tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / include / linux / security.h
at v5.14 56 kB view raw
1/* 2 * Linux Security plug 3 * 4 * Copyright (C) 2001 WireX Communications, Inc <chris@wirex.com> 5 * Copyright (C) 2001 Greg Kroah-Hartman <greg@kroah.com> 6 * Copyright (C) 2001 Networks Associates Technology, Inc <ssmalley@nai.com> 7 * Copyright (C) 2001 James Morris <jmorris@intercode.com.au> 8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group) 9 * Copyright (C) 2016 Mellanox Techonologies 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License as published by 13 * the Free Software Foundation; either version 2 of the License, or 14 * (at your option) any later version. 15 * 16 * Due to this file being licensed under the GPL there is controversy over 17 * whether this permits you to write a module that #includes this file 18 * without placing your module under the GPL. Please consult a lawyer for 19 * advice before doing this. 20 * 21 */ 22 23#ifndef __LINUX_SECURITY_H 24#define __LINUX_SECURITY_H 25 26#include <linux/kernel_read_file.h> 27#include <linux/key.h> 28#include <linux/capability.h> 29#include <linux/fs.h> 30#include <linux/slab.h> 31#include <linux/err.h> 32#include <linux/string.h> 33#include <linux/mm.h> 34 35struct linux_binprm; 36struct cred; 37struct rlimit; 38struct kernel_siginfo; 39struct sembuf; 40struct kern_ipc_perm; 41struct audit_context; 42struct super_block; 43struct inode; 44struct dentry; 45struct file; 46struct vfsmount; 47struct path; 48struct qstr; 49struct iattr; 50struct fown_struct; 51struct file_operations; 52struct msg_msg; 53struct xattr; 54struct kernfs_node; 55struct xfrm_sec_ctx; 56struct mm_struct; 57struct fs_context; 58struct fs_parameter; 59enum fs_value_type; 60struct watch; 61struct watch_notification; 62 63/* Default (no) options for the capable function */ 64#define CAP_OPT_NONE 0x0 65/* If capable should audit the security request */ 66#define CAP_OPT_NOAUDIT BIT(1) 67/* If capable is being called by a setid function */ 68#define CAP_OPT_INSETID BIT(2) 69 70/* LSM Agnostic defines for fs_context::lsm_flags */ 71#define SECURITY_LSM_NATIVE_LABELS 1 72 73struct ctl_table; 74struct audit_krule; 75struct user_namespace; 76struct timezone; 77 78enum lsm_event { 79 LSM_POLICY_CHANGE, 80}; 81 82/* 83 * These are reasons that can be passed to the security_locked_down() 84 * LSM hook. Lockdown reasons that protect kernel integrity (ie, the 85 * ability for userland to modify kernel code) are placed before 86 * LOCKDOWN_INTEGRITY_MAX. Lockdown reasons that protect kernel 87 * confidentiality (ie, the ability for userland to extract 88 * information from the running kernel that would otherwise be 89 * restricted) are placed before LOCKDOWN_CONFIDENTIALITY_MAX. 90 * 91 * LSM authors should note that the semantics of any given lockdown 92 * reason are not guaranteed to be stable - the same reason may block 93 * one set of features in one kernel release, and a slightly different 94 * set of features in a later kernel release. LSMs that seek to expose 95 * lockdown policy at any level of granularity other than "none", 96 * "integrity" or "confidentiality" are responsible for either 97 * ensuring that they expose a consistent level of functionality to 98 * userland, or ensuring that userland is aware that this is 99 * potentially a moving target. It is easy to misuse this information 100 * in a way that could break userspace. Please be careful not to do 101 * so. 102 * 103 * If you add to this, remember to extend lockdown_reasons in 104 * security/lockdown/lockdown.c. 105 */ 106enum lockdown_reason { 107 LOCKDOWN_NONE, 108 LOCKDOWN_MODULE_SIGNATURE, 109 LOCKDOWN_DEV_MEM, 110 LOCKDOWN_EFI_TEST, 111 LOCKDOWN_KEXEC, 112 LOCKDOWN_HIBERNATION, 113 LOCKDOWN_PCI_ACCESS, 114 LOCKDOWN_IOPORT, 115 LOCKDOWN_MSR, 116 LOCKDOWN_ACPI_TABLES, 117 LOCKDOWN_PCMCIA_CIS, 118 LOCKDOWN_TIOCSSERIAL, 119 LOCKDOWN_MODULE_PARAMETERS, 120 LOCKDOWN_MMIOTRACE, 121 LOCKDOWN_DEBUGFS, 122 LOCKDOWN_XMON_WR, 123 LOCKDOWN_BPF_WRITE_USER, 124 LOCKDOWN_INTEGRITY_MAX, 125 LOCKDOWN_KCORE, 126 LOCKDOWN_KPROBES, 127 LOCKDOWN_BPF_READ_KERNEL, 128 LOCKDOWN_PERF, 129 LOCKDOWN_TRACEFS, 130 LOCKDOWN_XMON_RW, 131 LOCKDOWN_XFRM_SECRET, 132 LOCKDOWN_CONFIDENTIALITY_MAX, 133}; 134 135extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1]; 136 137/* These functions are in security/commoncap.c */ 138extern int cap_capable(const struct cred *cred, struct user_namespace *ns, 139 int cap, unsigned int opts); 140extern int cap_settime(const struct timespec64 *ts, const struct timezone *tz); 141extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); 142extern int cap_ptrace_traceme(struct task_struct *parent); 143extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); 144extern int cap_capset(struct cred *new, const struct cred *old, 145 const kernel_cap_t *effective, 146 const kernel_cap_t *inheritable, 147 const kernel_cap_t *permitted); 148extern int cap_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file); 149int cap_inode_setxattr(struct dentry *dentry, const char *name, 150 const void *value, size_t size, int flags); 151int cap_inode_removexattr(struct user_namespace *mnt_userns, 152 struct dentry *dentry, const char *name); 153int cap_inode_need_killpriv(struct dentry *dentry); 154int cap_inode_killpriv(struct user_namespace *mnt_userns, 155 struct dentry *dentry); 156int cap_inode_getsecurity(struct user_namespace *mnt_userns, 157 struct inode *inode, const char *name, void **buffer, 158 bool alloc); 159extern int cap_mmap_addr(unsigned long addr); 160extern int cap_mmap_file(struct file *file, unsigned long reqprot, 161 unsigned long prot, unsigned long flags); 162extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags); 163extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, 164 unsigned long arg4, unsigned long arg5); 165extern int cap_task_setscheduler(struct task_struct *p); 166extern int cap_task_setioprio(struct task_struct *p, int ioprio); 167extern int cap_task_setnice(struct task_struct *p, int nice); 168extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); 169 170struct msghdr; 171struct sk_buff; 172struct sock; 173struct sockaddr; 174struct socket; 175struct flowi_common; 176struct dst_entry; 177struct xfrm_selector; 178struct xfrm_policy; 179struct xfrm_state; 180struct xfrm_user_sec_ctx; 181struct seq_file; 182struct sctp_endpoint; 183 184#ifdef CONFIG_MMU 185extern unsigned long mmap_min_addr; 186extern unsigned long dac_mmap_min_addr; 187#else 188#define mmap_min_addr 0UL 189#define dac_mmap_min_addr 0UL 190#endif 191 192/* 193 * Values used in the task_security_ops calls 194 */ 195/* setuid or setgid, id0 == uid or gid */ 196#define LSM_SETID_ID 1 197 198/* setreuid or setregid, id0 == real, id1 == eff */ 199#define LSM_SETID_RE 2 200 201/* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */ 202#define LSM_SETID_RES 4 203 204/* setfsuid or setfsgid, id0 == fsuid or fsgid */ 205#define LSM_SETID_FS 8 206 207/* Flags for security_task_prlimit(). */ 208#define LSM_PRLIMIT_READ 1 209#define LSM_PRLIMIT_WRITE 2 210 211/* forward declares to avoid warnings */ 212struct sched_param; 213struct request_sock; 214 215/* bprm->unsafe reasons */ 216#define LSM_UNSAFE_SHARE 1 217#define LSM_UNSAFE_PTRACE 2 218#define LSM_UNSAFE_NO_NEW_PRIVS 4 219 220#ifdef CONFIG_MMU 221extern int mmap_min_addr_handler(struct ctl_table *table, int write, 222 void *buffer, size_t *lenp, loff_t *ppos); 223#endif 224 225/* security_inode_init_security callback function to write xattrs */ 226typedef int (*initxattrs) (struct inode *inode, 227 const struct xattr *xattr_array, void *fs_data); 228 229 230/* Keep the kernel_load_data_id enum in sync with kernel_read_file_id */ 231#define __data_id_enumify(ENUM, dummy) LOADING_ ## ENUM, 232#define __data_id_stringify(dummy, str) #str, 233 234enum kernel_load_data_id { 235 __kernel_read_file_id(__data_id_enumify) 236}; 237 238static const char * const kernel_load_data_str[] = { 239 __kernel_read_file_id(__data_id_stringify) 240}; 241 242static inline const char *kernel_load_data_id_str(enum kernel_load_data_id id) 243{ 244 if ((unsigned)id >= LOADING_MAX_ID) 245 return kernel_load_data_str[LOADING_UNKNOWN]; 246 247 return kernel_load_data_str[id]; 248} 249 250#ifdef CONFIG_SECURITY 251 252int call_blocking_lsm_notifier(enum lsm_event event, void *data); 253int register_blocking_lsm_notifier(struct notifier_block *nb); 254int unregister_blocking_lsm_notifier(struct notifier_block *nb); 255 256/* prototypes */ 257extern int security_init(void); 258extern int early_security_init(void); 259 260/* Security operations */ 261int security_binder_set_context_mgr(struct task_struct *mgr); 262int security_binder_transaction(struct task_struct *from, 263 struct task_struct *to); 264int security_binder_transfer_binder(struct task_struct *from, 265 struct task_struct *to); 266int security_binder_transfer_file(struct task_struct *from, 267 struct task_struct *to, struct file *file); 268int security_ptrace_access_check(struct task_struct *child, unsigned int mode); 269int security_ptrace_traceme(struct task_struct *parent); 270int security_capget(struct task_struct *target, 271 kernel_cap_t *effective, 272 kernel_cap_t *inheritable, 273 kernel_cap_t *permitted); 274int security_capset(struct cred *new, const struct cred *old, 275 const kernel_cap_t *effective, 276 const kernel_cap_t *inheritable, 277 const kernel_cap_t *permitted); 278int security_capable(const struct cred *cred, 279 struct user_namespace *ns, 280 int cap, 281 unsigned int opts); 282int security_quotactl(int cmds, int type, int id, struct super_block *sb); 283int security_quota_on(struct dentry *dentry); 284int security_syslog(int type); 285int security_settime64(const struct timespec64 *ts, const struct timezone *tz); 286int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); 287int security_bprm_creds_for_exec(struct linux_binprm *bprm); 288int security_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file); 289int security_bprm_check(struct linux_binprm *bprm); 290void security_bprm_committing_creds(struct linux_binprm *bprm); 291void security_bprm_committed_creds(struct linux_binprm *bprm); 292int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc); 293int security_fs_context_parse_param(struct fs_context *fc, struct fs_parameter *param); 294int security_sb_alloc(struct super_block *sb); 295void security_sb_delete(struct super_block *sb); 296void security_sb_free(struct super_block *sb); 297void security_free_mnt_opts(void **mnt_opts); 298int security_sb_eat_lsm_opts(char *options, void **mnt_opts); 299int security_sb_mnt_opts_compat(struct super_block *sb, void *mnt_opts); 300int security_sb_remount(struct super_block *sb, void *mnt_opts); 301int security_sb_kern_mount(struct super_block *sb); 302int security_sb_show_options(struct seq_file *m, struct super_block *sb); 303int security_sb_statfs(struct dentry *dentry); 304int security_sb_mount(const char *dev_name, const struct path *path, 305 const char *type, unsigned long flags, void *data); 306int security_sb_umount(struct vfsmount *mnt, int flags); 307int security_sb_pivotroot(const struct path *old_path, const struct path *new_path); 308int security_sb_set_mnt_opts(struct super_block *sb, 309 void *mnt_opts, 310 unsigned long kern_flags, 311 unsigned long *set_kern_flags); 312int security_sb_clone_mnt_opts(const struct super_block *oldsb, 313 struct super_block *newsb, 314 unsigned long kern_flags, 315 unsigned long *set_kern_flags); 316int security_add_mnt_opt(const char *option, const char *val, 317 int len, void **mnt_opts); 318int security_move_mount(const struct path *from_path, const struct path *to_path); 319int security_dentry_init_security(struct dentry *dentry, int mode, 320 const struct qstr *name, void **ctx, 321 u32 *ctxlen); 322int security_dentry_create_files_as(struct dentry *dentry, int mode, 323 struct qstr *name, 324 const struct cred *old, 325 struct cred *new); 326int security_path_notify(const struct path *path, u64 mask, 327 unsigned int obj_type); 328int security_inode_alloc(struct inode *inode); 329void security_inode_free(struct inode *inode); 330int security_inode_init_security(struct inode *inode, struct inode *dir, 331 const struct qstr *qstr, 332 initxattrs initxattrs, void *fs_data); 333int security_inode_init_security_anon(struct inode *inode, 334 const struct qstr *name, 335 const struct inode *context_inode); 336int security_old_inode_init_security(struct inode *inode, struct inode *dir, 337 const struct qstr *qstr, const char **name, 338 void **value, size_t *len); 339int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode); 340int security_inode_link(struct dentry *old_dentry, struct inode *dir, 341 struct dentry *new_dentry); 342int security_inode_unlink(struct inode *dir, struct dentry *dentry); 343int security_inode_symlink(struct inode *dir, struct dentry *dentry, 344 const char *old_name); 345int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode); 346int security_inode_rmdir(struct inode *dir, struct dentry *dentry); 347int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev); 348int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, 349 struct inode *new_dir, struct dentry *new_dentry, 350 unsigned int flags); 351int security_inode_readlink(struct dentry *dentry); 352int security_inode_follow_link(struct dentry *dentry, struct inode *inode, 353 bool rcu); 354int security_inode_permission(struct inode *inode, int mask); 355int security_inode_setattr(struct dentry *dentry, struct iattr *attr); 356int security_inode_getattr(const struct path *path); 357int security_inode_setxattr(struct user_namespace *mnt_userns, 358 struct dentry *dentry, const char *name, 359 const void *value, size_t size, int flags); 360void security_inode_post_setxattr(struct dentry *dentry, const char *name, 361 const void *value, size_t size, int flags); 362int security_inode_getxattr(struct dentry *dentry, const char *name); 363int security_inode_listxattr(struct dentry *dentry); 364int security_inode_removexattr(struct user_namespace *mnt_userns, 365 struct dentry *dentry, const char *name); 366int security_inode_need_killpriv(struct dentry *dentry); 367int security_inode_killpriv(struct user_namespace *mnt_userns, 368 struct dentry *dentry); 369int security_inode_getsecurity(struct user_namespace *mnt_userns, 370 struct inode *inode, const char *name, 371 void **buffer, bool alloc); 372int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); 373int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); 374void security_inode_getsecid(struct inode *inode, u32 *secid); 375int security_inode_copy_up(struct dentry *src, struct cred **new); 376int security_inode_copy_up_xattr(const char *name); 377int security_kernfs_init_security(struct kernfs_node *kn_dir, 378 struct kernfs_node *kn); 379int