1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22#ifndef __LINUX_SECURITY_H
23#define __LINUX_SECURITY_H
24
25#include <linux/fs.h>
26#include <linux/binfmts.h>
27#include <linux/signal.h>
28#include <linux/resource.h>
29#include <linux/sem.h>
30#include <linux/shm.h>
31#include <linux/mm.h>
32#include <linux/msg.h>
33#include <linux/sched.h>
34#include <linux/key.h>
35#include <linux/xfrm.h>
36#include <linux/gfp.h>
37#include <net/flow.h>
38
39
40#define SECURITY_NAME_MAX 10
41
42
43#define SECURITY_CAP_NOAUDIT 0
44#define SECURITY_CAP_AUDIT 1
45
46struct ctl_table;
47struct audit_krule;
48
49
50
51
52
53extern int cap_capable(struct task_struct *tsk, const struct cred *cred,
54 int cap, int audit);
55extern int cap_settime(struct timespec *ts, struct timezone *tz);
56extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
57extern int cap_ptrace_traceme(struct task_struct *parent);
58extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
59extern int cap_capset(struct cred *new, const struct cred *old,
60 const kernel_cap_t *effective,
61 const kernel_cap_t *inheritable,
62 const kernel_cap_t *permitted);
63extern int cap_bprm_set_creds(struct linux_binprm *bprm);
64extern int cap_bprm_secureexec(struct linux_binprm *bprm);
65extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
66 const void *value, size_t size, int flags);
67extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
68extern int cap_inode_need_killpriv(struct dentry *dentry);
69extern int cap_inode_killpriv(struct dentry *dentry);
70extern int cap_file_mmap(struct file *file, unsigned long reqprot,
71 unsigned long prot, unsigned long flags,
72 unsigned long addr, unsigned long addr_only);
73extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
74extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
75 unsigned long arg4, unsigned long arg5);
76extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp);
77extern int cap_task_setioprio(struct task_struct *p, int ioprio);
78extern int cap_task_setnice(struct task_struct *p, int nice);
79extern int cap_syslog(int type);
80extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
81
82struct msghdr;
83struct sk_buff;
84struct sock;
85struct sockaddr;
86struct socket;
87struct flowi;
88struct dst_entry;
89struct xfrm_selector;
90struct xfrm_policy;
91struct xfrm_state;
92struct xfrm_user_sec_ctx;
93struct seq_file;
94
95extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
96extern int cap_netlink_recv(struct sk_buff *skb, int cap);
97
98extern unsigned long mmap_min_addr;
99extern unsigned long dac_mmap_min_addr;
100
101
102
103
104#define LSM_SETID_ID 1
105
106
107#define LSM_SETID_RE 2
108
109
110#define LSM_SETID_RES 4
111
112
113#define LSM_SETID_FS 8
114
115
116struct sched_param;
117struct request_sock;
118
119
120#define LSM_UNSAFE_SHARE 1
121#define LSM_UNSAFE_PTRACE 2
122#define LSM_UNSAFE_PTRACE_CAP 4
123
124
125
126
127
128static inline unsigned long round_hint_to_min(unsigned long hint)
129{
130 hint &= PAGE_MASK;
131 if (((void *)hint != NULL) &&
132 (hint < mmap_min_addr))
133 return PAGE_ALIGN(mmap_min_addr);
134 return hint;
135}
136extern int mmap_min_addr_handler(struct ctl_table *table, int write,
137 void __user *buffer, size_t *lenp, loff_t *ppos);
138
139#ifdef CONFIG_SECURITY
140
141struct security_mnt_opts {
142 char **mnt_opts;
143 int *mnt_opts_flags;
144 int num_mnt_opts;
145};
146
147static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
148{
149 opts->mnt_opts = NULL;
150 opts->mnt_opts_flags = NULL;
151 opts->num_mnt_opts = 0;
152}
153
154static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
155{
156 int i;
157 if (opts->mnt_opts)
158 for (i = 0; i < opts->num_mnt_opts; i++)
159 kfree(opts->mnt_opts[i]);
160 kfree(opts->mnt_opts);
161 opts->mnt_opts = NULL;
162 kfree(opts->mnt_opts_flags);
163 opts->mnt_opts_flags = NULL;
164 opts->num_mnt_opts = 0;
165}
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422struct security_operations {
1423 char name[SECURITY_NAME_MAX + 1];
1424
1425 int (*ptrace_access_check) (struct task_struct *child, unsigned int mode);
1426 int (*ptrace_traceme) (struct task_struct *parent);
1427 int (*capget) (struct task_struct *target,
1428 kernel_cap_t *effective,
1429 kernel_cap_t *inheritable, kernel_cap_t *permitted);
1430 int (*capset) (struct cred *new,
1431 const struct cred *old,
1432 const kernel_cap_t *effective,
1433 const kernel_cap_t *inheritable,
1434 const kernel_cap_t *permitted);
1435 int (*capable) (struct task_struct *tsk, const struct cred *cred,
1436 int cap, int audit);
1437 int (*acct) (struct file *file);
1438 int (*sysctl) (struct ctl_table *table, int op);
1439 int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
1440 int (*quota_on) (struct dentry *dentry);
1441 int (*syslog) (int type);
1442 int (*settime) (struct timespec *ts, struct timezone *tz);
1443 int (*vm_enough_memory) (struct mm_struct *mm, long pages);
1444
1445 int (*bprm_set_creds) (struct linux_binprm *bprm);
1446 int (*bprm_check_security) (struct linux_binprm *bprm);
1447 int (*bprm_secureexec) (struct linux_binprm *bprm);
1448 void (*bprm_committing_creds) (struct linux_binprm *bprm);
1449 void (*bprm_committed_creds) (struct linux_binprm *bprm);
1450
1451 int (*sb_alloc_security) (struct super_block *sb);
1452 void (*sb_free_security) (struct super_block *sb);
1453 int (*sb_copy_data) (char *orig, char *copy);
1454 int (*sb_kern_mount) (struct super_block *sb, int flags, void *data);
1455 int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
1456 int (*sb_statfs) (struct dentry *dentry);
1457 int (*sb_mount) (char *dev_name, struct path *path,
1458 char *type, unsigned long flags, void *data);
1459 int (*sb_check_sb) (struct vfsmount *mnt, struct path *path);
1460 int (*sb_umount) (struct vfsmount *mnt, int flags);
1461 void (*sb_umount_close) (struct vfsmount *mnt);
1462 void (*sb_umount_busy) (struct vfsmount *mnt);
1463 void (*sb_post_remount) (struct vfsmount *mnt,
1464 unsigned long flags, void *data);
1465 void (*sb_post_addmount) (struct vfsmount *mnt,
1466 struct path *mountpoint);
1467 int (*sb_pivotroot) (struct path *old_path,
1468 struct path *new_path);
1469 void (*sb_post_pivotroot) (struct path *old_path,
1470 struct path *new_path);
1471 int (*sb_set_mnt_opts) (struct super_block *sb,
1472 struct security_mnt_opts *opts);
1473 void (*sb_clone_mnt_opts) (const struct super_block *oldsb,
1474 struct super_block *newsb);
1475 int (*sb_parse_opts_str) (char *options, struct security_mnt_opts *opts);
1476
1477#ifdef CONFIG_SECURITY_PATH
1478 int (*path_unlink) (struct path *dir, struct dentry *dentry);
1479 int (*path_mkdir) (struct path *dir, struct dentry *dentry, int mode);
1480 int (*path_rmdir) (struct path *dir, struct dentry *dentry);
1481 int (*path_mknod) (struct path *dir, struct dentry *dentry, int mode,
1482 unsigned int dev);
1483 int (*path_truncate) (struct path *path, loff_t length,
1484 unsigned int time_attrs);
1485 int (*path_symlink) (struct path *dir, struct dentry *dentry,
1486 const char *old_name);
1487 int (*path_link) (struct dentry *old_dentry, struct path *new_dir,
1488 struct dentry *new_dentry);
1489 int (*path_rename) (struct path *old_dir, struct dentry *old_dentry,
1490 struct path *new_dir, struct dentry *new_dentry);
1491#endif
1492
1493 int (*inode_alloc_security) (struct inode *inode);
