Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
security.h
Go to the documentation of this file.
1 /*
2  * Linux Security plug
3  *
4  * Copyright (C) 2001 WireX Communications, Inc <[email protected]>
5  * Copyright (C) 2001 Greg Kroah-Hartman <[email protected]>
6  * Copyright (C) 2001 Networks Associates Technology, Inc <[email protected]>
7  * Copyright (C) 2001 James Morris <[email protected]>
8  * Copyright (C) 2001 Silicon Graphics, Inc. (Trust Technology Group)
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License as published by
12  * the Free Software Foundation; either version 2 of the License, or
13  * (at your option) any later version.
14  *
15  * Due to this file being licensed under the GPL there is controversy over
16  * whether this permits you to write a module that #includes this file
17  * without placing your module under the GPL. Please consult a lawyer for
18  * advice before doing this.
19  *
20  */
21 
22 #ifndef __LINUX_SECURITY_H
23 #define __LINUX_SECURITY_H
24 
25 #include <linux/key.h>
26 #include <linux/capability.h>
27 #include <linux/slab.h>
28 #include <linux/err.h>
29 
30 struct linux_binprm;
31 struct cred;
32 struct rlimit;
33 struct siginfo;
34 struct sem_array;
35 struct sembuf;
36 struct kern_ipc_perm;
37 struct audit_context;
38 struct super_block;
39 struct inode;
40 struct dentry;
41 struct file;
42 struct vfsmount;
43 struct path;
44 struct qstr;
45 struct nameidata;
46 struct iattr;
47 struct fown_struct;
48 struct file_operations;
49 struct shmid_kernel;
50 struct msg_msg;
51 struct msg_queue;
52 struct xattr;
53 struct xfrm_sec_ctx;
54 struct mm_struct;
55 
56 /* Maximum number of letters for an LSM name string */
57 #define SECURITY_NAME_MAX 10
58 
59 /* If capable should audit the security request */
60 #define SECURITY_CAP_NOAUDIT 0
61 #define SECURITY_CAP_AUDIT 1
62 
63 struct ctl_table;
64 struct audit_krule;
65 struct user_namespace;
66 struct timezone;
67 
68 /*
69  * These functions are in security/capability.c and are used
70  * as the default capabilities functions
71  */
72 extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
73  int cap, int audit);
74 extern int cap_settime(const struct timespec *ts, const struct timezone *tz);
75 extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
76 extern int cap_ptrace_traceme(struct task_struct *parent);
77 extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
78 extern int cap_capset(struct cred *new, const struct cred *old,
79  const kernel_cap_t *effective,
80  const kernel_cap_t *inheritable,
81  const kernel_cap_t *permitted);
82 extern int cap_bprm_set_creds(struct linux_binprm *bprm);
83 extern int cap_bprm_secureexec(struct linux_binprm *bprm);
84 extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
85  const void *value, size_t size, int flags);
86 extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
87 extern int cap_inode_need_killpriv(struct dentry *dentry);
88 extern int cap_inode_killpriv(struct dentry *dentry);
89 extern int cap_mmap_addr(unsigned long addr);
90 extern int cap_mmap_file(struct file *file, unsigned long reqprot,
91  unsigned long prot, unsigned long flags);
92 extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
93 extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
94  unsigned long arg4, unsigned long arg5);
95 extern int cap_task_setscheduler(struct task_struct *p);
96 extern int cap_task_setioprio(struct task_struct *p, int ioprio);
97 extern int cap_task_setnice(struct task_struct *p, int nice);
98 extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
99 
100 struct msghdr;
101 struct sk_buff;
102 struct sock;
103 struct sockaddr;
104 struct socket;
105 struct flowi;
106 struct dst_entry;
107 struct xfrm_selector;
108 struct xfrm_policy;
109 struct xfrm_state;
110 struct xfrm_user_sec_ctx;
111 struct seq_file;
112 
113 extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
114 
115 void reset_security_ops(void);
116 
117 #ifdef CONFIG_MMU
118 extern unsigned long mmap_min_addr;
119 extern unsigned long dac_mmap_min_addr;
120 #else
121 #define mmap_min_addr 0UL
122 #define dac_mmap_min_addr 0UL
123 #endif
124 
125 /*
126  * Values used in the task_security_ops calls
127  */
128 /* setuid or setgid, id0 == uid or gid */
129 #define LSM_SETID_ID 1
130 
131 /* setreuid or setregid, id0 == real, id1 == eff */
132 #define LSM_SETID_RE 2
133 
134 /* setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved */
135 #define LSM_SETID_RES 4
136 
137 /* setfsuid or setfsgid, id0 == fsuid or fsgid */
138 #define LSM_SETID_FS 8
139 
140 /* forward declares to avoid warnings */
141 struct sched_param;
142 struct request_sock;
143 
144 /* bprm->unsafe reasons */
145 #define LSM_UNSAFE_SHARE 1
146 #define LSM_UNSAFE_PTRACE 2
147 #define LSM_UNSAFE_PTRACE_CAP 4
148 #define LSM_UNSAFE_NO_NEW_PRIVS 8
149 
150 #ifdef CONFIG_MMU
151 extern int mmap_min_addr_handler(struct ctl_table *table, int write,
152  void __user *buffer, size_t *lenp, loff_t *ppos);
153 #endif
154 
155 /* security_inode_init_security callback function to write xattrs */
156 typedef int (*initxattrs) (struct inode *inode,
157  const struct xattr *xattr_array, void *fs_data);
158 
159 #ifdef CONFIG_SECURITY
160 
161 struct security_mnt_opts {
162  char **mnt_opts;
163  int *mnt_opts_flags;
164  int num_mnt_opts;
165 };
166 
167 static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
168 {
169  opts->mnt_opts = NULL;
170  opts->mnt_opts_flags = NULL;
171  opts->num_mnt_opts = 0;
172 }
173 
174 static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
175 {
176  int i;
177  if (opts->mnt_opts)
178  for (i = 0; i < opts->num_mnt_opts; i++)
179  kfree(opts->mnt_opts[i]);
180  kfree(opts->mnt_opts);
181  opts->mnt_opts = NULL;
182  kfree(opts->mnt_opts_flags);
183  opts->mnt_opts_flags = NULL;
184  opts->num_mnt_opts = 0;
185 }
186 
1380 struct security_operations {
1381  char name[SECURITY_NAME_MAX + 1];
1382 
1383  int (*ptrace_access_check) (struct task_struct *child, unsigned int mode);
1384  int (*ptrace_traceme) (struct task_struct *parent);
1385  int (*capget) (struct task_struct *target,
1386  kernel_cap_t *effective,
1387  kernel_cap_t *inheritable, kernel_cap_t *permitted);
1388  int (*capset) (struct cred *new,
1389  const struct cred *old,
1390  const kernel_cap_t *effective,
1391  const kernel_cap_t *inheritable,
1392  const kernel_cap_t *permitted);
1393  int (*capable) (const struct cred *cred, struct user_namespace *ns,
1394  int cap, int audit);
1395  int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
1396  int (*quota_on) (struct dentry *dentry);
1397  int (*syslog) (int type);
1398  int (*settime) (const struct timespec *ts, const struct timezone *tz);
1399  int (*vm_enough_memory) (struct mm_struct *mm, long pages);
1400 
1401  int (*bprm_set_creds) (struct linux_binprm *bprm);
1402  int (*bprm_check_security) (struct linux_binprm *bprm);
1403  int (*bprm_secureexec) (struct linux_binprm *bprm);
1404  void (*bprm_committing_creds) (struct linux_binprm *bprm);
1405  void (*bprm_committed_creds) (struct linux_binprm *bprm);
1406 
1407  int (*sb_alloc_security) (struct super_block *sb);
1408  void (*sb_free_security) (struct super_block *sb);
1409  int (*sb_copy_data) (char *orig, char *copy);
1410  int (*sb_remount) (struct super_block *sb, void *data);
1411  int (*sb_kern_mount) (struct super_block *sb, int flags, void *data);
1412  int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