security_file_permission(struct file *file, int mask); 380int security_file_alloc(struct file *file); 381void security_file_free(struct file *file); 382int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 383int security_mmap_file(struct file *file, unsigned long prot, 384 unsigned long flags); 385int security_mmap_addr(unsigned long addr); 386int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, 387 unsigned long prot); 388int security_file_lock(struct file *file, unsigned int cmd); 389int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg); 390void security_file_set_fowner(struct file *file); 391int security_file_send_sigiotask(struct task_struct *tsk, 392 struct fown_struct *fown, int sig); 393int security_file_receive(struct file *file); 394int security_file_open(struct file *file); 395int security_task_alloc(struct task_struct *task, unsigned long clone_flags); 396void security_task_free(struct task_struct *task); 397int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); 398void security_cred_free(struct cred *cred); 399int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); 400void security_transfer_creds(struct cred *new, const struct cred *old); 401void security_cred_getsecid(const struct cred *c, u32 *secid); 402int security_kernel_act_as(struct cred *new, u32 secid); 403int security_kernel_create_files_as(struct cred *new, struct inode *inode); 404int security_kernel_module_request(char *kmod_name); 405int security_kernel_load_data(enum kernel_load_data_id id, bool contents); 406int security_kernel_post_load_data(char *buf, loff_t size, 407 enum kernel_load_data_id id, 408 char *description); 409int security_kernel_read_file(struct file *file, enum kernel_read_file_id id, 410 bool contents); 411int security_kernel_post_read_file(struct file *file, char *buf, loff_t size, 412 enum kernel_read_file_id id); 413int security_task_fix_setuid(struct cred *new, const struct cred *old, 414 int flags); 415int security_task_fix_setgid(struct cred *new, const struct cred *old, 416 int flags); 417int security_task_setpgid(struct task_struct *p, pid_t pgid); 418int security_task_getpgid(struct task_struct *p); 419int security_task_getsid(struct task_struct *p); 420void security_task_getsecid_subj(struct task_struct *p, u32 *secid); 421void security_task_getsecid_obj(struct task_struct *p, u32 *secid); 422int security_task_setnice(struct task_struct *p, int nice); 423int security_task_setioprio(struct task_struct *p, int ioprio); 424int security_task_getioprio(struct task_struct *p); 425int security_task_prlimit(const struct cred *cred, const struct cred *tcred, 426 unsigned int flags); 427int security_task_setrlimit(struct task_struct *p, unsigned int resource, 428 struct rlimit *new_rlim); 429int security_task_setscheduler(struct task_struct *p); 430int security_task_getscheduler(struct task_struct *p); 431int security_task_movememory(struct task_struct *p); 432int security_task_kill(struct task_struct *p, struct kernel_siginfo *info, 433 int sig, const struct cred *cred); 434int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, 435 unsigned long arg4, unsigned long arg5); 436void security_task_to_inode(struct task_struct *p, struct inode *inode); 437int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); 438void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); 439int security_msg_msg_alloc(struct msg_msg *msg); 440void security_msg_msg_free(struct msg_msg *msg); 441int security_msg_queue_alloc(struct kern_ipc_perm *msq); 442void security_msg_queue_free(struct kern_ipc_perm *msq); 443int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg); 444int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd); 445int security_msg_queue_msgsnd(struct kern_ipc_perm *msq, 446 struct msg_msg *msg, int msqflg); 447int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg, 448 struct task_struct *target, long type, int mode); 449int security_shm_alloc(struct kern_ipc_perm *shp); 450void security_shm_free(struct kern_ipc_perm *shp); 451int security_shm_associate(struct kern_ipc_perm *shp, int shmflg); 452int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd); 453int security_shm_shmat(struct kern_ipc_perm *shp, char __user *shmaddr, int shmflg); 454int security_sem_alloc(struct kern_ipc_perm *sma); 455void security_sem_free(struct kern_ipc_perm *sma); 456int security_sem_associate(struct kern_ipc_perm *sma, int semflg); 457int security_sem_semctl(struct kern_ipc_perm *sma, int cmd); 458int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops, 459 unsigned nsops, int alter); 460void security_d_instantiate(struct dentry *dentry, struct inode *inode); 461int security_getprocattr(struct task_struct *p, const char *lsm, char *name, 462 char **value); 463int security_setprocattr(const char *lsm, const char *name, void *value, 464 size_t size); 465int security_netlink_send(struct sock *sk, struct sk_buff *skb); 466int security_ismaclabel(const char *name); 467int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); 468int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); 469void security_release_secctx(char *secdata, u32 seclen); 470void security_inode_invalidate_secctx(struct inode *inode); 471int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); 472int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); 473int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); 474int security_locked_down(enum lockdown_reason what); 475#else /* CONFIG_SECURITY */ 476 477static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) 478{ 479 return 0; 480} 481 482static inline int register_blocking_lsm_notifier(struct notifier_block *nb) 483{ 484 return 0; 485} 486 487static inline int unregister_blocking_lsm_notifier(struct notifier_block *nb) 488{ 489 return 0; 490} 491 492static inline void security_free_mnt_opts(void **mnt_opts) 493{ 494} 495 496/* 497 * This is the default capabilities functionality. Most of these functions 498 * are just stubbed out, but a few must call the proper capable code. 499 */ 500 501static inline int security_init(void) 502{ 503 return 0; 504} 505 506static inline int early_security_init(void) 507{ 508 return 0; 509} 510 511static inline int security_binder_set_context_mgr(struct task_struct *mgr) 512{ 513 return 0; 514} 515 516static inline int security_binder_transaction(struct task_struct *from, 517 struct task_struct *to) 518{ 519 return 0; 520} 521 522static inline int security_binder_transfer_binder(struct task_struct *from, 523 struct task_struct *to) 524{ 525 return 0; 526} 527 528static inline int security_binder_transfer_file(struct task_struct *from, 529 struct task_struct *to, 530 struct file *file) 531{ 532 return 0; 533} 534 535static inline int security_ptrace_access_check(struct task_struct *child, 536 unsigned int mode) 537{ 538 return cap_ptrace_access_check(child, mode); 539} 540 541static inline int security_ptrace_traceme(struct task_struct *parent) 542{ 543 return cap_ptrace_traceme(parent); 544} 545 546static inline int security_capget(struct task_struct *target, 547 kernel_cap_t *effective, 548 kernel_cap_t *inheritable, 549 kernel_cap_t *permitted) 550{ 551 return cap_capget(target, effective, inheritable, permitted); 552} 553 554static inline int security_capset(struct cred *new, 555 const struct cred *old, 556 const kernel_cap_t *effective, 557 const kernel_cap_t *inheritable, 558 const kernel_cap_t *permitted) 559{ 560 return