1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22#ifndef __LINUX_SECURITY_H
23#define __LINUX_SECURITY_H
24
25#include <linux/key.h>
26#include <linux/capability.h>
27#include <linux/slab.h>
28#include <linux/err.h>
29#include <linux/string.h>
30
31struct linux_binprm;
32struct cred;
33struct rlimit;
34struct siginfo;
35struct sem_array;
36struct sembuf;
37struct kern_ipc_perm;
38struct audit_context;
39struct super_block;
40struct inode;
41struct dentry;
42struct file;
43struct vfsmount;
44struct path;
45struct qstr;
46struct nameidata;
47struct iattr;
48struct fown_struct;
49struct file_operations;
50struct shmid_kernel;
51struct msg_msg;
52struct msg_queue;
53struct xattr;
54struct xfrm_sec_ctx;
55struct mm_struct;
56
57
58#define SECURITY_NAME_MAX 10
59
60
61#define SECURITY_CAP_NOAUDIT 0
62#define SECURITY_CAP_AUDIT 1
63
64
65#define SECURITY_LSM_NATIVE_LABELS 1
66
67struct ctl_table;
68struct audit_krule;
69struct user_namespace;
70struct timezone;
71
72
73
74
75
76extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
77 int cap, int audit);
78extern int cap_settime(const struct timespec *ts, const struct timezone *tz);
79extern int cap_ptrace_access_check(struct task_struct *child, unsigned int mode);
80extern int cap_ptrace_traceme(struct task_struct *parent);
81extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
82extern int cap_capset(struct cred *new, const struct cred *old,
83 const kernel_cap_t *effective,
84 const kernel_cap_t *inheritable,
85 const kernel_cap_t *permitted);
86extern int cap_bprm_set_creds(struct linux_binprm *bprm);
87extern int cap_bprm_secureexec(struct linux_binprm *bprm);
88extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
89 const void *value, size_t size, int flags);
90extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
91extern int cap_inode_need_killpriv(struct dentry *dentry);
92extern int cap_inode_killpriv(struct dentry *dentry);
93extern int cap_mmap_addr(unsigned long addr);
94extern int cap_mmap_file(struct file *file, unsigned long reqprot,
95 unsigned long prot, unsigned long flags);
96extern int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags);
97extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
98 unsigned long arg4, unsigned long arg5);
99extern int cap_task_setscheduler(struct task_struct *p);
100extern int cap_task_setioprio(struct task_struct *p, int ioprio);
101extern int cap_task_setnice(struct task_struct *p, int nice);
102extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
103
104struct msghdr;
105struct sk_buff;
106struct sock;
107struct sockaddr;
108struct socket;
109struct flowi;
110struct dst_entry;
111struct xfrm_selector;
112struct xfrm_policy;
113struct xfrm_state;
114struct xfrm_user_sec_ctx;
115struct seq_file;
116
117extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
118
119void reset_security_ops(void);
120
121#ifdef CONFIG_MMU
122extern unsigned long mmap_min_addr;
123extern unsigned long dac_mmap_min_addr;
124#else
125#define mmap_min_addr 0UL
126#define dac_mmap_min_addr 0UL
127#endif
128
129
130
131
132
133#define LSM_SETID_ID 1
134
135
136#define LSM_SETID_RE 2
137
138
139#define LSM_SETID_RES 4
140
141
142#define LSM_SETID_FS 8
143
144
145struct sched_param;
146struct request_sock;
147
148
149#define LSM_UNSAFE_SHARE 1
150#define LSM_UNSAFE_PTRACE 2
151#define LSM_UNSAFE_PTRACE_CAP 4
152#define LSM_UNSAFE_NO_NEW_PRIVS 8
153
154#ifdef CONFIG_MMU
155extern int mmap_min_addr_handler(struct ctl_table *table, int write,
156 void __user *buffer, size_t *lenp, loff_t *ppos);
157#endif
158
159
160typedef int (*initxattrs) (struct inode *inode,
161 const struct xattr *xattr_array, void *fs_data);
162
163#ifdef CONFIG_SECURITY
164
165struct security_mnt_opts {
166 char **mnt_opts;
167 int *mnt_opts_flags;
168 int num_mnt_opts;
169};
170
171static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
172{
173 opts->mnt_opts = NULL;
174 opts->mnt_opts_flags = NULL;
175 opts->num_mnt_opts = 0;
176}
177
178static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
179{
180 int i;
181 if (opts->mnt_opts)
182 for (i = 0; i < opts->num_mnt_opts; i++)
183 kfree(opts->mnt_opts[i]);
184 kfree(opts->mnt_opts);
185 opts->mnt_opts = NULL;
186 kfree(opts->mnt_opts_flags);
187 opts->mnt_opts_flags = NULL;
188 opts->num_mnt_opts = 0;
189}
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441struct security_operations {
1442 char name[SECURITY_NAME_MAX + 1];
1443
1444 int (*ptrace_access_check) (struct task_struct *child, unsigned int mode);
1445 int (*ptrace_traceme) (struct task_struct *parent);
1446 int (*capget) (struct task_struct *target,
1447 kernel_cap_t *effective,
1448 kernel_cap_t *inheritable, kernel_cap_t *permitted);
1449 int (*capset) (struct cred *new,
1450 const struct cred *old,
1451 const kernel_cap_t *effective,
1452 const kernel_cap_t *inheritable,
1453 const kernel_cap_t *permitted);
1454 int (*capable) (const struct cred *cred, struct user_namespace *ns,
1455 int cap, int audit);
1456 int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
1457 int (*quota_on) (struct dentry *dentry);
1458 int (*syslog) (int type);
1459 int (*settime) (const struct timespec *ts, const struct timezone *tz);
1460 int (*vm_enough_memory) (struct mm_struct *mm, long pages);
1461
1462 int (*bprm_set_creds) (struct linux_binprm *bprm);
1463 int (*bprm_check_security) (struct linux_binprm *bprm);
1464 int (*bprm_secureexec) (struct linux_binprm *bprm);
1465 void (*bprm_committing_creds) (struct linux_binprm *bprm);
1466 void (*bprm_committed_creds) (struct linux_binprm *bprm);
1467
1468 int (*sb_alloc_security) (struct super_block *sb);
1469 void (*sb_free_security) (struct super_block *sb);
1470 int (*sb_copy_data) (char *orig, char *copy);
1471 int (*sb_remount) (struct super_block *sb, void *data);
1472 int (*sb_kern_mount) (struct super_block *sb, int flags, void *data);
1473 int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
1474 int (*sb_statfs) (struct dentry *dentry);
1475 int (*sb_mount) (const char *dev_name, struct path *path,
1476 const char *type, unsigned long flags, void *data);
1477 int (*sb_umount) (struct vfsmount *mnt, int flags);
1478 int (*sb_pivotroot) (struct path *old_path,
1479 struct path *new_path);
1480 int (*sb_set_mnt_opts) (struct super_block *sb,
1481 struct security_mnt_opts *opts,
1482 unsigned long kern_flags,
1483 unsigned long *set_kern_flags);
1484 int (*sb_clone_mnt_opts) (const struct super_block *oldsb,
1485 struct super_block *newsb);
1486 int (*sb_parse_opts_str) (char *options, struct security_mnt_opts *opts);
1487 int (*dentry_init_security) (struct dentry *dentry, int mode,
1488 struct qstr *name, void **ctx,
1489 u32 *ctxlen);
1490
1491
1492#ifdef CONFIG_SECURITY_PATH
1493 int (*path_unlink) (struct path *dir, struct dentry *dentry);
1494 int (*path_mkdir) (struct path *dir, struct dentry *dentry, umode_t mode);
1495 int (*path_rmdir) (struct path *dir, struct dentry *dentry);
1496 int (*path_mknod) (struct path *dir, struct dentry *dentry, umode_t mode,
1497 unsigned int dev);
1498 int (*path_truncate) (struct path *path);
1499 int (*path_symlink) (struct path *dir, struct dentry *dentry,
1500 const char *old_name);
1501 int (*path_link) (struct dentry *old_dentry, struct path *new_dir,
1502 struct dentry *new_dentry);
1503 int (*path_rename) (struct path *old_dir, struct dentry *old_dentry,
1504 struct path *new_dir, struct dentry *new_dentry);
1505 int (*path_chmod) (struct path *path, umode_t mode);
1506 int (*path_chown) (struct path *path, kuid_t uid, kgid_t gid);