1413  int (*sb_statfs) (struct dentry *dentry);
1414  int (*sb_mount) (const char *dev_name, struct path *path,
1415  const char *type, unsigned long flags, void *data);
1416  int (*sb_umount) (struct vfsmount *mnt, int flags);
1417  int (*sb_pivotroot) (struct path *old_path,
1418  struct path *new_path);
1419  int (*sb_set_mnt_opts) (struct super_block *sb,
1420  struct security_mnt_opts *opts);
1421  void (*sb_clone_mnt_opts) (const struct super_block *oldsb,
1422  struct super_block *newsb);
1423  int (*sb_parse_opts_str) (char *options, struct security_mnt_opts *opts);
1424 
1425 #ifdef CONFIG_SECURITY_PATH
1426  int (*path_unlink) (struct path *dir, struct dentry *dentry);
1427  int (*path_mkdir) (struct path *dir, struct dentry *dentry, umode_t mode);
1428  int (*path_rmdir) (struct path *dir, struct dentry *dentry);
1429  int (*path_mknod) (struct path *dir, struct dentry *dentry, umode_t mode,
1430  unsigned int dev);
1431  int (*path_truncate) (struct path *path);
1432  int (*path_symlink) (struct path *dir, struct dentry *dentry,
1433  const char *old_name);
1434  int (*path_link) (struct dentry *old_dentry, struct path *new_dir,
1435  struct dentry *new_dentry);
1436  int (*path_rename) (struct path *old_dir, struct dentry *old_dentry,
1437  struct path *new_dir, struct dentry *new_dentry);
1438  int (*path_chmod) (struct path *path, umode_t mode);
1439  int (*path_chown) (struct path *path, kuid_t uid, kgid_t gid);
1440  int (*path_chroot) (struct path *path);
1441 #endif
1442 
1443  int (*inode_alloc_security) (struct inode *inode);
1444  void (*inode_free_security) (struct inode *inode);
1445  int (*inode_init_security) (struct inode *inode, struct inode *dir,
1446  const struct qstr *qstr, char **name,
1447  void **value, size_t *len);
1448  int (*inode_create) (struct inode *dir,
1449  struct dentry *dentry, umode_t mode);
1450  int (*inode_link) (struct dentry *old_dentry,
1451  struct inode *dir, struct dentry *new_dentry);
1452  int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
1453  int (*inode_symlink) (struct inode *dir,
1454  struct dentry *dentry, const char *old_name);
1455  int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, umode_t mode);
1456  int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
1457  int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
1458  umode_t mode, dev_t dev);
1459  int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
1460  struct inode *new_dir, struct dentry *new_dentry);
1461  int (*inode_readlink) (struct dentry *dentry);
1462  int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
1463  int (*inode_permission) (struct inode *inode, int mask);
1464  int (*inode_setattr) (struct dentry *dentry, struct iattr *attr);
1465  int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry);
1466  int (*inode_setxattr) (struct dentry *dentry, const char *name,
1467  const void *value, size_t size, int flags);
1468  void (*inode_post_setxattr) (struct dentry *dentry, const char *name,
1469  const void *value, size_t size, int flags);
1470  int (*inode_getxattr) (struct dentry *dentry, const char *name);
1471  int (*inode_listxattr) (struct dentry *dentry);
1472  int (*inode_removexattr) (struct dentry *dentry, const char *name);
1473  int (*inode_need_killpriv) (struct dentry *dentry);
1474  int (*inode_killpriv) (struct dentry *dentry);
1475  int (*inode_getsecurity) (const struct inode *inode, const char *name, void **buffer, bool alloc);
1476  int (*inode_setsecurity) (struct inode *inode, const char *name, const void *value, size_t size, int flags);
1477  int (*inode_listsecurity) (struct inode *inode, char *buffer, size_t buffer_size);
1478  void (*inode_getsecid) (const struct inode *inode, u32 *secid);
1479 
1480  int (*file_permission) (struct file *file, int mask);
1481  int (*file_alloc_security) (struct file *file);
1482  void (*file_free_security) (struct file *file);
1483  int (*file_ioctl) (struct file *file, unsigned int cmd,
1484  unsigned long arg);
1485  int (*mmap_addr) (unsigned long addr);
1486  int (*mmap_file) (struct file *file,
1487  unsigned long reqprot, unsigned long prot,
1488  unsigned long flags);
1489  int (*file_mprotect) (struct vm_area_struct *vma,
1490  unsigned long reqprot,
1491  unsigned long prot);
1492  int (*file_lock) (struct file *file, unsigned int cmd);
1493  int (*file_fcntl) (struct file *file, unsigned int cmd,
1494  unsigned long arg);
1495  int (*file_set_fowner) (struct file *file);
1496  int (*file_send_sigiotask) (struct task_struct *tsk,
1497  struct fown_struct *fown, int sig);
1498  int (*file_receive) (struct file *file);
1499  int (*file_open) (struct file *file, const struct cred *cred);
1500 
1501  int (*task_create) (unsigned long clone_flags);
1502  void (*task_free) (struct task_struct *task);
1503  int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp);
1504  void (*cred_free) (struct cred *cred);
1505  int (*cred_prepare)(struct cred *new, const struct cred *old,
1506  gfp_t gfp);
1507  void (*cred_transfer)(struct cred *new, const struct cred *old);
1508  int (*kernel_act_as)(struct cred *new, u32 secid);
1509  int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
1510  int (*kernel_module_request)(char *kmod_name);
1511  int (*task_fix_setuid) (struct cred *new, const struct cred *old,
1512  int flags);
1513  int (*task_setpgid) (struct task_struct *p, pid_t pgid);
1514  int (*task_getpgid) (struct task_struct *p);
1515  int (*task_getsid) (struct task_struct *p);
1516  void (*task_getsecid) (struct task_struct *p, u32 *secid);
1517  int (*task_setnice) (struct task_struct *p, int nice);
1518  int (*task_setioprio) (struct task_struct *p, int ioprio);
1519  int (*task_getioprio) (struct task_struct *p);
1520  int (*task_setrlimit) (struct task_struct *p, unsigned int resource,
1521  struct rlimit *new_rlim);
1522  int (*task_setscheduler) (struct task_struct *p);
1523  int (*task_getscheduler) (struct task_struct *p);
1524  int (*task_movememory) (struct task_struct *p);
1525  int (*task_kill) (struct task_struct *p,
1526  struct siginfo *info, int sig, u32 secid);
1527  int (*task_wait) (struct task_struct *p);
1528  int (*task_prctl) (int option, unsigned long arg2,
1529  unsigned long arg3, unsigned long arg4,
1530  unsigned long arg5);
1531  void (*task_to_inode) (struct task_struct *p, struct inode *inode);
1532 
1533  int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag);
1534  void (*ipc_getsecid) (struct kern_ipc_perm *ipcp, u32 *secid);
1535 
1536  int (*msg_msg_alloc_security) (struct msg_msg *msg);
1537  void (*msg_msg_free_security) (struct msg_msg *msg);
1538 
1539  int (*msg_queue_alloc_security) (struct msg_queue *msq);
1540  void (*msg_queue_free_security) (struct msg_queue *msq);
1541  int (*msg_queue_associate) (struct msg_queue *msq, int msqflg);
1542  int (*msg_queue_msgctl) (struct msg_queue *msq, int cmd);
1543  int (*msg_queue_msgsnd) (struct msg_queue *msq,
1544  struct msg_msg *msg, int msqflg);
1545  int (*msg_queue_msgrcv) (struct msg_queue *msq,
1546  struct msg_msg *msg,
1547  struct task_struct *target,
1548  long type, int mode);
1549 
1550  int (*shm_alloc_security) (struct shmid_kernel *shp);
1551  void (*shm_free_security) (struct shmid_kernel *shp);
1552  int (*shm_associate) (struct shmid_kernel *shp, int shmflg);
1553  int (*shm_shmctl) (struct shmid_kernel *shp, int cmd);
1554  int (*shm_shmat) (struct shmid_kernel *shp,
1555  char __user *shmaddr, int shmflg);
1556 