cap_capset(new, old, effective, inheritable, permitted); 561} 562 563static inline int security_capable(const struct cred *cred, 564 struct user_namespace *ns, 565 int cap, 566 unsigned int opts) 567{ 568 return cap_capable(cred, ns, cap, opts); 569} 570 571static inline int security_quotactl(int cmds, int type, int id, 572 struct super_block *sb) 573{ 574 return 0; 575} 576 577static inline int security_quota_on(struct dentry *dentry) 578{ 579 return 0; 580} 581 582static inline int security_syslog(int type) 583{ 584 return 0; 585} 586 587static inline int security_settime64(const struct timespec64 *ts, 588 const struct timezone *tz) 589{ 590 return cap_settime(ts, tz); 591} 592 593static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) 594{ 595 return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages)); 596} 597 598static inline int security_bprm_creds_for_exec(struct linux_binprm *bprm) 599{ 600 return 0; 601} 602 603static inline int security_bprm_creds_from_file(struct linux_binprm *bprm, 604 struct file *file) 605{ 606 return cap_bprm_creds_from_file(bprm, file); 607} 608 609static inline int security_bprm_check(struct linux_binprm *bprm) 610{ 611 return 0; 612} 613 614static inline void security_bprm_committing_creds(struct linux_binprm *bprm) 615{ 616} 617 618static inline void security_bprm_committed_creds(struct linux_binprm *bprm) 619{ 620} 621 622static inline int security_fs_context_dup(struct fs_context *fc, 623 struct fs_context *src_fc) 624{ 625 return 0; 626} 627static inline int security_fs_context_parse_param(struct fs_context *fc, 628 struct fs_parameter *param) 629{ 630 return -ENOPARAM; 631} 632 633static inline int security_sb_alloc(struct super_block *sb) 634{ 635 return 0; 636} 637 638static inline void security_sb_delete(struct super_block *sb) 639{ } 640 641static inline void security_sb_free(struct super_block *sb) 642{ } 643 644static inline int security_sb_eat_lsm_opts(char *options, 645 void **mnt_opts) 646{ 647 return 0; 648} 649 650static inline int security_sb_remount(struct super_block *sb, 651 void *mnt_opts) 652{ 653 return 0; 654} 655 656static inline int security_sb_mnt_opts_compat(struct super_block *sb, 657 void *mnt_opts) 658{ 659 return 0; 660} 661 662 663static inline int security_sb_kern_mount(struct super_block *sb) 664{ 665 return 0; 666} 667 668static inline int security_sb_show_options(struct seq_file *m, 669 struct super_block *sb) 670{ 671 return 0; 672} 673 674static inline int security_sb_statfs(struct dentry *dentry) 675{ 676 return 0; 677} 678 679static inline int security_sb_mount(const char *dev_name, const struct path *path, 680 const char *type, unsigned long flags, 681 void *data) 682{ 683 return 0; 684} 685 686static inline int security_sb_umount(struct vfsmount *mnt, int flags) 687{ 688 return 0; 689} 690 691static inline int security_sb_pivotroot(const struct path *old_path, 692 const struct path *new_path) 693{ 694 return 0; 695} 696 697static inline int security_sb_set_mnt_opts(struct super_block *sb, 698 void *mnt_opts, 699 unsigned long kern_flags, 700 unsigned long *set_kern_flags) 701{ 702 return 0; 703} 704 705static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb, 706 struct super_block *newsb, 707 unsigned long kern_flags, 708 unsigned long *set_kern_flags) 709{ 710 return 0; 711} 712 713static inline int security_add_mnt_opt(const char *option, const char *val, 714 int len, void **mnt_opts) 715{ 716 return 0; 717} 718 719static inline int security_move_mount(const struct path *from_path, 720 const struct path *to_path) 721{ 722 return 0; 723} 724 725static inline int security_path_notify(const struct path *path, u64 mask, 726 unsigned int obj_type) 727{ 728 return 0; 729} 730 731static inline int security_inode_alloc(struct inode *inode) 732{ 733 return 0; 734} 735 736static inline void security_inode_free(struct inode *inode) 737{ } 738 739static inline int security_dentry_init_security(struct dentry *dentry, 740 int mode, 741 const struct qstr *name, 742 void **ctx, 743 u32 *ctxlen) 744{ 745 return -EOPNOTSUPP; 746} 747 748static inline int security_dentry_create_files_as(struct dentry *dentry, 749 int mode, struct qstr *name, 750 const struct cred *old, 751 struct cred *new) 752{ 753 return 0; 754} 755 756 757static inline int security_inode_init_security(struct inode *inode, 758 struct inode *dir, 759 const struct qstr *qstr, 760 const initxattrs xattrs, 761 void *fs_data) 762{ 763 return 0; 764} 765 766static inline int security_inode_init_security_anon(struct inode *inode, 767 const struct qstr *name, 768 const struct inode *context_inode) 769{ 770 return 0; 771} 772 773static inline int security_old_inode_init_security(struct inode *inode, 774 struct inode *dir, 775 const struct qstr *qstr, 776 const char **name, 777 void **value, size_t *len) 778{ 779 return -EOPNOTSUPP; 780} 781 782static inline int security_inode_create(struct inode *dir, 783 struct dentry *dentry, 784 umode_t mode) 785{ 786 return 0; 787} 788 789static inline int security_inode_link(struct dentry *old_dentry, 790 struct inode *dir, 791 struct dentry *new_dentry) 792{ 793 return 0; 794} 795 796static inline int security_inode_unlink(struct inode *dir, 797 struct dentry *dentry) 798{ 799 return 0; 800} 801 802static inline int security_inode_symlink(struct inode *dir, 803 struct dentry *dentry, 804 const char *old_name) 805{ 806 return 0; 807} 808 809static inline int security_inode_mkdir(struct inode *dir, 810 struct dentry *dentry, 811 int mode) 812{ 813 return 0; 814} 815 816static inline int security_inode_rmdir(struct inode *dir, 817 struct dentry *dentry) 818{ 819 return 0; 820} 821 822static inline int security_inode_mknod(struct inode *dir, 823 struct dentry *dentry, 824 int mode, dev_t dev) 825{ 826 return 0; 827} 828 829static inline int security_inode_rename(struct inode *old_dir, 830 struct dentry *old_dentry, 831 struct inode *new_dir, 832 struct dentry *new_dentry, 833 unsigned int flags) 834{ 835 return 0; 836} 837 838static inline int security_inode_readlink(struct dentry *dentry) 839{ 840 return 0; 841} 842 843static inline int security_inode_follow_link(struct dentry *dentry, 844 struct inode *inode, 845 bool rcu) 846{ 847 return 0; 848} 849 850static inline int security_inode_permission(struct inode *inode, int mask) 851{ 852 return 0; 853} 854 855static inline int security_inode_setattr(struct dentry *dentry, 856 struct iattr *attr) 857{ 858 return 0; 859} 860 861static inline int security_inode_getattr(const struct path *path) 862{ 863 return 0; 864} 865 866static inline int security_inode_setxattr(struct user_namespace *mnt_userns, 867 struct dentry *dentry, const char *name, const void *value, 868 size_t size, int flags) 869{ 870 return cap_inode_setxattr(dentry, name, value, size, flags); 871} 872 873static inline void security_inode_post_setxattr(struct dentry *dentry, 874 const char *name, const void *value, size_t size, int flags) 875{ } 876 877static inline int security_inode_getxattr(struct dentry *dentry, 878 const char *name) 879{ 880 return 0; 881} 882 883static inline int security_inode_listxattr(struct dentry *dentry) 884{ 885 return 0; 886} 887 888static inline int security_inode_removexattr(struct user_namespace *mnt_userns, 889 struct dentry *dentry, 890 const char *name) 891{ 892 return cap_inode_removexattr(mnt_userns, dentry, name); 893} 894 895static inline int security_inode_need_killpriv(struct dentry *dentry) 896{ 897 