Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
capability.c
Go to the documentation of this file.
1 /*
2  * Capabilities Linux Security Module
3  *
4  * This is the default security module in case no other module is loaded.
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  */
12 
13 #include <linux/security.h>
14 
15 static int cap_syslog(int type)
16 {
17  return 0;
18 }
19 
20 static int cap_quotactl(int cmds, int type, int id, struct super_block *sb)
21 {
22  return 0;
23 }
24 
25 static int cap_quota_on(struct dentry *dentry)
26 {
27  return 0;
28 }
29 
30 static int cap_bprm_check_security(struct linux_binprm *bprm)
31 {
32  return 0;
33 }
34 
35 static void cap_bprm_committing_creds(struct linux_binprm *bprm)
36 {
37 }
38 
39 static void cap_bprm_committed_creds(struct linux_binprm *bprm)
40 {
41 }
42 
43 static int cap_sb_alloc_security(struct super_block *sb)
44 {
45  return 0;
46 }
47 
48 static void cap_sb_free_security(struct super_block *sb)
49 {
50 }
51 
52 static int cap_sb_copy_data(char *orig, char *copy)
53 {
54  return 0;
55 }
56 
57 static int cap_sb_remount(struct super_block *sb, void *data)
58 {
59  return 0;
60 }
61 
62 static int cap_sb_kern_mount(struct super_block *sb, int flags, void *data)
63 {
64  return 0;
65 }
66 
67 static int cap_sb_show_options(struct seq_file *m, struct super_block *sb)
68 {
69  return 0;
70 }
71 
72 static int cap_sb_statfs(struct dentry *dentry)
73 {
74  return 0;
75 }
76 
77 static int cap_sb_mount(const char *dev_name, struct path *path,
78  const char *type, unsigned long flags, void *data)
79 {
80  return 0;
81 }
82 
83 static int cap_sb_umount(struct vfsmount *mnt, int flags)
84 {
85  return 0;
86 }
87 
88 static int cap_sb_pivotroot(struct path *old_path, struct path *new_path)
89 {
90  return 0;
91 }
92 
93 static int cap_sb_set_mnt_opts(struct super_block *sb,
94  struct security_mnt_opts *opts)
95 {
96  if (unlikely(opts->num_mnt_opts))
97  return -EOPNOTSUPP;
98  return 0;
99 }
100 
101 static void cap_sb_clone_mnt_opts(const struct super_block *oldsb,
102  struct super_block *newsb)
103 {
104 }
105 
106 static int cap_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
107 {
108  return 0;
109 }
110 
111 static int cap_inode_alloc_security(struct inode *inode)
112 {
113  return 0;
114 }
115 
116 static void cap_inode_free_security(struct inode *inode)
117 {
118 }
119 
120 static int cap_inode_init_security(struct inode *inode, struct inode *dir,
121  const struct qstr *qstr, char **name,
122  void **value, size_t *len)
123 {
124  return -EOPNOTSUPP;
125 }
126 
127 static int cap_inode_create(struct inode *inode, struct dentry *dentry,
128  umode_t mask)
129 {
130  return 0;
131 }
132 
133 static int cap_inode_link(struct dentry *old_dentry, struct inode *inode,
134  struct dentry *new_dentry)
135 {
136  return 0;
137 }
138 
139 static int cap_inode_unlink(struct inode *inode, struct dentry *dentry)
140 {
141  return 0;
142 }
143 
144 static int cap_inode_symlink(struct inode *inode, struct dentry *dentry,
145  const char *name)
146 {
147  return 0;
148 }
149 
150 static int cap_inode_mkdir(struct inode *inode, struct dentry *dentry,
151  umode_t mask)
152 {
153  return 0;
154 }
155 
156 static int cap_inode_rmdir(struct inode *inode, struct dentry *dentry)
157 {
158  return 0;
159 }
160 
161 static int cap_inode_mknod(struct inode *inode, struct dentry *dentry,
162  umode_t mode, dev_t dev)
163 {
164  return 0;
165 }