1557  int (*sem_alloc_security) (struct sem_array *sma);
1558  void (*sem_free_security) (struct sem_array *sma);
1559  int (*sem_associate) (struct sem_array *sma, int semflg);
1560  int (*sem_semctl) (struct sem_array *sma, int cmd);
1561  int (*sem_semop) (struct sem_array *sma,
1562  struct sembuf *sops, unsigned nsops, int alter);
1563 
1564  int (*netlink_send) (struct sock *sk, struct sk_buff *skb);
1565 
1566  void (*d_instantiate) (struct dentry *dentry, struct inode *inode);
1567 
1568  int (*getprocattr) (struct task_struct *p, char *name, char **value);
1569  int (*setprocattr) (struct task_struct *p, char *name, void *value, size_t size);
1570  int (*secid_to_secctx) (u32 secid, char **secdata, u32 *seclen);
1571  int (*secctx_to_secid) (const char *secdata, u32 seclen, u32 *secid);
1572  void (*release_secctx) (char *secdata, u32 seclen);
1573 
1574  int (*inode_notifysecctx)(struct inode *inode, void *ctx, u32 ctxlen);
1575  int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen);
1576  int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen);
1577 
1578 #ifdef CONFIG_SECURITY_NETWORK
1579  int (*unix_stream_connect) (struct sock *sock, struct sock *other, struct sock *newsk);
1580  int (*unix_may_send) (struct socket *sock, struct socket *other);
1581 
1582  int (*socket_create) (int family, int type, int protocol, int kern);
1583  int (*socket_post_create) (struct socket *sock, int family,
1584  int type, int protocol, int kern);
1585  int (*socket_bind) (struct socket *sock,
1586  struct sockaddr *address, int addrlen);
1587  int (*socket_connect) (struct socket *sock,
1588  struct sockaddr *address, int addrlen);
1589  int (*socket_listen) (struct socket *sock, int backlog);
1590  int (*socket_accept) (struct socket *sock, struct socket *newsock);
1591  int (*socket_sendmsg) (struct socket *sock,
1592  struct msghdr *msg, int size);
1593  int (*socket_recvmsg) (struct socket *sock,
1594  struct msghdr *msg, int size, int flags);
1595  int (*socket_getsockname) (struct socket *sock);
1596  int (*socket_getpeername) (struct socket *sock);
1597  int (*socket_getsockopt) (struct socket *sock, int level, int optname);
1598  int (*socket_setsockopt) (struct socket *sock, int level, int optname);
1599  int (*socket_shutdown) (struct socket *sock, int how);
1600  int (*socket_sock_rcv_skb) (struct sock *sk, struct sk_buff *skb);
1601  int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
1602  int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
1603  int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
1604  void (*sk_free_security) (struct sock *sk);
1605  void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
1606  void (*sk_getsecid) (struct sock *sk, u32 *secid);
1607  void (*sock_graft) (struct sock *sk, struct socket *parent);
1608  int (*inet_conn_request) (struct sock *sk, struct sk_buff *skb,
1609  struct request_sock *req);
1610  void (*inet_csk_clone) (struct sock *newsk, const struct request_sock *req);
1611  void (*inet_conn_established) (struct sock *sk, struct sk_buff *skb);
1612  int (*secmark_relabel_packet) (u32 secid);
1613  void (*secmark_refcount_inc) (void);
1614  void (*secmark_refcount_dec) (void);
1615  void (*req_classify_flow) (const struct request_sock *req, struct flowi *fl);
1616  int (*tun_dev_create)(void);
1617  void (*tun_dev_post_create)(struct sock *sk);
1618  int (*tun_dev_attach)(struct sock *sk);
1619 #endif /* CONFIG_SECURITY_NETWORK */
1620 
1621 #ifdef CONFIG_SECURITY_NETWORK_XFRM
1622  int (*xfrm_policy_alloc_security) (struct xfrm_sec_ctx **ctxp,
1623  struct xfrm_user_sec_ctx *sec_ctx);
1624  int (*xfrm_policy_clone_security) (struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctx);
1625  void (*xfrm_policy_free_security) (struct xfrm_sec_ctx *ctx);
1626  int (*xfrm_policy_delete_security) (struct xfrm_sec_ctx *ctx);
1627  int (*xfrm_state_alloc_security) (struct xfrm_state *x,
1628  struct xfrm_user_sec_ctx *sec_ctx,
1629  u32 secid);
1630  void (*xfrm_state_free_security) (struct xfrm_state *x);
1631  int (*xfrm_state_delete_security) (struct xfrm_state *x);
1632  int (*xfrm_policy_lookup) (struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
1633  int (*xfrm_state_pol_flow_match) (struct xfrm_state *x,
1634  struct xfrm_policy *xp,
1635  const struct flowi *fl);
1636  int (*xfrm_decode_session) (struct sk_buff *skb, u32 *secid, int ckall);
1637 #endif /* CONFIG_SECURITY_NETWORK_XFRM */
1638 
1639  /* key management security hooks */
1640 #ifdef CONFIG_KEYS
1641  int (*key_alloc) (struct key *key, const struct cred *cred, unsigned long flags);
1642  void (*key_free) (struct key *key);
1643  int (*key_permission) (key_ref_t key_ref,
1644  const struct cred *cred,
1645  key_perm_t perm);
1646  int (*key_getsecurity)(struct key *key, char **_buffer);
1647 #endif /* CONFIG_KEYS */
1648 
1649 #ifdef CONFIG_AUDIT
1650  int (*audit_rule_init) (u32 field, u32 op, char *rulestr, void **lsmrule);
1651  int (*audit_rule_known) (struct audit_krule *krule);
1652  int (*audit_rule_match) (u32 secid, u32 field, u32 op, void *lsmrule,
1653  struct audit_context *actx);
1654  void (*audit_rule_free) (void *lsmrule);
1655 #endif /* CONFIG_AUDIT */
1656 };
1657 
1658 /* prototypes */
1659 extern int security_init(void);
1660 extern int security_module_enable(struct security_operations *ops);
1661 extern int register_security(struct security_operations *ops);
1662 extern void __init security_fixup_ops(struct security_operations *ops);
1663 
1664 
1665 /* Security operations */
1666 int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
1667 int security_ptrace_traceme(struct task_struct *parent);
1668 int security_capget(struct task_struct *target,
1669  kernel_cap_t *effective,
1670  kernel_cap_t *inheritable,
1671  kernel_cap_t *permitted);
1672 int security_capset(struct cred *new, const struct cred *old,
1673  const kernel_cap_t *effective,
1674  const kernel_cap_t *inheritable,
1675  const kernel_cap_t *permitted);
1676 int security_capable(const struct cred *cred, struct user_namespace *ns,
1677  int cap);
1678 int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
1679  int cap);
1680 int security_quotactl(int cmds, int type, int id, struct super_block *sb);
1681 int security_quota_on(struct dentry *dentry);
1682 int security_syslog(int type);
1683 int security_settime(const struct timespec *ts, const struct timezone *tz);
1684 int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
1685 int security_bprm_set_creds(struct linux_binprm *bprm);
1686 int security_bprm_check(struct linux_binprm *bprm);
1687 void security_bprm_committing_creds(struct linux_binprm *bprm);
1688 void security_bprm_committed_creds(struct linux_binprm *bprm);
1689 int security_bprm_secureexec(struct linux_binprm *bprm);
1690 int security_sb_alloc(struct super_block *sb);
1691 void security_sb_free(struct super_block *sb);
1692 int security_sb_copy_data(char *orig, char *copy);
1693 int security_sb_remount(struct super_block *sb, void *data);
1694 int security_sb_kern_mount(struct super_block *sb, int flags, void *data);
1695 int security_sb_show_options(struct seq_file *m, struct super_block *sb);
1696 int security_sb_statfs(struct dentry *dentry);
1697 int security_sb_mount(const char *dev_name, struct path *path,
1698  const char *type, unsigned long flags, void *data);
1699 int security_sb_umount(struct vfsmount *mnt, int flags);
1700 int security_sb_pivotroot(struct path *old_path, struct path *new_path);