return cap_inode_need_killpriv(dentry); 898} 899 900static inline int security_inode_killpriv(struct user_namespace *mnt_userns, 901 struct dentry *dentry) 902{ 903 return cap_inode_killpriv(mnt_userns, dentry); 904} 905 906static inline int security_inode_getsecurity(struct user_namespace *mnt_userns, 907 struct inode *inode, 908 const char *name, void **buffer, 909 bool alloc) 910{ 911 return cap_inode_getsecurity(mnt_userns, inode, name, buffer, alloc); 912} 913 914static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) 915{ 916 return -EOPNOTSUPP; 917} 918 919static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) 920{ 921 return 0; 922} 923 924static inline void security_inode_getsecid(struct inode *inode, u32 *secid) 925{ 926 *secid = 0; 927} 928 929static inline int security_inode_copy_up(struct dentry *src, struct cred **new) 930{ 931 return 0; 932} 933 934static inline int security_kernfs_init_security(struct kernfs_node *kn_dir, 935 struct kernfs_node *kn) 936{ 937 return 0; 938} 939 940static inline int security_inode_copy_up_xattr(const char *name) 941{ 942 return -EOPNOTSUPP; 943} 944 945static inline int security_file_permission(struct file *file, int mask) 946{ 947 return 0; 948} 949 950static inline int security_file_alloc(struct file *file) 951{ 952 return 0; 953} 954 955static inline void security_file_free(struct file *file) 956{ } 957 958static inline int security_file_ioctl(struct file *file, unsigned int cmd, 959 unsigned long arg) 960{ 961 return 0; 962} 963 964static inline int security_mmap_file(struct file *file, unsigned long prot, 965 unsigned long flags) 966{ 967 return 0; 968} 969 970static inline int security_mmap_addr(unsigned long addr) 971{ 972 return cap_mmap_addr(addr); 973} 974 975static inline int security_file_mprotect(struct vm_area_struct *vma, 976 unsigned long reqprot, 977 unsigned long prot) 978{ 979 return 0; 980} 981 982static inline int security_file_lock(struct file *file, unsigned int cmd) 983{ 984 return 0; 985} 986 987static inline int security_file_fcntl(struct file *file, unsigned int cmd, 988 unsigned long arg) 989{ 990 return 0; 991} 992 993static inline void security_file_set_fowner(struct file *file) 994{ 995 return; 996} 997 998static inline int security_file_send_sigiotask(struct task_struct *tsk, 999 struct fown_struct *fown, 1000 int sig) 1001{ 1002 return 0; 1003} 1004 1005static inline int security_file_receive(struct file *file) 1006{ 1007 return 0; 1008} 1009 1010static inline int security_file_open(struct file *file) 1011{ 1012 return 0; 1013} 1014 1015static inline int security_task_alloc(struct task_struct *task, 1016 unsigned long clone_flags) 1017{ 1018 return 0; 1019} 1020 1021static inline void security_task_free(struct task_struct *task) 1022{ } 1023 1024static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) 1025{ 1026 return 0; 1027} 1028 1029static inline void security_cred_free(struct cred *cred) 1030{ } 1031 1032static inline int security_prepare_creds(struct cred *new, 1033 const struct cred *old, 1034 gfp_t gfp) 1035{ 1036 return 0; 1037} 1038 1039static inline void security_transfer_creds(struct cred *new, 1040 const struct cred *old) 1041{ 1042} 1043 1044static inline int security_kernel_act_as(struct cred *cred, u32 secid) 1045{ 1046 return 0; 1047} 1048 1049static inline int security_kernel_create_files_as(struct cred *cred, 1050 struct inode *inode) 1051{ 1052 return 0; 1053} 1054 1055static inline int security_kernel_module_request(char *kmod_name) 1056{ 1057 return 0; 1058} 1059 1060static inline int security_kernel_load_data(enum kernel_load_data_id id, bool contents) 1061{ 1062 return 0; 1063} 1064 1065static inline int security_kernel_post_load_data(char *buf, loff_t size, 1066 enum kernel_load_data_id id, 1067 char *description) 1068{ 1069 return 0; 1070} 1071 1072static inline int security_kernel_read_file(struct file *file, 1073 enum kernel_read_file_id id, 1074 bool contents) 1075{ 1076 return 0; 1077} 1078 1079static inline int security_kernel_post_read_file(struct file *file, 1080 char *buf, loff_t size, 1081 enum kernel_read_file_id id) 1082{ 1083 return 0; 1084} 1085 1086static inline int security_task_fix_setuid(struct cred *new, 1087 const struct cred *old, 1088 int flags) 1089{ 1090 return cap_task_fix_setuid(new, old, flags); 1091} 1092 1093static inline int security_task_fix_setgid(struct cred *new, 1094 const struct cred *old, 1095 int flags) 1096{ 1097 return 0; 1098} 1099 1100static inline int security_task_setpgid(struct task_struct *p, pid_t pgid) 1101{ 1102 return 0; 1103} 1104 1105static inline int security_task_getpgid(struct task_struct *p) 1106{ 1107 return 0; 1108} 1109 1110static inline int security_task_getsid(struct task_struct *p) 1111{ 1112 return 0; 1113} 1114 1115static inline void security_task_getsecid_subj(struct task_struct *p, u32 *secid) 1116{ 1117 *secid = 0; 1118} 1119 1120static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid) 1121{ 1122 *secid = 0; 1123} 1124 1125static inline int security_task_setnice(struct task_struct *p, int nice) 1126{ 1127 return cap_task_setnice(p, nice); 1128} 1129 1130static inline int security_task_setioprio(struct task_struct *p, int ioprio) 1131{ 1132 return cap_task_setioprio(p, ioprio); 1133} 1134 1135static inline int security_task_getioprio(struct task_struct *p) 1136{ 1137 return 0; 1138} 1139 1140static inline int security_task_prlimit(const struct cred *cred, 1141 const struct cred *tcred, 1142 unsigned int flags) 1143{ 1144 return 0; 1145} 1146 1147static inline int security_task_setrlimit(struct task_struct *p, 1148 unsigned int resource, 1149 struct rlimit *new_rlim) 1150{ 1151 return 0; 1152} 1153 1154static inline int security_task_setscheduler(struct task_struct *p) 1155{ 1156 return cap_task_setscheduler(p); 1157} 1158 1159static inline int security_task_getscheduler(struct task_struct *p) 1160{ 1161 return 0; 1162} 1163 1164static inline int security_task_movememory(struct task_struct *p) 1165{ 1166 return 0; 1167} 1168 1169static inline int security_task_kill(struct task_struct *p, 1170 struct kernel_siginfo *info, int sig, 1171 const struct cred *cred) 1172{ 1173 return 0; 1174} 1175 1176static inline int security_task_prctl(int option, unsigned long arg2, 1177 unsigned long arg3, 1178 unsigned long arg4, 1179 unsigned long arg5) 1180{ 1181 return cap_task_prctl(option, arg2, arg3, arg4, arg5); 1182} 1183 1184static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) 1185{ } 1186 1187static inline int security_ipc_permission(struct kern_ipc_perm *ipcp, 1188 short flag) 1189{ 1190 return 0; 1191} 1192 1193static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) 1194{ 1195 *secid = 0; 1196} 1197 1198static inline int security_msg_msg_alloc(struct msg_msg *msg) 1199{ 1200 return 0; 1201} 1202 1203static inline void security_msg_msg_free(struct msg_msg *msg) 1204{ } 1205 1206static inline int security_msg_queue_alloc(struct kern_ipc_perm *msq) 1207{ 1208 return 0; 1209} 1210 1211static inline void security_msg_queue_free(struct kern_ipc_perm *msq) 1212{ } 1213 1214static inline int security_msg_queue_associate(struct kern_ipc_perm *msq, 1215 int msqflg) 1216{ 1217 return 0; 1218} 1219 1220static inline int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd) 1221{ 1222 return 0; 1223} 1224 1225static inline int security_msg_queue_msgsnd(struct kern_ipc_perm *msq, 1226 struct msg_msg *msg, int msqflg) 1227{ 1228 