1507 int (*path_chroot) (struct path *path);
1508#endif
1509
1510 int (*inode_alloc_security) (struct inode *inode);
1511 void (*inode_free_security) (struct inode *inode);
1512 int (*inode_init_security) (struct inode *inode, struct inode *dir,
1513 const struct qstr *qstr, const char **name,
1514 void **value, size_t *len);
1515 int (*inode_create) (struct inode *dir,
1516 struct dentry *dentry, umode_t mode);
1517 int (*inode_link) (struct dentry *old_dentry,
1518 struct inode *dir, struct dentry *new_dentry);
1519 int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
1520 int (*inode_symlink) (struct inode *dir,
1521 struct dentry *dentry, const char *old_name);
1522 int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, umode_t mode);
1523 int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
1524 int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
1525 umode_t mode, dev_t dev);
1526 int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
1527 struct inode *new_dir, struct dentry *new_dentry);
1528 int (*inode_readlink) (struct dentry *dentry);
1529 int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
1530 int (*inode_permission) (struct inode *inode, int mask);
1531 int (*inode_setattr) (struct dentry *dentry, struct iattr *attr);
1532 int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry);
1533 int (*inode_setxattr) (struct dentry *dentry, const char *name,
1534 const void *value, size_t size, int flags);
1535 void (*inode_post_setxattr) (struct dentry *dentry, const char *name,
1536 const void *value, size_t size, int flags);
1537 int (*inode_getxattr) (struct dentry *dentry, const char *name);
1538 int (*inode_listxattr) (struct dentry *dentry);
1539 int (*inode_removexattr) (struct dentry *dentry, const char *name);
1540 int (*inode_need_killpriv) (struct dentry *dentry);
1541 int (*inode_killpriv) (struct dentry *dentry);
1542 int (*inode_getsecurity) (const struct inode *inode, const char *name, void **buffer, bool alloc);
1543 int (*inode_setsecurity) (struct inode *inode, const char *name, const void *value, size_t size, int flags);
1544 int (*inode_listsecurity) (struct inode *inode, char *buffer, size_t buffer_size);
1545 void (*inode_getsecid) (const struct inode *inode, u32 *secid);
1546
1547 int (*file_permission) (struct file *file, int mask);
1548 int (*file_alloc_security) (struct file *file);
1549 void (*file_free_security) (struct file *file);
1550 int (*file_ioctl) (struct file *file, unsigned int cmd,
1551 unsigned long arg);
1552 int (*mmap_addr) (unsigned long addr);
1553 int (*mmap_file) (struct file *file,
1554 unsigned long reqprot, unsigned long prot,
1555 unsigned long flags);
1556 int (*file_mprotect) (struct vm_area_struct *vma,
1557 unsigned long reqprot,
1558 unsigned long prot);
1559 int (*file_lock) (struct file *file, unsigned int cmd);
1560 int (*file_fcntl) (struct file *file, unsigned int cmd,
1561 unsigned long arg);
1562 void (*file_set_fowner) (struct file *file);
1563 int (*file_send_sigiotask) (struct task_struct *tsk,
1564 struct fown_struct *fown, int sig);
1565 int (*file_receive) (struct file *file);
1566 int (*file_open) (struct file *file, const struct cred *cred);
1567
1568 int (*task_create) (unsigned long clone_flags);
1569 void (*task_free) (struct task_struct *task);
1570 int (*cred_alloc_blank) (struct cred *cred, gfp_t gfp);
1571 void (*cred_free) (struct cred *cred);
1572 int (*cred_prepare)(struct cred *new, const struct cred *old,
1573 gfp_t gfp);
1574 void (*cred_transfer)(struct cred *new, const struct cred *old);
1575 int (*kernel_act_as)(struct cred *new, u32 secid);
1576 int (*kernel_create_files_as)(struct cred *new, struct inode *inode);
1577 int (*kernel_fw_from_file)(struct file *file, char *buf, size_t size);
1578 int (*kernel_module_request)(char *kmod_name);
1579 int (*kernel_module_from_file)(struct file *file);
1580 int (*task_fix_setuid) (struct cred *new, const struct cred *old,
1581 int flags);
1582 int (*task_setpgid) (struct task_struct *p, pid_t pgid);
1583 int (*task_getpgid) (struct task_struct *p);
1584 int (*task_getsid) (struct task_struct *p);
1585 void (*task_getsecid) (struct task_struct *p, u32 *secid);
1586 int (*task_setnice) (struct task_struct *p, int nice);
1587 int (*task_setioprio) (struct task_struct *p, int ioprio);
1588 int (*task_getioprio) (struct task_struct *p);
1589 int (*task_setrlimit) (struct task_struct *p, unsigned int resource,
1590 struct rlimit *new_rlim);
1591 int (*task_setscheduler) (struct task_struct *p);
1592 int (*task_getscheduler) (struct task_struct *p);
1593 int (*task_movememory) (struct task_struct *p);
1594 int (*task_kill) (struct task_struct *p,
1595 struct siginfo *info, int sig, u32 secid);
1596 int (*task_wait) (struct task_struct *p);
1597 int (*task_prctl) (int option, unsigned long arg2,
1598 unsigned long arg3, unsigned long arg4,
1599 unsigned long arg5);
1600 void (*task_to_inode) (struct task_struct *p, struct inode *inode);
1601
1602 int (*ipc_permission) (struct kern_ipc_perm *ipcp, short flag);
1603 void (*ipc_getsecid) (struct kern_ipc_perm *ipcp, u32 *secid);
1604
1605 int (*msg_msg_alloc_security) (struct msg_msg *msg);
1606 void (*msg_msg_free_security) (struct msg_msg *msg);
1607
1608 int (*msg_queue_alloc_security) (struct msg_queue *msq);
1609 void (*msg_queue_free_security) (struct msg_queue *msq);
1610 int (*msg_queue_associate) (struct msg_queue *msq, int msqflg);
1611 int (*msg_queue_msgctl) (struct msg_queue *msq, int cmd);
1612 int (*msg_queue_msgsnd) (struct msg_queue *msq,
1613 struct msg_msg *msg, int msqflg);
1614 int (*msg_queue_msgrcv) (struct msg_queue *msq,
1615 struct msg_msg *msg,
1616 struct task_struct *target,
1617 long type, int mode);
1618
1619 int (*shm_alloc_security) (struct shmid_kernel *shp);
1620 void (*shm_free_security) (struct shmid_kernel *shp);
1621 int (*shm_associate) (struct shmid_kernel *shp, int shmflg);
1622 int (*shm_shmctl) (struct shmid_kernel *shp, int cmd);
1623 int (*shm_shmat) (struct shmid_kernel *shp,
1624 char __user *shmaddr, int shmflg);
1625
1626 int (*sem_alloc_security) (struct sem_array *sma);
1627 void (*sem_free_security) (struct sem_array *sma);
1628 int (*sem_associate) (struct sem_array *sma, int semflg);
1629 int (*sem_semctl) (struct sem_array *sma, int cmd);
1630 int (*sem_semop) (struct sem_array *sma,
1631 struct sembuf *sops, unsigned nsops, int alter);
1632
1633 int (*netlink_send) (struct sock *sk, struct sk_buff *skb);
1634
1635 void (*d_instantiate) (struct dentry *dentry, struct inode *inode);
1636
1637 int (*getprocattr) (struct task_struct *p, char *name, char **value);
1638 int (*setprocattr) (struct task_struct *p, char *name, void *value, size_t size);
1639 int (*ismaclabel) (const char *name);
1640 int (*secid_to_secctx) (u32 secid, char **secdata, u32 *seclen);
1641 int (*secctx_to_secid) (const char *secdata, u32 seclen, u32 *secid);
1642 void (*release_secctx) (char *secdata, u32 seclen);
1643
1644 int (*inode_notifysecctx)(struct inode *inode, void *ctx, u32 ctxlen);
1645 int (*inode_setsecctx)(struct dentry *dentry, void *ctx, u32 ctxlen);
1646 int (*inode_getsecctx)(struct inode *inode, void **ctx, u32 *ctxlen);
1647
1648#ifdef CONFIG_SECURITY_NETWORK
1649 int (*unix_stream_connect) (struct sock *sock, struct sock *other, struct sock *newsk);
1650 int (*unix_may_send) (struct socket *sock, struct socket *other);
1651
1652 int (*socket_create) (int family, int type, int protocol, int kern);
1653 int (*socket_post_create) (struct socket *sock, int family,
1654 int type, int protocol, int kern);