1494 void (*inode_free_security) (struct inode *inode);
1495 int (*inode_init_security) (struct inode *inode, struct inode *dir,
1496 char **name, void **value, size_t *len);
1497 int (*inode_create) (struct inode *dir,
1498 struct dentry *dentry, int mode);
1499 int (*inode_link) (struct dentry *old_dentry,
1500 struct inode *dir, struct dentry *new_dentry);
1501 int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
1502 int (*inode_symlink) (struct inode *dir,
1503 struct dentry *dentry, const char *old_name);
1504 int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, int mode);
1505 int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
1506 int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
1507 int mode, dev_t dev);
1508 int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
1509 struct inode *new_dir, struct dentry *new_dentry);
1510 int (*inode_readlink) (struct dentry *dentry);
1511 int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
1512 int (*inode_permission) (struct inode *inode, int mask);
1513 int (*inode_setattr) (struct dentry *dentry, struct iattr *attr);
1514 int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry);
1515 void (*inode_delete) (struct inode *inode);
1516 int (*inode_setxattr) (struct dentry *dentry, const char *name,
1517 const void *value, size_t size, int flags);
1518 void (*inode_post_setxattr) (struct dentry *dentry, const char *name,
1519 const void *value, size_t size, int flags);
1520 int (*inode_getxattr) (struct dentry *dentry, const char *name);
1521 int (*inode_listxattr) (struct dentry *dentry);
1522 int (*inode_removexattr) (struct dentry *dentry, const char *name);
1523 int (*inode_need_killpriv) (struct dentry *dentry);
1524 int (*inode_killpriv) (struct dentry *dentry);
1525 int (*inode_getsecurity) (const struct inode *inode, const char *name, void **buffer, bool alloc);
1526 int (*inode_setsecurity) (struct inode *inode, const char *name, const void *value, size_t size, int flags);
1527 int (*inode_listsecurity) (struct inode *inode, char *buffer, size_t buffer_size);
1528 void (*inode_getsecid) (const struct inode *inode, u32 *secid);
1529
1530 int (*file_permission) (struct file *file, int mask);
1531 int (*file_alloc_security) (struct file *file);
1532 void (*file_free_security) (struct file *file);
1533 int (*file_ioctl) (struct file *file, unsigned int cmd,
1534 unsigned long arg);
1535 int (*file_mmap) (struct file *file,
1536 unsigned long reqprot, unsigned long prot,
1537 unsigned long flags, unsigned long addr,
1538 unsigned long addr_only);
1539 int (*file_mprotect) (struct vm_area_struct *vma,
1540 unsigned long reqprot,
1541 unsigned long prot);
1542 int (*file_lock) (struct file *file, unsigned int cmd);
1543 int (*file_fcntl) (struct file *file, unsigned int cmd,
1544 unsigned long arg);
1545 int (*file_set_fowner) (struct file *file);
1546 int (*file_send_sigiotask) (struct task_struct *tsk,
1547 struct fown_struct *fown, int sig);
1548 int (*file_receive) (struct file *file);
1549 int (*dentry_open) (struct file *file, const struct cred *cred);
1550
1551 int (*task_create) (unsigned long clone_flags);
1552 int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp);
1553 void (*cred_free) (struct cred *cred);
1554 int (*cred_prepare)(struct cred *new, const struct cred *old,
1555 gfp_t gfp);
1556 void (*cred_commit)(struct cred *new, const struct cred *old);
1557 void (*cred_transfer)(struct cred *new, const struct cred *old);
1558 int (*kernel_act_as)(struct cred *new, u32 secid);
1559 int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
1560 int (*kernel_module_request)(void);
1561 int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags);
1562 int (*task_fix_setuid) (struct cred *new, const struct cred *old,
1563 int flags);
1564 int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags);
1565 int (*task_setpgid) (struct task_struct *p, pid_t pgid);
1566 int (*task_getpgid) (struct task_struct *p);
1567 int (*task_getsid) (struct task_struct *p);
1568 void (*task_getsecid) (struct task_struct *p, u32 *secid);
1569 int (*task_setgroups) (struct group_info *group_info);
1570 int (*task_setnice) (struct task_struct *p, int nice);
1571 int (*task_setioprio) (struct task_struct *p, int ioprio);
1572 int (*task_getioprio) (struct task_struct *p);
1573 int (*task_setrlimit) (unsigned int resource, struct rlimit *new_rlim);
1574 int (*task_setscheduler) (struct task_struct *p, int policy,
1575 struct sched_param *lp);
1576 int (*task_getscheduler) (struct task_struct *p);
1577 int (*task_movememory) (struct task_struct *p);
1578 int (*task_kill) (struct task_struct *p,
1579 struct siginfo *info, int sig, u32 secid);
1580 int (*task_wait) (struct task_struct *p);
1581 int (*task_prctl) (int option, unsigned long arg2,
1582 unsigned long arg3, unsigned long arg4,
1583 unsigned long arg5);
1584 void (*task_to_inode) (struct task_struct *p, struct inode *inode);
1585
1586 int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag);
1587 void (*ipc_getsecid) (struct kern_ipc_perm *ipcp, u32 *secid);
1588
1589 int (*msg_msg_alloc_security) (struct msg_msg *msg);
1590 void (*msg_msg_free_security) (struct msg_msg *msg);
1591
1592 int (*msg_queue_alloc_security) (struct msg_queue *msq);
1593 void (*msg_queue_free_security) (struct msg_queue *msq);
1594 int (*msg_queue_associate) (struct msg_queue *msq, int msqflg);
1595 int (*msg_queue_msgctl) (struct msg_queue *msq, int cmd);
1596 int (*msg_queue_msgsnd) (struct msg_queue *msq,
1597 struct msg_msg *msg, int msqflg);
1598 int (*msg_queue_msgrcv) (struct msg_queue *msq,
1599 struct msg_msg *msg,
1600 struct task_struct *target,
1601 long type, int mode);
1602
1603 int (*shm_alloc_security) (struct shmid_kernel *shp);
1604 void (*shm_free_security) (struct shmid_kernel *shp);
1605 int (*shm_associate) (struct shmid_kernel *shp, int shmflg);
1606 int (*shm_shmctl) (struct shmid_kernel *shp, int cmd);
1607 int (*shm_shmat) (struct shmid_kernel *shp,
1608 char __user *shmaddr, int shmflg);
1609
1610 int (*sem_alloc_security) (struct sem_array *sma);
1611 void (*sem_free_security) (struct sem_array *sma);
1612 int (*sem_associate) (struct sem_array *sma, int semflg);
1613 int (*sem_semctl) (struct sem_array *sma, int cmd);
1614 int (*sem_semop) (struct sem_array *sma,
1615 struct sembuf *sops, unsigned nsops, int alter);
1616
1617 int (*netlink_send) (struct sock *sk, struct sk_buff *skb);
1618 int (*netlink_recv) (struct sk_buff *skb, int cap);
1619
1620 void (*d_instantiate) (struct dentry *dentry, struct inode *inode);
1621
1622 int (*getprocattr) (struct task_struct *p, char *name, char **value);
1623 int (*setprocattr) (struct task_struct *p, char *name, void *value, size_t size);
1624 int (*secid_to_secctx) (u32 secid, char **secdata, u32 *seclen);
1625 int (*secctx_to_secid) (const char *secdata, u32 seclen, u32 *secid);
1626 void (*release_secctx) (char *secdata, u32 seclen);
1627
1628 int (*inode_notifysecctx)(struct inode *inode, void *ctx, u32 ctxlen);
1629 int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen);
1630 int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen);
1631
1632#ifdef CONFIG_SECURITY_NETWORK
1633 int (*unix_stream_connect) (struct socket *sock,
1634 struct socket *other, struct sock *newsk);
