1 /* 2 * Linux Security plug 3 * 4 * Copyright (C) 2001 WireX Communications, Inc <[email protected]> 5 * Copyright (C) 2001 Greg Kroah-Hartman <[email protected]> 6 * Copyright (C) 2001 Networks Associates Technology, Inc <[email protected]> 7 * Copyright (C) 2001 James Morris <[email protected]> 8 * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group) 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License as published by 12 * the Free Software Foundation; either version 2 of the License, or 13 * (at your option) any later version. 14 * 15 * Due to this file being licensed under the GPL there is controversy over 16 * whether this permits you to write a module that #includes this file 17 * without placing your module under the GPL. Please consult a lawyer for 18 * advice before doing this. 19 * 20 */ 21 22 #ifndef __LINUX_SECURITY_H 23 #define __LINUX_SECURITY_H 24 25 #include <linux/key.h> 26 #include <linux/capability.h> 27 #include <linux/slab.h> 28 #include <linux/err.h> 29 #include <linux/string.h> 30 #include <linux/mm.h> 31 32 struct linux_binprm; 33 struct cred; 34 struct rlimit; 35 struct siginfo; 36 struct sem_array; 37 struct sembuf; 38 struct kern_ipc_perm; 39 struct audit_context; 40 struct super_block; 41 struct inode; 42 struct dentry; 43 struct file; 44 struct vfsmount; 45 struct path; 46 struct qstr; 47 struct nameidata; 48 struct iattr; 49 struct fown_struct; 50 struct file_operations; 51 struct shmid_kernel; 52 struct msg_msg; 53 struct msg_queue; 54 struct xattr; 55 struct xfrm_sec_ctx; 56 struct mm_struct; 57 58 /* If capable should audit the security request */ 59 #define SECURITY_CAP_NOAUDIT 0 60 #define SECURITY_CAP_AUDIT 1 61 62 /* LSM Agnostic defines for sb_set_mnt_opts */ 63 #define SECURITY_LSM_NATIVE_LABELS 1 64 65 struct ctl_table; 66 struct audit_krule; 67 struct user_namespace; 68 struct timezone; 69 70 /* These functions are in security/commoncap.c */ 71 extern int cap_capable(const struct cred *cred, struct user_namespace *ns, 72 int cap, int audit); 73 extern int cap_settime(const struct timespec *ts, const struct timezone *tz); 74 extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode); 75 extern int cap_ptrace_traceme(struct task_struct *parent); 76 extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); 77 extern int cap_capset(struct cred *new, const struct cred *old, 78 const kernel_cap_t *effective, 79 const kernel_cap_t *inheritable, 80 const kernel_cap_t *permitted); 81 extern int cap_bprm_set_creds(struct linux_binprm *bprm); 82 extern int cap_bprm_secureexec(struct linux_binprm *bprm); 83 extern int cap_inode_setxattr(struct dentry *dentry, const char *name, 84 const void *value, size_t size, int flags); 85 extern int cap_inode_removexattr(struct dentry *dentry, const char *name); 86 extern int cap_inode_need_killpriv(struct dentry *dentry); 87 extern int cap_inode_killpriv(struct dentry *dentry); 88 extern int cap_mmap_addr(unsigned long addr); 89 extern int cap_mmap_file(struct file *file, unsigned long reqprot, 90 unsigned long prot, unsigned long flags); 91 extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags); 92 extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, 93 unsigned long arg4, unsigned long arg5); 94 extern int cap_task_setscheduler(struct task_struct *p); 95 extern int cap_task_setioprio(struct task_struct *p, int ioprio); 96 extern int cap_task_setnice(struct task_struct *p, int nice); 97 extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); 98 99 struct msghdr; 100 struct sk_buff; 101 struct sock; 102 struct sockaddr; 103 struct socket; 104 struct flowi; 105 struct dst_entry; 106 struct xfrm_selector; 107 struct xfrm_policy; 108 struct xfrm_state; 109 struct xfrm_user_sec_ctx; 110 struct seq_file; 111 112 #ifdef CONFIG_MMU 113 extern unsigned long mmap_min_addr; 114 extern unsigned long dac_mmap_min_addr; 115 #else 116 #define mmap_min_addr 0UL 117 #define dac_mmap_min_addr 0UL 118 #endif 119 120 /* 121 * Values used in the task_security_ops calls 122 */ 123 /* setuid or setgid, id0 == uid or gid */ 124 #define LSM_SETID_ID 1 125 126 /* setreuid or setregid, id0 == real, id1 == eff */ 127 #define LSM_SETID_RE 2 128 129 /* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */ 130 #define LSM_SETID_RES 4 131 132 /* setfsuid or setfsgid, id0 == fsuid or fsgid */ 133 #define LSM_SETID_FS 8 134 135 /* forward declares to avoid warnings */ 136 struct sched_param; 137 struct request_sock; 138 139 /* bprm->unsafe reasons */ 140 #define LSM_UNSAFE_SHARE 1 141 #define LSM_UNSAFE_PTRACE 2 142 #define LSM_UNSAFE_PTRACE_CAP 4 143 #define LSM_UNSAFE_NO_NEW_PRIVS 8 144 145 #ifdef CONFIG_MMU 146 extern int mmap_min_addr_handler(struct ctl_table *table, int write, 147 void __user *buffer, size_t *lenp, loff_t *ppos); 148 #endif 149 150 /* security_inode_init_security callback function to write xattrs */ 151 typedef int (*initxattrs) (struct inode *inode, 152 const struct xattr *xattr_array, void *fs_data); 153 154 #ifdef CONFIG_SECURITY 155 156 struct security_mnt_opts { 157 char **mnt_opts; 158 int *mnt_opts_flags; 159 int num_mnt_opts; 160 }; 161 162 static inline void security_init_mnt_opts(struct security_mnt_opts *opts) 163 { 164 opts->mnt_opts = NULL; 165 opts->mnt_opts_flags = NULL; 166 opts->num_mnt_opts = 0; 167 } 168 169 static inline void security_free_mnt_opts(struct security_mnt_opts *opts) 170 { 171 int i; 172 if (opts->mnt_opts) 173 for (i = 0; i < opts->num_mnt_opts; i++) 174 kfree(opts->mnt_opts[i]); 175 kfree(opts->mnt_opts); 176 opts->mnt_opts = NULL; 177 kfree(opts->mnt_opts_flags); 178 opts->mnt_opts_flags = NULL; 179 opts->num_mnt_opts = 0; 180 } 181 182 /* prototypes */ 183 extern int security_init(void); 184 185 /* Security operations */ 186 int security_binder_set_context_mgr(struct task_struct *mgr); 187 int security_binder_transaction(struct task_struct *from, 188 struct task_struct *to); 189 int