1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22#ifndef __LINUX_SECURITY_H
23#define __LINUX_SECURITY_H
24
25#include <linux/fs.h>
26#include <linux/fsnotify.h>
27#include <linux/binfmts.h>
28#include <linux/signal.h>
29#include <linux/resource.h>
30#include <linux/sem.h>
31#include <linux/shm.h>
32#include <linux/mm.h>
33#include <linux/msg.h>
34#include <linux/sched.h>
35#include <linux/key.h>
36#include <linux/xfrm.h>
37#include <linux/slab.h>
38#include <net/flow.h>
39
40
41#define SECURITY_NAME_MAX 10
42
43
44#define SECURITY_CAP_NOAUDIT 0
45#define SECURITY_CAP_AUDIT 1
46
47struct ctl_table;
48struct audit_krule;
49
50
51
52
53
54extern int cap_capable(struct task_struct *tsk, const struct cred *cred,
55 int cap, int audit);
56extern int cap_settime(struct timespec *ts, struct timezone *tz);
57extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
58extern int cap_ptrace_traceme(struct task_struct *parent);
59extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
60extern int cap_capset(struct cred *new, const struct cred *old,
61 const kernel_cap_t *effective,
62 const kernel_cap_t *inheritable,
63 const kernel_cap_t *permitted);
64extern int cap_bprm_set_creds(struct linux_binprm *bprm);
65extern int cap_bprm_secureexec(struct linux_binprm *bprm);
66extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
67 const void *value, size_t size, int flags);
68extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
69extern int cap_inode_need_killpriv(struct dentry *dentry);
70extern int cap_inode_killpriv(struct dentry *dentry);
71extern int cap_file_mmap(struct file *file, unsigned long reqprot,
72 unsigned long prot, unsigned long flags,
73 unsigned long addr, unsigned long addr_only);
74extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
75extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
76 unsigned long arg4, unsigned long arg5);
77extern int cap_task_setscheduler(struct task_struct *p);
78extern int cap_task_setioprio(struct task_struct *p, int ioprio);
79extern int cap_task_setnice(struct task_struct *p, int nice);
80extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
81
82struct msghdr;
83struct sk_buff;
84struct sock;
85struct sockaddr;
86struct socket;
87struct flowi;
88struct dst_entry;
89struct xfrm_selector;
90struct xfrm_policy;
91struct xfrm_state;
92struct xfrm_user_sec_ctx;
93struct seq_file;
94
95extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
96extern int cap_netlink_recv(struct sk_buff *skb, int cap);
97
98void reset_security_ops(void);
99
100#ifdef CONFIG_MMU
101extern unsigned long mmap_min_addr;
102extern unsigned long dac_mmap_min_addr;
103#else
104#define dac_mmap_min_addr 0UL
105#endif
106
107
108
109
110
111#define LSM_SETID_ID 1
112
113
114#define LSM_SETID_RE 2
115
116
117#define LSM_SETID_RES 4
118
119
120#define LSM_SETID_FS 8
121
122
123struct sched_param;
124struct request_sock;
125
126
127#define LSM_UNSAFE_SHARE 1
128#define LSM_UNSAFE_PTRACE 2
129#define LSM_UNSAFE_PTRACE_CAP 4
130
131#ifdef CONFIG_MMU
132
133
134
135
136static inline unsigned long round_hint_to_min(unsigned long hint)
137{
138 hint &= PAGE_MASK;
139 if (((void *)hint != NULL) &&
140 (hint < mmap_min_addr))
141 return PAGE_ALIGN(mmap_min_addr);
142 return hint;
143}
144extern int mmap_min_addr_handler(struct ctl_table *table, int write,
145 void __user *buffer, size_t *lenp, loff_t *ppos);
146#endif
147
148#ifdef CONFIG_SECURITY
149
150struct security_mnt_opts {
151 char **mnt_opts;
152 int *mnt_opts_flags;
153 int num_mnt_opts;
154};
155
156static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
157{
158 opts->mnt_opts = NULL;
159 opts->mnt_opts_flags = NULL;
160 opts->num_mnt_opts = 0;
161}
162
163static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
164{
165 int i;
166 if (opts->mnt_opts)
167 for (i = 0; i < opts->num_mnt_opts; i++)
168 kfree(opts->mnt_opts[i]);
169 kfree(opts->mnt_opts);
170 opts->mnt_opts = NULL;
171 kfree(opts->mnt_opts_flags);
172 opts->mnt_opts_flags = NULL;
173 opts->num_mnt_opts = 0;
174}
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371struct security_operations {
1372 char name[SECURITY_NAME_MAX + 1];
1373
1374 int (*ptrace_access_check) (struct task_struct *child, unsigned int mode);
1375 int (*ptrace_traceme) (struct task_struct *parent);
1376 int (*capget) (struct task_struct *target,
1377 kernel_cap_t *effective,
1378 kernel_cap_t *inheritable, kernel_cap_t *permitted);
1379 int (*capset) (struct cred *new,
1380 const struct cred *old,
1381 const kernel_cap_t *effective,
1382 const kernel_cap_t *inheritable,
1383 const kernel_cap_t *permitted);
1384 int (*capable) (struct task_struct *tsk, const struct cred *cred,
1385 int cap, int audit);
1386 int (*sysctl) (struct ctl_table *table, int op);
1387 int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
1388 int (*quota_on) (struct dentry *dentry);
1389 int (*syslog) (int type);
1390 int (*settime) (struct timespec *ts, struct timezone *tz);
1391 int (*vm_enough_memory) (struct mm_struct *mm, long pages);
1392
1393 int (*bprm_set_creds) (struct linux_binprm *bprm);
1394 int (*bprm_check_security) (struct linux_binprm *bprm);
1395 int (*bprm_secureexec) (struct linux_binprm *bprm);
1396 void (*bprm_committing_creds) (struct linux_binprm *bprm);
1397 void (*bprm_committed_creds) (struct linux_binprm *bprm);
1398
1399 int (*sb_alloc_security) (struct super_block *sb);
1400 void (*sb_free_security) (struct super_block *sb);
1401 int (*sb_copy_data) (char *orig, char *copy);
1402 int (*sb_kern_mount) (struct super_block *sb, int flags, void *data);
1403 int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
1404 int (*sb_statfs) (struct dentry *dentry);
1405 int (*sb_mount) (char *dev_name, struct path *path,
1406 char *type, unsigned long flags, void *data);
1407 int (*sb_umount) (struct vfsmount *mnt, int flags);
1408 int (*sb_pivotroot) (struct path *old_path,
1409 struct path *new_path);
1410 int (*sb_set_mnt_opts) (struct super_block *sb,
1411 struct security_mnt_opts *opts);
1412 void (*sb_clone_mnt_opts) (const struct super_block *oldsb,
1413 struct super_block *newsb);
1414 int (*sb_parse_opts_str) (char *options, struct security_mnt_opts *opts);
1415
1416#ifdef CONFIG_SECURITY_PATH
1417 int (*path_unlink) (struct path *dir, struct dentry *dentry);
1418 int (*path_mkdir) (struct path *dir, struct dentry *dentry, int mode);
1419 int (*path_rmdir) (struct path *dir, struct dentry *dentry);
1420 int (*path_mknod) (struct path *dir, struct dentry *dentry, int mode,
1421 unsigned int dev);
1422 int (*path_truncate) (struct path *path);
1423 int (*path_symlink) (struct path *dir, struct dentry *dentry,
1424 const char *old_name);
1425 int (*path_link) (struct dentry *old_dentry, struct path *new_dir,
1426 struct dentry *new_dentry);
1427 int (*path_rename) (struct path *old_dir, struct dentry *old_dentry,
1428 struct path *new_dir, struct dentry *new_dentry);
1429 int (*path_chmod) (struct dentry *dentry, struct vfsmount *mnt,
1430 mode_t mode);
1431 int (*path_chown) (struct path *path, uid_t uid, gid_t gid);
1432 int (*path_chroot) (struct path *path);
1433#endif