1635 int (*unix_may_send) (struct socket *sock, struct socket *other);
1636
1637 int (*socket_create) (int family, int type, int protocol, int kern);
1638 int (*socket_post_create) (struct socket *sock, int family,
1639 int type, int protocol, int kern);
1640 int (*socket_bind) (struct socket *sock,
1641 struct sockaddr *address, int addrlen);
1642 int (*socket_connect) (struct socket *sock,
1643 struct sockaddr *address, int addrlen);
1644 int (*socket_listen) (struct socket *sock, int backlog);
1645 int (*socket_accept) (struct socket *sock, struct socket *newsock);
1646 int (*socket_sendmsg) (struct socket *sock,
1647 struct msghdr *msg, int size);
1648 int (*socket_recvmsg) (struct socket *sock,
1649 struct msghdr *msg, int size, int flags);
1650 int (*socket_getsockname) (struct socket *sock);
1651 int (*socket_getpeername) (struct socket *sock);
1652 int (*socket_getsockopt) (struct socket *sock, int level, int optname);
1653 int (*socket_setsockopt) (struct socket *sock, int level, int optname);
1654 int (*socket_shutdown) (struct socket *sock, int how);
1655 int (*socket_sock_rcv_skb) (struct sock *sk, struct sk_buff *skb);
1656 int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
1657 int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
1658 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
1659 void (*sk_free_security) (struct sock *sk);
1660 void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
1661 void (*sk_getsecid) (struct sock *sk, u32 *secid);
1662 void (*sock_graft) (struct sock *sk, struct socket *parent);
1663 int (*inet_conn_request) (struct sock *sk, struct sk_buff *skb,
1664 struct request_sock *req);
1665 void (*inet_csk_clone) (struct sock *newsk, const struct request_sock *req);
1666 void (*inet_conn_established) (struct sock *sk, struct sk_buff *skb);
1667 void (*req_classify_flow) (const struct request_sock *req, struct flowi *fl);
1668 int (*tun_dev_create)(void);
1669 void (*tun_dev_post_create)(struct sock *sk);
1670 int (*tun_dev_attach)(struct sock *sk);
1671#endif
1672
1673#ifdef CONFIG_SECURITY_NETWORK_XFRM
1674 int (*xfrm_policy_alloc_security) (struct xfrm_sec_ctx **ctxp,
1675 struct xfrm_user_sec_ctx *sec_ctx);
1676 int (*xfrm_policy_clone_security) (struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctx);
1677 void (*xfrm_policy_free_security) (struct xfrm_sec_ctx *ctx);
1678 int (*xfrm_policy_delete_security) (struct xfrm_sec_ctx *ctx);
1679 int (*xfrm_state_alloc_security) (struct xfrm_state *x,
1680 struct xfrm_user_sec_ctx *sec_ctx,
1681 u32 secid);
1682 void (*xfrm_state_free_security) (struct xfrm_state *x);
1683 int (*xfrm_state_delete_security) (struct xfrm_state *x);
1684 int (*xfrm_policy_lookup) (struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
1685 int (*xfrm_state_pol_flow_match) (struct xfrm_state *x,
1686 struct xfrm_policy *xp,
1687 struct flowi *fl);
1688 int (*xfrm_decode_session) (struct sk_buff *skb, u32 *secid, int ckall);
1689#endif
1690
1691
1692#ifdef CONFIG_KEYS
1693 int (*key_alloc) (struct key *key, const struct cred *cred, unsigned long flags);
1694 void (*key_free) (struct key *key);
1695 int (*key_permission) (key_ref_t key_ref,
1696 const struct cred *cred,
1697 key_perm_t perm);
1698 int (*key_getsecurity)(struct key *key, char **_buffer);
1699 int (*key_session_to_parent)(const struct cred *cred,
1700 const struct cred *parent_cred,
1701 struct key *key);
1702#endif
1703
1704#ifdef CONFIG_AUDIT
1705 int (*audit_rule_init) (u32 field, u32 op, char *rulestr, void **lsmrule);
1706 int (*audit_rule_known) (struct audit_krule *krule);
1707 int (*audit_rule_match) (u32 secid, u32 field, u32 op, void *lsmrule,
1708 struct audit_context *actx);
1709 void (*audit_rule_free) (void *lsmrule);
1710#endif
1711};
1712
1713
1714extern int security_init(void);
1715extern int security_module_enable(struct security_operations *ops);
1716extern int register_security(struct security_operations *ops);
1717
1718
1719int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
1720int security_ptrace_traceme(struct task_struct *parent);
1721int security_capget(struct task_struct *target,
1722 kernel_cap_t *effective,
1723 kernel_cap_t *inheritable,
1724 kernel_cap_t *permitted);
1725int security_capset(struct cred *new, const struct cred *old,
1726 const kernel_cap_t *effective,
1727 const kernel_cap_t *inheritable,
1728 const kernel_cap_t *permitted);
1729int security_capable(int cap);
1730int security_real_capable(struct task_struct *tsk, int cap);
1731int security_real_capable_noaudit(struct task_struct *tsk, int cap);
1732int security_acct(struct file *file);
1733int security_sysctl(struct ctl_table *table, int op);
1734int security_quotactl(int cmds, int type, int id, struct super_block *sb);
1735int security_quota_on(struct dentry *dentry);
1736int security_syslog(int type);
1737int security_settime(struct timespec *ts, struct timezone *tz);
1738int security_vm_enough_memory(long pages);
1739int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
1740int security_vm_enough_memory_kern(long pages);
1741int security_bprm_set_creds(struct linux_binprm *bprm);
1742int security_bprm_check(struct linux_binprm *bprm);
1743void security_bprm_committing_creds(struct linux_binprm *bprm);
1744void security_bprm_committed_creds(struct linux_binprm *bprm);
1745int security_bprm_secureexec(struct linux_binprm *bprm);
1746int security_sb_alloc(struct super_block *sb);
1747void security_sb_free(struct super_block *sb);
1748int security_sb_copy_data(char *orig, char *copy);
1749int security_sb_kern_mount(struct super_block *sb, int flags, void *data);
1750int security_sb_show_options(struct seq_file *m, struct super_block *sb);
1751int security_sb_statfs(struct dentry *dentry);
1752int security_sb_mount(char *dev_name, struct path *path,
1753 char *type, unsigned long flags, void *data);
1754int security_sb_check_sb(struct vfsmount *mnt, struct path *path);
1755int security_sb_umount(struct vfsmount *mnt, int flags);
1756void security_sb_umount_close(struct vfsmount *mnt);
1757void security_sb_umount_busy(struct vfsmount *mnt);
1758void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data);
1759void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint);
1760int security_sb_pivotroot(struct path *old_path, struct path *new_path);
1761void security_sb_post_pivotroot(struct path *old_path, struct path *new_path);
1762int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts);
1763void security_sb_clone_mnt_opts(const struct super_block *oldsb,
1764 struct super_block *newsb);
1765int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts);
1766
1767int security_inode_alloc(struct inode *inode);
1768void security_inode_free(struct inode *inode);
1769int security_inode_init_security(struct inode *inode, struct inode *dir,
1770 char **name, void **value, size_t *len);
1771int security_inode_create(struct inode *dir, struct dentry *dentry, int mode);
1772int security_inode_link(struct dentry *old_dentry, struct inode *dir,
1773 struct dentry *new_dentry);
1774int security_inode_unlink(struct inode *dir, struct dentry *dentry);
1775int security_inode_symlink(struct inode *dir, struct dentry *dentry,
1776 const char *old_name);
1777int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode);
1778int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