1701 int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts);
1702 void security_sb_clone_mnt_opts(const struct super_block *oldsb,
1703  struct super_block *newsb);
1704 int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts);
1705 
1706 int security_inode_alloc(struct inode *inode);
1707 void security_inode_free(struct inode *inode);
1708 int security_inode_init_security(struct inode *inode, struct inode *dir,
1709  const struct qstr *qstr,
1710  initxattrs initxattrs, void *fs_data);
1711 int security_old_inode_init_security(struct inode *inode, struct inode *dir,
1712  const struct qstr *qstr, char **name,
1713  void **value, size_t *len);
1714 int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode);
1715 int security_inode_link(struct dentry *old_dentry, struct inode *dir,
1716  struct dentry *new_dentry);
1717 int security_inode_unlink(struct inode *dir, struct dentry *dentry);
1718 int security_inode_symlink(struct inode *dir, struct dentry *dentry,
1719  const char *old_name);
1720 int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode);
1721 int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
1722 int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev);
1723 int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
1724  struct inode *new_dir, struct dentry *new_dentry);
1725 int security_inode_readlink(struct dentry *dentry);
1726 int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd);
1727 int security_inode_permission(struct inode *inode, int mask);
1728 int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
1729 int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry);
1730 int security_inode_setxattr(struct dentry *dentry, const char *name,
1731  const void *value, size_t size, int flags);
1732 void security_inode_post_setxattr(struct dentry *dentry, const char *name,
1733  const void *value, size_t size, int flags);
1734 int security_inode_getxattr(struct dentry *dentry, const char *name);
1735 int security_inode_listxattr(struct dentry *dentry);
1736 int security_inode_removexattr(struct dentry *dentry, const char *name);
1737 int security_inode_need_killpriv(struct dentry *dentry);
1738 int security_inode_killpriv(struct dentry *dentry);
1739 int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc);
1740 int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
1741 int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
1742 void security_inode_getsecid(const struct inode *inode, u32 *secid);
1743 int security_file_permission(struct file *file, int mask);
1744 int security_file_alloc(struct file *file);
1745 void security_file_free(struct file *file);
1746 int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
1747 int security_mmap_file(struct file *file, unsigned long prot,
1748  unsigned long flags);
1749 int security_mmap_addr(unsigned long addr);
1750 int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
1751  unsigned long prot);
1752 int security_file_lock(struct file *file, unsigned int cmd);
1753 int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
1754 int security_file_set_fowner(struct file *file);
1755 int security_file_send_sigiotask(struct task_struct *tsk,
1756  struct fown_struct *fown, int sig);
1757 int security_file_receive(struct file *file);
1758 int security_file_open(struct file *file, const struct cred *cred);
1759 int security_task_create(unsigned long clone_flags);
1760 void security_task_free(struct task_struct *task);
1761 int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
1762 void security_cred_free(struct cred *cred);
1763 int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
1764 void security_transfer_creds(struct cred *new, const struct cred *old);
1765 int security_kernel_act_as(struct cred *new, u32 secid);
1766 int security_kernel_create_files_as(struct cred *new, struct inode *inode);
1767 int security_kernel_module_request(char *kmod_name);
1768 int security_task_fix_setuid(struct cred *new, const struct cred *old,
1769  int flags);
1770 int security_task_setpgid(struct task_struct *p, pid_t pgid);
1771 int security_task_getpgid(struct task_struct *p);
1772 int security_task_getsid(struct task_struct *p);
1773 void security_task_getsecid(struct task_struct *p, u32 *secid);
1774 int security_task_setnice(struct task_struct *p, int nice);
1775 int security_task_setioprio(struct task_struct *p, int ioprio);
1776 int security_task_getioprio(struct task_struct *p);
1777 int security_task_setrlimit(struct task_struct *p, unsigned int resource,
1778  struct rlimit *new_rlim);
1779 int security_task_setscheduler(struct task_struct *p);
1780 int security_task_getscheduler(struct task_struct *p);
1781 int security_task_movememory(struct task_struct *p);
1782 int security_task_kill(struct task_struct *p, struct siginfo *info,
1783  int sig, u32 secid);
1784 int security_task_wait(struct task_struct *p);
1785 int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
1786  unsigned long arg4, unsigned long arg5);
1787 void security_task_to_inode(struct task_struct *p, struct inode *inode);
1788 int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
1789 void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
1790 int security_msg_msg_alloc(struct msg_msg *msg);
1791 void security_msg_msg_free(struct msg_msg *msg);
1792 int security_msg_queue_alloc(struct msg_queue *msq);
1793 void security_msg_queue_free(struct msg_queue *msq);
1794 int security_msg_queue_associate(struct msg_queue *msq, int msqflg);
1795 int security_msg_queue_msgctl(struct msg_queue *msq, int cmd);
1796 int security_msg_queue_msgsnd(struct msg_queue *msq,
1797  struct msg_msg *msg, int msqflg);
1798 int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
1799  struct task_struct *target, long type, int mode);
1800 int security_shm_alloc(struct shmid_kernel *shp);
1801 void security_shm_free(struct shmid_kernel *shp);
1802 int security_shm_associate(struct shmid_kernel *shp, int shmflg);
1803 int security_shm_shmctl(struct shmid_kernel *shp, int cmd);
1804 int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg);
1805 int security_sem_alloc(struct sem_array *sma);
1806 void security_sem_free(struct sem_array *sma);
1807 int security_sem_associate(struct sem_array *sma, int semflg);
1808 int security_sem_semctl(struct sem_array *sma, int cmd);
1809 int security_sem_semop(struct sem_array *sma, struct sembuf *sops,
1810  unsigned nsops, int alter);
1811 void security_d_instantiate(struct dentry *dentry, struct inode *inode);
1812 int security_getprocattr(struct task_struct *p, char *name, char **value);
1813 int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size);
1814 int security_netlink_send(struct sock *sk, struct sk_buff *skb);
1815 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
1816 int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
1817 void security_release_secctx(char *secdata, u32 seclen);
1818 
1819 int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
1820 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
1821 int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
1822 #else /* CONFIG_SECURITY */
1823 struct security_mnt_opts {
1824 };
1825 
1826 static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
1827 {
1828 }
1829 
1830 static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1831 {
1832 }
1833 
1834 /*
1835  * This is the default capabilities functionality. Most of these functions
1836  * are just stubbed out, but a few must call the proper capable code.