1434
1435 int (*inode_alloc_security) (struct inode *inode);
1436 void (*inode_free_security) (struct inode *inode);
1437 int (*inode_init_security) (struct inode *inode, struct inode *dir,
1438 char **name, void **value, size_t *len);
1439 int (*inode_create) (struct inode *dir,
1440 struct dentry *dentry, int mode);
1441 int (*inode_link) (struct dentry *old_dentry,
1442 struct inode *dir, struct dentry *new_dentry);
1443 int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
1444 int (*inode_symlink) (struct inode *dir,
1445 struct dentry *dentry, const char *old_name);
1446 int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, int mode);
1447 int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
1448 int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
1449 int mode, dev_t dev);
1450 int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
1451 struct inode *new_dir, struct dentry *new_dentry);
1452 int (*inode_readlink) (struct dentry *dentry);
1453 int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
1454 int (*inode_permission) (struct inode *inode, int mask);
1455 int (*inode_setattr) (struct dentry *dentry, struct iattr *attr);
1456 int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry);
1457 int (*inode_setxattr) (struct dentry *dentry, const char *name,
1458 const void *value, size_t size, int flags);
1459 void (*inode_post_setxattr) (struct dentry *dentry, const char *name,
1460 const void *value, size_t size, int flags);
1461 int (*inode_getxattr) (struct dentry *dentry, const char *name);
1462 int (*inode_listxattr) (struct dentry *dentry);
1463 int (*inode_removexattr) (struct dentry *dentry, const char *name);
1464 int (*inode_need_killpriv) (struct dentry *dentry);
1465 int (*inode_killpriv) (struct dentry *dentry);
1466 int (*inode_getsecurity) (const struct inode *inode, const char *name, void **buffer, bool alloc);
1467 int (*inode_setsecurity) (struct inode *inode, const char *name, const void *value, size_t size, int flags);
1468 int (*inode_listsecurity) (struct inode *inode, char *buffer, size_t buffer_size);
1469 void (*inode_getsecid) (const struct inode *inode, u32 *secid);
1470
1471 int (*file_permission) (struct file *file, int mask);
1472 int (*file_alloc_security) (struct file *file);
1473 void (*file_free_security) (struct file *file);
1474 int (*file_ioctl) (struct file *file, unsigned int cmd,
1475 unsigned long arg);
1476 int (*file_mmap) (struct file *file,
1477 unsigned long reqprot, unsigned long prot,
1478 unsigned long flags, unsigned long addr,
1479 unsigned long addr_only);
1480 int (*file_mprotect) (struct vm_area_struct *vma,
1481 unsigned long reqprot,
1482 unsigned long prot);
1483 int (*file_lock) (struct file *file, unsigned int cmd);
1484 int (*file_fcntl) (struct file *file, unsigned int cmd,
1485 unsigned long arg);
1486 int (*file_set_fowner) (struct file *file);
1487 int (*file_send_sigiotask) (struct task_struct *tsk,
1488 struct fown_struct *fown, int sig);
1489 int (*file_receive) (struct file *file);
1490 int (*dentry_open) (struct file *file, const struct cred *cred);
1491
1492 int (*task_create) (unsigned long clone_flags);
1493 int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp);
1494 void (*cred_free) (struct cred *cred);
1495 int (*cred_prepare)(struct cred *new, const struct cred *old,
1496 gfp_t gfp);
1497 void (*cred_transfer)(struct cred *new, const struct cred *old);
1498 int (*kernel_act_as)(struct cred *new, u32 secid);
1499 int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
1500 int (*kernel_module_request)(char *kmod_name);
1501 int (*task_fix_setuid) (struct cred *new, const struct cred *old,
1502 int flags);
1503 int (*task_setpgid) (struct task_struct *p, pid_t pgid);
1504 int (*task_getpgid) (struct task_struct *p);
1505 int (*task_getsid) (struct task_struct *p);
1506 void (*task_getsecid) (struct task_struct *p, u32 *secid);
1507 int (*task_setnice) (struct task_struct *p, int nice);
1508 int (*task_setioprio) (struct task_struct *p, int ioprio);
1509 int (*task_getioprio) (struct task_struct *p);
1510 int (*task_setrlimit) (struct task_struct *p, unsigned int resource,
1511 struct rlimit *new_rlim);
1512 int (*task_setscheduler) (struct task_struct *p);
1513 int (*task_getscheduler) (struct task_struct *p);
1514 int (*task_movememory) (struct task_struct *p);
1515 int (*task_kill) (struct task_struct *p,
1516 struct siginfo *info, int sig, u32 secid);
1517 int (*task_wait) (struct task_struct *p);
1518 int (*task_prctl) (int option, unsigned long arg2,
1519 unsigned long arg3, unsigned long arg4,
1520 unsigned long arg5);
1521 void (*task_to_inode) (struct task_struct *p, struct inode *inode);
1522
1523 int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag);
1524 void (*ipc_getsecid) (struct kern_ipc_perm *ipcp, u32 *secid);
1525
1526 int (*msg_msg_alloc_security) (struct msg_msg *msg);
1527 void (*msg_msg_free_security) (struct msg_msg *msg);
1528
1529 int (*msg_queue_alloc_security) (struct msg_queue *msq);
1530 void (*msg_queue_free_security) (struct msg_queue *msq);
1531 int (*msg_queue_associate) (struct msg_queue *msq, int msqflg);
1532 int (*msg_queue_msgctl) (struct msg_queue *msq, int cmd);
1533 int (*msg_queue_msgsnd) (struct msg_queue *msq,
1534 struct msg_msg *msg, int msqflg);
1535 int (*msg_queue_msgrcv) (struct msg_queue *msq,
1536 struct msg_msg *msg,
1537 struct task_struct *target,
1538 long type, int mode);
1539
1540 int (*shm_alloc_security) (struct shmid_kernel *shp);
1541 void (*shm_free_security) (struct shmid_kernel *shp);
1542 int (*shm_associate) (struct shmid_kernel *shp, int shmflg);
1543 int (*shm_shmctl) (struct shmid_kernel *shp, int cmd);
1544 int (*shm_shmat) (struct shmid_kernel *shp,
1545 char __user *shmaddr, int shmflg);
1546
1547 int (*sem_alloc_security) (struct sem_array *sma);
1548 void (*sem_free_security) (struct sem_array *sma);
1549 int (*sem_associate) (struct sem_array *sma, int semflg);
1550 int (*sem_semctl) (struct sem_array *sma, int cmd);
1551 int (*sem_semop) (struct sem_array *sma,
1552 struct sembuf *sops, unsigned nsops, int alter);
1553
1554 int (*netlink_send) (struct sock *sk, struct sk_buff *skb);
1555 int (*netlink_recv) (struct sk_buff *skb, int cap);
1556
1557 void (*d_instantiate) (struct dentry *dentry, struct inode *inode);
1558
1559 int (*getprocattr) (struct task_struct *p, char *name, char **value);
1560 int (*setprocattr) (struct task_struct *p, char *name, void *value, size_t size);
1561 int (*secid_to_secctx) (u32 secid, char **secdata, u32 *seclen);
1562 int (*secctx_to_secid) (const char *secdata, u32 seclen, u32 *secid);
1563 void (*release_secctx) (char *secdata, u32 seclen);
1564
1565 int (*inode_notifysecctx)(struct inode *inode, void *ctx, u32 ctxlen);
1566 int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen);
1567 int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen);
1568
1569#ifdef CONFIG_SECURITY_NETWORK
1570 int (*unix_stream_connect) (struct sock *sock, struct sock *other, struct sock *newsk);
1571 int (*unix_may_send) (struct socket *sock, struct socket *other);
1572