1779int security_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev);
1780int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
1781 struct inode *new_dir, struct dentry *new_dentry);
1782int security_inode_readlink(struct dentry *dentry);
1783int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd);
1784int security_inode_permission(struct inode *inode, int mask);
1785int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
1786int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry);
1787void security_inode_delete(struct inode *inode);
1788int security_inode_setxattr(struct dentry *dentry, const char *name,
1789 const void *value, size_t size, int flags);
1790void security_inode_post_setxattr(struct dentry *dentry, const char *name,
1791 const void *value, size_t size, int flags);
1792int security_inode_getxattr(struct dentry *dentry, const char *name);
1793int security_inode_listxattr(struct dentry *dentry);
1794int security_inode_removexattr(struct dentry *dentry, const char *name);
1795int security_inode_need_killpriv(struct dentry *dentry);
1796int security_inode_killpriv(struct dentry *dentry);
1797int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc);
1798int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
1799int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
1800void security_inode_getsecid(const struct inode *inode, u32 *secid);
1801int security_file_permission(struct file *file, int mask);
1802int security_file_alloc(struct file *file);
1803void security_file_free(struct file *file);
1804int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
1805int security_file_mmap(struct file *file, unsigned long reqprot,
1806 unsigned long prot, unsigned long flags,
1807 unsigned long addr, unsigned long addr_only);
1808int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
1809 unsigned long prot);
1810int security_file_lock(struct file *file, unsigned int cmd);
1811int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
1812int security_file_set_fowner(struct file *file);
1813int security_file_send_sigiotask(struct task_struct *tsk,
1814 struct fown_struct *fown, int sig);
1815int security_file_receive(struct file *file);
1816int security_dentry_open(struct file *file, const struct cred *cred);
1817int security_task_create(unsigned long clone_flags);
1818int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
1819void security_cred_free(struct cred *cred);
1820int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
1821void security_commit_creds(struct cred *new, const struct cred *old);
1822void security_transfer_creds(struct cred *new, const struct cred *old);
1823int security_kernel_act_as(struct cred *new, u32 secid);
1824int security_kernel_create_files_as(struct cred *new, struct inode *inode);
1825int security_kernel_module_request(void);
1826int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags);
1827int security_task_fix_setuid(struct cred *new, const struct cred *old,
1828 int flags);
1829int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags);
1830int security_task_setpgid(struct task_struct *p, pid_t pgid);
1831int security_task_getpgid(struct task_struct *p);
1832int security_task_getsid(struct task_struct *p);
1833void security_task_getsecid(struct task_struct *p, u32 *secid);
1834int security_task_setgroups(struct group_info *group_info);
1835int security_task_setnice(struct task_struct *p, int nice);
1836int security_task_setioprio(struct task_struct *p, int ioprio);
1837int security_task_getioprio(struct task_struct *p);
1838int security_task_setrlimit(unsigned int resource, struct rlimit *new_rlim);
1839int security_task_setscheduler(struct task_struct *p,
1840 int policy, struct sched_param *lp);
1841int security_task_getscheduler(struct task_struct *p);
1842int security_task_movememory(struct task_struct *p);
1843int security_task_kill(struct task_struct *p, struct siginfo *info,
1844 int sig, u32 secid);
1845int security_task_wait(struct task_struct *p);
1846int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
1847 unsigned long arg4, unsigned long arg5);
1848void security_task_to_inode(struct task_struct *p, struct inode *inode);
1849int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
1850void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
1851int security_msg_msg_alloc(struct msg_msg *msg);
1852void security_msg_msg_free(struct msg_msg *msg);
1853int security_msg_queue_alloc(struct msg_queue *msq);
1854void security_msg_queue_free(struct msg_queue *msq);
1855int security_msg_queue_associate(struct msg_queue *msq, int msqflg);
1856int security_msg_queue_msgctl(struct msg_queue *msq, int cmd);
1857int security_msg_queue_msgsnd(struct msg_queue *msq,
1858 struct msg_msg *msg, int msqflg);
1859int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
1860 struct task_struct *target, long type, int mode);
1861int security_shm_alloc(struct shmid_kernel *shp);
1862void security_shm_free(struct shmid_kernel *shp);
1863int security_shm_associate(struct shmid_kernel *shp, int shmflg);
1864int security_shm_shmctl(struct shmid_kernel *shp, int cmd);
1865int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg);
1866int security_sem_alloc(struct sem_array *sma);
1867void security_sem_free(struct sem_array *sma);
1868int security_sem_associate(struct sem_array *sma, int semflg);
1869int security_sem_semctl(struct sem_array *sma, int cmd);
1870int security_sem_semop(struct sem_array *sma, struct sembuf *sops,
1871 unsigned nsops, int alter);
1872void security_d_instantiate(struct dentry *dentry, struct inode *inode);
1873int security_getprocattr(struct task_struct *p, char *name, char **value);
1874int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size);
1875int security_netlink_send(struct sock *sk, struct sk_buff *skb);
1876int security_netlink_recv(struct sk_buff *skb, int cap);
1877int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
1878int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
1879void security_release_secctx(char *secdata, u32 seclen);
1880
1881int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
1882int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
1883int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
1884#else
1885struct security_mnt_opts {
1886};
1887
1888static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
1889{
1890}
1891
1892static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1893{
1894}
1895
1896
1897
1898
1899
1900
1901static inline int security_init(void)
1902{
1903 return 0;
1904}
1905
1906static inline int security_ptrace_access_check(struct task_struct *child,
1907 unsigned int mode)
1908{
1909 return cap_ptrace_access_check(child, mode);
1910}
1911
1912static inline int security_ptrace_traceme(struct task_struct *parent)
1913{
1914 return cap_ptrace_traceme(parent);
1915}
1916
1917static inline int security_capget(struct task_struct *target,
1918 kernel_cap_t *effective,
1919 kernel_cap_t *inheritable,
1920 kernel_cap_t *permitted)
1921{
1922 return cap_capget(target, effective, inheritable, permitted);
1923}
1924
1925static inline int security_capset(struct cred *new,
1926 const struct cred *old,
1927 const kernel_cap_t *effective,
1928 const kernel_cap_t *inheritable,
1929 const kernel_cap_t *permitted)
1930{
1931 return cap_capset(new, old, effective, inheritable, permitted);
1932}
1933