1837  */
1838 
1839 static inline int security_init(void)
1840 {
1841  return 0;
1842 }
1843 
1844 static inline int security_ptrace_access_check(struct task_struct *child,
1845  unsigned int mode)
1846 {
1847  return cap_ptrace_access_check(child, mode);
1848 }
1849 
1850 static inline int security_ptrace_traceme(struct task_struct *parent)
1851 {
1852  return cap_ptrace_traceme(parent);
1853 }
1854 
1855 static inline int security_capget(struct task_struct *target,
1856  kernel_cap_t *effective,
1857  kernel_cap_t *inheritable,
1858  kernel_cap_t *permitted)
1859 {
1860  return cap_capget(target, effective, inheritable, permitted);
1861 }
1862 
1863 static inline int security_capset(struct cred *new,
1864  const struct cred *old,
1865  const kernel_cap_t *effective,
1866  const kernel_cap_t *inheritable,
1867  const kernel_cap_t *permitted)
1868 {
1869  return cap_capset(new, old, effective, inheritable, permitted);
1870 }
1871 
1872 static inline int security_capable(const struct cred *cred,
1873  struct user_namespace *ns, int cap)
1874 {
1875  return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT);
1876 }
1877 
1878 static inline int security_capable_noaudit(const struct cred *cred,
1879  struct user_namespace *ns, int cap) {
1880  return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
1881 }
1882 
1883 static inline int security_quotactl(int cmds, int type, int id,
1884  struct super_block *sb)
1885 {
1886  return 0;
1887 }
1888 
1889 static inline int security_quota_on(struct dentry *dentry)
1890 {
1891  return 0;
1892 }
1893 
1894 static inline int security_syslog(int type)
1895 {
1896  return 0;
1897 }
1898 
1899 static inline int security_settime(const struct timespec *ts,
1900  const struct timezone *tz)
1901 {
1902  return cap_settime(ts, tz);
1903 }
1904 
1905 static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
1906 {
1907  return cap_vm_enough_memory(mm, pages);
1908 }
1909 
1910 static inline int security_bprm_set_creds(struct linux_binprm *bprm)
1911 {
1912  return cap_bprm_set_creds(bprm);
1913 }
1914 
1915 static inline int security_bprm_check(struct linux_binprm *bprm)
1916 {
1917  return 0;
1918 }
1919 
1920 static inline void security_bprm_committing_creds(struct linux_binprm *bprm)
1921 {
1922 }
1923 
1924 static inline void security_bprm_committed_creds(struct linux_binprm *bprm)
1925 {
1926 }
1927 
1928 static inline int security_bprm_secureexec(struct linux_binprm *bprm)
1929 {
1930  return cap_bprm_secureexec(bprm);
1931 }
1932 
1933 static inline int security_sb_alloc(struct super_block *sb)
1934 {
1935  return 0;
1936 }
1937 
1938 static inline void security_sb_free(struct super_block *sb)
1939 { }
1940 
1941 static inline int security_sb_copy_data(char *orig, char *copy)
1942 {
1943  return 0;
1944 }
1945 
1946 static inline int security_sb_remount(struct super_block *sb, void *data)
1947 {
1948  return 0;
1949 }
1950 
1951 static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
1952 {
1953  return 0;
1954 }
1955 
1956 static inline int security_sb_show_options(struct seq_file *m,
1957  struct super_block *sb)
1958 {
1959  return 0;
1960 }
1961 
1962 static inline int security_sb_statfs(struct dentry *dentry)
1963 {
1964  return 0;
1965 }
1966 
1967 static inline int security_sb_mount(const char *dev_name, struct path *path,
1968  const char *type, unsigned long flags,
1969  void *data)
1970 {
1971  return 0;
1972 }
1973 
1974 static inline int security_sb_umount(struct vfsmount *mnt, int flags)
1975 {
1976  return 0;
1977 }
1978 
1979 static inline int security_sb_pivotroot(struct path *old_path,
1980  struct path *new_path)
1981 {
1982  return 0;
1983 }
1984 
1985 static inline int security_sb_set_mnt_opts(struct super_block *sb,
1986  struct security_mnt_opts *opts)
1987 {
1988  return 0;
1989 }
1990 
1991 static inline void security_sb_clone_mnt_opts(const struct super_block *oldsb,
1992  struct super_block *newsb)
1993 { }
1994 
1995 static inline int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
1996 {
1997  return 0;
1998 }
1999 
2000 static inline int security_inode_alloc(struct inode *inode)
2001 {
2002  return 0;
2003 }
2004 
2005 static inline void security_inode_free(struct inode *inode)
2006 { }
2007 
2008 static inline int security_inode_init_security(struct inode *inode,
2009  struct inode *dir,
2010  const struct qstr *qstr,
2011  const initxattrs initxattrs,
2012  void *fs_data)
2013 {
2014  return 0;
2015 }
2016 
2017 static inline int security_old_inode_init_security(struct inode *inode,
2018  struct inode *dir,
2019  const struct qstr *qstr,
2020  char **name, void **value,
2021  size_t *len)
2022 {
2023  return -EOPNOTSUPP;
2024 }
2025 
2026 static inline int security_inode_create(struct inode *dir,
2027  struct dentry *dentry,
2028  umode_t mode)
2029 {
2030  return 0;
2031 }
2032 
2033 static inline int security_inode_link(struct dentry *old_dentry,
2034  struct inode *dir,
2035  struct dentry *new_dentry)
2036 {
2037  return 0;
2038 }
2039 
2040 static inline int security_inode_unlink(struct inode *dir,
2041  struct dentry *dentry)
2042 {
2043  return 0;
2044 }
2045 
2046 static inline int security_inode_symlink(struct inode *dir,
2047  struct dentry *dentry,
2048  const char *old_name)
2049 {
2050  return 0;
2051 }
2052 
2053 static inline int security_inode_mkdir(struct inode *dir,
2054  struct dentry *dentry,
2055  int mode)
2056 {
2057  return 0;
2058 }
2059 
2060 static inline int security_inode_rmdir(struct inode *dir,
2061  struct dentry *dentry)
2062 {
2063  return 0;
2064 }
2065 
2066 static inline int security_inode_mknod(struct inode *dir,
2067  struct dentry *dentry,
2068  int mode, dev_t dev)
2069 {
2070  return 0;
2071 }
2072 
2073 static inline int security_inode_rename(struct inode *old_dir,
2074  struct dentry *old_dentry,
2075  struct inode *new_dir,
2076  struct dentry *new_dentry)
2077 {
2078  return 0;
2079 }
2080 
2081 static inline int security_inode_readlink(struct dentry *dentry)
2082 {
2083  return 0;
2084 }
2085 
2086 static inline int security_inode_follow_link(struct dentry *dentry,
2087  struct nameidata *nd)
2088 {
2089  return 0;
2090 }
2091 
2092 static inline int security_inode_permission(struct inode *inode, int mask)
2093 {
2094  return 0;
2095 }
2096 
2097 static inline int security_inode_setattr(struct dentry *dentry,
2098  struct iattr *attr)
2099 {
2100  return 0;
2101 }
2102 
2103 static inline int security_inode_getattr(struct vfsmount *mnt,
2104  struct dentry *dentry)
2105 {
2106  return 0;
2107 }
2108 
2109 static inline int security_inode_setxattr(struct dentry *dentry,
2110  const char *name, const void *value, size_t size, int flags)
2111 {
2112  return cap_inode_setxattr(dentry, name, value, size, flags);
2113 }
2114 
2115 static inline void security_inode_post_setxattr(struct dentry *dentry,
2116  const char *name, const void *value, size_t size, int flags)
2117 { }
2118 
2119 static inline int security_inode_getxattr(struct dentry *dentry,
2120  const char *name)
2121 {
2122  return 0;
2123 }
2124 
2125 static inline int security_inode_listxattr(struct dentry *dentry)
2126 {
2127  return 0;
2128 }
2129 
2130 static inline int security_inode_removexattr(struct dentry *dentry,
2131  const char *name)
2132 {
2133  return cap_inode_removexattr(dentry, name);
2134 }
2135 
2136 static inline int security_inode_need_killpriv(struct dentry *dentry)
2137 {
2138  return cap_inode_need_killpriv(dentry);
2139 }
2140 
2141 static inline int security_inode_killpriv(struct dentry *dentry)
2142 {
2143  return cap_inode_killpriv(dentry);
2144 }
2145 
2146 static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
2147 {
2148  return -EOPNOTSUPP;
2149 }
2150 
2151 static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
2152 {
2153  return -EOPNOTSUPP;
2154 }
2155 
2156 static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2157 {
2158  return 0;