1573 int (*socket_create) (int family, int type, int protocol, int kern);
1574 int (*socket_post_create) (struct socket *sock, int family,
1575 int type, int protocol, int kern);
1576 int (*socket_bind) (struct socket *sock,
1577 struct sockaddr *address, int addrlen);
1578 int (*socket_connect) (struct socket *sock,
1579 struct sockaddr *address, int addrlen);
1580 int (*socket_listen) (struct socket *sock, int backlog);
1581 int (*socket_accept) (struct socket *sock, struct socket *newsock);
1582 int (*socket_sendmsg) (struct socket *sock,
1583 struct msghdr *msg, int size);
1584 int (*socket_recvmsg) (struct socket *sock,
1585 struct msghdr *msg, int size, int flags);
1586 int (*socket_getsockname) (struct socket *sock);
1587 int (*socket_getpeername) (struct socket *sock);
1588 int (*socket_getsockopt) (struct socket *sock, int level, int optname);
1589 int (*socket_setsockopt) (struct socket *sock, int level, int optname);
1590 int (*socket_shutdown) (struct socket *sock, int how);
1591 int (*socket_sock_rcv_skb) (struct sock *sk, struct sk_buff *skb);
1592 int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
1593 int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
1594 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
1595 void (*sk_free_security) (struct sock *sk);
1596 void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
1597 void (*sk_getsecid) (struct sock *sk, u32 *secid);
1598 void (*sock_graft) (struct sock *sk, struct socket *parent);
1599 int (*inet_conn_request) (struct sock *sk, struct sk_buff *skb,
1600 struct request_sock *req);
1601 void (*inet_csk_clone) (struct sock *newsk, const struct request_sock *req);
1602 void (*inet_conn_established) (struct sock *sk, struct sk_buff *skb);
1603 int (*secmark_relabel_packet) (u32 secid);
1604 void (*secmark_refcount_inc) (void);
1605 void (*secmark_refcount_dec) (void);
1606 void (*req_classify_flow) (const struct request_sock *req, struct flowi *fl);
1607 int (*tun_dev_create)(void);
1608 void (*tun_dev_post_create)(struct sock *sk);
1609 int (*tun_dev_attach)(struct sock *sk);
1610#endif
1611
1612#ifdef CONFIG_SECURITY_NETWORK_XFRM
1613 int (*xfrm_policy_alloc_security) (struct xfrm_sec_ctx **ctxp,
1614 struct xfrm_user_sec_ctx *sec_ctx);
1615 int (*xfrm_policy_clone_security) (struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctx);
1616 void (*xfrm_policy_free_security) (struct xfrm_sec_ctx *ctx);
1617 int (*xfrm_policy_delete_security) (struct xfrm_sec_ctx *ctx);
1618 int (*xfrm_state_alloc_security) (struct xfrm_state *x,
1619 struct xfrm_user_sec_ctx *sec_ctx,
1620 u32 secid);
1621 void (*xfrm_state_free_security) (struct xfrm_state *x);
1622 int (*xfrm_state_delete_security) (struct xfrm_state *x);
1623 int (*xfrm_policy_lookup) (struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
1624 int (*xfrm_state_pol_flow_match) (struct xfrm_state *x,
1625 struct xfrm_policy *xp,
1626 struct flowi *fl);
1627 int (*xfrm_decode_session) (struct sk_buff *skb, u32 *secid, int ckall);
1628#endif
1629
1630
1631#ifdef CONFIG_KEYS
1632 int (*key_alloc) (struct key *key, const struct cred *cred, unsigned long flags);
1633 void (*key_free) (struct key *key);
1634 int (*key_permission) (key_ref_t key_ref,
1635 const struct cred *cred,
1636 key_perm_t perm);
1637 int (*key_getsecurity)(struct key *key, char **_buffer);
1638#endif
1639
1640#ifdef CONFIG_AUDIT
1641 int (*audit_rule_init) (u32 field, u32 op, char *rulestr, void **lsmrule);
1642 int (*audit_rule_known) (struct audit_krule *krule);
1643 int (*audit_rule_match) (u32 secid, u32 field, u32 op, void *lsmrule,
1644 struct audit_context *actx);
1645 void (*audit_rule_free) (void *lsmrule);
1646#endif
1647};
1648
1649
1650extern int security_init(void);
1651extern int security_module_enable(struct security_operations *ops);
1652extern int register_security(struct security_operations *ops);
1653
1654
1655int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
1656int security_ptrace_traceme(struct task_struct *parent);
1657int security_capget(struct task_struct *target,
1658 kernel_cap_t *effective,
1659 kernel_cap_t *inheritable,
1660 kernel_cap_t *permitted);
1661int security_capset(struct cred *new, const struct cred *old,
1662 const kernel_cap_t *effective,
1663 const kernel_cap_t *inheritable,
1664 const kernel_cap_t *permitted);
1665int security_capable(const struct cred *cred, int cap);
1666int security_real_capable(struct task_struct *tsk, int cap);
1667int security_real_capable_noaudit(struct task_struct *tsk, int cap);
1668int security_sysctl(struct ctl_table *table, int op);
1669int security_quotactl(int cmds, int type, int id, struct super_block *sb);
1670int security_quota_on(struct dentry *dentry);
1671int security_syslog(int type);
1672int security_settime(struct timespec *ts, struct timezone *tz);
1673int security_vm_enough_memory(long pages);
1674int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
1675int security_vm_enough_memory_kern(long pages);
1676int security_bprm_set_creds(struct linux_binprm *bprm);
1677int security_bprm_check(struct linux_binprm *bprm);
1678void security_bprm_committing_creds(struct linux_binprm *bprm);
1679void security_bprm_committed_creds(struct linux_binprm *bprm);
1680int security_bprm_secureexec(struct linux_binprm *bprm);
1681int security_sb_alloc(struct super_block *sb);
1682void security_sb_free(struct super_block *sb);
1683int security_sb_copy_data(char *orig, char *copy);
1684int security_sb_kern_mount(struct super_block *sb, int flags, void *data);
1685int security_sb_show_options(struct seq_file *m, struct super_block *sb);
1686int security_sb_statfs(struct dentry *dentry);
1687int security_sb_mount(char *dev_name, struct path *path,
1688 char *type, unsigned long flags, void *data);
1689int security_sb_umount(struct vfsmount *mnt, int flags);
1690int security_sb_pivotroot(struct path *old_path, struct path *new_path);
1691int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts);
1692void security_sb_clone_mnt_opts(const struct super_block *oldsb,
1693 struct super_block *newsb);
1694int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts);
1695
1696int security_inode_alloc(struct inode *inode);
1697void security_inode_free(struct inode *inode);
1698int security_inode_init_security(struct inode *inode, struct inode *dir,
1699 char **name, void **value, size_t *len);
1700int security_inode_create(struct inode *dir, struct dentry *dentry, int mode);
1701int security_inode_link(struct dentry *old_dentry, struct inode *dir,
1702 struct dentry *new_dentry);
1703int security_inode_unlink(struct inode *dir, struct dentry *dentry);
1704int security_inode_symlink(struct inode *dir, struct dentry *dentry,
1705 const char *old_name);
1706int security_inode_mkdir(struct inode *dir, struct dentry *dentry, int mode);
1707int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
1708int security_inode_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev);
1709int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
1710 struct inode *new_dir, struct dentry *new_dentry);
1711int security_inode_readlink(struct dentry *dentry);