1934static inline int security_capable(int cap)
1935{
1936 return cap_capable(current, current_cred(), cap, SECURITY_CAP_AUDIT);
1937}
1938
1939static inline int security_real_capable(struct task_struct *tsk, int cap)
1940{
1941 int ret;
1942
1943 rcu_read_lock();
1944 ret = cap_capable(tsk, __task_cred(tsk), cap, SECURITY_CAP_AUDIT);
1945 rcu_read_unlock();
1946 return ret;
1947}
1948
1949static inline
1950int security_real_capable_noaudit(struct task_struct *tsk, int cap)
1951{
1952 int ret;
1953
1954 rcu_read_lock();
1955 ret = cap_capable(tsk, __task_cred(tsk), cap,
1956 SECURITY_CAP_NOAUDIT);
1957 rcu_read_unlock();
1958 return ret;
1959}
1960
1961static inline int security_acct(struct file *file)
1962{
1963 return 0;
1964}
1965
1966static inline int security_sysctl(struct ctl_table *table, int op)
1967{
1968 return 0;
1969}
1970
1971static inline int security_quotactl(int cmds, int type, int id,
1972 struct super_block *sb)
1973{
1974 return 0;
1975}
1976
1977static inline int security_quota_on(struct dentry *dentry)
1978{
1979 return 0;
1980}
1981
1982static inline int security_syslog(int type)
1983{
1984 return cap_syslog(type);
1985}
1986
1987static inline int security_settime(struct timespec *ts, struct timezone *tz)
1988{
1989 return cap_settime(ts, tz);
1990}
1991
1992static inline int security_vm_enough_memory(long pages)
1993{
1994 WARN_ON(current->mm == NULL);
1995 return cap_vm_enough_memory(current->mm, pages);
1996}
1997
1998static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
1999{
2000 WARN_ON(mm == NULL);
2001 return cap_vm_enough_memory(mm, pages);
2002}
2003
2004static inline int security_vm_enough_memory_kern(long pages)
2005{
2006
2007
2008 return cap_vm_enough_memory(current->mm, pages);
2009}
2010
2011static inline int security_bprm_set_creds(struct linux_binprm *bprm)
2012{
2013 return cap_bprm_set_creds(bprm);
2014}
2015
2016static inline int security_bprm_check(struct linux_binprm *bprm)
2017{
2018 return 0;
2019}
2020
2021static inline void security_bprm_committing_creds(struct linux_binprm *bprm)
2022{
2023}
2024
2025static inline void security_bprm_committed_creds(struct linux_binprm *bprm)
2026{
2027}
2028
2029static inline int security_bprm_secureexec(struct linux_binprm *bprm)
2030{
2031 return cap_bprm_secureexec(bprm);
2032}
2033
2034static inline int security_sb_alloc(struct super_block *sb)
2035{
2036 return 0;
2037}
2038
2039static inline void security_sb_free(struct super_block *sb)
2040{ }
2041
2042static inline int security_sb_copy_data(char *orig, char *copy)
2043{
2044 return 0;
2045}
2046
2047static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
2048{
2049 return 0;
2050}
2051
2052static inline int security_sb_show_options(struct seq_file *m,
2053 struct super_block *sb)
2054{
2055 return 0;
2056}
2057
2058static inline int security_sb_statfs(struct dentry *dentry)
2059{
2060 return 0;
2061}
2062
2063static inline int security_sb_mount(char *dev_name, struct path *path,
2064 char *type, unsigned long flags,
2065 void *data)
2066{
2067 return 0;
2068}
2069
2070static inline int security_sb_check_sb(struct vfsmount *mnt,
2071 struct path *path)
2072{
2073 return 0;
2074}
2075
2076static inline int security_sb_umount(struct vfsmount *mnt, int flags)
2077{
2078 return 0;
2079}
2080
2081static inline void security_sb_umount_close(struct vfsmount *mnt)
2082{ }
2083
2084static inline void security_sb_umount_busy(struct vfsmount *mnt)
2085{ }
2086
2087static inline void security_sb_post_remount(struct vfsmount *mnt,
2088 unsigned long flags, void *data)
2089{ }
2090
2091static inline void security_sb_post_addmount(struct vfsmount *mnt,
2092 struct path *mountpoint)
2093{ }
2094
2095static inline int security_sb_pivotroot(struct path *old_path,
2096 struct path *new_path)
2097{
2098 return 0;
2099}
2100
2101static inline void security_sb_post_pivotroot(struct path *old_path,
2102 struct path *new_path)
2103{ }
2104
2105static inline int security_sb_set_mnt_opts(struct super_block *sb,
2106 struct security_mnt_opts *opts)
2107{
2108 return 0;
2109}
2110
2111static inline void security_sb_clone_mnt_opts(const struct super_block *oldsb,
2112 struct super_block *newsb)
2113{ }
2114
2115static inline int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
2116{
2117 return 0;
2118}
2119
2120static inline int security_inode_alloc(struct inode *inode)
2121{
2122 return 0;
2123}
2124
2125static inline void security_inode_free(struct inode *inode)
2126{ }
2127
2128static inline int security_inode_init_security(struct inode *inode,
2129 struct inode *dir,
2130 char **name,
2131 void **value,
2132 size_t *len)
2133{
2134 return -EOPNOTSUPP;
2135}
2136
2137static inline int security_inode_create(struct inode *dir,
2138 struct dentry *dentry,
2139 int mode)
2140{
2141 return 0;
2142}
2143
2144static inline int security_inode_link(struct dentry *old_dentry,
2145 struct inode *dir,
2146 struct dentry *new_dentry)
2147{
2148 return 0;
2149}
2150
2151static inline int security_inode_unlink(struct inode *dir,
2152 struct dentry *dentry)
2153{
2154 return 0;
2155}
2156
2157static inline int security_inode_symlink(struct inode *dir,
2158 struct dentry *dentry,
2159 const char *old_name)
2160{
2161 return 0;
2162}
2163
2164static inline int security_inode_mkdir(struct inode *dir,
2165 struct dentry *dentry,
2166 int mode)
2167{
2168 return 0;
2169}
2170
2171static inline int security_inode_rmdir(struct inode *dir,
2172 struct dentry *dentry)
2173{
2174 return 0;
2175}
2176
2177static inline int security_inode_mknod(struct inode *dir,
2178 struct dentry *dentry,
2179 int mode, dev_t dev)
2180{
2181 return 0;
2182}
2183
2184static inline int security_inode_rename(struct inode *old_dir,
2185 struct dentry *old_dentry,
2186 struct inode *new_dir,
2187 struct dentry *new_dentry)
2188{
2189 return 0;
2190}
2191
2192static inline int security_inode_readlink(struct dentry *dentry)
2193{
2194 return 0;
2195}
2196
2197static inline int security_inode_follow_link(struct dentry *dentry,
2198 struct nameidata *nd)
2199{
2200 return 0;
2201}
2202
2203static inline int security_inode_permission(struct inode *inode, int mask)
2204{
2205 return 0;
2206}
2207
2208static inline int security_inode_setattr(struct dentry *dentry,
2209 struct iattr *attr)
2210{
2211 return 0;
2212}
2213
2214static inline int security_inode_getattr(struct vfsmount *mnt,
2215 struct dentry *dentry)
2216{
2217 return 0;
2218}
2219
2220static inline void security_inode_delete(struct inode *inode)
2221{ }
2222
2223static inline int security_inode_setxattr(struct dentry *dentry,
2224 const char *name, const void *value, size_t size, int flags)
2225{
2226 return cap_inode_setxattr(dentry, name, value, size, flags);
2227}
2228
2229static inline void security_inode_post_setxattr(struct dentry *dentry,
2230 const char *name, const void *value, size_t size, int flags)
2231{ }
2232
2233static inline int security_inode_getxattr(struct dentry *dentry,
2234 const char *name)
2235{
2236 return 0;
2237}
2238
2239static inline int security_inode_listxattr(struct dentry *dentry)
2240{
2241 return 0;
2242}
2243
2244static inline int security_inode_removexattr(struct dentry *dentry,
2245 const char *name)
2246{
2247 return cap_inode_removexattr(dentry, name);
2248}
2249
2250static inline int security_inode_need_killpriv(struct dentry *dentry)
2251{