return 0; 1229} 1230 1231static inline int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, 1232 struct msg_msg *msg, 1233 struct task_struct *target, 1234 long type, int mode) 1235{ 1236 return 0; 1237} 1238 1239static inline int security_shm_alloc(struct kern_ipc_perm *shp) 1240{ 1241 return 0; 1242} 1243 1244static inline void security_shm_free(struct kern_ipc_perm *shp) 1245{ } 1246 1247static inline int security_shm_associate(struct kern_ipc_perm *shp, 1248 int shmflg) 1249{ 1250 return 0; 1251} 1252 1253static inline int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd) 1254{ 1255 return 0; 1256} 1257 1258static inline int security_shm_shmat(struct kern_ipc_perm *shp, 1259 char __user *shmaddr, int shmflg) 1260{ 1261 return 0; 1262} 1263 1264static inline int security_sem_alloc(struct kern_ipc_perm *sma) 1265{ 1266 return 0; 1267} 1268 1269static inline void security_sem_free(struct kern_ipc_perm *sma) 1270{ } 1271 1272static inline int security_sem_associate(struct kern_ipc_perm *sma, int semflg) 1273{ 1274 return 0; 1275} 1276 1277static inline int security_sem_semctl(struct kern_ipc_perm *sma, int cmd) 1278{ 1279 return 0; 1280} 1281 1282static inline int security_sem_semop(struct kern_ipc_perm *sma, 1283 struct sembuf *sops, unsigned nsops, 1284 int alter) 1285{ 1286 return 0; 1287} 1288 1289static inline void security_d_instantiate(struct dentry *dentry, 1290 struct inode *inode) 1291{ } 1292 1293static inline int security_getprocattr(struct task_struct *p, const char *lsm, 1294 char *name, char **value) 1295{ 1296 return -EINVAL; 1297} 1298 1299static inline int security_setprocattr(const char *lsm, char *name, 1300 void *value, size_t size) 1301{ 1302 return -EINVAL; 1303} 1304 1305static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb) 1306{ 1307 return 0; 1308} 1309 1310static inline int security_ismaclabel(const char *name) 1311{ 1312 return 0; 1313} 1314 1315static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 1316{ 1317 return -EOPNOTSUPP; 1318} 1319 1320static inline int security_secctx_to_secid(const char *secdata, 1321 u32 seclen, 1322 u32 *secid) 1323{ 1324 return -EOPNOTSUPP; 1325} 1326 1327static inline void security_release_secctx(char *secdata, u32 seclen) 1328{ 1329} 1330 1331static inline void security_inode_invalidate_secctx(struct inode *inode) 1332{ 1333} 1334 1335static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 1336{ 1337 return -EOPNOTSUPP; 1338} 1339static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 1340{ 1341 return -EOPNOTSUPP; 1342} 1343static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 1344{ 1345 return -EOPNOTSUPP; 1346} 1347static inline int security_locked_down(enum lockdown_reason what) 1348{ 1349 return 0; 1350} 1351#endif /* CONFIG_SECURITY */ 1352 1353#if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) 1354int security_post_notification(const struct cred *w_cred, 1355 const struct cred *cred, 1356 struct watch_notification *n); 1357#else 1358static inline int security_post_notification(const struct cred *w_cred, 1359 const struct cred *cred, 1360 struct watch_notification *n) 1361{ 1362 return 0; 1363} 1364#endif 1365 1366#if defined(CONFIG_SECURITY) && defined(CONFIG_KEY_NOTIFICATIONS) 1367int security_watch_key(struct key *key); 1368#else 1369static inline int security_watch_key(struct key *key) 1370{ 1371 return 0; 1372} 1373#endif 1374 1375#ifdef CONFIG_SECURITY_NETWORK 1376 1377int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk); 1378int security_unix_may_send(struct socket *sock, struct socket *other); 1379int security_socket_create(int family, int type, int protocol, int kern); 1380int security_socket_post_create(struct socket *sock, int family, 1381 int type, int protocol, int kern); 1382int security_socket_socketpair(struct socket *socka, struct socket *sockb); 1383int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen); 1384int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen); 1385int security_socket_listen(struct socket *sock, int backlog); 1386int security_socket_accept(struct socket *sock, struct socket *newsock); 1387int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size); 1388int security_socket_recvmsg(struct socket *sock, struct msghdr *msg, 1389 int size, int flags); 1390int security_socket_getsockname(struct socket *sock); 1391int security_socket_getpeername(struct socket *sock); 1392int security_socket_getsockopt(struct socket *sock, int level, int optname); 1393int security_socket_setsockopt(struct socket *sock, int level, int optname); 1394int security_socket_shutdown(struct socket *sock, int how); 1395int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb); 1396int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, 1397 int __user *optlen, unsigned len); 1398int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid); 1399int security_sk_alloc(struct sock *sk, int family, gfp_t priority); 1400void security_sk_free(struct sock *sk); 1401void security_sk_clone(const struct sock *sk, struct sock *newsk); 1402void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic); 1403void security_req_classify_flow(const struct request_sock *req, 1404 struct flowi_common *flic); 1405void security_sock_graft(struct sock*sk, struct socket *parent); 1406int security_inet_conn_request(const struct sock *sk, 1407 struct sk_buff *skb, struct request_sock *req); 1408void security_inet_csk_clone(struct sock *newsk, 1409 const struct request_sock *req); 1410void security_inet_conn_established(struct sock *sk, 1411 struct sk_buff *skb); 1412int security_secmark_relabel_packet(u32 secid); 1413void security_secmark_refcount_inc(void); 1414void security_secmark_refcount_dec(void); 1415int security_tun_dev_alloc_security(void **security); 1416void security_tun_dev_free_security(void *security); 1417int security_tun_dev_create(void); 1418int security_tun_dev_attach_queue(void *security); 1419int security_tun_dev_attach(struct sock *sk, void *security); 1420int security_tun_dev_open(void *security); 1421int security_sctp_assoc_request(struct sctp_endpoint *ep, struct sk_buff *skb); 1422int security_sctp_bind_connect(struct sock *sk, int optname, 1423 struct sockaddr *address, int addrlen); 1424void security_sctp_sk_clone(struct sctp_endpoint *ep, struct sock *sk, 1425 struct sock *newsk); 1426 1427#else /* CONFIG_SECURITY_NETWORK */ 1428static inline int security_unix_stream_connect(struct sock *sock, 1429 struct sock *other, 1430 struct sock *newsk) 1431{ 1432 return 0; 1433} 1434 1435static inline int security_unix_may_send(struct socket *sock, 1436 struct socket *other) 1437{ 1438 return 0; 1439} 1440 1441static inline int security_socket_create(int family, int type, 1442 int protocol, int kern) 1443{ 1444 return 0; 1445} 1446 1447static inline int security_socket_post_create(struct socket *sock, 1448 int family, 1449 int type, 1450 int protocol, int kern) 1451{ 1452 return 0; 1453} 1454 1455static inline int security_socket_socketpair(struct socket *socka, 1456 struct socket *sockb) 1457{ 1458 return 0; 1459} 1460 1461static inline int security_socket_bind(struct socket *sock, 1462 struct sockaddr *address, 1463 int addrlen) 1464{ 1465 return 0; 1466} 1467 1468static inline int security_socket_connect(struct socket *sock, 1469 struct sockaddr *address, 1470 int addrlen) 1471{ 1472 return 0; 1473} 1474 1475static inline int security_socket_listen(struct socket *sock, int backlog) 1476{ 