1712int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd);
1713int security_inode_permission(struct inode *inode, int mask);
1714int security_inode_exec_permission(struct inode *inode, unsigned int flags);
1715int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
1716int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry);
1717int security_inode_setxattr(struct dentry *dentry, const char *name,
1718 const void *value, size_t size, int flags);
1719void security_inode_post_setxattr(struct dentry *dentry, const char *name,
1720 const void *value, size_t size, int flags);
1721int security_inode_getxattr(struct dentry *dentry, const char *name);
1722int security_inode_listxattr(struct dentry *dentry);
1723int security_inode_removexattr(struct dentry *dentry, const char *name);
1724int security_inode_need_killpriv(struct dentry *dentry);
1725int security_inode_killpriv(struct dentry *dentry);
1726int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc);
1727int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
1728int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
1729void security_inode_getsecid(const struct inode *inode, u32 *secid);
1730int security_file_permission(struct file *file, int mask);
1731int security_file_alloc(struct file *file);
1732void security_file_free(struct file *file);
1733int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
1734int security_file_mmap(struct file *file, unsigned long reqprot,
1735 unsigned long prot, unsigned long flags,
1736 unsigned long addr, unsigned long addr_only);
1737int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
1738 unsigned long prot);
1739int security_file_lock(struct file *file, unsigned int cmd);
1740int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
1741int security_file_set_fowner(struct file *file);
1742int security_file_send_sigiotask(struct task_struct *tsk,
1743 struct fown_struct *fown, int sig);
1744int security_file_receive(struct file *file);
1745int security_dentry_open(struct file *file, const struct cred *cred);
1746int security_task_create(unsigned long clone_flags);
1747int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
1748void security_cred_free(struct cred *cred);
1749int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
1750void security_transfer_creds(struct cred *new, const struct cred *old);
1751int security_kernel_act_as(struct cred *new, u32 secid);
1752int security_kernel_create_files_as(struct cred *new, struct inode *inode);
1753int security_kernel_module_request(char *kmod_name);
1754int security_task_fix_setuid(struct cred *new, const struct cred *old,
1755 int flags);
1756int security_task_setpgid(struct task_struct *p, pid_t pgid);
1757int security_task_getpgid(struct task_struct *p);
1758int security_task_getsid(struct task_struct *p);
1759void security_task_getsecid(struct task_struct *p, u32 *secid);
1760int security_task_setnice(struct task_struct *p, int nice);
1761int security_task_setioprio(struct task_struct *p, int ioprio);
1762int security_task_getioprio(struct task_struct *p);
1763int security_task_setrlimit(struct task_struct *p, unsigned int resource,
1764 struct rlimit *new_rlim);
1765int security_task_setscheduler(struct task_struct *p);
1766int security_task_getscheduler(struct task_struct *p);
1767int security_task_movememory(struct task_struct *p);
1768int security_task_kill(struct task_struct *p, struct siginfo *info,
1769 int sig, u32 secid);
1770int security_task_wait(struct task_struct *p);
1771int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
1772 unsigned long arg4, unsigned long arg5);
1773void security_task_to_inode(struct task_struct *p, struct inode *inode);
1774int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
1775void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
1776int security_msg_msg_alloc(struct msg_msg *msg);
1777void security_msg_msg_free(struct msg_msg *msg);
1778int security_msg_queue_alloc(struct msg_queue *msq);
1779void security_msg_queue_free(struct msg_queue *msq);
1780int security_msg_queue_associate(struct msg_queue *msq, int msqflg);
1781int security_msg_queue_msgctl(struct msg_queue *msq, int cmd);
1782int security_msg_queue_msgsnd(struct msg_queue *msq,
1783 struct msg_msg *msg, int msqflg);
1784int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
1785 struct task_struct *target, long type, int mode);
1786int security_shm_alloc(struct shmid_kernel *shp);
1787void security_shm_free(struct shmid_kernel *shp);
1788int security_shm_associate(struct shmid_kernel *shp, int shmflg);
1789int security_shm_shmctl(struct shmid_kernel *shp, int cmd);
1790int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg);
1791int security_sem_alloc(struct sem_array *sma);
1792void security_sem_free(struct sem_array *sma);
1793int security_sem_associate(struct sem_array *sma, int semflg);
1794int security_sem_semctl(struct sem_array *sma, int cmd);
1795int security_sem_semop(struct sem_array *sma, struct sembuf *sops,
1796 unsigned nsops, int alter);
1797void security_d_instantiate(struct dentry *dentry, struct inode *inode);
1798int security_getprocattr(struct task_struct *p, char *name, char **value);
1799int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size);
1800int security_netlink_send(struct sock *sk, struct sk_buff *skb);
1801int security_netlink_recv(struct sk_buff *skb, int cap);
1802int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
1803int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
1804void security_release_secctx(char *secdata, u32 seclen);
1805
1806int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
1807int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
1808int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
1809#else
1810struct security_mnt_opts {
1811};
1812
1813static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
1814{
1815}
1816
1817static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1818{
1819}
1820
1821
1822
1823
1824
1825
1826static inline int security_init(void)
1827{
1828 return 0;
1829}
1830
1831static inline int security_ptrace_access_check(struct task_struct *child,
1832 unsigned int mode)
1833{
1834 return cap_ptrace_access_check(child, mode);
1835}
1836
1837static inline int security_ptrace_traceme(struct task_struct *parent)
1838{
1839 return cap_ptrace_traceme(parent);
1840}
1841
1842static inline int security_capget(struct task_struct *target,
1843 kernel_cap_t *effective,
1844 kernel_cap_t *inheritable,
1845 kernel_cap_t *permitted)
1846{
1847 return cap_capget(target, effective, inheritable, permitted);
1848}
1849
1850static inline int security_capset(struct cred *new,
1851 const struct cred *old,
1852 const kernel_cap_t *effective,
1853 const kernel_cap_t *inheritable,
1854 const kernel_cap_t *permitted)
1855{
1856 return cap_capset(new, old, effective, inheritable, permitted);
1857}
1858
1859static inline int security_capable(const struct cred *cred, int cap)
1860{
1861 return cap_capable(current, cred, cap, SECURITY_CAP_AUDIT);
1862}
1863
1864static inline int security_real_capable(struct task_struct *tsk, int cap)
1865{
1866 int ret;
1867