2159 }
2160 
2161 static inline void security_inode_getsecid(const struct inode *inode, u32 *secid)
2162 {
2163  *secid = 0;
2164 }
2165 
2166 static inline int security_file_permission(struct file *file, int mask)
2167 {
2168  return 0;
2169 }
2170 
2171 static inline int security_file_alloc(struct file *file)
2172 {
2173  return 0;
2174 }
2175 
2176 static inline void security_file_free(struct file *file)
2177 { }
2178 
2179 static inline int security_file_ioctl(struct file *file, unsigned int cmd,
2180  unsigned long arg)
2181 {
2182  return 0;
2183 }
2184 
2185 static inline int security_mmap_file(struct file *file, unsigned long prot,
2186  unsigned long flags)
2187 {
2188  return 0;
2189 }
2190 
2191 static inline int security_mmap_addr(unsigned long addr)
2192 {
2193  return cap_mmap_addr(addr);
2194 }
2195 
2196 static inline int security_file_mprotect(struct vm_area_struct *vma,
2197  unsigned long reqprot,
2198  unsigned long prot)
2199 {
2200  return 0;
2201 }
2202 
2203 static inline int security_file_lock(struct file *file, unsigned int cmd)
2204 {
2205  return 0;
2206 }
2207 
2208 static inline int security_file_fcntl(struct file *file, unsigned int cmd,
2209  unsigned long arg)
2210 {
2211  return 0;
2212 }
2213 
2214 static inline int security_file_set_fowner(struct file *file)
2215 {
2216  return 0;
2217 }
2218 
2219 static inline int security_file_send_sigiotask(struct task_struct *tsk,
2220  struct fown_struct *fown,
2221  int sig)
2222 {
2223  return 0;
2224 }
2225 
2226 static inline int security_file_receive(struct file *file)
2227 {
2228  return 0;
2229 }
2230 
2231 static inline int security_file_open(struct file *file,
2232  const struct cred *cred)
2233 {
2234  return 0;
2235 }
2236 
2237 static inline int security_task_create(unsigned long clone_flags)
2238 {
2239  return 0;
2240 }
2241 
2242 static inline void security_task_free(struct task_struct *task)
2243 { }
2244 
2245 static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
2246 {
2247  return 0;
2248 }
2249 
2250 static inline void security_cred_free(struct cred *cred)
2251 { }
2252 
2253 static inline int security_prepare_creds(struct cred *new,
2254  const struct cred *old,
2255  gfp_t gfp)
2256 {
2257  return 0;
2258 }
2259 
2260 static inline void security_transfer_creds(struct cred *new,
2261  const struct cred *old)
2262 {
2263 }
2264 
2265 static inline int security_kernel_act_as(struct cred *cred, u32 secid)
2266 {
2267  return 0;
2268 }
2269 
2270 static inline int security_kernel_create_files_as(struct cred *cred,
2271  struct inode *inode)
2272 {
2273  return 0;
2274 }
2275 
2276 static inline int security_kernel_module_request(char *kmod_name)
2277 {
2278  return 0;
2279 }
2280 
2281 static inline int security_task_fix_setuid(struct cred *new,
2282  const struct cred *old,
2283  int flags)
2284 {
2285  return cap_task_fix_setuid(new, old, flags);
2286 }
2287 
2288 static inline int security_task_setpgid(struct task_struct *p, pid_t pgid)
2289 {
2290  return 0;
2291 }
2292 
2293 static inline int security_task_getpgid(struct task_struct *p)
2294 {
2295  return 0;
2296 }
2297 
2298 static inline int security_task_getsid(struct task_struct *p)
2299 {
2300  return 0;
2301 }
2302 
2303 static inline void security_task_getsecid(struct task_struct *p, u32 *secid)
2304 {
2305  *secid = 0;
2306 }
2307 
2308 static inline int security_task_setnice(struct task_struct *p, int nice)
2309 {
2310  return cap_task_setnice(p, nice);
2311 }
2312 
2313 static inline int security_task_setioprio(struct task_struct *p, int ioprio)
2314 {
2315  return cap_task_setioprio(p, ioprio);
2316 }
2317 
2318 static inline int security_task_getioprio(struct task_struct *p)
2319 {
2320  return 0;
2321 }
2322 
2323 static inline int security_task_setrlimit(struct task_struct *p,
2324  unsigned int resource,
2325  struct rlimit *new_rlim)
2326 {
2327  return 0;
2328 }
2329 
2330 static inline int security_task_setscheduler(struct task_struct *p)
2331 {
2332  return cap_task_setscheduler(p);
2333 }
2334 
2335 static inline int security_task_getscheduler(struct task_struct *p)
2336 {
2337  return 0;
2338 }
2339 
2340 static inline int security_task_movememory(struct task_struct *p)
2341 {
2342  return 0;
2343 }
2344 
2345 static inline int security_task_kill(struct task_struct *p,
2346  struct siginfo *info, int sig,
2347  u32 secid)
2348 {
2349  return 0;
2350 }
2351 
2352 static inline int security_task_wait(struct task_struct *p)
2353 {
2354  return 0;
2355 }
2356 
2357 static inline int security_task_prctl(int option, unsigned long arg2,
2358  unsigned long arg3,
2359  unsigned long arg4,
2360  unsigned long arg5)
2361 {
2362  return cap_task_prctl(option, arg2, arg3, arg3, arg5);
2363 }
2364 
2365 static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
2366 { }
2367 
2368 static inline int security_ipc_permission(struct kern_ipc_perm *ipcp,
2369  short flag)
2370 {
2371  return 0;
2372 }
2373 
2374 static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
2375 {
2376  *secid = 0;
2377 }
2378 
2379 static inline int security_msg_msg_alloc(struct msg_msg *msg)
2380 {
2381  return 0;
2382 }
2383 
2384 static inline void security_msg_msg_free(struct msg_msg *msg)
2385 { }
2386 
2387 static inline int security_msg_queue_alloc(struct msg_queue *msq)
2388 {
2389  return 0;
2390 }
2391 
2392 static inline void security_msg_queue_free(struct msg_queue *msq)
2393 { }
2394 
2395 static inline int security_msg_queue_associate(struct msg_queue *msq,
2396  int msqflg)
2397 {
2398  return 0;
2399 }
2400 
2401 static inline int security_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2402 {
2403  return 0;
2404 }
2405 
2406 static inline int security_msg_queue_msgsnd(struct msg_queue *msq,
2407  struct msg_msg *msg, int msqflg)
2408 {
2409  return 0;
2410 }
2411 
2412 static inline int security_msg_queue_msgrcv(struct msg_queue *msq,
2413  struct msg_msg *msg,
2414  struct task_struct *target,
2415  long type, int mode)
2416 {
2417  return 0;
2418 }
2419 
2420 static inline int security_shm_alloc(struct shmid_kernel *shp)
2421 {
2422  return 0;
2423 }
2424 
2425 static inline void security_shm_free(struct shmid_kernel *shp)
2426 { }
2427 
2428 static inline int security_shm_associate(struct shmid_kernel *shp,
2429  int shmflg)
2430 {
2431  return 0;
2432 }
2433 
2434 static inline int security_shm_shmctl(struct shmid_kernel *shp, int cmd)
2435 {
2436  return 0;
2437 }
2438 
2439 static inline int security_shm_shmat(struct shmid_kernel *shp,
2440  char __user *shmaddr, int shmflg)
2441 {
2442  return 0;
2443 }
2444 
2445 static inline int security_sem_alloc(struct sem_array *sma)
2446 {
2447  return 0;
2448 }
2449 
2450 static inline void security_sem_free(struct sem_array *sma)
2451 { }
2452 
2453 static inline int security_sem_associate(struct sem_array *sma, int semflg)
2454 {
2455  return 0;
2456 }
2457 
2458 static inline int security_sem_semctl(struct sem_array *sma, int cmd)
2459 {
2460  return 0;
2461 }
2462 
2463 static inline int security_sem_semop(struct sem_array *sma,
2464  struct sembuf *sops, unsigned nsops,
2465  int alter)
2466 {
2467  return 0;
2468 }
2469 
2470 static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode)
2471 { }
2472 
2473 static inline int security_getprocattr(struct task_struct *p, char *name, char **value)
2474 {
2475  return -EINVAL;
2476 }
2477 
2478 static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
2479 {
2480  return -EINVAL;
2481 }
2482 
2483 static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb)
2484 {
2485  return cap_netlink_send(sk, skb);
2486 }
2487 
2488 static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
2489 {
2490  return -EOPNOTSUPP;
2491 }
2492 
2493 static inline int security_secctx_to_secid(const char *secdata,
2494  u32 seclen,
2495  u32 *secid)
2496 {
2497  return -EOPNOTSUPP;
2498 }
2499 