security_binder_transfer_binder(struct task_struct *from, 190 struct task_struct *to); 191 int security_binder_transfer_file(struct task_struct *from, 192 struct task_struct *to, struct file *file); 193 int security_ptrace_access_check(struct task_struct *child, unsigned int mode); 194 int security_ptrace_traceme(struct task_struct *parent); 195 int security_capget(struct task_struct *target, 196 kernel_cap_t *effective, 197 kernel_cap_t *inheritable, 198 kernel_cap_t *permitted); 199 int security_capset(struct cred *new, const struct cred *old, 200 const kernel_cap_t *effective, 201 const kernel_cap_t *inheritable, 202 const kernel_cap_t *permitted); 203 int security_capable(const struct cred *cred, struct user_namespace *ns, 204 int cap); 205 int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns, 206 int cap); 207 int security_quotactl(int cmds, int type, int id, struct super_block *sb); 208 int security_quota_on(struct dentry *dentry); 209 int security_syslog(int type); 210 int security_settime(const struct timespec *ts, const struct timezone *tz); 211 int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); 212 int security_bprm_set_creds(struct linux_binprm *bprm); 213 int security_bprm_check(struct linux_binprm *bprm); 214 void security_bprm_committing_creds(struct linux_binprm *bprm); 215 void security_bprm_committed_creds(struct linux_binprm *bprm); 216 int security_bprm_secureexec(struct linux_binprm *bprm); 217 int security_sb_alloc(struct super_block *sb); 218 void security_sb_free(struct super_block *sb); 219 int security_sb_copy_data(char *orig, char *copy); 220 int security_sb_remount(struct super_block *sb, void *data); 221 int security_sb_kern_mount(struct super_block *sb, int flags, void *data); 222 int security_sb_show_options(struct seq_file *m, struct super_block *sb); 223 int security_sb_statfs(struct dentry *dentry); 224 int security_sb_mount(const char *dev_name, struct path *path, 225 const char *type, unsigned long flags, void *data); 226 int security_sb_umount(struct vfsmount *mnt, int flags); 227 int security_sb_pivotroot(struct path *old_path, struct path *new_path); 228 int security_sb_set_mnt_opts(struct super_block *sb, 229 struct security_mnt_opts *opts, 230 unsigned long kern_flags, 231 unsigned long *set_kern_flags); 232 int security_sb_clone_mnt_opts(const struct super_block *oldsb, 233 struct super_block *newsb); 234 int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts); 235 int security_dentry_init_security(struct dentry *dentry, int mode, 236 struct qstr *name, void **ctx, 237 u32 *ctxlen); 238 239 int security_inode_alloc(struct inode *inode); 240 void security_inode_free(struct inode *inode); 241 int security_inode_init_security(struct inode *inode, struct inode *dir, 242 const struct qstr *qstr, 243 initxattrs initxattrs, void *fs_data); 244 int security_old_inode_init_security(struct inode *inode, struct inode *dir, 245 const struct qstr *qstr, const char **name, 246 void **value, size_t *len); 247 int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode); 248 int security_inode_link(struct dentry *old_dentry, struct inode *dir, 249 struct dentry *new_dentry); 250 int security_inode_unlink(struct inode *dir, struct dentry *dentry); 251 int security_inode_symlink(struct inode *dir, struct dentry *dentry, 252 const char *old_name); 253 int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode); 254 int security_inode_rmdir(struct inode *dir, struct dentry *dentry); 255 int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev); 256 int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, 257 struct inode *new_dir, struct dentry *new_dentry, 258 unsigned int flags); 259 int security_inode_readlink(struct dentry *dentry); 260 int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); 261 int security_inode_permission(struct inode *inode, int mask); 262 int security_inode_setattr(struct dentry *dentry, struct iattr *attr); 263 int security_inode_getattr(const struct path *path); 264 int security_inode_setxattr(struct dentry *dentry, const char *name, 265 const void *value, size_t size, int flags); 266 void security_inode_post_setxattr(struct dentry *dentry, const char *name, 267 const void *value, size_t size, int flags); 268 int security_inode_getxattr(struct dentry *dentry, const char *name); 269 int security_inode_listxattr(struct dentry *dentry); 270 int security_inode_removexattr(struct dentry *dentry, const char *name); 271 int security_inode_need_killpriv(struct dentry *dentry); 272 int security_inode_killpriv(struct dentry *dentry); 273 int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc); 274 int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); 275 int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); 276 void security_inode_getsecid(const struct inode *inode, u32 *secid); 277 int security_file_permission(struct file *file, int mask); 278 int security_file_alloc(struct file *file); 279 void security_file_free(struct file *file); 280 int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg); 281 int security_mmap_file(struct file *file, unsigned long prot, 282 unsigned long flags); 283 int security_mmap_addr(unsigned long addr); 284 int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, 285 unsigned long prot); 286 int security_file_lock(struct file *file, unsigned int cmd); 287 int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg); 288 void security_file_set_fowner(struct file *file); 289 int security_file_send_sigiotask(struct task_struct *tsk, 290 struct fown_struct *fown, int sig); 291 int security_file_receive(struct file *file); 292 int security_file_open(struct file *file, const struct cred *cred); 293 int security_task_create(unsigned long clone_flags); 294 void security_task_free(struct task_struct *task); 295 int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); 296 void security_cred_free(struct cred *cred); 297 