1655 int (*socket_bind) (struct socket *sock,
1656 struct sockaddr *address, int addrlen);
1657 int (*socket_connect) (struct socket *sock,
1658 struct sockaddr *address, int addrlen);
1659 int (*socket_listen) (struct socket *sock, int backlog);
1660 int (*socket_accept) (struct socket *sock, struct socket *newsock);
1661 int (*socket_sendmsg) (struct socket *sock,
1662 struct msghdr *msg, int size);
1663 int (*socket_recvmsg) (struct socket *sock,
1664 struct msghdr *msg, int size, int flags);
1665 int (*socket_getsockname) (struct socket *sock);
1666 int (*socket_getpeername) (struct socket *sock);
1667 int (*socket_getsockopt) (struct socket *sock, int level, int optname);
1668 int (*socket_setsockopt) (struct socket *sock, int level, int optname);
1669 int (*socket_shutdown) (struct socket *sock, int how);
1670 int (*socket_sock_rcv_skb) (struct sock *sk, struct sk_buff *skb);
1671 int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
1672 int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
1673 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
1674 void (*sk_free_security) (struct sock *sk);
1675 void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
1676 void (*sk_getsecid) (struct sock *sk, u32 *secid);
1677 void (*sock_graft) (struct sock *sk, struct socket *parent);
1678 int (*inet_conn_request) (struct sock *sk, struct sk_buff *skb,
1679 struct request_sock *req);
1680 void (*inet_csk_clone) (struct sock *newsk, const struct request_sock *req);
1681 void (*inet_conn_established) (struct sock *sk, struct sk_buff *skb);
1682 int (*secmark_relabel_packet) (u32 secid);
1683 void (*secmark_refcount_inc) (void);
1684 void (*secmark_refcount_dec) (void);
1685 void (*req_classify_flow) (const struct request_sock *req, struct flowi *fl);
1686 int (*tun_dev_alloc_security) (void **security);
1687 void (*tun_dev_free_security) (void *security);
1688 int (*tun_dev_create) (void);
1689 int (*tun_dev_attach_queue) (void *security);
1690 int (*tun_dev_attach) (struct sock *sk, void *security);
1691 int (*tun_dev_open) (void *security);
1692 void (*skb_owned_by) (struct sk_buff *skb, struct sock *sk);
1693#endif
1694
1695#ifdef CONFIG_SECURITY_NETWORK_XFRM
1696 int (*xfrm_policy_alloc_security) (struct xfrm_sec_ctx **ctxp,
1697 struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp);
1698 int (*xfrm_policy_clone_security) (struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctx);
1699 void (*xfrm_policy_free_security) (struct xfrm_sec_ctx *ctx);
1700 int (*xfrm_policy_delete_security) (struct xfrm_sec_ctx *ctx);
1701 int (*xfrm_state_alloc) (struct xfrm_state *x,
1702 struct xfrm_user_sec_ctx *sec_ctx);
1703 int (*xfrm_state_alloc_acquire) (struct xfrm_state *x,
1704 struct xfrm_sec_ctx *polsec,
1705 u32 secid);
1706 void (*xfrm_state_free_security) (struct xfrm_state *x);
1707 int (*xfrm_state_delete_security) (struct xfrm_state *x);
1708 int (*xfrm_policy_lookup) (struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
1709 int (*xfrm_state_pol_flow_match) (struct xfrm_state *x,
1710 struct xfrm_policy *xp,
1711 const struct flowi *fl);
1712 int (*xfrm_decode_session) (struct sk_buff *skb, u32 *secid, int ckall);
1713#endif
1714
1715
1716#ifdef CONFIG_KEYS
1717 int (*key_alloc) (struct key *key, const struct cred *cred, unsigned long flags);
1718 void (*key_free) (struct key *key);
1719 int (*key_permission) (key_ref_t key_ref,
1720 const struct cred *cred,
1721 unsigned perm);
1722 int (*key_getsecurity)(struct key *key, char **_buffer);
1723#endif
1724
1725#ifdef CONFIG_AUDIT
1726 int (*audit_rule_init) (u32 field, u32 op, char *rulestr, void **lsmrule);
1727 int (*audit_rule_known) (struct audit_krule *krule);
1728 int (*audit_rule_match) (u32 secid, u32 field, u32 op, void *lsmrule,
1729 struct audit_context *actx);
1730 void (*audit_rule_free) (void *lsmrule);
1731#endif
1732};
1733
1734
1735extern int security_init(void);
1736extern int security_module_enable(struct security_operations *ops);
1737extern int register_security(struct security_operations *ops);
1738extern void __init security_fixup_ops(struct security_operations *ops);
1739
1740
1741
1742int security_ptrace_access_check(struct task_struct *child, unsigned int mode);
1743int security_ptrace_traceme(struct task_struct *parent);
1744int security_capget(struct task_struct *target,
1745 kernel_cap_t *effective,
1746 kernel_cap_t *inheritable,
1747 kernel_cap_t *permitted);
1748int security_capset(struct cred *new, const struct cred *old,
1749 const kernel_cap_t *effective,
1750 const kernel_cap_t *inheritable,
1751 const kernel_cap_t *permitted);
1752int security_capable(const struct cred *cred, struct user_namespace *ns,
1753 int cap);
1754int security_capable_noaudit(const struct cred *cred, struct user_namespace *ns,
1755 int cap);
1756int security_quotactl(int cmds, int type, int id, struct super_block *sb);
1757int security_quota_on(struct dentry *dentry);
1758int security_syslog(int type);
1759int security_settime(const struct timespec *ts, const struct timezone *tz);
1760int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
1761int security_bprm_set_creds(struct linux_binprm *bprm);
1762int security_bprm_check(struct linux_binprm *bprm);
1763void security_bprm_committing_creds(struct linux_binprm *bprm);
1764void security_bprm_committed_creds(struct linux_binprm *bprm);
1765int security_bprm_secureexec(struct linux_binprm *bprm);
1766int security_sb_alloc(struct super_block *sb);
1767void security_sb_free(struct super_block *sb);
1768int security_sb_copy_data(char *orig, char *copy);
1769int security_sb_remount(struct super_block *sb, void *data);
1770int security_sb_kern_mount(struct super_block *sb, int flags, void *data);
1771int security_sb_show_options(struct seq_file *m, struct super_block *sb);
1772int security_sb_statfs(struct dentry *dentry);
1773int security_sb_mount(const char *dev_name, struct path *path,
1774 const char *type, unsigned long flags, void *data);
1775int security_sb_umount(struct vfsmount *mnt, int flags);
1776int security_sb_pivotroot(struct path *old_path, struct path *new_path);
1777int security_sb_set_mnt_opts(struct super_block *sb,
1778 struct security_mnt_opts *opts,
1779 unsigned long kern_flags,
1780 unsigned long *set_kern_flags);
1781int security_sb_clone_mnt_opts(const struct super_block *oldsb,
1782 struct super_block *newsb);
1783int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts);
1784int security_dentry_init_security(struct dentry *dentry, int mode,
1785 struct qstr *name, void **ctx,
1786 u32 *ctxlen);
1787
1788int security_inode_alloc(struct inode *inode);
1789void security_inode_free(struct inode *inode);
1790int security_inode_init_security(struct inode *inode, struct inode *dir,
1791 const struct qstr *qstr,
1792 initxattrs initxattrs, void *fs_data);
1793int security_old_inode_init_security(struct inode *inode, struct inode *dir,
1794 const struct qstr *qstr, const char **name,
1795 void **value, size_t *len);
1796int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode);
1797int security_inode_link(struct dentry *old_dentry, struct inode *dir,
1798 struct dentry *new_dentry);
1799int security_inode_unlink(struct inode *dir, struct dentry *dentry);
1800int security_inode_symlink(struct inode *dir, struct dentry *dentry,
1801 const char *old_name);
1802int security_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode);
1803int security_inode_rmdir(struct inode *dir, struct dentry *dentry);
1804int security_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev);