2252 return cap_inode_need_killpriv(dentry);
2253}
2254
2255static inline int security_inode_killpriv(struct dentry *dentry)
2256{
2257 return cap_inode_killpriv(dentry);
2258}
2259
2260static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
2261{
2262 return -EOPNOTSUPP;
2263}
2264
2265static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
2266{
2267 return -EOPNOTSUPP;
2268}
2269
2270static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2271{
2272 return 0;
2273}
2274
2275static inline void security_inode_getsecid(const struct inode *inode, u32 *secid)
2276{
2277 *secid = 0;
2278}
2279
2280static inline int security_file_permission(struct file *file, int mask)
2281{
2282 return 0;
2283}
2284
2285static inline int security_file_alloc(struct file *file)
2286{
2287 return 0;
2288}
2289
2290static inline void security_file_free(struct file *file)
2291{ }
2292
2293static inline int security_file_ioctl(struct file *file, unsigned int cmd,
2294 unsigned long arg)
2295{
2296 return 0;
2297}
2298
2299static inline int security_file_mmap(struct file *file, unsigned long reqprot,
2300 unsigned long prot,
2301 unsigned long flags,
2302 unsigned long addr,
2303 unsigned long addr_only)
2304{
2305 return cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
2306}
2307
2308static inline int security_file_mprotect(struct vm_area_struct *vma,
2309 unsigned long reqprot,
2310 unsigned long prot)
2311{
2312 return 0;
2313}
2314
2315static inline int security_file_lock(struct file *file, unsigned int cmd)
2316{
2317 return 0;
2318}
2319
2320static inline int security_file_fcntl(struct file *file, unsigned int cmd,
2321 unsigned long arg)
2322{
2323 return 0;
2324}
2325
2326static inline int security_file_set_fowner(struct file *file)
2327{
2328 return 0;
2329}
2330
2331static inline int security_file_send_sigiotask(struct task_struct *tsk,
2332 struct fown_struct *fown,
2333 int sig)
2334{
2335 return 0;
2336}
2337
2338static inline int security_file_receive(struct file *file)
2339{
2340 return 0;
2341}
2342
2343static inline int security_dentry_open(struct file *file,
2344 const struct cred *cred)
2345{
2346 return 0;
2347}
2348
2349static inline int security_task_create(unsigned long clone_flags)
2350{
2351 return 0;
2352}
2353
2354static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
2355{
2356 return 0;
2357}
2358
2359static inline void security_cred_free(struct cred *cred)
2360{ }
2361
2362static inline int security_prepare_creds(struct cred *new,
2363 const struct cred *old,
2364 gfp_t gfp)
2365{
2366 return 0;
2367}
2368
2369static inline void security_commit_creds(struct cred *new,
2370 const struct cred *old)
2371{
2372}
2373
2374static inline void security_transfer_creds(struct cred *new,
2375 const struct cred *old)
2376{
2377}
2378
2379static inline int security_kernel_act_as(struct cred *cred, u32 secid)
2380{
2381 return 0;
2382}
2383
2384static inline int security_kernel_create_files_as(struct cred *cred,
2385 struct inode *inode)
2386{
2387 return 0;
2388}
2389
2390static inline int security_kernel_module_request(void)
2391{
2392 return 0;
2393}
2394
2395static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2,
2396 int flags)
2397{
2398 return 0;
2399}
2400
2401static inline int security_task_fix_setuid(struct cred *new,
2402 const struct cred *old,
2403 int flags)
2404{
2405 return cap_task_fix_setuid(new, old, flags);
2406}
2407
2408static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2,
2409 int flags)
2410{
2411 return 0;
2412}
2413
2414static inline int security_task_setpgid(struct task_struct *p, pid_t pgid)
2415{
2416 return 0;
2417}
2418
2419static inline int security_task_getpgid(struct task_struct *p)
2420{
2421 return 0;
2422}
2423
2424static inline int security_task_getsid(struct task_struct *p)
2425{
2426 return 0;
2427}
2428
2429static inline void security_task_getsecid(struct task_struct *p, u32 *secid)
2430{
2431 *secid = 0;
2432}
2433
2434static inline int security_task_setgroups(struct group_info *group_info)
2435{
2436 return 0;
2437}
2438
2439static inline int security_task_setnice(struct task_struct *p, int nice)
2440{
2441 return cap_task_setnice(p, nice);
2442}
2443
2444static inline int security_task_setioprio(struct task_struct *p, int ioprio)
2445{
2446 return cap_task_setioprio(p, ioprio);
2447}
2448
2449static inline int security_task_getioprio(struct task_struct *p)
2450{
2451 return 0;
2452}
2453
2454static inline int security_task_setrlimit(unsigned int resource,
2455 struct rlimit *new_rlim)
2456{
2457 return 0;
2458}
2459
2460static inline int security_task_setscheduler(struct task_struct *p,
2461 int policy,
2462 struct sched_param *lp)
2463{
2464 return cap_task_setscheduler(p, policy, lp);
2465}
2466
2467static inline int security_task_getscheduler(struct task_struct *p)
2468{
2469 return 0;
2470}
2471
2472static inline int security_task_movememory(struct task_struct *p)
2473{
2474 return 0;
2475}
2476
2477static inline int security_task_kill(struct task_struct *p,
2478 struct siginfo *info, int sig,
2479 u32 secid)
2480{
2481 return 0;
2482}
2483
2484static inline int security_task_wait(struct task_struct *p)
2485{
2486 return 0;
2487}
2488
2489static inline int security_task_prctl(int option, unsigned long arg2,
2490 unsigned long arg3,
2491 unsigned long arg4,
2492 unsigned long arg5)
2493{
2494 return cap_task_prctl(option, arg2, arg3, arg3, arg5);
2495}
2496
2497static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
2498{ }
2499
2500static inline int security_ipc_permission(struct kern_ipc_perm *ipcp,
2501 short flag)
2502{
2503 return 0;
2504}
2505
2506static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
2507{
2508 *secid = 0;
2509}
2510
2511static inline int security_msg_msg_alloc(struct msg_msg *msg)
2512{
2513 return 0;
2514}
2515
2516static inline void security_msg_msg_free(struct msg_msg *msg)
2517{ }
2518
2519static inline int security_msg_queue_alloc(struct msg_queue *msq)
2520{
2521 return 0;
2522}
2523
2524static inline void security_msg_queue_free(struct msg_queue *msq)
2525{ }
2526
2527static inline int security_msg_queue_associate(struct msg_queue *msq,
2528 int msqflg)
2529{
2530 return 0;
2531}
2532
2533static inline int security_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2534{
2535 return 0;
2536}
2537
2538static inline int security_msg_queue_msgsnd(struct msg_queue *msq,
2539 struct msg_msg *msg, int msqflg)
2540{
2541 return 0;
2542}
2543
2544static inline int security_msg_queue_msgrcv(struct msg_queue *msq,
2545 struct msg_msg *msg,
2546 struct task_struct *target,
2547 long type, int mode)
2548{
2549 return 0;
2550}
2551
2552static inline int security_shm_alloc(struct shmid_kernel *shp)
2553{
2554 return 0;
2555}
2556
2557static inline void security_shm_free(struct shmid_kernel *shp)
2558{ }
2559
2560static inline int security_shm_associate(struct shmid_kernel *shp,
2561 int shmflg)
2562{
2563 return 0;
2564}
2565
2566static inline int security_shm_shmctl(struct shmid_kernel *shp, int cmd)
2567{
2568 return 0;
2569}
2570
2571static inline int security_shm_shmat(struct shmid_kernel *shp,
2572 char __user *shmaddr, int shmflg)
2573{
2574 return 0;
2575}
2576
2577static inline int security_sem_alloc(struct sem_array *sma)
2578{
2579 return 0;
2580}
2581
2582static inline void security_sem_free(struct sem_array *sma)
