tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / include / linux / security.h
at v4.8-rc5 45 kB view raw
1/* 2 * Linux Security plug 3 * 4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> 5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com> 6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> 7 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au> 8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group) 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License as published by 12 * the Free Software Foundation; either version 2 of the License, or 13 * (at your option) any later version. 14 * 15 * Due to this file being licensed under the GPL there is controversy over 16 * whether this permits you to write a module that #includes this file 17 * without placing your module under the GPL. Please consult a lawyer for 18 * advice before doing this. 19 * 20 */ 21 22#ifndef __LINUX_SECURITY_H 23#define __LINUX_SECURITY_H 24 25#include <linux/key.h> 26#include <linux/capability.h> 27#include <linux/fs.h> 28#include <linux/slab.h> 29#include <linux/err.h> 30#include <linux/string.h> 31#include <linux/mm.h> 32#include <linux/fs.h> 33 34struct linux_binprm; 35struct cred; 36struct rlimit; 37struct siginfo; 38struct sem_array; 39struct sembuf; 40struct kern_ipc_perm; 41struct audit_context; 42struct super_block; 43struct inode; 44struct dentry; 45struct file; 46struct vfsmount; 47struct path; 48struct qstr; 49struct iattr; 50struct fown_struct; 51struct file_operations; 52struct shmid_kernel; 53struct msg_msg; 54struct msg_queue; 55struct xattr; 56struct xfrm_sec_ctx; 57struct mm_struct; 58 59/* If capable should audit the security request */ 60#define SECURITY_CAP_NOAUDIT 0 61#define SECURITY_CAP_AUDIT 1 62 63/* LSM Agnostic defines for sb_set_mnt_opts */ 64#define SECURITY_LSM_NATIVE_LABELS 1 65 66struct ctl_table; 67struct audit_krule; 68struct user_namespace; 69struct timezone; 70 71/* These functions are in security/commoncap.c */ 72extern int cap_capable(const struct cred *cred, struct user_namespace *ns, 73 int cap, int audit); 74extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz); 75extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); 76extern int cap_ptrace_traceme(struct task_struct *parent); 77extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); 78extern int cap_capset(struct cred *new, const struct cred *old, 79 const kernel_cap_t *effective, 80 const kernel_cap_t *inheritable, 81 const kernel_cap_t *permitted); 82extern int cap_bprm_set_creds(struct linux_binprm *bprm); 83extern int cap_bprm_secureexec(struct linux_binprm *bprm); 84extern int cap_inode_setxattr(struct dentry *dentry, const char *name, 85 const void *value, size_t size, int flags); 86extern int cap_inode_removexattr(struct dentry *dentry, const char *name); 87extern int cap_inode_need_killpriv(struct dentry *dentry); 88extern int cap_inode_killpriv(struct dentry *dentry); 89extern int cap_mmap_addr(unsigned long addr); 90extern int cap_mmap_file(struct file *file, unsigned long reqprot, 91 unsigned long prot, unsigned long flags); 92extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags); 93extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, 94 unsigned long arg4, unsigned long arg5); 95extern int cap_task_setscheduler(struct task_struct *p); 96extern int cap_task_setioprio(struct task_struct *p, int ioprio); 97extern int cap_task_setnice(struct task_struct *p, int nice); 98extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); 99 100struct msghdr; 101struct sk_buff; 102struct sock; 103struct sockaddr; 104struct socket; 105struct flowi; 106struct dst_entry; 107struct xfrm_selector; 108struct xfrm_policy; 109struct xfrm_state; 110struct xfrm_user_sec_ctx; 111struct seq_file; 112 113#ifdef CONFIG_MMU 114extern unsigned long mmap_min_addr; 115extern unsigned long dac_mmap_min_addr; 116#else 117#define mmap_min_addr 0UL 118#define dac_mmap_min_addr 0UL 119#endif 120 121/* 122 * Values used in the task_security_ops calls 123 */ 124/* setuid or setgid, id0 == uid or gid */ 125#define LSM_SETID_ID 1 126 127/* setreuid or setregid, id0 == real, id1 == eff */ 128#define LSM_SETID_RE 2 129 130/* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */ 131#define LSM_SETID_RES 4 132 133/* setfsuid or setfsgid, id0 == fsuid or fsgid */ 134#define LSM_SETID_FS 8 135 136/* forward declares to avoid warnings */ 137struct sched_param; 138struct request_sock; 139 140/* bprm->unsafe reasons */ 141#define LSM_UNSAFE_SHARE 1 142#define LSM_UNSAFE_PTRACE 2 143#define LSM_UNSAFE_PTRACE_CAP 4 144#define LSM_UNSAFE_NO_NEW_PRIVS 8 145 146#ifdef CONFIG_MMU 147extern int mmap_min_addr_handler(struct ctl_table *table, int write, 148 void __user *buffer, size_t *lenp, loff_t *ppos); 149#endif 150 151/* security_inode_init_security callback function to write xattrs */ 152typedef int (*initxattrs) (struct inode *inode, 153 const struct xattr *xattr_array, void *fs_data); 154 155#ifdef CONFIG_SECURITY 156 157struct security_mnt_opts { 158 char **mnt_opts; 159 int *mnt_opts_flags; 160 int num_mnt_opts; 161}; 162 163static inline void security_init_mnt_opts(struct security_mnt_opts *opts) 164{ 165 opts->mnt_opts = NULL; 166 opts->mnt_opts_flags = NULL; 167 opts->num_mnt_opts = 0; 168} 169 170static inline void security_free_mnt_opts(struct security_mnt_opts *opts) 171{ 172 int i; 173 if (opts->mnt_opts) 174 for (i = 0; i < opts->num_mnt_opts; i++) 175 kfree(opts->mnt_opts[i]); 176 kfree(opts->mnt_opts); 177 opts->mnt_opts = NULL; 178 kfree(opts->mnt_opts_flags); 179 opts->mnt_opts_flags = NULL; 180 opts->num_mnt_opts = 0; 181} 182 183/* prototypes */ 184extern int security_init(void); 185 186/* Security operations */ 187int security_binder_set_context_mgr(struct task_struct *mgr); 188int security_binder_transaction(struct task_struct *from, 189 struct task_struct *to); 190int security_binder_transfer_binder(struct task_struct *from, 191 struct task_struct *to); 192int security_binder_transfer_file(struct task_struct *from, 193 struct task_struct *to, struct file *file); 194int security_ptrace_access_check(struct task_struct *child, unsigned int mode); 195int security_ptrace_traceme(struct task_struct *parent); 196int security_capget(struct task_struct *target, 197 kernel_cap_t *effective, 198 kernel_cap_t *inheritable, 199 kernel_cap_t *permitted); 200int security_capset(struct cred *new, const struct cred *old, 201 const kernel_cap_t *effective, 202 const kernel_cap_t *inheritable, 203 const kernel_cap_t *permitted); 204int security_capable(const struct cred *cred, struct user_namespace *ns, 205 int cap); 206int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns, 207 int cap); 208int security_quotactl(int cmds, int type, int id, struct super_block *sb); 209int security_quota_on(struct dentry *dentry); 210int security_syslog(int type); 211int security_settime64(const struct timespec64 *ts, const struct timezone *tz); 212static inline int security_settime(const struct timespec *ts, const struct timezone *tz) 213{ 214 struct timespec64 ts64 = timespec_to_timespec64(*ts); 215 216 return security_settime64(&ts64, tz); 217} 218int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); 219int security_bprm_set_creds(struct linux_binprm *bprm); 220int security_bprm_check(struct linux_binprm *bprm); 221void security_bprm_committing_creds(struct linux_binprm *bprm); 222void security_bprm_committed_creds(struct linux_binprm *bprm); 223int security_bprm_secureexec(struct linux_binprm *bprm); 224int security_sb_alloc(struct super_block *sb); 225void security_sb_free(struct super_block *sb); 226int security_sb_copy_data(char *orig, char *copy); 227int security_sb_remount(struct super_block *sb, void *data); 228int security_sb_kern_mount(struct super_block *sb, int flags, void *data); 229int security_sb_show_options(struct seq_file *m, struct super_block *sb); 230int security_sb_statfs(struct dentry *dentry); 231int security_sb_mount(const char *dev_name, const struct path *path, 232 const char *type, unsigned long flags, void *data); 233int security_sb_umount(struct vfsmount *mnt, int flags); 234int security_sb_pivotroot(const struct path *old_path, const struct path *new_path); 235int security_sb_set_mnt_opts(struct super_block *sb, 236 struct security_mnt_opts *opts, 237 unsigned long kern_flags, 238 unsigned long *set_kern_flags); 239int security_sb_clone_mnt_opts(const struct super_block *oldsb, 240 struct super_block *newsb); 241int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts); 242int security_dentry_init_security(struct dentry *dentry, int mode, 243 const struct qstr *name, void **ctx, 244 u32 *ctxlen); 245 246int security_inode_alloc(struct inode *inode); 247void security_inode_free(struct inode *inode); 248int security_inode_init_security(struct inode *inode, struct inode *dir, 249 const struct qstr *qstr, 250 initxattrs initxattrs, void *fs_data); 251int security_old_inode_init_security(struct inode *inode, struct inode *dir, 252 const struct qstr *qstr, const char **name, 253 void **value, size_t *len); 254int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode); 255int security_inode_link(struct dentry *old_dentry, struct inode *dir, 256 struct dentry *new_dentry); 257int security_inode_unlink(struct inode *dir, struct dentry *dentry); 258int security_inode_symlink(struct inode *dir, struct dentry *dentry, 259 const char *old_name); 260int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode); 261int security_inode_rmdir(struct inode *dir, struct dentry *dentry); 262int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev); 263int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, 264 struct inode *new_dir, struct dentry *new_dentry, 265 unsigned int flags); 266int security_inode_readlink(struct dentry *dentry); 267int security_inode_follow_link(struct dentry *dentry, struct inode *inode, 268 bool rcu); 269int security_inode_permission(struct inode *inode, int mask); 270int security_inode_setattr(struct dentry *dentry, struct iattr *attr); 271int security_inode_getattr(const struct path *path); 272int security_inode_setxattr(struct dentry *dentry, const char *name, 273 const void *value, size_t size, int flags); 274void security_inode_post_setxattr(struct dentry *dentry, const char *name, 275 const void *value, size_t size, int flags); 276int security_inode_getxattr(struct dentry *dentry, const char *name); 277int security_inode_listxattr(struct dentry *dentry); 278int security_inode_removexattr(struct dentry *dentry, const char *name); 279int security_inode_need_killpriv(struct dentry *dentry); 280int security_inode_killpriv(struct dentry *dentry); 281int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc); 282int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); 283int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); 284void security_inode_getsecid(struct inode *inode, u32 *secid); 285int security_file_permission(struct file *file, int mask); 286int security_file_alloc(struct file *file); 287void security_file_free(struct file *file); 288int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 289int security_mmap_file(struct file *file, unsigned long prot, 290 unsigned long flags); 291int security_mmap_addr(unsigned long addr); 292int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, 293 unsigned long prot); 294int security_file_lock(struct file *file, unsigned int cmd); 295int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg); 296void security_file_set_fowner(struct file *file); 297int security_file_send_sigiotask(struct task_struct *tsk, 298 struct fown_struct *fown, int sig); 299int security_file_receive(struct file *file); 300int security_file_open(struct file *file, const struct cred *cred); 301int security_task_create(unsigned long clone_flags); 302void security_task_free(struct