166 
167 static int cap_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
168  struct inode *new_inode, struct dentry *new_dentry)
169 {
170  return 0;
171 }
172 
173 static int cap_inode_readlink(struct dentry *dentry)
174 {
175  return 0;
176 }
177 
178 static int cap_inode_follow_link(struct dentry *dentry,
179  struct nameidata *nameidata)
180 {
181  return 0;
182 }
183 
184 static int cap_inode_permission(struct inode *inode, int mask)
185 {
186  return 0;
187 }
188 
189 static int cap_inode_setattr(struct dentry *dentry, struct iattr *iattr)
190 {
191  return 0;
192 }
193 
194 static int cap_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
195 {
196  return 0;
197 }
198 
199 static void cap_inode_post_setxattr(struct dentry *dentry, const char *name,
200  const void *value, size_t size, int flags)
201 {
202 }
203 
204 static int cap_inode_getxattr(struct dentry *dentry, const char *name)
205 {
206  return 0;
207 }
208 
209 static int cap_inode_listxattr(struct dentry *dentry)
210 {
211  return 0;
212 }
213 
214 static int cap_inode_getsecurity(const struct inode *inode, const char *name,
215  void **buffer, bool alloc)
216 {
217  return -EOPNOTSUPP;
218 }
219 
220 static int cap_inode_setsecurity(struct inode *inode, const char *name,
221  const void *value, size_t size, int flags)
222 {
223  return -EOPNOTSUPP;
224 }
225 
226 static int cap_inode_listsecurity(struct inode *inode, char *buffer,
227  size_t buffer_size)
228 {
229  return 0;
230 }
231 
232 static void cap_inode_getsecid(const struct inode *inode, u32 *secid)
233 {
234  *secid = 0;
235 }
236 
237 #ifdef CONFIG_SECURITY_PATH
238 static int cap_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
239  unsigned int dev)
240 {
241  return 0;
242 }
243 
244 static int cap_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode)
245 {
246  return 0;
247 }
248 
249 static int cap_path_rmdir(struct path *dir, struct dentry *dentry)
250 {
251  return 0;
252 }
253 
254 static int cap_path_unlink(struct path *dir, struct dentry *dentry)
255 {
256  return 0;
257 }
258 
259 static int cap_path_symlink(struct path *dir, struct dentry *dentry,
260  const char *old_name)
261 {
262  return 0;
263 }
264 
265 static int cap_path_link(struct dentry *old_dentry, struct path *new_dir,
266  struct dentry *new_dentry)
267 {
268  return 0;
269 }
270 
271 static int cap_path_rename(struct path *old_path, struct dentry *old_dentry,
272  struct path *new_path, struct dentry *new_dentry)
273 {
274  return 0;
275 }
276 
277 static int cap_path_truncate(struct path *path)
278 {
279  return 0;
280 }
281 
282 static int cap_path_chmod(struct path *path, umode_t mode)
283 {
284  return 0;
285 }
286 
287 static int cap_path_chown(struct path *path, kuid_t uid, kgid_t gid)
288 {
289  return 0;
290 }
291 
292 static int cap_path_chroot(struct path *root)
293 {
294  return 0;
295 }
296 #endif
297 
298 static int cap_file_permission(struct file *file, int mask)
299 {
300  return 0;
301 }
302 
303 static int cap_file_alloc_security(struct file *file)
304 {
305  return 0;
306 }
307 
308 static void cap_file_free_security(struct file *file)
309 {
310 }
311 
312 static int cap_file_ioctl(struct file *file, unsigned int command,
313  unsigned long arg)
314 {
315  return 0;
316 }
317 
318 static int cap_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
319  unsigned long prot)
320 {
321  return 0;
322 }
323 
324 static int cap_file_lock(struct file *file, unsigned int cmd)