1805int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
1806 struct inode *new_dir, struct dentry *new_dentry,
1807 unsigned int flags);
1808int security_inode_readlink(struct dentry *dentry);
1809int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd);
1810int security_inode_permission(struct inode *inode, int mask);
1811int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
1812int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry);
1813int security_inode_setxattr(struct dentry *dentry, const char *name,
1814 const void *value, size_t size, int flags);
1815void security_inode_post_setxattr(struct dentry *dentry, const char *name,
1816 const void *value, size_t size, int flags);
1817int security_inode_getxattr(struct dentry *dentry, const char *name);
1818int security_inode_listxattr(struct dentry *dentry);
1819int security_inode_removexattr(struct dentry *dentry, const char *name);
1820int security_inode_need_killpriv(struct dentry *dentry);
1821int security_inode_killpriv(struct dentry *dentry);
1822int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc);
1823int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
1824int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
1825void security_inode_getsecid(const struct inode *inode, u32 *secid);
1826int security_file_permission(struct file *file, int mask);
1827int security_file_alloc(struct file *file);
1828void security_file_free(struct file *file);
1829int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
1830int security_mmap_file(struct file *file, unsigned long prot,
1831 unsigned long flags);
1832int security_mmap_addr(unsigned long addr);
1833int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
1834 unsigned long prot);
1835int security_file_lock(struct file *file, unsigned int cmd);
1836int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg);
1837void security_file_set_fowner(struct file *file);
1838int security_file_send_sigiotask(struct task_struct *tsk,
1839 struct fown_struct *fown, int sig);
1840int security_file_receive(struct file *file);
1841int security_file_open(struct file *file, const struct cred *cred);
1842int security_task_create(unsigned long clone_flags);
1843void security_task_free(struct task_struct *task);
1844int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
1845void security_cred_free(struct cred *cred);
1846int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp);
1847void security_transfer_creds(struct cred *new, const struct cred *old);
1848int security_kernel_act_as(struct cred *new, u32 secid);
1849int security_kernel_create_files_as(struct cred *new, struct inode *inode);
1850int security_kernel_fw_from_file(struct file *file, char *buf, size_t size);
1851int security_kernel_module_request(char *kmod_name);
1852int security_kernel_module_from_file(struct file *file);
1853int security_task_fix_setuid(struct cred *new, const struct cred *old,
1854 int flags);
1855int security_task_setpgid(struct task_struct *p, pid_t pgid);
1856int security_task_getpgid(struct task_struct *p);
1857int security_task_getsid(struct task_struct *p);
1858void security_task_getsecid(struct task_struct *p, u32 *secid);
1859int security_task_setnice(struct task_struct *p, int nice);
1860int security_task_setioprio(struct task_struct *p, int ioprio);
1861int security_task_getioprio(struct task_struct *p);
1862int security_task_setrlimit(struct task_struct *p, unsigned int resource,
1863 struct rlimit *new_rlim);
1864int security_task_setscheduler(struct task_struct *p);
1865int security_task_getscheduler(struct task_struct *p);
1866int security_task_movememory(struct task_struct *p);
1867int security_task_kill(struct task_struct *p, struct siginfo *info,
1868 int sig, u32 secid);
1869int security_task_wait(struct task_struct *p);
1870int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
1871 unsigned long arg4, unsigned long arg5);
1872void security_task_to_inode(struct task_struct *p, struct inode *inode);
1873int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
1874void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
1875int security_msg_msg_alloc(struct msg_msg *msg);
1876void security_msg_msg_free(struct msg_msg *msg);
1877int security_msg_queue_alloc(struct msg_queue *msq);
1878void security_msg_queue_free(struct msg_queue *msq);
1879int security_msg_queue_associate(struct msg_queue *msq, int msqflg);
1880int security_msg_queue_msgctl(struct msg_queue *msq, int cmd);
1881int security_msg_queue_msgsnd(struct msg_queue *msq,
1882 struct msg_msg *msg, int msqflg);
1883int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
1884 struct task_struct *target, long type, int mode);
1885int security_shm_alloc(struct shmid_kernel *shp);
1886void security_shm_free(struct shmid_kernel *shp);
1887int security_shm_associate(struct shmid_kernel *shp, int shmflg);
1888int security_shm_shmctl(struct shmid_kernel *shp, int cmd);
1889int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg);
1890int security_sem_alloc(struct sem_array *sma);
1891void security_sem_free(struct sem_array *sma);
1892int security_sem_associate(struct sem_array *sma, int semflg);
1893int security_sem_semctl(struct sem_array *sma, int cmd);
1894int security_sem_semop(struct sem_array *sma, struct sembuf *sops,
1895 unsigned nsops, int alter);
1896void security_d_instantiate(struct dentry *dentry, struct inode *inode);
1897int security_getprocattr(struct task_struct *p, char *name, char **value);
1898int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size);
1899int security_netlink_send(struct sock *sk, struct sk_buff *skb);
1900int security_ismaclabel(const char *name);
1901int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen);
1902int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid);
1903void security_release_secctx(char *secdata, u32 seclen);
1904
1905int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
1906int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
1907int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
1908#else
1909struct security_mnt_opts {
1910};
1911
1912static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
1913{
1914}
1915
1916static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1917{
1918}
1919
1920
1921
1922
1923
1924
1925static inline int security_init(void)
1926{
1927 return 0;
1928}
1929
1930static inline int security_ptrace_access_check(struct task_struct *child,
1931 unsigned int mode)
1932{
1933 return cap_ptrace_access_check(child, mode);
1934}
1935
1936static inline int security_ptrace_traceme(struct task_struct *parent)
1937{
1938 return cap_ptrace_traceme(parent);
1939}
1940
1941static inline int security_capget(struct task_struct *target,
1942 kernel_cap_t *effective,
1943 kernel_cap_t *inheritable,
1944 kernel_cap_t *permitted)
1945{
1946 return cap_capget(target, effective, inheritable, permitted);
1947}
1948
1949static inline int security_capset(struct cred *new,
1950 const struct cred *old,
1951 const kernel_cap_t *effective,
1952 const kernel_cap_t *inheritable,
1953 const kernel_cap_t *permitted)
1954{
1955 return cap_capset(new, old, effective, inheritable, permitted);
1956}
1957
1958static inline int security_capable(const struct cred *cred,
1959 struct user_namespace *ns, int cap)
1960{
1961 return cap_capable(cred, ns, cap, SECURITY_CAP_AUDIT);
1962}
1963
1964static inline int security_capable_noaudit(const struct cred *cred,
1965 struct user_namespace *ns, int cap) {
1966 return cap_capable(cred, ns, cap, SECURITY_CAP_NOAUDIT);
1967}
1968
1969static inline int security_quotactl(int cmds, int type, int id,