1868 rcu_read_lock();
1869 ret = cap_capable(tsk, __task_cred(tsk), cap, SECURITY_CAP_AUDIT);
1870 rcu_read_unlock();
1871 return ret;
1872}
1873
1874static inline
1875int security_real_capable_noaudit(struct task_struct *tsk, int cap)
1876{
1877 int ret;
1878
1879 rcu_read_lock();
1880 ret = cap_capable(tsk, __task_cred(tsk), cap,
1881 SECURITY_CAP_NOAUDIT);
1882 rcu_read_unlock();
1883 return ret;
1884}
1885
1886static inline int security_sysctl(struct ctl_table *table, int op)
1887{
1888 return 0;
1889}
1890
1891static inline int security_quotactl(int cmds, int type, int id,
1892 struct super_block *sb)
1893{
1894 return 0;
1895}
1896
1897static inline int security_quota_on(struct dentry *dentry)
1898{
1899 return 0;
1900}
1901
1902static inline int security_syslog(int type)
1903{
1904 return 0;
1905}
1906
1907static inline int security_settime(struct timespec *ts, struct timezone *tz)
1908{
1909 return cap_settime(ts, tz);
1910}
1911
1912static inline int security_vm_enough_memory(long pages)
1913{
1914 WARN_ON(current->mm == NULL);
1915 return cap_vm_enough_memory(current->mm, pages);
1916}
1917
1918static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
1919{
1920 WARN_ON(mm == NULL);
1921 return cap_vm_enough_memory(mm, pages);
1922}
1923
1924static inline int security_vm_enough_memory_kern(long pages)
1925{
1926
1927
1928 return cap_vm_enough_memory(current->mm, pages);
1929}
1930
1931static inline int security_bprm_set_creds(struct linux_binprm *bprm)
1932{
1933 return cap_bprm_set_creds(bprm);
1934}
1935
1936static inline int security_bprm_check(struct linux_binprm *bprm)
1937{
1938 return 0;
1939}
1940
1941static inline void security_bprm_committing_creds(struct linux_binprm *bprm)
1942{
1943}
1944
1945static inline void security_bprm_committed_creds(struct linux_binprm *bprm)
1946{
1947}
1948
1949static inline int security_bprm_secureexec(struct linux_binprm *bprm)
1950{
1951 return cap_bprm_secureexec(bprm);
1952}
1953
1954static inline int security_sb_alloc(struct super_block *sb)
1955{
1956 return 0;
1957}
1958
1959static inline void security_sb_free(struct super_block *sb)
1960{ }
1961
1962static inline int security_sb_copy_data(char *orig, char *copy)
1963{
1964 return 0;
1965}
1966
1967static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
1968{
1969 return 0;
1970}
1971
1972static inline int security_sb_show_options(struct seq_file *m,
1973 struct super_block *sb)
1974{
1975 return 0;
1976}
1977
1978static inline int security_sb_statfs(struct dentry *dentry)
1979{
1980 return 0;
1981}
1982
1983static inline int security_sb_mount(char *dev_name, struct path *path,
1984 char *type, unsigned long flags,
1985 void *data)
1986{
1987 return 0;
1988}
1989
1990static inline int security_sb_umount(struct vfsmount *mnt, int flags)
1991{
1992 return 0;
1993}
1994
1995static inline int security_sb_pivotroot(struct path *old_path,
1996 struct path *new_path)
1997{
1998 return 0;
1999}
2000
2001static inline int security_sb_set_mnt_opts(struct super_block *sb,
2002 struct security_mnt_opts *opts)
2003{
2004 return 0;
2005}
2006
2007static inline void security_sb_clone_mnt_opts(const struct super_block *oldsb,
2008 struct super_block *newsb)
2009{ }
2010
2011static inline int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
2012{
2013 return 0;
2014}
2015
2016static inline int security_inode_alloc(struct inode *inode)
2017{
2018 return 0;
2019}
2020
2021static inline void security_inode_free(struct inode *inode)
2022{ }
2023
2024static inline int security_inode_init_security(struct inode *inode,
2025 struct inode *dir,
2026 char **name,
2027 void **value,
2028 size_t *len)
2029{
2030 return -EOPNOTSUPP;
2031}
2032
2033static inline int security_inode_create(struct inode *dir,
2034 struct dentry *dentry,
2035 int mode)
2036{
2037 return 0;
2038}
2039
2040static inline int security_inode_link(struct dentry *old_dentry,
2041 struct inode *dir,
2042 struct dentry *new_dentry)
2043{
2044 return 0;
2045}
2046
2047static inline int security_inode_unlink(struct inode *dir,
2048 struct dentry *dentry)
2049{
2050 return 0;
2051}
2052
2053static inline int security_inode_symlink(struct inode *dir,
2054 struct dentry *dentry,
2055 const char *old_name)
2056{
2057 return 0;
2058}
2059
2060static inline int security_inode_mkdir(struct inode *dir,
2061 struct dentry *dentry,
2062 int mode)
2063{
2064 return 0;
2065}
2066
2067static inline int security_inode_rmdir(struct inode *dir,
2068 struct dentry *dentry)
2069{
2070 return 0;
2071}
2072
2073static inline int security_inode_mknod(struct inode *dir,
2074 struct dentry *dentry,
2075 int mode, dev_t dev)
2076{
2077 return 0;
2078}
2079
2080static inline int security_inode_rename(struct inode *old_dir,
2081 struct dentry *old_dentry,
2082 struct inode *new_dir,
2083 struct dentry *new_dentry)
2084{
2085 return 0;
2086}
2087
2088static inline int security_inode_readlink(struct dentry *dentry)
2089{
2090 return 0;
2091}
2092
2093static inline int security_inode_follow_link(struct dentry *dentry,
2094 struct nameidata *nd)
2095{
2096 return 0;
2097}
2098
2099static inline int security_inode_permission(struct inode *inode, int mask)
2100{
2101 return 0;
2102}
2103
2104static inline int security_inode_exec_permission(struct inode *inode,
2105 unsigned int flags)
2106{
2107 return 0;
2108}
2109
2110static inline int security_inode_setattr(struct dentry *dentry,
2111 struct iattr *attr)
2112{
2113 return 0;
2114}
2115
2116static inline int security_inode_getattr(struct vfsmount *mnt,
2117 struct dentry *dentry)
2118{
2119 return 0;
2120}
2121
2122static inline int security_inode_setxattr(struct dentry *dentry,
2123 const char *name, const void *value, size_t size, int flags)
2124{
2125 return cap_inode_setxattr(dentry, name, value, size, flags);
2126}
2127
2128static inline void security_inode_post_setxattr(struct dentry *dentry,
2129 const char *name, const void *value, size_t size, int flags)
2130{ }
2131
2132static inline int security_inode_getxattr(struct dentry *dentry,
2133 const char *name)
2134{
2135 return 0;
2136}
2137
2138static inline int security_inode_listxattr(struct dentry *dentry)
2139{
2140 return 0;
2141}
2142
2143static inline int security_inode_removexattr(struct dentry *dentry,
2144 const char *name)
2145{
2146 return cap_inode_removexattr(dentry, name);
2147}
2148
2149static inline int security_inode_need_killpriv(struct dentry *dentry)
2150{
2151 return cap_inode_need_killpriv(dentry);
2152}
2153
2154static inline int security_inode_killpriv(struct dentry *dentry)
2155{
2156 return cap_inode_killpriv(dentry);
2157}
2158
2159static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
2160{
2161 return -EOPNOTSUPP;
2162}
2163
2164static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
2165{
2166 return -EOPNOTSUPP;
2167}
2168
2169static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2170{
2171 return 0;
2172}
2173
2174static inline void security_inode_getsecid(const struct inode *inode, u32 *secid)
2175{
2176 *secid = 0;
2177}
2178
2179static inline int security_file_permission(struct file *file, int mask)
2180{
2181 return 0;
2182}