int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); 298 void security_transfer_creds(struct cred *new, const struct cred *old); 299 int security_kernel_act_as(struct cred *new, u32 secid); 300 int security_kernel_create_files_as(struct cred *new, struct inode *inode); 301 int security_kernel_fw_from_file(struct file *file, char *buf, size_t size); 302 int security_kernel_module_request(char *kmod_name); 303 int security_kernel_module_from_file(struct file *file); 304 int security_task_fix_setuid(struct cred *new, const struct cred *old, 305 int flags); 306 int security_task_setpgid(struct task_struct *p, pid_t pgid); 307 int security_task_getpgid(struct task_struct *p); 308 int security_task_getsid(struct task_struct *p); 309 void security_task_getsecid(struct task_struct *p, u32 *secid); 310 int security_task_setnice(struct task_struct *p, int nice); 311 int security_task_setioprio(struct task_struct *p, int ioprio); 312 int security_task_getioprio(struct task_struct *p); 313 int security_task_setrlimit(struct task_struct *p, unsigned int resource, 314 struct rlimit *new_rlim); 315 int security_task_setscheduler(struct task_struct *p); 316 int security_task_getscheduler(struct task_struct *p); 317 int security_task_movememory(struct task_struct *p); 318 int security_task_kill(struct task_struct *p, struct siginfo *info, 319 int sig, u32 secid); 320 int security_task_wait(struct task_struct *p); 321 int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, 322 unsigned long arg4, unsigned long arg5); 323 void security_task_to_inode(struct task_struct *p, struct inode *inode); 324 int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag); 325 void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid); 326 int security_msg_msg_alloc(struct msg_msg *msg); 327 void security_msg_msg_free(struct msg_msg *msg); 328 int security_msg_queue_alloc(struct msg_queue *msq); 329 void security_msg_queue_free(struct msg_queue *msq); 330 int security_msg_queue_associate(struct msg_queue *msq, int msqflg); 331 int security_msg_queue_msgctl(struct msg_queue *msq, int cmd); 332 int security_msg_queue_msgsnd(struct msg_queue *msq, 333 struct msg_msg *msg, int msqflg); 334 int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, 335 struct task_struct *target, long type, int mode); 336 int security_shm_alloc(struct shmid_kernel *shp); 337 void security_shm_free(struct shmid_kernel *shp); 338 int security_shm_associate(struct shmid_kernel *shp, int shmflg); 339 int security_shm_shmctl(struct shmid_kernel *shp, int cmd); 340 int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg); 341 int security_sem_alloc(struct sem_array *sma); 342 void security_sem_free(struct sem_array *sma); 343 int security_sem_associate(struct sem_array *sma, int semflg); 344 int security_sem_semctl(struct sem_array *sma, int cmd); 345 int security_sem_semop(struct sem_array *sma, struct sembuf *sops, 346 unsigned nsops, int alter); 347 void security_d_instantiate(struct dentry *dentry, struct inode *inode); 348 int security_getprocattr(struct task_struct *p, char *name, char **value); 349 int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size); 350 int security_netlink_send(struct sock *sk, struct sk_buff *skb); 351 int security_ismaclabel(const char *name); 352 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); 353 int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); 354 void security_release_secctx(char *secdata, u32 seclen); 355 356 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); 357 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); 358 int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); 359 #else /* CONFIG_SECURITY */ 360 struct security_mnt_opts { 361 }; 362 363 static inline void security_init_mnt_opts(struct security_mnt_opts *opts) 364 { 365 } 366 367 static inline void security_free_mnt_opts(struct security_mnt_opts *opts) 368 { 369 } 370 371 /* 372 * This is the default capabilities functionality. Most of these functions 373 * are just stubbed out, but a few must call the proper capable code. 374 */ 375 376 static inline int security_init(void) 377 { 378 return 0; 379 } 380 381 static inline int security_binder_set_context_mgr(struct task_struct *mgr) 382 { 383 return 0; 384 } 385 386 static inline int security_binder_transaction(struct task_struct *from, 387 struct task_struct *to) 388 { 389 return 0; 390 } 391 392 static inline int security_binder_transfer_binder(struct task_struct *from, 393 struct task_struct *to) 394 { 395 return 0; 396 } 397 398 static inline int security_binder_transfer_file(struct task_struct *from, 399 struct task_struct *to, 400 struct file *file) 401 { 402 return 0; 403 } 404 405 static inline int security_ptrace_access_check(struct task_struct *child, 406 unsigned int mode) 407 { 408 return cap_ptrace_access_check(child, mode); 409 } 410 411 static inline int security_ptrace_traceme(struct task_struct *parent) 412 { 413 return cap_ptrace_traceme(parent); 414 } 415 416 static inline int security_capget(struct task_struct *target, 417 kernel_cap_t *effective, 418 kernel_cap_t *inheritable, 419 kernel_cap_t *permitted) 420 { 421 return cap_capget(target, effective, inheritable, permitted); 422 } 423 424 static inline int security_capset(struct cred *new, 425 const struct cred *old, 426 const kernel_cap_t *effective, 427 const kernel_cap_t *inheritable, 428 const kernel_cap_t *permitted) 429 { 430 return cap_capset(new, old, effective, inheritable, permitted); 431 } 432 433 static inline int security_capable(const struct cred *cred, 434 struct user_namespace *ns, int cap) 435 { 436 return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT); 437 } 438 439 static inline int security_capable_noaudit(const struct cred *cred, 440 struct user_namespace *ns, int cap) { 441 return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT); 442 } 443 444 static inline int security_quotactl(int cmds, int