1970 struct super_block *sb)
1971{
1972 return 0;
1973}
1974
1975static inline int security_quota_on(struct dentry *dentry)
1976{
1977 return 0;
1978}
1979
1980static inline int security_syslog(int type)
1981{
1982 return 0;
1983}
1984
1985static inline int security_settime(const struct timespec *ts,
1986 const struct timezone *tz)
1987{
1988 return cap_settime(ts, tz);
1989}
1990
1991static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
1992{
1993 return cap_vm_enough_memory(mm, pages);
1994}
1995
1996static inline int security_bprm_set_creds(struct linux_binprm *bprm)
1997{
1998 return cap_bprm_set_creds(bprm);
1999}
2000
2001static inline int security_bprm_check(struct linux_binprm *bprm)
2002{
2003 return 0;
2004}
2005
2006static inline void security_bprm_committing_creds(struct linux_binprm *bprm)
2007{
2008}
2009
2010static inline void security_bprm_committed_creds(struct linux_binprm *bprm)
2011{
2012}
2013
2014static inline int security_bprm_secureexec(struct linux_binprm *bprm)
2015{
2016 return cap_bprm_secureexec(bprm);
2017}
2018
2019static inline int security_sb_alloc(struct super_block *sb)
2020{
2021 return 0;
2022}
2023
2024static inline void security_sb_free(struct super_block *sb)
2025{ }
2026
2027static inline int security_sb_copy_data(char *orig, char *copy)
2028{
2029 return 0;
2030}
2031
2032static inline int security_sb_remount(struct super_block *sb, void *data)
2033{
2034 return 0;
2035}
2036
2037static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
2038{
2039 return 0;
2040}
2041
2042static inline int security_sb_show_options(struct seq_file *m,
2043 struct super_block *sb)
2044{
2045 return 0;
2046}
2047
2048static inline int security_sb_statfs(struct dentry *dentry)
2049{
2050 return 0;
2051}
2052
2053static inline int security_sb_mount(const char *dev_name, struct path *path,
2054 const char *type, unsigned long flags,
2055 void *data)
2056{
2057 return 0;
2058}
2059
2060static inline int security_sb_umount(struct vfsmount *mnt, int flags)
2061{
2062 return 0;
2063}
2064
2065static inline int security_sb_pivotroot(struct path *old_path,
2066 struct path *new_path)
2067{
2068 return 0;
2069}
2070
2071static inline int security_sb_set_mnt_opts(struct super_block *sb,
2072 struct security_mnt_opts *opts,
2073 unsigned long kern_flags,
2074 unsigned long *set_kern_flags)
2075{
2076 return 0;
2077}
2078
2079static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb,
2080 struct super_block *newsb)
2081{
2082 return 0;
2083}
2084
2085static inline int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
2086{
2087 return 0;
2088}
2089
2090static inline int security_inode_alloc(struct inode *inode)
2091{
2092 return 0;
2093}
2094
2095static inline void security_inode_free(struct inode *inode)
2096{ }
2097
2098static inline int security_dentry_init_security(struct dentry *dentry,
2099 int mode,
2100 struct qstr *name,
2101 void **ctx,
2102 u32 *ctxlen)
2103{
2104 return -EOPNOTSUPP;
2105}
2106
2107
2108static inline int security_inode_init_security(struct inode *inode,
2109 struct inode *dir,
2110 const struct qstr *qstr,
2111 const initxattrs xattrs,
2112 void *fs_data)
2113{
2114 return 0;
2115}
2116
2117static inline int security_old_inode_init_security(struct inode *inode,
2118 struct inode *dir,
2119 const struct qstr *qstr,
2120 const char **name,
2121 void **value, size_t *len)
2122{
2123 return -EOPNOTSUPP;
2124}
2125
2126static inline int security_inode_create(struct inode *dir,
2127 struct dentry *dentry,
2128 umode_t mode)
2129{
2130 return 0;
2131}
2132
2133static inline int security_inode_link(struct dentry *old_dentry,
2134 struct inode *dir,
2135 struct dentry *new_dentry)
2136{
2137 return 0;
2138}
2139
2140static inline int security_inode_unlink(struct inode *dir,
2141 struct dentry *dentry)
2142{
2143 return 0;
2144}
2145
2146static inline int security_inode_symlink(struct inode *dir,
2147 struct dentry *dentry,
2148 const char *old_name)
2149{
2150 return 0;
2151}
2152
2153static inline int security_inode_mkdir(struct inode *dir,
2154 struct dentry *dentry,
2155 int mode)
2156{
2157 return 0;
2158}
2159
2160static inline int security_inode_rmdir(struct inode *dir,
2161 struct dentry *dentry)
2162{
2163 return 0;
2164}
2165
2166static inline int security_inode_mknod(struct inode *dir,
2167 struct dentry *dentry,
2168 int mode, dev_t dev)
2169{
2170 return 0;
2171}
2172
2173static inline int security_inode_rename(struct inode *old_dir,
2174 struct dentry *old_dentry,
2175 struct inode *new_dir,
2176 struct dentry *new_dentry,
2177 unsigned int flags)
2178{
2179 return 0;
2180}
2181
2182static inline int security_inode_readlink(struct dentry *dentry)
2183{
2184 return 0;
2185}
2186
2187static inline int security_inode_follow_link(struct dentry *dentry,
2188 struct nameidata *nd)
2189{
2190 return 0;
2191}
2192
2193static inline int security_inode_permission(struct inode *inode, int mask)
2194{
2195 return 0;
2196}
2197
2198static inline int security_inode_setattr(struct dentry *dentry,
2199 struct iattr *attr)
2200{
2201 return 0;
2202}
2203
2204static inline int security_inode_getattr(struct vfsmount *mnt,
2205 struct dentry *dentry)
2206{
2207 return 0;
2208}
2209
2210static inline int security_inode_setxattr(struct dentry *dentry,
2211 const char *name, const void *value, size_t size, int flags)
2212{
2213 return cap_inode_setxattr(dentry, name, value, size, flags);
2214}
2215
2216static inline void security_inode_post_setxattr(struct dentry *dentry,
2217 const char *name, const void *value, size_t size, int flags)
2218{ }
2219
2220static inline int security_inode_getxattr(struct dentry *dentry,
2221 const char *name)
2222{
2223 return 0;
2224}
2225
2226static inline int security_inode_listxattr(struct dentry *dentry)
2227{
2228 return 0;
2229}
2230
2231static inline int security_inode_removexattr(struct dentry *dentry,
2232 const char *name)
2233{
2234 return cap_inode_removexattr(dentry, name);
2235}
2236
2237static inline int security_inode_need_killpriv(struct dentry *dentry)
2238{
2239 return cap_inode_need_killpriv(dentry);
2240}
2241
2242static inline int security_inode_killpriv(struct dentry *dentry)
2243{
2244 return cap_inode_killpriv(dentry);
2245}
2246
2247static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
2248{
2249 return -EOPNOTSUPP;
2250}
2251
2252static inline int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags)
2253{
2254 return -EOPNOTSUPP;
2255}
2256
2257static inline int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
2258{
2259 return 0;
2260}
2261
2262static inline void security_inode_getsecid(const struct inode *inode, u32 *secid)
2263{
2264 *secid = 0;
2265}
2266
2267static inline int security_file_permission(struct file *file, int mask)
2268{
2269 return 0;
2270}
2271
2272static inline int security_file_alloc(struct file *file)
2273{
2274 return 0;
2275}
2276
2277static inline void security_file_free(struct file *file)
2278{ }
2279
2280static inline int security_file_ioctl(struct file *file, unsigned int cmd,
2281 unsigned long arg)
2282{
2283 return 0;
2284}
2285
2286static inline int security_mmap_file(struct file *file, unsigned long prot,
2287 unsigned long flags)
2288{
2289 return 0;
2290}
2291
2292static inline int security_mmap_addr(unsigned long addr)
2293{
2294 return cap_mmap_addr(addr);
2295}
2296
2297static inline int security_file_mprotect(struct vm_area_struct *vma,
2298 unsigned long reqprot,
2299 unsigned long prot)
2300{
2301 return 0;
2302}
2303
2304static inline int security_file_lock(struct file *file, unsigned int cmd)