325 {
326  return 0;
327 }
328 
329 static int cap_file_fcntl(struct file *file, unsigned int cmd,
330  unsigned long arg)
331 {
332  return 0;
333 }
334 
335 static int cap_file_set_fowner(struct file *file)
336 {
337  return 0;
338 }
339 
340 static int cap_file_send_sigiotask(struct task_struct *tsk,
341  struct fown_struct *fown, int sig)
342 {
343  return 0;
344 }
345 
346 static int cap_file_receive(struct file *file)
347 {
348  return 0;
349 }
350 
351 static int cap_file_open(struct file *file, const struct cred *cred)
352 {
353  return 0;
354 }
355 
356 static int cap_task_create(unsigned long clone_flags)
357 {
358  return 0;
359 }
360 
361 static void cap_task_free(struct task_struct *task)
362 {
363 }
364 
365 static int cap_cred_alloc_blank(struct cred *cred, gfp_t gfp)
366 {
367  return 0;
368 }
369 
370 static void cap_cred_free(struct cred *cred)
371 {
372 }
373 
374 static int cap_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp)
375 {
376  return 0;
377 }
378 
379 static void cap_cred_transfer(struct cred *new, const struct cred *old)
380 {
381 }
382 
383 static int cap_kernel_act_as(struct cred *new, u32 secid)
384 {
385  return 0;
386 }
387 
388 static int cap_kernel_create_files_as(struct cred *new, struct inode *inode)
389 {
390  return 0;
391 }
392 
393 static int cap_kernel_module_request(char *kmod_name)
394 {
395  return 0;
396 }
397 
398 static int cap_task_setpgid(struct task_struct *p, pid_t pgid)
399 {
400  return 0;
401 }
402 
403 static int cap_task_getpgid(struct task_struct *p)
404 {
405  return 0;
406 }
407 
408 static int cap_task_getsid(struct task_struct *p)
409 {
410  return 0;
411 }
412 
413 static void cap_task_getsecid(struct task_struct *p, u32 *secid)
414 {
415  *secid = 0;
416 }
417 
418 static int cap_task_getioprio(struct task_struct *p)
419 {
420  return 0;
421 }
422 
423 static int cap_task_setrlimit(struct task_struct *p, unsigned int resource,
424  struct rlimit *new_rlim)
425 {
426  return 0;
427 }
428 
429 static int cap_task_getscheduler(struct task_struct *p)
430 {
431  return 0;
432 }
433 
434 static int cap_task_movememory(struct task_struct *p)
435 {
436  return 0;
437 }
438 
439 static int cap_task_wait(struct task_struct *p)
440 {
441  return 0;
442 }
443 
444 static int cap_task_kill(struct task_struct *p, struct siginfo *info,
445  int sig, u32 secid)
446 {
447  return 0;
448 }
449 
450 static void cap_task_to_inode(struct task_struct *p, struct inode *inode)
451 {
452 }
453 
454 static int cap_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
455 {
456  return 0;
457 }
458 
459 static void cap_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
460 {
461  *secid = 0;
462 }
463 
464 static int cap_msg_msg_alloc_security(struct msg_msg *msg)
465 {
466  return 0;
467 }
468 
469 static void cap_msg_msg_free_security(struct msg_msg *msg)
470 {
471 }
472 
473 static int cap_msg_queue_alloc_security(struct msg_queue *msq)
474 {
475  return 0;
476 }
477 
478 static void cap_msg_queue_free_security(struct msg_queue *msq)
479 {
480 }
481 
482 static int cap_msg_queue_associate(struct msg_queue *msq, int msqflg)
483 {
484  return 0;
485 }
486 
487 static int cap_msg_queue_msgctl(struct msg_queue *msq, int cmd)
488 {
489  return 0;
490 }
491 
492 static int cap_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
493  int msgflg)
494 {
495  return 0;
496 }
497 
498 static int cap_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