type, int id, 445 struct super_block *sb) 446 { 447 return 0; 448 } 449 450 static inline int security_quota_on(struct dentry *dentry) 451 { 452 return 0; 453 } 454 455 static inline int security_syslog(int type) 456 { 457 return 0; 458 } 459 460 static inline int security_settime(const struct timespec *ts, 461 const struct timezone *tz) 462 { 463 return cap_settime(ts, tz); 464 } 465 466 static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) 467 { 468 return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages)); 469 } 470 471 static inline int security_bprm_set_creds(struct linux_binprm *bprm) 472 { 473 return cap_bprm_set_creds(bprm); 474 } 475 476 static inline int security_bprm_check(struct linux_binprm *bprm) 477 { 478 return 0; 479 } 480 481 static inline void security_bprm_committing_creds(struct linux_binprm *bprm) 482 { 483 } 484 485 static inline void security_bprm_committed_creds(struct linux_binprm *bprm) 486 { 487 } 488 489 static inline int security_bprm_secureexec(struct linux_binprm *bprm) 490 { 491 return cap_bprm_secureexec(bprm); 492 } 493 494 static inline int security_sb_alloc(struct super_block *sb) 495 { 496 return 0; 497 } 498 499 static inline void security_sb_free(struct super_block *sb) 500 { } 501 502 static inline int security_sb_copy_data(char *orig, char *copy) 503 { 504 return 0; 505 } 506 507 static inline int security_sb_remount(struct super_block *sb, void *data) 508 { 509 return 0; 510 } 511 512 static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data) 513 { 514 return 0; 515 } 516 517 static inline int security_sb_show_options(struct seq_file *m, 518 struct super_block *sb) 519 { 520 return 0; 521 } 522 523 static inline int security_sb_statfs(struct dentry *dentry) 524 { 525 return 0; 526 } 527 528 static inline int security_sb_mount(const char *dev_name, struct path *path, 529 const char *type, unsigned long flags, 530 void *data) 531 { 532 return 0; 533 } 534 535 static inline int security_sb_umount(struct vfsmount *mnt, int flags) 536 { 537 return 0; 538 } 539 540 static inline int security_sb_pivotroot(struct path *old_path, 541 struct path *new_path) 542 { 543 return 0; 544 } 545 546 static inline int security_sb_set_mnt_opts(struct super_block *sb, 547 struct security_mnt_opts *opts, 548 unsigned long kern_flags, 549 unsigned long *set_kern_flags) 550 { 551 return 0; 552 } 553 554 static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb, 555 struct super_block *newsb) 556 { 557 return 0; 558 } 559 560 static inline int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts) 561 { 562 return 0; 563 } 564 565 static inline int security_inode_alloc(struct inode *inode) 566 { 567 return 0; 568 } 569 570 static inline void security_inode_free(struct inode *inode) 571 { } 572 573 static inline int security_dentry_init_security(struct dentry *dentry, 574 int mode, 575 struct qstr *name, 576 void **ctx, 577 u32 *ctxlen) 578 { 579 return -EOPNOTSUPP; 580 } 581 582 583 static inline int security_inode_init_security(struct inode *inode, 584 struct inode *dir, 585 const struct qstr *qstr, 586 const initxattrs xattrs, 587 void *fs_data) 588 { 589 return 0; 590 } 591 592 static inline int security_old_inode_init_security(struct inode *inode, 593 struct inode *dir, 594 const struct qstr *qstr, 595 const char **name, 596 void **value, size_t *len) 597 { 598 return -EOPNOTSUPP; 599 } 600 601 static inline int security_inode_create(struct inode *dir, 602 struct dentry *dentry, 603 umode_t mode) 604 { 605 return 0; 606 } 607 608 static inline int security_inode_link(struct dentry *old_dentry, 609 struct inode *dir, 610 struct dentry *new_dentry) 611 { 612 return 0; 613 } 614 615 static inline int security_inode_unlink(struct inode *dir, 616 struct dentry *dentry) 617 { 618 return 0; 619 } 620 621 static inline int security_inode_symlink(struct inode *dir, 622 struct dentry *dentry, 623 const char *old_name) 624 { 625 return 0; 626 } 627 628 static inline int security_inode_mkdir(struct inode *dir, 629 struct dentry *dentry, 630 int mode) 631 { 632 return 0; 633 } 634 635 static inline int security_inode_rmdir(struct inode *dir, 636 struct dentry *dentry) 637 { 638 return 0; 639 } 640 641 static inline int security_inode_mknod(struct inode *dir, 642 struct dentry *dentry, 643 int mode, dev_t dev) 644 { 645 return 0; 646 } 647 648 static inline int security_inode_rename(struct inode *old_dir, 649 struct dentry *old_dentry, 650 struct inode *new_dir, 651 struct dentry *new_dentry, 652 unsigned int flags) 653 { 654 return 0; 655 } 656 657 static inline int security_inode_readlink(struct dentry *dentry) 658 { 659 return 0; 660 } 661 662 static inline int security_inode_follow_link(struct dentry *dentry, 663 struct nameidata *nd) 664 { 665 return 0; 666 } 667 668 static inline int security_inode_permission(struct inode *inode, int mask) 669 { 670 return 0; 671 } 672 673 static inline int security_inode_setattr(struct dentry *dentry, 674 struct iattr *attr) 675 { 676 return 0; 677 } 678 679 static inline int security_inode_getattr(const struct path *path) 680 { 681 return 0; 682 } 683 684 static inline int security_inode_setxattr(struct dentry *dentry, 685 const char *name, const void *value, size_t size, int flags) 686 { 687 return cap_inode_setxattr(dentry, name, value, size, flags); 688 } 689 690 static inline void security_inode_post_setxattr(struct dentry *dentry, 691 const char *name, const void *value, size_t size, int flags) 692 { } 693 694 static inline int security_inode_getxattr(struct dentry *dentry, 695 const char *name) 696 { 697 return 0; 698 } 699 700 static inline int security_inode_listxattr(struct dentry *dentry) 701 { 702 return 0; 703 } 704 705 static inline int security_inode_removexattr(struct dentry *dentry, 706 const char *name) 707 { 708 return cap_inode_removexattr(dentry, name); 709 } 710 711 static inline int security_inode_need_killpriv(struct dentry *dentry) 712 { 713 return cap_inode_need_killpriv(dentry); 714 } 715 716 static inline int security_inode_killpriv(struct dentry *dentry) 717 { 718 return cap_inode_killpriv(dentry); 719 } 720 721 static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc) 722 { 723 return -EOPNOTSUPP; 724 } 725 726 static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags) 727 { 728 return -EOPNOTSUPP; 729 } 730 731 static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size) 732 { 733 return 0; 734 } 735 736 static inline void security_inode_getsecid(const struct inode *inode, u32 *secid) 737 { 738 *secid = 0; 739 } 740 741 static inline int security_file_permission(struct file *file, int mask) 742 { 743 return 0; 744 } 745 746 static inline int security_file_alloc(struct file *file) 747 { 748 return 0; 749 } 750 751 static inline void security_file_free(struct file *file) 752 { } 753 754 static inline int security_file_ioctl(struct file *file, unsigned int cmd, 755 unsigned long arg) 756 { 757 return 0; 758 } 759 760 static inline int security_mmap_file(struct file *file, unsigned long prot, 761 unsigned long flags) 762 { 763 return 0; 764 } 765 766 static inline int security_mmap_addr(unsigned long addr) 767 { 768 return cap_mmap_addr(addr); 769 } 770 771 static inline int security_file_mprotect(struct vm_area_struct *vma, 772 unsigned long reqprot, 773 unsigned long prot) 774 { 775 return 0; 776 } 777 778 static inline int security_file_lock(struct file *file, unsigned int cmd) 779 { 780 return 0; 781 } 782 783 static inline int security_file_fcntl(struct file *file, unsigned int cmd, 784 unsigned long arg) 785 { 786 return 0; 787 } 788 789 static inline void security_file_set_fowner(struct file *file) 790 { 791 return; 792 } 793 794 static inline int security_file_send_sigiotask(struct task_struct *tsk, 795 struct fown_struct *fown, 796 int sig) 797 { 798 return 0; 799 } 800 801 static inline int security_file_receive(struct file *file) 802 { 803 return 0; 804 } 805 806 static inline int security_file_open(struct file *file, 807 const struct cred *cred) 808 { 809 return 0; 810 } 811 812 static inline int security_task_create(unsigned long clone_flags) 813 { 814 return 0; 815 } 816 817 static inline void security_task_free(struct task_struct *task) 818 { } 819 820 static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp) 821 { 822 return 0; 823 } 824 825 static inline void security_cred_free(struct cred *cred) 826 { } 827 828 static inline int security_prepare_creds(struct cred *new, 829 const struct cred *old, 830 gfp_t gfp) 831 { 832 return 0; 833 } 834 835 static inline void security_transfer_creds(struct cred *new, 836 const struct cred *old) 837 { 838 } 839 840 static inline int security_kernel_act_as(struct cred *cred, u32 secid) 841 { 842 return 0; 843 } 844 845 static inline int security_kernel_create_files_as(struct cred *cred, 846 struct inode *inode) 847 { 848 return 0; 849 } 850 851 static inline int security_kernel_fw_from_file(struct file *file, 852 char *buf, size_t size) 853 { 854 return 0; 855 } 856 857 static inline int security_kernel_module_request(char *kmod_name) 858 { 859 return 0; 860 } 861 862 static inline int security_kernel_module_from_file(struct file *file) 863 { 864 return 0; 865 } 866 867 static inline int security_task_fix_setuid(struct cred *new, 868 const struct cred *old, 869 int flags) 870 { 871 return cap_task_fix_setuid(new, old, flags); 872 } 873 874 static inline int security_task_setpgid(struct task_struct *p, pid_t pgid) 875 { 876 return 0; 877 } 878 879 static inline int security_task_getpgid(struct task_struct *p) 880 { 881 return 0; 882 } 883 884 static inline int security_task_getsid(struct task_struct *p) 885 { 886 return 0; 887 } 888 889 static inline void security_task_getsecid(struct task_struct *p, u32 *secid) 890 { 891 *secid = 0; 892 } 893 894 static inline int security_task_setnice(struct task_struct *p, int nice) 895 { 896 return cap_task_setnice(p, nice); 897 } 898 899 static inline int security_task_setioprio(struct task_struct *p, int ioprio) 900 { 901 return cap_task_setioprio(p, ioprio); 902 } 903 904 static inline int security_task_getioprio(struct task_struct *p) 905 { 906 return 0; 907 } 908 909 static inline int security_task_setrlimit(struct task_struct *p, 910 unsigned int resource, 911 struct rlimit *new_rlim) 912 { 913 return 0; 914 } 915 916 static inline int security_task_setscheduler(struct task_struct *p) 917 { 918 return cap_task_setscheduler(p); 919 } 920 921 static inline int security_task_getscheduler(struct task_struct *p) 922 { 923 return 0; 924 } 925 926 static inline int security_task_movememory(struct task_struct *p) 927 { 928 return 0; 929 } 930 931 static inline int security_task_kill(struct task_struct *p, 932 struct siginfo *info, int sig, 933 u32 secid) 934 { 935 return 0; 936 } 937 938 static inline int security_task_wait(struct task_struct *p) 939 { 940 return 0; 941 } 942 943 static inline int security_task_prctl(int option, unsigned long arg2, 944 unsigned long arg3, 945 unsigned long arg4, 946 unsigned long arg5) 947 { 948 return cap_task_prctl(option, arg2, arg3, arg3, arg5); 949 } 950 951 static inline void security_task_to_inode(struct task_struct *p, struct inode *inode) 952 { } 953 954 static inline int security_ipc_permission(struct kern_ipc_perm *ipcp, 955 short flag) 956 { 957 return 0; 958 } 959 960 static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid) 961 { 962 *secid = 0; 963 } 964 965 static inline int security_msg_msg_alloc(struct msg_msg *msg) 966 { 967 return 0; 968 } 969 970 static inline void security_msg_msg_free(struct msg_msg *msg) 971 { } 972 973 static inline int security_msg_queue_alloc(struct msg_queue *msq) 974 { 975 return 0; 976 } 977 978 static inline void security_msg_queue_free(struct msg_queue *msq) 979 { } 980 981 static inline int security_msg_queue_associate(struct msg_queue *msq, 