2305{
2306 return 0;
2307}
2308
2309static inline int security_file_fcntl(struct file *file, unsigned int cmd,
2310 unsigned long arg)
2311{
2312 return 0;
2313}
2314
2315static inline void security_file_set_fowner(struct file *file)
2316{
2317 return;
2318}
2319
2320static inline int security_file_send_sigiotask(struct task_struct *tsk,
2321 struct fown_struct *fown,
2322 int sig)
2323{
2324 return 0;
2325}
2326
2327static inline int security_file_receive(struct file *file)
2328{
2329 return 0;
2330}
2331
2332static inline int security_file_open(struct file *file,
2333 const struct cred *cred)
2334{
2335 return 0;
2336}
2337
2338static inline int security_task_create(unsigned long clone_flags)
2339{
2340 return 0;
2341}
2342
2343static inline void security_task_free(struct task_struct *task)
2344{ }
2345
2346static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
2347{
2348 return 0;
2349}
2350
2351static inline void security_cred_free(struct cred *cred)
2352{ }
2353
2354static inline int security_prepare_creds(struct cred *new,
2355 const struct cred *old,
2356 gfp_t gfp)
2357{
2358 return 0;
2359}
2360
2361static inline void security_transfer_creds(struct cred *new,
2362 const struct cred *old)
2363{
2364}
2365
2366static inline int security_kernel_act_as(struct cred *cred, u32 secid)
2367{
2368 return 0;
2369}
2370
2371static inline int security_kernel_create_files_as(struct cred *cred,
2372 struct inode *inode)
2373{
2374 return 0;
2375}
2376
2377static inline int security_kernel_fw_from_file(struct file *file,
2378 char *buf, size_t size)
2379{
2380 return 0;
2381}
2382
2383static inline int security_kernel_module_request(char *kmod_name)
2384{
2385 return 0;
2386}
2387
2388static inline int security_kernel_module_from_file(struct file *file)
2389{
2390 return 0;
2391}
2392
2393static inline int security_task_fix_setuid(struct cred *new,
2394 const struct cred *old,
2395 int flags)
2396{
2397 return cap_task_fix_setuid(new, old, flags);
2398}
2399
2400static inline int security_task_setpgid(struct task_struct *p, pid_t pgid)
2401{
2402 return 0;
2403}
2404
2405static inline int security_task_getpgid(struct task_struct *p)
2406{
2407 return 0;
2408}
2409
2410static inline int security_task_getsid(struct task_struct *p)
2411{
2412 return 0;
2413}
2414
2415static inline void security_task_getsecid(struct task_struct *p, u32 *secid)
2416{
2417 *secid = 0;
2418}
2419
2420static inline int security_task_setnice(struct task_struct *p, int nice)
2421{
2422 return cap_task_setnice(p, nice);
2423}
2424
2425static inline int security_task_setioprio(struct task_struct *p, int ioprio)
2426{
2427 return cap_task_setioprio(p, ioprio);
2428}
2429
2430static inline int security_task_getioprio(struct task_struct *p)
2431{
2432 return 0;
2433}
2434
2435static inline int security_task_setrlimit(struct task_struct *p,
2436 unsigned int resource,
2437 struct rlimit *new_rlim)
2438{
2439 return 0;
2440}
2441
2442static inline int security_task_setscheduler(struct task_struct *p)
2443{
2444 return cap_task_setscheduler(p);
2445}
2446
2447static inline int security_task_getscheduler(struct task_struct *p)
2448{
2449 return 0;
2450}
2451
2452static inline int security_task_movememory(struct task_struct *p)
2453{
2454 return 0;
2455}
2456
2457static inline int security_task_kill(struct task_struct *p,
2458 struct siginfo *info, int sig,
2459 u32 secid)
2460{
2461 return 0;
2462}
2463
2464static inline int security_task_wait(struct task_struct *p)
2465{
2466 return 0;
2467}
2468
2469static inline int security_task_prctl(int option, unsigned long arg2,
2470 unsigned long arg3,
2471 unsigned long arg4,
2472 unsigned long arg5)
2473{
2474 return cap_task_prctl(option, arg2, arg3, arg3, arg5);
2475}
2476
2477static inline void security_task_to_inode(struct task_struct *p, struct inode *inode)
2478{ }
2479
2480static inline int security_ipc_permission(struct kern_ipc_perm *ipcp,
2481 short flag)
2482{
2483 return 0;
2484}
2485
2486static inline void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
2487{
2488 *secid = 0;
2489}
2490
2491static inline int security_msg_msg_alloc(struct msg_msg *msg)
2492{
2493 return 0;
2494}
2495
2496static inline void security_msg_msg_free(struct msg_msg *msg)
2497{ }
2498
2499static inline int security_msg_queue_alloc(struct msg_queue *msq)
2500{
2501 return 0;
2502}
2503
2504static inline void security_msg_queue_free(struct msg_queue *msq)
2505{ }
2506
2507static inline int security_msg_queue_associate(struct msg_queue *msq,
2508 int msqflg)
2509{
2510 return 0;
2511}
2512
2513static inline int security_msg_queue_msgctl(struct msg_queue *msq, int cmd)
2514{
2515 return 0;
2516}
2517
2518static inline int security_msg_queue_msgsnd(struct msg_queue *msq,
2519 struct msg_msg *msg, int msqflg)
2520{
2521 return 0;
2522}
2523
2524static inline int security_msg_queue_msgrcv(struct msg_queue *msq,
2525 struct msg_msg *msg,
2526 struct task_struct *target,
2527 long type, int mode)
2528{
2529 return 0;
2530}
2531
2532static inline int security_shm_alloc(struct shmid_kernel *shp)
2533{
2534 return 0;
2535}
2536
2537static inline void security_shm_free(struct shmid_kernel *shp)
2538{ }
2539
2540static inline int security_shm_associate(struct shmid_kernel *shp,
2541 int shmflg)
2542{
2543 return 0;
2544}
2545
2546static inline int security_shm_shmctl(struct shmid_kernel *shp, int cmd)
2547{
2548 return 0;
2549}
2550
2551static inline int security_shm_shmat(struct shmid_kernel *shp,
2552 char __user *shmaddr, int shmflg)
2553{
2554 return 0;
2555}
2556
2557static inline int security_sem_alloc(struct sem_array *sma)
2558{
2559 return 0;
2560}
2561
2562static inline void security_sem_free(struct sem_array *sma)
2563{ }
2564
2565static inline int security_sem_associate(struct sem_array *sma, int semflg)
2566{
2567 return 0;
2568}
2569
2570static inline int security_sem_semctl(struct sem_array *sma, int cmd)
2571{
2572 return 0;
2573}
2574
2575static inline int security_sem_semop(struct sem_array *sma,
2576 struct sembuf *sops, unsigned nsops,
2577 int alter)
2578{
2579 return 0;
2580}
2581
2582static inline void security_d_instantiate(struct dentry *dentry, struct inode *inode)
2583{ }
2584
2585static inline int security_getprocattr(struct task_struct *p, char *name, char **value)
2586{
2587 return -EINVAL;
2588}
2589
2590static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
2591{
2592 return -EINVAL;
2593}
2594
2595static inline int security_netlink_send(struct sock *sk, struct sk_buff *skb)
2596{
2597 return cap_netlink_send(sk, skb);
2598}
2599
2600static inline int security_ismaclabel(const char *name)
2601{
2602 return 0;
2603}
2604
2605static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
2606{
2607 return -EOPNOTSUPP;
2608}
2609
2610static inline int security_secctx_to_secid(const char *secdata,
2611 u32 seclen,
2612 u32 *secid)
2613{
2614 return -EOPNOTSUPP;
2615}
2616
2617static inline void security_release_secctx(char *secdata, u32 seclen)
2618{
2619}
2620
2621static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
2622{
2623 return -EOPNOTSUPP;
2624}
2625static inline int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
2626{
2627 return -EOPNOTSUPP;
2628}
2629static inline int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
2630{
2631 return -EOPNOTSUPP;
2632}
2633#endif
2634
2635#ifdef CONFIG_SECURITY_NETWORK
2636
2637int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk);
2638int security_unix_may_send(struct socket *sock, struct socket *other);
2639int security_socket_create(int family, int type, int protocol, int kern);