task_struct *task); 303int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); 304void security_cred_free(struct cred *cred); 305int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); 306void security_transfer_creds(struct cred *new, const struct cred *old); 307int security_kernel_act_as(struct cred *new, u32 secid); 308int security_kernel_create_files_as(struct cred *new, struct inode *inode); 309int security_kernel_module_request(char *kmod_name); 310int security_kernel_module_from_file(struct file *file); 311int security_kernel_read_file(struct file *file, enum kernel_read_file_id id); 312int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, 313 enum kernel_read_file_id id); 314int security_task_fix_setuid(struct cred *new, const struct cred *old, 315 int flags); 316int security_task_setpgid(struct task_struct *p, pid_t pgid); 317int security_task_getpgid(struct task_struct *p); 318int security_task_getsid(struct task_struct *p); 319void security_task_getsecid(struct task_struct *p, u32 *secid); 320int security_task_setnice(struct task_struct *p, int nice); 321int security_task_setioprio(struct task_struct *p, int ioprio); 322int security_task_getioprio(struct task_struct *p); 323int security_task_setrlimit(struct task_struct *p, unsigned int resource, 324 struct rlimit *new_rlim); 325int security_task_setscheduler(struct task_struct *p); 326int security_task_getscheduler(struct task_struct *p); 327int security_task_movememory(struct task_struct *p); 328int security_task_kill(struct task_struct *p, struct siginfo *info, 329 int sig, u32 secid); 330int security_task_wait(struct task_struct *p); 331int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, 332 unsigned long arg4, unsigned long arg5); 333void security_task_to_inode(struct task_struct *p, struct inode *inode); 334int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); 335void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); 336int security_msg_msg_alloc(struct msg_msg *msg); 337void security_msg_msg_free(struct msg_msg *msg); 338int security_msg_queue_alloc(struct msg_queue *msq); 339void security_msg_queue_free(struct msg_queue *msq); 340int security_msg_queue_associate(struct msg_queue *msq, int msqflg); 341int security_msg_queue_msgctl(struct msg_queue *msq, int cmd); 342int security_msg_queue_msgsnd(struct msg_queue *msq, 343 struct msg_msg *msg, int msqflg); 344int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, 345 struct task_struct *target, long type, int mode); 346int security_shm_alloc(struct shmid_kernel *shp); 347void security_shm_free(struct shmid_kernel *shp); 348int security_shm_associate(struct shmid_kernel *shp, int shmflg); 349int security_shm_shmctl(struct shmid_kernel *shp, int cmd); 350int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg); 351int security_sem_alloc(struct sem_array *sma); 352void security_sem_free(struct sem_array *sma); 353int security_sem_associate(struct sem_array *sma, int semflg); 354int security_sem_semctl(struct sem_array *sma, int cmd); 355int security_sem_semop(struct sem_array *sma, struct sembuf *sops, 356 unsigned nsops, int alter); 357void security_d_instantiate(struct dentry *dentry, struct inode *inode); 358int security_getprocattr(struct task_struct *p, char *name, char **value); 359int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size); 360int security_netlink_send(struct sock *sk, struct sk_buff *skb); 361int security_ismaclabel(const char *name); 362int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); 363int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); 364void security_release_secctx(char *secdata, u32 seclen); 365 366void security_inode_invalidate_secctx(struct inode *inode); 367int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); 368int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); 369int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); 370#else /* CONFIG_SECURITY */ 371struct security_mnt_opts { 372}; 373 374static inline void security_init_mnt_opts(struct security_mnt_opts *opts) 375{ 376} 377 378static inline void security_free_mnt_opts(struct security_mnt_opts *opts) 379{ 380} 381 382/* 383 * This is the default capabilities functionality. Most of these functions 384 * are just stubbed out, but a few must call the proper capable code. 385 */ 386 387static inline int security_init(void) 388{ 389 return 0; 390} 391 392static inline int security_binder_set_context_mgr(struct task_struct *mgr) 393{ 394 return 0; 395} 396 397static inline int security_binder_transaction(struct task_struct *from, 398 struct task_struct *to) 399{ 400 return 0; 401} 402 403static inline int security_binder_transfer_binder(struct task_struct *from, 404 struct task_struct *to) 405{ 406 return 0; 407} 408 409static inline int security_binder_transfer_file(struct task_struct *from, 410 struct task_struct *to, 411 struct file *file) 412{ 413 return 0; 414} 415 416static inline int security_ptrace_access_check(struct task_struct *child, 417 unsigned int mode) 418{ 419 return cap_ptrace_access_check(child, mode); 420} 421 422static inline int security_ptrace_traceme(struct task_struct *parent) 423{ 424 return cap_ptrace_traceme(parent); 425} 426 427static inline int security_capget(struct task_struct *target, 428 kernel_cap_t *effective, 429 kernel_cap_t *inheritable, 430 kernel_cap_t *permitted) 431{ 432 return cap_capget(target, effective, inheritable, permitted); 433} 434 435static inline int security_capset(struct cred *new, 436 const struct cred *old, 437 const kernel_cap_t *effective, 438 const kernel_cap_t *inheritable, 439 const kernel_cap_t *permitted) 440{ 441 return cap_capset(new, old, effective, inheritable, permitted); 442} 443 444static inline int security_capable(const struct cred *cred, 445 struct user_namespace *ns, int cap) 446{ 447 return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT); 448} 449 450static inline int