2183
2184static inline int security_file_alloc(struct file *file)
2185{
2186 return 0;
2187}
2188
2189static inline void security_file_free(struct file *file)
2190{ }
2191
2192static inline int security_file_ioctl(struct file *file, unsigned int cmd,
2193 unsigned long arg)
2194{
2195 return 0;
2196}
2197
2198static inline int security_file_mmap(struct file *file, unsigned long reqprot,
2199 unsigned long prot,
2200 unsigned long flags,
2201 unsigned long addr,
2202 unsigned long addr_only)
2203{
2204 return cap_file_mmap(file, reqprot, prot, flags, addr, addr_only);
2205}
2206
2207static inline int security_file_mprotect(struct vm_area_struct *vma,
2208 unsigned long reqprot,
2209 unsigned long prot)
2210{
2211 return 0;
2212}
2213
2214static inline int security_file_lock(struct file *file, unsigned int cmd)
2215{
2216 return 0;
2217}
2218
2219static inline int security_file_fcntl(struct file *file, unsigned int cmd,
2220 unsigned long arg)
2221{
2222 return 0;
2223}
2224
2225static inline int security_file_set_fowner(struct file *file)
2226{
2227 return 0;
2228}
2229
2230static inline int security_file_send_sigiotask(struct task_struct *tsk,
2231 struct fown_struct *fown,
2232 int sig)
2233{
2234 return 0;
2235}
2236
2237static inline int security_file_receive(struct file *file)
2238{
2239 return 0;
2240}
2241
2242static inline int security_dentry_open(struct file *file,
2243 const struct cred *cred)
2244{
2245 return 0;
2246}
2247
2248static inline int security_task_create(unsigned long clone_flags)
2249{
2250 return 0;
2251}
2252
2253static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
2254{
2255 return 0;
2256}
2257
2258static inline void security_cred_free(struct cred *cred)
2259{ }
2260
2261static inline int security_prepare_creds(struct cred *new,
2262 const struct cred *old,
2263 gfp_t gfp)
2264{
2265 return 0;
2266}
2267
2268static inline void security_transfer_creds(struct cred *new,
2269 const struct cred *old)
2270{
2271}
2272
2273static inline int security_kernel_act_as(struct cred *cred, u32 secid)
2274{
2275 return 0;
2276}
2277
2278static inline int security_kernel_create_files_as(struct cred *cred,
2279 struct inode *inode)
2280{
2281 return 0;
2282}
2283
2284static inline int security_kernel_module_request(char *kmod_name)
2285{
2286 return 0;
2287}
2288
2289static inline int security_task_fix_setuid(struct cred *new,
2290 const struct cred *old,
2291 int flags)
2292{
2293 return cap_task_fix_setuid(new, old, flags);
2294}
2295
2296static inline int security_task_setpgid(struct task_struct *p, pid_t pgid)
2297{
2298 return 0;
2299}
2300
2301static inline int security_task_getpgid(struct task_struct *p)
2302{
2303 return 0;
2304}
2305
2306static inline int security_task_getsid(struct task_struct *p)
2307{
2308 return 0;
2309}
2310
2311static inline void security_task_getsecid(struct task_struct *p, u32 *secid)
2312{
2313 *secid = 0;
2314}
2315
2316static inline int security_task_setnice(struct task_struct *p, int nice)
2317{
2318 return cap_task_setnice(p, nice);
2319}
2320
2321static inline int security_task_setioprio(struct task_struct *p, int ioprio)
2322{
2323 return cap_task_setioprio(p, ioprio);
2324}
2325
2326static inline int security_task_getioprio(struct task_struct *p)
2327{
2328 return 0;
2329}
2330
2331static inline int security_task_setrlimit(struct task_struct *p,
2332 unsigned int resource,
2333 struct rlimit *new_rlim)
2334{
2335 return 0;
2336}
2337
2338static inline int security_task_setscheduler(struct task_struct *p)
2339{
2340 return cap_task_setscheduler(p);
2341}
2342
2343static inline int security_task_getscheduler(struct task_struct *p)
2344{
2345 return 0;
2346}
2347
2348static inline int security_task_movememory(struct task_struct *p)
2349{
2350 return 0;
2351}
2352
2353static inline int security_task_kill(struct task_struct *p,
2354 struct siginfo *info, int sig,
2355 u32 secid)
2356{
2357 return 0;
2358}
2359
2360static inline int security_task_wait(struct task_struct *p)
2361{
2362 return 0;
2363}
2364
2365static inline int security_task_prctl(int option, unsigned long arg2,
2366 unsigned long arg3,
2367 unsigned long arg4,
2368 unsigned long arg5)
2369{
2370 return cap_task_prctl(option, arg2, arg3, arg3, arg5);
2371}
2372
2373static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
2374{ }
2375
2376static inline int security_ipc_permission(struct kern_ipc_perm *ipcp,
2377 short flag)
2378{
2379 return 0;
2380}
2381
2382static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
2383{
2384 *secid = 0;
2385}
2386
2387static inline int security_msg_msg_alloc(struct msg_msg *msg)
2388{
2389 return 0;
2390}
2391
2392static inline void security_msg_msg_free(struct msg_msg *msg)
2393{ }
2394
2395static inline int security_msg_queue_alloc(struct msg_queue *msq)
2396{
2397 return 0;
2398}
2399
2400static inline void security_msg_queue_free(struct msg_queue *msq)
2401{ }
2402
2403static inline int security_msg_queue_associate(struct msg_queue *msq,
2404 int msqflg)
2405{
2406 return 0;
2407}
2408
2409static inline int security_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2410{
2411 return 0;
2412}
2413
2414static inline int security_msg_queue_msgsnd(struct msg_queue *msq,
2415 struct msg_msg *msg, int msqflg)
2416{
2417 return 0;
2418}
2419
2420static inline int security_msg_queue_msgrcv(struct msg_queue *msq,
2421 struct msg_msg *msg,
2422 struct task_struct *target,
2423 long type, int mode)
2424{
2425 return 0;
2426}
2427
2428static inline int security_shm_alloc(struct shmid_kernel *shp)
2429{
2430 return 0;
2431}
2432
2433static inline void security_shm_free(struct shmid_kernel *shp)
2434{ }
2435
2436static inline int security_shm_associate(struct shmid_kernel *shp,
2437 int shmflg)
2438{
2439 return 0;
2440}
2441
2442static inline int security_shm_shmctl(struct shmid_kernel *shp, int cmd)
2443{
2444 return 0;
2445}
2446
2447static inline int security_shm_shmat(struct shmid_kernel *shp,
2448 char __user *shmaddr, int shmflg)
2449{
2450 return 0;
2451}
2452
2453static inline int security_sem_alloc(struct sem_array *sma)
2454{
2455 return 0;
2456}
2457
2458static inline void security_sem_free(struct sem_array *sma)
2459{ }
2460
2461static inline int security_sem_associate(struct sem_array *sma, int semflg)
2462{
2463 return 0;
2464}
2465
2466static inline int security_sem_semctl(struct sem_array *sma, int cmd)
2467{
2468 return 0;
2469}
2470
2471static inline int security_sem_semop(struct sem_array *sma,
2472 struct sembuf *sops, unsigned nsops,
2473 int alter)
2474{
2475 return 0;
2476}
2477
2478static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode)
2479{ }
2480
2481static inline int security_getprocattr(struct task_struct *p, char *name, char **value)
2482{
2483 return -EINVAL;
2484}
2485
2486static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
2487{
2488 return -EINVAL;
2489}
2490
2491static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb)
2492{
2493 return cap_netlink_send(sk, skb);
2494}
2495
2496static inline int security_netlink_recv(struct sk_buff *skb, int cap)
2497{
2498 return cap_netlink_recv(skb, cap);
2499}