2640int security_socket_post_create(struct socket *sock, int family,
2641 int type, int protocol, int kern);
2642int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen);
2643int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen);
2644int security_socket_listen(struct socket *sock, int backlog);
2645int security_socket_accept(struct socket *sock, struct socket *newsock);
2646int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size);
2647int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
2648 int size, int flags);
2649int security_socket_getsockname(struct socket *sock);
2650int security_socket_getpeername(struct socket *sock);
2651int security_socket_getsockopt(struct socket *sock, int level, int optname);
2652int security_socket_setsockopt(struct socket *sock, int level, int optname);
2653int security_socket_shutdown(struct socket *sock, int how);
2654int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb);
2655int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
2656 int __user *optlen, unsigned len);
2657int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid);
2658int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
2659void security_sk_free(struct sock *sk);
2660void security_sk_clone(const struct sock *sk, struct sock *newsk);
2661void security_sk_classify_flow(struct sock *sk, struct flowi *fl);
2662void security_req_classify_flow(const struct request_sock *req, struct flowi *fl);
2663void security_sock_graft(struct sock*sk, struct socket *parent);
2664int security_inet_conn_request(struct sock *sk,
2665 struct sk_buff *skb, struct request_sock *req);
2666void security_inet_csk_clone(struct sock *newsk,
2667 const struct request_sock *req);
2668void security_inet_conn_established(struct sock *sk,
2669 struct sk_buff *skb);
2670int security_secmark_relabel_packet(u32 secid);
2671void security_secmark_refcount_inc(void);
2672void security_secmark_refcount_dec(void);
2673int security_tun_dev_alloc_security(void **security);
2674void security_tun_dev_free_security(void *security);
2675int security_tun_dev_create(void);
2676int security_tun_dev_attach_queue(void *security);
2677int security_tun_dev_attach(struct sock *sk, void *security);
2678int security_tun_dev_open(void *security);
2679
2680void security_skb_owned_by(struct sk_buff *skb, struct sock *sk);
2681
2682#else
2683static inline int security_unix_stream_connect(struct sock *sock,
2684 struct sock *other,
2685 struct sock *newsk)
2686{
2687 return 0;
2688}
2689
2690static inline int security_unix_may_send(struct socket *sock,
2691 struct socket *other)
2692{
2693 return 0;
2694}
2695
2696static inline int security_socket_create(int family, int type,
2697 int protocol, int kern)
2698{
2699 return 0;
2700}
2701
2702static inline int security_socket_post_create(struct socket *sock,
2703 int family,
2704 int type,
2705 int protocol, int kern)
2706{
2707 return 0;
2708}
2709
2710static inline int security_socket_bind(struct socket *sock,
2711 struct sockaddr *address,
2712 int addrlen)
2713{
2714 return 0;
2715}
2716
2717static inline int security_socket_connect(struct socket *sock,
2718 struct sockaddr *address,
2719 int addrlen)
2720{
2721 return 0;
2722}
2723
2724static inline int security_socket_listen(struct socket *sock, int backlog)
2725{
2726 return 0;
2727}
2728
2729static inline int security_socket_accept(struct socket *sock,
2730 struct socket *newsock)
2731{
2732 return 0;
2733}
2734
2735static inline int security_socket_sendmsg(struct socket *sock,
2736 struct msghdr *msg, int size)
2737{
2738 return 0;
2739}
2740
2741static inline int security_socket_recvmsg(struct socket *sock,
2742 struct msghdr *msg, int size,
2743 int flags)
2744{
2745 return 0;
2746}
2747
2748static inline int security_socket_getsockname(struct socket *sock)
2749{
2750 return 0;
2751}
2752
2753static inline int security_socket_getpeername(struct socket *sock)
2754{
2755 return 0;
2756}
2757
2758static inline int security_socket_getsockopt(struct socket *sock,
2759 int level, int optname)
2760{
2761 return 0;
2762}
2763
2764static inline int security_socket_setsockopt(struct socket *sock,
2765 int level, int optname)
2766{
2767 return 0;
2768}
2769
2770static inline int security_socket_shutdown(struct socket *sock, int how)
2771{
2772 return 0;
2773}
2774static inline int security_sock_rcv_skb(struct sock *sk,
2775 struct sk_buff *skb)
2776{
2777 return 0;
2778}
2779
2780static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
2781 int __user *optlen, unsigned len)
2782{
2783 return -ENOPROTOOPT;
2784}
2785
2786static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
2787{
2788 return -ENOPROTOOPT;
2789}
2790
2791static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
2792{
2793 return 0;
2794}
2795
2796static inline void security_sk_free(struct sock *sk)
2797{
2798}
2799
2800static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
2801{
2802}
2803
2804static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
2805{
2806}
2807
2808static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
2809{
2810}
2811
2812static inline void security_sock_graft(struct sock *sk, struct socket *parent)
2813{
2814}
2815
2816static inline int security_inet_conn_request(struct sock *sk,
2817 struct sk_buff *skb, struct request_sock *req)
2818{
2819 return 0;
2820}
2821
2822static inline void security_inet_csk_clone(struct sock *newsk,
2823 const struct request_sock *req)
2824{
2825}
2826
2827static inline void security_inet_conn_established(struct sock *sk,
2828 struct sk_buff *skb)
2829{
2830}
2831
2832static inline int security_secmark_relabel_packet(u32 secid)
2833{
2834 return 0;
2835}
2836
2837static inline void security_secmark_refcount_inc(void)
2838{
2839}
2840
2841static inline void security_secmark_refcount_dec(void)
2842{
2843}
2844
2845static inline int security_tun_dev_alloc_security(void **security)
2846{
2847 return 0;
2848}
2849
2850static inline void security_tun_dev_free_security(void *security)
2851{
2852}
2853
2854static inline int security_tun_dev_create(void)
2855{
2856 return 0;
2857}
2858
2859static inline int security_tun_dev_attach_queue(void *security)
2860{
2861 return 0;
2862}
2863
2864static inline int security_tun_dev_attach(struct sock *sk, void *security)
2865{
2866 return 0;
2867}
2868
2869static inline int security_tun_dev_open(void *security)
2870{
2871 return 0;
2872}
2873
2874static inline void security_skb_owned_by(struct sk_buff *skb, struct sock *sk)
2875{
2876}
2877
2878#endif
2879
2880#ifdef CONFIG_SECURITY_NETWORK_XFRM
2881
2882int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
2883 struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp);
2884int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp);
2885void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx);
2886int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx);
2887int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx);
2888int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
2889 struct xfrm_sec_ctx *polsec, u32 secid);
2890int security_xfrm_state_delete(struct xfrm_state *x);
2891void security_xfrm_state_free(struct xfrm_state *x);
2892int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
2893int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
2894 struct xfrm_policy *xp,
2895 const struct flowi *fl);
2896int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid);
2897void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl);
2898
2899#else
2900
2901static inline int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