982 int msqflg) 983 { 984 return 0; 985 } 986 987 static inline int security_msg_queue_msgctl(struct msg_queue *msq, int cmd) 988 { 989 return 0; 990 } 991 992 static inline int security_msg_queue_msgsnd(struct msg_queue *msq, 993 struct msg_msg *msg, int msqflg) 994 { 995 return 0; 996 } 997 998 static inline int security_msg_queue_msgrcv(struct msg_queue *msq, 999 struct msg_msg *msg, 1000 struct task_struct *target, 1001 long type, int mode) 1002 { 1003 return 0; 1004 } 1005 1006 static inline int security_shm_alloc(struct shmid_kernel *shp) 1007 { 1008 return 0; 1009 } 1010 1011 static inline void security_shm_free(struct shmid_kernel *shp) 1012 { } 1013 1014 static inline int security_shm_associate(struct shmid_kernel *shp, 1015 int shmflg) 1016 { 1017 return 0; 1018 } 1019 1020 static inline int security_shm_shmctl(struct shmid_kernel *shp, int cmd) 1021 { 1022 return 0; 1023 } 1024 1025 static inline int security_shm_shmat(struct shmid_kernel *shp, 1026 char __user *shmaddr, int shmflg) 1027 { 1028 return 0; 1029 } 1030 1031 static inline int security_sem_alloc(struct sem_array *sma) 1032 { 1033 return 0; 1034 } 1035 1036 static inline void security_sem_free(struct sem_array *sma) 1037 { } 1038 1039 static inline int security_sem_associate(struct sem_array *sma, int semflg) 1040 { 1041 return 0; 1042 } 1043 1044 static inline int security_sem_semctl(struct sem_array *sma, int cmd) 1045 { 1046 return 0; 1047 } 1048 1049 static inline int security_sem_semop(struct sem_array *sma, 1050 struct sembuf *sops, unsigned nsops, 1051 int alter) 1052 { 1053 return 0; 1054 } 1055 1056 static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode) 1057 { } 1058 1059 static inline int security_getprocattr(struct task_struct *p, char *name, char **value) 1060 { 1061 return -EINVAL; 1062 } 1063 1064 static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size) 1065 { 1066 return -EINVAL; 1067 } 1068 1069 static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb) 1070 { 1071 return 0; 1072 } 1073 1074 static inline int security_ismaclabel(const char *name) 1075 { 1076 return 0; 1077 } 1078 1079 static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 1080 { 1081 return -EOPNOTSUPP; 1082 } 1083 1084 static inline int security_secctx_to_secid(const char *secdata, 1085 u32 seclen, 1086 u32 *secid) 1087 { 1088 return -EOPNOTSUPP; 1089 } 1090 1091 static inline void security_release_secctx(char *secdata, u32 seclen) 1092 { 1093 } 1094 1095 static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) 1096 { 1097 return -EOPNOTSUPP; 1098 } 1099 static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) 1100 { 1101 return -EOPNOTSUPP; 1102 } 1103 static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) 1104 { 1105 return -EOPNOTSUPP; 1106 } 1107 #endif /* CONFIG_SECURITY */ 1108 1109 #ifdef CONFIG_SECURITY_NETWORK 1110 1111 int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk); 1112 int security_unix_may_send(struct socket *sock, struct socket *other); 1113 int security_socket_create(int family, int type, int protocol, int kern); 1114 int security_socket_post_create(struct socket *sock, int family, 1115 int type, int protocol, int kern); 1116 int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen); 1117 int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen); 1118 int security_socket_listen(struct socket *sock, int backlog); 1119 int security_socket_accept(struct socket *sock, struct socket *newsock); 1120 int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size); 1121 int security_socket_recvmsg(struct socket *sock, struct msghdr *msg, 1122 int size, int flags); 1123 int security_socket_getsockname(struct socket *sock); 1124 int security_socket_getpeername(struct socket *sock); 1125 int security_socket_getsockopt(struct socket *sock, int level, int optname); 1126 int security_socket_setsockopt(struct socket *sock, int level, int optname); 1127 int security_socket_shutdown(struct socket *sock, int how); 1128 int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb); 1129 int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, 1130 int __user *optlen, unsigned len); 1131 int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid); 1132 int security_sk_alloc(struct sock *sk, int family, gfp_t priority); 1133 void security_sk_free(struct sock *sk); 1134 void security_sk_clone(const struct sock *sk, struct sock *newsk); 1135 void security_sk_classify_flow(struct sock *sk, struct flowi *fl); 1136 void security_req_classify_flow(const struct request_sock *req, struct flowi *fl); 1137 void security_sock_graft(struct sock*sk, struct socket *parent); 1138 int security_inet_conn_request(struct sock *sk, 1139 struct sk_buff *skb, struct request_sock *req); 1140 void security_inet_csk_clone(struct sock *newsk, 1141 const struct request_sock *req); 1142 void security_inet_conn_established(struct sock *sk, 1143 struct sk_buff *skb); 1144 int security_secmark_relabel_packet(u32 secid); 1145 void security_secmark_refcount_inc(void); 1146 void security_secmark_refcount_dec(void); 1147 int security_tun_dev_alloc_security(void **security); 1148 void security_tun_dev_free_security(void *security); 1149 int security_tun_dev_create(void); 1150 int security_tun_dev_attach_queue(void *security); 1151 int security_tun_dev_attach(struct sock *sk, void *security); 1152 int security_tun_dev_open(void *security); 1153 1154 #else /* CONFIG_SECURITY_NETWORK */ 1155 static inline int security_unix_stream_connect(struct sock *sock, 1156 struct sock *other, 1157 struct sock *newsk) 1158 { 1159 return 0; 1160 } 1161 1162 static inline int security_unix_may_send(struct socket *sock, 1163 struct socket *other) 1164 { 1165 return 0; 1166 } 1167 1168 static inline int security_socket_create(int family, int type, 1169 int protocol, int kern) 1170 { 1171 return 0; 1172 } 1173 1174 static inline int security_socket_post_create(struct socket *sock, 1175 int family, 1176 int type, 1177 int protocol, int kern) 1178 { 1179 return 0; 1180 } 1181 1182 static inline int security_socket_bind(struct socket *sock, 1183 struct sockaddr *address, 1184 int addrlen) 1185 { 1186 return 0; 1187 } 1188 1189 static inline int security_socket_connect(struct socket *sock, 1190 struct sockaddr *address, 1191 int addrlen) 1192 { 1193 return 0; 1194 } 1195 1196 static inline int security_socket_listen(struct socket *sock, int backlog) 1197 { 1198 return 0; 1199 } 1200 1201 static inline int security_socket_accept(struct socket *sock, 1202 struct socket *newsock) 1203 { 1204 return 0; 1205 } 1206 1207 static inline int security_socket_sendmsg(struct socket *sock, 1208 struct msghdr *msg, int size) 1209 { 1210 return 0; 1211 } 1212 1213 static inline int security_socket_recvmsg(struct socket *sock, 1214 struct msghdr *msg, int size, 1215 int flags) 1216 { 1217 return 0; 1218 } 1219 1220 static inline int security_socket_getsockname(struct socket *sock) 1221 { 1222 return 0; 1223 } 1224 1225 static inline int security_socket_getpeername(struct socket *sock) 1226 { 1227 return 0; 1228 } 1229 1230 static inline int security_socket_getsockopt(struct socket *sock, 1231 int level, int optname) 1232 { 1233 return 0; 1234 } 1235 1236 static inline int security_socket_setsockopt(struct socket *sock, 1237 int level, int optname) 1238 { 1239 return 0; 1240 } 1241 1242 static inline int security_socket_shutdown(struct socket *sock, int how) 1243 { 1244 return 0; 1245 } 1246 static inline int security_sock_rcv_skb(struct sock *sk, 1247 struct sk_buff *skb) 1248 { 1249 return 0; 1250 } 1251 1252 static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, 1253 int __user *optlen, unsigned len) 1254 { 1255 return -ENOPROTOOPT; 1256 } 1257 1258 static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) 1259 { 1260 return -ENOPROTOOPT; 1261 } 1262 1263 static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority) 1264 { 1265 return 0; 1266 } 1267 1268 static inline void security_sk_free(struct sock *sk) 1269 { 1270 } 1271 1272 static inline void security_sk_clone(const struct sock *sk, struct sock *newsk) 1273 { 1274 } 1275 1276 static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl) 1277 { 1278 } 1279 1280 static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl) 1281 { 1282 } 1283 1284 static inline void security_sock_graft(struct sock *sk, struct socket *parent) 1285 { 1286 } 1287 1288 static inline int security_inet_conn_request(struct sock *sk, 1289 struct sk_buff *skb, struct request_sock *req) 1290 { 1291 return 0; 1292 } 1293 1294 static inline void security_inet_csk_clone(struct sock *newsk, 1295 const struct request_sock *req) 1296 { 1297 } 1298 1299 static inline void security_inet_conn_established(struct sock *sk, 1300 struct sk_buff *skb) 1301 { 1302 } 1303 1304 static inline int security_secmark_relabel_packet(u32 secid) 1305 { 1306 return 0; 1307 } 1308 1309 static inline void security_secmark_refcount_inc(void) 1310 { 1311 } 1312 1313 static inline void security_secmark_refcount_dec(void) 1314 { 1315 } 1316 1317 static inline int security_tun_dev_alloc_security(void **security) 1318 { 1319 return 0; 1320 } 1321 1322 static inline void security_tun_dev_free_security(void *security) 1323 { 1324 } 1325 1326 static inline int security_tun_dev_create(void) 1327 { 1328 return 0; 1329 } 1330 1331 static inline int security_tun_dev_attach_queue(void *security) 1332 { 1333 return 0; 1334 } 1335 1336 static inline int security_tun_dev_attach(struct sock *sk, void *security) 1337 { 1338 return 0; 1339 } 1340 1341 static inline int security_tun_dev_open(void *security) 1342 { 1343 return 0; 1344 } 1345 #endif /* CONFIG_SECURITY_NETWORK */ 1346 1347 #ifdef CONFIG_SECURITY_NETWORK_XFRM 1348 1349 int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, 1350 struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp); 1351 int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp); 1352 void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx); 1353 int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx); 1354 int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx); 1355 int security_xfrm_state_alloc_acquire(struct xfrm_state *x, 1356 struct xfrm_sec_ctx *polsec, u32 secid); 1357 int security_xfrm_state_delete(struct xfrm_state *x); 1358 void security_xfrm_state_free(struct xfrm_state *x); 1359 int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir); 1360 int security_xfrm_state_pol_flow_match(struct xfrm_state *x, 1361 struct xfrm_policy *xp, 1362 const struct flowi *fl); 1363 int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid); 1364 void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl); 1365 1366 #else /* CONFIG_SECURITY_NETWORK_XFRM */ 1367 1368 static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, 1369 struct xfrm_user_sec_ctx *sec_ctx, 1370 gfp_t gfp) 1371 { 1372 return 0; 1373 } 1374 1375 static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp) 1376 { 1377 return 0; 1378 } 1379 1380 static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx) 1381 { 1382 } 1383 1384 static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) 1385 { 1386 return 0; 1387 } 1388 1389 static inline int security_xfrm_state_alloc(struct xfrm_state *x, 1390 struct xfrm_user_sec_ctx *sec_ctx) 1391 { 1392 return 0; 1393 } 1394 1395 static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x, 1396 struct xfrm_sec_ctx *polsec, u32 secid) 1397 { 1398 return 0; 1399 } 1400 1401 static inline void security_xfrm_state_free(struct xfrm_state *x) 1402 { 1403 } 1404 1405 static inline int security_xfrm_state_delete(struct xfrm_state *x) 1406 { 1407 return 0; 1408 } 1409 1410 static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) 1411 { 1412 return 0; 1413 } 1414 1415 static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x, 1416 struct xfrm_policy *xp, const