499  struct task_struct *target, long type, int mode)
500 {
501  return 0;
502 }
503 
504 static int cap_shm_alloc_security(struct shmid_kernel *shp)
505 {
506  return 0;
507 }
508 
509 static void cap_shm_free_security(struct shmid_kernel *shp)
510 {
511 }
512 
513 static int cap_shm_associate(struct shmid_kernel *shp, int shmflg)
514 {
515  return 0;
516 }
517 
518 static int cap_shm_shmctl(struct shmid_kernel *shp, int cmd)
519 {
520  return 0;
521 }
522 
523 static int cap_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
524  int shmflg)
525 {
526  return 0;
527 }
528 
529 static int cap_sem_alloc_security(struct sem_array *sma)
530 {
531  return 0;
532 }
533 
534 static void cap_sem_free_security(struct sem_array *sma)
535 {
536 }
537 
538 static int cap_sem_associate(struct sem_array *sma, int semflg)
539 {
540  return 0;
541 }
542 
543 static int cap_sem_semctl(struct sem_array *sma, int cmd)
544 {
545  return 0;
546 }
547 
548 static int cap_sem_semop(struct sem_array *sma, struct sembuf *sops,
549  unsigned nsops, int alter)
550 {
551  return 0;
552 }
553 
554 #ifdef CONFIG_SECURITY_NETWORK
555 static int cap_unix_stream_connect(struct sock *sock, struct sock *other,
556  struct sock *newsk)
557 {
558  return 0;
559 }
560 
561 static int cap_unix_may_send(struct socket *sock, struct socket *other)
562 {
563  return 0;
564 }
565 
566 static int cap_socket_create(int family, int type, int protocol, int kern)
567 {
568  return 0;
569 }
570 
571 static int cap_socket_post_create(struct socket *sock, int family, int type,
572  int protocol, int kern)
573 {
574  return 0;
575 }
576 
577 static int cap_socket_bind(struct socket *sock, struct sockaddr *address,
578  int addrlen)
579 {
580  return 0;
581 }
582 
583 static int cap_socket_connect(struct socket *sock, struct sockaddr *address,
584  int addrlen)
585 {
586  return 0;
587 }
588 
589 static int cap_socket_listen(struct socket *sock, int backlog)
590 {
591  return 0;
592 }
593 
594 static int cap_socket_accept(struct socket *sock, struct socket *newsock)
595 {
596  return 0;
597 }
598 
599 static int cap_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
600 {
601  return 0;
602 }
603 
604 static int cap_socket_recvmsg(struct socket *sock, struct msghdr *msg,
605  int size, int flags)
606 {
607  return 0;
608 }
609 
610 static int cap_socket_getsockname(struct socket *sock)
611 {
612  return 0;
613 }
614 
615 static int cap_socket_getpeername(struct socket *sock)
616 {
617  return 0;
618 }
619 
620 static int cap_socket_setsockopt(struct socket *sock, int level, int optname)
621 {
622  return 0;
623 }
624 
625 static int cap_socket_getsockopt(struct socket *sock, int level, int optname)
626 {
627  return 0;
628 }
629 
630 static int cap_socket_shutdown(struct socket *sock, int how)
631 {
632  return 0;
633 }
634 
635 static int cap_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
636 {
637  return 0;
638 }
639 
640 static int cap_socket_getpeersec_stream(struct socket *sock,
641  char __user *optval,
642  int __user *optlen, unsigned len)
643 {
644  return -ENOPROTOOPT;
645 }
646 
647 static int cap_socket_getpeersec_dgram(struct socket *sock,
648  struct sk_buff *skb, u32 *secid)
649 {
650  return -ENOPROTOOPT;
651 }
652 
653 static int cap_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
654 {
655  return 0;
656 }
657 
658 static void cap_sk_free_security(struct sock *sk)
659 {
660 }
661 