2500 static inline void security_release_secctx(char *secdata, u32 seclen)
2501 {
2502 }
2503 
2504 static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
2505 {
2506  return -EOPNOTSUPP;
2507 }
2508 static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
2509 {
2510  return -EOPNOTSUPP;
2511 }
2512 static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
2513 {
2514  return -EOPNOTSUPP;
2515 }
2516 #endif /* CONFIG_SECURITY */
2517 
2518 #ifdef CONFIG_SECURITY_NETWORK
2519 
2520 int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk);
2521 int security_unix_may_send(struct socket *sock, struct socket *other);
2522 int security_socket_create(int family, int type, int protocol, int kern);
2523 int security_socket_post_create(struct socket *sock, int family,
2524  int type, int protocol, int kern);
2525 int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen);
2526 int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen);
2527 int security_socket_listen(struct socket *sock, int backlog);
2528 int security_socket_accept(struct socket *sock, struct socket *newsock);
2529 int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size);
2530 int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
2531  int size, int flags);
2532 int security_socket_getsockname(struct socket *sock);
2533 int security_socket_getpeername(struct socket *sock);
2534 int security_socket_getsockopt(struct socket *sock, int level, int optname);
2535 int security_socket_setsockopt(struct socket *sock, int level, int optname);
2536 int security_socket_shutdown(struct socket *sock, int how);
2537 int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
2538 int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
2539  int __user *optlen, unsigned len);
2540 int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid);
2541 int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
2542 void security_sk_free(struct sock *sk);
2543 void security_sk_clone(const struct sock *sk, struct sock *newsk);
2544 void security_sk_classify_flow(struct sock *sk, struct flowi *fl);
2545 void security_req_classify_flow(const struct request_sock *req, struct flowi *fl);
2546 void security_sock_graft(struct sock*sk, struct socket *parent);
2547 int security_inet_conn_request(struct sock *sk,
2548  struct sk_buff *skb, struct request_sock *req);
2549 void security_inet_csk_clone(struct sock *newsk,
2550  const struct request_sock *req);
2551 void security_inet_conn_established(struct sock *sk,
2552  struct sk_buff *skb);
2553 int security_secmark_relabel_packet(u32 secid);
2554 void security_secmark_refcount_inc(void);
2555 void security_secmark_refcount_dec(void);
2556 int security_tun_dev_create(void);
2557 void security_tun_dev_post_create(struct sock *sk);
2558 int security_tun_dev_attach(struct sock *sk);
2559 
2560 #else /* CONFIG_SECURITY_NETWORK */
2561 static inline int security_unix_stream_connect(struct sock *sock,
2562  struct sock *other,
2563  struct sock *newsk)
2564 {
2565  return 0;
2566 }
2567 
2568 static inline int security_unix_may_send(struct socket *sock,
2569  struct socket *other)
2570 {
2571  return 0;
2572 }
2573 
2574 static inline int security_socket_create(int family, int type,
2575  int protocol, int kern)
2576 {
2577  return 0;
2578 }
2579 
2580 static inline int security_socket_post_create(struct socket *sock,
2581  int family,
2582  int type,
2583  int protocol, int kern)
2584 {
2585  return 0;
2586 }
2587 
2588 static inline int security_socket_bind(struct socket *sock,
2589  struct sockaddr *address,
2590  int addrlen)
2591 {
2592  return 0;
2593 }
2594 
2595 static inline int security_socket_connect(struct socket *sock,
2596  struct sockaddr *address,
2597  int addrlen)
2598 {
2599  return 0;
2600 }
2601 
2602 static inline int security_socket_listen(struct socket *sock, int backlog)
2603 {
2604  return 0;
2605 }
2606 
2607 static inline int security_socket_accept(struct socket *sock,
2608  struct socket *newsock)
2609 {
2610  return 0;
2611 }
2612 
2613 static inline int security_socket_sendmsg(struct socket *sock,
2614  struct msghdr *msg, int size)
2615 {
2616  return 0;
2617 }
2618 
2619 static inline int security_socket_recvmsg(struct socket *sock,
2620  struct msghdr *msg, int size,
2621  int flags)
2622 {
2623  return 0;
2624 }
2625 
2626 static inline int security_socket_getsockname(struct socket *sock)
2627 {
2628  return 0;
2629 }
2630 
2631 static inline int security_socket_getpeername(struct socket *sock)
2632 {
2633  return 0;
2634 }
2635 
2636 static inline int security_socket_getsockopt(struct socket *sock,
2637  int level, int optname)
2638 {
2639  return 0;
2640 }
2641 
2642 static inline int security_socket_setsockopt(struct socket *sock,
2643  int level, int optname)
2644 {
2645  return 0;
2646 }
2647 
2648 static inline int security_socket_shutdown(struct socket *sock, int how)
2649 {
2650  return 0;
2651 }
2652 static inline int security_sock_rcv_skb(struct sock *sk,
2653  struct sk_buff *skb)
2654 {
2655  return 0;
2656 }
2657 
2658 static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
2659  int __user *optlen, unsigned len)
2660 {
2661  return -ENOPROTOOPT;
2662 }
2663 
2664 static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
2665 {
2666  return -ENOPROTOOPT;
2667 }
2668 
2669 static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
2670 {
2671  return 0;
2672 }
2673 
2674 static inline void security_sk_free(struct sock *sk)
2675 {
2676 }
2677 
2678 static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
2679 {
2680 }
2681 
2682 static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
2683 {
2684 }
2685 
2686 static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
2687 {
2688 }
2689 
2690 static inline void security_sock_graft(struct sock *sk, struct socket *parent)
2691 {
2692 }
2693 
2694 static inline int security_inet_conn_request(struct sock *sk,
2695  struct sk_buff *skb, struct request_sock *req)
2696 {
2697  return 0;
2698 }
2699 
2700 static inline void security_inet_csk_clone(struct sock *newsk,
2701  const struct request_sock *req)
2702 {
2703 }
2704 
2705 static inline void security_inet_conn_established(struct sock *sk,
2706  struct sk_buff *skb)
2707 {
2708 }
2709 
2710 static inline int security_secmark_relabel_packet(u32 secid)
2711 {
2712  return 0;
2713 }
2714 
2715 static inline void security_secmark_refcount_inc(void)
2716 {
2717 }
2718 
2719 static inline void security_secmark_refcount_dec(void)
2720 {
2721 }
2722 
2723 static inline int security_tun_dev_create(void)
2724 {
2725  return 0;
2726 }
2727 
2728 static inline void security_tun_dev_post_create(struct sock *sk)
2729 {
2730 }
2731 
2732 static inline int security_tun_dev_attach(struct sock *sk)
2733 {
2734  return 0;
2735 }
2736 #endif /* CONFIG_SECURITY_NETWORK */
2737 
2738 #ifdef CONFIG_SECURITY_NETWORK_XFRM
2739 
2740 int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx);
2741 int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp);
2742 void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
2743 int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
2744 int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx);
2745 int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
2746  struct xfrm_sec_ctx *polsec, u32 secid);
2747 int security_xfrm_state_delete(struct xfrm_state *x);
2748 void security_xfrm_state_free(struct xfrm_state *x);
2749 int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
2750 int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
2751  struct xfrm_policy *xp,
2752  const struct flowi *fl);
2753 int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid);
2754 void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl);
2755 
2756 #else /* CONFIG_SECURITY_NETWORK_XFRM */
2757 
2758 static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx)
2759 {
2760  return 0;
2761 }
2762 