security_capable_noaudit(const struct cred *cred, 451 struct user_namespace *ns, int cap) { 452 return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT); 453} 454 455static inline int security_quotactl(int cmds, int type, int id, 456 struct super_block *sb) 457{ 458 return 0; 459} 460 461static inline int security_quota_on(struct dentry *dentry) 462{ 463 return 0; 464} 465 466static inline int security_syslog(int type) 467{ 468 return 0; 469} 470 471static inline int security_settime64(const struct timespec64 *ts, 472 const struct timezone *tz) 473{ 474 return cap_settime(ts, tz); 475} 476 477static inline int security_settime(const struct timespec *ts, 478 const struct timezone *tz) 479{ 480 struct timespec64 ts64 = timespec_to_timespec64(*ts); 481 482 return cap_settime(&ts64, tz); 483} 484 485static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) 486{ 487 return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages)); 488} 489 490static inline int security_bprm_set_creds(struct linux_binprm *bprm) 491{ 492 return cap_bprm_set_creds(bprm); 493} 494 495static inline int security_bprm_check(struct linux_binprm *bprm) 496{ 497 return 0; 498} 499 500static inline void security_bprm_committing_creds(struct linux_binprm *bprm) 501{ 502} 503 504static inline void security_bprm_committed_creds(struct linux_binprm *bprm) 505{ 506} 507 508static inline int security_bprm_secureexec(struct linux_binprm *bprm) 509{ 510 return cap_bprm_secureexec(bprm); 511} 512 513static inline int security_sb_alloc(struct super_block *sb) 514{ 515 return 0; 516} 517 518static inline void security_sb_free(struct super_block *sb) 519{ } 520 521static inline int security_sb_copy_data(char *orig, char *copy) 522{ 523 return 0; 524} 525 526static inline int security_sb_remount(struct super_block *sb, void *data) 527{ 528 return 0; 529} 530 531static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data) 532{ 533 return 0; 534} 535 536static inline int security_sb_show_options(struct seq_file *m, 537 struct super_block *sb) 538{ 539 return 0; 540} 541 542static inline int security_sb_statfs(struct dentry *dentry) 543{ 544 return 0; 545} 546 547static inline int security_sb_mount(const char *dev_name, const struct path *path, 548 const char *type, unsigned long flags, 549 void *data) 550{ 551 return 0; 552} 553 554static inline int security_sb_umount(struct vfsmount *mnt, int flags) 555{ 556 return 0; 557} 558 559static inline int security_sb_pivotroot(const struct path *old_path, 560 const struct path *new_path) 561{ 562 return 0; 563} 564 565static inline int security_sb_set_mnt_opts(struct super_block *sb, 566 struct security_mnt_opts *opts, 567 unsigned long kern_flags, 568 unsigned long *set_kern_flags) 569{ 570 return 0; 571} 572 573static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb, 574 struct super_block *newsb) 575{ 576 return 0; 577} 578 579static inline int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts) 580{ 581 return 0; 582} 583 584static inline int security_inode_alloc(struct inode *inode) 585{ 586 return 0; 587} 588 589static inline void security_inode_free(struct inode *inode) 590{ } 591 592static inline int security_dentry_init_security(struct dentry *dentry, 593 int mode, 594 const struct qstr *name, 595 void **ctx, 596 u32 *ctxlen) 597{ 598 return -EOPNOTSUPP; 599} 600 601 602static inline int security_inode_init_security(struct inode *inode, 603 struct inode *dir, 604 const struct qstr *qstr, 605 const initxattrs xattrs, 606 void *fs_data) 607{ 608 return 0; 609} 610 611static inline int security_old_inode_init_security(struct inode *inode, 612 struct inode *dir, 613 const struct qstr *qstr, 614 const char **name, 615 void **value, size_t *len) 616{ 617 return -EOPNOTSUPP; 618} 619 620static inline int security_inode_create(struct inode *dir, 621 struct dentry *dentry, 622 umode_t mode) 623{ 624 return 0; 625} 626 627static inline int security_inode_link(struct dentry *old_dentry, 628 struct inode *dir, 629 struct dentry *new_dentry) 630{ 631 return 0; 632} 633 634static inline int security_inode_unlink(struct inode *dir, 635 struct dentry *dentry) 636{ 637 return 0; 638} 639 640static inline int security_inode_symlink(struct inode *dir, 641 struct dentry *dentry, 642 const char *old_name) 643{ 644 return 0; 645} 646 647static inline int security_inode_mkdir(struct inode *dir, 648 struct dentry *dentry, 649 int mode) 650{ 651 return 0; 652} 653 654static inline int security_inode_rmdir(struct inode *dir, 655 struct dentry *dentry) 656{ 657 return 0; 658} 659 660static inline int security_inode_mknod(struct inode *dir, 661 struct dentry *dentry, 662 int mode, dev_t dev) 663{ 664 return 0; 665} 666 667static inline int security_inode_rename(struct inode *old_dir, 668 struct dentry *old_dentry, 669 struct inode *new_dir, 670 struct dentry *new_dentry, 671 unsigned int flags) 672{ 673 return 0; 674} 675 676static inline int security_inode_readlink(struct dentry *dentry) 677{ 678 return 0; 679} 680 681static inline int security_inode_follow_link(struct dentry *dentry, 682 struct inode *inode, 683 bool rcu) 684{ 685 return 0; 686} 687 688static inline int security_inode_permission(struct inode *inode, int mask) 689{ 690 return 0; 691} 692 693static inline int security_inode_setattr(struct dentry *dentry, 694 struct iattr *attr) 695{ 696 return 0; 697} 698 699static inline int security_inode_getattr(const struct path *path) 700{ 701 return 0; 702} 703 704static inline int security_inode_setxattr(struct dentry *dentry, 705 const char *name, const void *value, size_t size, int flags) 706{ 707 return cap_inode_setxattr(dentry, name, value, size, flags); 708} 709 710static inline void security_inode_post_setxattr(struct dentry *dentry, 711 const char *name, const void *value, size_t size, int flags) 712{ } 713 714static inline int security_inode_getxattr(struct dentry *dentry, 715 const char *name) 716{ 717 return 0; 718} 