1477 return 0; 1478} 1479 1480static inline int security_socket_accept(struct socket *sock, 1481 struct socket *newsock) 1482{ 1483 return 0; 1484} 1485 1486static inline int security_socket_sendmsg(struct socket *sock, 1487 struct msghdr *msg, int size) 1488{ 1489 return 0; 1490} 1491 1492static inline int security_socket_recvmsg(struct socket *sock, 1493 struct msghdr *msg, int size, 1494 int flags) 1495{ 1496 return 0; 1497} 1498 1499static inline int security_socket_getsockname(struct socket *sock) 1500{ 1501 return 0; 1502} 1503 1504static inline int security_socket_getpeername(struct socket *sock) 1505{ 1506 return 0; 1507} 1508 1509static inline int security_socket_getsockopt(struct socket *sock, 1510 int level, int optname) 1511{ 1512 return 0; 1513} 1514 1515static inline int security_socket_setsockopt(struct socket *sock, 1516 int level, int optname) 1517{ 1518 return 0; 1519} 1520 1521static inline int security_socket_shutdown(struct socket *sock, int how) 1522{ 1523 return 0; 1524} 1525static inline int security_sock_rcv_skb(struct sock *sk, 1526 struct sk_buff *skb) 1527{ 1528 return 0; 1529} 1530 1531static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, 1532 int __user *optlen, unsigned len) 1533{ 1534 return -ENOPROTOOPT; 1535} 1536 1537static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) 1538{ 1539 return -ENOPROTOOPT; 1540} 1541 1542static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority) 1543{ 1544 return 0; 1545} 1546 1547static inline void security_sk_free(struct sock *sk) 1548{ 1549} 1550 1551static inline void security_sk_clone(const struct sock *sk, struct sock *newsk) 1552{ 1553} 1554 1555static inline void security_sk_classify_flow(struct sock *sk, 1556 struct flowi_common *flic) 1557{ 1558} 1559 1560static inline void security_req_classify_flow(const struct request_sock *req, 1561 struct flowi_common *flic) 1562{ 1563} 1564 1565static inline void security_sock_graft(struct sock *sk, struct socket *parent) 1566{ 1567} 1568 1569static inline int security_inet_conn_request(const struct sock *sk, 1570 struct sk_buff *skb, struct request_sock *req) 1571{ 1572 return 0; 1573} 1574 1575static inline void security_inet_csk_clone(struct sock *newsk, 1576 const struct request_sock *req) 1577{ 1578} 1579 1580static inline void security_inet_conn_established(struct sock *sk, 1581 struct sk_buff *skb) 1582{ 1583} 1584 1585static inline int security_secmark_relabel_packet(u32 secid) 1586{ 1587 return 0; 1588} 1589 1590static inline void security_secmark_refcount_inc(void) 1591{ 1592} 1593 1594static inline void security_secmark_refcount_dec(void) 1595{ 1596} 1597 1598static inline int security_tun_dev_alloc_security(void **security) 1599{ 1600 return 0; 1601} 1602 1603static inline void security_tun_dev_free_security(void *security) 1604{ 1605} 1606 1607static inline int security_tun_dev_create(void) 1608{ 1609 return 0; 1610} 1611 1612static inline int security_tun_dev_attach_queue(void *security) 1613{ 1614 return 0; 1615} 1616 1617static inline int security_tun_dev_attach(struct sock *sk, void *security) 1618{ 1619 return 0; 1620} 1621 1622static inline int security_tun_dev_open(void *security) 1623{ 1624 return 0; 1625} 1626 1627static inline int security_sctp_assoc_request(struct sctp_endpoint *ep, 1628 struct sk_buff *skb) 1629{ 1630 return 0; 1631} 1632 1633static inline int security_sctp_bind_connect(struct sock *sk, int optname, 1634 struct sockaddr *address, 1635 int addrlen) 1636{ 1637 return 0; 1638} 1639 1640static inline void security_sctp_sk_clone(struct sctp_endpoint *ep, 1641 struct sock *sk, 1642 struct sock *newsk) 1643{ 1644} 1645#endif /* CONFIG_SECURITY_NETWORK */ 1646 1647#ifdef CONFIG_SECURITY_INFINIBAND 1648int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey); 1649int security_ib_endport_manage_subnet(void *sec, const char *name, u8 port_num); 1650int security_ib_alloc_security(void **sec); 1651void security_ib_free_security(void *sec); 1652#else /* CONFIG_SECURITY_INFINIBAND */ 1653static inline int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey) 1654{ 1655 return 0; 1656} 1657 1658static inline int security_ib_endport_manage_subnet(void *sec, const char *dev_name, u8 port_num) 1659{ 1660 return 0; 1661} 1662 1663static inline int security_ib_alloc_security(void **sec) 1664{ 1665 return 0; 1666} 1667 1668static inline void security_ib_free_security(void *sec) 1669{ 1670} 1671#endif /* CONFIG_SECURITY_INFINIBAND */ 1672 1673#ifdef CONFIG_SECURITY_NETWORK_XFRM 1674 1675int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, 1676 struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp); 1677int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp); 1678void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx); 1679int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx); 1680int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx); 1681int security_xfrm_state_alloc_acquire(struct xfrm_state *x, 1682 struct xfrm_sec_ctx *polsec, u32 secid); 1683int security_xfrm_state_delete(struct xfrm_state *x); 1684void security_xfrm_state_free(struct xfrm_state *x); 1685int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid); 1686int security_xfrm_state_pol_flow_match(struct xfrm_state *x, 1687 struct xfrm_policy *xp, 1688 const struct flowi_common *flic); 1689int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid); 1690void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic); 1691 1692#else /* CONFIG_SECURITY_NETWORK_XFRM */ 1693 1694static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, 1695 struct xfrm_user_sec_ctx *sec_ctx, 1696 gfp_t gfp) 1697{ 1698 return 0; 1699} 1700 1701static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp) 1702{ 1703 return 0; 1704} 1705 1706static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx) 1707{ 1708} 1709 1710static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) 1711{ 1712 return 0; 1713} 1714 1715static inline int security_xfrm_state_alloc(struct xfrm_state *x, 1716 struct xfrm_user_sec_ctx *sec_ctx) 1717{ 1718 return 0; 1719} 1720 1721static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x, 1722 struct xfrm_sec_ctx *polsec, u32 secid) 1723{ 1724 return 0; 1725} 1726 1727static inline void security_xfrm_state_free(struct xfrm_state *x) 1728{ 1729} 1730 1731static inline int security_xfrm_state_delete(struct xfrm_state *x) 1732{ 1733 return 0; 1734} 1735 1736static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid) 1737{ 1738 return 0; 1739} 1740 1741static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x, 1742 struct xfrm_policy *xp, 1743 const struct flowi_common *flic) 1744{ 1745 return 1; 1746} 1747 1748static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) 1749{ 1750 return 0; 1751} 1752 1753static inline void security_skb_classify_flow(struct sk_buff *skb, 1754 struct flowi_common *flic) 1755{ 1756} 1757 1758#endif /* CONFIG_SECURITY_NETWORK_XFRM */ 1759 1760#ifdef CONFIG_SECURITY_PATH 1761int security_path_unlink(const struct path *dir, struct dentry *dentry); 1762int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode); 1763int security_path_rmdir(const struct path *dir, struct dentry *dentry); 1764int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, 1765 unsigned int dev); 1766int security_path_truncate(const struct path *path); 1767int security_path_symlink(const struct path *dir, struct dentry *dentry, 1768 const char *old_name); 