struct flowi *fl) 1417 { 1418 return 1; 1419 } 1420 1421 static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) 1422 { 1423 return 0; 1424 } 1425 1426 static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl) 1427 { 1428 } 1429 1430 #endif /* CONFIG_SECURITY_NETWORK_XFRM */ 1431 1432 #ifdef CONFIG_SECURITY_PATH 1433 int security_path_unlink(struct path *dir, struct dentry *dentry); 1434 int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode); 1435 int security_path_rmdir(struct path *dir, struct dentry *dentry); 1436 int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, 1437 unsigned int dev); 1438 int security_path_truncate(struct path *path); 1439 int security_path_symlink(struct path *dir, struct dentry *dentry, 1440 const char *old_name); 1441 int security_path_link(struct dentry *old_dentry, struct path *new_dir, 1442 struct dentry *new_dentry); 1443 int security_path_rename(struct path *old_dir, struct dentry *old_dentry, 1444 struct path *new_dir, struct dentry *new_dentry, 1445 unsigned int flags); 1446 int security_path_chmod(struct path *path, umode_t mode); 1447 int security_path_chown(struct path *path, kuid_t uid, kgid_t gid); 1448 int security_path_chroot(struct path *path); 1449 #else /* CONFIG_SECURITY_PATH */ 1450 static inline int security_path_unlink(struct path *dir, struct dentry *dentry) 1451 { 1452 return 0; 1453 } 1454 1455 static inline int security_path_mkdir(struct path *dir, struct dentry *dentry, 1456 umode_t mode) 1457 { 1458 return 0; 1459 } 1460 1461 static inline int security_path_rmdir(struct path *dir, struct dentry *dentry) 1462 { 1463 return 0; 1464 } 1465 1466 static inline int security_path_mknod(struct path *dir, struct dentry *dentry, 1467 umode_t mode, unsigned int dev) 1468 { 1469 return 0; 1470 } 1471 1472 static inline int security_path_truncate(struct path *path) 1473 { 1474 return 0; 1475 } 1476 1477 static inline int security_path_symlink(struct path *dir, struct dentry *dentry, 1478 const char *old_name) 1479 { 1480 return 0; 1481 } 1482 1483 static inline int security_path_link(struct dentry *old_dentry, 1484 struct path *new_dir, 1485 struct dentry *new_dentry) 1486 { 1487 return 0; 1488 } 1489 1490 static inline int security_path_rename(struct path *old_dir, 1491 struct dentry *old_dentry, 1492 struct path *new_dir, 1493 struct dentry *new_dentry, 1494 unsigned int flags) 1495 { 1496 return 0; 1497 } 1498 1499 static inline int security_path_chmod(struct path *path, umode_t mode) 1500 { 1501 return 0; 1502 } 1503 1504 static inline int security_path_chown(struct path *path, kuid_t uid, kgid_t gid) 1505 { 1506 return 0; 1507 } 1508 1509 static inline int security_path_chroot(struct path *path) 1510 { 1511 return 0; 1512 } 1513 #endif /* CONFIG_SECURITY_PATH */ 1514 1515 #ifdef CONFIG_KEYS 1516 #ifdef CONFIG_SECURITY 1517 1518 int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags); 1519 void security_key_free(struct key *key); 1520 int security_key_permission(key_ref_t key_ref, 1521 const struct cred *cred, unsigned perm); 1522 int security_key_getsecurity(struct key *key, char **_buffer); 1523 1524 #else 1525 1526 static inline int security_key_alloc(struct key *key, 1527 const struct cred *cred, 1528 unsigned long flags) 1529 { 1530 return 0; 1531 } 1532 1533 static inline void security_key_free(struct key *key) 1534 { 1535 } 1536 1537 static inline int security_key_permission(key_ref_t key_ref, 1538 const struct cred *cred, 1539 unsigned perm) 1540 { 1541 return 0; 1542 } 1543 1544 static inline int security_key_getsecurity(struct key *key, char **_buffer) 1545 { 1546 *_buffer = NULL; 1547 return 0; 1548 } 1549 1550 #endif 1551 #endif /* CONFIG_KEYS */ 1552 1553 #ifdef CONFIG_AUDIT 1554 #ifdef CONFIG_SECURITY 1555 int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); 1556 int security_audit_rule_known(struct audit_krule *krule); 1557 int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, 1558 struct audit_context *actx); 1559 void security_audit_rule_free(void *lsmrule); 1560 1561 #else 1562 1563 static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr, 1564 void **lsmrule) 1565 { 1566 return 0; 1567 } 1568 1569 static inline int security_audit_rule_known(struct audit_krule *krule) 1570 { 1571 return 0; 1572 } 1573 1574 static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, 1575 void *lsmrule, struct audit_context *actx) 1576 { 1577 return 0; 1578 } 1579 1580 static inline void security_audit_rule_free(void *lsmrule) 1581 { } 1582 1583 #endif /* CONFIG_SECURITY */ 1584 #endif /* CONFIG_AUDIT */ 1585 1586 #ifdef CONFIG_SECURITYFS 1587 1588 extern struct dentry *securityfs_create_file(const char *name, umode_t mode, 1589 struct dentry *parent, void *data, 1590 const struct file_operations *fops); 1591 extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent); 1592 extern void securityfs_remove(struct dentry *dentry); 1593 1594 #else /* CONFIG_SECURITYFS */ 1595 1596 static inline struct dentry *securityfs_create_dir(const char *name, 1597 struct dentry *parent) 1598 { 1599 return ERR_PTR(-ENODEV); 1600 } 1601 1602 static inline struct dentry *securityfs_create_file(const char *name, 1603 umode_t mode, 1604 struct dentry *parent, 1605 void *data, 1606 const struct file_operations *fops) 1607 { 1608 return ERR_PTR(-ENODEV); 1609 } 1610 1611 static inline void securityfs_remove(struct dentry *dentry) 1612 {} 1613 1614 #endif 1615 1616 #ifdef CONFIG_SECURITY 1617 1618 static inline char *alloc_secdata(void) 1619 { 1620 return (char *)get_zeroed_page(GFP_KERNEL); 1621 } 1622 1623 static inline void free_secdata(void *secdata) 1624 { 1625 free_page((unsigned long)secdata); 1626 } 1627 1628 #else 1629 1630 static inline char *alloc_secdata(void) 1631 { 1632 return (char *)1; 1633 } 1634 1635 static inline void free_secdata(void *secdata) 1636 { } 1637 #endif /* CONFIG_SECURITY */ 1638 1639 #endif /* ! __LINUX_SECURITY_H */ 1640 1641