2583{ }
2584
2585static inline int security_sem_associate(struct sem_array *sma, int semflg)
2586{
2587 return 0;
2588}
2589
2590static inline int security_sem_semctl(struct sem_array *sma, int cmd)
2591{
2592 return 0;
2593}
2594
2595static inline int security_sem_semop(struct sem_array *sma,
2596 struct sembuf *sops, unsigned nsops,
2597 int alter)
2598{
2599 return 0;
2600}
2601
2602static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode)
2603{ }
2604
2605static inline int security_getprocattr(struct task_struct *p, char *name, char **value)
2606{
2607 return -EINVAL;
2608}
2609
2610static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
2611{
2612 return -EINVAL;
2613}
2614
2615static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb)
2616{
2617 return cap_netlink_send(sk, skb);
2618}
2619
2620static inline int security_netlink_recv(struct sk_buff *skb, int cap)
2621{
2622 return cap_netlink_recv(skb, cap);
2623}
2624
2625static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
2626{
2627 return -EOPNOTSUPP;
2628}
2629
2630static inline int security_secctx_to_secid(const char *secdata,
2631 u32 seclen,
2632 u32 *secid)
2633{
2634 return -EOPNOTSUPP;
2635}
2636
2637static inline void security_release_secctx(char *secdata, u32 seclen)
2638{
2639}
2640
2641static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
2642{
2643 return -EOPNOTSUPP;
2644}
2645static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
2646{
2647 return -EOPNOTSUPP;
2648}
2649static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
2650{
2651 return -EOPNOTSUPP;
2652}
2653#endif
2654
2655#ifdef CONFIG_SECURITY_NETWORK
2656
2657int security_unix_stream_connect(struct socket *sock, struct socket *other,
2658 struct sock *newsk);
2659int security_unix_may_send(struct socket *sock, struct socket *other);
2660int security_socket_create(int family, int type, int protocol, int kern);
2661int security_socket_post_create(struct socket *sock, int family,
2662 int type, int protocol, int kern);
2663int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen);
2664int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen);
2665int security_socket_listen(struct socket *sock, int backlog);
2666int security_socket_accept(struct socket *sock, struct socket *newsock);
2667int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size);
2668int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
2669 int size, int flags);
2670int security_socket_getsockname(struct socket *sock);
2671int security_socket_getpeername(struct socket *sock);
2672int security_socket_getsockopt(struct socket *sock, int level, int optname);
2673int security_socket_setsockopt(struct socket *sock, int level, int optname);
2674int security_socket_shutdown(struct socket *sock, int how);
2675int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
2676int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
2677 int __user *optlen, unsigned len);
2678int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid);
2679int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
2680void security_sk_free(struct sock *sk);
2681void security_sk_clone(const struct sock *sk, struct sock *newsk);
2682void security_sk_classify_flow(struct sock *sk, struct flowi *fl);
2683void security_req_classify_flow(const struct request_sock *req, struct flowi *fl);
2684void security_sock_graft(struct sock*sk, struct socket *parent);
2685int security_inet_conn_request(struct sock *sk,
2686 struct sk_buff *skb, struct request_sock *req);
2687void security_inet_csk_clone(struct sock *newsk,
2688 const struct request_sock *req);
2689void security_inet_conn_established(struct sock *sk,
2690 struct sk_buff *skb);
2691int security_tun_dev_create(void);
2692void security_tun_dev_post_create(struct sock *sk);
2693int security_tun_dev_attach(struct sock *sk);
2694
2695#else
2696static inline int security_unix_stream_connect(struct socket *sock,
2697 struct socket *other,
2698 struct sock *newsk)
2699{
2700 return 0;
2701}
2702
2703static inline int security_unix_may_send(struct socket *sock,
2704 struct socket *other)
2705{
2706 return 0;
2707}
2708
2709static inline int security_socket_create(int family, int type,
2710 int protocol, int kern)
2711{
2712 return 0;
2713}
2714
2715static inline int security_socket_post_create(struct socket *sock,
2716 int family,
2717 int type,
2718 int protocol, int kern)
2719{
2720 return 0;
2721}
2722
2723static inline int security_socket_bind(struct socket *sock,
2724 struct sockaddr *address,
2725 int addrlen)
2726{
2727 return 0;
2728}
2729
2730static inline int security_socket_connect(struct socket *sock,
2731 struct sockaddr *address,
2732 int addrlen)
2733{
2734 return 0;
2735}
2736
2737static inline int security_socket_listen(struct socket *sock, int backlog)
2738{
2739 return 0;
2740}
2741
2742static inline int security_socket_accept(struct socket *sock,
2743 struct socket *newsock)
2744{
2745 return 0;
2746}
2747
2748static inline int security_socket_sendmsg(struct socket *sock,
2749 struct msghdr *msg, int size)
2750{
2751 return 0;
2752}
2753
2754static inline int security_socket_recvmsg(struct socket *sock,
2755 struct msghdr *msg, int size,
2756 int flags)
2757{
2758 return 0;
2759}
2760
2761static inline int security_socket_getsockname(struct socket *sock)
2762{
2763 return 0;
2764}
2765
2766static inline int security_socket_getpeername(struct socket *sock)
2767{
2768 return 0;
2769}
2770
2771static inline int security_socket_getsockopt(struct socket *sock,
2772 int level, int optname)
2773{
2774 return 0;
2775}
2776
2777static inline int security_socket_setsockopt(struct socket *sock,
2778 int level, int optname)
2779{
2780 return 0;
2781}
2782
2783static inline int security_socket_shutdown(struct socket *sock, int how)
2784{
2785 return 0;
2786}
2787static inline int security_sock_rcv_skb(struct sock *sk,
2788 struct sk_buff *skb)
2789{
2790 return 0;
2791}
2792
2793static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
2794 int __user *optlen, unsigned len)
2795{
2796 return -ENOPROTOOPT;
2797}
2798
2799static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
2800{
2801 return -ENOPROTOOPT;
2802}
2803
2804static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
2805{
2806 return 0;
2807}
2808
2809static inline void security_sk_free(struct sock *sk)
2810{
2811}
2812
2813static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
2814{
2815}
2816
2817static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
2818{
2819}
2820
2821static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
2822{
2823}
2824
2825static inline void security_sock_graft(struct sock *sk, struct socket *parent)
2826{
2827}
2828
2829static inline int security_inet_conn_request(struct sock *sk,
2830 struct sk_buff *skb, struct request_sock *req)
2831{
2832 return 0;
2833}
2834
2835static inline void security_inet_csk_clone(struct sock *newsk,
2836 const struct request_sock *req)
2837{
2838}
2839
2840static inline void security_inet_conn_established(struct sock *sk,
2841 struct sk_buff *skb)
2842{
2843}
2844
2845static inline int security_tun_dev_create(void)
2846{
2847 return 0;
2848}
2849
2850static inline void security_tun_dev_post_create(struct sock *sk)
2851{
2852}
2853
2854static inline int security_tun_dev_attach(struct sock *sk)
2855{
2856 return 0;
2857}