662 static void cap_sk_clone_security(const struct sock *sk, struct sock *newsk)
663 {
664 }
665 
666 static void cap_sk_getsecid(struct sock *sk, u32 *secid)
667 {
668 }
669 
670 static void cap_sock_graft(struct sock *sk, struct socket *parent)
671 {
672 }
673 
674 static int cap_inet_conn_request(struct sock *sk, struct sk_buff *skb,
675  struct request_sock *req)
676 {
677  return 0;
678 }
679 
680 static void cap_inet_csk_clone(struct sock *newsk,
681  const struct request_sock *req)
682 {
683 }
684 
685 static void cap_inet_conn_established(struct sock *sk, struct sk_buff *skb)
686 {
687 }
688 
689 static int cap_secmark_relabel_packet(u32 secid)
690 {
691  return 0;
692 }
693 
694 static void cap_secmark_refcount_inc(void)
695 {
696 }
697 
698 static void cap_secmark_refcount_dec(void)
699 {
700 }
701 
702 static void cap_req_classify_flow(const struct request_sock *req,
703  struct flowi *fl)
704 {
705 }
706 
707 static int cap_tun_dev_create(void)
708 {
709  return 0;
710 }
711 
712 static void cap_tun_dev_post_create(struct sock *sk)
713 {
714 }
715 
716 static int cap_tun_dev_attach(struct sock *sk)
717 {
718  return 0;
719 }
720 #endif /* CONFIG_SECURITY_NETWORK */
721 
722 #ifdef CONFIG_SECURITY_NETWORK_XFRM
723 static int cap_xfrm_policy_alloc_security(struct xfrm_sec_ctx **ctxp,
724  struct xfrm_user_sec_ctx *sec_ctx)
725 {
726  return 0;
727 }
728 
729 static int cap_xfrm_policy_clone_security(struct xfrm_sec_ctx *old_ctx,
730  struct xfrm_sec_ctx **new_ctxp)
731 {
732  return 0;
733 }
734 
735 static void cap_xfrm_policy_free_security(struct xfrm_sec_ctx *ctx)
736 {
737 }
738 
739 static int cap_xfrm_policy_delete_security(struct xfrm_sec_ctx *ctx)
740 {
741  return 0;
742 }
743 
744 static int cap_xfrm_state_alloc_security(struct xfrm_state *x,
745  struct xfrm_user_sec_ctx *sec_ctx,
746  u32 secid)
747 {
748  return 0;
749 }
750 
751 static void cap_xfrm_state_free_security(struct xfrm_state *x)
752 {
753 }
754 
755 static int cap_xfrm_state_delete_security(struct xfrm_state *x)
756 {
757  return 0;
758 }
759 
760 static int cap_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 sk_sid, u8 dir)
761 {
762  return 0;
763 }
764 
765 static int cap_xfrm_state_pol_flow_match(struct xfrm_state *x,
766  struct xfrm_policy *xp,
767  const struct flowi *fl)
768 {
769  return 1;
770 }
771 
772 static int cap_xfrm_decode_session(struct sk_buff *skb, u32 *fl, int ckall)
773 {
774  return 0;
775 }
776 
777 #endif /* CONFIG_SECURITY_NETWORK_XFRM */
778 static void cap_d_instantiate(struct dentry *dentry, struct inode *inode)
779 {
780 }
781 
782 static int cap_getprocattr(struct task_struct *p, char *name, char **value)
783 {
784  return -EINVAL;
785 }
786 
787 static int cap_setprocattr(struct task_struct *p, char *name, void *value,
788  size_t size)
789 {
790  return -EINVAL;
791 }
792 
793 static int cap_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
794 {
795  return -EOPNOTSUPP;
796 }
797 
798 static int cap_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
799 {
800  *secid = 0;
801  return 0;
802 }
803 
804 static void cap_release_secctx(char *secdata, u32 seclen)
805 {
806 }
807 
808 static int cap_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
809 {
810  return 0;
811 }
812 
813 static int cap_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
814 {
815  return 0;
816 }
817 
818 static int cap_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
819 {
820  return 0;
821 }