2763 static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp)
2764 {
2765  return 0;
2766 }
2767 
2768 static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
2769 {
2770 }
2771 
2772 static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
2773 {
2774  return 0;
2775 }
2776 
2777 static inline int security_xfrm_state_alloc(struct xfrm_state *x,
2778  struct xfrm_user_sec_ctx *sec_ctx)
2779 {
2780  return 0;
2781 }
2782 
2783 static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
2784  struct xfrm_sec_ctx *polsec, u32 secid)
2785 {
2786  return 0;
2787 }
2788 
2789 static inline void security_xfrm_state_free(struct xfrm_state *x)
2790 {
2791 }
2792 
2793 static inline int security_xfrm_state_delete(struct xfrm_state *x)
2794 {
2795  return 0;
2796 }
2797 
2798 static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
2799 {
2800  return 0;
2801 }
2802 
2803 static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
2804  struct xfrm_policy *xp, const struct flowi *fl)
2805 {
2806  return 1;
2807 }
2808 
2809 static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
2810 {
2811  return 0;
2812 }
2813 
2814 static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
2815 {
2816 }
2817 
2818 #endif /* CONFIG_SECURITY_NETWORK_XFRM */
2819 
2820 #ifdef CONFIG_SECURITY_PATH
2821 int security_path_unlink(struct path *dir, struct dentry *dentry);
2822 int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode);
2823 int security_path_rmdir(struct path *dir, struct dentry *dentry);
2824 int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
2825  unsigned int dev);
2826 int security_path_truncate(struct path *path);
2827 int security_path_symlink(struct path *dir, struct dentry *dentry,
2828  const char *old_name);
2829 int security_path_link(struct dentry *old_dentry, struct path *new_dir,
2830  struct dentry *new_dentry);
2831 int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
2832  struct path *new_dir, struct dentry *new_dentry);
2833 int security_path_chmod(struct path *path, umode_t mode);
2834 int security_path_chown(struct path *path, kuid_t uid, kgid_t gid);
2835 int security_path_chroot(struct path *path);
2836 #else /* CONFIG_SECURITY_PATH */
2837 static inline int security_path_unlink(struct path *dir, struct dentry *dentry)
2838 {
2839  return 0;
2840 }
2841 
2842 static inline int security_path_mkdir(struct path *dir, struct dentry *dentry,
2843  umode_t mode)
2844 {
2845  return 0;
2846 }
2847 
2848 static inline int security_path_rmdir(struct path *dir, struct dentry *dentry)
2849 {
2850  return 0;
2851 }
2852 
2853 static inline int security_path_mknod(struct path *dir, struct dentry *dentry,
2854  umode_t mode, unsigned int dev)
2855 {
2856  return 0;
2857 }
2858 
2859 static inline int security_path_truncate(struct path *path)
2860 {
2861  return 0;
2862 }
2863 
2864 static inline int security_path_symlink(struct path *dir, struct dentry *dentry,
2865  const char *old_name)
2866 {
2867  return 0;
2868 }
2869 
2870 static inline int security_path_link(struct dentry *old_dentry,
2871  struct path *new_dir,
2872  struct dentry *new_dentry)
2873 {
2874  return 0;
2875 }
2876 
2877 static inline int security_path_rename(struct path *old_dir,
2878  struct dentry *old_dentry,
2879  struct path *new_dir,
2880  struct dentry *new_dentry)
2881 {
2882  return 0;
2883 }
2884 
2885 static inline int security_path_chmod(struct path *path, umode_t mode)
2886 {
2887  return 0;
2888 }
2889 
2890 static inline int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)
2891 {
2892  return 0;
2893 }
2894 
2895 static inline int security_path_chroot(struct path *path)
2896 {
2897  return 0;
2898 }
2899 #endif /* CONFIG_SECURITY_PATH */
2900 
2901 #ifdef CONFIG_KEYS
2902 #ifdef CONFIG_SECURITY
2903 
2904 int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags);
2905 void security_key_free(struct key *key);
2906 int security_key_permission(key_ref_t key_ref,
2907  const struct cred *cred, key_perm_t perm);
2908 int security_key_getsecurity(struct key *key, char **_buffer);
2909 
2910 #else
2911 
2912 static inline int security_key_alloc(struct key *key,
2913  const struct cred *cred,
2914  unsigned long flags)
2915 {
2916  return 0;
2917 }
2918 
2919 static inline void security_key_free(struct key *key)
2920 {
2921 }
2922 
2923 static inline int security_key_permission(key_ref_t key_ref,
2924  const struct cred *cred,
2925  key_perm_t perm)
2926 {
2927  return 0;
2928 }
2929 
2930 static inline int security_key_getsecurity(struct key *key, char **_buffer)
2931 {
2932  *_buffer = NULL;
2933  return 0;
2934 }
2935 
2936 #endif
2937 #endif /* CONFIG_KEYS */
2938 
2939 #ifdef CONFIG_AUDIT
2940 #ifdef CONFIG_SECURITY
2941 int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
2942 int security_audit_rule_known(struct audit_krule *krule);
2943 int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
2944  struct audit_context *actx);
2945 void security_audit_rule_free(void *lsmrule);
2946 
2947 #else
2948 
2949 static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr,
2950  void **lsmrule)
2951 {
2952  return 0;
2953 }
2954 
2955 static inline int security_audit_rule_known(struct audit_krule *krule)
2956 {
2957  return 0;
2958 }
2959 
2960 static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
2961  void *lsmrule, struct audit_context *actx)
2962 {
2963  return 0;
2964 }
2965 
2966 static inline void security_audit_rule_free(void *lsmrule)
2967 { }
2968 
2969 #endif /* CONFIG_SECURITY */
2970 #endif /* CONFIG_AUDIT */
2971 
2972 #ifdef CONFIG_SECURITYFS
2973 
2974 extern struct dentry *securityfs_create_file(const char *name, umode_t mode,
2975  struct dentry *parent, void *data,
2976  const struct file_operations *fops);
2977 extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
2978 extern void securityfs_remove(struct dentry *dentry);
2979 
2980 #else /* CONFIG_SECURITYFS */
2981 
2982 static inline struct dentry *securityfs_create_dir(const char *name,
2983  struct dentry *parent)
2984 {
2985  return ERR_PTR(-ENODEV);
2986 }
2987 
2988 static inline struct dentry *securityfs_create_file(const char *name,
2989  umode_t mode,
2990  struct dentry *parent,
2991  void *data,
2992  const struct file_operations *fops)
2993 {
2994  return ERR_PTR(-ENODEV);
2995 }
2996 
2997 static inline void securityfs_remove(struct dentry *dentry)
2998 {}
2999 
3000 #endif
3001 
3002 #ifdef CONFIG_SECURITY
3003 
3004 static inline char *alloc_secdata(void)
3005 {
3006  return (char *)get_zeroed_page(GFP_KERNEL);
3007 }
3008 
3009 static inline void free_secdata(void *secdata)
3010 {
3011  free_page((unsigned long)secdata);
3012 }
3013 
3014 #else
3015 
3016 static inline char *alloc_secdata(void)
3017 {
3018  return (char *)1;
3019 }
3020 
3021 static inline void free_secdata(void *secdata)
3022 { }
3023 #endif /* CONFIG_SECURITY */
3024 
3025 #ifdef CONFIG_SECURITY_YAMA
3026 extern int yama_ptrace_access_check(struct task_struct *child,
3027  unsigned int mode);
3028 extern int yama_ptrace_traceme(struct task_struct *parent);
3029 extern void yama_task_free(struct task_struct *task);
3030 extern int yama_task_prctl(int option, unsigned long arg2, unsigned long arg3,
3031  unsigned long arg4, unsigned long arg5);
3032 #else
3033 static inline int yama_ptrace_access_check(struct task_struct *child,
3034  unsigned int mode)
3035 {
3036  return 0;
3037 }
3038 
3039 static inline int yama_ptrace_traceme(struct task_struct *parent)
3040 {
3041  return 0;
3042 }
3043 
3044 static inline void yama_task_free(struct task_struct *task)
3045 {
3046 }
3047 
3048 static inline int yama_task_prctl(int option, unsigned long arg2,
3049  unsigned long arg3, unsigned long arg4,
3050  unsigned long arg5)
3051 {
3052  return -ENOSYS;
3053 }
3054 #endif /* CONFIG_SECURITY_YAMA */
3055 
3056 #endif /* ! __LINUX_SECURITY_H */
3057 
Generated on Thu Jan 10 2013 14:52:32 for Linux Kernel by   doxygen 1.8.2