719 720static inline int security_inode_listxattr(struct dentry *dentry) 721{ 722 return 0; 723} 724 725static inline int security_inode_removexattr(struct dentry *dentry, 726 const char *name) 727{ 728 return cap_inode_removexattr(dentry, name); 729} 730 731static inline int security_inode_need_killpriv(struct dentry *dentry) 732{ 733 return cap_inode_need_killpriv(dentry); 734} 735 736static inline int security_inode_killpriv(struct dentry *dentry) 737{ 738 return cap_inode_killpriv(dentry); 739} 740 741static inline int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc) 742{ 743 return -EOPNOTSUPP; 744} 745 746static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) 747{ 748 return -EOPNOTSUPP; 749} 750 751static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) 752{ 753 return 0; 754} 755 756static inline void security_inode_getsecid(struct inode *inode, u32 *secid) 757{ 758 *secid = 0; 759} 760 761static inline int security_file_permission(struct file *file, int mask) 762{ 763 return 0; 764} 765 766static inline int security_file_alloc(struct file *file) 767{ 768 return 0; 769} 770 771static inline void security_file_free(struct file *file) 772{ } 773 774static inline int security_file_ioctl(struct file *file, unsigned int cmd, 775 unsigned long arg) 776{ 777 return 0; 778} 779 780static inline int security_mmap_file(struct file *file, unsigned long prot, 781 unsigned long flags) 782{ 783 return 0; 784} 785 786static inline int security_mmap_addr(unsigned long addr) 787{ 788 return cap_mmap_addr(addr); 789} 790 791static inline int security_file_mprotect(struct vm_area_struct *vma, 792 unsigned long reqprot, 793 unsigned long prot) 794{ 795 return 0; 796} 797 798static inline int security_file_lock(struct file *file, unsigned int cmd) 799{ 800 return 0; 801} 802 803static inline int security_file_fcntl(struct file *file, unsigned int cmd, 804 unsigned long arg) 805{ 806 return 0; 807} 808 809static inline void security_file_set_fowner(struct file *file) 810{ 811 return; 812} 813 814static inline int security_file_send_sigiotask(struct task_struct *tsk, 815 struct fown_struct *fown, 816 int sig) 817{ 818 return 0; 819} 820 821static inline int security_file_receive(struct file *file) 822{ 823 return 0; 824} 825 826static inline int security_file_open(struct file *file, 827 const struct cred *cred) 828{ 829 return 0; 830} 831 832static inline int security_task_create(unsigned long clone_flags) 833{ 834 return 0; 835} 836 837static inline void security_task_free(struct task_struct *task) 838{ } 839 840static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) 841{ 842 return 0; 843} 844 845static inline void security_cred_free(struct cred *cred) 846{ } 847 848static inline int security_prepare_creds(struct cred *new, 849 const struct cred *old, 850 gfp_t gfp) 851{ 852 return 0; 853} 854 855static inline void security_transfer_creds(struct cred *new, 856 const struct cred *old) 857{ 858} 859 860static inline int security_kernel_act_as(struct cred *cred, u32 secid) 861{ 862 return 0; 863} 864 865static inline int security_kernel_create_files_as(struct cred *cred, 866 struct inode *inode) 867{ 868 return 0; 869} 870 871static inline int security_kernel_module_request(char *kmod_name) 872{ 873 return 0; 874} 875 876static inline int security_kernel_read_file(struct file *file, 877 enum kernel_read_file_id id) 878{ 879 return 0; 880} 881 882static inline int security_kernel_post_read_file(struct file *file, 883 char *buf, loff_t size, 884 enum kernel_read_file_id id) 885{ 886 return 0; 887} 888 889static inline int security_task_fix_setuid(struct cred *new, 890 const struct cred *old, 891 int flags) 892{ 893 return cap_task_fix_setuid(new, old, flags); 894} 895 896static inline int security_task_setpgid(struct task_struct *p, pid_t pgid) 897{ 898 return 0; 899} 900 901static inline int security_task_getpgid(struct task_struct *p) 902{ 903 return 0; 904} 905 906static inline int security_task_getsid(struct task_struct *p) 907{ 908 return 0; 909} 910 911static inline void security_task_getsecid(struct task_struct *p, u32 *secid) 912{ 913 *secid = 0; 914} 915 916static inline int security_task_setnice(struct task_struct *p, int nice) 917{ 918 return cap_task_setnice(p, nice); 919} 920 921static inline int security_task_setioprio(struct task_struct *p, int ioprio) 922{ 923 return cap_task_setioprio(p, ioprio); 924} 925 926static inline int security_task_getioprio(struct task_struct *p) 927{ 928 return 0; 929} 930 931static inline int security_task_setrlimit(struct task_struct *p, 932 unsigned int resource, 933 struct rlimit *new_rlim) 934{ 935 return 0; 936} 937 938static inline int security_task_setscheduler(struct task_struct *p) 939{ 940 return cap_task_setscheduler(p); 941} 942 943static inline int security_task_getscheduler(struct task_struct *p) 944{ 945 return 0; 946} 947 948static inline int security_task_movememory(struct task_struct *p) 949{ 950 return 0; 951} 952 953static inline int security_task_kill(struct task_struct *p, 954 struct siginfo *info, int sig, 955 u32 secid) 956{ 957 return 0; 958} 959 960static inline int security_task_wait(struct task_struct *p) 961{ 962 return 0; 963} 964 965static inline int security_task_prctl(int option, unsigned long arg2, 966 unsigned long arg3, 967 unsigned long arg4, 968 unsigned long arg5) 969{ 970 return cap_task_prctl(option, arg2, arg3, arg4, arg5); 971} 972 973static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) 974{ } 975 976static inline int security_ipc_permission(struct kern_ipc_perm *ipcp, 977 short flag) 978{ 979 return 0; 980} 981 982static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) 983{ 984 *secid = 0; 985} 986 987static inline int security_msg_msg_alloc(struct msg_msg *msg) 988{ 989 return 0; 990} 991 992static inline void security_msg_msg_free(struct msg_msg *msg) 993{ } 994 995static inline int security_msg_queue_alloc(struct