822 #ifdef CONFIG_KEYS
823 static int cap_key_alloc(struct key *key, const struct cred *cred,
824  unsigned long flags)
825 {
826  return 0;
827 }
828 
829 static void cap_key_free(struct key *key)
830 {
831 }
832 
833 static int cap_key_permission(key_ref_t key_ref, const struct cred *cred,
834  key_perm_t perm)
835 {
836  return 0;
837 }
838 
839 static int cap_key_getsecurity(struct key *key, char **_buffer)
840 {
841  *_buffer = NULL;
842  return 0;
843 }
844 
845 #endif /* CONFIG_KEYS */
846 
847 #ifdef CONFIG_AUDIT
848 static int cap_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
849 {
850  return 0;
851 }
852 
853 static int cap_audit_rule_known(struct audit_krule *krule)
854 {
855  return 0;
856 }
857 
858 static int cap_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
859  struct audit_context *actx)
860 {
861  return 0;
862 }
863 
864 static void cap_audit_rule_free(void *lsmrule)
865 {
866 }
867 #endif /* CONFIG_AUDIT */
868 
869 #define set_to_cap_if_null(ops, function) \
870  do { \
871  if (!ops->function) { \
872  ops->function = cap_##function; \
873  pr_debug("Had to override the " #function \
874  " security operation with the default.\n");\
875  } \
876  } while (0)
877 
878 void __init security_fixup_ops(struct security_operations *ops)
879 {
880  set_to_cap_if_null(ops, ptrace_access_check);
881  set_to_cap_if_null(ops, ptrace_traceme);
882  set_to_cap_if_null(ops, capget);
883  set_to_cap_if_null(ops, capset);
884  set_to_cap_if_null(ops, capable);
885  set_to_cap_if_null(ops, quotactl);
886  set_to_cap_if_null(ops, quota_on);
887  set_to_cap_if_null(ops, syslog);
888  set_to_cap_if_null(ops, settime);
889  set_to_cap_if_null(ops, vm_enough_memory);
890  set_to_cap_if_null(ops, bprm_set_creds);
891  set_to_cap_if_null(ops, bprm_committing_creds);
892  set_to_cap_if_null(ops, bprm_committed_creds);
893  set_to_cap_if_null(ops, bprm_check_security);
894  set_to_cap_if_null(ops, bprm_secureexec);
895  set_to_cap_if_null(ops, sb_alloc_security);
896  set_to_cap_if_null(ops, sb_free_security);
897  set_to_cap_if_null(ops, sb_copy_data);
898  set_to_cap_if_null(ops, sb_remount);
899  set_to_cap_if_null(ops, sb_kern_mount);
900  set_to_cap_if_null(ops, sb_show_options);
901  set_to_cap_if_null(ops, sb_statfs);
902  set_to_cap_if_null(ops, sb_mount);
903  set_to_cap_if_null(ops, sb_umount);
904  set_to_cap_if_null(ops, sb_pivotroot);
905  set_to_cap_if_null(ops, sb_set_mnt_opts);
906  set_to_cap_if_null(ops, sb_clone_mnt_opts);
907  set_to_cap_if_null(ops, sb_parse_opts_str);
908  set_to_cap_if_null(ops, inode_alloc_security);
909  set_to_cap_if_null(ops, inode_free_security);
910  set_to_cap_if_null(ops, inode_init_security);
911  set_to_cap_if_null(ops, inode_create);
912  set_to_cap_if_null(ops, inode_link);
913  set_to_cap_if_null(ops, inode_unlink);
914  set_to_cap_if_null(ops, inode_symlink);
915  set_to_cap_if_null(ops, inode_mkdir);
916  set_to_cap_if_null(ops, inode_rmdir);
917  set_to_cap_if_null(ops, inode_mknod);
918  set_to_cap_if_null(ops, inode_rename);
919  set_to_cap_if_null(ops, inode_readlink);
920  set_to_cap_if_null(ops, inode_follow_link);
921  set_to_cap_if_null(ops, inode_permission);
922  set_to_cap_if_null(ops, inode_setattr);
923  set_to_cap_if_null(ops, inode_getattr);
924  set_to_cap_if_null(ops, inode_setxattr);
925  set_to_cap_if_null(ops, inode_post_setxattr);
926  set_to_cap_if_null(ops, inode_getxattr);
927  set_to_cap_if_null(ops, inode_listxattr);