2500
2501static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
2502{
2503 return -EOPNOTSUPP;
2504}
2505
2506static inline int security_secctx_to_secid(const char *secdata,
2507 u32 seclen,
2508 u32 *secid)
2509{
2510 return -EOPNOTSUPP;
2511}
2512
2513static inline void security_release_secctx(char *secdata, u32 seclen)
2514{
2515}
2516
2517static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
2518{
2519 return -EOPNOTSUPP;
2520}
2521static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
2522{
2523 return -EOPNOTSUPP;
2524}
2525static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
2526{
2527 return -EOPNOTSUPP;
2528}
2529#endif
2530
2531#ifdef CONFIG_SECURITY_NETWORK
2532
2533int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk);
2534int security_unix_may_send(struct socket *sock, struct socket *other);
2535int security_socket_create(int family, int type, int protocol, int kern);
2536int security_socket_post_create(struct socket *sock, int family,
2537 int type, int protocol, int kern);
2538int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen);
2539int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen);
2540int security_socket_listen(struct socket *sock, int backlog);
2541int security_socket_accept(struct socket *sock, struct socket *newsock);
2542int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size);
2543int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
2544 int size, int flags);
2545int security_socket_getsockname(struct socket *sock);
2546int security_socket_getpeername(struct socket *sock);
2547int security_socket_getsockopt(struct socket *sock, int level, int optname);
2548int security_socket_setsockopt(struct socket *sock, int level, int optname);
2549int security_socket_shutdown(struct socket *sock, int how);
2550int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
2551int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
2552 int __user *optlen, unsigned len);
2553int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid);
2554int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
2555void security_sk_free(struct sock *sk);
2556void security_sk_clone(const struct sock *sk, struct sock *newsk);
2557void security_sk_classify_flow(struct sock *sk, struct flowi *fl);
2558void security_req_classify_flow(const struct request_sock *req, struct flowi *fl);
2559void security_sock_graft(struct sock*sk, struct socket *parent);
2560int security_inet_conn_request(struct sock *sk,
2561 struct sk_buff *skb, struct request_sock *req);
2562void security_inet_csk_clone(struct sock *newsk,
2563 const struct request_sock *req);
2564void security_inet_conn_established(struct sock *sk,
2565 struct sk_buff *skb);
2566int security_secmark_relabel_packet(u32 secid);
2567void security_secmark_refcount_inc(void);
2568void security_secmark_refcount_dec(void);
2569int security_tun_dev_create(void);
2570void security_tun_dev_post_create(struct sock *sk);
2571int security_tun_dev_attach(struct sock *sk);
2572
2573#else
2574static inline int security_unix_stream_connect(struct sock *sock,
2575 struct sock *other,
2576 struct sock *newsk)
2577{
2578 return 0;
2579}
2580
2581static inline int security_unix_may_send(struct socket *sock,
2582 struct socket *other)
2583{
2584 return 0;
2585}
2586
2587static inline int security_socket_create(int family, int type,
2588 int protocol, int kern)
2589{
2590 return 0;
2591}
2592
2593static inline int security_socket_post_create(struct socket *sock,
2594 int family,
2595 int type,
2596 int protocol, int kern)
2597{
2598 return 0;
2599}
2600
2601static inline int security_socket_bind(struct socket *sock,
2602 struct sockaddr *address,
2603 int addrlen)
2604{
2605 return 0;
2606}
2607
2608static inline int security_socket_connect(struct socket *sock,
2609 struct sockaddr *address,
2610 int addrlen)
2611{
2612 return 0;
2613}
2614
2615static inline int security_socket_listen(struct socket *sock, int backlog)
2616{
2617 return 0;
2618}
2619
2620static inline int security_socket_accept(struct socket *sock,
2621 struct socket *newsock)
2622{
2623 return 0;
2624}
2625
2626static inline int security_socket_sendmsg(struct socket *sock,
2627 struct msghdr *msg, int size)
2628{
2629 return 0;
2630}
2631
2632static inline int security_socket_recvmsg(struct socket *sock,
2633 struct msghdr *msg, int size,
2634 int flags)
2635{
2636 return 0;
2637}
2638
2639static inline int security_socket_getsockname(struct socket *sock)
2640{
2641 return 0;
2642}
2643
2644static inline int security_socket_getpeername(struct socket *sock)
2645{
2646 return 0;
2647}
2648
2649static inline int security_socket_getsockopt(struct socket *sock,
2650 int level, int optname)
2651{
2652 return 0;
2653}
2654
2655static inline int security_socket_setsockopt(struct socket *sock,
2656 int level, int optname)
2657{
2658 return 0;
2659}
2660
2661static inline int security_socket_shutdown(struct socket *sock, int how)
2662{
2663 return 0;
2664}
2665static inline int security_sock_rcv_skb(struct sock *sk,
2666 struct sk_buff *skb)
2667{
2668 return 0;
2669}
2670
2671static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
2672 int __user *optlen, unsigned len)
2673{
2674 return -ENOPROTOOPT;
2675}
2676
2677static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
2678{
2679 return -ENOPROTOOPT;
2680}
2681
2682static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
2683{
2684 return 0;
2685}
2686
2687static inline void security_sk_free(struct sock *sk)
2688{
2689}
2690
2691static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
2692{
2693}
2694
2695static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
2696{
2697}
2698
2699static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
2700{
2701}
2702
2703static inline void security_sock_graft(struct sock *sk, struct socket *parent)
2704{
2705}
2706
2707static inline int security_inet_conn_request(struct sock *sk,
2708 struct sk_buff *skb, struct request_sock *req)
2709{
2710 return 0;
2711}
2712
2713static inline void security_inet_csk_clone(struct sock *newsk,
2714 const struct request_sock *req)
2715{
2716}
2717
2718static inline void security_inet_conn_established(struct sock *sk,
2719 struct sk_buff *skb)
2720{
2721}
2722
2723static inline int security_secmark_relabel_packet(u32 secid)
2724{
2725 return 0;
2726}
2727
2728static inline void security_secmark_refcount_inc(void)
2729{
2730}
2731
2732static inline void security_secmark_refcount_dec(void)
2733{
2734}
2735
2736static inline int security_tun_dev_create(void)
2737{
2738 return 0;
2739}
2740
2741static inline void security_tun_dev_post_create(struct sock *sk)
2742{
2743}
2744
2745static inline int security_tun_dev_attach(struct sock *sk)
2746{
2747 return 0;
2748}
2749#endif
2750
2751#ifdef CONFIG_SECURITY_NETWORK_XFRM
2752
2753int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx);
2754int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp);
2755void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
2756int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
2757int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx);