msg_queue *msq) 996{ 997 return 0; 998} 999 1000static inline void security_msg_queue_free(struct msg_queue *msq) 1001{ } 1002 1003static inline int security_msg_queue_associate(struct msg_queue *msq, 1004 int msqflg) 1005{ 1006 return 0; 1007} 1008 1009static inline int security_msg_queue_msgctl(struct msg_queue *msq, int cmd) 1010{ 1011 return 0; 1012} 1013 1014static inline int security_msg_queue_msgsnd(struct msg_queue *msq, 1015 struct msg_msg *msg, int msqflg) 1016{ 1017 return 0; 1018} 1019 1020static inline int security_msg_queue_msgrcv(struct msg_queue *msq, 1021 struct msg_msg *msg, 1022 struct task_struct *target, 1023 long type, int mode) 1024{ 1025 return 0; 1026} 1027 1028static inline int security_shm_alloc(struct shmid_kernel *shp) 1029{ 1030 return 0; 1031} 1032 1033static inline void security_shm_free(struct shmid_kernel *shp) 1034{ } 1035 1036static inline int security_shm_associate(struct shmid_kernel *shp, 1037 int shmflg) 1038{ 1039 return 0; 1040} 1041 1042static inline int security_shm_shmctl(struct shmid_kernel *shp, int cmd) 1043{ 1044 return 0; 1045} 1046 1047static inline int security_shm_shmat(struct shmid_kernel *shp, 1048 char __user *shmaddr, int shmflg) 1049{ 1050 return 0; 1051} 1052 1053static inline int security_sem_alloc(struct sem_array *sma) 1054{ 1055 return 0; 1056} 1057 1058static inline void security_sem_free(struct sem_array *sma) 1059{ } 1060 1061static inline int security_sem_associate(struct sem_array *sma, int semflg) 1062{ 1063 return 0; 1064} 1065 1066static inline int security_sem_semctl(struct sem_array *sma, int cmd) 1067{ 1068 return 0; 1069} 1070 1071static inline int security_sem_semop(struct sem_array *sma, 1072 struct sembuf *sops, unsigned nsops, 1073 int alter) 1074{ 1075 return 0; 1076} 1077 1078static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode) 1079{ } 1080 1081static inline int security_getprocattr(struct task_struct *p, char *name, char **value) 1082{ 1083 return -EINVAL; 1084} 1085 1086static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size) 1087{ 1088 return -EINVAL; 1089} 1090 1091static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb) 1092{ 1093 return 0; 1094} 1095 1096static inline int security_ismaclabel(const char *name) 1097{ 1098 return 0; 1099} 1100 1101static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 1102{ 1103 return -EOPNOTSUPP; 1104} 1105 1106static inline int security_secctx_to_secid(const char *secdata, 1107 u32 seclen, 1108 u32 *secid) 1109{ 1110 return -EOPNOTSUPP; 1111} 1112 1113static inline void security_release_secctx(char *secdata, u32 seclen) 1114{ 1115} 1116 1117static inline void security_inode_invalidate_secctx(struct inode *inode) 1118{ 1119} 1120 1121static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 1122{ 1123 return -EOPNOTSUPP; 1124} 1125static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 1126{ 1127 return -EOPNOTSUPP; 1128} 1129static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 1130{ 1131 return -EOPNOTSUPP; 1132} 1133#endif /* CONFIG_SECURITY */ 1134 1135#ifdef CONFIG_SECURITY_NETWORK 1136 1137int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk); 1138int security_unix_may_send(struct socket *sock, struct socket *other); 1139int security_socket_create(int family, int type, int protocol, int kern); 1140int security_socket_post_create(struct socket *sock, int family, 1141 int type, int protocol, int kern); 1142int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen); 1143int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen); 1144int security_socket_listen(struct socket *sock, int backlog); 1145int security_socket_accept(struct socket *sock, struct socket *newsock); 1146int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size); 1147int security_socket_recvmsg(struct socket *sock, struct msghdr *msg, 1148 int size, int flags); 1149int security_socket_getsockname(struct socket *sock); 1150int security_socket_getpeername(struct socket *sock); 1151int security_socket_getsockopt(struct socket *sock, int level, int optname); 1152int security_socket_setsockopt(struct socket *sock, int level, int optname); 1153int security_socket_shutdown(struct socket *sock, int how); 1154int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb); 1155int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, 1156 int __user *optlen, unsigned len); 1157int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid); 1158int security_sk_alloc(struct sock *sk, int family, gfp_t priority); 1159void security_sk_free(struct sock *sk); 1160void security_sk_clone(const struct sock *sk, struct sock *newsk); 1161void security_sk_classify_flow(struct sock *sk, struct flowi *fl); 1162void security_req_classify_flow(const struct request_sock *req, struct flowi *fl); 1163void security_sock_graft(struct sock*sk, struct socket *parent); 1164int security_inet_conn_request(struct sock *sk, 1165 struct sk_buff *skb, struct request_sock *req); 1166void security_inet_csk_clone(struct sock *newsk, 1167 const struct request_sock *req); 1168void security_inet_conn_established(struct sock *sk, 1169 struct sk_buff *skb); 1170int security_secmark_relabel_packet(u32 secid); 1171void security_secmark_refcount_inc(void); 1172void security_secmark_refcount_dec(void); 1173int security_tun_dev_alloc_security(void **security); 1174void security_tun_dev_free_security(void *security); 1175int security_tun_dev_create(void); 1176int security_tun_dev_attach_queue(void *security); 1177int security_tun_dev_attach(struct sock *sk, void *security); 1178int security_tun_dev_open(void *security); 1179 1180#else /* CONFIG_SECURITY_NETWORK */ 1181static inline int security_unix_stream_connect(struct sock *sock, 1182 struct sock *other, 1183 struct sock *newsk) 1184{ 1185 return 0; 1186} 1187 1188static inline int security_unix_may_send(struct socket *sock, 1189 struct socket *other) 1190{ 1191 return 0; 1192} 1193 