928  set_to_cap_if_null(ops, inode_removexattr);
929  set_to_cap_if_null(ops, inode_need_killpriv);
930  set_to_cap_if_null(ops, inode_killpriv);
931  set_to_cap_if_null(ops, inode_getsecurity);
932  set_to_cap_if_null(ops, inode_setsecurity);
933  set_to_cap_if_null(ops, inode_listsecurity);
934  set_to_cap_if_null(ops, inode_getsecid);
935 #ifdef CONFIG_SECURITY_PATH
936  set_to_cap_if_null(ops, path_mknod);
937  set_to_cap_if_null(ops, path_mkdir);
938  set_to_cap_if_null(ops, path_rmdir);
939  set_to_cap_if_null(ops, path_unlink);
940  set_to_cap_if_null(ops, path_symlink);
941  set_to_cap_if_null(ops, path_link);
942  set_to_cap_if_null(ops, path_rename);
943  set_to_cap_if_null(ops, path_truncate);
944  set_to_cap_if_null(ops, path_chmod);
945  set_to_cap_if_null(ops, path_chown);
946  set_to_cap_if_null(ops, path_chroot);
947 #endif
948  set_to_cap_if_null(ops, file_permission);
949  set_to_cap_if_null(ops, file_alloc_security);
950  set_to_cap_if_null(ops, file_free_security);
951  set_to_cap_if_null(ops, file_ioctl);
952  set_to_cap_if_null(ops, mmap_addr);
953  set_to_cap_if_null(ops, mmap_file);
954  set_to_cap_if_null(ops, file_mprotect);
955  set_to_cap_if_null(ops, file_lock);
956  set_to_cap_if_null(ops, file_fcntl);
957  set_to_cap_if_null(ops, file_set_fowner);
958  set_to_cap_if_null(ops, file_send_sigiotask);
959  set_to_cap_if_null(ops, file_receive);
960  set_to_cap_if_null(ops, file_open);
961  set_to_cap_if_null(ops, task_create);
962  set_to_cap_if_null(ops, task_free);
963  set_to_cap_if_null(ops, cred_alloc_blank);
964  set_to_cap_if_null(ops, cred_free);
965  set_to_cap_if_null(ops, cred_prepare);
966  set_to_cap_if_null(ops, cred_transfer);
967  set_to_cap_if_null(ops, kernel_act_as);
968  set_to_cap_if_null(ops, kernel_create_files_as);
969  set_to_cap_if_null(ops, kernel_module_request);
970  set_to_cap_if_null(ops, task_fix_setuid);
971  set_to_cap_if_null(ops, task_setpgid);
972  set_to_cap_if_null(ops, task_getpgid);
973  set_to_cap_if_null(ops, task_getsid);
974  set_to_cap_if_null(ops, task_getsecid);
975  set_to_cap_if_null(ops, task_setnice);
976  set_to_cap_if_null(ops, task_setioprio);
977  set_to_cap_if_null(ops, task_getioprio);
978  set_to_cap_if_null(ops, task_setrlimit);
979  set_to_cap_if_null(ops, task_setscheduler);
980  set_to_cap_if_null(ops, task_getscheduler);
981  set_to_cap_if_null(ops, task_movememory);
982  set_to_cap_if_null(ops, task_wait);
983  set_to_cap_if_null(ops, task_kill);
984  set_to_cap_if_null(ops, task_prctl);
985  set_to_cap_if_null(ops, task_to_inode);
986  set_to_cap_if_null(ops, ipc_permission);
987  set_to_cap_if_null(ops, ipc_getsecid);
988  set_to_cap_if_null(ops, msg_msg_alloc_security);
989  set_to_cap_if_null(ops, msg_msg_free_security);
990  set_to_cap_if_null(ops, msg_queue_alloc_security);
991  set_to_cap_if_null(ops, msg_queue_free_security);
992  set_to_cap_if_null(ops, msg_queue_associate);
993  set_to_cap_if_null(ops, msg_queue_msgctl);
994  set_to_cap_if_null(ops, msg_queue_msgsnd);
995  set_to_cap_if_null(ops, msg_queue_msgrcv);
996  set_to_cap_if_null(ops, shm_alloc_security);
997  set_to_cap_if_null(ops, shm_free_security);
998  set_to_cap_if_null(ops, shm_associate);
999  set_to_cap_if_null(ops, shm_shmctl);
1000  set_to_cap_if_null(ops, shm_shmat);
1001  set_to_cap_if_null(ops, sem_alloc_security);
1002  set_to_cap_if_null(ops, sem_free_security);
1003  set_to_cap_if_null(ops, sem_associate);