2902 struct xfrm_user_sec_ctx *sec_ctx,
2903 gfp_t gfp)
2904{
2905 return 0;
2906}
2907
2908static inline int security_xfrm_policy_clone(struct xfrm_sec_ctx *old, struct xfrm_sec_ctx **new_ctxp)
2909{
2910 return 0;
2911}
2912
2913static inline void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
2914{
2915}
2916
2917static inline int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
2918{
2919 return 0;
2920}
2921
2922static inline int security_xfrm_state_alloc(struct xfrm_state *x,
2923 struct xfrm_user_sec_ctx *sec_ctx)
2924{
2925 return 0;
2926}
2927
2928static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
2929 struct xfrm_sec_ctx *polsec, u32 secid)
2930{
2931 return 0;
2932}
2933
2934static inline void security_xfrm_state_free(struct xfrm_state *x)
2935{
2936}
2937
2938static inline int security_xfrm_state_delete(struct xfrm_state *x)
2939{
2940 return 0;
2941}
2942
2943static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir)
2944{
2945 return 0;
2946}
2947
2948static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
2949 struct xfrm_policy *xp, const struct flowi *fl)
2950{
2951 return 1;
2952}
2953
2954static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
2955{
2956 return 0;
2957}
2958
2959static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
2960{
2961}
2962
2963#endif
2964
2965#ifdef CONFIG_SECURITY_PATH
2966int security_path_unlink(struct path *dir, struct dentry *dentry);
2967int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode);
2968int security_path_rmdir(struct path *dir, struct dentry *dentry);
2969int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
2970 unsigned int dev);
2971int security_path_truncate(struct path *path);
2972int security_path_symlink(struct path *dir, struct dentry *dentry,
2973 const char *old_name);
2974int security_path_link(struct dentry *old_dentry, struct path *new_dir,
2975 struct dentry *new_dentry);
2976int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
2977 struct path *new_dir, struct dentry *new_dentry,
2978 unsigned int flags);
2979int security_path_chmod(struct path *path, umode_t mode);
2980int security_path_chown(struct path *path, kuid_t uid, kgid_t gid);
2981int security_path_chroot(struct path *path);
2982#else
2983static inline int security_path_unlink(struct path *dir, struct dentry *dentry)
2984{
2985 return 0;
2986}
2987
2988static inline int security_path_mkdir(struct path *dir, struct dentry *dentry,
2989 umode_t mode)
2990{
2991 return 0;
2992}
2993
2994static inline int security_path_rmdir(struct path *dir, struct dentry *dentry)
2995{
2996 return 0;
2997}
2998
2999static inline int security_path_mknod(struct path *dir, struct dentry *dentry,
3000 umode_t mode, unsigned int dev)
3001{
3002 return 0;
3003}
3004
3005static inline int security_path_truncate(struct path *path)
3006{
3007 return 0;
3008}
3009
3010static inline int security_path_symlink(struct path *dir, struct dentry *dentry,
3011 const char *old_name)
3012{
3013 return 0;
3014}
3015
3016static inline int security_path_link(struct dentry *old_dentry,
3017 struct path *new_dir,
3018 struct dentry *new_dentry)
3019{
3020 return 0;
3021}
3022
3023static inline int security_path_rename(struct path *old_dir,
3024 struct dentry *old_dentry,
3025 struct path *new_dir,
3026 struct dentry *new_dentry,
3027 unsigned int flags)
3028{
3029 return 0;
3030}
3031
3032static inline int security_path_chmod(struct path *path, umode_t mode)
3033{
3034 return 0;
3035}
3036
3037static inline int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)
3038{
3039 return 0;
3040}
3041
3042static inline int security_path_chroot(struct path *path)
3043{
3044 return 0;
3045}
3046#endif
3047
3048#ifdef CONFIG_KEYS
3049#ifdef CONFIG_SECURITY
3050
3051int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags);
3052void security_key_free(struct key *key);
3053int security_key_permission(key_ref_t key_ref,
3054 const struct cred *cred, unsigned perm);
3055int security_key_getsecurity(struct key *key, char **_buffer);
3056
3057#else
3058
3059static inline int security_key_alloc(struct key *key,
3060 const struct cred *cred,
3061 unsigned long flags)
3062{
3063 return 0;
3064}
3065
3066static inline void security_key_free(struct key *key)
3067{
3068}
3069
3070static inline int security_key_permission(key_ref_t key_ref,
3071 const struct cred *cred,
3072 unsigned perm)
3073{
3074 return 0;
3075}
3076
3077static inline int security_key_getsecurity(struct key *key, char **_buffer)
3078{
3079 *_buffer = NULL;
3080 return 0;
3081}
3082
3083#endif
3084#endif
3085
3086#ifdef CONFIG_AUDIT
3087#ifdef CONFIG_SECURITY
3088int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
3089int security_audit_rule_known(struct audit_krule *krule);
3090int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
3091 struct audit_context *actx);
3092void security_audit_rule_free(void *lsmrule);
3093
3094#else
3095
3096static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr,
3097 void **lsmrule)
3098{
3099 return 0;
3100}
3101
3102static inline int security_audit_rule_known(struct audit_krule *krule)
3103{
3104 return 0;
3105}
3106
3107static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
3108 void *lsmrule, struct audit_context *actx)
3109{
3110 return 0;
3111}
3112
3113static inline void security_audit_rule_free(void *lsmrule)
3114{ }
3115
3116#endif
3117#endif
3118
3119#ifdef CONFIG_SECURITYFS
3120
3121extern struct dentry *securityfs_create_file(const char *name, umode_t mode,
3122 struct dentry *parent, void *data,
3123 const struct file_operations *fops);
3124extern struct dentry *securityfs_create_dir(const char *name, struct dentry *parent);
3125extern void securityfs_remove(struct dentry *dentry);
3126
3127#else
3128
3129static inline struct dentry *securityfs_create_dir(const char *name,
3130 struct dentry *parent)
3131{
3132 return ERR_PTR(-ENODEV);
3133}
3134
3135static inline struct dentry *securityfs_create_file(const char *name,
3136 umode_t mode,
3137 struct dentry *parent,
3138 void *data,
3139 const struct file_operations *fops)
3140{
3141 return ERR_PTR(-ENODEV);
3142}
3143
3144static inline void securityfs_remove(struct dentry *dentry)
3145{}
3146
3147#endif
3148
3149#ifdef CONFIG_SECURITY
3150
3151static inline char *alloc_secdata(void)
3152{
3153 return (char *)get_zeroed_page(GFP_KERNEL);
3154}
3155
3156static inline void free_secdata(void *secdata)
3157{
3158 free_page((unsigned long)secdata);
3159}
3160
3161#else
3162
3163static inline char *alloc_secdata(void)
3164{
3165 return (char *)1;
3166}
3167
3168static inline void free_secdata(void *secdata)
3169{ }
3170#endif
3171
3172#ifdef CONFIG_SECURITY_YAMA
3173extern int yama_ptrace_access_check(struct task_struct *child,
3174 unsigned int mode);
3175extern int yama_ptrace_traceme(struct task_struct *parent);
3176extern void yama_task_free(struct task_struct *task);
3177extern int yama_task_prctl(int option, unsigned long arg2, unsigned long arg3,
3178 unsigned long arg4, unsigned long arg5);
3179#else
3180static inline int yama_ptrace_access_check(struct task_struct *child,
3181 unsigned int mode)
3182{
3183 return 0;
3184}
3185
3186static inline int yama_ptrace_traceme(struct task_struct *parent)
3187{
3188 return 0;
3189}
3190
3191static inline void yama_task_free(struct task_struct *task)
3192{
3193}
3194
3195static inline int yama_task_prctl(int option, unsigned long arg2,
3196 unsigned long arg3, unsigned long arg4,
3197 unsigned long arg5)
3198{
3199 return -ENOSYS;
3200}
3201#endif
3202
3203#endif
3204
3205