1769int security_path_link(struct dentry *old_dentry, const struct path *new_dir, 1770 struct dentry *new_dentry); 1771int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, 1772 const struct path *new_dir, struct dentry *new_dentry, 1773 unsigned int flags); 1774int security_path_chmod(const struct path *path, umode_t mode); 1775int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid); 1776int security_path_chroot(const struct path *path); 1777#else /* CONFIG_SECURITY_PATH */ 1778static inline int security_path_unlink(const struct path *dir, struct dentry *dentry) 1779{ 1780 return 0; 1781} 1782 1783static inline int security_path_mkdir(const struct path *dir, struct dentry *dentry, 1784 umode_t mode) 1785{ 1786 return 0; 1787} 1788 1789static inline int security_path_rmdir(const struct path *dir, struct dentry *dentry) 1790{ 1791 return 0; 1792} 1793 1794static inline int security_path_mknod(const struct path *dir, struct dentry *dentry, 1795 umode_t mode, unsigned int dev) 1796{ 1797 return 0; 1798} 1799 1800static inline int security_path_truncate(const struct path *path) 1801{ 1802 return 0; 1803} 1804 1805static inline int security_path_symlink(const struct path *dir, struct dentry *dentry, 1806 const char *old_name) 1807{ 1808 return 0; 1809} 1810 1811static inline int security_path_link(struct dentry *old_dentry, 1812 const struct path *new_dir, 1813 struct dentry *new_dentry) 1814{ 1815 return 0; 1816} 1817 1818static inline int security_path_rename(const struct path *old_dir, 1819 struct dentry *old_dentry, 1820 const struct path *new_dir, 1821 struct dentry *new_dentry, 1822 unsigned int flags) 1823{ 1824 return 0; 1825} 1826 1827static inline int security_path_chmod(const struct path *path, umode_t mode) 1828{ 1829 return 0; 1830} 1831 1832static inline int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) 1833{ 1834 return 0; 1835} 1836 1837static inline int security_path_chroot(const struct path *path) 1838{ 1839 return 0; 1840} 1841#endif /* CONFIG_SECURITY_PATH */ 1842 1843#ifdef CONFIG_KEYS 1844#ifdef CONFIG_SECURITY 1845 1846int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags); 1847void security_key_free(struct key *key); 1848int security_key_permission(key_ref_t key_ref, const struct cred *cred, 1849 enum key_need_perm need_perm); 1850int security_key_getsecurity(struct key *key, char **_buffer); 1851 1852#else 1853 1854static inline int security_key_alloc(struct key *key, 1855 const struct cred *cred, 1856 unsigned long flags) 1857{ 1858 return 0; 1859} 1860 1861static inline void security_key_free(struct key *key) 1862{ 1863} 1864 1865static inline int security_key_permission(key_ref_t key_ref, 1866 const struct cred *cred, 1867 enum key_need_perm need_perm) 1868{ 1869 return 0; 1870} 1871 1872static inline int security_key_getsecurity(struct key *key, char **_buffer) 1873{ 1874 *_buffer = NULL; 1875 return 0; 1876} 1877 1878#endif 1879#endif /* CONFIG_KEYS */ 1880 1881#ifdef CONFIG_AUDIT 1882#ifdef CONFIG_SECURITY 1883int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); 1884int security_audit_rule_known(struct audit_krule *krule); 1885int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule); 1886void security_audit_rule_free(void *lsmrule); 1887 1888#else 1889 1890static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr, 1891 void **lsmrule) 1892{ 1893 return 0; 1894} 1895 1896static inline int security_audit_rule_known(struct audit_krule *krule) 1897{ 1898 return 0; 1899} 1900 1901static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, 1902 void *lsmrule) 1903{ 1904 return 0; 1905} 1906 1907static inline void security_audit_rule_free(void *lsmrule) 1908{ } 1909 1910#endif /* CONFIG_SECURITY */ 1911#endif /* CONFIG_AUDIT */ 1912 1913#ifdef CONFIG_SECURITYFS 1914 1915extern struct dentry *securityfs_create_file(const char *name, umode_t mode, 1916 struct dentry *parent, void *data, 1917 const struct file_operations *fops); 1918extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent); 1919struct dentry *securityfs_create_symlink(const char *name, 1920 struct dentry *parent, 1921 const char *target, 1922 const struct inode_operations *iops); 1923extern void securityfs_remove(struct dentry *dentry); 1924 1925#else /* CONFIG_SECURITYFS */ 1926 1927static inline struct dentry *securityfs_create_dir(const char *name, 1928 struct dentry *parent) 1929{ 1930 return ERR_PTR(-ENODEV); 1931} 1932 1933static inline struct dentry *securityfs_create_file(const char *name, 1934 umode_t mode, 1935 struct dentry *parent, 1936 void *data, 1937 const struct file_operations *fops) 1938{ 1939 return ERR_PTR(-ENODEV); 1940} 1941 1942static inline struct dentry *securityfs_create_symlink(const char *name, 1943 struct dentry *parent, 1944 const char *target, 1945 const struct inode_operations *iops) 1946{ 1947 return ERR_PTR(-ENODEV); 1948} 1949 1950static inline void securityfs_remove(struct dentry *dentry) 1951{} 1952 1953#endif 1954 1955#ifdef CONFIG_BPF_SYSCALL 1956union bpf_attr; 1957struct bpf_map; 1958struct bpf_prog; 1959struct bpf_prog_aux; 1960#ifdef CONFIG_SECURITY 1961extern int security_bpf(int cmd, union bpf_attr *attr, unsigned int size); 1962extern int security_bpf_map(struct bpf_map *map, fmode_t fmode); 1963extern int security_bpf_prog(struct bpf_prog *prog); 1964extern int security_bpf_map_alloc(struct bpf_map *map); 1965extern void security_bpf_map_free(struct bpf_map *map); 1966extern int security_bpf_prog_alloc(struct bpf_prog_aux *aux); 1967extern void security_bpf_prog_free(struct bpf_prog_aux *aux); 1968#else 1969static inline int security_bpf(int cmd, union bpf_attr *attr, 1970 unsigned int size) 1971{ 1972 return 0; 1973} 1974 1975static inline int security_bpf_map(struct bpf_map *map, fmode_t fmode) 1976{ 1977 return 0; 1978} 1979 1980static inline int security_bpf_prog(struct bpf_prog *prog) 1981{ 1982 return 0; 1983} 1984 1985static inline int security_bpf_map_alloc(struct bpf_map *map) 1986{ 1987 return 0; 1988} 1989 1990static inline void security_bpf_map_free(struct bpf_map *map) 1991{ } 1992 1993static inline int security_bpf_prog_alloc(struct bpf_prog_aux *aux) 1994{ 1995 return 0; 1996} 1997 1998static inline void security_bpf_prog_free(struct bpf_prog_aux *aux) 1999{ } 2000#endif /* CONFIG_SECURITY */ 2001#endif /* CONFIG_BPF_SYSCALL */ 2002 2003#ifdef CONFIG_PERF_EVENTS 2004struct perf_event_attr; 2005struct perf_event; 2006 2007#ifdef CONFIG_SECURITY 2008extern int security_perf_event_open(struct perf_event_attr *attr, int type); 2009extern int security_perf_event_alloc(struct perf_event *event); 2010extern void security_perf_event_free(struct perf_event *event); 2011extern int security_perf_event_read(struct perf_event *event); 2012extern int security_perf_event_write(struct perf_event *event); 2013#else 2014static inline int security_perf_event_open(struct perf_event_attr *attr, 2015 int type) 2016{ 2017 return 0; 2018} 2019 2020static inline int security_perf_event_alloc(struct perf_event *event) 2021{ 2022 return 0; 2023} 2024 2025static inline void security_perf_event_free(struct perf_event *event) 2026{ 2027} 2028 2029static inline int security_perf_event_read(struct perf_event *event) 2030{ 2031 return 0; 2032} 2033 2034static inline int security_perf_event_write(struct perf_event *event) 2035{ 2036 return 0; 2037} 2038#endif /* CONFIG_SECURITY */ 2039#endif /* CONFIG_PERF_EVENTS */ 2040 2041#endif /* ! __LINUX_SECURITY_H */