1194static inline int security_socket_create(int family, int type, 1195 int protocol, int kern) 1196{ 1197 return 0; 1198} 1199 1200static inline int security_socket_post_create(struct socket *sock, 1201 int family, 1202 int type, 1203 int protocol, int kern) 1204{ 1205 return 0; 1206} 1207 1208static inline int security_socket_bind(struct socket *sock, 1209 struct sockaddr *address, 1210 int addrlen) 1211{ 1212 return 0; 1213} 1214 1215static inline int security_socket_connect(struct socket *sock, 1216 struct sockaddr *address, 1217 int addrlen) 1218{ 1219 return 0; 1220} 1221 1222static inline int security_socket_listen(struct socket *sock, int backlog) 1223{ 1224 return 0; 1225} 1226 1227static inline int security_socket_accept(struct socket *sock, 1228 struct socket *newsock) 1229{ 1230 return 0; 1231} 1232 1233static inline int security_socket_sendmsg(struct socket *sock, 1234 struct msghdr *msg, int size) 1235{ 1236 return 0; 1237} 1238 1239static inline int security_socket_recvmsg(struct socket *sock, 1240 struct msghdr *msg, int size, 1241 int flags) 1242{ 1243 return 0; 1244} 1245 1246static inline int security_socket_getsockname(struct socket *sock) 1247{ 1248 return 0; 1249} 1250 1251static inline int security_socket_getpeername(struct socket *sock) 1252{ 1253 return 0; 1254} 1255 1256static inline int security_socket_getsockopt(struct socket *sock, 1257 int level, int optname) 1258{ 1259 return 0; 1260} 1261 1262static inline int security_socket_setsockopt(struct socket *sock, 1263 int level, int optname) 1264{ 1265 return 0; 1266} 1267 1268static inline int security_socket_shutdown(struct socket *sock, int how) 1269{ 1270 return 0; 1271} 1272static inline int security_sock_rcv_skb(struct sock *sk, 1273 struct sk_buff *skb) 1274{ 1275 return 0; 1276} 1277 1278static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, 1279 int __user *optlen, unsigned len) 1280{ 1281 return -ENOPROTOOPT; 1282} 1283 1284static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) 1285{ 1286 return -ENOPROTOOPT; 1287} 1288 1289static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority) 1290{ 1291 return 0; 1292} 1293 1294static inline void security_sk_free(struct sock *sk) 1295{ 1296} 1297 1298static inline void security_sk_clone(const struct sock *sk, struct sock *newsk) 1299{ 1300} 1301 1302static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl) 1303{ 1304} 1305 1306static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl) 1307{ 1308} 1309 1310static inline void security_sock_graft(struct sock *sk, struct socket *parent) 1311{ 1312} 1313 1314static inline int security_inet_conn_request(struct sock *sk, 1315 struct sk_buff *skb, struct request_sock *req) 1316{ 1317 return 0; 1318} 1319 1320static inline void security_inet_csk_clone(struct sock *newsk, 1321 const struct request_sock *req) 1322{ 1323} 1324 1325static inline void security_inet_conn_established(struct sock *sk, 1326 struct sk_buff *skb) 1327{ 1328} 1329 1330static inline int security_secmark_relabel_packet(u32 secid) 1331{ 1332 return 0; 1333} 1334 1335static inline void security_secmark_refcount_inc(void) 1336{ 1337} 1338 1339static inline void security_secmark_refcount_dec(void) 1340{ 1341} 1342 1343static inline int security_tun_dev_alloc_security(void **security) 1344{ 1345 return 0; 1346} 1347 1348static inline void security_tun_dev_free_security(void *security) 1349{ 1350} 1351 1352static inline int security_tun_dev_create(void) 1353{ 1354 return 0; 1355} 1356 1357static inline int security_tun_dev_attach_queue(void *security) 1358{ 1359 return 0; 1360} 1361 1362static inline int security_tun_dev_attach(struct sock *sk, void *security) 1363{ 1364 return 0; 1365} 1366 1367static inline int security_tun_dev_open(void *security) 1368{ 1369 return 0; 1370} 1371#endif /* CONFIG_SECURITY_NETWORK */ 1372 1373#ifdef CONFIG_SECURITY_NETWORK_XFRM 1374 1375int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, 1376 struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp); 1377int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp); 1378void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx); 1379int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx); 1380int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx); 1381int security_xfrm_state_alloc_acquire(struct xfrm_state *x, 1382 struct xfrm_sec_ctx *polsec, u32 secid); 1383int security_xfrm_state_delete(struct xfrm_state *x); 1384void security_xfrm_state_free(struct xfrm_state *x); 1385int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir); 1386int security_xfrm_state_pol_flow_match(struct xfrm_state *x, 1387 struct xfrm_policy *xp, 1388 const struct flowi *fl); 1389int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid); 1390void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl); 1391 1392#else /* CONFIG_SECURITY_NETWORK_XFRM */ 1393 1394static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, 1395 struct xfrm_user_sec_ctx *sec_ctx, 1396 gfp_t gfp) 1397{ 1398 return 0; 1399} 1400 1401static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp) 1402{ 1403 return 0; 1404} 1405 1406static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx) 1407{ 1408} 1409 1410static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) 1411{ 1412 return 0; 1413} 1414 1415static inline int security_xfrm_state_alloc(struct xfrm_state *x, 1416 struct xfrm_user_sec_ctx *sec_ctx) 1417{ 1418 return 0; 1419} 1420 1421static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x, 1422 struct xfrm_sec_ctx *polsec, u32 secid) 1423{ 1424 return 0; 1425} 1426 1427static inline void security_xfrm_state_free(struct xfrm_state *x) 1428{ 1429} 1430 1431static inline int security_xfrm_state_delete(struct xfrm_state *x) 1432{ 1433 return 0; 1434} 1435 1436static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) 1437{ 1438 return 0; 1439} 1440 1441static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x, 