562int security_path_link(struct dentry *old_dentry, const struct path *new_dir, 1563 struct dentry *new_dentry); 1564int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, 1565 const struct path *new_dir, struct dentry *new_dentry, 1566 unsigned int flags); 1567int security_path_chmod(const struct path *path, umode_t mode); 1568int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid); 1569int security_path_chroot(const struct path *path); 1570#else /* CONFIG_SECURITY_PATH */ 1571static inline int security_path_unlink(const struct path *dir, struct dentry *dentry) 1572{ 1573 return 0; 1574} 1575 1576static inline int security_path_mkdir(const struct path *dir, struct dentry *dentry, 1577 umode_t mode) 1578{ 1579 return 0; 1580} 1581 1582static inline int security_path_rmdir(const struct path *dir, struct dentry *dentry) 1583{ 1584 return 0; 1585} 1586 1587static inline int security_path_mknod(const struct path *dir, struct dentry *dentry, 1588 umode_t mode, unsigned int dev) 1589{ 1590 return 0; 1591} 1592 1593static inline int security_path_truncate(const struct path *path) 1594{ 1595 return 0; 1596} 1597 1598static inline int security_path_symlink(const struct path *dir, struct dentry *dentry, 1599 const char *old_name) 1600{ 1601 return 0; 1602} 1603 1604static inline int security_path_link(struct dentry *old_dentry, 1605 const struct path *new_dir, 1606 struct dentry *new_dentry) 1607{ 1608 return 0; 1609} 1610 1611static inline int security_path_rename(const struct path *old_dir, 1612 struct dentry *old_dentry, 1613 const struct path *new_dir, 1614 struct dentry *new_dentry, 1615 unsigned int flags) 1616{ 1617 return 0; 1618} 1619 1620static inline int security_path_chmod(const struct path *path, umode_t mode) 1621{ 1622 return 0; 1623} 1624 1625static inline int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) 1626{ 1627 return 0; 1628} 1629 1630static inline int security_path_chroot(const struct path *path) 1631{ 1632 return 0; 1633} 1634#endif /* CONFIG_SECURITY_PATH */ 1635 1636#ifdef CONFIG_KEYS 1637#ifdef CONFIG_SECURITY 1638 1639int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags); 1640void security_key_free(struct key *key); 1641int security_key_permission(key_ref_t key_ref, 1642 const struct cred *cred, unsigned perm); 1643int security_key_getsecurity(struct key *key, char **_buffer); 1644 1645#else 1646 1647static inline int security_key_alloc(struct key *key, 1648 const struct cred *cred, 1649 unsigned long flags) 1650{ 1651 return 0; 1652} 1653 1654static inline void security_key_free(struct key *key) 1655{ 1656} 1657 1658static inline int security_key_permission(key_ref_t key_ref, 1659 const struct cred *cred, 1660 unsigned perm) 1661{ 1662 return 0; 1663} 1664 1665static inline int security_key_getsecurity(struct key *key, char **_buffer) 1666{ 1667 *_buffer = NULL; 1668 return 0; 1669} 1670 1671#endif 1672#endif /* CONFIG_KEYS */ 1673 1674#ifdef CONFIG_AUDIT 1675#ifdef CONFIG_SECURITY 1676int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); 1677int security_audit_rule_known(struct audit_krule *krule); 1678int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, 1679 struct audit_context *actx); 1680void security_audit_rule_free(void *lsmrule); 1681 1682#else 1683 1684static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr, 1685 void **lsmrule) 1686{ 1687 return 0; 1688} 1689 1690static inline int security_audit_rule_known(struct audit_krule *krule) 1691{ 1692 return 0; 1693} 1694 1695static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, 1696 void *lsmrule, struct audit_context *actx) 1697{ 1698 return 0; 1699} 1700 1701static inline void security_audit_rule_free(void *lsmrule) 1702{ } 1703 1704#endif /* CONFIG_SECURITY */ 1705#endif /* CONFIG_AUDIT */ 1706 1707#ifdef CONFIG_SECURITYFS 1708 1709extern struct dentry *securityfs_create_file(const char *name, umode_t mode, 1710 struct dentry *parent, void *data, 1711 const struct file_operations *fops); 1712extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent); 1713struct dentry *securityfs_create_symlink(const char *name, 1714 struct dentry *parent, 1715 const char *target, 1716 const struct inode_operations *iops); 1717extern void securityfs_remove(struct dentry *dentry); 1718 1719#else /* CONFIG_SECURITYFS */ 1720 1721static inline struct dentry *securityfs_create_dir(const char *name, 1722 struct dentry *parent) 1723{ 1724 return ERR_PTR(-ENODEV); 1725} 1726 1727static inline struct dentry *securityfs_create_file(const char *name, 1728 umode_t mode, 1729 struct dentry *parent, 1730 void *data, 1731 const struct file_operations *fops) 1732{ 1733 return ERR_PTR(-ENODEV); 1734} 1735 1736static inline struct dentry *securityfs_create_symlink(const char *name, 1737 struct dentry *parent, 1738 const char *target, 1739 const struct inode_operations *iops) 1740{ 1741 return ERR_PTR(-ENODEV); 1742} 1743 1744static inline void securityfs_remove(struct dentry *dentry) 1745{} 1746 1747#endif 1748 1749#ifdef CONFIG_BPF_SYSCALL 1750union bpf_attr; 1751struct bpf_map; 1752struct bpf_prog; 1753struct bpf_prog_aux; 1754#ifdef CONFIG_SECURITY 1755extern int security_bpf(int cmd, union bpf_attr *attr, unsigned int size); 1756extern int security_bpf_map(struct bpf_map *map, fmode_t fmode); 1757extern int security_bpf_prog(struct bpf_prog *prog); 1758extern int security_bpf_map_alloc(struct bpf_map *map); 1759extern void security_bpf_map_free(struct bpf_map *map); 1760extern int security_bpf_prog_alloc(struct bpf_prog_aux *aux); 1761extern void security_bpf_prog_free(struct bpf_prog_aux *aux); 1762#else 1763static inline int security_bpf(int cmd, union bpf_attr *attr, 1764 unsigned int size) 1765{ 1766 return 0; 1767} 1768 1769static inline int security_bpf_map(struct bpf_map *map, fmode_t fmode) 1770{ 1771 return 0; 1772} 1773 1774static inline int security_bpf_prog(struct bpf_prog *prog) 1775{ 1776 return 0; 1777} 1778 1779static inline int security_bpf_map_alloc(struct bpf_map *map) 1780{ 1781 return 0; 1782} 1783 1784static inline void security_bpf_map_free(struct bpf_map *map) 1785{ } 1786 1787static inline int security_bpf_prog_alloc(struct bpf_prog_aux *aux) 1788{ 1789 return 0; 1790} 1791 1792static inline void security_bpf_prog_free(struct bpf_prog_aux *aux) 1793{ } 1794#endif /* CONFIG_SECURITY */ 1795#endif /* CONFIG_BPF_SYSCALL */ 1796 1797#ifdef CONFIG_SECURITY 1798 1799static inline char *alloc_secdata(void) 1800{ 1801 return (char *)get_zeroed_page(GFP_KERNEL); 1802} 1803 1804static inline void free_secdata(void *secdata) 1805{ 1806 free_page((unsigned long)secdata); 1807} 1808 1809#else 1810 1811static inline char *alloc_secdata(void) 1812{ 1813 return (char *)1; 1814} 1815 1816static inline void free_secdata(void *secdata) 1817{ } 1818#endif /* CONFIG_SECURITY */ 1819 1820#endif /* ! __LINUX_SECURITY_H */ 1821