2758int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
2759 struct xfrm_sec_ctx *polsec, u32 secid);
2760int security_xfrm_state_delete(struct xfrm_state *x);
2761void security_xfrm_state_free(struct xfrm_state *x);
2762int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
2763int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
2764 struct xfrm_policy *xp, struct flowi *fl);
2765int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid);
2766void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl);
2767
2768#else
2769
2770static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *sec_ctx)
2771{
2772 return 0;
2773}
2774
2775static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp)
2776{
2777 return 0;
2778}
2779
2780static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
2781{
2782}
2783
2784static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
2785{
2786 return 0;
2787}
2788
2789static inline int security_xfrm_state_alloc(struct xfrm_state *x,
2790 struct xfrm_user_sec_ctx *sec_ctx)
2791{
2792 return 0;
2793}
2794
2795static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
2796 struct xfrm_sec_ctx *polsec, u32 secid)
2797{
2798 return 0;
2799}
2800
2801static inline void security_xfrm_state_free(struct xfrm_state *x)
2802{
2803}
2804
2805static inline int security_xfrm_state_delete(struct xfrm_state *x)
2806{
2807 return 0;
2808}
2809
2810static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
2811{
2812 return 0;
2813}
2814
2815static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
2816 struct xfrm_policy *xp, struct flowi *fl)
2817{
2818 return 1;
2819}
2820
2821static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
2822{
2823 return 0;
2824}
2825
2826static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
2827{
2828}
2829
2830#endif
2831
2832#ifdef CONFIG_SECURITY_PATH
2833int security_path_unlink(struct path *dir, struct dentry *dentry);
2834int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode);
2835int security_path_rmdir(struct path *dir, struct dentry *dentry);
2836int security_path_mknod(struct path *dir, struct dentry *dentry, int mode,
2837 unsigned int dev);
2838int security_path_truncate(struct path *path);
2839int security_path_symlink(struct path *dir, struct dentry *dentry,
2840 const char *old_name);
2841int security_path_link(struct dentry *old_dentry, struct path *new_dir,
2842 struct dentry *new_dentry);
2843int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
2844 struct path *new_dir, struct dentry *new_dentry);
2845int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
2846 mode_t mode);
2847int security_path_chown(struct path *path, uid_t uid, gid_t gid);
2848int security_path_chroot(struct path *path);
2849#else
2850static inline int security_path_unlink(struct path *dir, struct dentry *dentry)
2851{
2852 return 0;
2853}
2854
2855static inline int security_path_mkdir(struct path *dir, struct dentry *dentry,
2856 int mode)
2857{
2858 return 0;
2859}
2860
2861static inline int security_path_rmdir(struct path *dir, struct dentry *dentry)
2862{
2863 return 0;
2864}
2865
2866static inline int security_path_mknod(struct path *dir, struct dentry *dentry,
2867 int mode, unsigned int dev)
2868{
2869 return 0;
2870}
2871
2872static inline int security_path_truncate(struct path *path)
2873{
2874 return 0;
2875}
2876
2877static inline int security_path_symlink(struct path *dir, struct dentry *dentry,
2878 const char *old_name)
2879{
2880 return 0;
2881}
2882
2883static inline int security_path_link(struct dentry *old_dentry,
2884 struct path *new_dir,
2885 struct dentry *new_dentry)
2886{
2887 return 0;
2888}
2889
2890static inline int security_path_rename(struct path *old_dir,
2891 struct dentry *old_dentry,
2892 struct path *new_dir,
2893 struct dentry *new_dentry)
2894{
2895 return 0;
2896}
2897
2898static inline int security_path_chmod(struct dentry *dentry,
2899 struct vfsmount *mnt,
2900 mode_t mode)
2901{
2902 return 0;
2903}
2904
2905static inline int security_path_chown(struct path *path, uid_t uid, gid_t gid)
2906{
2907 return 0;
2908}
2909
2910static inline int security_path_chroot(struct path *path)
2911{
2912 return 0;
2913}
2914#endif
2915
2916#ifdef CONFIG_KEYS
2917#ifdef CONFIG_SECURITY
2918
2919int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags);
2920void security_key_free(struct key *key);
2921int security_key_permission(key_ref_t key_ref,
2922 const struct cred *cred, key_perm_t perm);
2923int security_key_getsecurity(struct key *key, char **_buffer);
2924
2925#else
2926
2927static inline int security_key_alloc(struct key *key,
2928 const struct cred *cred,
2929 unsigned long flags)
2930{
2931 return 0;
2932}
2933
2934static inline void security_key_free(struct key *key)
2935{
2936}
2937
2938static inline int security_key_permission(key_ref_t key_ref,
2939 const struct cred *cred,
2940 key_perm_t perm)
2941{
2942 return 0;
2943}
2944
2945static inline int security_key_getsecurity(struct key *key, char **_buffer)
2946{
2947 *_buffer = NULL;
2948 return 0;
2949}
2950
2951#endif
2952#endif
2953
2954#ifdef CONFIG_AUDIT
2955#ifdef CONFIG_SECURITY
2956int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
2957int security_audit_rule_known(struct audit_krule *krule);
2958int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
2959 struct audit_context *actx);
2960void security_audit_rule_free(void *lsmrule);
2961
2962#else
2963
2964static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr,
2965 void **lsmrule)
2966{
2967 return 0;
2968}
2969
2970static inline int security_audit_rule_known(struct audit_krule *krule)
2971{
2972 return 0;
2973}
2974
2975static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
2976 void *lsmrule, struct audit_context *actx)
2977{
2978 return 0;
2979}
2980
2981static inline void security_audit_rule_free(void *lsmrule)
2982{ }
2983
2984#endif
2985#endif
2986
2987#ifdef CONFIG_SECURITYFS
2988
2989extern struct dentry *securityfs_create_file(const char *name, mode_t mode,
2990 struct dentry *parent, void *data,
2991 const struct file_operations *fops);
2992extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
2993extern void securityfs_remove(struct dentry *dentry);
2994
2995#else
2996
2997static inline struct dentry *securityfs_create_dir(const char *name,
2998 struct dentry *parent)
2999{
3000 return ERR_PTR(-ENODEV);
3001}
3002
3003static inline struct dentry *securityfs_create_file(const char *name,
3004 mode_t mode,
3005 struct dentry *parent,
3006 void *data,
3007 const struct file_operations *fops)
3008{
3009 return ERR_PTR(-ENODEV);
3010}
3011
3012static inline void securityfs_remove(struct dentry *dentry)
3013{}
3014
3015#endif
3016
3017#ifdef CONFIG_SECURITY
3018
3019static inline char *alloc_secdata(void)
3020{
3021 return (char *)get_zeroed_page(GFP_KERNEL);
3022}
3023
3024static inline void free_secdata(void *secdata)
3025{
3026 free_page((unsigned long)secdata);
3027}
3028
3029#else
3030
3031static inline char *alloc_secdata(void)
3032{
3033 return (char *)1;
3034}
3035
3036static inline void free_secdata(void *secdata)
3037{ }
3038#endif
3039
3040#endif
3041
3042