1442 struct xfrm_policy *xp, const struct flowi *fl) 1443{ 1444 return 1; 1445} 1446 1447static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) 1448{ 1449 return 0; 1450} 1451 1452static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl) 1453{ 1454} 1455 1456#endif /* CONFIG_SECURITY_NETWORK_XFRM */ 1457 1458#ifdef CONFIG_SECURITY_PATH 1459int security_path_unlink(const struct path *dir, struct dentry *dentry); 1460int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode); 1461int security_path_rmdir(const struct path *dir, struct dentry *dentry); 1462int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, 1463 unsigned int dev); 1464int security_path_truncate(const struct path *path); 1465int security_path_symlink(const struct path *dir, struct dentry *dentry, 1466 const char *old_name); 1467int security_path_link(struct dentry *old_dentry, const struct path *new_dir, 1468 struct dentry *new_dentry); 1469int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, 1470 const struct path *new_dir, struct dentry *new_dentry, 1471 unsigned int flags); 1472int security_path_chmod(const struct path *path, umode_t mode); 1473int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid); 1474int security_path_chroot(const struct path *path); 1475#else /* CONFIG_SECURITY_PATH */ 1476static inline int security_path_unlink(const struct path *dir, struct dentry *dentry) 1477{ 1478 return 0; 1479} 1480 1481static inline int security_path_mkdir(const struct path *dir, struct dentry *dentry, 1482 umode_t mode) 1483{ 1484 return 0; 1485} 1486 1487static inline int security_path_rmdir(const struct path *dir, struct dentry *dentry) 1488{ 1489 return 0; 1490} 1491 1492static inline int security_path_mknod(const struct path *dir, struct dentry *dentry, 1493 umode_t mode, unsigned int dev) 1494{ 1495 return 0; 1496} 1497 1498static inline int security_path_truncate(const struct path *path) 1499{ 1500 return 0; 1501} 1502 1503static inline int security_path_symlink(const struct path *dir, struct dentry *dentry, 1504 const char *old_name) 1505{ 1506 return 0; 1507} 1508 1509static inline int security_path_link(struct dentry *old_dentry, 1510 const struct path *new_dir, 1511 struct dentry *new_dentry) 1512{ 1513 return 0; 1514} 1515 1516static inline int security_path_rename(const struct path *old_dir, 1517 struct dentry *old_dentry, 1518 const struct path *new_dir, 1519 struct dentry *new_dentry, 1520 unsigned int flags) 1521{ 1522 return 0; 1523} 1524 1525static inline int security_path_chmod(const struct path *path, umode_t mode) 1526{ 1527 return 0; 1528} 1529 1530static inline int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) 1531{ 1532 return 0; 1533} 1534 1535static inline int security_path_chroot(const struct path *path) 1536{ 1537 return 0; 1538} 1539#endif /* CONFIG_SECURITY_PATH */ 1540 1541#ifdef CONFIG_KEYS 1542#ifdef CONFIG_SECURITY 1543 1544int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags); 1545void security_key_free(struct key *key); 1546int security_key_permission(key_ref_t key_ref, 1547 const struct cred *cred, unsigned perm); 1548int security_key_getsecurity(struct key *key, char **_buffer); 1549 1550#else 1551 1552static inline int security_key_alloc(struct key *key, 1553 const struct cred *cred, 1554 unsigned long flags) 1555{ 1556 return 0; 1557} 1558 1559static inline void security_key_free(struct key *key) 1560{ 1561} 1562 1563static inline int security_key_permission(key_ref_t key_ref, 1564 const struct cred *cred, 1565 unsigned perm) 1566{ 1567 return 0; 1568} 1569 1570static inline int security_key_getsecurity(struct key *key, char **_buffer) 1571{ 1572 *_buffer = NULL; 1573 return 0; 1574} 1575 1576#endif 1577#endif /* CONFIG_KEYS */ 1578 1579#ifdef CONFIG_AUDIT 1580#ifdef CONFIG_SECURITY 1581int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); 1582int security_audit_rule_known(struct audit_krule *krule); 1583int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, 1584 struct audit_context *actx); 1585void security_audit_rule_free(void *lsmrule); 1586 1587#else 1588 1589static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr, 1590 void **lsmrule) 1591{ 1592 return 0; 1593} 1594 1595static inline int security_audit_rule_known(struct audit_krule *krule) 1596{ 1597 return 0; 1598} 1599 1600static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, 1601 void *lsmrule, struct audit_context *actx) 1602{ 1603 return 0; 1604} 1605 1606static inline void security_audit_rule_free(void *lsmrule) 1607{ } 1608 1609#endif /* CONFIG_SECURITY */ 1610#endif /* CONFIG_AUDIT */ 1611 1612#ifdef CONFIG_SECURITYFS 1613 1614extern struct dentry *securityfs_create_file(const char *name, umode_t mode, 1615 struct dentry *parent, void *data, 1616 const struct file_operations *fops); 1617extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent); 1618extern void securityfs_remove(struct dentry *dentry); 1619 1620#else /* CONFIG_SECURITYFS */ 1621 1622static inline struct dentry *securityfs_create_dir(const char *name, 1623 struct dentry *parent) 1624{ 1625 return ERR_PTR(-ENODEV); 1626} 1627 1628static inline struct dentry *securityfs_create_file(const char *name, 1629 umode_t mode, 1630 struct dentry *parent, 1631 void *data, 1632 const struct file_operations *fops) 1633{ 1634 return ERR_PTR(-ENODEV); 1635} 1636 1637static inline void securityfs_remove(struct dentry *dentry) 1638{} 1639 1640#endif 1641 1642#ifdef CONFIG_SECURITY 1643 1644static inline char *alloc_secdata(void) 1645{ 1646 return (char *)get_zeroed_page(GFP_KERNEL); 1647} 1648 1649static inline void free_secdata(void *secdata) 1650{ 1651 free_page((unsigned long)secdata); 1652} 1653 1654#else 1655 1656static inline char *alloc_secdata(void) 1657{ 1658 return (char *)1; 1659} 1660 1661static inline void free_secdata(void *secdata) 1662{ } 1663#endif /* CONFIG_SECURITY */ 1664 1665#endif /* ! __LINUX_SECURITY_H */ 1666