2858#endif
2859
2860#ifdef CONFIG_SECURITY_NETWORK_XFRM
2861
2862int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx);
2863int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp);
2864void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
2865int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
2866int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx);
2867int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
2868 struct xfrm_sec_ctx *polsec, u32 secid);
2869int security_xfrm_state_delete(struct xfrm_state *x);
2870void security_xfrm_state_free(struct xfrm_state *x);
2871int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
2872int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
2873 struct xfrm_policy *xp, struct flowi *fl);
2874int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid);
2875void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl);
2876
2877#else
2878
2879static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx)
2880{
2881 return 0;
2882}
2883
2884static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp)
2885{
2886 return 0;
2887}
2888
2889static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
2890{
2891}
2892
2893static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
2894{
2895 return 0;
2896}
2897
2898static inline int security_xfrm_state_alloc(struct xfrm_state *x,
2899 struct xfrm_user_sec_ctx *sec_ctx)
2900{
2901 return 0;
2902}
2903
2904static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
2905 struct xfrm_sec_ctx *polsec, u32 secid)
2906{
2907 return 0;
2908}
2909
2910static inline void security_xfrm_state_free(struct xfrm_state *x)
2911{
2912}
2913
2914static inline int security_xfrm_state_delete(struct xfrm_state *x)
2915{
2916 return 0;
2917}
2918
2919static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
2920{
2921 return 0;
2922}
2923
2924static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
2925 struct xfrm_policy *xp, struct flowi *fl)
2926{
2927 return 1;
2928}
2929
2930static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
2931{
2932 return 0;
2933}
2934
2935static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
2936{
2937}
2938
2939#endif
2940
2941#ifdef CONFIG_SECURITY_PATH
2942int security_path_unlink(struct path *dir, struct dentry *dentry);
2943int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode);
2944int security_path_rmdir(struct path *dir, struct dentry *dentry);
2945int security_path_mknod(struct path *dir, struct dentry *dentry, int mode,
2946 unsigned int dev);
2947int security_path_truncate(struct path *path, loff_t length,
2948 unsigned int time_attrs);
2949int security_path_symlink(struct path *dir, struct dentry *dentry,
2950 const char *old_name);
2951int security_path_link(struct dentry *old_dentry, struct path *new_dir,
2952 struct dentry *new_dentry);
2953int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
2954 struct path *new_dir, struct dentry *new_dentry);
2955#else
2956static inline int security_path_unlink(struct path *dir, struct dentry *dentry)
2957{
2958 return 0;
2959}
2960
2961static inline int security_path_mkdir(struct path *dir, struct dentry *dentry,
2962 int mode)
2963{
2964 return 0;
2965}
2966
2967static inline int security_path_rmdir(struct path *dir, struct dentry *dentry)
2968{
2969 return 0;
2970}
2971
2972static inline int security_path_mknod(struct path *dir, struct dentry *dentry,
2973 int mode, unsigned int dev)
2974{
2975 return 0;
2976}
2977
2978static inline int security_path_truncate(struct path *path, loff_t length,
2979 unsigned int time_attrs)
2980{
2981 return 0;
2982}
2983
2984static inline int security_path_symlink(struct path *dir, struct dentry *dentry,
2985 const char *old_name)
2986{
2987 return 0;
2988}
2989
2990static inline int security_path_link(struct dentry *old_dentry,
2991 struct path *new_dir,
2992 struct dentry *new_dentry)
2993{
2994 return 0;
2995}
2996
2997static inline int security_path_rename(struct path *old_dir,
2998 struct dentry *old_dentry,
2999 struct path *new_dir,
3000 struct dentry *new_dentry)
3001{
3002 return 0;
3003}
3004#endif
3005
3006#ifdef CONFIG_KEYS
3007#ifdef CONFIG_SECURITY
3008
3009int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags);
3010void security_key_free(struct key *key);
3011int security_key_permission(key_ref_t key_ref,
3012 const struct cred *cred, key_perm_t perm);
3013int security_key_getsecurity(struct key *key, char **_buffer);
3014int security_key_session_to_parent(const struct cred *cred,
3015 const struct cred *parent_cred,
3016 struct key *key);
3017
3018#else
3019
3020static inline int security_key_alloc(struct key *key,
3021 const struct cred *cred,
3022 unsigned long flags)
3023{
3024 return 0;
3025}
3026
3027static inline void security_key_free(struct key *key)
3028{
3029}
3030
3031static inline int security_key_permission(key_ref_t key_ref,
3032 const struct cred *cred,
3033 key_perm_t perm)
3034{
3035 return 0;
3036}
3037
3038static inline int security_key_getsecurity(struct key *key, char **_buffer)
3039{
3040 *_buffer = NULL;
3041 return 0;
3042}
3043
3044static inline int security_key_session_to_parent(const struct cred *cred,
3045 const struct cred *parent_cred,
3046 struct key *key)
3047{
3048 return 0;
3049}
3050
3051#endif
3052#endif
3053
3054#ifdef CONFIG_AUDIT
3055#ifdef CONFIG_SECURITY
3056int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
3057int security_audit_rule_known(struct audit_krule *krule);
3058int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
3059 struct audit_context *actx);
3060void security_audit_rule_free(void *lsmrule);
3061
3062#else
3063
3064static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr,
3065 void **lsmrule)
3066{
3067 return 0;
3068}
3069
3070static inline int security_audit_rule_known(struct audit_krule *krule)
3071{
3072 return 0;
3073}
3074
3075static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
3076 void *lsmrule, struct audit_context *actx)
3077{
3078 return 0;
3079}
3080
3081static inline void security_audit_rule_free(void *lsmrule)
3082{ }
3083
3084#endif
3085#endif
3086
3087#ifdef CONFIG_SECURITYFS
3088
3089extern struct dentry *securityfs_create_file(const char *name, mode_t mode,
3090 struct dentry *parent, void *data,
3091 const struct file_operations *fops);
3092extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
3093extern void securityfs_remove(struct dentry *dentry);
3094
3095#else
3096
3097static inline struct dentry *securityfs_create_dir(const char *name,
3098 struct dentry *parent)
3099{
3100 return ERR_PTR(-ENODEV);
3101}
3102
3103static inline struct dentry *securityfs_create_file(const char *name,
3104 mode_t mode,
3105 struct dentry *parent,
3106 void *data,
3107 const struct file_operations *fops)
3108{
3109 return ERR_PTR(-ENODEV);
3110}
3111
3112static inline void securityfs_remove(struct dentry *dentry)
3113{}
3114
3115#endif
3116
3117#ifdef CONFIG_SECURITY
3118
3119static inline char *alloc_secdata(void)
3120{
3121 return (char *)get_zeroed_page(GFP_KERNEL);
3122}
3123
3124static inline void free_secdata(void *secdata)
3125{
3126 free_page((unsigned long)secdata);
3127}
3128
3129#else
3130
3131static inline char *alloc_secdata(void)
3132{
3133 return (char *)1;
3134}
3135
3136static inline void free_secdata(void *secdata)
3137{ }
3138#endif
3139
3140#endif
3141
3142