1004  set_to_cap_if_null(ops, sem_semctl);
1005  set_to_cap_if_null(ops, sem_semop);
1006  set_to_cap_if_null(ops, netlink_send);
1007  set_to_cap_if_null(ops, d_instantiate);
1008  set_to_cap_if_null(ops, getprocattr);
1009  set_to_cap_if_null(ops, setprocattr);
1010  set_to_cap_if_null(ops, secid_to_secctx);
1011  set_to_cap_if_null(ops, secctx_to_secid);
1012  set_to_cap_if_null(ops, release_secctx);
1013  set_to_cap_if_null(ops, inode_notifysecctx);
1014  set_to_cap_if_null(ops, inode_setsecctx);
1015  set_to_cap_if_null(ops, inode_getsecctx);
1016 #ifdef CONFIG_SECURITY_NETWORK
1017  set_to_cap_if_null(ops, unix_stream_connect);
1018  set_to_cap_if_null(ops, unix_may_send);
1019  set_to_cap_if_null(ops, socket_create);
1020  set_to_cap_if_null(ops, socket_post_create);
1021  set_to_cap_if_null(ops, socket_bind);
1022  set_to_cap_if_null(ops, socket_connect);
1023  set_to_cap_if_null(ops, socket_listen);
1024  set_to_cap_if_null(ops, socket_accept);
1025  set_to_cap_if_null(ops, socket_sendmsg);
1026  set_to_cap_if_null(ops, socket_recvmsg);
1027  set_to_cap_if_null(ops, socket_getsockname);
1028  set_to_cap_if_null(ops, socket_getpeername);
1029  set_to_cap_if_null(ops, socket_setsockopt);
1030  set_to_cap_if_null(ops, socket_getsockopt);
1031  set_to_cap_if_null(ops, socket_shutdown);
1032  set_to_cap_if_null(ops, socket_sock_rcv_skb);
1033  set_to_cap_if_null(ops, socket_getpeersec_stream);
1034  set_to_cap_if_null(ops, socket_getpeersec_dgram);
1035  set_to_cap_if_null(ops, sk_alloc_security);
1036  set_to_cap_if_null(ops, sk_free_security);
1037  set_to_cap_if_null(ops, sk_clone_security);
1038  set_to_cap_if_null(ops, sk_getsecid);
1039  set_to_cap_if_null(ops, sock_graft);
1040  set_to_cap_if_null(ops, inet_conn_request);
1041  set_to_cap_if_null(ops, inet_csk_clone);
1042  set_to_cap_if_null(ops, inet_conn_established);
1043  set_to_cap_if_null(ops, secmark_relabel_packet);
1044  set_to_cap_if_null(ops, secmark_refcount_inc);
1045  set_to_cap_if_null(ops, secmark_refcount_dec);
1046  set_to_cap_if_null(ops, req_classify_flow);
1047  set_to_cap_if_null(ops, tun_dev_create);
1048  set_to_cap_if_null(ops, tun_dev_post_create);
1049  set_to_cap_if_null(ops, tun_dev_attach);
1050 #endif /* CONFIG_SECURITY_NETWORK */
1051 #ifdef CONFIG_SECURITY_NETWORK_XFRM
1052  set_to_cap_if_null(ops, xfrm_policy_alloc_security);
1053  set_to_cap_if_null(ops, xfrm_policy_clone_security);
1054  set_to_cap_if_null(ops, xfrm_policy_free_security);
1055  set_to_cap_if_null(ops, xfrm_policy_delete_security);
1056  set_to_cap_if_null(ops, xfrm_state_alloc_security);
1057  set_to_cap_if_null(ops, xfrm_state_free_security);
1058  set_to_cap_if_null(ops, xfrm_state_delete_security);
1059  set_to_cap_if_null(ops, xfrm_policy_lookup);
1060  set_to_cap_if_null(ops, xfrm_state_pol_flow_match);
1061  set_to_cap_if_null(ops, xfrm_decode_session);
1062 #endif /* CONFIG_SECURITY_NETWORK_XFRM */
1063 #ifdef CONFIG_KEYS
1064  set_to_cap_if_null(ops, key_alloc);
1065  set_to_cap_if_null(ops, key_free);
1066  set_to_cap_if_null(ops, key_permission);
1067  set_to_cap_if_null(ops, key_getsecurity);
1068 #endif /* CONFIG_KEYS */
1069 #ifdef CONFIG_AUDIT
1070  set_to_cap_if_null(ops, audit_rule_init);
1071  set_to_cap_if_null(ops, audit_rule_known);
1072  set_to_cap_if_null(ops, audit_rule_match);
1073  set_to_cap_if_null(ops, audit_rule_free);
1074 #endif
1075 }
Generated on Thu Jan 10 2013 14:54:12 for Linux Kernel by   doxygen 1.8.2